From xen-announce-bounces@lists.xen.org Tue Aug 15 12:07:01 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 12:07:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabv-0006Br-Te; Tue, 15 Aug 2017 12:06:15 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabu-00069F-72; Tue, 15 Aug 2017 12:06:14 +0000 Received: from [193.109.254.147] by server-3.bemta-6.messagelabs.com id E4/C4-03044-5B3E2995; Tue, 15 Aug 2017 12:06:13 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIKsWRWlGSWpSXmKPExsWS0XRdVXfL40m RBhfvyFrcutnKbLHk42IWi1VXD7A6MHsc3f2bKYAxijUzLym/IoE14//cv4wFs+0rfl7sZGxg vGHVxcjFISRwjlHid8NyVghnA6PEjCnf2boYOTmYBVwlbuzbDGUrSly418ACYvMKCEqcnPkEz JYQ0JS482YVO4gtIlAksfPcSzCbTUBPYu7ZSUwQvZYS8yeeApsjLJAtcbVhDivEHDOJX6dmg9 WzCKhK7D8xm30CI88sJKtnIVk9C8nqWYwcQHFNifW79CFMaYnl/zggquUltr+dwwwRtpL4soE PwjSXODrPHWbelO6H7BC2tcSmrzOh9lhIrNm0gxFZzQJGnlWMGsWpRWWpRbpGhnpJRZnpGSW5 iZk5uoYGZnq5qcXFiempOYlJxXrJ+bmbGIFRwgAEOxj/LAs4xCjJwaQkyrvo7KRIIb6k/JTKj MTijPii0pzU4kOMMhwcShK8no+AcoJFqempFWmZOcB4hUlLcPAoifC2gKR5iwsSc4sz0yFSpx gtOXb9X/OFiWPZ+i1A8tWE/9+YhFjy8vNSpcR53UEaBEAaMkrz4MbBUsolRlkpYV5GoAOFeAp Si3IzS1DlXzGKczAqCfPWg0zhycwrgdv6CuggJqCDrrSDHVSSiJCSamBkTNAMuLNowgJveQ/t jRl79wdpzZeNsZBUEDjoOK3rxZFD93+avSg70/5Qwp6haPIil9OS3v73HxQkJ3CGFq+/uirT7 XR47JydC3a4Noadc9lS/FRO4MmS9CDH1ftkDWzF61I/XVzAsNWz5ut24YORHn1ZVdWVh+z9hT t//vd+qsT87uf9FcuVWIozEg21mIuKEwEW4juNJAMAAA== X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-14.tower-27.messagelabs.com!1502798771!99447222!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30918 invoked from network); 15 Aug 2017 12:06:12 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-14.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 12:06:12 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabg-00037r-Pq; Tue, 15 Aug 2017 12:06:00 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhabg-0006i6-PG; Tue, 15 Aug 2017 12:06:00 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 12:06:00 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 230 - grant_table: possibly premature clearing of GTF_writing / GTF_reading X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-230 version 2 grant_table: possibly premature clearing of GTF_writing / GTF_reading UPDATES IN VERSION 2 ==================== Public release. (A CVE request for this issue is currently outstanding.) ISSUE DESCRIPTION ================= Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. IMPACT ====== A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. VULNERABLE SYSTEMS ================== All systems are vulnerable. MITIGATION ========== There are no mitigations. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa230.patch xen-unstable, 4.9, 4.8, 4.7, 4.6, 4.5 $ sha256sum xsa230* 912c24771dc9e9b305be630b7771505abb3db735564c5574fc30b58a5da0139e xsa230.meta 77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc xsa230.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html NOTE REGARDING SHORT EMBARGO ============================ This issue was discovered while investigating problems with the initial version of XSA-226. Accordingly, XSA-230 is embargoed and the embargo will end at the same time as that of XSA-226. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkuNZAAoJEIP+FMlX6CvZ+UwH/AjbZSL+HVazwku2f5qtV4SK tBO0oiA4+o4hC9N71jV2JroQub37zEKBahpVIe0YpZ7QmedNme9URTnndkI7J9xj qarVafofxbtgqHA8Dqe8TcvOiU0PgmR3JgJYUbXIQYwsPRpJsCtTgWB/IOwYZlcM FpQSdPhvfVUAONTcM8bGqqe8pww40kW61dvwu4qlqyA1W4nj+Et4Yu9yn+Ga5H94 E8BjHgVE26sh5Q4D8JL70IpgQeuHPQ3wgRvnmzQgnpc5192zUC9ybDC5j9L17O1r ckJlbaSNKgEHrYhflog/Haa55ZfyiYJF67KIQAYcOa5em0jvgCr7zIzPUPprsT0= =eYJA -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa230.meta" Content-Disposition: attachment; filename="xsa230.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzAsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMjYsCiAgICAgICAgICAgIDIyNwogICAg ICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNo IiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuNiI6IHsKICAg ICAgIlhlblZlcnNpb24iOiAiNC42IiwKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZDcwOGI2 OTVhMzZiNGZkY2Q4ZTQ4ZTZmYzhlNjExZTAxMGY1MjgwYiIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAogICAgICAgICAgICAy MjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwKICAgICAgICAgICJQ YXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9 CiAgICB9LAogICAgIjQuNyI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC43 IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAg ICAgICJTdGFibGVSZWYiOiAiNGZiZmEzNGIxYTBiYjMyOWFhNTcyNzU0MjFl MmU5MDI3ZDMyYWFkNSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAg ICAgICAgMjI2LAogICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIyOAog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBh dGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuOCI6IHsK ICAgICAgIlhlblZlcnNpb24iOiAiNC44IiwKICAgICAgIlJlY2lwZXMiOiB7 CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMWU2 Yzg4ZmFmY2I0NjY0YTUwMTIzOWQxZDg2NjVjMzRiNTM4NDY0OCIsCiAgICAg ICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAogICAgICAgICAg ICAyMjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwKICAgICAgICAg ICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAgICAgfQogICAg ICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlhlblZlcnNpb24iOiAi NC45IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiMGZhZGEwNTlhNzk0ODE1Mzk3NmNjMTUy ZTM2NjMzZGVlM2Q1YjI3MyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMjI2LAogICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIy OAogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMw LnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIm1hc3Rl ciI6IHsKICAgICAgIlhlblZlcnNpb24iOiAibWFzdGVyIiwKICAgICAgIlJl Y2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVS ZWYiOiAiNTU5MjRiYWYyMjExZGRjZjViYThmNzAyYzlhNGMwNzczMGUwYzhl OCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAog ICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwK ICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAg ICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa230.patch" Content-Disposition: attachment; filename="xsa230.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGNvcnJlY3QgcGluIHN0YXR1cyBmaXh1cCBmb3IgY29weQoK UmVnYXJkbGVzcyBvZiBjb3B5IG9wZXJhdGlvbnMgb25seSBzZXR0aW5nIEdO VFBJTl9oc3QqLCBHTlRQSU5fZGV2KgphbHNvIG5lZWQgdG8gYmUgdGFrZW4g aW50byBhY2NvdW50IHdoZW4gZGVjaWRpbmcgd2hldGhlciB0byBjbGVhcgpf R1RGX3tyZWFkLHdyaXR9aW5nLiBBdCBsZWFzdCBmb3IgY29uc2lzdGVuY3kg d2l0aCBjb2RlIGVsc2V3aGVyZSB0aGUKcmVhZCBwYXJ0IGJldHRlciBkb2Vz bid0IHVzZSBhbnkgbWFzayBhdCBhbGwuCgpUaGlzIGlzIFhTQS0yMzAuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpkaWZmIC0tZ2l0IGEveGVuL2NvbW1vbi9ncmFudF90YWJs ZS5jIGIveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCmluZGV4IGFlMzQ1NDcu LjljOWQzM2MgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUu YworKysgYi94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKQEAgLTIxMDcsMTAg KzIxMDcsMTAgQEAgX19yZWxlYXNlX2dyYW50X2Zvcl9jb3B5KAogc3RhdGlj IHZvaWQgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGNvbnN0IHN0cnVj dCBhY3RpdmVfZ3JhbnRfZW50cnkgKmFjdCwKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdWludDE2X3QgKnN0YXR1cykKIHsKLSAgICBp ZiAoICEoYWN0LT5waW4gJiBHTlRQSU5faHN0d19tYXNrKSApCisgICAgaWYg KCAhKGFjdC0+cGluICYgKEdOVFBJTl9oc3R3X21hc2sgfCBHTlRQSU5fZGV2 d19tYXNrKSkgKQogICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3dy aXRpbmcsIHN0YXR1cyk7CiAKLSAgICBpZiAoICEoYWN0LT5waW4gJiBHTlRQ SU5faHN0cl9tYXNrKSApCisgICAgaWYgKCAhYWN0LT5waW4gKQogICAgICAg ICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3JlYWRpbmcsIHN0YXR1cyk7CiB9 CiAKQEAgLTIzMTgsNyArMjMxOCw3IEBAIF9fYWNxdWlyZV9ncmFudF9mb3Jf Y29weSgKICAKICB1bmxvY2tfb3V0X2NsZWFyOgogICAgIGlmICggIShyZWFk b25seSkgJiYKLSAgICAgICAgICEoYWN0LT5waW4gJiBHTlRQSU5faHN0d19t YXNrKSApCisgICAgICAgICAhKGFjdC0+cGluICYgKEdOVFBJTl9oc3R3X21h c2sgfCBHTlRQSU5fZGV2d19tYXNrKSkgKQogICAgICAgICBnbnR0YWJfY2xl YXJfZmxhZyhfR1RGX3dyaXRpbmcsIHN0YXR1cyk7CiAKICAgICBpZiAoICFh Y3QtPnBpbiApCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 15 12:07:01 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 12:07:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabj-000616-Tz; Tue, 15 Aug 2017 12:06:03 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabi-0005zZ-2O; Tue, 15 Aug 2017 12:06:02 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 37/78-01859-8A3E2995; Tue, 15 Aug 2017 12:06:00 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrJKsWRWlGSWpSXmKPExsWS0XRdVXfF40m RBjNX8FjcutnKbLHk42IWi1VXD7A6MHsc3f2bKYAxijUzLym/IoE1Y/3UdUwFr08wVrx6d42t gfHGQcYuRi4OIYFzjBJLJrayQTgbGCUW7z4E5HByMAu4StzYtxnKVpS4cK+BBcTmFRCUODnzC ZgtIaApcefNKnYQW0SgSGLnuZdgNpuAnsTcs5OYIHotJeZPPAU2R1igROLjkf2MEHPMJE5fXc 0KYrMIqEp0fD/NPIGRZxaS1bOQrJ6FZPUsRg6guKbE+l36EKa0xPJ/HBDV8hLb385hhrCtJHY tXcICYZtLbFu/nxVm4pTuh+wQtrXEguVboTZZSCx5dYMNU429RNe77VAzbSSmn/jKhKxmASP/ KkaN4tSistQiXUMDvaSizPSMktzEzBwgz1gvN7W4ODE9NScxqVgvOT93EyMw6uoZGBh3MG7rc j7EKMnBpCTKu+jspEghvqT8lMqMxOKM+KLSnNTiQ4wyHBxKErxrHwLlBItS01Mr0jJzgPEPk5 bg4FES4XV4BJTmLS5IzC3OTIdInWK05Nj1f80XJo5l67cAyVcT/n9jEmLJy89LlRLnPQcyTwC kIaM0D24cLEVdYpSVEuZlZGBgEOIpSC3KzSxBlX/FKM7BqCTMexFkCk9mXgnc1ldABzEBHXSl HeygkkSElFQDY3GmhJDD/99NnKtud67Qtr7mpzFFYeus4DP7P4aLbBCqjlm5s4vBgOe0VcLHo xZc6mXLbBi+vX8UIDeba+nr7SofA+wsNe6Wq9Q65xpFnqj/wlkwSc2379bdvt2n7h6beVhpKs P9zsbb6YJdH2P3/1Prk+Oau2R2bGuRhoo3y+wJ7rNFXv3rV2Ipzkg01GIuKk4EAONk++xMAwA A X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-9.tower-31.messagelabs.com!1502798758!54604304!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 45761 invoked from network); 15 Aug 2017 12:05:59 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-9.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 12:05:59 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabZ-00036z-7y; Tue, 15 Aug 2017 12:05:53 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhabZ-0006fK-78; Tue, 15 Aug 2017 12:05:53 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 12:05:53 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 228 (CVE-2017-12136) - grant_table: Race conditions with maptrack free list handling X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12136 / XSA-228 version 3 grant_table: Race conditions with maptrack free list handling UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The grant table code in Xen has a bespoke semi-lockfree allocator for recording grant mappings ("maptrack" entries). This allocator has a race which allows the free list to be corrupted. Specifically: the code for removing an entry from the free list, prior to use, assumes (without locking) that if inspecting head item shows that it is not the tail, it will continue to not be the tail of the list if it is later found to be still the head and removed with cmpxchg. But the entry might have been removed and replaced, with the result that it might be the tail by then. (The invariants for the semi-lockfree data structure were never formally documented.) Additionally, a stolen entry is put on the free list with an incorrect link field, which will very likely corrupt the list. IMPACT ====== A malicious guest administrator can crash the host, and can probably escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== Xen 4.6 and later are vulnerable. Xen 4.5 and earlier are not vulnerable. MITIGATION ========== There is no mitigation for this vulnerability. CREDITS ======= This issue was discovered by Ian Jackson of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa228.patch xen-unstable, Xen 4.9.x xsa228-4.8.patch Xen 4.8.x, Xen 4.7.x, Xen 4.6.x $ sha256sum xsa228* 35a1a7f8905770fa64da0756fe3e0400bb8c28ecae0b7cf80e749cb7962018db xsa228.meta 1979e111442517891b483e316a15a760a4c992ac4440f95e361ff12f4bebff62 xsa228.patch 5a7416f15ac9cd7cace354b6102ff58199fe0581f65a36a36869650c71784e48 xsa228-4.8.patch $ (The .meta file is a prototype machine-readable file for describing which patches are to be applied how.) DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkuNRAAoJEIP+FMlX6CvZRz4IAMnEQggvKPrt1zOC14JncQwG 7q6DRlwHcAYVxD8GEJATNV3uyDhEUiOK8A9WwDrR42FInLBHtNk1iMvJSWvBII5/ jr8OBRf8Ealv/G38jilKjX08aiYmOTnHFjMRGTT+Nw7JJImPJq3bqi+nSeiM1IDP v3Z6m9YtmXOCUPq087OngfEqtR3gG3seEqC7bKQgSk9nAojtJiPVcpw4jm3p3rl5 FYsLMVdLLxhFtiMItcdHa38/JHzxynIaCMHz8K1M/uBSLe58g6KZRerIWWls99RE Fyo5rKUQ/6HlDuJcHXcf3GHtzujSNxN3PRbtyUMNSOP9/LDgd6fHSJiEOd9fphw= =hzXD -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa228.meta" Content-Disposition: attachment; filename="xsa228.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMjgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IgogIF0sCiAgIlRyZWVzIjogWwogICAgInhlbiIKICBdLAogICJS ZWNpcGVzIjogewogICAgIjQuNiI6IHsKICAgICAgIlhlblZlcnNpb24iOiAi NC42IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiZDcwOGI2OTVhMzZiNGZkY2Q4ZTQ4ZTZm YzhlNjExZTAxMGY1MjgwYiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMjI2LAogICAgICAgICAgICAyMjcKICAgICAgICAgIF0sCiAg ICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIyOC00LjgucGF0Y2giIF0KICAg ICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC43IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjciLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI0ZmJmYTM0YjFhMGJi MzI5YWE1NzI3NTQyMWUyZTkwMjdkMzJhYWQ1IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMjYsCiAgICAgICAgICAgIDIyNwogICAg ICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjI4LTQuOC5w YXRjaCIgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjgiOiB7 CiAgICAgICJYZW5WZXJzaW9uIjogIjQuOCIsCiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjFl NmM4OGZhZmNiNDY2NGE1MDEyMzlkMWQ4NjY1YzM0YjUzODQ2NDgiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIyNiwKICAgICAgICAg ICAgMjI3CiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbICJ4 c2EyMjgtNC44LnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuOSI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC45IiwKICAgICAg IlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFi bGVSZWYiOiAiMGZhZGEwNTlhNzk0ODE1Mzk3NmNjMTUyZTM2NjMzZGVlM2Q1 YjI3MyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2 LAogICAgICAgICAgICAyMjcKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsgInhzYTIyOC5wYXRjaCIgXQogICAgICAgIH0KICAgICAgfQog ICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJYZW5WZXJzaW9uIjogIm1h c3RlciIsCiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAg ICAgICAgICAiU3RhYmxlUmVmIjogIjU1OTI0YmFmMjIxMWRkY2Y1YmE4Zjcw MmM5YTRjMDc3MzBlMGM4ZTgiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAg ICAgICAgICAgIDIyNiwKICAgICAgICAgICAgMjI3CiAgICAgICAgICBdLAog ICAgICAgICAgIlBhdGNoZXMiOiBbICJ4c2EyMjgucGF0Y2giIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa228.patch" Content-Disposition: attachment; filename="xsa228.patch" Content-Transfer-Encoding: base64 RnJvbSA5YTUyYzc4ZWI0ZmY3ODM2YmY3YWM5ZWNkOTE4YjI4OWNlYWQxZjNm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 amJldWxpY2hAc3VzZS5jb20+CkRhdGU6IE1vbiwgMzEgSnVsIDIwMTcgMTU6 MTc6NTYgKzAxMDAKU3ViamVjdDogW1BBVENIXSBnbnR0YWI6IHNwbGl0IG1h cHRyYWNrIGxvY2sgdG8gbWFrZSBpdCBmdWxmaWxsIGl0cyBwdXJwb3NlCiBh Z2FpbgoKVGhlIHdheSB0aGUgbG9jayBpcyBjdXJyZW50bHkgYmVpbmcgdXNl ZCBpbiBnZXRfbWFwdHJhY2tfaGFuZGxlKCksIGl0CnByb3RlY3RzIG9ubHkg dGhlIG1hcHRyYWNrIGxpbWl0OiBUaGUgZnVuY3Rpb24gYWN0cyBvbiBjdXJy ZW50J3MgbGlzdApvbmx5LCBzbyByYWNlcyBvbiBsaXN0IGFjY2Vzc2VzIGFy ZSBpbXBvc3NpYmxlIGV2ZW4gd2l0aG91dCB0aGUgbG9jay4KCk90b2ggbGlz dCBhY2Nlc3MgcmFjZXMgYXJlIHBvc3NpYmxlIGJldHdlZW4gX19nZXRfbWFw dHJhY2tfaGFuZGxlKCkgYW5kCnB1dF9tYXB0cmFja19oYW5kbGUoKSwgZHVl IHRvIHRoZSBpbnZvY2F0aW9uIG9mIHRoZSBmb3JtZXIgZm9yIG90aGVyCnRo YW4gY3VycmVudCBmcm9tIHN0ZWFsX21hcHRyYWNrX2hhbmRsZSgpLiBJbnRy b2R1Y2UgYSBwZXItdkNQVSBsb2NrCmZvciBsaXN0IGFjY2Vzc2VzIHRvIGJl Y29tZSByYWNlIGZyZWUgYWdhaW4uIFRoaXMgbG9jayB3aWxsIGJlCnVuY29u dGVuZGVkIGV4Y2VwdCB3aGVuIGl0IGJlY29tZXMgbmVjZXNzYXJ5IHRvIHRh a2UgdGhlIHN0ZWFsIHBhdGgsCmkuZS4gaW4gdGhlIGNvbW1vbiBjYXNlIHRo ZXJlIHNob3VsZCBiZSBubyBtZWFuaW5nZnVsIHBlcmZvcm1hbmNlCmltcGFj dC4KCldoZW4gaW4gZ2V0X21hcHRyYWNrX2hhbmRsZSBhZGRzIGEgc3RvbGVu IGVudHJ5IHRvIGEgZnJlc2gsIGVtcHR5LApmcmVlbGlzdCwgd2UgdGhpbmsg dGhhdCB0aGVyZSBpcyBwcm9iYWJseSBubyBjb25jdXJyZW5jeS4gIEhvd2V2 ZXIsCnRoaXMgaXMgbm90IGEgZmFzdCBwYXRoIGFuZCBhZGRpbmcgdGhlIGxv Y2tpbmcgdGhlcmUgbWFrZXMgdGhlIGNvZGUKY2xlYXJseSBjb3JyZWN0LgoK QWxzbywgd2hpbGUgd2UgYXJlIGhlcmU6IHRoZSBzdG9sZW4gbWFwdHJhY2tf ZW50cnkncyB0YWlsIHBvaW50ZXIgd2FzCm5vdCBwcm9wZXJseSBzZXQuICBT ZXQgaXQuCgpUaGlzIGlzIFhTQS0yMjguCgpSZXBvcnRlZC1ieTogSWFuIEph Y2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+ClNpZ25lZC1vZmYt Ynk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KU2lnbmVkLW9m Zi1ieTogSWFuIEphY2tzb24gPElhbi5KYWNrc29uQGV1LmNpdHJpeC5jb20+ Ci0tLQogZG9jcy9taXNjL2dyYW50LXRhYmxlcy50eHQgICAgfCAgNyArKysr KystCiB4ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgICAgICB8IDMwICsrKysr KysrKysrKysrKysrKysrKysrKy0tLS0tLQogeGVuL2luY2x1ZGUveGVuL2dy YW50X3RhYmxlLmggfCAgMiArLQogeGVuL2luY2x1ZGUveGVuL3NjaGVkLmgg ICAgICAgfCAgMSArCiA0IGZpbGVzIGNoYW5nZWQsIDMyIGluc2VydGlvbnMo KyksIDggZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNjL2dy YW50LXRhYmxlcy50eHQgYi9kb2NzL21pc2MvZ3JhbnQtdGFibGVzLnR4dApp bmRleCA0MTdjZTJkLi42NGRhNWNmIDEwMDY0NAotLS0gYS9kb2NzL21pc2Mv Z3JhbnQtdGFibGVzLnR4dAorKysgYi9kb2NzL21pc2MvZ3JhbnQtdGFibGVz LnR4dApAQCAtODcsNyArODcsOCBAQCBpcyBjb21wbGV0ZS4KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBpbmNvbnNpc3RlbnQgZ3JhbnQgdGFi bGUgc3RhdGUgc3VjaCBhcyBjdXJyZW50CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmVyc2lvbiwgcGFydGlhbGx5IGluaXRpYWxpemVkIGFj dGl2ZSB0YWJsZSBwYWdlcywKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBldGMuCi0gIGdyYW50X3RhYmxlLT5tYXB0cmFja19sb2NrIDogc3Bp bmxvY2sgdXNlZCB0byBwcm90ZWN0IHRoZSBtYXB0cmFjayBmcmVlIGxpc3QK KyAgZ3JhbnRfdGFibGUtPm1hcHRyYWNrX2xvY2sgOiBzcGlubG9jayB1c2Vk IHRvIHByb3RlY3QgdGhlIG1hcHRyYWNrIGxpbWl0CisgIHYtPm1hcHRyYWNr X2ZyZWVsaXN0X2xvY2sgIDogc3BpbmxvY2sgdXNlZCB0byBwcm90ZWN0IHRo ZSBtYXB0cmFjayBmcmVlIGxpc3QKICAgYWN0aXZlX2dyYW50X2VudHJ5LT5s b2NrICAgOiBzcGlubG9jayB1c2VkIHRvIHNlcmlhbGl6ZSBtb2RpZmljYXRp b25zIHRvCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0aXZl IGVudHJpZXMKIApAQCAtMTAyLDYgKzEwMywxMCBAQCBpcyBjb21wbGV0ZS4K ICBUaGUgbWFwdHJhY2sgZnJlZSBsaXN0IGlzIHByb3RlY3RlZCBieSBpdHMg b3duIHNwaW5sb2NrLiBUaGUgbWFwdHJhY2sKICBsb2NrIG1heSBiZSBsb2Nr ZWQgd2hpbGUgaG9sZGluZyB0aGUgZ3JhbnQgdGFibGUgbG9jay4KIAorIFRo ZSBtYXB0cmFja19mcmVlbGlzdF9sb2NrIGlzIGFuIGlubmVybW9zdCBsb2Nr LiAgSXQgbWF5IGJlIGxvY2tlZAorIHdoaWxlIGhvbGRpbmcgb3RoZXIgbG9j a3MsIGJ1dCBubyBvdGhlciBsb2NrcyBtYXkgYmUgYWNxdWlyZWQgd2l0aGlu CisgaXQuCisKICBBY3RpdmUgZW50cmllcyBhcmUgb2J0YWluZWQgYnkgY2Fs bGluZyBhY3RpdmVfZW50cnlfYWNxdWlyZShndCwgcmVmKS4KICBUaGlzIGZ1 bmN0aW9uIHJldHVybnMgYSBwb2ludGVyIHRvIHRoZSBhY3RpdmUgZW50cnkg YWZ0ZXIgbG9ja2luZyBpdHMKICBzcGlubG9jay4gVGhlIGNhbGxlciBtdXN0 IGhvbGQgdGhlIGdyYW50IHRhYmxlIHJlYWQgbG9jayBiZWZvcmUKZGlmZiAt LWdpdCBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYyBiL3hlbi9jb21tb24v Z3JhbnRfdGFibGUuYwppbmRleCBhZTM0NTQ3Li5lZTMzYmQ4IDEwMDY0NAot LS0gYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1v bi9ncmFudF90YWJsZS5jCkBAIC0zMDQsMTEgKzMwNCwxNiBAQCBfX2dldF9t YXB0cmFja19oYW5kbGUoCiB7CiAgICAgdW5zaWduZWQgaW50IGhlYWQsIG5l eHQsIHByZXZfaGVhZDsKIAorICAgIHNwaW5fbG9jaygmdi0+bWFwdHJhY2tf ZnJlZWxpc3RfbG9jayk7CisKICAgICBkbyB7CiAgICAgICAgIC8qIE5vIG1h cHRyYWNrIHBhZ2VzIGFsbG9jYXRlZCBmb3IgdGhpcyBWQ1BVIHlldD8gKi8K ICAgICAgICAgaGVhZCA9IHJlYWRfYXRvbWljKCZ2LT5tYXB0cmFja19oZWFk KTsKICAgICAgICAgaWYgKCB1bmxpa2VseShoZWFkID09IE1BUFRSQUNLX1RB SUwpICkKKyAgICAgICAgeworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnYt Pm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2spOwogICAgICAgICAgICAgcmV0dXJu IC0xOworICAgICAgICB9CiAKICAgICAgICAgLyoKICAgICAgICAgICogQWx3 YXlzIGtlZXAgb25lIGVudHJ5IGluIHRoZSBmcmVlIGxpc3QgdG8gbWFrZSBp dCBlYXNpZXIgdG8KQEAgLTMxNiwxMiArMzIxLDE3IEBAIF9fZ2V0X21hcHRy YWNrX2hhbmRsZSgKICAgICAgICAgICovCiAgICAgICAgIG5leHQgPSByZWFk X2F0b21pYygmbWFwdHJhY2tfZW50cnkodCwgaGVhZCkucmVmKTsKICAgICAg ICAgaWYgKCB1bmxpa2VseShuZXh0ID09IE1BUFRSQUNLX1RBSUwpICkKKyAg ICAgICAgeworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnYtPm1hcHRyYWNr X2ZyZWVsaXN0X2xvY2spOwogICAgICAgICAgICAgcmV0dXJuIC0xOworICAg ICAgICB9CiAKICAgICAgICAgcHJldl9oZWFkID0gaGVhZDsKICAgICAgICAg aGVhZCA9IGNtcHhjaGcoJnYtPm1hcHRyYWNrX2hlYWQsIHByZXZfaGVhZCwg bmV4dCk7CiAgICAgfSB3aGlsZSAoIGhlYWQgIT0gcHJldl9oZWFkICk7CiAK KyAgICBzcGluX3VubG9jaygmdi0+bWFwdHJhY2tfZnJlZWxpc3RfbG9jayk7 CisKICAgICByZXR1cm4gaGVhZDsKIH0KIApAQCAtMzgwLDYgKzM5MCw4IEBA IHB1dF9tYXB0cmFja19oYW5kbGUoCiAgICAgLyogMi4gQWRkIGVudHJ5IHRv IHRoZSB0YWlsIG9mIHRoZSBsaXN0IG9uIHRoZSBvcmlnaW5hbCBWQ1BVLiAq LwogICAgIHYgPSBjdXJyZC0+dmNwdVttYXB0cmFja19lbnRyeSh0LCBoYW5k bGUpLnZjcHVdOwogCisgICAgc3Bpbl9sb2NrKCZ2LT5tYXB0cmFja19mcmVl bGlzdF9sb2NrKTsKKwogICAgIGN1cl90YWlsID0gcmVhZF9hdG9taWMoJnYt Pm1hcHRyYWNrX3RhaWwpOwogICAgIGRvIHsKICAgICAgICAgcHJldl90YWls ID0gY3VyX3RhaWw7CkBAIC0zODgsNiArNDAwLDggQEAgcHV0X21hcHRyYWNr X2hhbmRsZSgKIAogICAgIC8qIDMuIFVwZGF0ZSB0aGUgb2xkIHRhaWwgZW50 cnkgdG8gcG9pbnQgdG8gdGhlIG5ldyBlbnRyeS4gKi8KICAgICB3cml0ZV9h dG9taWMoJm1hcHRyYWNrX2VudHJ5KHQsIHByZXZfdGFpbCkucmVmLCBoYW5k bGUpOworCisgICAgc3Bpbl91bmxvY2soJnYtPm1hcHRyYWNrX2ZyZWVsaXN0 X2xvY2spOwogfQogCiBzdGF0aWMgaW5saW5lIGludApAQCAtNDExLDEwICs0 MjUsNiBAQCBnZXRfbWFwdHJhY2tfaGFuZGxlKAogICAgICAqLwogICAgIGlm ICggbnJfbWFwdHJhY2tfZnJhbWVzKGxndCkgPj0gbWF4X21hcHRyYWNrX2Zy YW1lcyApCiAgICAgewotICAgICAgICAvKgotICAgICAgICAgKiBDYW4gZHJv cCB0aGUgbG9jayBzaW5jZSBubyBvdGhlciBWQ1BVIGNhbiBiZSBhZGRpbmcg YSBuZXcKLSAgICAgICAgICogZnJhbWUgb25jZSB0aGV5J3ZlIHJ1biBvdXQu Ci0gICAgICAgICAqLwogICAgICAgICBzcGluX3VubG9jaygmbGd0LT5tYXB0 cmFja19sb2NrKTsKIAogICAgICAgICAvKgpAQCAtNDI2LDggKzQzNiwxMiBA QCBnZXRfbWFwdHJhY2tfaGFuZGxlKAogICAgICAgICAgICAgaGFuZGxlID0g c3RlYWxfbWFwdHJhY2tfaGFuZGxlKGxndCwgY3Vycik7CiAgICAgICAgICAg ICBpZiAoIGhhbmRsZSA9PSAtMSApCiAgICAgICAgICAgICAgICAgcmV0dXJu IC0xOworICAgICAgICAgICAgc3Bpbl9sb2NrKCZjdXJyLT5tYXB0cmFja19m cmVlbGlzdF9sb2NrKTsKKyAgICAgICAgICAgIG1hcHRyYWNrX2VudHJ5KGxn dCwgaGFuZGxlKS5yZWYgPSBNQVBUUkFDS19UQUlMOwogICAgICAgICAgICAg Y3Vyci0+bWFwdHJhY2tfdGFpbCA9IGhhbmRsZTsKLSAgICAgICAgICAgIHdy aXRlX2F0b21pYygmY3Vyci0+bWFwdHJhY2tfaGVhZCwgaGFuZGxlKTsKKyAg ICAgICAgICAgIGlmICggY3Vyci0+bWFwdHJhY2tfaGVhZCA9PSBNQVBUUkFD S19UQUlMICkKKyAgICAgICAgICAgICAgICB3cml0ZV9hdG9taWMoJmN1cnIt Pm1hcHRyYWNrX2hlYWQsIGhhbmRsZSk7CisgICAgICAgICAgICBzcGluX3Vu bG9jaygmY3Vyci0+bWFwdHJhY2tfZnJlZWxpc3RfbG9jayk7CiAgICAgICAg IH0KICAgICAgICAgcmV0dXJuIHN0ZWFsX21hcHRyYWNrX2hhbmRsZShsZ3Qs IGN1cnIpOwogICAgIH0KQEAgLTQ2MCwxMiArNDc0LDE1IEBAIGdldF9tYXB0 cmFja19oYW5kbGUoCiAgICAgc21wX3dtYigpOwogICAgIGxndC0+bWFwdHJh Y2tfbGltaXQgKz0gTUFQVFJBQ0tfUEVSX1BBR0U7CiAKKyAgICBzcGluX3Vu bG9jaygmbGd0LT5tYXB0cmFja19sb2NrKTsKKyAgICBzcGluX2xvY2soJmN1 cnItPm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2spOworCiAgICAgZG8gewogICAg ICAgICBuZXdfbXRbaSAtIDFdLnJlZiA9IHJlYWRfYXRvbWljKCZjdXJyLT5t YXB0cmFja19oZWFkKTsKICAgICAgICAgaGVhZCA9IGNtcHhjaGcoJmN1cnIt Pm1hcHRyYWNrX2hlYWQsIG5ld19tdFtpIC0gMV0ucmVmLCBoYW5kbGUgKyAx KTsKICAgICB9IHdoaWxlICggaGVhZCAhPSBuZXdfbXRbaSAtIDFdLnJlZiAp OwogCi0gICAgc3Bpbl91bmxvY2soJmxndC0+bWFwdHJhY2tfbG9jayk7Cisg ICAgc3Bpbl91bmxvY2soJmN1cnItPm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2sp OwogCiAgICAgcmV0dXJuIGhhbmRsZTsKIH0KQEAgLTM0NzUsNiArMzQ5Miw3 IEBAIGdyYW50X3RhYmxlX2Rlc3Ryb3koCiAKIHZvaWQgZ3JhbnRfdGFibGVf aW5pdF92Y3B1KHN0cnVjdCB2Y3B1ICp2KQogeworICAgIHNwaW5fbG9ja19p bml0KCZ2LT5tYXB0cmFja19mcmVlbGlzdF9sb2NrKTsKICAgICB2LT5tYXB0 cmFja19oZWFkID0gTUFQVFJBQ0tfVEFJTDsKICAgICB2LT5tYXB0cmFja190 YWlsID0gTUFQVFJBQ0tfVEFJTDsKIH0KZGlmZiAtLWdpdCBhL3hlbi9pbmNs dWRlL3hlbi9ncmFudF90YWJsZS5oIGIveGVuL2luY2x1ZGUveGVuL2dyYW50 X3RhYmxlLmgKaW5kZXggNGU3Nzg5OS4uMTAwZjJiMyAxMDA2NDQKLS0tIGEv eGVuL2luY2x1ZGUveGVuL2dyYW50X3RhYmxlLmgKKysrIGIveGVuL2luY2x1 ZGUveGVuL2dyYW50X3RhYmxlLmgKQEAgLTc4LDcgKzc4LDcgQEAgc3RydWN0 IGdyYW50X3RhYmxlIHsKICAgICAvKiBNYXBwaW5nIHRyYWNraW5nIHRhYmxl IHBlciB2Y3B1LiAqLwogICAgIHN0cnVjdCBncmFudF9tYXBwaW5nICoqbWFw dHJhY2s7CiAgICAgdW5zaWduZWQgaW50ICAgICAgICAgIG1hcHRyYWNrX2xp bWl0OwotICAgIC8qIExvY2sgcHJvdGVjdGluZyB0aGUgbWFwdHJhY2sgcGFn ZSBsaXN0LCBoZWFkLCBhbmQgbGltaXQgKi8KKyAgICAvKiBMb2NrIHByb3Rl Y3RpbmcgdGhlIG1hcHRyYWNrIGxpbWl0ICovCiAgICAgc3BpbmxvY2tfdCAg ICAgICAgICAgIG1hcHRyYWNrX2xvY2s7CiAgICAgLyogVGhlIGRlZmluZWQg dmVyc2lvbnMgYXJlIDEgYW5kIDIuICBTZXQgdG8gMCBpZiB3ZSBkb24ndCBr bm93CiAgICAgICAgd2hhdCB2ZXJzaW9uIHRvIHVzZSB5ZXQuICovCmRpZmYg LS1naXQgYS94ZW4vaW5jbHVkZS94ZW4vc2NoZWQuaCBiL3hlbi9pbmNsdWRl L3hlbi9zY2hlZC5oCmluZGV4IDY2NzNiMjcuLjg2OTBmMjkgMTAwNjQ0Ci0t LSBhL3hlbi9pbmNsdWRlL3hlbi9zY2hlZC5oCisrKyBiL3hlbi9pbmNsdWRl L3hlbi9zY2hlZC5oCkBAIC0yMzAsNiArMjMwLDcgQEAgc3RydWN0IHZjcHUK ICAgICBpbnQgICAgICAgICAgICAgIGNvbnRyb2xsZXJfcGF1c2VfY291bnQ7 CiAKICAgICAvKiBHcmFudCB0YWJsZSBtYXAgdHJhY2tpbmcuICovCisgICAg c3BpbmxvY2tfdCAgICAgICBtYXB0cmFja19mcmVlbGlzdF9sb2NrOwogICAg IHVuc2lnbmVkIGludCAgICAgbWFwdHJhY2tfaGVhZDsKICAgICB1bnNpZ25l ZCBpbnQgICAgIG1hcHRyYWNrX3RhaWw7CiAKLS0gCjIuMS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa228-4.8.patch" Content-Disposition: attachment; filename="xsa228-4.8.patch" Content-Transfer-Encoding: base64 RnJvbSBjYjkxZjRjNDNiZDQxNThkYWE2NTYxYzczOTIxYTY0NTUxNzZmMjc4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKYW4gQmV1bGljaCA8 amJldWxpY2hAc3VzZS5jb20+CkRhdGU6IE1vbiwgMzEgSnVsIDIwMTcgMTU6 MTc6NTYgKzAxMDAKU3ViamVjdDogW1BBVENIXSBnbnR0YWI6IHNwbGl0IG1h cHRyYWNrIGxvY2sgdG8gbWFrZSBpdCBmdWxmaWxsIGl0cyBwdXJwb3NlCiBh Z2FpbgoKVGhlIHdheSB0aGUgbG9jayBpcyBjdXJyZW50bHkgYmVpbmcgdXNl ZCBpbiBnZXRfbWFwdHJhY2tfaGFuZGxlKCksIGl0CnByb3RlY3RzIG9ubHkg dGhlIG1hcHRyYWNrIGxpbWl0OiBUaGUgZnVuY3Rpb24gYWN0cyBvbiBjdXJy ZW50J3MgbGlzdApvbmx5LCBzbyByYWNlcyBvbiBsaXN0IGFjY2Vzc2VzIGFy ZSBpbXBvc3NpYmxlIGV2ZW4gd2l0aG91dCB0aGUgbG9jay4KCk90b2ggbGlz dCBhY2Nlc3MgcmFjZXMgYXJlIHBvc3NpYmxlIGJldHdlZW4gX19nZXRfbWFw dHJhY2tfaGFuZGxlKCkgYW5kCnB1dF9tYXB0cmFja19oYW5kbGUoKSwgZHVl IHRvIHRoZSBpbnZvY2F0aW9uIG9mIHRoZSBmb3JtZXIgZm9yIG90aGVyCnRo YW4gY3VycmVudCBmcm9tIHN0ZWFsX21hcHRyYWNrX2hhbmRsZSgpLiBJbnRy b2R1Y2UgYSBwZXItdkNQVSBsb2NrCmZvciBsaXN0IGFjY2Vzc2VzIHRvIGJl Y29tZSByYWNlIGZyZWUgYWdhaW4uIFRoaXMgbG9jayB3aWxsIGJlCnVuY29u dGVuZGVkIGV4Y2VwdCB3aGVuIGl0IGJlY29tZXMgbmVjZXNzYXJ5IHRvIHRh a2UgdGhlIHN0ZWFsIHBhdGgsCmkuZS4gaW4gdGhlIGNvbW1vbiBjYXNlIHRo ZXJlIHNob3VsZCBiZSBubyBtZWFuaW5nZnVsIHBlcmZvcm1hbmNlCmltcGFj dC4KCldoZW4gaW4gZ2V0X21hcHRyYWNrX2hhbmRsZSBhZGRzIGEgc3RvbGVu IGVudHJ5IHRvIGEgZnJlc2gsIGVtcHR5LApmcmVlbGlzdCwgd2UgdGhpbmsg dGhhdCB0aGVyZSBpcyBwcm9iYWJseSBubyBjb25jdXJyZW5jeS4gIEhvd2V2 ZXIsCnRoaXMgaXMgbm90IGEgZmFzdCBwYXRoIGFuZCBhZGRpbmcgdGhlIGxv Y2tpbmcgdGhlcmUgbWFrZXMgdGhlIGNvZGUKY2xlYXJseSBjb3JyZWN0LgoK QWxzbywgd2hpbGUgd2UgYXJlIGhlcmU6IHRoZSBzdG9sZW4gbWFwdHJhY2tf ZW50cnkncyB0YWlsIHBvaW50ZXIgd2FzCm5vdCBwcm9wZXJseSBzZXQuICBT ZXQgaXQuCgpUaGlzIGlzIFhTQS0yMjguCgpSZXBvcnRlZC1ieTogSWFuIEph Y2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+ClNpZ25lZC1vZmYt Ynk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KU2lnbmVkLW9m Zi1ieTogSWFuIEphY2tzb24gPElhbi5KYWNrc29uQGV1LmNpdHJpeC5jb20+ Ci0tLQogZG9jcy9taXNjL2dyYW50LXRhYmxlcy50eHQgICAgfCAgNyArKysr KystCiB4ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgICAgICB8IDMwICsrKysr KysrKysrKysrKysrKysrKysrKy0tLS0tLQogeGVuL2luY2x1ZGUveGVuL2dy YW50X3RhYmxlLmggfCAgMiArLQogeGVuL2luY2x1ZGUveGVuL3NjaGVkLmgg ICAgICAgfCAgMSArCiA0IGZpbGVzIGNoYW5nZWQsIDMyIGluc2VydGlvbnMo KyksIDggZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNjL2dy YW50LXRhYmxlcy50eHQgYi9kb2NzL21pc2MvZ3JhbnQtdGFibGVzLnR4dApp bmRleCA0MTdjZTJkLi42NGRhNWNmIDEwMDY0NAotLS0gYS9kb2NzL21pc2Mv Z3JhbnQtdGFibGVzLnR4dAorKysgYi9kb2NzL21pc2MvZ3JhbnQtdGFibGVz LnR4dApAQCAtODcsNyArODcsOCBAQCBpcyBjb21wbGV0ZS4KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBpbmNvbnNpc3RlbnQgZ3JhbnQgdGFi bGUgc3RhdGUgc3VjaCBhcyBjdXJyZW50CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmVyc2lvbiwgcGFydGlhbGx5IGluaXRpYWxpemVkIGFj dGl2ZSB0YWJsZSBwYWdlcywKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBldGMuCi0gIGdyYW50X3RhYmxlLT5tYXB0cmFja19sb2NrIDogc3Bp bmxvY2sgdXNlZCB0byBwcm90ZWN0IHRoZSBtYXB0cmFjayBmcmVlIGxpc3QK KyAgZ3JhbnRfdGFibGUtPm1hcHRyYWNrX2xvY2sgOiBzcGlubG9jayB1c2Vk IHRvIHByb3RlY3QgdGhlIG1hcHRyYWNrIGxpbWl0CisgIHYtPm1hcHRyYWNr X2ZyZWVsaXN0X2xvY2sgIDogc3BpbmxvY2sgdXNlZCB0byBwcm90ZWN0IHRo ZSBtYXB0cmFjayBmcmVlIGxpc3QKICAgYWN0aXZlX2dyYW50X2VudHJ5LT5s b2NrICAgOiBzcGlubG9jayB1c2VkIHRvIHNlcmlhbGl6ZSBtb2RpZmljYXRp b25zIHRvCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0aXZl IGVudHJpZXMKIApAQCAtMTAyLDYgKzEwMywxMCBAQCBpcyBjb21wbGV0ZS4K ICBUaGUgbWFwdHJhY2sgZnJlZSBsaXN0IGlzIHByb3RlY3RlZCBieSBpdHMg b3duIHNwaW5sb2NrLiBUaGUgbWFwdHJhY2sKICBsb2NrIG1heSBiZSBsb2Nr ZWQgd2hpbGUgaG9sZGluZyB0aGUgZ3JhbnQgdGFibGUgbG9jay4KIAorIFRo ZSBtYXB0cmFja19mcmVlbGlzdF9sb2NrIGlzIGFuIGlubmVybW9zdCBsb2Nr LiAgSXQgbWF5IGJlIGxvY2tlZAorIHdoaWxlIGhvbGRpbmcgb3RoZXIgbG9j a3MsIGJ1dCBubyBvdGhlciBsb2NrcyBtYXkgYmUgYWNxdWlyZWQgd2l0aGlu CisgaXQuCisKICBBY3RpdmUgZW50cmllcyBhcmUgb2J0YWluZWQgYnkgY2Fs bGluZyBhY3RpdmVfZW50cnlfYWNxdWlyZShndCwgcmVmKS4KICBUaGlzIGZ1 bmN0aW9uIHJldHVybnMgYSBwb2ludGVyIHRvIHRoZSBhY3RpdmUgZW50cnkg YWZ0ZXIgbG9ja2luZyBpdHMKICBzcGlubG9jay4gVGhlIGNhbGxlciBtdXN0 IGhvbGQgdGhlIGdyYW50IHRhYmxlIHJlYWQgbG9jayBiZWZvcmUKZGlmZiAt LWdpdCBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYyBiL3hlbi9jb21tb24v Z3JhbnRfdGFibGUuYwppbmRleCBmOTY1NGYxLi41OTMxMjFjIDEwMDY0NAot LS0gYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1v bi9ncmFudF90YWJsZS5jCkBAIC0zMDQsMTEgKzMwNCwxNiBAQCBfX2dldF9t YXB0cmFja19oYW5kbGUoCiB7CiAgICAgdW5zaWduZWQgaW50IGhlYWQsIG5l eHQsIHByZXZfaGVhZDsKIAorICAgIHNwaW5fbG9jaygmdi0+bWFwdHJhY2tf ZnJlZWxpc3RfbG9jayk7CisKICAgICBkbyB7CiAgICAgICAgIC8qIE5vIG1h cHRyYWNrIHBhZ2VzIGFsbG9jYXRlZCBmb3IgdGhpcyBWQ1BVIHlldD8gKi8K ICAgICAgICAgaGVhZCA9IHJlYWRfYXRvbWljKCZ2LT5tYXB0cmFja19oZWFk KTsKICAgICAgICAgaWYgKCB1bmxpa2VseShoZWFkID09IE1BUFRSQUNLX1RB SUwpICkKKyAgICAgICAgeworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnYt Pm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2spOwogICAgICAgICAgICAgcmV0dXJu IC0xOworICAgICAgICB9CiAKICAgICAgICAgLyoKICAgICAgICAgICogQWx3 YXlzIGtlZXAgb25lIGVudHJ5IGluIHRoZSBmcmVlIGxpc3QgdG8gbWFrZSBp dCBlYXNpZXIgdG8KQEAgLTMxNiwxMiArMzIxLDE3IEBAIF9fZ2V0X21hcHRy YWNrX2hhbmRsZSgKICAgICAgICAgICovCiAgICAgICAgIG5leHQgPSByZWFk X2F0b21pYygmbWFwdHJhY2tfZW50cnkodCwgaGVhZCkucmVmKTsKICAgICAg ICAgaWYgKCB1bmxpa2VseShuZXh0ID09IE1BUFRSQUNLX1RBSUwpICkKKyAg ICAgICAgeworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnYtPm1hcHRyYWNr X2ZyZWVsaXN0X2xvY2spOwogICAgICAgICAgICAgcmV0dXJuIC0xOworICAg ICAgICB9CiAKICAgICAgICAgcHJldl9oZWFkID0gaGVhZDsKICAgICAgICAg aGVhZCA9IGNtcHhjaGcoJnYtPm1hcHRyYWNrX2hlYWQsIHByZXZfaGVhZCwg bmV4dCk7CiAgICAgfSB3aGlsZSAoIGhlYWQgIT0gcHJldl9oZWFkICk7CiAK KyAgICBzcGluX3VubG9jaygmdi0+bWFwdHJhY2tfZnJlZWxpc3RfbG9jayk7 CisKICAgICByZXR1cm4gaGVhZDsKIH0KIApAQCAtMzgwLDYgKzM5MCw4IEBA IHB1dF9tYXB0cmFja19oYW5kbGUoCiAgICAgLyogMi4gQWRkIGVudHJ5IHRv IHRoZSB0YWlsIG9mIHRoZSBsaXN0IG9uIHRoZSBvcmlnaW5hbCBWQ1BVLiAq LwogICAgIHYgPSBjdXJyZC0+dmNwdVttYXB0cmFja19lbnRyeSh0LCBoYW5k bGUpLnZjcHVdOwogCisgICAgc3Bpbl9sb2NrKCZ2LT5tYXB0cmFja19mcmVl bGlzdF9sb2NrKTsKKwogICAgIGN1cl90YWlsID0gcmVhZF9hdG9taWMoJnYt Pm1hcHRyYWNrX3RhaWwpOwogICAgIGRvIHsKICAgICAgICAgcHJldl90YWls ID0gY3VyX3RhaWw7CkBAIC0zODgsNiArNDAwLDggQEAgcHV0X21hcHRyYWNr X2hhbmRsZSgKIAogICAgIC8qIDMuIFVwZGF0ZSB0aGUgb2xkIHRhaWwgZW50 cnkgdG8gcG9pbnQgdG8gdGhlIG5ldyBlbnRyeS4gKi8KICAgICB3cml0ZV9h dG9taWMoJm1hcHRyYWNrX2VudHJ5KHQsIHByZXZfdGFpbCkucmVmLCBoYW5k bGUpOworCisgICAgc3Bpbl91bmxvY2soJnYtPm1hcHRyYWNrX2ZyZWVsaXN0 X2xvY2spOwogfQogCiBzdGF0aWMgaW5saW5lIGludApAQCAtNDExLDEwICs0 MjUsNiBAQCBnZXRfbWFwdHJhY2tfaGFuZGxlKAogICAgICAqLwogICAgIGlm ICggbnJfbWFwdHJhY2tfZnJhbWVzKGxndCkgPj0gbWF4X21hcHRyYWNrX2Zy YW1lcyApCiAgICAgewotICAgICAgICAvKgotICAgICAgICAgKiBDYW4gZHJv cCB0aGUgbG9jayBzaW5jZSBubyBvdGhlciBWQ1BVIGNhbiBiZSBhZGRpbmcg YSBuZXcKLSAgICAgICAgICogZnJhbWUgb25jZSB0aGV5J3ZlIHJ1biBvdXQu Ci0gICAgICAgICAqLwogICAgICAgICBzcGluX3VubG9jaygmbGd0LT5tYXB0 cmFja19sb2NrKTsKIAogICAgICAgICAvKgpAQCAtNDI2LDggKzQzNiwxMiBA QCBnZXRfbWFwdHJhY2tfaGFuZGxlKAogICAgICAgICAgICAgaGFuZGxlID0g c3RlYWxfbWFwdHJhY2tfaGFuZGxlKGxndCwgY3Vycik7CiAgICAgICAgICAg ICBpZiAoIGhhbmRsZSA9PSAtMSApCiAgICAgICAgICAgICAgICAgcmV0dXJu IC0xOworICAgICAgICAgICAgc3Bpbl9sb2NrKCZjdXJyLT5tYXB0cmFja19m cmVlbGlzdF9sb2NrKTsKKyAgICAgICAgICAgIG1hcHRyYWNrX2VudHJ5KGxn dCwgaGFuZGxlKS5yZWYgPSBNQVBUUkFDS19UQUlMOwogICAgICAgICAgICAg Y3Vyci0+bWFwdHJhY2tfdGFpbCA9IGhhbmRsZTsKLSAgICAgICAgICAgIHdy aXRlX2F0b21pYygmY3Vyci0+bWFwdHJhY2tfaGVhZCwgaGFuZGxlKTsKKyAg ICAgICAgICAgIGlmICggY3Vyci0+bWFwdHJhY2tfaGVhZCA9PSBNQVBUUkFD S19UQUlMICkKKyAgICAgICAgICAgICAgICB3cml0ZV9hdG9taWMoJmN1cnIt Pm1hcHRyYWNrX2hlYWQsIGhhbmRsZSk7CisgICAgICAgICAgICBzcGluX3Vu bG9jaygmY3Vyci0+bWFwdHJhY2tfZnJlZWxpc3RfbG9jayk7CiAgICAgICAg IH0KICAgICAgICAgcmV0dXJuIHN0ZWFsX21hcHRyYWNrX2hhbmRsZShsZ3Qs IGN1cnIpOwogICAgIH0KQEAgLTQ2MCwxMiArNDc0LDE1IEBAIGdldF9tYXB0 cmFja19oYW5kbGUoCiAgICAgc21wX3dtYigpOwogICAgIGxndC0+bWFwdHJh Y2tfbGltaXQgKz0gTUFQVFJBQ0tfUEVSX1BBR0U7CiAKKyAgICBzcGluX3Vu bG9jaygmbGd0LT5tYXB0cmFja19sb2NrKTsKKyAgICBzcGluX2xvY2soJmN1 cnItPm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2spOworCiAgICAgZG8gewogICAg ICAgICBuZXdfbXRbaSAtIDFdLnJlZiA9IHJlYWRfYXRvbWljKCZjdXJyLT5t YXB0cmFja19oZWFkKTsKICAgICAgICAgaGVhZCA9IGNtcHhjaGcoJmN1cnIt Pm1hcHRyYWNrX2hlYWQsIG5ld19tdFtpIC0gMV0ucmVmLCBoYW5kbGUgKyAx KTsKICAgICB9IHdoaWxlICggaGVhZCAhPSBuZXdfbXRbaSAtIDFdLnJlZiAp OwogCi0gICAgc3Bpbl91bmxvY2soJmxndC0+bWFwdHJhY2tfbG9jayk7Cisg ICAgc3Bpbl91bmxvY2soJmN1cnItPm1hcHRyYWNrX2ZyZWVsaXN0X2xvY2sp OwogCiAgICAgcmV0dXJuIGhhbmRsZTsKIH0KQEAgLTM0NzQsNiArMzQ5MSw3 IEBAIGdyYW50X3RhYmxlX2Rlc3Ryb3koCiAKIHZvaWQgZ3JhbnRfdGFibGVf aW5pdF92Y3B1KHN0cnVjdCB2Y3B1ICp2KQogeworICAgIHNwaW5fbG9ja19p bml0KCZ2LT5tYXB0cmFja19mcmVlbGlzdF9sb2NrKTsKICAgICB2LT5tYXB0 cmFja19oZWFkID0gTUFQVFJBQ0tfVEFJTDsKICAgICB2LT5tYXB0cmFja190 YWlsID0gTUFQVFJBQ0tfVEFJTDsKIH0KZGlmZiAtLWdpdCBhL3hlbi9pbmNs dWRlL3hlbi9ncmFudF90YWJsZS5oIGIveGVuL2luY2x1ZGUveGVuL2dyYW50 X3RhYmxlLmgKaW5kZXggNGU3Nzg5OS4uMTAwZjJiMyAxMDA2NDQKLS0tIGEv eGVuL2luY2x1ZGUveGVuL2dyYW50X3RhYmxlLmgKKysrIGIveGVuL2luY2x1 ZGUveGVuL2dyYW50X3RhYmxlLmgKQEAgLTc4LDcgKzc4LDcgQEAgc3RydWN0 IGdyYW50X3RhYmxlIHsKICAgICAvKiBNYXBwaW5nIHRyYWNraW5nIHRhYmxl IHBlciB2Y3B1LiAqLwogICAgIHN0cnVjdCBncmFudF9tYXBwaW5nICoqbWFw dHJhY2s7CiAgICAgdW5zaWduZWQgaW50ICAgICAgICAgIG1hcHRyYWNrX2xp bWl0OwotICAgIC8qIExvY2sgcHJvdGVjdGluZyB0aGUgbWFwdHJhY2sgcGFn ZSBsaXN0LCBoZWFkLCBhbmQgbGltaXQgKi8KKyAgICAvKiBMb2NrIHByb3Rl Y3RpbmcgdGhlIG1hcHRyYWNrIGxpbWl0ICovCiAgICAgc3BpbmxvY2tfdCAg ICAgICAgICAgIG1hcHRyYWNrX2xvY2s7CiAgICAgLyogVGhlIGRlZmluZWQg dmVyc2lvbnMgYXJlIDEgYW5kIDIuICBTZXQgdG8gMCBpZiB3ZSBkb24ndCBr bm93CiAgICAgICAgd2hhdCB2ZXJzaW9uIHRvIHVzZSB5ZXQuICovCmRpZmYg LS1naXQgYS94ZW4vaW5jbHVkZS94ZW4vc2NoZWQuaCBiL3hlbi9pbmNsdWRl L3hlbi9zY2hlZC5oCmluZGV4IDFmYmRhODcuLmZmMGYzOGYgMTAwNjQ0Ci0t LSBhL3hlbi9pbmNsdWRlL3hlbi9zY2hlZC5oCisrKyBiL3hlbi9pbmNsdWRl L3hlbi9zY2hlZC5oCkBAIC0yMjMsNiArMjIzLDcgQEAgc3RydWN0IHZjcHUK ICAgICBpbnQgICAgICAgICAgICAgIGNvbnRyb2xsZXJfcGF1c2VfY291bnQ7 CiAKICAgICAvKiBNYXB0cmFjayAqLworICAgIHNwaW5sb2NrX3QgICAgICAg bWFwdHJhY2tfZnJlZWxpc3RfbG9jazsKICAgICB1bnNpZ25lZCBpbnQgICAg IG1hcHRyYWNrX2hlYWQ7CiAgICAgdW5zaWduZWQgaW50ICAgICBtYXB0cmFj a190YWlsOwogCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 15 12:07:01 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 12:07:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabe-0005x4-1c; Tue, 15 Aug 2017 12:05:58 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabc-0005wZ-4S; Tue, 15 Aug 2017 12:05:56 +0000 Received: from [193.109.254.147] by server-1.bemta-6.messagelabs.com id EE/BE-03765-3A3E2995; Tue, 15 Aug 2017 12:05:55 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrDKsWRWlGSWpSXmKPExsWS0XRdVXfR40m RBivvslrcutnKbLHk42IWi1VXD7A6MHsc3f2bKYAxijUzLym/IoE1Y9qNBywFDx8xVtz8ep6t gfHtLcYuRi4OIYFzjBKP2s+wQDgbGCVWLV7D3MXIycEs4CpxY99mNghbUeLCvQYWEJtXQFDi5 MwnYLaEgKbEnTer2EFsEYEiiZ3nXoLZbAJ6EnPPTmKC6LWUmD/xFNAcDg5hgXiJXU0yEGPMJJ 5/bgZbxSKgKvFo0gbmCYw8s5BsnoVk8ywkm2cBTWIG2rx+lz6EKS2x/B8HRLW8xPa3c5ghbGu JFR1boKZYSJw9+IwFZuKU7ofsELa9xJOnrVA1NhKfXv5gwqbm1MrpzDA1bYc7WLGp2bvkMytM TcOkryhqFjAKrWLUKE4tKkst0jU00UsqykzPKMlNzMzRNTQw08tNLS5OTE/NSUwq1kvOz93EC IxdBiDYwXh9Y8AhRkkOJiVR3kVnJ0UK8SXlp1RmJBZnxBeV5qQWH2KU4eBQkuD1fASUEyxKTU +tSMvMASYRmLQEB4+SCG8LSJq3uCAxtzgzHSJ1itGSY9f/NV+YOJat3wIkX034/41JiCUvPy9 VSpzXHaRBAKQhozQPbhws0V1ilJUS5mUEOlCIpyC1KDezBFX+FaM4B6OSMG89yBSezLwSuK2v gA5iAjroSjvYQSWJCCmpBsYezogus6hOzaMX9m+f/Pnnug73FLerLn4rT+Ysm3Cm2pD9v7dY3 IQJgsxrKqWnFXJOKef/t4b3itXBP2eUdFNTg8qSL+6QEXU89PPMu/PnvkplzZnmartAteDaN9 0jPdn3/hQmuFrcPPd/0cVNyRv3impJmW5bc6twz/J705/5fNlVpfnK74WWEktxRqKhFnNRcSI AkcKnj28DAAA= X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-6.tower-27.messagelabs.com!1502798752!112060059!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 24014 invoked from network); 15 Aug 2017 12:05:53 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-6.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 12:05:53 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabS-00036J-Ik; Tue, 15 Aug 2017 12:05:46 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhabS-0006cM-Ce; Tue, 15 Aug 2017 12:05:46 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 12:05:46 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12135 / XSA-226 version 5 multiple problems with transitive grants UPDATES IN VERSION 5 ==================== Public release. ISSUE DESCRIPTION ================= 1) Code to handle copy operations on transitive grants has built in retry logic, involving a function reinvoking itself with unchanged parameters. Such use assumes that the compiler would also translate this to a so called "tail call" when generating machine code. Empirically, this is not commonly the case, allowing for theoretically unbounded nesting of such function calls. 2) The reference counting and locking discipline for transitive grants is broken. Concurrent use of the transitive grant can leak references on the transitively-referenced grant. IMPACT ====== A malicious or buggy guest may be able to crash Xen. Privilege escalation and information leaks cannot be ruled out. A malicious or buggy guest can leak references on grants it has been given, amounting to a DoS against the grantee. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. The security team would also like to thank Amazon for helping to identify that the problems with transitive grants were deeper than originally believed. RESOLUTION ========== Applying the appropriate attached patch works around this issue by disabling transitive grants by default. xsa226.patch xen-unstable, Xen 4.9.x, Xen 4.8.x xsa226-4.7.patch Xen 4.7.x xsa226-4.6.patch Xen 4.6.x xsa226-4.5.patch Xen 4.5.x $ sha256sum xsa226* b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch ca8b92b2ff58b87e8bec137a34784cbf11e2820659046df6e1d71e23bf7e7dee xsa226-4.5.patch 28c7df7edabb91fb2f1fa3fc7d6906bfae75a6e701f1cd335baafaae3e087696 xsa226-4.6.patch fffcc0a4428723e6aea391ff4f1d27326b5a3763d2308cbde64e6a786502c702 xsa226-4.7.patch $ (The .meta file is a prototype machine-readable file for describing which patches are to be applied how.) DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkuNKAAoJEIP+FMlX6CvZUHMIALQcTfo00unwBX9RO7lBy4na LSkFE9yaPtA/pg5RRGo7Nrwl2nIDRc6Xc0ZkhNm0rfi1gnR0htP3jyJXxkXv1sah jkBP0bZYfWDHRxSdVBbNNn8q0mhuanycFhVuEiu+vmTPKRUTyODkAdAoi/TkY9Iq XD24clIrjY2xIDO3pKbDTJUZ86rHD0nepHdnnvN2rywyBd2VkJfJWGavqHgs61XX j9jX0nI4Wcm4nQKx37MBUwwN3oYeEKrzYQY3+AGVKQEWuULP4sWRKhxZaqclCbfd Cx/9gACwPEORU6bRXE/vzlxn7Ks6yf2tqgNAGCTrZgwW8q3SFNASHzaAM3EXz3w= =VNkV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa226.patch" Content-Disposition: attachment; filename="xsa226.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA0MDAyZWFiLi5hZjA3OWI0IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtODY4LDYgKzg2OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggYWUzNDU0Ny4uODcxMzFmOCAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50 czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpz KQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9 IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAg ICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAi bWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcg dmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAg ICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAg ICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAg ICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9v bCB2YWwgPSAhIXN0cm5jbXAocywgIm5vLSIsIDMpOworCisgICAgICAgICAg ICBpZiAoICF2YWwgKQorICAgICAgICAgICAgICAgIHMgKz0gMzsKKworICAg ICAgICAgICAgaWYgKCAhc3RyY21wKHMsICJ0cmFuc2l0aXZlIikgKQorICAg ICAgICAgICAgICAgIG9wdF90cmFuc2l0aXZlX2dyYW50cyA9IHZhbDsKKyAg ICAgICAgfQorCisgICAgICAgIHMgPSBzcyArIDE7CisgICAgfSB3aGlsZSAo IHNzICk7Cit9CisKK2N1c3RvbV9wYXJhbSgiZ250dGFiIiwgcGFyc2VfZ250 dGFiKTsKKwogLyogVGhlIG1heGltdW0gbnVtYmVyIG9mIGdyYW50IG1hcHBp bmdzIGlzIGRlZmluZWQgYXMgYSBtdWx0aXBsaWVyIG9mIHRoZQogICogbWF4 aW11bSBudW1iZXIgb2YgZ3JhbnQgdGFibGUgZW50cmllcy4gVGhpcyBkZWZp bmVzIHRoZSBtdWx0aXBsaWVyIHVzZWQuCiAgKiBQcmV0dHkgYXJiaXRyYXJ5 LiBbUE9MSUNZXQpAQCAtMjE5MSw2ICsyMjI3LDEwIEBAIF9fYWNxdWlyZV9n cmFudF9mb3JfY29weSgKICAgICAgICAgfQogICAgICAgICBlbHNlIGlmICgg KHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRp dmUgKQogICAgICAgICB7CisgICAgICAgICAgICBpZiAoICFvcHRfdHJhbnNp dGl2ZV9ncmFudHMgKQorICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnQgZGlzYWxsb3dlZCBi eSBwb2xpY3lcbiIpOworCiAgICAgICAgICAgICBpZiAoICFhbGxvd190cmFu c2l0aXZlICkKICAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0 X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAogICAgICAgICAgICAgICAg ICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5 IG5vdCBhbGxvd2VkXG4iKTsKQEAgLTMxNTksNyArMzE5OSwxMCBAQCBkb19n cmFudF90YWJsZV9vcCgKICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9zZXRf dmVyc2lvbjoKICAgICB7Ci0gICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJz aW9uKGd1ZXN0X2hhbmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9u X3QpKTsKKyAgICAgICAgaWYgKCBvcHRfZ250dGFiX21heF92ZXJzaW9uID09 IDEgKQorICAgICAgICAgICAgcmMgPSAtRU5PU1lTOyAvKiBCZWhhdmUgYXMg YmVmb3JlIHNldF92ZXJzaW9uIHdhcyBpbnRyb2R1Y2VkLiAqLworICAgICAg ICBlbHNlCisgICAgICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihn dWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7 CiAgICAgICAgIGJyZWFrOwogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX2dl dF9zdGF0dXNfZnJhbWVzOgo= --=separator Content-Type: application/octet-stream; name="xsa226-4.5.patch" Content-Disposition: attachment; filename="xsa226-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCAxNmJmYjM5Li4zOTM2MzE2IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNjYyLDYgKzY2MiwyMiBAQCBkb2VzIG5vdCBwcm92aWRlIFZNXF9FTlRS WVxfTE9BRFxfR1VFU1RcX1BBVC4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBh cmFtZXRlcnMgZm9yIHRoZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBg PSBMaXN0IG9mIFsgbWF4X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAK KworPiBEZWZhdWx0OiBgZ250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZl YAorCitDb250cm9sIHZhcmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFi bGUgYmVoYXZpb3VyIGF2YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92 ZXJgIFNlbGVjdCB0aGUgbWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRv IG9mZmVyIHRvIGd1ZXN0cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAy LgorKiBgdHJhbnNpdGl2ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ug b2YgdHJhbnNpdGl2ZSBncmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2Yg Z3JhbnQgdGFibGUgdjIgd2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBh biBBQkkgYnJlYWthZ2UgZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3 LgorCisqV2FybmluZzoqCitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBv cnQuCisKICMjIyBnbnR0YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2Vy PmAKIApkaWZmIC0tZ2l0IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIv eGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCmluZGV4IDgzYTRiOWUuLmM5YTZj ZDkgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysg Yi94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBA IGludGVnZXJfcGFyYW0oImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25y X2dyYW50X2ZyYW1lcyk7CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBt YXhfZ3JhbnRfZnJhbWVzOwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9m cmFtZXMiLCBtYXhfZ3JhbnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVk IGludCBfX3JlYWRfbW9zdGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAy Oworc3RhdGljIGJvb2xfdCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZl X2dyYW50czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihj aGFyICpzKQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAg ICBzcyA9IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAg ICAgICAgICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNt cChzLCAibWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAg IGxvbmcgdmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOwor CisgICAgICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAg ICAgICAgICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOwor ICAgICAgICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAg ICAgYm9vbF90IHZhbCA9ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAg ICAgICAgICAgIGlmICggIXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAz OworCisgICAgICAgICAgICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUi KSApCisgICAgICAgICAgICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0g dmFsOworICAgICAgICB9CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9 IHdoaWxlICggc3MgKTsKK30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBw YXJzZV9nbnR0YWIpOworCiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3Jh bnQgbWFwcGluZ3MgaXMgZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhl CiAgKiBtYXhpbXVtIG51bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBU aGlzIGRlZmluZXMgdGhlIG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBh cmJpdHJhcnkuIFtQT0xJQ1ldCkBAIC0xOTU4LDYgKzE5OTQsMTAgQEAgX19h Y3F1aXJlX2dyYW50X2Zvcl9jb3B5KAogICAgICAgICB0cmFuc19ncmVmID0g Z3JlZjsKICAgICAgICAgaWYgKCBzaGEyICYmIChzaGFoLT5mbGFncyAmIEdU Rl90eXBlX21hc2spID09IEdURl90cmFuc2l0aXZlICkKICAgICAgICAgewor ICAgICAgICAgICAgaWYgKCAhb3B0X3RyYW5zaXRpdmVfZ3JhbnRzICkKKyAg ICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRT VF9nZW5lcmFsX2Vycm9yLAorICAgICAgICAgICAgICAgICAgICAgICAgICJ0 cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93ZWQgYnkgcG9saWN5XG4iKTsKKwog ICAgICAgICAgICAgaWYgKCAhYWxsb3dfdHJhbnNpdGl2ZSApCiAgICAgICAg ICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2Vu ZXJhbF9lcnJvciwKICAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNp dGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3QgYWxsb3dlZFxuIik7 CkBAIC0yNzQxLDcgKzI3ODEsMTAgQEAgZG9fZ3JhbnRfdGFibGVfb3AoCiAg ICAgfQogICAgIGNhc2UgR05UVEFCT1Bfc2V0X3ZlcnNpb246CiAgICAgewot ICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihndWVzdF9oYW5kbGVf Y2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7CisgICAgICAgIGlm ICggb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9PSAxICkKKyAgICAgICAgICAg IHJjID0gLUVOT1NZUzsgLyogQmVoYXZlIGFzIGJlZm9yZSBzZXRfdmVyc2lv biB3YXMgaW50cm9kdWNlZC4gKi8KKyAgICAgICAgZWxzZQorICAgICAgICAg ICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vlc3RfaGFuZGxlX2Nhc3Qo dW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwogICAgICAgICBicmVhazsK ICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: application/octet-stream; name="xsa226-4.6.patch" Content-Disposition: attachment; filename="xsa226-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCBkOTlhMjBhLi4xMTNiYjI5IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzMzLDYgKzczMywyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBhcmFtZXRlcnMgZm9yIHRo ZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBgPSBMaXN0IG9mIFsgbWF4 X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAKKworPiBEZWZhdWx0OiBg Z250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZlYAorCitDb250cm9sIHZh cmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFibGUgYmVoYXZpb3VyIGF2 YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92ZXJgIFNlbGVjdCB0aGUg bWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRvIG9mZmVyIHRvIGd1ZXN0 cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAyLgorKiBgdHJhbnNpdGl2 ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ugb2YgdHJhbnNpdGl2ZSBn cmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2YgZ3JhbnQgdGFibGUgdjIg d2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBhbiBBQkkgYnJlYWthZ2Ug ZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3LgorCisqV2FybmluZzoq CitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0cmFuc2l0aXZlIGdyYW50 cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBvcnQuCisKICMjIyBnbnR0 YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2VyPmAKIApkaWZmIC0tZ2l0 IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIveGVuL2NvbW1vbi9ncmFu dF90YWJsZS5jCmluZGV4IDIwMjMwZmIuLjk4ODQ1YzQgMTAwNjQ0Ci0tLSBh L3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dy YW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBAIGludGVnZXJfcGFyYW0o ImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25yX2dyYW50X2ZyYW1lcyk7 CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBtYXhfZ3JhbnRfZnJhbWVz OwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9mcmFtZXMiLCBtYXhfZ3Jh bnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9z dGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAyOworc3RhdGljIGJvb2xf dCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50czsKKworc3Rh dGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpzKQoreworICAg IGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9IHN0cmNocihz LCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAgICAgICpzcyA9 ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAibWF4X3Zlcjoi LCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcgdmVyID0gc2lt cGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAgICAgICAgICBp ZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAgICAgICAgICBv cHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAgICB9CisgICAg ICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9vbF90IHZhbCA9 ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAgICAgICAgICAgIGlmICgg IXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAzOworCisgICAgICAgICAg ICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUiKSApCisgICAgICAgICAg ICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0gdmFsOworICAgICAgICB9 CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9IHdoaWxlICggc3MgKTsK K30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBwYXJzZV9nbnR0YWIpOwor CiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3JhbnQgbWFwcGluZ3MgaXMg ZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhlCiAgKiBtYXhpbXVtIG51 bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBUaGlzIGRlZmluZXMgdGhl IG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBhcmJpdHJhcnkuIFtQT0xJ Q1ldCkBAIC0yMTc1LDYgKzIyMTEsMTAgQEAgX19hY3F1aXJlX2dyYW50X2Zv cl9jb3B5KAogICAgICAgICB9CiAgICAgICAgIGVsc2UgaWYgKCAoc2hhaC0+ ZmxhZ3MgJiBHVEZfdHlwZV9tYXNrKSA9PSBHVEZfdHJhbnNpdGl2ZSApCiAg ICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW9wdF90cmFuc2l0aXZlX2dy YW50cyApCisgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9j bGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBkaXNhbGxvd2VkIGJ5IHBvbGlj eVxuIik7CisKICAgICAgICAgICAgIGlmICggIWFsbG93X3RyYW5zaXRpdmUg KQogICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRfY2xlYXIs IEdOVFNUX2dlbmVyYWxfZXJyb3IsCiAgICAgICAgICAgICAgICAgICAgICAg ICAgInRyYW5zaXRpdmUgZ3JhbnQgd2hlbiB0cmFuc2l0aXZpdHkgbm90IGFs bG93ZWRcbiIpOwpAQCAtMzE0Myw3ICszMTgzLDEwIEBAIGRvX2dyYW50X3Rh YmxlX29wKAogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX3NldF92ZXJzaW9u OgogICAgIHsKLSAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vl c3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwor ICAgICAgICBpZiAoIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPT0gMSApCisg ICAgICAgICAgICByYyA9IC1FTk9TWVM7IC8qIEJlaGF2ZSBhcyBiZWZvcmUg c2V0X3ZlcnNpb24gd2FzIGludHJvZHVjZWQuICovCisgICAgICAgIGVsc2UK KyAgICAgICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJzaW9uKGd1ZXN0X2hh bmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9uX3QpKTsKICAgICAg ICAgYnJlYWs7CiAgICAgfQogICAgIGNhc2UgR05UVEFCT1BfZ2V0X3N0YXR1 c19mcmFtZXM6Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.7.patch" Content-Disposition: attachment; filename="xsa226-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA3M2Y1MjY1Li5iNzkyYWJmIDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzU4LDYgKzc1OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggZjA2YjY2NC4uMTA5YzU1MiAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbF90IF9fcmVhZF9tb3N0bHkgb3B0X3RyYW5zaXRpdmVfZ3Jh bnRzOworCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfZ250dGFiKGNoYXIg KnMpCit7CisgICAgY2hhciAqc3M7CisKKyAgICBkbyB7CisgICAgICAgIHNz ID0gc3RyY2hyKHMsICcsJyk7CisgICAgICAgIGlmICggc3MgKQorICAgICAg ICAgICAgKnNzID0gJ1wwJzsKKworICAgICAgICBpZiAoICFzdHJuY21wKHMs ICJtYXhfdmVyOiIsIDgpICkKKyAgICAgICAgeworICAgICAgICAgICAgbG9u ZyB2ZXIgPSBzaW1wbGVfc3RydG9sKHMgKyA4LCBOVUxMLCAxMCk7CisKKyAg ICAgICAgICAgIGlmICggdmVyID49IDEgJiYgdmVyIDw9IDIgKQorICAgICAg ICAgICAgICAgIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSB2ZXI7CisgICAg ICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisgICAgICAgICAgICBi b29sX3QgdmFsID0gISFzdHJuY21wKHMsICJuby0iLCAzKTsKKworICAgICAg ICAgICAgaWYgKCAhdmFsICkKKyAgICAgICAgICAgICAgICBzICs9IDM7CisK KyAgICAgICAgICAgIGlmICggIXN0cmNtcChzLCAidHJhbnNpdGl2ZSIpICkK KyAgICAgICAgICAgICAgICBvcHRfdHJhbnNpdGl2ZV9ncmFudHMgPSB2YWw7 CisgICAgICAgIH0KKworICAgICAgICBzID0gc3MgKyAxOworICAgIH0gd2hp bGUgKCBzcyApOworfQorCitjdXN0b21fcGFyYW0oImdudHRhYiIsIHBhcnNl X2dudHRhYik7CisKIC8qIFRoZSBtYXhpbXVtIG51bWJlciBvZiBncmFudCBt YXBwaW5ncyBpcyBkZWZpbmVkIGFzIGEgbXVsdGlwbGllciBvZiB0aGUKICAq IG1heGltdW0gbnVtYmVyIG9mIGdyYW50IHRhYmxlIGVudHJpZXMuIFRoaXMg ZGVmaW5lcyB0aGUgbXVsdGlwbGllciB1c2VkLgogICogUHJldHR5IGFyYml0 cmFyeS4gW1BPTElDWV0KQEAgLTIxODgsNiArMjIyNCwxMCBAQCBfX2FjcXVp cmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgIH0KICAgICAgICAgZWxzZSBp ZiAoIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFu c2l0aXZlICkKICAgICAgICAgeworICAgICAgICAgICAgaWYgKCAhb3B0X3Ry YW5zaXRpdmVfZ3JhbnRzICkKKyAgICAgICAgICAgICAgICBQSU5fRkFJTCh1 bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAorICAgICAg ICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93 ZWQgYnkgcG9saWN5XG4iKTsKKwogICAgICAgICAgICAgaWYgKCAhYWxsb3df dHJhbnNpdGl2ZSApCiAgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2Nr X291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKICAgICAgICAgICAg ICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRp dml0eSBub3QgYWxsb3dlZFxuIik7CkBAIC0zMTU2LDcgKzMxOTYsMTAgQEAg ZG9fZ3JhbnRfdGFibGVfb3AoCiAgICAgfQogICAgIGNhc2UgR05UVEFCT1Bf c2V0X3ZlcnNpb246CiAgICAgewotICAgICAgICByYyA9IGdudHRhYl9zZXRf dmVyc2lvbihndWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVy c2lvbl90KSk7CisgICAgICAgIGlmICggb3B0X2dudHRhYl9tYXhfdmVyc2lv biA9PSAxICkKKyAgICAgICAgICAgIHJjID0gLUVOT1NZUzsgLyogQmVoYXZl IGFzIGJlZm9yZSBzZXRfdmVyc2lvbiB3YXMgaW50cm9kdWNlZC4gKi8KKyAg ICAgICAgZWxzZQorICAgICAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNp b24oZ3Vlc3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25f dCkpOwogICAgICAgICBicmVhazsKICAgICB9CiAgICAgY2FzZSBHTlRUQUJP UF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 15 12:07:01 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 12:07:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabf-0005yD-1i; Tue, 15 Aug 2017 12:05:59 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabd-0005wi-97; Tue, 15 Aug 2017 12:05:57 +0000 Received: from [85.158.137.68] by server-4.bemta-3.messagelabs.com id 28/DC-04533-4A3E2995; Tue, 15 Aug 2017 12:05:56 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrAKsWRWlGSWpSXmKPExsWS0XRdVXfx40m RBhP7BS1u3WxltljycTGLxaqrB1gdmD2O7v7NFMAYxZqZl5RfkcCaseDiDbaCj4UV88/PYG5g vJ7dxcjJISRwjlGiuduvi5ELyN7AKLHi6lsWkASzgKvEjX2b2SBsRYkL9xrA4rwCghInZz4Bs yUENCXuvFnFDmKLCBRJ7Dz3EsxmE9CTmHt2EhNEr6XE/ImnwOYIC6RKTFt1HWqOmUTvhm9gcR YBVYljJ/uYJzDyzEKyehaS1bOQrJ7FyAEU15RYv0sfwpSWWP6PA6JaXmL72znMELaVxNOTN9g hbHOJN39OsMBMnNL9ECpuLfHx8HSouIXE8dkP2DDV2EssOb4UaqaNxPsn7ezY1Lx4eYEJpubJ igsodi1gFFrFqFGcWlSWWqRrZKGXVJSZnlGSm5iZo2toYKyXm1pcnJiempOYVKyXnJ+7iREYt /UMDIw7GNtP+B1ilORgUhLlXXR2UqQQX1J+SmVGYnFGfFFpTmrxIUYZDg4lCd61D4FygkWp6a kVaZk5wAQCk5bg4FES4XV4BJTmLS5IzC3OTIdInWK059j1f80XJo4Nq9cDyWXrtwDJVxP+f2M SYsnLz0uVEud1B2kTAGnLKM2DGwpLeJcYZaWEeRkZGBiEeApSi3IzS1DlXzGKczAqCfO6gUzh ycwrgdv9CugsJqCzrrSDnVWSiJCSamA8Urr72Z2XuX6qKo456fM//bmp6fDql+8f+TW9mz0Ez 25I1LZaaiB//ajWcbv2+B7Vjxql6w/k+V/nKp5/Oe3sDUPt01Zt+t3BnLLqjn37rH9ffPiD5+ fWW76lN89L6ej1LJDjvFSvYyDatln8zw2dvh9zeRhaq8x+5aYvOLl+3aYdqn4/5PyVWIozEg2 1mIuKEwEZUyhlcwMAAA== X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-12.tower-31.messagelabs.com!1502798753!93280050!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 36980 invoked from network); 15 Aug 2017 12:05:54 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-12.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 12:05:54 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabV-00036X-FI; Tue, 15 Aug 2017 12:05:49 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhabV-0006du-B7; Tue, 15 Aug 2017 12:05:49 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 12:05:49 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 227 (CVE-2017-12137) - x86: PV privilege escalation via map_grant_ref X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12137 / XSA-227 version 3 x86: PV privilege escalation via map_grant_ref UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= When mapping a grant reference, a guest must inform Xen of where it would like the grant mapped. For PV guests, this is done by nominating an existing linear address, or an L1 pagetable entry, to be altered. Neither of these PV paths check for alignment of the passed parameter. The linear address path suitably truncates the linear address when calculating the L1 entry to use, but the path which uses a directly nominated L1 entry performs no checks. This causes Xen to make an incorrectly-aligned update to a pagetable, which corrupts both the intended entry and the subsequent entry with values which are largely guest controlled. If the misaligned value crosses a page boundary, then an arbitrary other heap page is corrupted. IMPACT ====== A PV guest can elevate its privilege to that of the host. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only x86 systems are vulnerable. Any system running untrusted PV guests is vulnerable. The vulnerability is exposed to PV stub qemu serving as the device model for HVM guests. Our default assumption is that an HVM guest has compromised its PV stub qemu. By extension, it is likely that the vulnerability is exposed to HVM guests which are served by a PV stub qemu. MITIGATION ========== Running only HVM guests, served by a dom0-based qemu, will avoid this vulnerability. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa227.patch xen-unstable, Xen 4.9.x, 4.8.x, 4.7.x xsa227-4.6.patch Xen 4.6.x xsa227-4.5.patch Xen 4.5.x $ sha256sum xsa227* c48cc3be47e81a4ceebcf60659b8755516c68916fc5150920ed42c6b61e3f219 xsa227.meta 9923a47e5f86949800887596f098954a08ef73a01d74b1dbe16cab2e6b1fabb2 xsa227.patch 6f83d0d9ff853192840d2b82d26d8fde21473bf4ac1441a153f3ee02efd1dd67 xsa227-4.5.patch 162b991b27b86f210089526a01cae715563d3a069c92f42538b423bba7709fcc xsa227-4.6.patch $ (The .meta file is a prototype machine-readable file for describing which patches are to be applied how.) DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkuNOAAoJEIP+FMlX6CvZ9wsH/3/DA8EENxPdhgoNEihvHgPP rquggFGcmgiJZyuy6+e3PZKUwQmUcVdPuVE5h+8NWYRCTjxa15LC/auAmkMHP170 f7nkSA6oU0zT1mxxqWWjht+CCJ56dmpJN+WGXQMasVEO9PLYR7gOxf90rqDuzqE8 zcQA4OyIOpsEH4Y2k2hjYFeLleWSLZKSPAy8fupZv34FakZDDLgxPMdWSrYQX/pP r2QmLoVk4pSQYZzy5aAZWgLugR+ewOmgYTntzGYSEB2VqEgl6vtA8STVqB5WsYZ4 eumUUZRBUeo9n2U9TgWPmKr5JtvC9w2/cjV6HysO5vUwuLJUICX25O9BE3VnBs0= =ulEd -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa227.meta" Content-Disposition: attachment; filename="xsa227.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMjcsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMjYKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTIyNy00LjUucGF0Y2gi CiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQu NiI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC42IiwKICAgICAgIlJlY2lw ZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYi OiAiZDcwOGI2OTVhMzZiNGZkY2Q4ZTQ4ZTZmYzhlNjExZTAxMGY1MjgwYiIs CiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2CiAgICAg ICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4 c2EyMjctNC42LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAg fQogICAgfSwKICAgICI0LjciOiB7CiAgICAgICJYZW5WZXJzaW9uIjogIjQu NyIsCiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAg ICAgICAiU3RhYmxlUmVmIjogIjRmYmZhMzRiMWEwYmIzMjlhYTU3Mjc1NDIx ZTJlOTAyN2QzMmFhZDUiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAg ICAgICAgIDIyNgogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjog WwogICAgICAgICAgICAieHNhMjI3LnBhdGNoIgogICAgICAgICAgXQogICAg ICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjgiOiB7CiAgICAgICJYZW5W ZXJzaW9uIjogIjQuOCIsCiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4 ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjFlNmM4OGZhZmNiNDY2 NGE1MDEyMzlkMWQ4NjY1YzM0YjUzODQ2NDgiLAogICAgICAgICAgIlByZXJl cXMiOiBbCiAgICAgICAgICAgIDIyNgogICAgICAgICAgXSwKICAgICAgICAg ICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjI3LnBhdGNoIgogICAg ICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjkiOiB7 CiAgICAgICJYZW5WZXJzaW9uIjogIjQuOSIsCiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjBm YWRhMDU5YTc5NDgxNTM5NzZjYzE1MmUzNjYzM2RlZTNkNWIyNzMiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIyNgogICAgICAgICAg XSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjI3 LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwK ICAgICJtYXN0ZXIiOiB7CiAgICAgICJYZW5WZXJzaW9uIjogIm1hc3RlciIs CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogIjU1OTI0YmFmMjIxMWRkY2Y1YmE4ZjcwMmM5YTRj MDc3MzBlMGM4ZTgiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAg ICAgIDIyNgogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwog ICAgICAgICAgICAieHNhMjI3LnBhdGNoIgogICAgICAgICAgXQogICAgICAg IH0KICAgICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa227.patch" Content-Disposition: attachment; filename="xsa227.patch" Content-Transfer-Encoding: base64 RnJvbSBmYTcyNjhiOTRmOGEwYTc3OTJlZTEyZDViOGUyM2E2MGU1MmEzYTg0 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUdWUsIDIwIEp1 biAyMDE3IDE5OjE4OjU0ICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L2dy YW50OiBEaXNhbGxvdyBtaXNhbGlnbmVkIFBURXMKClBhZ2V0YWJsZSBlbnRy aWVzIG11c3QgYmUgYWxpZ25lZCB0byBmdW5jdGlvbiBjb3JyZWN0bHkuICBE aXNhbGxvdyBhdHRlbXB0cwpmcm9tIHRoZSBndWVzdCB0byBoYXZlIGEgZ3Jh bnQgUFRFIGNyZWF0ZWQgYXQgYSBtaXNhbGlnbmVkIGFkZHJlc3MsIHdoaWNo CndvdWxkIHJlc3VsdCBpbiBjb3JydXB0aW9uIG9mIHRoZSBMMSB0YWJsZSB3 aXRoIGxhcmdlbHktZ3Vlc3QtY29udHJvbGxlZAp2YWx1ZXMuCgpUaGlzIGlz IFhTQS0yMjcKClNpZ25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gveDg2L21tLmMg fCAxMyArKysrKysrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgMTMgaW5zZXJ0 aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS5jIGIveGVu L2FyY2gveDg2L21tLmMKaW5kZXggOTdiM2I0Yi4uMDBmNTE3YSAxMDA2NDQK LS0tIGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21t LmMKQEAgLTM3NjMsNiArMzc2Myw5IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dy YW50X3B0ZV9tYXBwaW5nKAogICAgIGwxX3BnZW50cnlfdCBvbDFlOwogICAg IHN0cnVjdCBkb21haW4gKmQgPSB2LT5kb21haW47CiAKKyAgICBpZiAoICFJ U19BTElHTkVEKHB0ZV9hZGRyLCBzaXplb2YobmwxZSkpICkKKyAgICAgICAg cmV0dXJuIEdOVFNUX2dlbmVyYWxfZXJyb3I7CisKICAgICBhZGp1c3RfZ3Vl c3RfbDFlKG5sMWUsIGQpOwogCiAgICAgZ21mbiA9IHB0ZV9hZGRyID4+IFBB R0VfU0hJRlQ7CkBAIC0zODE5LDYgKzM4MjIsMTYgQEAgc3RhdGljIGludCBk ZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5nKAogICAgIHN0cnVjdCBwYWdlX2lu Zm8gKnBhZ2U7CiAgICAgbDFfcGdlbnRyeV90IG9sMWU7CiAKKyAgICAvKgor ICAgICAqIGFkZHIgY29tZXMgZnJvbSBYZW4ncyBhY3RpdmVfZW50cnkgdHJh Y2tpbmcgc28gaXNuJ3QgZ3Vlc3QgY29udHJvbGxlZCwKKyAgICAgKiBidXQg aXQgaGFkIHN0aWxsIGJldHRlciBiZSBQVEUtYWxpZ25lZC4KKyAgICAgKi8K KyAgICBpZiAoICFJU19BTElHTkVEKGFkZHIsIHNpemVvZihvbDFlKSkgKQor ICAgIHsKKyAgICAgICAgQVNTRVJUX1VOUkVBQ0hBQkxFKCk7CisgICAgICAg IHJldHVybiBHTlRTVF9nZW5lcmFsX2Vycm9yOworICAgIH0KKwogICAgIGdt Zm4gPSBhZGRyID4+IFBBR0VfU0hJRlQ7CiAgICAgcGFnZSA9IGdldF9wYWdl X2Zyb21fZ2ZuKGQsIGdtZm4sIE5VTEwsIFAyTV9BTExPQyk7CiAKLS0gCjIu MS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa227-4.5.patch" Content-Disposition: attachment; filename="xsa227-4.5.patch" Content-Transfer-Encoding: base64 RnJvbSAzYWFiODgxYzczMzFjZjkzZmZkOGQyZjJkZDlhZGZkMThlZDRmYzk5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUdWUsIDIwIEp1 biAyMDE3IDE5OjE4OjU0ICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L2dy YW50OiBEaXNhbGxvdyBtaXNhbGlnbmVkIFBURXMKClBhZ2V0YWJsZSBlbnRy aWVzIG11c3QgYmUgYWxpZ25lZCB0byBmdW5jdGlvbiBjb3JyZWN0bHkuICBE aXNhbGxvdyBhdHRlbXB0cwpmcm9tIHRoZSBndWVzdCB0byBoYXZlIGEgZ3Jh bnQgUFRFIGNyZWF0ZWQgYXQgYSBtaXNhbGlnbmVkIGFkZHJlc3MsIHdoaWNo CndvdWxkIHJlc3VsdCBpbiBjb3JydXB0aW9uIG9mIHRoZSBMMSB0YWJsZSB3 aXRoIGxhcmdlbHktZ3Vlc3QtY29udHJvbGxlZAp2YWx1ZXMuCgpUaGlzIGlz IFhTQS0yMjcKClNpZ25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gveDg2L21tLmMg ICAgICAgIHwgMTMgKysrKysrKysrKysrKwogeGVuL2luY2x1ZGUveGVuL2Nv bmZpZy5oIHwgIDIgKysKIDIgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9u cygrKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS5jIGIveGVuL2Fy Y2gveDg2L21tLmMKaW5kZXggNzBiZjUyZjYwYS4uNzBkZmVjNWFmMSAxMDA2 NDQKLS0tIGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2 L21tLmMKQEAgLTM3ODEsNiArMzc4MSw5IEBAIHN0YXRpYyBpbnQgY3JlYXRl X2dyYW50X3B0ZV9tYXBwaW5nKAogICAgIGwxX3BnZW50cnlfdCBvbDFlOwog ICAgIHN0cnVjdCBkb21haW4gKmQgPSB2LT5kb21haW47CiAKKyAgICBpZiAo ICFJU19BTElHTkVEKHB0ZV9hZGRyLCBzaXplb2YobmwxZSkpICkKKyAgICAg ICAgcmV0dXJuIEdOVFNUX2dlbmVyYWxfZXJyb3I7CisKICAgICBhZGp1c3Rf Z3Vlc3RfbDFlKG5sMWUsIGQpOwogCiAgICAgZ21mbiA9IHB0ZV9hZGRyID4+ IFBBR0VfU0hJRlQ7CkBAIC0zODM4LDYgKzM4NDEsMTYgQEAgc3RhdGljIGlu dCBkZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5nKAogICAgIHN0cnVjdCBwYWdl X2luZm8gKnBhZ2U7CiAgICAgbDFfcGdlbnRyeV90IG9sMWU7CiAKKyAgICAv KgorICAgICAqIGFkZHIgY29tZXMgZnJvbSBYZW4ncyBhY3RpdmVfZW50cnkg dHJhY2tpbmcgc28gaXNuJ3QgZ3Vlc3QgY29udHJvbGxlZCwKKyAgICAgKiBi dXQgaXQgaGFkIHN0aWxsIGJldHRlciBiZSBQVEUtYWxpZ25lZC4KKyAgICAg Ki8KKyAgICBpZiAoICFJU19BTElHTkVEKGFkZHIsIHNpemVvZihvbDFlKSkg KQorICAgIHsKKyAgICAgICAgQVNTRVJUX1VOUkVBQ0hBQkxFKCk7CisgICAg ICAgIHJldHVybiBHTlRTVF9nZW5lcmFsX2Vycm9yOworICAgIH0KKwogICAg IGdtZm4gPSBhZGRyID4+IFBBR0VfU0hJRlQ7CiAgICAgcGFnZSA9IGdldF9w YWdlX2Zyb21fZ2ZuKGQsIGdtZm4sIE5VTEwsIFAyTV9BTExPQyk7CiAKZGlm ZiAtLWdpdCBhL3hlbi9pbmNsdWRlL3hlbi9jb25maWcuaCBiL3hlbi9pbmNs dWRlL3hlbi9jb25maWcuaAppbmRleCA3YmVmOGE2NDhkLi5hM2FhMWQ0ODMy IDEwMDY0NAotLS0gYS94ZW4vaW5jbHVkZS94ZW4vY29uZmlnLmgKKysrIGIv eGVuL2luY2x1ZGUveGVuL2NvbmZpZy5oCkBAIC04Miw2ICs4Miw4IEBACiAK ICNlbmRpZiAvKiAhX19BU1NFTUJMWV9fICovCiAKKyNkZWZpbmUgSVNfQUxJ R05FRCh2YWwsIGFsaWduKSAoKCh2YWwpICYgKChhbGlnbikgLSAxKSkgPT0g MCkKKwogI2RlZmluZSBfX1NUUiguLi4pICNfX1ZBX0FSR1NfXwogI2RlZmlu ZSBTVFIoLi4uKSBfX1NUUihfX1ZBX0FSR1NfXykKIAotLSAKMi4xMy4yCgo= --=separator Content-Type: application/octet-stream; name="xsa227-4.6.patch" Content-Disposition: attachment; filename="xsa227-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSA2OTdlZGM0MTQzNTJlODlmMjljYTNkZTc0NGE3NmMxNjI1YzA0NjZj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUdWUsIDIwIEp1 biAyMDE3IDE5OjE4OjU0ICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L2dy YW50OiBEaXNhbGxvdyBtaXNhbGlnbmVkIFBURXMKClBhZ2V0YWJsZSBlbnRy aWVzIG11c3QgYmUgYWxpZ25lZCB0byBmdW5jdGlvbiBjb3JyZWN0bHkuICBE aXNhbGxvdyBhdHRlbXB0cwpmcm9tIHRoZSBndWVzdCB0byBoYXZlIGEgZ3Jh bnQgUFRFIGNyZWF0ZWQgYXQgYSBtaXNhbGlnbmVkIGFkZHJlc3MsIHdoaWNo CndvdWxkIHJlc3VsdCBpbiBjb3JydXB0aW9uIG9mIHRoZSBMMSB0YWJsZSB3 aXRoIGxhcmdlbHktZ3Vlc3QtY29udHJvbGxlZAp2YWx1ZXMuCgpUaGlzIGlz IFhTQS0yMjcKClNpZ25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBKYW4gQmV1bGlj aCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gveDg2L21tLmMg ICAgICAgIHwgMTMgKysrKysrKysrKysrKwogeGVuL2luY2x1ZGUveGVuL2Nv bmZpZy5oIHwgIDIgKysKIDIgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9u cygrKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS5jIGIveGVuL2Fy Y2gveDg2L21tLmMKaW5kZXggMjEzYjUyYS4uM2JmNzI4YiAxMDA2NDQKLS0t IGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21tLmMK QEAgLTM4NzgsNiArMzg3OCw5IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dyYW50 X3B0ZV9tYXBwaW5nKAogICAgIGwxX3BnZW50cnlfdCBvbDFlOwogICAgIHN0 cnVjdCBkb21haW4gKmQgPSB2LT5kb21haW47CiAKKyAgICBpZiAoICFJU19B TElHTkVEKHB0ZV9hZGRyLCBzaXplb2YobmwxZSkpICkKKyAgICAgICAgcmV0 dXJuIEdOVFNUX2dlbmVyYWxfZXJyb3I7CisKICAgICBhZGp1c3RfZ3Vlc3Rf bDFlKG5sMWUsIGQpOwogCiAgICAgZ21mbiA9IHB0ZV9hZGRyID4+IFBBR0Vf U0hJRlQ7CkBAIC0zOTM1LDYgKzM5MzgsMTYgQEAgc3RhdGljIGludCBkZXN0 cm95X2dyYW50X3B0ZV9tYXBwaW5nKAogICAgIHN0cnVjdCBwYWdlX2luZm8g KnBhZ2U7CiAgICAgbDFfcGdlbnRyeV90IG9sMWU7CiAKKyAgICAvKgorICAg ICAqIGFkZHIgY29tZXMgZnJvbSBYZW4ncyBhY3RpdmVfZW50cnkgdHJhY2tp bmcgc28gaXNuJ3QgZ3Vlc3QgY29udHJvbGxlZCwKKyAgICAgKiBidXQgaXQg aGFkIHN0aWxsIGJldHRlciBiZSBQVEUtYWxpZ25lZC4KKyAgICAgKi8KKyAg ICBpZiAoICFJU19BTElHTkVEKGFkZHIsIHNpemVvZihvbDFlKSkgKQorICAg IHsKKyAgICAgICAgQVNTRVJUX1VOUkVBQ0hBQkxFKCk7CisgICAgICAgIHJl dHVybiBHTlRTVF9nZW5lcmFsX2Vycm9yOworICAgIH0KKwogICAgIGdtZm4g PSBhZGRyID4+IFBBR0VfU0hJRlQ7CiAgICAgcGFnZSA9IGdldF9wYWdlX2Zy b21fZ2ZuKGQsIGdtZm4sIE5VTEwsIFAyTV9BTExPQyk7CiAKZGlmZiAtLWdp dCBhL3hlbi9pbmNsdWRlL3hlbi9jb25maWcuaCBiL3hlbi9pbmNsdWRlL3hl bi9jb25maWcuaAppbmRleCBmNzI1OGM3Li5kZWQ4MTU2IDEwMDY0NAotLS0g YS94ZW4vaW5jbHVkZS94ZW4vY29uZmlnLmgKKysrIGIveGVuL2luY2x1ZGUv eGVuL2NvbmZpZy5oCkBAIC03Miw2ICs3Miw4IEBACiAjZGVmaW5lIE1CKF9t YikgICAgIChfQUMoX21iLCBVTEwpIDw8IDIwKQogI2RlZmluZSBHQihfZ2Ip ICAgICAoX0FDKF9nYiwgVUxMKSA8PCAzMCkKIAorI2RlZmluZSBJU19BTElH TkVEKHZhbCwgYWxpZ24pICgoKHZhbCkgJiAoKGFsaWduKSAtIDEpKSA9PSAw KQorCiAjZGVmaW5lIF9fU1RSKC4uLikgI19fVkFfQVJHU19fCiAjZGVmaW5l IFNUUiguLi4pIF9fU1RSKF9fVkFfQVJHU19fKQogCi0tIAoyLjEuNAoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 15 12:07:01 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 12:07:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabv-0006AM-1X; Tue, 15 Aug 2017 12:06:15 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabt-000695-PS; Tue, 15 Aug 2017 12:06:13 +0000 Received: from [85.158.137.68] by server-7.bemta-3.messagelabs.com id 98/E7-02177-4B3E2995; Tue, 15 Aug 2017 12:06:12 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRWlGSWpSXmKPExsWS0XRdVXfz40m RBtPvilncutnKbLHk42IWi1VXD7A6MHsc3f2bKYAxijUzLym/IoE1Y8u07+wFmy0rehbMY2lg XGrSxcjFISRwjlHi8Nx+NghnA6PE5ra57F2MnBzMAq4SN/ZtZoOwFSUu3GtgAbF5BQQlTs58A mZLCGhK3HmzCqxeRKBIYue5l2A2m4CexNyzk5ggei0l5k88BTZHWCBD4nLPJDaIOWYSezr2g8 1hEVCVmNq6gn0CI88sJKtnIVk9C8nqWYwcQHFNifW79CFMaYnl/zggquUltr+dwwxhW0vcnra FFcK2kJg0+SI7zMQp3Q/ZFzByrmJUL04tKkst0jXXSyrKTM8oyU3MzNE1NDDWy00tLk5MT81J TCrWS87P3cQIDG8GINjB2Pjd6RCjJAeTkijvorOTIoX4kvJTKjMSizPii0pzUosPMcpwcChJ8 Ho+AsoJFqWmp1akZeYAIw0mLcHBoyTCG/gQKM1bXJCYW5yZDpE6xejKsev/mi9MHBtWrweSd/ o2AMll67cAyVcT/n9jEmLJy89LlRLndQeZLQDSnFGaBzcaliQuMcpKCfMyAh0rxFOQWpSbWYI q/4pRnINRSZj3IsgJPJl5JXAXvAI6jgnouCvtYMeVJCKkpBoYnb3kheYmHQxym5B39eC8o8qP i1+rZ29bLhGw+45B6S5xwyTTD5fneCwzPJnVXzf/bvXz+UzfS7ebW4Svqm75M/UFz/f3tUFba udq13W+ZTYUY0p742ymzzkl74DmtKM2e3KqXCdK/tg0ZcMp5937Aux4j91LuN5eVfP3qvO0eS JFdwul7v3crsRSnJFoqMVcVJwIAP++SA4NAwAA X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-5.tower-31.messagelabs.com!1502798770!106848456!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30678 invoked from network); 15 Aug 2017 12:06:11 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-5.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 12:06:11 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhabd-00037N-Pb; Tue, 15 Aug 2017 12:05:57 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhabd-0006gl-Oo; Tue, 15 Aug 2017 12:05:57 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 12:05:57 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12134 / XSA-229 version 3 linux: Fix Xen block IO merge-ability calculation UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The block layer in Linux may choose to merge adjacent block IO requests. When Linux is running as a Xen guest, the default merging algorithm is replaced with a Xen-specific one. When Linux is running as an x86 PV guest, some BIO's are erroneously merged, corrupting the data stream to/from the block device. This can result in incorrect access to an uncontrolled adjacent frame. IMPACT ====== A buggy or malicious guest can cause Linux to read or write incorrect memory when processing a block stream. This could leak information from other guests in the system or from Xen itself, or be used to DoS or escalate privilege within the system. VULNERABLE SYSTEMS ================== All x86 Xen systems using pvops Linux in a backend role (either as dom0, or as a disk device driver domain) are affected. This includes upstream Linux versions 2.6.37 and later. Systems using the older classic-linux fork are not affected. All PV x86 domains doing block IO on behalf of a guest, including dom0 and any PV driver domains, are vulnerable. (Any HVM driver domains running are not vulnerable.) This includes Xen vbd backends such as blkback, but also direct IO performed for the guest via eg qemu. ARM systems are not affected. The vulnerability is only exposed if the underlying block device has request merging enabled. See Mitigation. The vulnerability is only exposed to configurations which use grant mapping as a transport mechanism for the block data. Configurations which use exclusively grant copy are not vulnerable. MITIGATION ========== Disable bio merges on all relevant underlying backend block devices. For example, echo 2 > /sys/block/nvme0n1/queue/nomerges CREDITS ======= This issue was discovered by Jan H. Schönherr of Amazon. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa229.patch Linux $ sha256sum xsa229* 5f96c72c8c5a971d52f5540475a3fc6f4fef2071ec772ef21392fdc238eda858 xsa229.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkuNWAAoJEIP+FMlX6CvZBt4H/3tpKPBmzTaI5yKPdBf6wU7L hjmKG6QROeWV+EX3wmmmRi+iG0M90hDYFCTmhdNY4sjCdDEFDMB1KM8XA/LwHlz2 3gX6TVKQ/cXQRJFhlWSZQUDDd5jPqZzDK7KnhS2DC+MjnKvnnuS6N2ibIfaHJmUG HL6VdS7GZ8Z434mgOZskWPFn5xeaWd1vXGV+GI9Ih2RRn/axe6l0RSzgDpfeGB3T hVRQdy9wW4aXrnnUXEuuz5JNlTU1fuGXGz7W5BDP8mu9l/dzmDye6NOgVqo5wAkz +l/fRbFrjdO9JnKDpASDjGuoOCZgkBBxmG2wUz8COi6JTA5X0IRysG5OMOYZ/KU= =lyzV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa229.patch" Content-Disposition: attachment; filename="xsa229.patch" Content-Transfer-Encoding: base64 RnJvbSA4NDg4MjEzM2U3OTMyOTlmNjg1OTkxZTIwYTk2MzFhY2ZkMGE1NjA4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBSb2dlciBQYXUgTW9u bmUgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDE4IEp1bCAy MDE3IDE1OjAxOjAwICswMTAwClN1YmplY3Q6IHhlbjogZml4IGJpbyB2ZWMg bWVyZ2luZwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRleHQv cGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu ZzogOGJpdAoKVGhlIGN1cnJlbnQgdGVzdCBmb3IgYmlvIHZlYyBtZXJnaW5n IGlzIG5vdCBmdWxseSBhY2N1cmF0ZSBhbmQgY2FuIGJlCnRyaWNrZWQgaW50 byBtZXJnaW5nIGJpb3Mgd2hlbiBjZXJ0YWluIGdyYW50IGNvbWJpbmF0aW9u cyBhcmUgdXNlZC4KVGhlIHJlc3VsdCBvZiB0aGVzZSBtYWxpY2lvdXMgYmlv IG1lcmdlcyBpcyBhIGJpbyB0aGF0IGV4dGVuZHMgcGFzdAp0aGUgbWVtb3J5 IHBhZ2UgdXNlZCBieSBhbnkgb2YgdGhlIG9yaWdpbmF0aW5nIGJpb3MuCgpU YWtlIGludG8gYWNjb3VudCB0aGUgZm9sbG93aW5nIHNjZW5hcmlvLCB3aGVy ZSBhIGd1ZXN0IGNyZWF0ZXMgdHdvCmdyYW50IHJlZmVyZW5jZXMgdGhhdCBw b2ludCB0byB0aGUgc2FtZSBtZm4sIGllOiBncmFudCAxIC0+IG1mbiBBLApn cmFudCAyIC0+IG1mbiBBLgoKVGhlc2UgcmVmZXJlbmNlcyBhcmUgdGhlbiB1 c2VkIGluIGEgUFYgYmxvY2sgcmVxdWVzdCwgYW5kIG1hcHBlZCBieQp0aGUg YmFja2VuZCBkb21haW4sIHRodXMgb2J0YWluaW5nIHR3byBkaWZmZXJlbnQg cGZucyB0aGF0IHBvaW50IHRvCnRoZSBzYW1lIG1mbiwgcGZuIEIgLT4gbWZu IEEsIHBmbiBDIC0+IG1mbiBBLgoKSWYgdGhvc2UgZ3JhbnRzIGhhcHBlbiB0 byBiZSB1c2VkIGluIHR3byBjb25zZWN1dGl2ZSBzZWN0b3JzIG9mIGEgZGlz awpJTyBvcGVyYXRpb24gYmVjb21pbmcgdHdvIGRpZmZlcmVudCBiaW9zIGlu IHRoZSBiYWNrZW5kIGRvbWFpbiwgdGhlCmNoZWNrcyBpbiB4ZW5fYmlvdmVj X3BoeXNfbWVyZ2VhYmxlIHdpbGwgc3VjY2VlZCwgYmVjYXVzZSBiZm4xID09 IGJmbjIKKHRoZXkgYm90aCBwb2ludCB0byB0aGUgc2FtZSBtZm4pLiBIb3dl dmVyIGR1ZSB0byB0aGUgYmlvIG1lcmdpbmcsCnRoZSBiYWNrZW5kIGRvbWFp biB3aWxsIGVuZCB1cCB3aXRoIGEgYmlvIHRoYXQgZXhwYW5kcyBwYXN0IG1m biBBIGludG8KbWZuIEEgKyAxLgoKRml4IHRoaXMgYnkgbWFraW5nIHN1cmUg dGhlIGNoZWNrIGluIHhlbl9iaW92ZWNfcGh5c19tZXJnZWFibGUgdGFrZXMK aW50byBhY2NvdW50IHRoZSBvZmZzZXQgYW5kIHRoZSBsZW5ndGggb2YgdGhl IGJpbywgdGhpcyBiYXNpY2FsbHkKcmVwbGljYXRlcyB3aGF0cyBkb25lIGlu IF9fQklPVkVDX1BIWVNfTUVSR0VBQkxFIHVzaW5nIG1mbnMgKGJ1cwphZGRy ZXNzZXMpLiBXaGlsZSB0aGVyZSBhbHNvIHJlbW92ZSB0aGUgdXNhZ2Ugb2YK X19CSU9WRUNfUEhZU19NRVJHRUFCTEUsIHNpbmNlIHRoYXQncyBhbHJlYWR5 IGNoZWNrZWQgYnkgdGhlIGNhbGxlcnMKb2YgeGVuX2Jpb3ZlY19waHlzX21l cmdlYWJsZS4KClJlcG9ydGVkLWJ5OiAiSmFuIEguIFNjaMO2bmhlcnIiIDxq c2Nob2VuaEBhbWF6b24uZGU+ClNpZ25lZC1vZmYtYnk6IFJvZ2VyIFBhdSBN b25u6SA8cm9nZXIucGF1QGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBKdWVy Z2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+Ci0tLQogZHJpdmVycy94ZW4v YmlvbWVyZ2UuYyB8IDMgKy0tCiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRp b24oKyksIDIgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJpdmVycy94 ZW4vYmlvbWVyZ2UuYyBiL2RyaXZlcnMveGVuL2Jpb21lcmdlLmMKaW5kZXgg NGRhNjlkYmY3ZGNhLi4xYmRkMDJhNmQ2YWMgMTAwNjQ0Ci0tLSBhL2RyaXZl cnMveGVuL2Jpb21lcmdlLmMKKysrIGIvZHJpdmVycy94ZW4vYmlvbWVyZ2Uu YwpAQCAtMTAsOCArMTAsNyBAQCBib29sIHhlbl9iaW92ZWNfcGh5c19tZXJn ZWFibGUoY29uc3Qgc3RydWN0IGJpb192ZWMgKnZlYzEsCiAJdW5zaWduZWQg bG9uZyBiZm4xID0gcGZuX3RvX2JmbihwYWdlX3RvX3Bmbih2ZWMxLT5idl9w YWdlKSk7CiAJdW5zaWduZWQgbG9uZyBiZm4yID0gcGZuX3RvX2JmbihwYWdl X3RvX3Bmbih2ZWMyLT5idl9wYWdlKSk7CiAKLQlyZXR1cm4gX19CSU9WRUNf UEhZU19NRVJHRUFCTEUodmVjMSwgdmVjMikgJiYKLQkJKChiZm4xID09IGJm bjIpIHx8ICgoYmZuMSsxKSA9PSBiZm4yKSk7CisJcmV0dXJuIGJmbjEgKyBQ Rk5fRE9XTih2ZWMxLT5idl9vZmZzZXQgKyB2ZWMxLT5idl9sZW4pID09IGJm bjI7CiAjZWxzZQogCS8qCiAJICogWFhYOiBBZGQgc3VwcG9ydCBmb3IgbWVy Z2luZyBiaW9fdmVjIHdoZW4gdXNpbmcgZGlmZmVyZW50IHBhZ2UKLS0gCjIu MTEuMCAoQXBwbGUgR2l0LTgxKQoK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 15 13:51:10 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Aug 2017 13:51:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhcEK-0003PK-Cb; Tue, 15 Aug 2017 13:50:00 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhcEI-0003OY-PE; Tue, 15 Aug 2017 13:49:58 +0000 Received: from [85.158.139.211] by server-16.bemta-5.messagelabs.com id CC/4D-01712-50CF2995; Tue, 15 Aug 2017 13:49:57 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIKsWRWlGSWpSXmKPExsWS0XRdVZf5z6R IgyXXDC1u3WxltljycTGLxaqrB1gdmD2O7v7NFMAYxZqZl5RfkcCasfZyN3PBC7uKO91HmRoY t1p1MXJxCAmcY5S417uQDcLZwCix6PAGli5GTg5mAVeJG/s2s0HYihIX7jWAxXkFBCVOznwCZ ksIaErcebOKHcQWESiS2HnuJZjNJqAnMffsJCaIXkuJ+RNPgc0RFqiRmHKijxVijpnE41ePwe pZBFQl3nT8ZprAyDMLyepZSFbPQrJ6FiMHUFxTYv0ufQhTWmL5Pw6IanmJ7W/nMEOErSS+bOC DMM0ljs5zh5k3pfshO4RtLbHp60yoPRYSazbtYERWs4CRZxWjRnFqUVlqka6RhV5SUWZ6Rklu YmaOrqGBqV5uanFxYnpqTmJSsV5yfu4mRmCU1DMwMO5g7Fvld4hRkoNJSZR30dlJkUJ8Sfkpl RmJxRnxRaU5qcWHGGU4OJQkeC/9AsoJFqWmp1akZeYA4xUmLcHBoyTC+xYkzVtckJhbnJkOkT rFaMmx6/+aL0wcy9ZvAZKvJvz/xiTEkpeflyolzpsB0iAA0pBRmgc3DpZSLjHKSgnzMjIwMAj xFKQW5WaWoMq/YhTnYFQS5n0HMoUnM68EbusroIOYgA660g52UEkiQkqqgTHW+dpiZ4Ygttr7 Bqd5j25yWCk3V1ROzLl3944P9peZP891bD/5xKNtx4K5f+/KPn3K9WlypOKhRz3Kgt15zNW5b H/W8No12mrmv3jbKRRsLfXjjbfw/qzFfzfyJUmX1Dp8VjlSxBJ/4rDN9OVrirM2Hn7pN4GJfc /Px3uFla8rFntM9547LVGJpTgj0VCLuag4EQA6DMZtJAMAAA== X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-14.tower-206.messagelabs.com!1502804994!68537286!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 26486 invoked from network); 15 Aug 2017 13:49:55 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-14.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 15 Aug 2017 13:49:55 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhcE0-0005v2-MS; Tue, 15 Aug 2017 13:49:40 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dhcE0-0007WU-Le; Tue, 15 Aug 2017 13:49:40 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 15 Aug 2017 13:49:40 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 230 (CVE-2017-12855) - grant_table: possibly premature clearing of GTF_writing / GTF_reading X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12855 / XSA-230 version 3 grant_table: possibly premature clearing of GTF_writing / GTF_reading UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. IMPACT ====== A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. VULNERABLE SYSTEMS ================== All systems are vulnerable. MITIGATION ========== There are no mitigations. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa230.patch xen-unstable, 4.9, 4.8, 4.7, 4.6, 4.5 $ sha256sum xsa230* 912c24771dc9e9b305be630b7771505abb3db735564c5574fc30b58a5da0139e xsa230.meta 77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc xsa230.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html NOTE REGARDING SHORT EMBARGO ============================ This issue was discovered while investigating problems with the initial version of XSA-226. Accordingly, XSA-230 is embargoed and the embargo will end at the same time as that of XSA-226. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZkvttAAoJEIP+FMlX6CvZBX4H/j68Tf+YJYNV6coTx6/Ag0wo WVRepDbj/WTfpY4lT3SL57dpyhnfDNUgUaMkNfEUU9GV9FGtYEChHtQ3kDh9PvVG ifZgyHxJnRgZY3Mr12FcevyevyPpluMFHZ7RzCl6hVXgekd2+YZOnSbY/FYPhvuh Chzv2HUUMY/5Yt3HkbTgez3vRIxQW74TjERIqGx6y0bD3z+NYmOtmzeYcyUGsUBL sf+QnBH6/bjZjiycojK7LEb4u032Kgws0lXABIypql7D8YlVH75ZOxxWxV1TmerR Alc71JR+22ze76Tz0C4b0rafNv3xmn3o/0qoGQWo+7/o01Eg6XHuN9nn78bz2tw= =x4fa -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa230.meta" Content-Disposition: attachment; filename="xsa230.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzAsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMjYsCiAgICAgICAgICAgIDIyNwogICAg ICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNo IiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuNiI6IHsKICAg ICAgIlhlblZlcnNpb24iOiAiNC42IiwKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZDcwOGI2 OTVhMzZiNGZkY2Q4ZTQ4ZTZmYzhlNjExZTAxMGY1MjgwYiIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAogICAgICAgICAgICAy MjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwKICAgICAgICAgICJQ YXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9 CiAgICB9LAogICAgIjQuNyI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC43 IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAg ICAgICJTdGFibGVSZWYiOiAiNGZiZmEzNGIxYTBiYjMyOWFhNTcyNzU0MjFl MmU5MDI3ZDMyYWFkNSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAg ICAgICAgMjI2LAogICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIyOAog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBh dGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuOCI6IHsK ICAgICAgIlhlblZlcnNpb24iOiAiNC44IiwKICAgICAgIlJlY2lwZXMiOiB7 CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiMWU2 Yzg4ZmFmY2I0NjY0YTUwMTIzOWQxZDg2NjVjMzRiNTM4NDY0OCIsCiAgICAg ICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAogICAgICAgICAg ICAyMjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwKICAgICAgICAg ICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAgICAgfQogICAg ICB9CiAgICB9LAogICAgIjQuOSI6IHsKICAgICAgIlhlblZlcnNpb24iOiAi NC45IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAg ICAgICAgICJTdGFibGVSZWYiOiAiMGZhZGEwNTlhNzk0ODE1Mzk3NmNjMTUy ZTM2NjMzZGVlM2Q1YjI3MyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAg ICAgICAgICAgMjI2LAogICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIy OAogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMw LnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIm1hc3Rl ciI6IHsKICAgICAgIlhlblZlcnNpb24iOiAibWFzdGVyIiwKICAgICAgIlJl Y2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVS ZWYiOiAiNTU5MjRiYWYyMjExZGRjZjViYThmNzAyYzlhNGMwNzczMGUwYzhl OCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjI2LAog ICAgICAgICAgICAyMjcsCiAgICAgICAgICAgIDIyOAogICAgICAgICAgXSwK ICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMwLnBhdGNoIiBdCiAgICAg ICAgfQogICAgICB9CiAgICB9CiAgfQp9 --=separator Content-Type: application/octet-stream; name="xsa230.patch" Content-Disposition: attachment; filename="xsa230.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGNvcnJlY3QgcGluIHN0YXR1cyBmaXh1cCBmb3IgY29weQoK UmVnYXJkbGVzcyBvZiBjb3B5IG9wZXJhdGlvbnMgb25seSBzZXR0aW5nIEdO VFBJTl9oc3QqLCBHTlRQSU5fZGV2KgphbHNvIG5lZWQgdG8gYmUgdGFrZW4g aW50byBhY2NvdW50IHdoZW4gZGVjaWRpbmcgd2hldGhlciB0byBjbGVhcgpf R1RGX3tyZWFkLHdyaXR9aW5nLiBBdCBsZWFzdCBmb3IgY29uc2lzdGVuY3kg d2l0aCBjb2RlIGVsc2V3aGVyZSB0aGUKcmVhZCBwYXJ0IGJldHRlciBkb2Vz bid0IHVzZSBhbnkgbWFzayBhdCBhbGwuCgpUaGlzIGlzIFhTQS0yMzAuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpkaWZmIC0tZ2l0IGEveGVuL2NvbW1vbi9ncmFudF90YWJs ZS5jIGIveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCmluZGV4IGFlMzQ1NDcu LjljOWQzM2MgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUu YworKysgYi94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKQEAgLTIxMDcsMTAg KzIxMDcsMTAgQEAgX19yZWxlYXNlX2dyYW50X2Zvcl9jb3B5KAogc3RhdGlj IHZvaWQgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGNvbnN0IHN0cnVj dCBhY3RpdmVfZ3JhbnRfZW50cnkgKmFjdCwKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdWludDE2X3QgKnN0YXR1cykKIHsKLSAgICBp ZiAoICEoYWN0LT5waW4gJiBHTlRQSU5faHN0d19tYXNrKSApCisgICAgaWYg KCAhKGFjdC0+cGluICYgKEdOVFBJTl9oc3R3X21hc2sgfCBHTlRQSU5fZGV2 d19tYXNrKSkgKQogICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3dy aXRpbmcsIHN0YXR1cyk7CiAKLSAgICBpZiAoICEoYWN0LT5waW4gJiBHTlRQ SU5faHN0cl9tYXNrKSApCisgICAgaWYgKCAhYWN0LT5waW4gKQogICAgICAg ICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3JlYWRpbmcsIHN0YXR1cyk7CiB9 CiAKQEAgLTIzMTgsNyArMjMxOCw3IEBAIF9fYWNxdWlyZV9ncmFudF9mb3Jf Y29weSgKICAKICB1bmxvY2tfb3V0X2NsZWFyOgogICAgIGlmICggIShyZWFk b25seSkgJiYKLSAgICAgICAgICEoYWN0LT5waW4gJiBHTlRQSU5faHN0d19t YXNrKSApCisgICAgICAgICAhKGFjdC0+cGluICYgKEdOVFBJTl9oc3R3X21h c2sgfCBHTlRQSU5fZGV2d19tYXNrKSkgKQogICAgICAgICBnbnR0YWJfY2xl YXJfZmxhZyhfR1RGX3dyaXRpbmcsIHN0YXR1cyk7CiAKICAgICBpZiAoICFh Y3QtPnBpbiApCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Thu Aug 17 14:35:51 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Aug 2017 14:35:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1diLsj-0007sS-Pq; Thu, 17 Aug 2017 14:34:45 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1diLsi-0007sG-Nv; Thu, 17 Aug 2017 14:34:45 +0000 Received: from [193.109.254.147] by server-10.bemta-6.messagelabs.com id 96/B1-18185-389A5995; Thu, 17 Aug 2017 14:34:43 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkl+JIrShJLcpLzFFi42LJaLquqtu0cmq kwco9gha3brYyWyz5uJjFYtXVA6wOzB5Hd/9mCmCMYs3MS8qvSGDNuLZ5M3PB0RnsFctbVrA3 MDa0sHcxcnEICZxjlJi97hRzFyMnkLOBUeLnx3AQm1nAVeLGvs1sELaixIV7DSwgNq+AoMTJm U/AbAkBTYk7b1axg9giAkUSO8+9BLPZBPQk5p6dxATRaykxf+IpoDkcHMIC8RK7mmQgxphJ7L m/CKycRUBVYt3qk8wTGHlmIdk8C8nmWUg2zwKaxAy0ef0ufQhTWmL5Pw6IanmJ7W/nMEPY1hI rOrZATbGQOHvwGQvMxCndD9khWiskli2pgAiXSvzesp4VVQmInS8xccoyKDtHYs+qTyyYauwl njxthVplI/Hp5Q8mTDXFEqs6HrFCrC2QWPiIGVNJlsTKd2egWtMltnz4iUWNvcSpldOZYVa1H e7A4uRiiRkvN0HFCyQ+9i5hx2bX3ifz4HbdubaYdQGj1ipGjeLUorLUIl1jY72kosz0jJLcxM wcXUMDM73c1OLixPTUnMSkYr3k/NxNjMAkyAAEOxh3rg88xCjJwaQkyvt71pRIIb6k/JTKjMT ijPii0pzU4kOMMhwcShK8P5dPjRQSLEpNT61Iy8wBpmOYtAQHj5II71uQNG9xQWJucWY6ROoU oyXHrv9rvjBxLFu/BUi+mvD/G5MQS15+XqqUOK/NCqAGAZCGjNI8uHGwnHGJUVZKmJcR6EAhn oLUotzMElT5V4ziHIxKwrzHQdbyZOaVwG19BXQQE9BBV9ongRxUkoiQkmpgXFty/9CU3eGTNO YrHP/563IX8+/mK13yE9wuH3A2e2W/5l7m69OZ12xiw0Vn71rhfTaLQWlqY3X/ofKfK3PEZAr nXD0Z++D2B9vMiydzfxtlZlwOjfZqutz4dzPHra+rDjpFlExsORLl2vd9xy37dX+nH78z/d85 Ntsdm3QtGhRFUjOfxXx5xqfEUpyRaKjFXFScCAD8R6eiFAQAAA== X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-13.tower-27.messagelabs.com!1502980480!102734701!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 33815 invoked from network); 17 Aug 2017 14:34:41 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-13.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 17 Aug 2017 14:34:41 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1diLsN-0008It-Di; Thu, 17 Aug 2017 14:34:23 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1diLsN-0001GF-Az; Thu, 17 Aug 2017 14:34:23 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 17 Aug 2017 14:34:23 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12135 / XSA-226 version 6 multiple problems with transitive grants UPDATES IN VERSION 6 ==================== Patches actually addressing the issue have become ready. ISSUE DESCRIPTION ================= 1) Code to handle copy operations on transitive grants has built in retry logic, involving a function reinvoking itself with unchanged parameters. Such use assumes that the compiler would also translate this to a so called "tail call" when generating machine code. Empirically, this is not commonly the case, allowing for theoretically unbounded nesting of such function calls. 2) The reference counting and locking discipline for transitive grants is broken. Concurrent use of the transitive grant can leak references on the transitively-referenced grant. IMPACT ====== A malicious or buggy guest may be able to crash Xen. Privilege escalation and information leaks cannot be ruled out. A malicious or buggy guest can leak references on grants it has been given, amounting to a DoS against the grantee. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. The security team would also like to thank Amazon for helping to identify that the problems with transitive grants were deeper than originally believed. RESOLUTION ========== Applying the appropriate attached pair of patches from the list below addresses this issue: xsa226-unstable/*.patch xen-unstable xsa226-4.9/*.patch Xen 4.9.x, Xen 4.8.x, Xen 4.7.x xsa226-4.6/*.patch Xen 4.6.x xsa226-4.5/*.patch Xen 4.5.x Note that these patches have already been applied to the respective staging trees. Alternatively, applying the appropriate attached patch from the list below works around this issue by disabling transitive grants by default: xsa226.patch xen-unstable, Xen 4.9.x, Xen 4.8.x xsa226-4.7.patch Xen 4.7.x xsa226-4.6.patch Xen 4.6.x xsa226-4.5.patch Xen 4.5.x $ sha256sum xsa226* xsa226*/* b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch 22913e87349e27bd9167d5dad2d6a449b3959516e34e78ca0ff822320c4b55da xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch 4473fd96ce4fdea5e19e0b502d65f20bd279d82473ac34ff404ce2b2cbc10be1 xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch ca8b92b2ff58b87e8bec137a34784cbf11e2820659046df6e1d71e23bf7e7dee xsa226-4.5.patch 61096dca309f48d9e63e255a7bd76a3f5fbdd7ba1c42a3d0661f6f024b553fc7 xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch de6359e50fd2bb710469da74a596013ce275edb43d3d1c36d41452f88eee9b7d xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch 28c7df7edabb91fb2f1fa3fc7d6906bfae75a6e701f1cd335baafaae3e087696 xsa226-4.6.patch 9f2fb6981206d39274331316cd9cd9ee73d5f610de4891f6d13181fee9bc0529 xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch e34dbba7b94942faeb3e6b7630ba06f01998e2b56be1035d76e67aa47e77457d xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch fffcc0a4428723e6aea391ff4f1d27326b5a3763d2308cbde64e6a786502c702 xsa226-4.7.patch 624a5ba690de5de88b6fafd8429d025c013632755621f9f4e4c206e0f86419c3 xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch 01d773c5bb4cafe54daf0d14e8a3af899a7c5863513d18927c4a570a74afdb15 xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch $ (The .meta file is a prototype machine-readable file for describing which patches are to be applied how.) DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZlaksAAoJEIP+FMlX6CvZzOQH/A3LxvExBgExoQJWM8VPVliF jV19jRvLSK8Z2Xql4UZ8tcihmZyaBKLtzEAeMosk2FOtDu+iIIkmtL+KHaDwNkBk ZEyTkWuGWPqe4G/2CNpsx31v25YYGxgQlqyUcpJ8ZK97QtHkTo0+6PtQZ9wR8vgr 1OXAotDnnFSSAanpcEMd2DKtpK5k/IphbPYf9S5dFooUuQ7JQmLn6i/H4n9nsWV1 kHg58t3GM7I0hU6ahu7apdymGf3awYKD5Q/9fBGfna8ZU+Qjs//tZM0zfiQ4/5d5 dCvwsl8SeuM7rbkxrXgMCuiJMfOcsDr2YswJcjkryLQtmJjY+Eo6mCjYSKdDVO4= =06gT -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa226.patch" Content-Disposition: attachment; filename="xsa226.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA0MDAyZWFiLi5hZjA3OWI0IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtODY4LDYgKzg2OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggYWUzNDU0Ny4uODcxMzFmOCAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50 czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpz KQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9 IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAg ICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAi bWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcg dmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAg ICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAg ICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAg ICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9v bCB2YWwgPSAhIXN0cm5jbXAocywgIm5vLSIsIDMpOworCisgICAgICAgICAg ICBpZiAoICF2YWwgKQorICAgICAgICAgICAgICAgIHMgKz0gMzsKKworICAg ICAgICAgICAgaWYgKCAhc3RyY21wKHMsICJ0cmFuc2l0aXZlIikgKQorICAg ICAgICAgICAgICAgIG9wdF90cmFuc2l0aXZlX2dyYW50cyA9IHZhbDsKKyAg ICAgICAgfQorCisgICAgICAgIHMgPSBzcyArIDE7CisgICAgfSB3aGlsZSAo IHNzICk7Cit9CisKK2N1c3RvbV9wYXJhbSgiZ250dGFiIiwgcGFyc2VfZ250 dGFiKTsKKwogLyogVGhlIG1heGltdW0gbnVtYmVyIG9mIGdyYW50IG1hcHBp bmdzIGlzIGRlZmluZWQgYXMgYSBtdWx0aXBsaWVyIG9mIHRoZQogICogbWF4 aW11bSBudW1iZXIgb2YgZ3JhbnQgdGFibGUgZW50cmllcy4gVGhpcyBkZWZp bmVzIHRoZSBtdWx0aXBsaWVyIHVzZWQuCiAgKiBQcmV0dHkgYXJiaXRyYXJ5 LiBbUE9MSUNZXQpAQCAtMjE5MSw2ICsyMjI3LDEwIEBAIF9fYWNxdWlyZV9n cmFudF9mb3JfY29weSgKICAgICAgICAgfQogICAgICAgICBlbHNlIGlmICgg KHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRp dmUgKQogICAgICAgICB7CisgICAgICAgICAgICBpZiAoICFvcHRfdHJhbnNp dGl2ZV9ncmFudHMgKQorICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnQgZGlzYWxsb3dlZCBi eSBwb2xpY3lcbiIpOworCiAgICAgICAgICAgICBpZiAoICFhbGxvd190cmFu c2l0aXZlICkKICAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0 X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAogICAgICAgICAgICAgICAg ICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5 IG5vdCBhbGxvd2VkXG4iKTsKQEAgLTMxNTksNyArMzE5OSwxMCBAQCBkb19n cmFudF90YWJsZV9vcCgKICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9zZXRf dmVyc2lvbjoKICAgICB7Ci0gICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJz aW9uKGd1ZXN0X2hhbmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9u X3QpKTsKKyAgICAgICAgaWYgKCBvcHRfZ250dGFiX21heF92ZXJzaW9uID09 IDEgKQorICAgICAgICAgICAgcmMgPSAtRU5PU1lTOyAvKiBCZWhhdmUgYXMg YmVmb3JlIHNldF92ZXJzaW9uIHdhcyBpbnRyb2R1Y2VkLiAqLworICAgICAg ICBlbHNlCisgICAgICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihn dWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7 CiAgICAgICAgIGJyZWFrOwogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX2dl dF9zdGF0dXNfZnJhbWVzOgo= --=separator Content-Type: application/octet-stream; name="xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjEwOSw4ICsyMTA5LDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjYyLDEwICsyMjY0LDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjczLDkgKzIyNzYsOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhy Z3QpOwogICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAg ICAgICAgICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJk LCBncmVmLCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdl X29mZiwgbGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAg ICAgICAgICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVy biBFUkVTVEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyog VGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90 IGJlIGEKQEAgLTI1NzQsNyArMjU3Niw3IEBAIHN0YXRpYyBpbnQgZ250dGFi X2NvcHlfb25lKGNvbnN0IHN0cnVjdAogICAgIHsKICAgICAgICAgZ250dGFi X2NvcHlfcmVsZWFzZV9idWYoc3JjKTsKICAgICAgICAgcmMgPSBnbnR0YWJf Y29weV9jbGFpbV9idWYob3AsICZvcC0+c291cmNlLCBzcmMsIEdOVENPUFlf c291cmNlX2dyZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAg IGlmICggcmMgKQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBA IC0yNTg0LDcgKzI1ODYsNyBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29u ZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRhYl9jb3B5X3Jl bGVhc2VfYnVmKGRlc3QpOwogICAgICAgICByYyA9IGdudHRhYl9jb3B5X2Ns YWltX2J1ZihvcCwgJm9wLT5kZXN0LCBkZXN0LCBHTlRDT1BZX2Rlc3RfZ3Jl Zik7Ci0gICAgICAgIGlmICggcmMgPCAwICkKKyAgICAgICAgaWYgKCByYyAp CiAgICAgICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI1OTMsNiAr MjU5NSwxNCBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29uZShjb25zdCBz dHJ1Y3QKICAgICByZXR1cm4gcmM7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgWEVOX0dVRVNUX0hBTkRMRV9QQVJBTShnbnR0YWJfY29weV90KSB1b3As IHVuc2lnbmVkIGludCBjb3VudCkKIHsKQEAgLTI2MDYsNyArMjYxNiw3IEBA IHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAogICAgIHsKICAgICAgICAgaWYg KCBpICYmIGh5cGVyY2FsbF9wcmVlbXB0X2NoZWNrKCkgKQogICAgICAgICB7 Ci0gICAgICAgICAgICByYyA9IGk7CisgICAgICAgICAgICByYyA9IGNvdW50 IC0gaTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAKQEAgLTI2 MTYsMTMgKzI2MjYsMjAgQEAgc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCi0gICAgICAgIG9wLnN0 YXR1cyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKLSAg ICAgICAgaWYgKCBvcC5zdGF0dXMgIT0gR05UU1Rfb2theSApCisgICAgICAg IHJjID0gZ250dGFiX2NvcHlfb25lKCZvcCwgJmRlc3QsICZzcmMpOworICAg ICAgICBpZiAoIHJjID4gMCApCisgICAgICAgIHsKKyAgICAgICAgICAgIHJj ID0gY291bnQgLSBpOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0K KyAgICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJnNyYyk7CiAg ICAgICAgICAgICBnbnR0YWJfY29weV9yZWxlYXNlX2J1ZigmZGVzdCk7CiAg ICAgICAgIH0KIAorICAgICAgICBvcC5zdGF0dXMgPSByYzsKKyAgICAgICAg cmMgPSAwOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9fY29weV9maWVsZF90 b19ndWVzdCh1b3AsICZvcCwgc3RhdHVzKSkgKQogICAgICAgICB7CiAgICAg ICAgICAgICByYyA9IC1FRkFVTFQ7CkBAIC0zMTYyLDYgKzMxNzksNyBAQCBk b19ncmFudF90YWJsZV9vcCgKICAgICAgICAgcmMgPSBnbnR0YWJfY29weShj b3B5LCBjb3VudCk7CiAgICAgICAgIGlmICggcmMgPiAwICkKICAgICAgICAg eworICAgICAgICAgICAgcmMgPSBjb3VudCAtIHJjOwogICAgICAgICAgICAg Z3Vlc3RfaGFuZGxlX2FkZF9vZmZzZXQoY29weSwgcmMpOwogICAgICAgICAg ICAgdW9wID0gZ3Vlc3RfaGFuZGxlX2Nhc3QoY29weSwgdm9pZCk7CiAgICAg ICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwNTYsMTMgKzIwNTYsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBncmFu dF9yZWFkX2xvY2socmd0KTsKIAogICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9h Y3F1aXJlKHJndCwgZ3JlZik7CkBAIC0yMDkyLDE3ICsyMDg3LDExIEBAIF9f cmVsZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAt PSBHTlRQSU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAm IChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAg ICAgIHsKLSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAg ICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVz KTsKLSAgICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkK LSAgICB7CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGlu Zywgc3RhdHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAg fQogCiAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKICAgICBncmFu dF9yZWFkX3VubG9jayhyZ3QpOwpAQCAtMjExMCwxMyArMjA5OSwxMCBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAgICAgaWYgKCB0ZCAhPSByZCAp CiAgICAgewogICAgICAgICAvKgotICAgICAgICAgKiBSZWN1cnNpdmUgY2Fs bHMsIGJ1dCB0aGV5J3JlIGJvdW5kZWQgKGFjcXVpcmUgcGVybWl0cyBvbmx5 IGEgc2luZ2xlCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxsLCBidXQgaXQg aXMgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUKICAg ICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBva2F5 LgogICAgICAgICAgKi8KLSAgICAgICAgaWYgKCByZWxlYXNlZF93cml0ZSAp Ci0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQsIHRy YW5zX2dyZWYsIDApOwotICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRfcmVh ZCApCi0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDEpOworICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKIAogICAgICAgICBy Y3VfdW5sb2NrX2RvbWFpbih0ZCk7CiAgICAgfQpAQCAtMjE5MCw4ICsyMTc2 LDEwOCBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgICAg ICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAogICAgIG9s ZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8fAotICAg ICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJTl9kZXZ3 X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBzaGEyICYm IChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFuc2l0 aXZlICkKKyAgICB7CisgICAgICAgIGlmICggKCFvbGRfcGluIHx8ICghcmVh ZG9ubHkgJiYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICEob2xkX3Bp biAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkpICYm CisgICAgICAgICAgICAgKHJjID0gX3NldF9zdGF0dXNfdjIobGRvbSwgcmVh ZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzdGF0dXMpKSAhPSBHTlRTVF9va2F5ICkKKyAgICAgICAg ICAgIGdvdG8gdW5sb2NrX291dDsKKworICAgICAgICBpZiAoICFhbGxvd190 cmFuc2l0aXZlICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRf Y2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAgICAgICAg ICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3Qg YWxsb3dlZFxuIik7CisKKyAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEyLT50 cmFuc2l0aXZlLnRyYW5zX2RvbWlkOworICAgICAgICB0cmFuc19ncmVmID0g c2hhMi0+dHJhbnNpdGl2ZS5ncmVmOworICAgICAgICBiYXJyaWVyKCk7IC8q IFN0b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZworICAgICAgICAg ICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20gc2hhcmVkIG1lbW9yeSAq LworICAgICAgICBpZiAoIHRyYW5zX2RvbWlkID09IHJkLT5kb21haW5faWQg KQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05U U1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFu c2l0aXZlIGdyYW50cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7 CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cgdGhlIHRyYW5z X2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9uZHMgdG8gYQor ICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25lIGRvbWFpbiwg c2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAgICAgICogdHJh bnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2luYWwgZG9tYWlu LiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwgYW5kIG1lYW5z IHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRv CisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4KKyAgICAgICAg ICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAgICAgIHRkID0g cmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKKyAgICAgICAg aWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVuY2VkIGJhZCBk b21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0cmFuc19kb21p ZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1aXJlX2dyYW50 X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKKyAgICAg ICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNvIHdlIGhhdmUg dG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFuZCByZWFjcXVp cmUuCisgICAgICAgICAqLworICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFz ZShhY3QpOworICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOworCisg ICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFu c19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBwYWdl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmdHJh bnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAgIGdy YW50X3JlYWRfbG9jayhyZ3QpOworICAgICAgICBhY3QgPSBhY3RpdmVfZW50 cnlfYWNxdWlyZShyZ3QsIGdyZWYpOworCisgICAgICAgIGlmICggcmMgIT0g R05UU1Rfb2theSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fZml4dXBf c3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAg ICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAgICBhY3RpdmVf ZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAg fQorCisgICAgICAgIC8qCisgICAgICAgICAqIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCB0aGUgZ3JhbnQgZGlkbid0 CisgICAgICAgICAqIGNoYW5nZSwgYW5kIHRoYXQgbm9ib2R5IGVsc2UgdHJp ZWQgdG8gcGluL3VucGluIGl0LiBJZiBhbnl0aGluZworICAgICAgICAgKiBj aGFuZ2VkLCBqdXN0IGdpdmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byBy ZXRyeS4KKyAgICAgICAgICovCisgICAgICAgIGlmICggcmd0LT5ndF92ZXJz aW9uICE9IDIgfHwKKyAgICAgICAgICAgICBhY3QtPnBpbiAhPSBvbGRfcGlu IHx8CisgICAgICAgICAgICAgKG9sZF9waW4gJiYgKGFjdC0+ZG9taWQgIT0g bGRvbSB8fCBhY3QtPmZyYW1lICE9IGdyYW50X2ZyYW1lIHx8CisgICAgICAg ICAgICAgICAgICAgICAgICAgIGFjdC0+c3RhcnQgIT0gdHJhbnNfcGFnZV9v ZmYgfHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5sZW5ndGgg IT0gdHJhbnNfbGVuZ3RoIHx8CisgICAgICAgICAgICAgICAgICAgICAgICAg IGFjdC0+dHJhbnNfZG9tYWluICE9IHRkIHx8CisgICAgICAgICAgICAgICAg ICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiAhPSB0cmFuc19ncmVmIHx8Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICFhY3QtPmlzX3N1Yl9wYWdlKSkg KQorICAgICAgICB7CisgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKKyAgICAgICAgICAg IF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7Cisg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAg ICBhY3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3Jh bnRfcmVhZF91bmxvY2socmd0KTsKKyAgICAgICAgICAgIHB1dF9wYWdlKCpw YWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAg IHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAgIGlmICgg IW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3QtPmRvbWlk ID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFuc19wYWdl X29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNfbGVuZ3Ro OworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsKKyAgICAg ICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7CisgICAgICAg ICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAgICAgICBh Y3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAgICAgICAg ICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkg bm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQgd2UgYWx3 YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tzIG1hcHBp bmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50cy4KKyAg ICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJfcGFnZSA9 IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFvbGRfcGlu IHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRfcGluICYg KEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCiAgICAg ewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+Z3RfdmVy c2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjIxMiw4MCArMjI5OCw2IEBA IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAgIHRyYW5z X3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0aCA9IFBB R0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICggKHNoYWgt PmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRpdmUgKQot ICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFuc2l0aXZl ICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFy LCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAgICAgICAg ICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBh bGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEy LT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAgdHJhbnNf Z3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAgICAgIGJh cnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5n Ci0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20g c2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFuc19kb21p ZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJ TCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAg ICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50cyBjYW5u b3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAgICAgIC8q IFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2UsIHdoaWNo Ci0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50IGJlaW5n IGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAgICAgICB0 byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdyYW50ZWQg YmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRvbWFpbi4g IEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAgICAgICAg ICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVzdC4gKi8K LQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAgICAgIHRk ID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKLSAgICAg ICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAgICAgUElO X0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwK LSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBy ZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAvKgotICAg ICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQg dGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJlbW90ZSB0 YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3AgdGhlIGxv Y2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQotICAgICAg ICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFzZShh Y3QpOwotICAgICAgICAgICAgZ3JhbnRfcmVhZF91bmxvY2socmd0KTsKLQot ICAgICAgICAgICAgcmMgPSBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIHJkLT5kb21haW5faWQsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2Zy YW1lLCBwYWdlLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3RoLCAwKTsK LQotICAgICAgICAgICAgZ3JhbnRfcmVhZF9sb2NrKHJndCk7Ci0gICAgICAg ICAgICBhY3QgPSBhY3RpdmVfZW50cnlfYWNxdWlyZShyZ3QsIGdyZWYpOwot Ci0gICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKQotICAgICAg ICAgICAgewotICAgICAgICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9j b3B5X3BpbihhY3QsIHN0YXR1cyk7Ci0gICAgICAgICAgICAgICAgcmN1X3Vu bG9ja19kb21haW4odGQpOwotICAgICAgICAgICAgICAgIGFjdGl2ZV9lbnRy eV9yZWxlYXNlKGFjdCk7Ci0gICAgICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKLSAgICAgICAgICAgICAgICByZXR1cm4gcmM7Ci0gICAg ICAgICAgICB9Ci0KLSAgICAgICAgICAgIC8qCi0gICAgICAgICAgICAgKiBX ZSBkcm9wcGVkIHRoZSBsb2NrLCBzbyB3ZSBoYXZlIHRvIGNoZWNrIHRoYXQg bm9ib2R5IGVsc2UgdHJpZWQKLSAgICAgICAgICAgICAqIHRvIHBpbiAob3Is IGZvciB0aGF0IG1hdHRlciwgdW5waW4pIHRoZSByZWZlcmVuY2UgaW4gKnRo aXMqCi0gICAgICAgICAgICAgKiBkb21haW4uICBJZiB0aGV5IGRpZCwganVz dCBnaXZlIHVwIGFuZCB0ZWxsIHRoZSBjYWxsZXIgdG8gcmV0cnkuCi0gICAg ICAgICAgICAgKi8KLSAgICAgICAgICAgIGlmICggYWN0LT5waW4gIT0gb2xk X3BpbiApCi0gICAgICAgICAgICB7Ci0gICAgICAgICAgICAgICAgX19maXh1 cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAgICAgICAg ICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAgICAgICAg ICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKLSAgICAgICAgICAgICAg ICBncmFudF9yZWFkX3VubG9jayhyZ3QpOwotICAgICAgICAgICAgICAgIHB1 dF9wYWdlKCpwYWdlKTsKLSAgICAgICAgICAgICAgICAqcGFnZSA9IE5VTEw7 Ci0gICAgICAgICAgICAgICAgcmV0dXJuIEVSRVNUQVJUOwotICAgICAgICAg ICAgfQotCi0gICAgICAgICAgICAvKiBUaGUgYWN0dWFsIHJlbW90ZSByZW1v dGUgZ3JhbnQgbWF5IG9yIG1heSBub3QgYmUgYQotICAgICAgICAgICAgICAg c3ViLXBhZ2UsIGJ1dCB3ZSBhbHdheXMgdHJlYXQgaXQgYXMgb25lIGJlY2F1 c2UgdGhhdAotICAgICAgICAgICAgICAgYmxvY2tzIG1hcHBpbmdzIG9mIHRy YW5zaXRpdmUgZ3JhbnRzLiAqLwotICAgICAgICAgICAgaXNfc3ViX3BhZ2Ug PSAxOwotICAgICAgICAgICAgYWN0LT5nZm4gPSAtMXVsOwotICAgICAgICB9 CiAgICAgICAgIGVsc2UgaWYgKCAhKHNoYTItPmhkci5mbGFncyAmIEdURl9z dWJfcGFnZSkgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0 X3BhZ2VkX2ZyYW1lKHNoYTItPmZ1bGxfcGFnZS5mcmFtZSwgJmdyYW50X2Zy YW1lLCBwYWdlLCByZWFkb25seSwgcmQpOwpAQCAtMjcxMCwxMCArMjcyMiwx MyBAQCBnbnR0YWJfc2V0X3ZlcnNpb24oWEVOX0dVRVNUX0hBTkRMRV9QQVJB CiAgICAgY2FzZSAyOgogICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRB Ql9OUl9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQogICAgICAgICB7Ci0gICAg ICAgICAgICBpZiAoICgoc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxh Z3MgJiBHVEZfdHlwZV9tYXNrKSA9PQotICAgICAgICAgICAgICAgICAgR1RG X3Blcm1pdF9hY2Nlc3MpICYmCi0gICAgICAgICAgICAgICAgIChzaGFyZWRf ZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFtZSA+PiAzMikgKQorICAg ICAgICAgICAgc3dpdGNoICggc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIu ZmxhZ3MgJiBHVEZfdHlwZV9tYXNrICkKICAgICAgICAgICAgIHsKKyAgICAg ICAgICAgIGNhc2UgR1RGX3Blcm1pdF9hY2Nlc3M6CisgICAgICAgICAgICAg ICAgIGlmICggIShzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5m cmFtZSA+PiAzMikgKQorICAgICAgICAgICAgICAgICAgICAgYnJlYWs7Cisg ICAgICAgICAgICAgICAgIC8qIGZhbGwgdGhyb3VnaCAqLworICAgICAgICAg ICAgY2FzZSBHVEZfdHJhbnNpdGl2ZToKICAgICAgICAgICAgICAgICBnZHBy aW50ayhYRU5MT0dfV0FSTklORywKICAgICAgICAgICAgICAgICAgICAgICAg ICAidHJpZWQgdG8gY2hhbmdlIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gMSB3 aXRoIG5vbi1yZXByZXNlbnRhYmxlIGVudHJpZXNcbiIpOwogICAgICAgICAg ICAgICAgIHJlcyA9IC1FUkFOR0U7Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.5.patch" Content-Disposition: attachment; filename="xsa226-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCAxNmJmYjM5Li4zOTM2MzE2IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNjYyLDYgKzY2MiwyMiBAQCBkb2VzIG5vdCBwcm92aWRlIFZNXF9FTlRS WVxfTE9BRFxfR1VFU1RcX1BBVC4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBh cmFtZXRlcnMgZm9yIHRoZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBg PSBMaXN0IG9mIFsgbWF4X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAK KworPiBEZWZhdWx0OiBgZ250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZl YAorCitDb250cm9sIHZhcmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFi bGUgYmVoYXZpb3VyIGF2YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92 ZXJgIFNlbGVjdCB0aGUgbWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRv IG9mZmVyIHRvIGd1ZXN0cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAy LgorKiBgdHJhbnNpdGl2ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ug b2YgdHJhbnNpdGl2ZSBncmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2Yg Z3JhbnQgdGFibGUgdjIgd2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBh biBBQkkgYnJlYWthZ2UgZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3 LgorCisqV2FybmluZzoqCitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBv cnQuCisKICMjIyBnbnR0YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2Vy PmAKIApkaWZmIC0tZ2l0IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIv eGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCmluZGV4IDgzYTRiOWUuLmM5YTZj ZDkgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysg Yi94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBA IGludGVnZXJfcGFyYW0oImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25y X2dyYW50X2ZyYW1lcyk7CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBt YXhfZ3JhbnRfZnJhbWVzOwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9m cmFtZXMiLCBtYXhfZ3JhbnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVk IGludCBfX3JlYWRfbW9zdGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAy Oworc3RhdGljIGJvb2xfdCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZl X2dyYW50czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihj aGFyICpzKQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAg ICBzcyA9IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAg ICAgICAgICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNt cChzLCAibWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAg IGxvbmcgdmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOwor CisgICAgICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAg ICAgICAgICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOwor ICAgICAgICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAg ICAgYm9vbF90IHZhbCA9ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAg ICAgICAgICAgIGlmICggIXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAz OworCisgICAgICAgICAgICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUi KSApCisgICAgICAgICAgICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0g dmFsOworICAgICAgICB9CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9 IHdoaWxlICggc3MgKTsKK30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBw YXJzZV9nbnR0YWIpOworCiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3Jh bnQgbWFwcGluZ3MgaXMgZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhl CiAgKiBtYXhpbXVtIG51bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBU aGlzIGRlZmluZXMgdGhlIG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBh cmJpdHJhcnkuIFtQT0xJQ1ldCkBAIC0xOTU4LDYgKzE5OTQsMTAgQEAgX19h Y3F1aXJlX2dyYW50X2Zvcl9jb3B5KAogICAgICAgICB0cmFuc19ncmVmID0g Z3JlZjsKICAgICAgICAgaWYgKCBzaGEyICYmIChzaGFoLT5mbGFncyAmIEdU Rl90eXBlX21hc2spID09IEdURl90cmFuc2l0aXZlICkKICAgICAgICAgewor ICAgICAgICAgICAgaWYgKCAhb3B0X3RyYW5zaXRpdmVfZ3JhbnRzICkKKyAg ICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRT VF9nZW5lcmFsX2Vycm9yLAorICAgICAgICAgICAgICAgICAgICAgICAgICJ0 cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93ZWQgYnkgcG9saWN5XG4iKTsKKwog ICAgICAgICAgICAgaWYgKCAhYWxsb3dfdHJhbnNpdGl2ZSApCiAgICAgICAg ICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2Vu ZXJhbF9lcnJvciwKICAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNp dGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3QgYWxsb3dlZFxuIik7 CkBAIC0yNzQxLDcgKzI3ODEsMTAgQEAgZG9fZ3JhbnRfdGFibGVfb3AoCiAg ICAgfQogICAgIGNhc2UgR05UVEFCT1Bfc2V0X3ZlcnNpb246CiAgICAgewot ICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihndWVzdF9oYW5kbGVf Y2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7CisgICAgICAgIGlm ICggb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9PSAxICkKKyAgICAgICAgICAg IHJjID0gLUVOT1NZUzsgLyogQmVoYXZlIGFzIGJlZm9yZSBzZXRfdmVyc2lv biB3YXMgaW50cm9kdWNlZC4gKi8KKyAgICAgICAgZWxzZQorICAgICAgICAg ICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vlc3RfaGFuZGxlX2Nhc3Qo dW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwogICAgICAgICBicmVhazsK ICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: application/octet-stream; name="xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMTg2MCw4ICsxODYwLDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0xOTk3LDE5ICsxOTk5LDE5IEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CiAgICAgICAgICAgICAgICAgcmN1X3VubG9ja19kb21haW4odGQp OwogICAgICAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZyZ3QtPmxvY2spOwog ICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAgICAgICAg ICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJkLCBncmVm LCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdlX29mZiwg bGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAgICAgICAg ICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVybiBFUkVT VEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyogVGhlIGFj dHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90IGJlIGEK QEAgLTIwODksNyArMjA5MSw3IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29w eSgKICAgICByZXR1cm4gcmM7CiB9CiAKLXN0YXRpYyB2b2lkCitzdGF0aWMg Ym9vbF90CiBfX2dudHRhYl9jb3B5KAogICAgIHN0cnVjdCBnbnR0YWJfY29w eSAqb3ApCiB7CkBAIC0yMjEzLDkgKzIyMTUsMjAgQEAgX19nbnR0YWJfY29w eSgKICAgICAgICAgcmN1X3VubG9ja19kb21haW4oc2QpOwogICAgIGlmICgg ZGQgKQogICAgICAgICByY3VfdW5sb2NrX2RvbWFpbihkZCk7CisgICAgaWYg KCByYyA+IDAgKQorICAgICAgICByZXR1cm4gMDsKICAgICBvcC0+c3RhdHVz ID0gcmM7CisgICAgcmV0dXJuIDE7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcKIGdudHRhYl9jb3B5KAog ICAgIFhFTl9HVUVTVF9IQU5ETEVfUEFSQU0oZ250dGFiX2NvcHlfdCkgdW9w LCB1bnNpZ25lZCBpbnQgY291bnQpCkBAIC0yMjI2LDEwICsyMjM5LDExIEBA IGdudHRhYl9jb3B5KAogICAgIGZvciAoIGkgPSAwOyBpIDwgY291bnQ7IGkr KyApCiAgICAgewogICAgICAgICBpZiAoaSAmJiBoeXBlcmNhbGxfcHJlZW1w dF9jaGVjaygpKQotICAgICAgICAgICAgcmV0dXJuIGk7CisgICAgICAgICAg ICByZXR1cm4gY291bnQgLSBpOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9f Y29weV9mcm9tX2d1ZXN0KCZvcCwgdW9wLCAxKSkgKQogICAgICAgICAgICAg cmV0dXJuIC1FRkFVTFQ7Ci0gICAgICAgIF9fZ250dGFiX2NvcHkoJm9wKTsK KyAgICAgICAgaWYgKCAhX19nbnR0YWJfY29weSgmb3ApICkKKyAgICAgICAg ICAgIHJldHVybiBjb3VudCAtIGk7CiAgICAgICAgIGlmICggdW5saWtlbHko X19jb3B5X2ZpZWxkX3RvX2d1ZXN0KHVvcCwgJm9wLCBzdGF0dXMpKSApCiAg ICAgICAgICAgICByZXR1cm4gLUVGQVVMVDsKICAgICAgICAgZ3Vlc3RfaGFu ZGxlX2FkZF9vZmZzZXQodW9wLCAxKTsKQEAgLTI3MjcsNiArMjc0MSw3IEBA IGRvX2dyYW50X3RhYmxlX29wKAogICAgICAgICByYyA9IGdudHRhYl9jb3B5 KGNvcHksIGNvdW50KTsKICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAg ICB7CisgICAgICAgICAgICByYyA9IGNvdW50IC0gcmM7CiAgICAgICAgICAg ICBndWVzdF9oYW5kbGVfYWRkX29mZnNldChjb3B5LCByYyk7CiAgICAgICAg ICAgICB1b3AgPSBndWVzdF9oYW5kbGVfY2FzdChjb3B5LCB2b2lkKTsKICAg ICAgICAgfQo= --=separator Content-Type: application/octet-stream; name="xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTE4MDgsMTMgKzE4MDgsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBzcGlu X2xvY2soJnJndC0+bG9jayk7CiAKICAgICBhY3QgPSAmYWN0aXZlX2VudHJ5 KHJndCwgZ3JlZik7CkBAIC0xODQ0LDMwICsxODM5LDIxIEBAIF9fcmVsZWFz ZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAtPSBHTlRQ SU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAmIChHTlRQ SU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAgICAgIHsK LSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAgICAgICAg IGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVzKTsKLSAg ICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkKLSAgICB7 CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGluZywgc3Rh dHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAgfQogCiAg ICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7CiAKICAgICBpZiAoIHRkICE9 IHJkICkKICAgICB7CiAgICAgICAgIC8qCi0gICAgICAgICAqIFJlY3Vyc2l2 ZSBjYWxscywgYnV0IHRoZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRz IG9ubHkgYSBzaW5nbGUKKyAgICAgICAgICogUmVjdXJzaXZlIGNhbGwsIGJ1 dCBpdCBpcyBib3VuZGVkIChhY3F1aXJlIHBlcm1pdHMgb25seSBhIHNpbmds ZQogICAgICAgICAgKiBsZXZlbCBvZiB0cmFuc2l0aXZpdHkpLCBzbyBpdCdz IG9rYXkuCiAgICAgICAgICAqLwotICAgICAgICBpZiAoIHJlbGVhc2VkX3dy aXRlICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0 ZCwgdHJhbnNfZ3JlZiwgMCk7Ci0gICAgICAgIGVsc2UgaWYgKCByZWxlYXNl ZF9yZWFkICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29w eSh0ZCwgdHJhbnNfZ3JlZiwgMSk7CisgICAgICAgIF9fcmVsZWFzZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOwogCiAgICAg ICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKICAgICB9CkBAIC0xOTQ4LDc5 ICsxOTM0LDExMyBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAg ICAgICAgICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAog ICAgIG9sZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8 fAotICAgICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJ Tl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBz aGEyICYmIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90 cmFuc2l0aXZlICkKICAgICB7Ci0gICAgICAgIGlmICggKHJjID0gX3NldF9z dGF0dXMocmd0LT5ndF92ZXJzaW9uLCBsZG9tLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHJlYWRvbmx5LCAwLCBzaGFoLCBhY3QsCi0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RhdHVzKSApICE9IEdOVFNU X29rYXkgKQotICAgICAgICAgICAgIGdvdG8gdW5sb2NrX291dDsKKyAgICAg ICAgaWYgKCAoIW9sZF9waW4gfHwgKCFyZWFkb25seSAmJgorICAgICAgICAg ICAgICAgICAgICAgICAgICAgIShvbGRfcGluICYgKEdOVFBJTl9kZXZ3X21h c2t8R05UUElOX2hzdHdfbWFzaykpKSkgJiYKKyAgICAgICAgICAgICAocmMg PSBfc2V0X3N0YXR1c192MihsZG9tLCByZWFkb25seSwgMCwgc2hhaCwgYWN0 LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN0YXR1cykp ICE9IEdOVFNUX29rYXkgKQorICAgICAgICAgICAgZ290byB1bmxvY2tfb3V0 OworCisgICAgICAgIGlmICggIWFsbG93X3RyYW5zaXRpdmUgKQorICAgICAg ICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJh bF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdy YW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBhbGxvd2VkXG4iKTsKKworICAg ICAgICB0cmFuc19kb21pZCA9IHNoYTItPnRyYW5zaXRpdmUudHJhbnNfZG9t aWQ7CisgICAgICAgIHRyYW5zX2dyZWYgPSBzaGEyLT50cmFuc2l0aXZlLmdy ZWY7CisgICAgICAgIGJhcnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIg ZnJvbSByZS1sb2FkaW5nCisgICAgICAgICAgICAgICAgICAgICAgdHJhbnNf ZG9taWQgZnJvbSBzaGFyZWQgbWVtb3J5ICovCisgICAgICAgIGlmICggdHJh bnNfZG9taWQgPT0gcmQtPmRvbWFpbl9pZCApCisgICAgICAgICAgICBQSU5f RkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAor ICAgICAgICAgICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnRzIGNhbm5v dCBiZSBzZWxmLXJlZmVyZW50aWFsXG4iKTsKIAotICAgICAgICB0ZCA9IHJk OwotICAgICAgICB0cmFuc19ncmVmID0gZ3JlZjsKLSAgICAgICAgaWYgKCBz aGEyICYmIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90 cmFuc2l0aXZlICkKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cg dGhlIHRyYW5zX2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9u ZHMgdG8gYQorICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25l IGRvbWFpbiwgc2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAg ICAgICogdHJhbnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2lu YWwgZG9tYWluLiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwg YW5kIG1lYW5zIHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlv dXIgd2F5IHRvCisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4K KyAgICAgICAgICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0 aGUgcnJkIGxvY2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAg ICAgIHRkID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsK KyAgICAgICAgaWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9G QUlMKHVubG9ja19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisg ICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVu Y2VkIGJhZCBkb21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0 cmFuc19kb21pZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0 aGUKKyAgICAgICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNv IHdlIGhhdmUgdG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFu ZCByZWFjcXVpcmUuCisgICAgICAgICAqLworICAgICAgICBzcGluX3VubG9j aygmcmd0LT5sb2NrKTsKKworICAgICAgICByYyA9IF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmQtPmRvbWFpbl9pZCwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmVhZG9ubHks ICZncmFudF9mcmFtZSwgcGFnZSwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3Ro LCAwKTsKKworICAgICAgICBzcGluX2xvY2soJnJndC0+bG9jayk7CisKKyAg ICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewotICAg ICAgICAgICAgaWYgKCAhYWxsb3dfdHJhbnNpdGl2ZSApCi0gICAgICAgICAg ICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJh bF9lcnJvciwKLSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2 ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3QgYWxsb3dlZFxuIik7Ci0K LSAgICAgICAgICAgIHRyYW5zX2RvbWlkID0gc2hhMi0+dHJhbnNpdGl2ZS50 cmFuc19kb21pZDsKLSAgICAgICAgICAgIHRyYW5zX2dyZWYgPSBzaGEyLT50 cmFuc2l0aXZlLmdyZWY7Ci0gICAgICAgICAgICBiYXJyaWVyKCk7IC8qIFN0 b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZwotICAgICAgICAgICAg ICAgICAgICAgICAgICB0cmFuc19kb21pZCBmcm9tIHNoYXJlZCBtZW1vcnkg Ki8KLSAgICAgICAgICAgIGlmICggdHJhbnNfZG9taWQgPT0gcmQtPmRvbWFp bl9pZCApCi0gICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9j bGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKLSAgICAgICAgICAgICAgICAg ICAgICAgICAidHJhbnNpdGl2ZSBncmFudHMgY2Fubm90IGJlIHNlbGYtcmVm ZXJlbnRpYWxcbiIpOwotCi0gICAgICAgICAgICAvKiBXZSBhbGxvdyB0aGUg dHJhbnNfZG9taWQgPT0gbGRvbSBjYXNlLCB3aGljaAotICAgICAgICAgICAg ICAgY29ycmVzcG9uZHMgdG8gYSBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25l IGRvbWFpbiwgc2VudAotICAgICAgICAgICAgICAgdG8gYW5vdGhlciBvbmUs IGFuZCB0aGVuIHRyYW5zaXRpdmVseSBncmFudGVkIGJhY2sgdG8KLSAgICAg ICAgICAgICAgIHRoZSBvcmlnaW5hbCBkb21haW4uICBBbGxvd2luZyBpdCBp cyBlYXN5LCBhbmQgbWVhbnMKLSAgICAgICAgICAgICAgIHRoYXQgeW91IGRv bid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRvIGF2b2lkIGl0Ci0g ICAgICAgICAgICAgICBpbiB0aGUgZ3Vlc3QuICovCi0KLSAgICAgICAgICAg IC8qIFdlIG5lZWQgdG8gbGVhdmUgdGhlIHJyZCBsb2NrZWQgZHVyaW5nIHRo ZSBncmFudCBjb3B5ICovCi0gICAgICAgICAgICB0ZCA9IHJjdV9sb2NrX2Rv bWFpbl9ieV9pZCh0cmFuc19kb21pZCk7Ci0gICAgICAgICAgICBpZiAoIHRk ID09IE5VTEwgKQotICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19v dXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCi0gICAgICAgICAgICAg ICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnQgcmVmZXJlbmNlZCBiYWQg ZG9tYWluICVkXG4iLAotICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5z X2RvbWlkKTsKKyAgICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5 X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAgICByY3VfdW5sb2NrX2Rv bWFpbih0ZCk7CiAgICAgICAgICAgICBzcGluX3VubG9jaygmcmd0LT5sb2Nr KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAgfQogCi0gICAg ICAgICAgICByYyA9IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSh0ZCwgdHJh bnNfZ3JlZiwgcmQtPmRvbWFpbl9pZCwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHJlYWRvbmx5LCAmZ3JhbnRfZnJhbWUs IHBhZ2UsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAmdHJhbnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOwotCi0g ICAgICAgICAgICBzcGluX2xvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAg ICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKSB7Ci0gICAgICAgICAgICAgICAg X19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAg ICAgICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAg ICAgICAgICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAg ICAgICAgcmV0dXJuIHJjOwotICAgICAgICAgICAgfQorICAgICAgICAvKgor ICAgICAgICAgKiBXZSBkcm9wcGVkIHRoZSBsb2NrLCBzbyB3ZSBoYXZlIHRv IGNoZWNrIHRoYXQgdGhlIGdyYW50IGRpZG4ndAorICAgICAgICAgKiBjaGFu Z2UsIGFuZCB0aGF0IG5vYm9keSBlbHNlIHRyaWVkIHRvIHBpbi91bnBpbiBp dC4gSWYgYW55dGhpbmcKKyAgICAgICAgICogY2hhbmdlZCwganVzdCBnaXZl IHVwIGFuZCB0ZWxsIHRoZSBjYWxsZXIgdG8gcmV0cnkuCisgICAgICAgICAq LworICAgICAgICBpZiAoIHJndC0+Z3RfdmVyc2lvbiAhPSAyIHx8CisgICAg ICAgICAgICAgYWN0LT5waW4gIT0gb2xkX3BpbiB8fAorICAgICAgICAgICAg IChvbGRfcGluICYmIChhY3QtPmRvbWlkICE9IGxkb20gfHwgYWN0LT5mcmFt ZSAhPSBncmFudF9mcmFtZSB8fAorICAgICAgICAgICAgICAgICAgICAgICAg ICBhY3QtPnN0YXJ0ICE9IHRyYW5zX3BhZ2Vfb2ZmIHx8CisgICAgICAgICAg ICAgICAgICAgICAgICAgIGFjdC0+bGVuZ3RoICE9IHRyYW5zX2xlbmd0aCB8 fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPnRyYW5zX2RvbWFp biAhPSB0ZCB8fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPnRy YW5zX2dyZWYgIT0gdHJhbnNfZ3JlZiB8fAorICAgICAgICAgICAgICAgICAg ICAgICAgICAhYWN0LT5pc19zdWJfcGFnZSkpICkKKyAgICAgICAgeworICAg ICAgICAgICAgX19yZWxlYXNlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFuc19n cmVmLCByZWFkb25seSk7CisgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19m b3JfY29weV9waW4oYWN0LCBzdGF0dXMpOworICAgICAgICAgICAgcmN1X3Vu bG9ja19kb21haW4odGQpOworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnJn dC0+bG9jayk7CisgICAgICAgICAgICBwdXRfcGFnZSgqcGFnZSk7CisgICAg ICAgICAgICAqcGFnZSA9IE5VTEw7CisgICAgICAgICAgICByZXR1cm4gRVJF U1RBUlQ7CisgICAgICAgIH0KIAorICAgICAgICBpZiAoICFvbGRfcGluICkK KyAgICAgICAgeworICAgICAgICAgICAgYWN0LT5kb21pZCA9IGxkb207Cisg ICAgICAgICAgICBhY3QtPnN0YXJ0ID0gdHJhbnNfcGFnZV9vZmY7CisgICAg ICAgICAgICBhY3QtPmxlbmd0aCA9IHRyYW5zX2xlbmd0aDsKKyAgICAgICAg ICAgIGFjdC0+dHJhbnNfZG9tYWluID0gdGQ7CisgICAgICAgICAgICBhY3Qt PnRyYW5zX2dyZWYgPSB0cmFuc19ncmVmOworICAgICAgICAgICAgYWN0LT5m cmFtZSA9IGdyYW50X2ZyYW1lOworICAgICAgICAgICAgYWN0LT5nZm4gPSAt MXVsOwogICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRyb3Bw ZWQgdGhlIGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkg ZWxzZSB0cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9yIHRo YXQgbWF0dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoKLSAg ICAgICAgICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUg dXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KKyAgICAgICAgICAg ICAqIFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkgb3IgbWF5 IG5vdCBiZSBhIHN1Yi1wYWdlLAorICAgICAgICAgICAgICogYnV0IHdlIGFs d2F5cyB0cmVhdCBpdCBhcyBvbmUgYmVjYXVzZSB0aGF0IGJsb2NrcyBtYXBw aW5ncyBvZgorICAgICAgICAgICAgICogdHJhbnNpdGl2ZSBncmFudHMuCiAg ICAgICAgICAgICAgKi8KLSAgICAgICAgICAgIGlmICggYWN0LT5waW4gIT0g b2xkX3BpbiApCi0gICAgICAgICAgICB7Ci0gICAgICAgICAgICAgICAgX19m aXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAgICAg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAgICAg ICAgICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAgICAg ICAgcHV0X3BhZ2UoKnBhZ2UpOwotICAgICAgICAgICAgICAgICpwYWdlID0g TlVMTDsKLSAgICAgICAgICAgICAgICByZXR1cm4gRVJFU1RBUlQ7Ci0gICAg ICAgICAgICB9Ci0KLSAgICAgICAgICAgIC8qIFRoZSBhY3R1YWwgcmVtb3Rl IHJlbW90ZSBncmFudCBtYXkgb3IgbWF5IG5vdCBiZSBhCi0gICAgICAgICAg ICAgICBzdWItcGFnZSwgYnV0IHdlIGFsd2F5cyB0cmVhdCBpdCBhcyBvbmUg YmVjYXVzZSB0aGF0Ci0gICAgICAgICAgICAgICBibG9ja3MgbWFwcGluZ3Mg b2YgdHJhbnNpdGl2ZSBncmFudHMuICovCi0gICAgICAgICAgICBpc19zdWJf cGFnZSA9IDE7Ci0gICAgICAgICAgICBhY3QtPmdmbiA9IC0xdWw7CisgICAg ICAgICAgICBhY3QtPmlzX3N1Yl9wYWdlID0gMTsKICAgICAgICAgfQotICAg ICAgICBlbHNlIGlmICggc2hhMSApCisgICAgfQorICAgIGVsc2UgaWYgKCAh b2xkX3BpbiB8fAorICAgICAgICAgICAgICAoIXJlYWRvbmx5ICYmICEob2xk X3BpbiAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkg KQorICAgIHsKKyAgICAgICAgaWYgKCAocmMgPSBfc2V0X3N0YXR1cyhyZ3Qt Pmd0X3ZlcnNpb24sIGxkb20sCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcmVhZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBzdGF0dXMpICkgIT0gR05UU1Rfb2theSApCisg ICAgICAgICAgICAgZ290byB1bmxvY2tfb3V0OworCisgICAgICAgIHRkID0g cmQ7CisgICAgICAgIHRyYW5zX2dyZWYgPSBncmVmOworICAgICAgICBpZiAo IHNoYTEgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0X3Bh Z2VkX2ZyYW1lKHNoYTEtPmZyYW1lLCAmZ3JhbnRfZnJhbWUsIHBhZ2UsIHJl YWRvbmx5LCByZCk7CiAgICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29r YXkgKQpAQCAtMjI5NSwxNCArMjMxNSwzNSBAQCBnbnR0YWJfc2V0X3ZlcnNp b24oWEVOX0dVRVNUX0hBTkRMRV9QQVJBCiAgICAgICAgIH0KICAgICB9CiAK LSAgICAvKiBYWFg6IElmIHdlJ3JlIGdvaW5nIHRvIHZlcnNpb24gMiwgd2Ug Y291bGQgbWF5YmUgc2hyaW5rIHRoZQotICAgICAgIGFjdGl2ZSBncmFudCB0 YWJsZSBoZXJlLiAqLwotCi0gICAgaWYgKCBvcC52ZXJzaW9uID09IDIgJiYg Z3QtPmd0X3ZlcnNpb24gPCAyICkKKyAgICBzd2l0Y2ggKCBndC0+Z3RfdmVy c2lvbiApCiAgICAgewotICAgICAgICByZXMgPSBnbnR0YWJfcG9wdWxhdGVf c3RhdHVzX2ZyYW1lcyhkLCBndCwgbnJfZ3JhbnRfZnJhbWVzKGd0KSk7Ci0g ICAgICAgIGlmICggcmVzIDwgMCkKLSAgICAgICAgICAgIGdvdG8gb3V0X3Vu bG9jazsKKyAgICBjYXNlIDA6CisgICAgICAgIGlmICggb3AudmVyc2lvbiA9 PSAyICkKKyAgICAgICAgeworICAgIGNhc2UgMToKKyAgICAgICAgICAgIC8q IFhYWDogV2UgY291bGQgbWF5YmUgc2hyaW5rIHRoZSBhY3RpdmUgZ3JhbnQg dGFibGUgaGVyZS4gKi8KKyAgICAgICAgICAgIHJlcyA9IGdudHRhYl9wb3B1 bGF0ZV9zdGF0dXNfZnJhbWVzKGQsIGd0LCBucl9ncmFudF9mcmFtZXMoZ3Qp KTsKKyAgICAgICAgICAgIGlmICggcmVzIDwgMCkKKyAgICAgICAgICAgICAg ICBnb3RvIG91dF91bmxvY2s7CisgICAgICAgIH0KKyAgICAgICAgYnJlYWs7 CisgICAgY2FzZSAyOgorICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRB Ql9OUl9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQorICAgICAgICB7CisgICAg ICAgICAgICBzd2l0Y2ggKCBzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5m bGFncyAmIEdURl90eXBlX21hc2sgKQorICAgICAgICAgICAgeworICAgICAg ICAgICAgY2FzZSBHVEZfcGVybWl0X2FjY2VzczoKKyAgICAgICAgICAgICAg ICAgaWYgKCAhKHNoYXJlZF9lbnRyeV92MihndCwgaSkuZnVsbF9wYWdlLmZy YW1lID4+IDMyKSApCisgICAgICAgICAgICAgICAgICAgICBicmVhazsKKyAg ICAgICAgICAgICAgICAgLyogZmFsbCB0aHJvdWdoICovCisgICAgICAgICAg ICBjYXNlIEdURl90cmFuc2l0aXZlOgorICAgICAgICAgICAgICAgIGdkcHJp bnRrKFhFTkxPR19XQVJOSU5HLAorICAgICAgICAgICAgICAgICAgICAgICAg ICJ0cmllZCB0byBjaGFuZ2UgZ3JhbnQgdGFibGUgdmVyc2lvbiB0byAxIHdp dGggbm9uLXJlcHJlc2VudGFibGUgZW50cmllc1xuIik7CisgICAgICAgICAg ICAgICAgcmVzID0gLUVSQU5HRTsKKyAgICAgICAgICAgICAgICBnb3RvIG91 dF91bmxvY2s7CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICAgICAg YnJlYWs7CiAgICAgfQogCiAgICAgLyogUHJlc2VydmUgdGhlIGZpcnN0IDgg ZW50cmllcyAodG9vbHN0YWNrIHJlc2VydmVkIGdyYW50cykgKi8K --=separator Content-Type: application/octet-stream; name="xsa226-4.6.patch" Content-Disposition: attachment; filename="xsa226-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCBkOTlhMjBhLi4xMTNiYjI5IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzMzLDYgKzczMywyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBhcmFtZXRlcnMgZm9yIHRo ZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBgPSBMaXN0IG9mIFsgbWF4 X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAKKworPiBEZWZhdWx0OiBg Z250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZlYAorCitDb250cm9sIHZh cmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFibGUgYmVoYXZpb3VyIGF2 YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92ZXJgIFNlbGVjdCB0aGUg bWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRvIG9mZmVyIHRvIGd1ZXN0 cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAyLgorKiBgdHJhbnNpdGl2 ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ugb2YgdHJhbnNpdGl2ZSBn cmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2YgZ3JhbnQgdGFibGUgdjIg d2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBhbiBBQkkgYnJlYWthZ2Ug ZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3LgorCisqV2FybmluZzoq CitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0cmFuc2l0aXZlIGdyYW50 cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBvcnQuCisKICMjIyBnbnR0 YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2VyPmAKIApkaWZmIC0tZ2l0 IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIveGVuL2NvbW1vbi9ncmFu dF90YWJsZS5jCmluZGV4IDIwMjMwZmIuLjk4ODQ1YzQgMTAwNjQ0Ci0tLSBh L3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dy YW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBAIGludGVnZXJfcGFyYW0o ImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25yX2dyYW50X2ZyYW1lcyk7 CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBtYXhfZ3JhbnRfZnJhbWVz OwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9mcmFtZXMiLCBtYXhfZ3Jh bnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9z dGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAyOworc3RhdGljIGJvb2xf dCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50czsKKworc3Rh dGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpzKQoreworICAg IGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9IHN0cmNocihz LCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAgICAgICpzcyA9 ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAibWF4X3Zlcjoi LCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcgdmVyID0gc2lt cGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAgICAgICAgICBp ZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAgICAgICAgICBv cHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAgICB9CisgICAg ICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9vbF90IHZhbCA9 ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAgICAgICAgICAgIGlmICgg IXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAzOworCisgICAgICAgICAg ICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUiKSApCisgICAgICAgICAg ICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0gdmFsOworICAgICAgICB9 CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9IHdoaWxlICggc3MgKTsK K30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBwYXJzZV9nbnR0YWIpOwor CiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3JhbnQgbWFwcGluZ3MgaXMg ZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhlCiAgKiBtYXhpbXVtIG51 bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBUaGlzIGRlZmluZXMgdGhl IG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBhcmJpdHJhcnkuIFtQT0xJ Q1ldCkBAIC0yMTc1LDYgKzIyMTEsMTAgQEAgX19hY3F1aXJlX2dyYW50X2Zv cl9jb3B5KAogICAgICAgICB9CiAgICAgICAgIGVsc2UgaWYgKCAoc2hhaC0+ ZmxhZ3MgJiBHVEZfdHlwZV9tYXNrKSA9PSBHVEZfdHJhbnNpdGl2ZSApCiAg ICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW9wdF90cmFuc2l0aXZlX2dy YW50cyApCisgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9j bGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBkaXNhbGxvd2VkIGJ5IHBvbGlj eVxuIik7CisKICAgICAgICAgICAgIGlmICggIWFsbG93X3RyYW5zaXRpdmUg KQogICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRfY2xlYXIs IEdOVFNUX2dlbmVyYWxfZXJyb3IsCiAgICAgICAgICAgICAgICAgICAgICAg ICAgInRyYW5zaXRpdmUgZ3JhbnQgd2hlbiB0cmFuc2l0aXZpdHkgbm90IGFs bG93ZWRcbiIpOwpAQCAtMzE0Myw3ICszMTgzLDEwIEBAIGRvX2dyYW50X3Rh YmxlX29wKAogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX3NldF92ZXJzaW9u OgogICAgIHsKLSAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vl c3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwor ICAgICAgICBpZiAoIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPT0gMSApCisg ICAgICAgICAgICByYyA9IC1FTk9TWVM7IC8qIEJlaGF2ZSBhcyBiZWZvcmUg c2V0X3ZlcnNpb24gd2FzIGludHJvZHVjZWQuICovCisgICAgICAgIGVsc2UK KyAgICAgICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJzaW9uKGd1ZXN0X2hh bmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9uX3QpKTsKICAgICAg ICAgYnJlYWs7CiAgICAgfQogICAgIGNhc2UgR05UVEFCT1BfZ2V0X3N0YXR1 c19mcmFtZXM6Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjA4OSw4ICsyMDg5LDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjQxLDEwICsyMjQzLDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjUyLDkgKzIyNTUsOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICByZWFkX3VubG9jaygmcmd0LT5s b2NrKTsKICAgICAgICAgICAgICAgICBwdXRfcGFnZSgqcGFnZSk7Ci0gICAg ICAgICAgICAgICAgcmV0dXJuIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weShy ZCwgZ3JlZiwgbGRvbSwgcmVhZG9ubHksCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcmFtZSwgcGFnZSwgcGFn ZV9vZmYsIGxlbmd0aCwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGFsbG93X3RyYW5zaXRpdmUpOworICAgICAg ICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAgICAgICByZXR1 cm4gRVJFU1RBUlQ7CiAgICAgICAgICAgICB9CiAKICAgICAgICAgICAgIC8q IFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkgb3IgbWF5IG5v dCBiZSBhCkBAIC0yNTYwLDcgKzI1NjIsNyBAQCBzdGF0aWMgaW50IGdudHRh Yl9jb3B5X29uZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRh Yl9jb3B5X3JlbGVhc2VfYnVmKHNyYyk7CiAgICAgICAgIHJjID0gZ250dGFi X2NvcHlfY2xhaW1fYnVmKG9wLCAmb3AtPnNvdXJjZSwgc3JjLCBHTlRDT1BZ X3NvdXJjZV9ncmVmKTsKLSAgICAgICAgaWYgKCByYyA8IDAgKQorICAgICAg ICBpZiAoIHJjICkKICAgICAgICAgICAgIGdvdG8gb3V0OwogICAgIH0KIApA QCAtMjU3MCw3ICsyNTcyLDcgQEAgc3RhdGljIGludCBnbnR0YWJfY29weV9v bmUoY29uc3Qgc3RydWN0CiAgICAgewogICAgICAgICBnbnR0YWJfY29weV9y ZWxlYXNlX2J1ZihkZXN0KTsKICAgICAgICAgcmMgPSBnbnR0YWJfY29weV9j bGFpbV9idWYob3AsICZvcC0+ZGVzdCwgZGVzdCwgR05UQ09QWV9kZXN0X2dy ZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAgIGlmICggcmMg KQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBAIC0yNTc5LDYg KzI1ODEsMTQgQEAgc3RhdGljIGludCBnbnR0YWJfY29weV9vbmUoY29uc3Qg c3RydWN0CiAgICAgcmV0dXJuIHJjOwogfQogCisvKgorICogZ250dGFiX2Nv cHkoKSwgb3RoZXIgdGhhbiB0aGUgdmFyaW91cyBvdGhlciBoZWxwZXJzIG9m CisgKiBkb19ncmFudF90YWJsZV9vcCgpLCByZXR1cm5zIChiZXNpZGVzIHBv c3NpYmxlIGVycm9yIGluZGljYXRvcnMpCisgKiAiY291bnQgLSBpIiByYXRo ZXIgdGhhbiAiaSIgdG8gZW5zdXJlIHRoYXQgZXZlbiBpZiBubyBwcm9ncmVz cworICogd2FzIG1hZGUgYXQgYWxsIChwZXJoYXBzIGR1ZSB0byBnbnR0YWJf Y29weV9vbmUoKSByZXR1cm5pbmcgYQorICogcG9zaXRpdmUgdmFsdWUpIGEg bm9uLXplcm8gdmFsdWUgaXMgYmVpbmcgaGFuZGVkIGJhY2sgKHplcm8gbmVl ZHMKKyAqIHRvIGJlIGF2b2lkZWQsIGFzIHRoYXQgbWVhbnMgInN1Y2Nlc3Ms IGFsbCBkb25lIikuCisgKi8KIHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAog ICAgIFhFTl9HVUVTVF9IQU5ETEVfUEFSQU0oZ250dGFiX2NvcHlfdCkgdW9w LCB1bnNpZ25lZCBpbnQgY291bnQpCiB7CkBAIC0yNTkyLDcgKzI2MDIsNyBA QCBzdGF0aWMgbG9uZyBnbnR0YWJfY29weSgKICAgICB7CiAgICAgICAgIGlm ICggaSAmJiBoeXBlcmNhbGxfcHJlZW1wdF9jaGVjaygpICkKICAgICAgICAg ewotICAgICAgICAgICAgcmMgPSBpOworICAgICAgICAgICAgcmMgPSBjb3Vu dCAtIGk7CiAgICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCkBAIC0y NjAyLDEzICsyNjEyLDIwIEBAIHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAog ICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0KIAotICAgICAgICBvcC5z dGF0dXMgPSBnbnR0YWJfY29weV9vbmUoJm9wLCAmZGVzdCwgJnNyYyk7Ci0g ICAgICAgIGlmICggb3Auc3RhdHVzICE9IEdOVFNUX29rYXkgKQorICAgICAg ICByYyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKKyAg ICAgICAgaWYgKCByYyA+IDAgKQorICAgICAgICB7CisgICAgICAgICAgICBy YyA9IGNvdW50IC0gaTsKKyAgICAgICAgICAgIGJyZWFrOworICAgICAgICB9 CisgICAgICAgIGlmICggcmMgIT0gR05UU1Rfb2theSApCiAgICAgICAgIHsK ICAgICAgICAgICAgIGdudHRhYl9jb3B5X3JlbGVhc2VfYnVmKCZzcmMpOwog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJmRlc3QpOwog ICAgICAgICB9CiAKKyAgICAgICAgb3Auc3RhdHVzID0gcmM7CisgICAgICAg IHJjID0gMDsKICAgICAgICAgaWYgKCB1bmxpa2VseShfX2NvcHlfZmllbGRf dG9fZ3Vlc3QodW9wLCAmb3AsIHN0YXR1cykpICkKICAgICAgICAgewogICAg ICAgICAgICAgcmMgPSAtRUZBVUxUOwpAQCAtMzE0Niw2ICszMTYzLDcgQEAg ZG9fZ3JhbnRfdGFibGVfb3AoCiAgICAgICAgIHJjID0gZ250dGFiX2NvcHko Y29weSwgY291bnQpOwogICAgICAgICBpZiAoIHJjID4gMCApCiAgICAgICAg IHsKKyAgICAgICAgICAgIHJjID0gY291bnQgLSByYzsKICAgICAgICAgICAg IGd1ZXN0X2hhbmRsZV9hZGRfb2Zmc2V0KGNvcHksIHJjKTsKICAgICAgICAg ICAgIHVvcCA9IGd1ZXN0X2hhbmRsZV9jYXN0KGNvcHksIHZvaWQpOwogICAg ICAgICB9Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwMzYsMTMgKzIwMzYsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICByZWFk X2xvY2soJnJndC0+bG9jayk7CiAKICAgICBhY3QgPSBhY3RpdmVfZW50cnlf YWNxdWlyZShyZ3QsIGdyZWYpOwpAQCAtMjA3MiwxNyArMjA2NywxMSBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAKICAgICAgICAgYWN0LT5waW4g LT0gR05UUElOX2hzdHdfaW5jOwogICAgICAgICBpZiAoICEoYWN0LT5waW4g JiAoR05UUElOX2RldndfbWFza3xHTlRQSU5faHN0d19tYXNrKSkgKQotICAg ICAgICB7Ci0gICAgICAgICAgICByZWxlYXNlZF93cml0ZSA9IDE7CiAgICAg ICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3dyaXRpbmcsIHN0YXR1 cyk7Ci0gICAgICAgIH0KICAgICB9CiAKICAgICBpZiAoICFhY3QtPnBpbiAp Ci0gICAgewogICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3JlYWRp bmcsIHN0YXR1cyk7Ci0gICAgICAgIHJlbGVhc2VkX3JlYWQgPSAxOwotICAg IH0KIAogICAgIGFjdGl2ZV9lbnRyeV9yZWxlYXNlKGFjdCk7CiAgICAgcmVh ZF91bmxvY2soJnJndC0+bG9jayk7CkBAIC0yMDkwLDEzICsyMDc5LDEwIEBA IF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgKICAgICBpZiAoIHRkICE9IHJk ICkKICAgICB7CiAgICAgICAgIC8qCi0gICAgICAgICAqIFJlY3Vyc2l2ZSBj YWxscywgYnV0IHRoZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9u bHkgYSBzaW5nbGUKKyAgICAgICAgICogUmVjdXJzaXZlIGNhbGwsIGJ1dCBp dCBpcyBib3VuZGVkIChhY3F1aXJlIHBlcm1pdHMgb25seSBhIHNpbmdsZQog ICAgICAgICAgKiBsZXZlbCBvZiB0cmFuc2l0aXZpdHkpLCBzbyBpdCdzIG9r YXkuCiAgICAgICAgICAqLwotICAgICAgICBpZiAoIHJlbGVhc2VkX3dyaXRl ICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0ZCwg dHJhbnNfZ3JlZiwgMCk7Ci0gICAgICAgIGVsc2UgaWYgKCByZWxlYXNlZF9y ZWFkICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0 ZCwgdHJhbnNfZ3JlZiwgMSk7CisgICAgICAgIF9fcmVsZWFzZV9ncmFudF9m b3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOwogCiAgICAgICAg IHJjdV91bmxvY2tfZG9tYWluKHRkKTsKICAgICB9CkBAIC0yMTcwLDggKzIx NTYsMTA4IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAg ICAgICAgICAgYWN0LT5kb21pZCwgbGRvbSwgYWN0LT5waW4pOwogCiAgICAg b2xkX3BpbiA9IGFjdC0+cGluOwotICAgIGlmICggIWFjdC0+cGluIHx8Ci0g ICAgICAgICAoIXJlYWRvbmx5ICYmICEoYWN0LT5waW4gJiAoR05UUElOX2Rl dndfbWFza3xHTlRQSU5faHN0d19tYXNrKSkpICkKKyAgICBpZiAoIHNoYTIg JiYgKHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5z aXRpdmUgKQorICAgIHsKKyAgICAgICAgaWYgKCAoIW9sZF9waW4gfHwgKCFy ZWFkb25seSAmJgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIShvbGRf cGluICYgKEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSkg JiYKKyAgICAgICAgICAgICAocmMgPSBfc2V0X3N0YXR1c192MihsZG9tLCBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0YXR1cykpICE9IEdOVFNUX29rYXkgKQorICAgICAg ICAgICAgZ290byB1bmxvY2tfb3V0OworCisgICAgICAgIGlmICggIWFsbG93 X3RyYW5zaXRpdmUgKQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291 dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAg ICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5v dCBhbGxvd2VkXG4iKTsKKworICAgICAgICB0cmFuc19kb21pZCA9IHNoYTIt PnRyYW5zaXRpdmUudHJhbnNfZG9taWQ7CisgICAgICAgIHRyYW5zX2dyZWYg PSBzaGEyLT50cmFuc2l0aXZlLmdyZWY7CisgICAgICAgIGJhcnJpZXIoKTsg LyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5nCisgICAgICAg ICAgICAgICAgICAgICAgdHJhbnNfZG9taWQgZnJvbSBzaGFyZWQgbWVtb3J5 ICovCisgICAgICAgIGlmICggdHJhbnNfZG9taWQgPT0gcmQtPmRvbWFpbl9p ZCApCisgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBH TlRTVF9nZW5lcmFsX2Vycm9yLAorICAgICAgICAgICAgICAgICAgICAgInRy YW5zaXRpdmUgZ3JhbnRzIGNhbm5vdCBiZSBzZWxmLXJlZmVyZW50aWFsXG4i KTsKKworICAgICAgICAvKgorICAgICAgICAgKiBXZSBhbGxvdyB0aGUgdHJh bnNfZG9taWQgPT0gbGRvbSBjYXNlLCB3aGljaCBjb3JyZXNwb25kcyB0byBh CisgICAgICAgICAqIGdyYW50IGJlaW5nIGlzc3VlZCBieSBvbmUgZG9tYWlu LCBzZW50IHRvIGFub3RoZXIgb25lLCBhbmQgdGhlbgorICAgICAgICAgKiB0 cmFuc2l0aXZlbHkgZ3JhbnRlZCBiYWNrIHRvIHRoZSBvcmlnaW5hbCBkb21h aW4uICBBbGxvd2luZyBpdAorICAgICAgICAgKiBpcyBlYXN5LCBhbmQgbWVh bnMgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8KKyAgICAgICAgICogYXZvaWQgaXQgaW4gdGhlIGd1ZXN0LgorICAgICAg ICAgKi8KKworICAgICAgICAvKiBXZSBuZWVkIHRvIGxlYXZlIHRoZSBycmQg bG9ja2VkIGR1cmluZyB0aGUgZ3JhbnQgY29weS4gKi8KKyAgICAgICAgdGQg PSByY3VfbG9ja19kb21haW5fYnlfaWQodHJhbnNfZG9taWQpOworICAgICAg ICBpZiAoIHRkID09IE5VTEwgKQorICAgICAgICAgICAgUElOX0ZBSUwodW5s b2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAg ICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHJlZmVyZW5jZWQgYmFk IGRvbWFpbiAlZFxuIiwKKyAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2Rv bWlkKTsKKworICAgICAgICAvKgorICAgICAgICAgKiBfX2FjcXVpcmVfZ3Jh bnRfZm9yX2NvcHkoKSBjb3VsZCB0YWtlIHRoZSBsb2NrIG9uIHRoZQorICAg ICAgICAgKiByZW1vdGUgdGFibGUgKGlmIHJkID09IHRkKSwgc28gd2UgaGF2 ZSB0byBkcm9wIHRoZSBsb2NrCisgICAgICAgICAqIGhlcmUgYW5kIHJlYWNx dWlyZS4KKyAgICAgICAgICovCisgICAgICAgIGFjdGl2ZV9lbnRyeV9yZWxl YXNlKGFjdCk7CisgICAgICAgIHJlYWRfdW5sb2NrKCZyZ3QtPmxvY2spOwor CisgICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0 cmFuc19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBw YWdlLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAm dHJhbnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAg IHJlYWRfbG9jaygmcmd0LT5sb2NrKTsKKyAgICAgICAgYWN0ID0gYWN0aXZl X2VudHJ5X2FjcXVpcmUocmd0LCBncmVmKTsKKworICAgICAgICBpZiAoIHJj ICE9IEdOVFNUX29rYXkgKQorICAgICAgICB7CisgICAgICAgICAgICBfX2Zp eHVwX3N0YXR1c19mb3JfY29weV9waW4oYWN0LCBzdGF0dXMpOworICAgICAg ICAgICAgcmN1X3VubG9ja19kb21haW4odGQpOworICAgICAgICAgICAgYWN0 aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKKyAgICAgICAgICAgIHJlYWRfdW5s b2NrKCZyZ3QtPmxvY2spOworICAgICAgICAgICAgcmV0dXJuIHJjOworICAg ICAgICB9CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgZHJvcHBlZCB0 aGUgbG9jaywgc28gd2UgaGF2ZSB0byBjaGVjayB0aGF0IHRoZSBncmFudCBk aWRuJ3QKKyAgICAgICAgICogY2hhbmdlLCBhbmQgdGhhdCBub2JvZHkgZWxz ZSB0cmllZCB0byBwaW4vdW5waW4gaXQuIElmIGFueXRoaW5nCisgICAgICAg ICAqIGNoYW5nZWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgKi8KKyAgICAgICAgaWYgKCByZ3QtPmd0 X3ZlcnNpb24gIT0gMiB8fAorICAgICAgICAgICAgIGFjdC0+cGluICE9IG9s ZF9waW4gfHwKKyAgICAgICAgICAgICAob2xkX3BpbiAmJiAoYWN0LT5kb21p ZCAhPSBsZG9tIHx8IGFjdC0+ZnJhbWUgIT0gZ3JhbnRfZnJhbWUgfHwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5zdGFydCAhPSB0cmFuc19w YWdlX29mZiB8fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPmxl bmd0aCAhPSB0cmFuc19sZW5ndGggfHwKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgYWN0LT50cmFuc19kb21haW4gIT0gdGQgfHwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgYWN0LT50cmFuc19ncmVmICE9IHRyYW5zX2dyZWYg fHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIWFjdC0+aXNfc3ViX3Bh Z2UpKSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOworICAgICAg ICAgICAgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVz KTsKKyAgICAgICAgICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKKyAgICAg ICAgICAgIGFjdGl2ZV9lbnRyeV9yZWxlYXNlKGFjdCk7CisgICAgICAgICAg ICByZWFkX3VubG9jaygmcmd0LT5sb2NrKTsKKyAgICAgICAgICAgIHB1dF9w YWdlKCpwYWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAg ICAgICAgIHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAg IGlmICggIW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3Qt PmRvbWlkID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFu c19wYWdlX29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNf bGVuZ3RoOworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsK KyAgICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7Cisg ICAgICAgICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAg ICAgICBhY3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAg ICAgICAgICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBv ciBtYXkgbm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQg d2UgYWx3YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tz IG1hcHBpbmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50 cy4KKyAgICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJf cGFnZSA9IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFv bGRfcGluIHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRf cGluICYgKEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSAp CiAgICAgewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+ Z3RfdmVyc2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICByZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjE5Miw3OSArMjI3 OCw2IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAg IHRyYW5zX3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0 aCA9IFBBR0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICgg KHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRp dmUgKQotICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFu c2l0aXZlICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0 X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAg ICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5 IG5vdCBhbGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQg PSBzaGEyLT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAg dHJhbnNfZ3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAg ICAgIGJhcnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1s b2FkaW5nCi0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlk IGZyb20gc2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFu c19kb21pZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQ SU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9y LAotICAgICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50 cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAg ICAgIC8qIFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2Us IHdoaWNoCi0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50 IGJlaW5nIGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAg ICAgICB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdy YW50ZWQgYmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRv bWFpbi4gIEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAg ICAgICAgICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91 ciB3YXkgdG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVz dC4gKi8KLQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUg cnJkIGxvY2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAg ICAgIHRkID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsK LSAgICAgICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAg ICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9l cnJvciwKLSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBn cmFudCByZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAg ICAgICAgICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAv KgotICAgICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkg Y291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJl bW90ZSB0YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3Ag dGhlIGxvY2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQot ICAgICAgICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVs ZWFzZShhY3QpOwotICAgICAgICAgICAgcmVhZF91bmxvY2soJnJndC0+bG9j ayk7Ci0KLSAgICAgICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9j b3B5KHRkLCB0cmFuc19ncmVmLCByZC0+ZG9tYWluX2lkLAotICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmVhZG9ubHksICZn cmFudF9mcmFtZSwgcGFnZSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICZ0cmFuc19wYWdlX29mZiwgJnRyYW5zX2xlbmd0 aCwgMCk7Ci0KLSAgICAgICAgICAgIHJlYWRfbG9jaygmcmd0LT5sb2NrKTsK LSAgICAgICAgICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9hY3F1aXJlKHJndCwg Z3JlZik7Ci0KLSAgICAgICAgICAgIGlmICggcmMgIT0gR05UU1Rfb2theSAp IHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19mb3JfY29weV9w aW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAgICAgIHJjdV91bmxvY2tf ZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVs ZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIHJlYWRfdW5sb2NrKCZyZ3Qt PmxvY2spOwotICAgICAgICAgICAgICAgIHJldHVybiByYzsKLSAgICAgICAg ICAgIH0KLQotICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRy b3BwZWQgdGhlIGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2Jv ZHkgZWxzZSB0cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9y IHRoYXQgbWF0dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoK LSAgICAgICAgICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdp dmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KLSAgICAgICAg ICAgICAqLwotICAgICAgICAgICAgaWYgKCBhY3QtPnBpbiAhPSBvbGRfcGlu ICkKLSAgICAgICAgICAgIHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0 YXR1c19mb3JfY29weV9waW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAg ICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBh Y3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIHJl YWRfdW5sb2NrKCZyZ3QtPmxvY2spOwotICAgICAgICAgICAgICAgIHB1dF9w YWdlKCpwYWdlKTsKLSAgICAgICAgICAgICAgICAqcGFnZSA9IE5VTEw7Ci0g ICAgICAgICAgICAgICAgcmV0dXJuIEVSRVNUQVJUOwotICAgICAgICAgICAg fQotCi0gICAgICAgICAgICAvKiBUaGUgYWN0dWFsIHJlbW90ZSByZW1vdGUg Z3JhbnQgbWF5IG9yIG1heSBub3QgYmUgYQotICAgICAgICAgICAgICAgc3Vi LXBhZ2UsIGJ1dCB3ZSBhbHdheXMgdHJlYXQgaXQgYXMgb25lIGJlY2F1c2Ug dGhhdAotICAgICAgICAgICAgICAgYmxvY2tzIG1hcHBpbmdzIG9mIHRyYW5z aXRpdmUgZ3JhbnRzLiAqLwotICAgICAgICAgICAgaXNfc3ViX3BhZ2UgPSAx OwotICAgICAgICAgICAgYWN0LT5nZm4gPSAtMXVsOwotICAgICAgICB9CiAg ICAgICAgIGVsc2UgaWYgKCAhKHNoYTItPmhkci5mbGFncyAmIEdURl9zdWJf cGFnZSkgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0X3Bh Z2VkX2ZyYW1lKHNoYTItPmZ1bGxfcGFnZS5mcmFtZSwgJmdyYW50X2ZyYW1l LCBwYWdlLCByZWFkb25seSwgcmQpOwpAQCAtMjY5NiwxMCArMjcwOSwxMyBA QCBnbnR0YWJfc2V0X3ZlcnNpb24oWEVOX0dVRVNUX0hBTkRMRV9QQVJBCiAg ICAgY2FzZSAyOgogICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRBQl9O Ul9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQogICAgICAgICB7Ci0gICAgICAg ICAgICBpZiAoICgoc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxhZ3Mg JiBHVEZfdHlwZV9tYXNrKSA9PQotICAgICAgICAgICAgICAgICAgR1RGX3Bl cm1pdF9hY2Nlc3MpICYmCi0gICAgICAgICAgICAgICAgIChzaGFyZWRfZW50 cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFtZSA+PiAzMikgKQorICAgICAg ICAgICAgc3dpdGNoICggc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxh Z3MgJiBHVEZfdHlwZV9tYXNrICkKICAgICAgICAgICAgIHsKKyAgICAgICAg ICAgIGNhc2UgR1RGX3Blcm1pdF9hY2Nlc3M6CisgICAgICAgICAgICAgICAg IGlmICggIShzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFt ZSA+PiAzMikgKQorICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CisgICAg ICAgICAgICAgICAgIC8qIGZhbGwgdGhyb3VnaCAqLworICAgICAgICAgICAg Y2FzZSBHVEZfdHJhbnNpdGl2ZToKICAgICAgICAgICAgICAgICBnZHByaW50 ayhYRU5MT0dfV0FSTklORywKICAgICAgICAgICAgICAgICAgICAgICAgICAi dHJpZWQgdG8gY2hhbmdlIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gMSB3aXRo IG5vbi1yZXByZXNlbnRhYmxlIGVudHJpZXNcbiIpOwogICAgICAgICAgICAg ICAgIHJlcyA9IC1FUkFOR0U7Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.7.patch" Content-Disposition: attachment; filename="xsa226-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA3M2Y1MjY1Li5iNzkyYWJmIDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzU4LDYgKzc1OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggZjA2YjY2NC4uMTA5YzU1MiAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbF90IF9fcmVhZF9tb3N0bHkgb3B0X3RyYW5zaXRpdmVfZ3Jh bnRzOworCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfZ250dGFiKGNoYXIg KnMpCit7CisgICAgY2hhciAqc3M7CisKKyAgICBkbyB7CisgICAgICAgIHNz ID0gc3RyY2hyKHMsICcsJyk7CisgICAgICAgIGlmICggc3MgKQorICAgICAg ICAgICAgKnNzID0gJ1wwJzsKKworICAgICAgICBpZiAoICFzdHJuY21wKHMs ICJtYXhfdmVyOiIsIDgpICkKKyAgICAgICAgeworICAgICAgICAgICAgbG9u ZyB2ZXIgPSBzaW1wbGVfc3RydG9sKHMgKyA4LCBOVUxMLCAxMCk7CisKKyAg ICAgICAgICAgIGlmICggdmVyID49IDEgJiYgdmVyIDw9IDIgKQorICAgICAg ICAgICAgICAgIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSB2ZXI7CisgICAg ICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisgICAgICAgICAgICBi b29sX3QgdmFsID0gISFzdHJuY21wKHMsICJuby0iLCAzKTsKKworICAgICAg ICAgICAgaWYgKCAhdmFsICkKKyAgICAgICAgICAgICAgICBzICs9IDM7CisK KyAgICAgICAgICAgIGlmICggIXN0cmNtcChzLCAidHJhbnNpdGl2ZSIpICkK KyAgICAgICAgICAgICAgICBvcHRfdHJhbnNpdGl2ZV9ncmFudHMgPSB2YWw7 CisgICAgICAgIH0KKworICAgICAgICBzID0gc3MgKyAxOworICAgIH0gd2hp bGUgKCBzcyApOworfQorCitjdXN0b21fcGFyYW0oImdudHRhYiIsIHBhcnNl X2dudHRhYik7CisKIC8qIFRoZSBtYXhpbXVtIG51bWJlciBvZiBncmFudCBt YXBwaW5ncyBpcyBkZWZpbmVkIGFzIGEgbXVsdGlwbGllciBvZiB0aGUKICAq IG1heGltdW0gbnVtYmVyIG9mIGdyYW50IHRhYmxlIGVudHJpZXMuIFRoaXMg ZGVmaW5lcyB0aGUgbXVsdGlwbGllciB1c2VkLgogICogUHJldHR5IGFyYml0 cmFyeS4gW1BPTElDWV0KQEAgLTIxODgsNiArMjIyNCwxMCBAQCBfX2FjcXVp cmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgIH0KICAgICAgICAgZWxzZSBp ZiAoIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFu c2l0aXZlICkKICAgICAgICAgeworICAgICAgICAgICAgaWYgKCAhb3B0X3Ry YW5zaXRpdmVfZ3JhbnRzICkKKyAgICAgICAgICAgICAgICBQSU5fRkFJTCh1 bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAorICAgICAg ICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93 ZWQgYnkgcG9saWN5XG4iKTsKKwogICAgICAgICAgICAgaWYgKCAhYWxsb3df dHJhbnNpdGl2ZSApCiAgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2Nr X291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKICAgICAgICAgICAg ICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRp dml0eSBub3QgYWxsb3dlZFxuIik7CkBAIC0zMTU2LDcgKzMxOTYsMTAgQEAg ZG9fZ3JhbnRfdGFibGVfb3AoCiAgICAgfQogICAgIGNhc2UgR05UVEFCT1Bf c2V0X3ZlcnNpb246CiAgICAgewotICAgICAgICByYyA9IGdudHRhYl9zZXRf dmVyc2lvbihndWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVy c2lvbl90KSk7CisgICAgICAgIGlmICggb3B0X2dudHRhYl9tYXhfdmVyc2lv biA9PSAxICkKKyAgICAgICAgICAgIHJjID0gLUVOT1NZUzsgLyogQmVoYXZl IGFzIGJlZm9yZSBzZXRfdmVyc2lvbiB3YXMgaW50cm9kdWNlZC4gKi8KKyAg ICAgICAgZWxzZQorICAgICAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNp b24oZ3Vlc3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25f dCkpOwogICAgICAgICBicmVhazsKICAgICB9CiAgICAgY2FzZSBHTlRUQUJP UF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: application/octet-stream; name="xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjEwMyw4ICsyMTAzLDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjU1LDEwICsyMjU3LDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjY2LDkgKzIyNjksOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhy Z3QpOwogICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAg ICAgICAgICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJk LCBncmVmLCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdl X29mZiwgbGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAg ICAgICAgICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVy biBFUkVTVEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyog VGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90 IGJlIGEKQEAgLTI1NzQsNyArMjU3Niw3IEBAIHN0YXRpYyBpbnQgZ250dGFi X2NvcHlfb25lKGNvbnN0IHN0cnVjdAogICAgIHsKICAgICAgICAgZ250dGFi X2NvcHlfcmVsZWFzZV9idWYoc3JjKTsKICAgICAgICAgcmMgPSBnbnR0YWJf Y29weV9jbGFpbV9idWYob3AsICZvcC0+c291cmNlLCBzcmMsIEdOVENPUFlf c291cmNlX2dyZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAg IGlmICggcmMgKQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBA IC0yNTg0LDcgKzI1ODYsNyBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29u ZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRhYl9jb3B5X3Jl bGVhc2VfYnVmKGRlc3QpOwogICAgICAgICByYyA9IGdudHRhYl9jb3B5X2Ns YWltX2J1ZihvcCwgJm9wLT5kZXN0LCBkZXN0LCBHTlRDT1BZX2Rlc3RfZ3Jl Zik7Ci0gICAgICAgIGlmICggcmMgPCAwICkKKyAgICAgICAgaWYgKCByYyAp CiAgICAgICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI1OTMsNiAr MjU5NSwxNCBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29uZShjb25zdCBz dHJ1Y3QKICAgICByZXR1cm4gcmM7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgWEVOX0dVRVNUX0hBTkRMRV9QQVJBTShnbnR0YWJfY29weV90KSB1b3As IHVuc2lnbmVkIGludCBjb3VudCkKIHsKQEAgLTI2MDYsNyArMjYxNiw3IEBA IHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAogICAgIHsKICAgICAgICAgaWYg KCBpICYmIGh5cGVyY2FsbF9wcmVlbXB0X2NoZWNrKCkgKQogICAgICAgICB7 Ci0gICAgICAgICAgICByYyA9IGk7CisgICAgICAgICAgICByYyA9IGNvdW50 IC0gaTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAKQEAgLTI2 MTYsMTMgKzI2MjYsMjAgQEAgc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCi0gICAgICAgIG9wLnN0 YXR1cyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKLSAg ICAgICAgaWYgKCBvcC5zdGF0dXMgIT0gR05UU1Rfb2theSApCisgICAgICAg IHJjID0gZ250dGFiX2NvcHlfb25lKCZvcCwgJmRlc3QsICZzcmMpOworICAg ICAgICBpZiAoIHJjID4gMCApCisgICAgICAgIHsKKyAgICAgICAgICAgIHJj ID0gY291bnQgLSBpOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0K KyAgICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJnNyYyk7CiAg ICAgICAgICAgICBnbnR0YWJfY29weV9yZWxlYXNlX2J1ZigmZGVzdCk7CiAg ICAgICAgIH0KIAorICAgICAgICBvcC5zdGF0dXMgPSByYzsKKyAgICAgICAg cmMgPSAwOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9fY29weV9maWVsZF90 b19ndWVzdCh1b3AsICZvcCwgc3RhdHVzKSkgKQogICAgICAgICB7CiAgICAg ICAgICAgICByYyA9IC1FRkFVTFQ7CkBAIC0zMTYwLDYgKzMxNzcsNyBAQCBk b19ncmFudF90YWJsZV9vcCgKICAgICAgICAgcmMgPSBnbnR0YWJfY29weShj b3B5LCBjb3VudCk7CiAgICAgICAgIGlmICggcmMgPiAwICkKICAgICAgICAg eworICAgICAgICAgICAgcmMgPSBjb3VudCAtIHJjOwogICAgICAgICAgICAg Z3Vlc3RfaGFuZGxlX2FkZF9vZmZzZXQoY29weSwgcmMpOwogICAgICAgICAg ICAgdW9wID0gZ3Vlc3RfaGFuZGxlX2Nhc3QoY29weSwgdm9pZCk7CiAgICAg ICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwNTAsMTMgKzIwNTAsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBncmFu dF9yZWFkX2xvY2socmd0KTsKIAogICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9h Y3F1aXJlKHJndCwgZ3JlZik7CkBAIC0yMDg2LDE3ICsyMDgxLDExIEBAIF9f cmVsZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAt PSBHTlRQSU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAm IChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAg ICAgIHsKLSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAg ICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVz KTsKLSAgICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkK LSAgICB7CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGlu Zywgc3RhdHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAg fQogCiAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKICAgICBncmFu dF9yZWFkX3VubG9jayhyZ3QpOwpAQCAtMjEwNCwxMyArMjA5MywxMCBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAgICAgaWYgKCB0ZCAhPSByZCAp CiAgICAgewogICAgICAgICAvKgotICAgICAgICAgKiBSZWN1cnNpdmUgY2Fs bHMsIGJ1dCB0aGV5J3JlIGJvdW5kZWQgKGFjcXVpcmUgcGVybWl0cyBvbmx5 IGEgc2luZ2xlCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxsLCBidXQgaXQg aXMgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUKICAg ICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBva2F5 LgogICAgICAgICAgKi8KLSAgICAgICAgaWYgKCByZWxlYXNlZF93cml0ZSAp Ci0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQsIHRy YW5zX2dyZWYsIDApOwotICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRfcmVh ZCApCi0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDEpOworICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKIAogICAgICAgICBy Y3VfdW5sb2NrX2RvbWFpbih0ZCk7CiAgICAgfQpAQCAtMjE4NCw4ICsyMTcw LDEwOCBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgICAg ICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAogICAgIG9s ZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8fAotICAg ICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJTl9kZXZ3 X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBzaGEyICYm IChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFuc2l0 aXZlICkKKyAgICB7CisgICAgICAgIGlmICggKCFvbGRfcGluIHx8ICghcmVh ZG9ubHkgJiYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICEob2xkX3Bp biAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkpICYm CisgICAgICAgICAgICAgKHJjID0gX3NldF9zdGF0dXNfdjIobGRvbSwgcmVh ZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzdGF0dXMpKSAhPSBHTlRTVF9va2F5ICkKKyAgICAgICAg ICAgIGdvdG8gdW5sb2NrX291dDsKKworICAgICAgICBpZiAoICFhbGxvd190 cmFuc2l0aXZlICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRf Y2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAgICAgICAg ICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3Qg YWxsb3dlZFxuIik7CisKKyAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEyLT50 cmFuc2l0aXZlLnRyYW5zX2RvbWlkOworICAgICAgICB0cmFuc19ncmVmID0g c2hhMi0+dHJhbnNpdGl2ZS5ncmVmOworICAgICAgICBiYXJyaWVyKCk7IC8q IFN0b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZworICAgICAgICAg ICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20gc2hhcmVkIG1lbW9yeSAq LworICAgICAgICBpZiAoIHRyYW5zX2RvbWlkID09IHJkLT5kb21haW5faWQg KQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05U U1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFu c2l0aXZlIGdyYW50cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7 CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cgdGhlIHRyYW5z X2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9uZHMgdG8gYQor ICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25lIGRvbWFpbiwg c2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAgICAgICogdHJh bnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2luYWwgZG9tYWlu LiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwgYW5kIG1lYW5z IHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRv CisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4KKyAgICAgICAg ICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAgICAgIHRkID0g cmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKKyAgICAgICAg aWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVuY2VkIGJhZCBk b21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0cmFuc19kb21p ZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1aXJlX2dyYW50 X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKKyAgICAg ICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNvIHdlIGhhdmUg dG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFuZCByZWFjcXVp cmUuCisgICAgICAgICAqLworICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFz ZShhY3QpOworICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOworCisg ICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFu c19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBwYWdl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmdHJh bnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAgIGdy YW50X3JlYWRfbG9jayhyZ3QpOworICAgICAgICBhY3QgPSBhY3RpdmVfZW50 cnlfYWNxdWlyZShyZ3QsIGdyZWYpOworCisgICAgICAgIGlmICggcmMgIT0g R05UU1Rfb2theSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fZml4dXBf c3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAg ICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAgICBhY3RpdmVf ZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAg fQorCisgICAgICAgIC8qCisgICAgICAgICAqIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCB0aGUgZ3JhbnQgZGlkbid0 CisgICAgICAgICAqIGNoYW5nZSwgYW5kIHRoYXQgbm9ib2R5IGVsc2UgdHJp ZWQgdG8gcGluL3VucGluIGl0LiBJZiBhbnl0aGluZworICAgICAgICAgKiBj aGFuZ2VkLCBqdXN0IGdpdmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byBy ZXRyeS4KKyAgICAgICAgICovCisgICAgICAgIGlmICggcmd0LT5ndF92ZXJz aW9uICE9IDIgfHwKKyAgICAgICAgICAgICBhY3QtPnBpbiAhPSBvbGRfcGlu IHx8CisgICAgICAgICAgICAgKG9sZF9waW4gJiYgKGFjdC0+ZG9taWQgIT0g bGRvbSB8fCBhY3QtPmZyYW1lICE9IGdyYW50X2ZyYW1lIHx8CisgICAgICAg ICAgICAgICAgICAgICAgICAgIGFjdC0+c3RhcnQgIT0gdHJhbnNfcGFnZV9v ZmYgfHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5sZW5ndGgg IT0gdHJhbnNfbGVuZ3RoIHx8CisgICAgICAgICAgICAgICAgICAgICAgICAg IGFjdC0+dHJhbnNfZG9tYWluICE9IHRkIHx8CisgICAgICAgICAgICAgICAg ICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiAhPSB0cmFuc19ncmVmIHx8Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICFhY3QtPmlzX3N1Yl9wYWdlKSkg KQorICAgICAgICB7CisgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKKyAgICAgICAgICAg IF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7Cisg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAg ICBhY3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3Jh bnRfcmVhZF91bmxvY2socmd0KTsKKyAgICAgICAgICAgIHB1dF9wYWdlKCpw YWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAg IHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAgIGlmICgg IW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3QtPmRvbWlk ID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFuc19wYWdl X29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNfbGVuZ3Ro OworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsKKyAgICAg ICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7CisgICAgICAg ICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAgICAgICBh Y3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAgICAgICAg ICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkg bm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQgd2UgYWx3 YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tzIG1hcHBp bmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50cy4KKyAg ICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJfcGFnZSA9 IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFvbGRfcGlu IHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRfcGluICYg KEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCiAgICAg ewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+Z3RfdmVy c2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjIwNiw3OSArMjI5Miw2IEBA IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAgIHRyYW5z X3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0aCA9IFBB R0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICggKHNoYWgt PmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRpdmUgKQot ICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFuc2l0aXZl ICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFy LCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAgICAgICAg ICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBh bGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEy LT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAgdHJhbnNf Z3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAgICAgIGJh cnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5n Ci0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20g c2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFuc19kb21p ZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJ TCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAg ICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50cyBjYW5u b3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAgICAgIC8q IFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2UsIHdoaWNo Ci0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50IGJlaW5n IGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAgICAgICB0 byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdyYW50ZWQg YmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRvbWFpbi4g IEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAgICAgICAg ICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVzdC4gKi8K LQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAgICAgIHRk ID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKLSAgICAg ICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAgICAgUElO X0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwK LSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBy ZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAvKgotICAg ICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQg dGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJlbW90ZSB0 YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3AgdGhlIGxv Y2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQotICAgICAg ICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFzZShh Y3QpOwotICAgICAgICAgICAgZ3JhbnRfcmVhZF91bmxvY2socmd0KTsKLQot ICAgICAgICAgICAgcmMgPSBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIHJkLT5kb21haW5faWQsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2Zy YW1lLCBwYWdlLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3RoLCAwKTsK LQotICAgICAgICAgICAgZ3JhbnRfcmVhZF9sb2NrKHJndCk7Ci0gICAgICAg ICAgICBhY3QgPSBhY3RpdmVfZW50cnlfYWNxdWlyZShyZ3QsIGdyZWYpOwot Ci0gICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKSB7Ci0gICAg ICAgICAgICAgICAgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwg c3RhdHVzKTsKLSAgICAgICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0 ZCk7Ci0gICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0 KTsKLSAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOwot ICAgICAgICAgICAgICAgIHJldHVybiByYzsKLSAgICAgICAgICAgIH0KLQot ICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRyb3BwZWQgdGhl IGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkgZWxzZSB0 cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9yIHRoYXQgbWF0 dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoKLSAgICAgICAg ICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAgYW5k IHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KLSAgICAgICAgICAgICAqLwot ICAgICAgICAgICAgaWYgKCBhY3QtPnBpbiAhPSBvbGRfcGluICkKLSAgICAg ICAgICAgIHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19mb3Jf Y29weV9waW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAgICAgIHJjdV91 bmxvY2tfZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBhY3RpdmVfZW50 cnlfcmVsZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIGdyYW50X3JlYWRf dW5sb2NrKHJndCk7Ci0gICAgICAgICAgICAgICAgcHV0X3BhZ2UoKnBhZ2Up OwotICAgICAgICAgICAgICAgICpwYWdlID0gTlVMTDsKLSAgICAgICAgICAg ICAgICByZXR1cm4gRVJFU1RBUlQ7Ci0gICAgICAgICAgICB9Ci0KLSAgICAg ICAgICAgIC8qIFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkg b3IgbWF5IG5vdCBiZSBhCi0gICAgICAgICAgICAgICBzdWItcGFnZSwgYnV0 IHdlIGFsd2F5cyB0cmVhdCBpdCBhcyBvbmUgYmVjYXVzZSB0aGF0Ci0gICAg ICAgICAgICAgICBibG9ja3MgbWFwcGluZ3Mgb2YgdHJhbnNpdGl2ZSBncmFu dHMuICovCi0gICAgICAgICAgICBpc19zdWJfcGFnZSA9IDE7Ci0gICAgICAg ICAgICBhY3QtPmdmbiA9IC0xdWw7Ci0gICAgICAgIH0KICAgICAgICAgZWxz ZSBpZiAoICEoc2hhMi0+aGRyLmZsYWdzICYgR1RGX3N1Yl9wYWdlKSApCiAg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0gX19nZXRfcGFnZWRfZnJhbWUo c2hhMi0+ZnVsbF9wYWdlLmZyYW1lLCAmZ3JhbnRfZnJhbWUsIHBhZ2UsIHJl YWRvbmx5LCByZCk7CkBAIC0yNzEwLDEwICsyNzIzLDEzIEBAIGdudHRhYl9z ZXRfdmVyc2lvbihYRU5fR1VFU1RfSEFORExFX1BBUkEKICAgICBjYXNlIDI6 CiAgICAgICAgIGZvciAoIGkgPSAwOyBpIDwgR05UVEFCX05SX1JFU0VSVkVE X0VOVFJJRVM7IGkrKyApCiAgICAgICAgIHsKLSAgICAgICAgICAgIGlmICgg KChzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5mbGFncyAmIEdURl90eXBl X21hc2spID09Ci0gICAgICAgICAgICAgICAgICBHVEZfcGVybWl0X2FjY2Vz cykgJiYKLSAgICAgICAgICAgICAgICAgKHNoYXJlZF9lbnRyeV92MihndCwg aSkuZnVsbF9wYWdlLmZyYW1lID4+IDMyKSApCisgICAgICAgICAgICBzd2l0 Y2ggKCBzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5mbGFncyAmIEdURl90 eXBlX21hc2sgKQogICAgICAgICAgICAgeworICAgICAgICAgICAgY2FzZSBH VEZfcGVybWl0X2FjY2VzczoKKyAgICAgICAgICAgICAgICAgaWYgKCAhKHNo YXJlZF9lbnRyeV92MihndCwgaSkuZnVsbF9wYWdlLmZyYW1lID4+IDMyKSAp CisgICAgICAgICAgICAgICAgICAgICBicmVhazsKKyAgICAgICAgICAgICAg ICAgLyogZmFsbCB0aHJvdWdoICovCisgICAgICAgICAgICBjYXNlIEdURl90 cmFuc2l0aXZlOgogICAgICAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19X QVJOSU5HLAogICAgICAgICAgICAgICAgICAgICAgICAgICJ0cmllZCB0byBj aGFuZ2UgZ3JhbnQgdGFibGUgdmVyc2lvbiB0byAxIHdpdGggbm9uLXJlcHJl c2VudGFibGUgZW50cmllc1xuIik7CiAgICAgICAgICAgICAgICAgcmVzID0g LUVSQU5HRTsK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Wed Aug 23 15:19:35 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Aug 2017 15:19:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dkXQH-0004pu-2A; Wed, 23 Aug 2017 15:18:25 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dkXQF-0004pi-GH; Wed, 23 Aug 2017 15:18:23 +0000 Received: from [85.158.137.68] by server-13.bemta-3.messagelabs.com id D6/52-01862-EBC9D995; Wed, 23 Aug 2017 15:18:22 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFJsWRWlGSWpSXmKPExsWS0XRdVXfvnLm RBlsOs1ncutnKbLHk42IWi1VXD7A6MHsc3f2bKYAxijUzLym/IoE14+j3I6wFr+or/n7bwtjA +LSqi5GLQ0jgHKPEviez2SCcDYwSradPMncxcnIwC7hK3Ni3mQ3CVpS4cK+BBcTmFRCUODnzC ZgtIaApcefNKnYQW0SgSGLnuZdgNpuAnsTcs5OYIHotJeZPPAU0h4NDWCBGovG9CMQYM4n7dz rBxrMIqEpcPb6PeQIjzywkm2ch2TwLyeZZQJOYgTav36UPYUpLLP/HAVEtL7H97RxmCNtK4u7 B1ywQtrnEjOtT2GEmTul+yA7Rai0xcRHUIguJ5gdXWVGVgNj2EovO3WCDKLeRONXKhU1J+9yP ULaNxI+tLViNefloAQtMzamXXxixqfmwbBIbTM2etdtQzFnAKLGKUaM4tagstUjXyFQvqSgzP aMkNzEzR9fQwFgvN7W4ODE9NScxqVgvOT93EyMwhdQzMDDuYGw94XeIUZKDSUmUV1NnbqQQX1 J+SmVGYnFGfFFpTmrxIUYZDg4lCd4Ps4FygkWp6akVaZk5wGQGk5bg4FES4c0AJjQh3uKCxNz izHSI1ClGY45d/9d8YeJYtn7LFyYhlrz8vFQpcV5tkFIBkNKM0jy4QbAke4lRVkqYl5GBgUGI pyC1KDezBFX+FaM4B6OSMK8VyBSezLwSuH2vgE5hAjpl0ok5IKeUJCKkpBoY5ZXqpXbOZHty/ em6M/9XWBWf5WXvWCL5g0vi5I/baoxm9aHcHxI4Cr09E0JOtHX1fHO77fv63hE3w83b9r2/tT uiX28mZ6zBkknS70JEz6t/WPfxonbfaeGf93bMk329kPN88cxXGguLGf9qOxb4/A2v/8CQu3B Si0umBlMfl5PLxmNxkkzflViKMxINtZiLihMB2i7HxK0DAAA= X-Env-Sender: andrewcoop@xenbits.xen.org X-Msg-Ref: server-14.tower-31.messagelabs.com!1503501499!111120247!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 21518 invoked from network); 23 Aug 2017 15:18:20 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-14.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 23 Aug 2017 15:18:20 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dkXQ5-00043C-0d; Wed, 23 Aug 2017 15:18:13 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dkXQ4-0005BZ-U9; Wed, 23 Aug 2017 15:18:12 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 23 Aug 2017 15:18:12 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 235 - add-to-physmap error paths fail to release lock on ARM X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-235 add-to-physmap error paths fail to release lock on ARM ISSUE DESCRIPTION ================= When dealing with the grant map space of add-to-physmap operations, ARM specific code recognizes a number of error conditions, but fails to release a lock being held on the respective exit paths. IMPACT ====== A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for an indefinite period of time. VULNERABLE SYSTEMS ================== Xen versions 4.4 and later are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only ARM systems are affected. X86 systems are not affected. MITIGATION ========== On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which only issue sane hypercalls will prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. CREDITS ======= This issue was discovered by Wei Liu of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa235.patch xen-unstable xsa235-4.9.patch Xen 4.9.x, Xen 4.8.x xsa235-4.7.patch Xen 4.7.x xsa235-4.6.patch Xen 4.6.x xsa235-4.5.patch Xen 4.5.x $ sha256sum xsa235* 6ec8bf9462de65fee3896246f52c00941b2d83c759b3f7b28a440eb977fcbc37 xsa235.meta c81f534e96fe38b9f77794bb143d104d66ce2d7177bda43f872642616e23df65 xsa235.patch 3c21cb1a53f5979b069568c6cd6df3aad00c19e0e459e37625d6a3c0f4f360cc xsa235-4.5.patch 47cda4f32b65f3543af368c324a2e5b308b698a1c7d8bc84fc274eb2cdb45c0e xsa235-4.6.patch f30848eee71e66687b421b87be1d8e3f454c0eb395422546c62a689153d1e31c xsa235-4.7.patch d8f012734fbf6019c1ff864744e308c41dfb9c7804ca3be2771c2c972cdf4bd5 xsa235-4.9.patch $ NOTE REGARDING LACK OF EMBARGO ============================== The issue was discussed publicly before being recognized as a security issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZnZxeAAoJEIP+FMlX6CvZTj4IALE9/7IoG1Ak/TZuHE4xRxZx Zd2APyf+lCNj3wwdFRGC/969ilQ9OjLlJ408RyY6bVpwfmsjJTZWnAcWuS/fIdhY niillD1sdP7Eg65JG8bxL2jCaISH7AJKSePoLuc8G55I7uuJYEnipyvDZuz6W+qy k03+Bbz+TwNezA4YoNFsSpRdX48iIevFy9AIhZmggLUqdgmTR1rygjW/bxanBX8z 2dSch8LMcsVArTmwE3NnxVSJC1/g3Tc07wll7LnB6npecbCmiMqk+rhPUFdHZXl7 pYZy+Qp7w5rqcd91cOuKQKml4O3lO9ajblfpqKmbH3+hnuDqEnVlHSvVNVGWyag= =mGPq -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa235.meta" Content-Disposition: attachment; filename="xsa235.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzUsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIzNS00LjUu cGF0Y2giIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC42Ijog ewogICAgICAiWGVuVmVyc2lvbiI6ICI0LjYiLAogICAgICAiUmVjaXBlcyI6 IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJi NDY2MGI0ZDRhMzVlZGFjNzE1YzAwM2M4NDMyNmRlMmIwZmE0ZjQ3IiwKICAg ICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsg InhzYTIzNS00LjYucGF0Y2giIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0s CiAgICAiNC43IjogewogICAgICAiWGVuVmVyc2lvbiI6ICI0LjciLAogICAg ICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0 YWJsZVJlZiI6ICI1MTUxMjU3NjI2MTU1ZDZlMzMxY2M5ZTY2ZDg5NmM4NGRi MTYxMWUxIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAi UGF0Y2hlcyI6IFsgInhzYTIzNS00LjcucGF0Y2giIF0KICAgICAgICB9CiAg ICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAgICAiWGVuVmVyc2lvbiI6 ICI0LjgiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewog ICAgICAgICAgIlN0YWJsZVJlZiI6ICJmNTIxMWNlNzU4MjFlMGYyY2M1NWVm ZmQyOGRmYmU5MDgyMjY5NzBmIiwKICAgICAgICAgICJQcmVyZXFzIjogW10s CiAgICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIzNS00LjkucGF0Y2giIF0K ICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC45IjogewogICAgICAi WGVuVmVyc2lvbiI6ICI0LjkiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAg ICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI5YmYxNGJiZjk5 MDg0M2JmZWMxNmE1ZDY5ZDM2Y2Y0NmM3NTkzZDg4IiwKICAgICAgICAgICJQ cmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIzNS00 LjkucGF0Y2giIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAibWFz dGVyIjogewogICAgICAiWGVuVmVyc2lvbiI6ICJtYXN0ZXIiLAogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICI5MDUzYTc0YzA4ZmQ2YWJmNDNiYjQ1ZmY5MzJiNDM4NmRlN2U4 NTEwIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsgInhzYTIzNS5wYXRjaCIgXQogICAgICAgIH0KICAgICAgfQog ICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa235.patch" Content-Disposition: attachment; filename="xsa235.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBhcm0vbW06IHJlbGVhc2UgZ3JhbnQgbG9jayBvbiB4ZW5tZW1fYWRkX3Rv X3BoeXNtYXBfb25lKCkgZXJyb3IgcGF0aHMKCkNvbW1pdCA1NTAyMWZmOWFi ICgieGVuL2FybTogYWRkX3RvX3BoeXNtYXBfb25lOiBBdm9pZCB0byBtYXAg bWZuIDAgaWYKYW4gZXJyb3Igb2NjdXJzIikgaW50cm9kdWNlZCBlcnJvciBw YXRocyBub3QgcmVsZWFzaW5nIHRoZSBncmFudCB0YWJsZQpsb2NrLiBSZXBs YWNlIHRoZW0gYnkgYSBzdWl0YWJsZSBjaGVjayBhZnRlciB0aGUgbG9jayB3 YXMgZHJvcHBlZC4KClRoaXMgaXMgWFNBLTIzNS4KClJlcG9ydGVkLWJ5OiBX ZWkgTGl1IDx3ZWkubGl1MkBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBK dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKLS0tIGEveGVu L2FyY2gvYXJtL21tLmMKKysrIGIveGVuL2FyY2gvYXJtL21tLmMKQEAgLTEy NDAsOCArMTI0MCw2IEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25l KAogICAgICAgICAgICAgaWR4ICY9IH5YRU5NQVBJRFhfZ3JhbnRfdGFibGVf c3RhdHVzOwogICAgICAgICAgICAgaWYgKCBpZHggPCBucl9zdGF0dXNfZnJh bWVzKGQtPmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0g dmlydF90b19tZm4oZC0+Z3JhbnRfdGFibGUtPnN0YXR1c1tpZHhdKTsKLSAg ICAgICAgICAgIGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZB TDsKICAgICAgICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEy NTEsMTUgKzEyNDksMjAgQEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9v bmUoCiAKICAgICAgICAgICAgIGlmICggaWR4IDwgbnJfZ3JhbnRfZnJhbWVz KGQtPmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0gdmly dF90b19tZm4oZC0+Z3JhbnRfdGFibGUtPnNoYXJlZF9yYXdbaWR4XSk7Ci0g ICAgICAgICAgICBlbHNlCi0gICAgICAgICAgICAgICAgcmV0dXJuIC1FSU5W QUw7CiAgICAgICAgIH0KIAotICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxl X2dmbltpZHhdID0gZ2ZuOworICAgICAgICBpZiAoICFtZm5fZXEobWZuLCBJ TlZBTElEX01GTikgKQorICAgICAgICB7CisgICAgICAgICAgICBkLT5hcmNo LmdyYW50X3RhYmxlX2dmbltpZHhdID0gZ2ZuOwogCi0gICAgICAgIHQgPSBw Mm1fcmFtX3J3OworICAgICAgICAgICAgdCA9IHAybV9yYW1fcnc7CisgICAg ICAgIH0KIAogICAgICAgICBncmFudF93cml0ZV91bmxvY2soZC0+Z3JhbnRf dGFibGUpOworCisgICAgICAgIGlmICggbWZuX2VxKG1mbiwgSU5WQUxJRF9N Rk4pICkKKyAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOworCiAgICAgICAg IGJyZWFrOwogICAgIGNhc2UgWEVOTUFQU1BBQ0Vfc2hhcmVkX2luZm86CiAg ICAgICAgIGlmICggaWR4ICE9IDAgKQo= --=separator Content-Type: application/octet-stream; name="xsa235-4.5.patch" Content-Disposition: attachment; filename="xsa235-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBhcm0vbW06IHJlbGVhc2UgZ3JhbnQgbG9jayBvbiB4ZW5tZW1fYWRkX3Rv X3BoeXNtYXBfb25lKCkgZXJyb3IgcGF0aHMKCkNvbW1pdCA1NTAyMWZmOWFi ICgieGVuL2FybTogYWRkX3RvX3BoeXNtYXBfb25lOiBBdm9pZCB0byBtYXAg bWZuIDAgaWYKYW4gZXJyb3Igb2NjdXJzIikgaW50cm9kdWNlZCBlcnJvciBw YXRocyBub3QgcmVsZWFzaW5nIHRoZSBncmFudCB0YWJsZQpsb2NrLiBSZXBs YWNlIHRoZW0gYnkgYSBzdWl0YWJsZSBjaGVjayBhZnRlciB0aGUgbG9jayB3 YXMgZHJvcHBlZC4KClRoaXMgaXMgWFNBLTIzNS4KClJlcG9ydGVkLWJ5OiBX ZWkgTGl1IDx3ZWkubGl1MkBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBK dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKLS0tIGEveGVu L2FyY2gvYXJtL21tLmMKKysrIGIveGVuL2FyY2gvYXJtL21tLmMKQEAgLTEw NTIsNyArMTA1Miw3IEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25l KAogICAgICAgICAgICAgaWYgKCBpZHggPCBucl9zdGF0dXNfZnJhbWVzKGQt PmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0gdmlydF90 b19tZm4oZC0+Z3JhbnRfdGFibGUtPnN0YXR1c1tpZHhdKTsKICAgICAgICAg ICAgIGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKKyAg ICAgICAgICAgICAgICBtZm4gPSBJTlZBTElEX01GTjsKICAgICAgICAgfQog ICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEwNjMsMTQgKzEwNjMsMjEg QEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAgICAgICAg ICBpZiAoIGlkeCA8IG5yX2dyYW50X2ZyYW1lcyhkLT5ncmFudF90YWJsZSkg KQogICAgICAgICAgICAgICAgIG1mbiA9IHZpcnRfdG9fbWZuKGQtPmdyYW50 X3RhYmxlLT5zaGFyZWRfcmF3W2lkeF0pOwogICAgICAgICAgICAgZWxzZQot ICAgICAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOworICAgICAgICAgICAg ICAgIG1mbiA9IElOVkFMSURfTUZOOwogICAgICAgICB9CiAgICAgICAgIAot ICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxlX2dwZm5baWR4XSA9IGdwZm47 CisgICAgICAgIGlmICggbWZuICE9IElOVkFMSURfTUZOICkKKyAgICAgICAg eworICAgICAgICAgICAgZC0+YXJjaC5ncmFudF90YWJsZV9ncGZuW2lkeF0g PSBncGZuOwogCi0gICAgICAgIHQgPSBwMm1fcmFtX3J3OworICAgICAgICAg ICAgdCA9IHAybV9yYW1fcnc7CisgICAgICAgIH0KIAogICAgICAgICBzcGlu X3VubG9jaygmZC0+Z3JhbnRfdGFibGUtPmxvY2spOworCisgICAgICAgIGlm ICggbWZuID09IElOVkFMSURfTUZOICkKKyAgICAgICAgICAgIHJldHVybiAt RUlOVkFMOworCiAgICAgICAgIGJyZWFrOwogICAgIGNhc2UgWEVOTUFQU1BB Q0Vfc2hhcmVkX2luZm86CiAgICAgICAgIGlmICggaWR4ICE9IDAgKQo= --=separator Content-Type: application/octet-stream; name="xsa235-4.6.patch" Content-Disposition: attachment; filename="xsa235-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBhcm0vbW06IHJlbGVhc2UgZ3JhbnQgbG9jayBvbiB4ZW5tZW1fYWRkX3Rv X3BoeXNtYXBfb25lKCkgZXJyb3IgcGF0aHMKCkNvbW1pdCA1NTAyMWZmOWFi ICgieGVuL2FybTogYWRkX3RvX3BoeXNtYXBfb25lOiBBdm9pZCB0byBtYXAg bWZuIDAgaWYKYW4gZXJyb3Igb2NjdXJzIikgaW50cm9kdWNlZCBlcnJvciBw YXRocyBub3QgcmVsZWFzaW5nIHRoZSBncmFudCB0YWJsZQpsb2NrLiBSZXBs YWNlIHRoZW0gYnkgYSBzdWl0YWJsZSBjaGVjayBhZnRlciB0aGUgbG9jayB3 YXMgZHJvcHBlZC4KClRoaXMgaXMgWFNBLTIzNS4KClJlcG9ydGVkLWJ5OiBX ZWkgTGl1IDx3ZWkubGl1MkBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBK dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKLS0tIGEveGVu L2FyY2gvYXJtL21tLmMKKysrIGIveGVuL2FyY2gvYXJtL21tLmMKQEAgLTEw NzMsNyArMTA3Myw3IEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25l KAogICAgICAgICAgICAgaWYgKCBpZHggPCBucl9zdGF0dXNfZnJhbWVzKGQt PmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0gdmlydF90 b19tZm4oZC0+Z3JhbnRfdGFibGUtPnN0YXR1c1tpZHhdKTsKICAgICAgICAg ICAgIGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKKyAg ICAgICAgICAgICAgICBtZm4gPSBJTlZBTElEX01GTjsKICAgICAgICAgfQog ICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEwODQsMTQgKzEwODQsMjEg QEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAgICAgICAg ICBpZiAoIGlkeCA8IG5yX2dyYW50X2ZyYW1lcyhkLT5ncmFudF90YWJsZSkg KQogICAgICAgICAgICAgICAgIG1mbiA9IHZpcnRfdG9fbWZuKGQtPmdyYW50 X3RhYmxlLT5zaGFyZWRfcmF3W2lkeF0pOwogICAgICAgICAgICAgZWxzZQot ICAgICAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOworICAgICAgICAgICAg ICAgIG1mbiA9IElOVkFMSURfTUZOOwogICAgICAgICB9CiAgICAgICAgIAot ICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxlX2dwZm5baWR4XSA9IGdwZm47 CisgICAgICAgIGlmICggbWZuICE9IElOVkFMSURfTUZOICkKKyAgICAgICAg eworICAgICAgICAgICAgZC0+YXJjaC5ncmFudF90YWJsZV9ncGZuW2lkeF0g PSBncGZuOwogCi0gICAgICAgIHQgPSBwMm1fcmFtX3J3OworICAgICAgICAg ICAgdCA9IHAybV9yYW1fcnc7CisgICAgICAgIH0KIAogICAgICAgICB3cml0 ZV91bmxvY2soJmQtPmdyYW50X3RhYmxlLT5sb2NrKTsKKworICAgICAgICBp ZiAoIG1mbiA9PSBJTlZBTElEX01GTiApCisgICAgICAgICAgICByZXR1cm4g LUVJTlZBTDsKKwogICAgICAgICBicmVhazsKICAgICBjYXNlIFhFTk1BUFNQ QUNFX3NoYXJlZF9pbmZvOgogICAgICAgICBpZiAoIGlkeCAhPSAwICkK --=separator Content-Type: application/octet-stream; name="xsa235-4.7.patch" Content-Disposition: attachment; filename="xsa235-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBhcm0vbW06IHJlbGVhc2UgZ3JhbnQgbG9jayBvbiB4ZW5tZW1fYWRkX3Rv X3BoeXNtYXBfb25lKCkgZXJyb3IgcGF0aHMKCkNvbW1pdCA1NTAyMWZmOWFi ICgieGVuL2FybTogYWRkX3RvX3BoeXNtYXBfb25lOiBBdm9pZCB0byBtYXAg bWZuIDAgaWYKYW4gZXJyb3Igb2NjdXJzIikgaW50cm9kdWNlZCBlcnJvciBw YXRocyBub3QgcmVsZWFzaW5nIHRoZSBncmFudCB0YWJsZQpsb2NrLiBSZXBs YWNlIHRoZW0gYnkgYSBzdWl0YWJsZSBjaGVjayBhZnRlciB0aGUgbG9jayB3 YXMgZHJvcHBlZC4KClRoaXMgaXMgWFNBLTIzNS4KClJlcG9ydGVkLWJ5OiBX ZWkgTGl1IDx3ZWkubGl1MkBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBK dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKLS0tIGEveGVu L2FyY2gvYXJtL21tLmMKKysrIGIveGVuL2FyY2gvYXJtL21tLmMKQEAgLTEw ODEsNyArMTA4MSw3IEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25l KAogICAgICAgICAgICAgaWYgKCBpZHggPCBucl9zdGF0dXNfZnJhbWVzKGQt PmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0gdmlydF90 b19tZm4oZC0+Z3JhbnRfdGFibGUtPnN0YXR1c1tpZHhdKTsKICAgICAgICAg ICAgIGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKKyAg ICAgICAgICAgICAgICBtZm4gPSBJTlZBTElEX01GTjsKICAgICAgICAgfQog ICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEwOTIsMTQgKzEwOTIsMjEg QEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAgICAgICAg ICBpZiAoIGlkeCA8IG5yX2dyYW50X2ZyYW1lcyhkLT5ncmFudF90YWJsZSkg KQogICAgICAgICAgICAgICAgIG1mbiA9IHZpcnRfdG9fbWZuKGQtPmdyYW50 X3RhYmxlLT5zaGFyZWRfcmF3W2lkeF0pOwogICAgICAgICAgICAgZWxzZQot ICAgICAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOworICAgICAgICAgICAg ICAgIG1mbiA9IElOVkFMSURfTUZOOwogICAgICAgICB9CiAgICAgICAgIAot ICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxlX2dwZm5baWR4XSA9IGdwZm47 CisgICAgICAgIGlmICggbWZuICE9IElOVkFMSURfTUZOICkKKyAgICAgICAg eworICAgICAgICAgICAgZC0+YXJjaC5ncmFudF90YWJsZV9ncGZuW2lkeF0g PSBncGZuOwogCi0gICAgICAgIHQgPSBwMm1fcmFtX3J3OworICAgICAgICAg ICAgdCA9IHAybV9yYW1fcnc7CisgICAgICAgIH0KIAogICAgICAgICBncmFu dF93cml0ZV91bmxvY2soZC0+Z3JhbnRfdGFibGUpOworCisgICAgICAgIGlm ICggbWZuID09IElOVkFMSURfTUZOICkKKyAgICAgICAgICAgIHJldHVybiAt RUlOVkFMOworCiAgICAgICAgIGJyZWFrOwogICAgIGNhc2UgWEVOTUFQU1BB Q0Vfc2hhcmVkX2luZm86CiAgICAgICAgIGlmICggaWR4ICE9IDAgKQo= --=separator Content-Type: application/octet-stream; name="xsa235-4.9.patch" Content-Disposition: attachment; filename="xsa235-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBhcm0vbW06IHJlbGVhc2UgZ3JhbnQgbG9jayBvbiB4ZW5tZW1fYWRkX3Rv X3BoeXNtYXBfb25lKCkgZXJyb3IgcGF0aHMKCkNvbW1pdCA1NTAyMWZmOWFi ICgieGVuL2FybTogYWRkX3RvX3BoeXNtYXBfb25lOiBBdm9pZCB0byBtYXAg bWZuIDAgaWYKYW4gZXJyb3Igb2NjdXJzIikgaW50cm9kdWNlZCBlcnJvciBw YXRocyBub3QgcmVsZWFzaW5nIHRoZSBncmFudCB0YWJsZQpsb2NrLiBSZXBs YWNlIHRoZW0gYnkgYSBzdWl0YWJsZSBjaGVjayBhZnRlciB0aGUgbG9jayB3 YXMgZHJvcHBlZC4KClRoaXMgaXMgWFNBLTIzNS4KClJlcG9ydGVkLWJ5OiBX ZWkgTGl1IDx3ZWkubGl1MkBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBK dWxpZW4gR3JhbGwgPGp1bGllbi5ncmFsbEBhcm0uY29tPgoKLS0tIGEveGVu L2FyY2gvYXJtL21tLmMKKysrIGIveGVuL2FyY2gvYXJtL21tLmMKQEAgLTEx NjQsNyArMTE2NCw3IEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25l KAogICAgICAgICAgICAgaWYgKCBpZHggPCBucl9zdGF0dXNfZnJhbWVzKGQt PmdyYW50X3RhYmxlKSApCiAgICAgICAgICAgICAgICAgbWZuID0gdmlydF90 b19tZm4oZC0+Z3JhbnRfdGFibGUtPnN0YXR1c1tpZHhdKTsKICAgICAgICAg ICAgIGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKKyAg ICAgICAgICAgICAgICBtZm4gPSBtZm5feChJTlZBTElEX01GTik7CiAgICAg ICAgIH0KICAgICAgICAgZWxzZQogICAgICAgICB7CkBAIC0xMTc1LDE0ICsx MTc1LDIxIEBAIGludCB4ZW5tZW1fYWRkX3RvX3BoeXNtYXBfb25lKAogICAg ICAgICAgICAgaWYgKCBpZHggPCBucl9ncmFudF9mcmFtZXMoZC0+Z3JhbnRf dGFibGUpICkKICAgICAgICAgICAgICAgICBtZm4gPSB2aXJ0X3RvX21mbihk LT5ncmFudF90YWJsZS0+c2hhcmVkX3Jhd1tpZHhdKTsKICAgICAgICAgICAg IGVsc2UKLSAgICAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKKyAgICAg ICAgICAgICAgICBtZm4gPSBtZm5feChJTlZBTElEX01GTik7CiAgICAgICAg IH0KIAotICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxlX2dmbltpZHhdID0g Z2ZuOworICAgICAgICBpZiAoIG1mbiAhPSBtZm5feChJTlZBTElEX01GTikg KQorICAgICAgICB7CisgICAgICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxl X2dmbltpZHhdID0gZ2ZuOwogCi0gICAgICAgIHQgPSBwMm1fcmFtX3J3Owor ICAgICAgICAgICAgdCA9IHAybV9yYW1fcnc7CisgICAgICAgIH0KIAogICAg ICAgICBncmFudF93cml0ZV91bmxvY2soZC0+Z3JhbnRfdGFibGUpOworCisg ICAgICAgIGlmICggbWZuID09IG1mbl94KElOVkFMSURfTUZOKSApCisgICAg ICAgICAgICByZXR1cm4gLUVJTlZBTDsKKwogICAgICAgICBicmVhazsKICAg ICBjYXNlIFhFTk1BUFNQQUNFX3NoYXJlZF9pbmZvOgogICAgICAgICBpZiAo IGlkeCAhPSAwICkK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Aug 29 12:05:21 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 29 Aug 2017 12:05:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmfFp-0000Tq-W6; Tue, 29 Aug 2017 12:04:25 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmfFo-0000TY-4C; Tue, 29 Aug 2017 12:04:24 +0000 Received: from [85.158.143.35] by server-3.bemta-6.messagelabs.com id 48/73-03093-74855A95; Tue, 29 Aug 2017 12:04:23 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNJsWRWlGSWpSXmKPExsWS0XRdVdc1Ymm kwdyrAha3brYyWyz5uJjFYtXVA6wOzB5Hd/9mCmCMYs3MS8qvSGDNaO3dx1Lwfy17xbbuzywN jE0z2bsYOTmEBI4zSmx5rtHFyAVkL2KUuDNvPxNIglnAVeLGvs1sELaixIV7DSwgNq+AoMTJm U/AbAkBTYk7b1aBDRIRKJLYee4lmM0moCcx9+wkqDmWEvMnngKaw8EhLBAvsatJBmKMmcTRfx dZQWwWAVWJxzc/M05g5JmFZPMsJJtnIdk8C2gSM9Dm9bv0IUxpieX/OCCq5SW2v53DDGFbS6z o2AI1xULi7MFnLDATp3Q/ZIdorZBYtqQCIlwq8XvLelZUJSB2vsTEKcug7ByJPas+sWCqsZd4 8rQVapWNxKeXP5gw1RRLrOp4xAqxtkBi4SNmTCVZEivfnYFqTZfY8uEnFjX2EqdWTmeGWdV2u AOLk4slZrzcBBUvkPjYu4Qdm117n8yD23Xn2mLWBYxaqxg1ilOLylKLdA1N9ZKKMtMzSnITM3 N0DQ3M9HJTi4sT01NzEpOK9ZLzczcxApMgAxDsYPy2LOAQoyQHk5IoL0fY0kghvqT8lMqMxOK M+KLSnNTiQ4wyHBxKErxfQHKCRanpqRVpmTnAdAyTluDgURLh/QqS5i0uSMwtzkyHSJ1iNObY 9X/NFyaOZeu3fGESYsnLz0uVEud9C1IqAFKaUZoHNwiWJy4xykoJ8zICnSbEU5BalJtZgir/i lGcg1FJmPcFyBSezLwSuH2vgE5hAjol1gvslJJEhJRUA2P1xuw973PiIubabBWTWTSTzd1t/4 /uvN8WWS+zrvomd01+NNdEU3vfKcGlvJsrr7/9mvNgW8+GV95eNyPVayv2TeCUn1FezLnxZCC Li0byZe0Tc3Zon1lh96fzbmf77va/egvPbYrbsPhSf7vFlSqG/VdkrhVvFepey607g8v1/42L f7/4P/ymxFKckWioxVxUnAgA7H3Yiw4EAAA= X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-2.tower-21.messagelabs.com!1504008259!66157622!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 61219 invoked from network); 29 Aug 2017 12:04:20 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-2.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 29 Aug 2017 12:04:20 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmfFY-0002AE-W8; Tue, 29 Aug 2017 12:04:08 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dmfFY-00029c-RU; Tue, 29 Aug 2017 12:04:08 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 29 Aug 2017 12:04:08 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-12135 / XSA-226 version 7 multiple problems with transitive grants UPDATES IN VERSION 7 ==================== First patch provided in version 6 regressed 32-bit Dom0 or backend domains. The updated patch includes a fix for this. ISSUE DESCRIPTION ================= 1) Code to handle copy operations on transitive grants has built in retry logic, involving a function reinvoking itself with unchanged parameters. Such use assumes that the compiler would also translate this to a so called "tail call" when generating machine code. Empirically, this is not commonly the case, allowing for theoretically unbounded nesting of such function calls. 2) The reference counting and locking discipline for transitive grants is broken. Concurrent use of the transitive grant can leak references on the transitively-referenced grant. IMPACT ====== A malicious or buggy guest may be able to crash Xen. Privilege escalation and information leaks cannot be ruled out. A malicious or buggy guest can leak references on grants it has been given, amounting to a DoS against the grantee. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. The security team would also like to thank Amazon for helping to identify that the problems with transitive grants were deeper than originally believed. RESOLUTION ========== Applying the appropriate attached pair of patches from the list below addresses this issue: xsa226-unstable/*.patch xen-unstable xsa226-4.9/*.patch Xen 4.9.x, Xen 4.8.x, Xen 4.7.x xsa226-4.6/*.patch Xen 4.6.x xsa226-4.5/*.patch Xen 4.5.x Note that these patches have already been applied to the respective staging trees. Alternatively, applying the appropriate attached patch from the list below works around this issue by disabling transitive grants by default: xsa226.patch xen-unstable, Xen 4.9.x, Xen 4.8.x xsa226-4.7.patch Xen 4.7.x xsa226-4.6.patch Xen 4.6.x xsa226-4.5.patch Xen 4.5.x $ sha256sum xsa226* xsa226*/* b09e07aaf422ae04a4ece5e2c5b5e54036cfae5b5c632bfc6953a0cacd6f60ff xsa226.patch d999767014501d3ac62def06ccd43b97bbbf0ef7d402d3bd70ca96ac9997a14d xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch 4473fd96ce4fdea5e19e0b502d65f20bd279d82473ac34ff404ce2b2cbc10be1 xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch ca8b92b2ff58b87e8bec137a34784cbf11e2820659046df6e1d71e23bf7e7dee xsa226-4.5.patch ca77d01172abf263b5b731f26f5e3f74b0b8c75b3e29bee3f65a9318236daba7 xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch de6359e50fd2bb710469da74a596013ce275edb43d3d1c36d41452f88eee9b7d xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch 28c7df7edabb91fb2f1fa3fc7d6906bfae75a6e701f1cd335baafaae3e087696 xsa226-4.6.patch 0186f78e99f5f6eec913da8355e0c28946a14a6099a7219bd4e0d385fdf8c306 xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch e34dbba7b94942faeb3e6b7630ba06f01998e2b56be1035d76e67aa47e77457d xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch fffcc0a4428723e6aea391ff4f1d27326b5a3763d2308cbde64e6a786502c702 xsa226-4.7.patch 3878c27b77ba24012599289e0e0fb1e5198b1e4efe2f87f7c46def5f335f2fd5 xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch 01d773c5bb4cafe54daf0d14e8a3af899a7c5863513d18927c4a570a74afdb15 xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch $ (The .meta file is a prototype machine-readable file for describing which patches are to be applied how.) DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZpVgpAAoJEIP+FMlX6CvZ228H/jXq5lHGZwtGmbgFY1O6/LBk wrExcAq5iSXVHmfXCR1budkAEYxqCptAbO6FNljvfZVu1bMnGq/ONJs6+UUMCcLb TCLoqqAvSN06dftIcKSCDOW6GpmRs+lEdZYHO6qkEh1hTHY83OjqqQW2jhOGf4iV IS1kytbERXzjzApeTECcUJ4Fxd2sGD8PUMiD4XFagtJu3mjSl5Y1M57z21WBzSuK dHwUzt9sKAd/FOHvpT27GxWw69XR2dI0vKrVtY+Wgudmi4cVt4qnLPirhxkulRVL yVWZeC3dBgjwR1kE2NNuuBXUTHfmyV/kj8s9Jd0z4Z3aGyX/24uZfL1eJq02Sa8= =oTGH -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa226.patch" Content-Disposition: attachment; filename="xsa226.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA0MDAyZWFiLi5hZjA3OWI0IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtODY4LDYgKzg2OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggYWUzNDU0Ny4uODcxMzFmOCAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50 czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpz KQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9 IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAg ICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAi bWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcg dmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAg ICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAg ICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAg ICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9v bCB2YWwgPSAhIXN0cm5jbXAocywgIm5vLSIsIDMpOworCisgICAgICAgICAg ICBpZiAoICF2YWwgKQorICAgICAgICAgICAgICAgIHMgKz0gMzsKKworICAg ICAgICAgICAgaWYgKCAhc3RyY21wKHMsICJ0cmFuc2l0aXZlIikgKQorICAg ICAgICAgICAgICAgIG9wdF90cmFuc2l0aXZlX2dyYW50cyA9IHZhbDsKKyAg ICAgICAgfQorCisgICAgICAgIHMgPSBzcyArIDE7CisgICAgfSB3aGlsZSAo IHNzICk7Cit9CisKK2N1c3RvbV9wYXJhbSgiZ250dGFiIiwgcGFyc2VfZ250 dGFiKTsKKwogLyogVGhlIG1heGltdW0gbnVtYmVyIG9mIGdyYW50IG1hcHBp bmdzIGlzIGRlZmluZWQgYXMgYSBtdWx0aXBsaWVyIG9mIHRoZQogICogbWF4 aW11bSBudW1iZXIgb2YgZ3JhbnQgdGFibGUgZW50cmllcy4gVGhpcyBkZWZp bmVzIHRoZSBtdWx0aXBsaWVyIHVzZWQuCiAgKiBQcmV0dHkgYXJiaXRyYXJ5 LiBbUE9MSUNZXQpAQCAtMjE5MSw2ICsyMjI3LDEwIEBAIF9fYWNxdWlyZV9n cmFudF9mb3JfY29weSgKICAgICAgICAgfQogICAgICAgICBlbHNlIGlmICgg KHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRp dmUgKQogICAgICAgICB7CisgICAgICAgICAgICBpZiAoICFvcHRfdHJhbnNp dGl2ZV9ncmFudHMgKQorICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnQgZGlzYWxsb3dlZCBi eSBwb2xpY3lcbiIpOworCiAgICAgICAgICAgICBpZiAoICFhbGxvd190cmFu c2l0aXZlICkKICAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0 X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAogICAgICAgICAgICAgICAg ICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5 IG5vdCBhbGxvd2VkXG4iKTsKQEAgLTMxNTksNyArMzE5OSwxMCBAQCBkb19n cmFudF90YWJsZV9vcCgKICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9zZXRf dmVyc2lvbjoKICAgICB7Ci0gICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJz aW9uKGd1ZXN0X2hhbmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9u X3QpKTsKKyAgICAgICAgaWYgKCBvcHRfZ250dGFiX21heF92ZXJzaW9uID09 IDEgKQorICAgICAgICAgICAgcmMgPSAtRU5PU1lTOyAvKiBCZWhhdmUgYXMg YmVmb3JlIHNldF92ZXJzaW9uIHdhcyBpbnRyb2R1Y2VkLiAqLworICAgICAg ICBlbHNlCisgICAgICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihn dWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7 CiAgICAgICAgIGJyZWFrOwogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX2dl dF9zdGF0dXNfZnJhbWVzOgo= --=separator Content-Type: application/octet-stream; name="xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-unstable/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYworKysgYi94 ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5jCkBAIC0yNTgsOSArMjU4 LDkgQEAgaW50IGNvbXBhdF9ncmFudF90YWJsZV9vcCh1bnNpZ25lZCBpbnQg Y21kLAogICAgICAgICAgICAgICAgIHJjID0gZ250dGFiX2NvcHkoZ3Vlc3Rf aGFuZGxlX2Nhc3QobmF0LnVvcCwgZ250dGFiX2NvcHlfdCksIG4pOwogICAg ICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAgICAgICAgewotICAgICAg ICAgICAgICAgIEFTU0VSVChyYyA8IG4pOwotICAgICAgICAgICAgICAgIGkg LT0gbiAtIHJjOwotICAgICAgICAgICAgICAgIG4gPSByYzsKKyAgICAgICAg ICAgICAgICBBU1NFUlQocmMgPD0gbik7CisgICAgICAgICAgICAgICAgaSAt PSByYzsKKyAgICAgICAgICAgICAgICBuIC09IHJjOwogICAgICAgICAgICAg fQogICAgICAgICAgICAgaWYgKCByYyA+PSAwICkKICAgICAgICAgICAgIHsK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjEwOSw4ICsyMTA5LDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjYyLDEwICsyMjY0LDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjczLDkgKzIyNzYsOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhy Z3QpOwogICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAg ICAgICAgICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJk LCBncmVmLCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdl X29mZiwgbGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAg ICAgICAgICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVy biBFUkVTVEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyog VGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90 IGJlIGEKQEAgLTI1NzQsNyArMjU3Niw3IEBAIHN0YXRpYyBpbnQgZ250dGFi X2NvcHlfb25lKGNvbnN0IHN0cnVjdAogICAgIHsKICAgICAgICAgZ250dGFi X2NvcHlfcmVsZWFzZV9idWYoc3JjKTsKICAgICAgICAgcmMgPSBnbnR0YWJf Y29weV9jbGFpbV9idWYob3AsICZvcC0+c291cmNlLCBzcmMsIEdOVENPUFlf c291cmNlX2dyZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAg IGlmICggcmMgKQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBA IC0yNTg0LDcgKzI1ODYsNyBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29u ZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRhYl9jb3B5X3Jl bGVhc2VfYnVmKGRlc3QpOwogICAgICAgICByYyA9IGdudHRhYl9jb3B5X2Ns YWltX2J1ZihvcCwgJm9wLT5kZXN0LCBkZXN0LCBHTlRDT1BZX2Rlc3RfZ3Jl Zik7Ci0gICAgICAgIGlmICggcmMgPCAwICkKKyAgICAgICAgaWYgKCByYyAp CiAgICAgICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI1OTMsNiAr MjU5NSwxNCBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29uZShjb25zdCBz dHJ1Y3QKICAgICByZXR1cm4gcmM7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgWEVOX0dVRVNUX0hBTkRMRV9QQVJBTShnbnR0YWJfY29weV90KSB1b3As IHVuc2lnbmVkIGludCBjb3VudCkKIHsKQEAgLTI2MDYsNyArMjYxNiw3IEBA IHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAogICAgIHsKICAgICAgICAgaWYg KCBpICYmIGh5cGVyY2FsbF9wcmVlbXB0X2NoZWNrKCkgKQogICAgICAgICB7 Ci0gICAgICAgICAgICByYyA9IGk7CisgICAgICAgICAgICByYyA9IGNvdW50 IC0gaTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAKQEAgLTI2 MTYsMTMgKzI2MjYsMjAgQEAgc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCi0gICAgICAgIG9wLnN0 YXR1cyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKLSAg ICAgICAgaWYgKCBvcC5zdGF0dXMgIT0gR05UU1Rfb2theSApCisgICAgICAg IHJjID0gZ250dGFiX2NvcHlfb25lKCZvcCwgJmRlc3QsICZzcmMpOworICAg ICAgICBpZiAoIHJjID4gMCApCisgICAgICAgIHsKKyAgICAgICAgICAgIHJj ID0gY291bnQgLSBpOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0K KyAgICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJnNyYyk7CiAg ICAgICAgICAgICBnbnR0YWJfY29weV9yZWxlYXNlX2J1ZigmZGVzdCk7CiAg ICAgICAgIH0KIAorICAgICAgICBvcC5zdGF0dXMgPSByYzsKKyAgICAgICAg cmMgPSAwOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9fY29weV9maWVsZF90 b19ndWVzdCh1b3AsICZvcCwgc3RhdHVzKSkgKQogICAgICAgICB7CiAgICAg ICAgICAgICByYyA9IC1FRkFVTFQ7CkBAIC0zMTYyLDYgKzMxNzksNyBAQCBk b19ncmFudF90YWJsZV9vcCgKICAgICAgICAgcmMgPSBnbnR0YWJfY29weShj b3B5LCBjb3VudCk7CiAgICAgICAgIGlmICggcmMgPiAwICkKICAgICAgICAg eworICAgICAgICAgICAgcmMgPSBjb3VudCAtIHJjOwogICAgICAgICAgICAg Z3Vlc3RfaGFuZGxlX2FkZF9vZmZzZXQoY29weSwgcmMpOwogICAgICAgICAg ICAgdW9wID0gZ3Vlc3RfaGFuZGxlX2Nhc3QoY29weSwgdm9pZCk7CiAgICAg ICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-unstable/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwNTYsMTMgKzIwNTYsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBncmFu dF9yZWFkX2xvY2socmd0KTsKIAogICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9h Y3F1aXJlKHJndCwgZ3JlZik7CkBAIC0yMDkyLDE3ICsyMDg3LDExIEBAIF9f cmVsZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAt PSBHTlRQSU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAm IChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAg ICAgIHsKLSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAg ICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVz KTsKLSAgICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkK LSAgICB7CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGlu Zywgc3RhdHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAg fQogCiAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKICAgICBncmFu dF9yZWFkX3VubG9jayhyZ3QpOwpAQCAtMjExMCwxMyArMjA5OSwxMCBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAgICAgaWYgKCB0ZCAhPSByZCAp CiAgICAgewogICAgICAgICAvKgotICAgICAgICAgKiBSZWN1cnNpdmUgY2Fs bHMsIGJ1dCB0aGV5J3JlIGJvdW5kZWQgKGFjcXVpcmUgcGVybWl0cyBvbmx5 IGEgc2luZ2xlCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxsLCBidXQgaXQg aXMgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUKICAg ICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBva2F5 LgogICAgICAgICAgKi8KLSAgICAgICAgaWYgKCByZWxlYXNlZF93cml0ZSAp Ci0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQsIHRy YW5zX2dyZWYsIDApOwotICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRfcmVh ZCApCi0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDEpOworICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKIAogICAgICAgICBy Y3VfdW5sb2NrX2RvbWFpbih0ZCk7CiAgICAgfQpAQCAtMjE5MCw4ICsyMTc2 LDEwOCBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgICAg ICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAogICAgIG9s ZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8fAotICAg ICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJTl9kZXZ3 X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBzaGEyICYm IChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFuc2l0 aXZlICkKKyAgICB7CisgICAgICAgIGlmICggKCFvbGRfcGluIHx8ICghcmVh ZG9ubHkgJiYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICEob2xkX3Bp biAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkpICYm CisgICAgICAgICAgICAgKHJjID0gX3NldF9zdGF0dXNfdjIobGRvbSwgcmVh ZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzdGF0dXMpKSAhPSBHTlRTVF9va2F5ICkKKyAgICAgICAg ICAgIGdvdG8gdW5sb2NrX291dDsKKworICAgICAgICBpZiAoICFhbGxvd190 cmFuc2l0aXZlICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRf Y2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAgICAgICAg ICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3Qg YWxsb3dlZFxuIik7CisKKyAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEyLT50 cmFuc2l0aXZlLnRyYW5zX2RvbWlkOworICAgICAgICB0cmFuc19ncmVmID0g c2hhMi0+dHJhbnNpdGl2ZS5ncmVmOworICAgICAgICBiYXJyaWVyKCk7IC8q IFN0b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZworICAgICAgICAg ICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20gc2hhcmVkIG1lbW9yeSAq LworICAgICAgICBpZiAoIHRyYW5zX2RvbWlkID09IHJkLT5kb21haW5faWQg KQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05U U1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFu c2l0aXZlIGdyYW50cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7 CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cgdGhlIHRyYW5z X2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9uZHMgdG8gYQor ICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25lIGRvbWFpbiwg c2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAgICAgICogdHJh bnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2luYWwgZG9tYWlu LiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwgYW5kIG1lYW5z IHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRv CisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4KKyAgICAgICAg ICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAgICAgIHRkID0g cmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKKyAgICAgICAg aWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVuY2VkIGJhZCBk b21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0cmFuc19kb21p ZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1aXJlX2dyYW50 X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKKyAgICAg ICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNvIHdlIGhhdmUg dG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFuZCByZWFjcXVp cmUuCisgICAgICAgICAqLworICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFz ZShhY3QpOworICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOworCisg ICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFu c19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBwYWdl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmdHJh bnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAgIGdy YW50X3JlYWRfbG9jayhyZ3QpOworICAgICAgICBhY3QgPSBhY3RpdmVfZW50 cnlfYWNxdWlyZShyZ3QsIGdyZWYpOworCisgICAgICAgIGlmICggcmMgIT0g R05UU1Rfb2theSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fZml4dXBf c3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAg ICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAgICBhY3RpdmVf ZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAg fQorCisgICAgICAgIC8qCisgICAgICAgICAqIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCB0aGUgZ3JhbnQgZGlkbid0 CisgICAgICAgICAqIGNoYW5nZSwgYW5kIHRoYXQgbm9ib2R5IGVsc2UgdHJp ZWQgdG8gcGluL3VucGluIGl0LiBJZiBhbnl0aGluZworICAgICAgICAgKiBj aGFuZ2VkLCBqdXN0IGdpdmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byBy ZXRyeS4KKyAgICAgICAgICovCisgICAgICAgIGlmICggcmd0LT5ndF92ZXJz aW9uICE9IDIgfHwKKyAgICAgICAgICAgICBhY3QtPnBpbiAhPSBvbGRfcGlu IHx8CisgICAgICAgICAgICAgKG9sZF9waW4gJiYgKGFjdC0+ZG9taWQgIT0g bGRvbSB8fCBhY3QtPmZyYW1lICE9IGdyYW50X2ZyYW1lIHx8CisgICAgICAg ICAgICAgICAgICAgICAgICAgIGFjdC0+c3RhcnQgIT0gdHJhbnNfcGFnZV9v ZmYgfHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5sZW5ndGgg IT0gdHJhbnNfbGVuZ3RoIHx8CisgICAgICAgICAgICAgICAgICAgICAgICAg IGFjdC0+dHJhbnNfZG9tYWluICE9IHRkIHx8CisgICAgICAgICAgICAgICAg ICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiAhPSB0cmFuc19ncmVmIHx8Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICFhY3QtPmlzX3N1Yl9wYWdlKSkg KQorICAgICAgICB7CisgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKKyAgICAgICAgICAg IF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7Cisg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAg ICBhY3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3Jh bnRfcmVhZF91bmxvY2socmd0KTsKKyAgICAgICAgICAgIHB1dF9wYWdlKCpw YWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAg IHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAgIGlmICgg IW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3QtPmRvbWlk ID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFuc19wYWdl X29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNfbGVuZ3Ro OworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsKKyAgICAg ICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7CisgICAgICAg ICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAgICAgICBh Y3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAgICAgICAg ICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkg bm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQgd2UgYWx3 YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tzIG1hcHBp bmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50cy4KKyAg ICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJfcGFnZSA9 IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFvbGRfcGlu IHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRfcGluICYg KEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCiAgICAg ewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+Z3RfdmVy c2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjIxMiw4MCArMjI5OCw2IEBA IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAgIHRyYW5z X3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0aCA9IFBB R0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICggKHNoYWgt PmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRpdmUgKQot ICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFuc2l0aXZl ICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFy LCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAgICAgICAg ICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBh bGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEy LT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAgdHJhbnNf Z3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAgICAgIGJh cnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5n Ci0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20g c2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFuc19kb21p ZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJ TCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAg ICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50cyBjYW5u b3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAgICAgIC8q IFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2UsIHdoaWNo Ci0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50IGJlaW5n IGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAgICAgICB0 byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdyYW50ZWQg YmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRvbWFpbi4g IEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAgICAgICAg ICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVzdC4gKi8K LQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAgICAgIHRk ID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKLSAgICAg ICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAgICAgUElO X0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwK LSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBy ZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAvKgotICAg ICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQg dGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJlbW90ZSB0 YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3AgdGhlIGxv Y2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQotICAgICAg ICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFzZShh Y3QpOwotICAgICAgICAgICAgZ3JhbnRfcmVhZF91bmxvY2socmd0KTsKLQot ICAgICAgICAgICAgcmMgPSBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIHJkLT5kb21haW5faWQsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2Zy YW1lLCBwYWdlLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3RoLCAwKTsK LQotICAgICAgICAgICAgZ3JhbnRfcmVhZF9sb2NrKHJndCk7Ci0gICAgICAg ICAgICBhY3QgPSBhY3RpdmVfZW50cnlfYWNxdWlyZShyZ3QsIGdyZWYpOwot Ci0gICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKQotICAgICAg ICAgICAgewotICAgICAgICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9j b3B5X3BpbihhY3QsIHN0YXR1cyk7Ci0gICAgICAgICAgICAgICAgcmN1X3Vu bG9ja19kb21haW4odGQpOwotICAgICAgICAgICAgICAgIGFjdGl2ZV9lbnRy eV9yZWxlYXNlKGFjdCk7Ci0gICAgICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKLSAgICAgICAgICAgICAgICByZXR1cm4gcmM7Ci0gICAg ICAgICAgICB9Ci0KLSAgICAgICAgICAgIC8qCi0gICAgICAgICAgICAgKiBX ZSBkcm9wcGVkIHRoZSBsb2NrLCBzbyB3ZSBoYXZlIHRvIGNoZWNrIHRoYXQg bm9ib2R5IGVsc2UgdHJpZWQKLSAgICAgICAgICAgICAqIHRvIHBpbiAob3Is IGZvciB0aGF0IG1hdHRlciwgdW5waW4pIHRoZSByZWZlcmVuY2UgaW4gKnRo aXMqCi0gICAgICAgICAgICAgKiBkb21haW4uICBJZiB0aGV5IGRpZCwganVz dCBnaXZlIHVwIGFuZCB0ZWxsIHRoZSBjYWxsZXIgdG8gcmV0cnkuCi0gICAg ICAgICAgICAgKi8KLSAgICAgICAgICAgIGlmICggYWN0LT5waW4gIT0gb2xk X3BpbiApCi0gICAgICAgICAgICB7Ci0gICAgICAgICAgICAgICAgX19maXh1 cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAgICAgICAg ICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAgICAgICAg ICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKLSAgICAgICAgICAgICAg ICBncmFudF9yZWFkX3VubG9jayhyZ3QpOwotICAgICAgICAgICAgICAgIHB1 dF9wYWdlKCpwYWdlKTsKLSAgICAgICAgICAgICAgICAqcGFnZSA9IE5VTEw7 Ci0gICAgICAgICAgICAgICAgcmV0dXJuIEVSRVNUQVJUOwotICAgICAgICAg ICAgfQotCi0gICAgICAgICAgICAvKiBUaGUgYWN0dWFsIHJlbW90ZSByZW1v dGUgZ3JhbnQgbWF5IG9yIG1heSBub3QgYmUgYQotICAgICAgICAgICAgICAg c3ViLXBhZ2UsIGJ1dCB3ZSBhbHdheXMgdHJlYXQgaXQgYXMgb25lIGJlY2F1 c2UgdGhhdAotICAgICAgICAgICAgICAgYmxvY2tzIG1hcHBpbmdzIG9mIHRy YW5zaXRpdmUgZ3JhbnRzLiAqLwotICAgICAgICAgICAgaXNfc3ViX3BhZ2Ug PSAxOwotICAgICAgICAgICAgYWN0LT5nZm4gPSAtMXVsOwotICAgICAgICB9 CiAgICAgICAgIGVsc2UgaWYgKCAhKHNoYTItPmhkci5mbGFncyAmIEdURl9z dWJfcGFnZSkgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0 X3BhZ2VkX2ZyYW1lKHNoYTItPmZ1bGxfcGFnZS5mcmFtZSwgJmdyYW50X2Zy YW1lLCBwYWdlLCByZWFkb25seSwgcmQpOwpAQCAtMjcxMCwxMCArMjcyMiwx MyBAQCBnbnR0YWJfc2V0X3ZlcnNpb24oWEVOX0dVRVNUX0hBTkRMRV9QQVJB CiAgICAgY2FzZSAyOgogICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRB Ql9OUl9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQogICAgICAgICB7Ci0gICAg ICAgICAgICBpZiAoICgoc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxh Z3MgJiBHVEZfdHlwZV9tYXNrKSA9PQotICAgICAgICAgICAgICAgICAgR1RG X3Blcm1pdF9hY2Nlc3MpICYmCi0gICAgICAgICAgICAgICAgIChzaGFyZWRf ZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFtZSA+PiAzMikgKQorICAg ICAgICAgICAgc3dpdGNoICggc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIu ZmxhZ3MgJiBHVEZfdHlwZV9tYXNrICkKICAgICAgICAgICAgIHsKKyAgICAg ICAgICAgIGNhc2UgR1RGX3Blcm1pdF9hY2Nlc3M6CisgICAgICAgICAgICAg ICAgIGlmICggIShzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5m cmFtZSA+PiAzMikgKQorICAgICAgICAgICAgICAgICAgICAgYnJlYWs7Cisg ICAgICAgICAgICAgICAgIC8qIGZhbGwgdGhyb3VnaCAqLworICAgICAgICAg ICAgY2FzZSBHVEZfdHJhbnNpdGl2ZToKICAgICAgICAgICAgICAgICBnZHBy aW50ayhYRU5MT0dfV0FSTklORywKICAgICAgICAgICAgICAgICAgICAgICAg ICAidHJpZWQgdG8gY2hhbmdlIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gMSB3 aXRoIG5vbi1yZXByZXNlbnRhYmxlIGVudHJpZXNcbiIpOwogICAgICAgICAg ICAgICAgIHJlcyA9IC1FUkFOR0U7Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.5.patch" Content-Disposition: attachment; filename="xsa226-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCAxNmJmYjM5Li4zOTM2MzE2IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNjYyLDYgKzY2MiwyMiBAQCBkb2VzIG5vdCBwcm92aWRlIFZNXF9FTlRS WVxfTE9BRFxfR1VFU1RcX1BBVC4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBh cmFtZXRlcnMgZm9yIHRoZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBg PSBMaXN0IG9mIFsgbWF4X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAK KworPiBEZWZhdWx0OiBgZ250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZl YAorCitDb250cm9sIHZhcmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFi bGUgYmVoYXZpb3VyIGF2YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92 ZXJgIFNlbGVjdCB0aGUgbWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRv IG9mZmVyIHRvIGd1ZXN0cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAy LgorKiBgdHJhbnNpdGl2ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ug b2YgdHJhbnNpdGl2ZSBncmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2Yg Z3JhbnQgdGFibGUgdjIgd2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBh biBBQkkgYnJlYWthZ2UgZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3 LgorCisqV2FybmluZzoqCitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBv cnQuCisKICMjIyBnbnR0YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2Vy PmAKIApkaWZmIC0tZ2l0IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIv eGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCmluZGV4IDgzYTRiOWUuLmM5YTZj ZDkgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysg Yi94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBA IGludGVnZXJfcGFyYW0oImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25y X2dyYW50X2ZyYW1lcyk7CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBt YXhfZ3JhbnRfZnJhbWVzOwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9m cmFtZXMiLCBtYXhfZ3JhbnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVk IGludCBfX3JlYWRfbW9zdGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAy Oworc3RhdGljIGJvb2xfdCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZl X2dyYW50czsKKworc3RhdGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihj aGFyICpzKQoreworICAgIGNoYXIgKnNzOworCisgICAgZG8geworICAgICAg ICBzcyA9IHN0cmNocihzLCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAg ICAgICAgICAgICpzcyA9ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNt cChzLCAibWF4X3ZlcjoiLCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAg IGxvbmcgdmVyID0gc2ltcGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOwor CisgICAgICAgICAgICBpZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAg ICAgICAgICAgICAgICBvcHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOwor ICAgICAgICB9CisgICAgICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAg ICAgYm9vbF90IHZhbCA9ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAg ICAgICAgICAgIGlmICggIXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAz OworCisgICAgICAgICAgICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUi KSApCisgICAgICAgICAgICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0g dmFsOworICAgICAgICB9CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9 IHdoaWxlICggc3MgKTsKK30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBw YXJzZV9nbnR0YWIpOworCiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3Jh bnQgbWFwcGluZ3MgaXMgZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhl CiAgKiBtYXhpbXVtIG51bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBU aGlzIGRlZmluZXMgdGhlIG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBh cmJpdHJhcnkuIFtQT0xJQ1ldCkBAIC0xOTU4LDYgKzE5OTQsMTAgQEAgX19h Y3F1aXJlX2dyYW50X2Zvcl9jb3B5KAogICAgICAgICB0cmFuc19ncmVmID0g Z3JlZjsKICAgICAgICAgaWYgKCBzaGEyICYmIChzaGFoLT5mbGFncyAmIEdU Rl90eXBlX21hc2spID09IEdURl90cmFuc2l0aXZlICkKICAgICAgICAgewor ICAgICAgICAgICAgaWYgKCAhb3B0X3RyYW5zaXRpdmVfZ3JhbnRzICkKKyAg ICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRT VF9nZW5lcmFsX2Vycm9yLAorICAgICAgICAgICAgICAgICAgICAgICAgICJ0 cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93ZWQgYnkgcG9saWN5XG4iKTsKKwog ICAgICAgICAgICAgaWYgKCAhYWxsb3dfdHJhbnNpdGl2ZSApCiAgICAgICAg ICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2Vu ZXJhbF9lcnJvciwKICAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNp dGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3QgYWxsb3dlZFxuIik7 CkBAIC0yNzQxLDcgKzI3ODEsMTAgQEAgZG9fZ3JhbnRfdGFibGVfb3AoCiAg ICAgfQogICAgIGNhc2UgR05UVEFCT1Bfc2V0X3ZlcnNpb246CiAgICAgewot ICAgICAgICByYyA9IGdudHRhYl9zZXRfdmVyc2lvbihndWVzdF9oYW5kbGVf Y2FzdCh1b3AsIGdudHRhYl9zZXRfdmVyc2lvbl90KSk7CisgICAgICAgIGlm ICggb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9PSAxICkKKyAgICAgICAgICAg IHJjID0gLUVOT1NZUzsgLyogQmVoYXZlIGFzIGJlZm9yZSBzZXRfdmVyc2lv biB3YXMgaW50cm9kdWNlZC4gKi8KKyAgICAgICAgZWxzZQorICAgICAgICAg ICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vlc3RfaGFuZGxlX2Nhc3Qo dW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwogICAgICAgICBicmVhazsK ICAgICB9CiAgICAgY2FzZSBHTlRUQUJPUF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: application/octet-stream; name="xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYworKysgYi94 ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5jCkBAIC0yNTgsOSArMjU4 LDkgQEAgaW50IGNvbXBhdF9ncmFudF90YWJsZV9vcCh1bnNpZ25lZCBpbnQg Y21kLAogICAgICAgICAgICAgICAgIHJjID0gZ250dGFiX2NvcHkoZ3Vlc3Rf aGFuZGxlX2Nhc3QobmF0LnVvcCwgZ250dGFiX2NvcHlfdCksIG4pOwogICAg ICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAgICAgICAgewotICAgICAg ICAgICAgICAgIEFTU0VSVChyYyA8IG4pOwotICAgICAgICAgICAgICAgIGkg LT0gbiAtIHJjOwotICAgICAgICAgICAgICAgIG4gPSByYzsKKyAgICAgICAg ICAgICAgICBBU1NFUlQocmMgPD0gbik7CisgICAgICAgICAgICAgICAgaSAt PSByYzsKKyAgICAgICAgICAgICAgICBuIC09IHJjOwogICAgICAgICAgICAg fQogICAgICAgICAgICAgaWYgKCByYyA+PSAwICkKICAgICAgICAgICAgIHsK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMTg2MCw4ICsxODYwLDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0xOTk3LDE5ICsxOTk5LDE5IEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CiAgICAgICAgICAgICAgICAgcmN1X3VubG9ja19kb21haW4odGQp OwogICAgICAgICAgICAgICAgIHNwaW5fdW5sb2NrKCZyZ3QtPmxvY2spOwog ICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAgICAgICAg ICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJkLCBncmVm LCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdlX29mZiwg bGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAgICAgICAg ICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVybiBFUkVT VEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyogVGhlIGFj dHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90IGJlIGEK QEAgLTIwODksNyArMjA5MSw3IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29w eSgKICAgICByZXR1cm4gcmM7CiB9CiAKLXN0YXRpYyB2b2lkCitzdGF0aWMg Ym9vbF90CiBfX2dudHRhYl9jb3B5KAogICAgIHN0cnVjdCBnbnR0YWJfY29w eSAqb3ApCiB7CkBAIC0yMjEzLDkgKzIyMTUsMjAgQEAgX19nbnR0YWJfY29w eSgKICAgICAgICAgcmN1X3VubG9ja19kb21haW4oc2QpOwogICAgIGlmICgg ZGQgKQogICAgICAgICByY3VfdW5sb2NrX2RvbWFpbihkZCk7CisgICAgaWYg KCByYyA+IDAgKQorICAgICAgICByZXR1cm4gMDsKICAgICBvcC0+c3RhdHVz ID0gcmM7CisgICAgcmV0dXJuIDE7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcKIGdudHRhYl9jb3B5KAog ICAgIFhFTl9HVUVTVF9IQU5ETEVfUEFSQU0oZ250dGFiX2NvcHlfdCkgdW9w LCB1bnNpZ25lZCBpbnQgY291bnQpCkBAIC0yMjI2LDEwICsyMjM5LDExIEBA IGdudHRhYl9jb3B5KAogICAgIGZvciAoIGkgPSAwOyBpIDwgY291bnQ7IGkr KyApCiAgICAgewogICAgICAgICBpZiAoaSAmJiBoeXBlcmNhbGxfcHJlZW1w dF9jaGVjaygpKQotICAgICAgICAgICAgcmV0dXJuIGk7CisgICAgICAgICAg ICByZXR1cm4gY291bnQgLSBpOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9f Y29weV9mcm9tX2d1ZXN0KCZvcCwgdW9wLCAxKSkgKQogICAgICAgICAgICAg cmV0dXJuIC1FRkFVTFQ7Ci0gICAgICAgIF9fZ250dGFiX2NvcHkoJm9wKTsK KyAgICAgICAgaWYgKCAhX19nbnR0YWJfY29weSgmb3ApICkKKyAgICAgICAg ICAgIHJldHVybiBjb3VudCAtIGk7CiAgICAgICAgIGlmICggdW5saWtlbHko X19jb3B5X2ZpZWxkX3RvX2d1ZXN0KHVvcCwgJm9wLCBzdGF0dXMpKSApCiAg ICAgICAgICAgICByZXR1cm4gLUVGQVVMVDsKICAgICAgICAgZ3Vlc3RfaGFu ZGxlX2FkZF9vZmZzZXQodW9wLCAxKTsKQEAgLTI3MjcsNiArMjc0MSw3IEBA IGRvX2dyYW50X3RhYmxlX29wKAogICAgICAgICByYyA9IGdudHRhYl9jb3B5 KGNvcHksIGNvdW50KTsKICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAg ICB7CisgICAgICAgICAgICByYyA9IGNvdW50IC0gcmM7CiAgICAgICAgICAg ICBndWVzdF9oYW5kbGVfYWRkX29mZnNldChjb3B5LCByYyk7CiAgICAgICAg ICAgICB1b3AgPSBndWVzdF9oYW5kbGVfY2FzdChjb3B5LCB2b2lkKTsKICAg ICAgICAgfQo= --=separator Content-Type: application/octet-stream; name="xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.5/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTE4MDgsMTMgKzE4MDgsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBzcGlu X2xvY2soJnJndC0+bG9jayk7CiAKICAgICBhY3QgPSAmYWN0aXZlX2VudHJ5 KHJndCwgZ3JlZik7CkBAIC0xODQ0LDMwICsxODM5LDIxIEBAIF9fcmVsZWFz ZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAtPSBHTlRQ SU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAmIChHTlRQ SU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAgICAgIHsK LSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAgICAgICAg IGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVzKTsKLSAg ICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkKLSAgICB7 CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGluZywgc3Rh dHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAgfQogCiAg ICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7CiAKICAgICBpZiAoIHRkICE9 IHJkICkKICAgICB7CiAgICAgICAgIC8qCi0gICAgICAgICAqIFJlY3Vyc2l2 ZSBjYWxscywgYnV0IHRoZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRz IG9ubHkgYSBzaW5nbGUKKyAgICAgICAgICogUmVjdXJzaXZlIGNhbGwsIGJ1 dCBpdCBpcyBib3VuZGVkIChhY3F1aXJlIHBlcm1pdHMgb25seSBhIHNpbmds ZQogICAgICAgICAgKiBsZXZlbCBvZiB0cmFuc2l0aXZpdHkpLCBzbyBpdCdz IG9rYXkuCiAgICAgICAgICAqLwotICAgICAgICBpZiAoIHJlbGVhc2VkX3dy aXRlICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0 ZCwgdHJhbnNfZ3JlZiwgMCk7Ci0gICAgICAgIGVsc2UgaWYgKCByZWxlYXNl ZF9yZWFkICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29w eSh0ZCwgdHJhbnNfZ3JlZiwgMSk7CisgICAgICAgIF9fcmVsZWFzZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOwogCiAgICAg ICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKICAgICB9CkBAIC0xOTQ4LDc5 ICsxOTM0LDExMyBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAg ICAgICAgICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAog ICAgIG9sZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8 fAotICAgICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJ Tl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBz aGEyICYmIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90 cmFuc2l0aXZlICkKICAgICB7Ci0gICAgICAgIGlmICggKHJjID0gX3NldF9z dGF0dXMocmd0LT5ndF92ZXJzaW9uLCBsZG9tLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHJlYWRvbmx5LCAwLCBzaGFoLCBhY3QsCi0gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RhdHVzKSApICE9IEdOVFNU X29rYXkgKQotICAgICAgICAgICAgIGdvdG8gdW5sb2NrX291dDsKKyAgICAg ICAgaWYgKCAoIW9sZF9waW4gfHwgKCFyZWFkb25seSAmJgorICAgICAgICAg ICAgICAgICAgICAgICAgICAgIShvbGRfcGluICYgKEdOVFBJTl9kZXZ3X21h c2t8R05UUElOX2hzdHdfbWFzaykpKSkgJiYKKyAgICAgICAgICAgICAocmMg PSBfc2V0X3N0YXR1c192MihsZG9tLCByZWFkb25seSwgMCwgc2hhaCwgYWN0 LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN0YXR1cykp ICE9IEdOVFNUX29rYXkgKQorICAgICAgICAgICAgZ290byB1bmxvY2tfb3V0 OworCisgICAgICAgIGlmICggIWFsbG93X3RyYW5zaXRpdmUgKQorICAgICAg ICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJh bF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdy YW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBhbGxvd2VkXG4iKTsKKworICAg ICAgICB0cmFuc19kb21pZCA9IHNoYTItPnRyYW5zaXRpdmUudHJhbnNfZG9t aWQ7CisgICAgICAgIHRyYW5zX2dyZWYgPSBzaGEyLT50cmFuc2l0aXZlLmdy ZWY7CisgICAgICAgIGJhcnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIg ZnJvbSByZS1sb2FkaW5nCisgICAgICAgICAgICAgICAgICAgICAgdHJhbnNf ZG9taWQgZnJvbSBzaGFyZWQgbWVtb3J5ICovCisgICAgICAgIGlmICggdHJh bnNfZG9taWQgPT0gcmQtPmRvbWFpbl9pZCApCisgICAgICAgICAgICBQSU5f RkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAor ICAgICAgICAgICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnRzIGNhbm5v dCBiZSBzZWxmLXJlZmVyZW50aWFsXG4iKTsKIAotICAgICAgICB0ZCA9IHJk OwotICAgICAgICB0cmFuc19ncmVmID0gZ3JlZjsKLSAgICAgICAgaWYgKCBz aGEyICYmIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90 cmFuc2l0aXZlICkKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cg dGhlIHRyYW5zX2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9u ZHMgdG8gYQorICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25l IGRvbWFpbiwgc2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAg ICAgICogdHJhbnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2lu YWwgZG9tYWluLiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwg YW5kIG1lYW5zIHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlv dXIgd2F5IHRvCisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4K KyAgICAgICAgICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0 aGUgcnJkIGxvY2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAg ICAgIHRkID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsK KyAgICAgICAgaWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9G QUlMKHVubG9ja19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisg ICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVu Y2VkIGJhZCBkb21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0 cmFuc19kb21pZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0 aGUKKyAgICAgICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNv IHdlIGhhdmUgdG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFu ZCByZWFjcXVpcmUuCisgICAgICAgICAqLworICAgICAgICBzcGluX3VubG9j aygmcmd0LT5sb2NrKTsKKworICAgICAgICByYyA9IF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmQtPmRvbWFpbl9pZCwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmVhZG9ubHks ICZncmFudF9mcmFtZSwgcGFnZSwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3Ro LCAwKTsKKworICAgICAgICBzcGluX2xvY2soJnJndC0+bG9jayk7CisKKyAg ICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewotICAg ICAgICAgICAgaWYgKCAhYWxsb3dfdHJhbnNpdGl2ZSApCi0gICAgICAgICAg ICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJh bF9lcnJvciwKLSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2 ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3QgYWxsb3dlZFxuIik7Ci0K LSAgICAgICAgICAgIHRyYW5zX2RvbWlkID0gc2hhMi0+dHJhbnNpdGl2ZS50 cmFuc19kb21pZDsKLSAgICAgICAgICAgIHRyYW5zX2dyZWYgPSBzaGEyLT50 cmFuc2l0aXZlLmdyZWY7Ci0gICAgICAgICAgICBiYXJyaWVyKCk7IC8qIFN0 b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZwotICAgICAgICAgICAg ICAgICAgICAgICAgICB0cmFuc19kb21pZCBmcm9tIHNoYXJlZCBtZW1vcnkg Ki8KLSAgICAgICAgICAgIGlmICggdHJhbnNfZG9taWQgPT0gcmQtPmRvbWFp bl9pZCApCi0gICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9j bGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKLSAgICAgICAgICAgICAgICAg ICAgICAgICAidHJhbnNpdGl2ZSBncmFudHMgY2Fubm90IGJlIHNlbGYtcmVm ZXJlbnRpYWxcbiIpOwotCi0gICAgICAgICAgICAvKiBXZSBhbGxvdyB0aGUg dHJhbnNfZG9taWQgPT0gbGRvbSBjYXNlLCB3aGljaAotICAgICAgICAgICAg ICAgY29ycmVzcG9uZHMgdG8gYSBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25l IGRvbWFpbiwgc2VudAotICAgICAgICAgICAgICAgdG8gYW5vdGhlciBvbmUs IGFuZCB0aGVuIHRyYW5zaXRpdmVseSBncmFudGVkIGJhY2sgdG8KLSAgICAg ICAgICAgICAgIHRoZSBvcmlnaW5hbCBkb21haW4uICBBbGxvd2luZyBpdCBp cyBlYXN5LCBhbmQgbWVhbnMKLSAgICAgICAgICAgICAgIHRoYXQgeW91IGRv bid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRvIGF2b2lkIGl0Ci0g ICAgICAgICAgICAgICBpbiB0aGUgZ3Vlc3QuICovCi0KLSAgICAgICAgICAg IC8qIFdlIG5lZWQgdG8gbGVhdmUgdGhlIHJyZCBsb2NrZWQgZHVyaW5nIHRo ZSBncmFudCBjb3B5ICovCi0gICAgICAgICAgICB0ZCA9IHJjdV9sb2NrX2Rv bWFpbl9ieV9pZCh0cmFuc19kb21pZCk7Ci0gICAgICAgICAgICBpZiAoIHRk ID09IE5VTEwgKQotICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19v dXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCi0gICAgICAgICAgICAg ICAgICAgICAgICAgInRyYW5zaXRpdmUgZ3JhbnQgcmVmZXJlbmNlZCBiYWQg ZG9tYWluICVkXG4iLAotICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5z X2RvbWlkKTsKKyAgICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5 X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAgICByY3VfdW5sb2NrX2Rv bWFpbih0ZCk7CiAgICAgICAgICAgICBzcGluX3VubG9jaygmcmd0LT5sb2Nr KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAgfQogCi0gICAg ICAgICAgICByYyA9IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSh0ZCwgdHJh bnNfZ3JlZiwgcmQtPmRvbWFpbl9pZCwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHJlYWRvbmx5LCAmZ3JhbnRfZnJhbWUs IHBhZ2UsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAmdHJhbnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOwotCi0g ICAgICAgICAgICBzcGluX2xvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAg ICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKSB7Ci0gICAgICAgICAgICAgICAg X19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAg ICAgICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAg ICAgICAgICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAg ICAgICAgcmV0dXJuIHJjOwotICAgICAgICAgICAgfQorICAgICAgICAvKgor ICAgICAgICAgKiBXZSBkcm9wcGVkIHRoZSBsb2NrLCBzbyB3ZSBoYXZlIHRv IGNoZWNrIHRoYXQgdGhlIGdyYW50IGRpZG4ndAorICAgICAgICAgKiBjaGFu Z2UsIGFuZCB0aGF0IG5vYm9keSBlbHNlIHRyaWVkIHRvIHBpbi91bnBpbiBp dC4gSWYgYW55dGhpbmcKKyAgICAgICAgICogY2hhbmdlZCwganVzdCBnaXZl IHVwIGFuZCB0ZWxsIHRoZSBjYWxsZXIgdG8gcmV0cnkuCisgICAgICAgICAq LworICAgICAgICBpZiAoIHJndC0+Z3RfdmVyc2lvbiAhPSAyIHx8CisgICAg ICAgICAgICAgYWN0LT5waW4gIT0gb2xkX3BpbiB8fAorICAgICAgICAgICAg IChvbGRfcGluICYmIChhY3QtPmRvbWlkICE9IGxkb20gfHwgYWN0LT5mcmFt ZSAhPSBncmFudF9mcmFtZSB8fAorICAgICAgICAgICAgICAgICAgICAgICAg ICBhY3QtPnN0YXJ0ICE9IHRyYW5zX3BhZ2Vfb2ZmIHx8CisgICAgICAgICAg ICAgICAgICAgICAgICAgIGFjdC0+bGVuZ3RoICE9IHRyYW5zX2xlbmd0aCB8 fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPnRyYW5zX2RvbWFp biAhPSB0ZCB8fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPnRy YW5zX2dyZWYgIT0gdHJhbnNfZ3JlZiB8fAorICAgICAgICAgICAgICAgICAg ICAgICAgICAhYWN0LT5pc19zdWJfcGFnZSkpICkKKyAgICAgICAgeworICAg ICAgICAgICAgX19yZWxlYXNlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFuc19n cmVmLCByZWFkb25seSk7CisgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19m b3JfY29weV9waW4oYWN0LCBzdGF0dXMpOworICAgICAgICAgICAgcmN1X3Vu bG9ja19kb21haW4odGQpOworICAgICAgICAgICAgc3Bpbl91bmxvY2soJnJn dC0+bG9jayk7CisgICAgICAgICAgICBwdXRfcGFnZSgqcGFnZSk7CisgICAg ICAgICAgICAqcGFnZSA9IE5VTEw7CisgICAgICAgICAgICByZXR1cm4gRVJF U1RBUlQ7CisgICAgICAgIH0KIAorICAgICAgICBpZiAoICFvbGRfcGluICkK KyAgICAgICAgeworICAgICAgICAgICAgYWN0LT5kb21pZCA9IGxkb207Cisg ICAgICAgICAgICBhY3QtPnN0YXJ0ID0gdHJhbnNfcGFnZV9vZmY7CisgICAg ICAgICAgICBhY3QtPmxlbmd0aCA9IHRyYW5zX2xlbmd0aDsKKyAgICAgICAg ICAgIGFjdC0+dHJhbnNfZG9tYWluID0gdGQ7CisgICAgICAgICAgICBhY3Qt PnRyYW5zX2dyZWYgPSB0cmFuc19ncmVmOworICAgICAgICAgICAgYWN0LT5m cmFtZSA9IGdyYW50X2ZyYW1lOworICAgICAgICAgICAgYWN0LT5nZm4gPSAt MXVsOwogICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRyb3Bw ZWQgdGhlIGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkg ZWxzZSB0cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9yIHRo YXQgbWF0dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoKLSAg ICAgICAgICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUg dXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KKyAgICAgICAgICAg ICAqIFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkgb3IgbWF5 IG5vdCBiZSBhIHN1Yi1wYWdlLAorICAgICAgICAgICAgICogYnV0IHdlIGFs d2F5cyB0cmVhdCBpdCBhcyBvbmUgYmVjYXVzZSB0aGF0IGJsb2NrcyBtYXBw aW5ncyBvZgorICAgICAgICAgICAgICogdHJhbnNpdGl2ZSBncmFudHMuCiAg ICAgICAgICAgICAgKi8KLSAgICAgICAgICAgIGlmICggYWN0LT5waW4gIT0g b2xkX3BpbiApCi0gICAgICAgICAgICB7Ci0gICAgICAgICAgICAgICAgX19m aXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVzKTsKLSAgICAg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7Ci0gICAgICAgICAg ICAgICAgc3Bpbl91bmxvY2soJnJndC0+bG9jayk7Ci0gICAgICAgICAgICAg ICAgcHV0X3BhZ2UoKnBhZ2UpOwotICAgICAgICAgICAgICAgICpwYWdlID0g TlVMTDsKLSAgICAgICAgICAgICAgICByZXR1cm4gRVJFU1RBUlQ7Ci0gICAg ICAgICAgICB9Ci0KLSAgICAgICAgICAgIC8qIFRoZSBhY3R1YWwgcmVtb3Rl IHJlbW90ZSBncmFudCBtYXkgb3IgbWF5IG5vdCBiZSBhCi0gICAgICAgICAg ICAgICBzdWItcGFnZSwgYnV0IHdlIGFsd2F5cyB0cmVhdCBpdCBhcyBvbmUg YmVjYXVzZSB0aGF0Ci0gICAgICAgICAgICAgICBibG9ja3MgbWFwcGluZ3Mg b2YgdHJhbnNpdGl2ZSBncmFudHMuICovCi0gICAgICAgICAgICBpc19zdWJf cGFnZSA9IDE7Ci0gICAgICAgICAgICBhY3QtPmdmbiA9IC0xdWw7CisgICAg ICAgICAgICBhY3QtPmlzX3N1Yl9wYWdlID0gMTsKICAgICAgICAgfQotICAg ICAgICBlbHNlIGlmICggc2hhMSApCisgICAgfQorICAgIGVsc2UgaWYgKCAh b2xkX3BpbiB8fAorICAgICAgICAgICAgICAoIXJlYWRvbmx5ICYmICEob2xk X3BpbiAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkg KQorICAgIHsKKyAgICAgICAgaWYgKCAocmMgPSBfc2V0X3N0YXR1cyhyZ3Qt Pmd0X3ZlcnNpb24sIGxkb20sCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcmVhZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBzdGF0dXMpICkgIT0gR05UU1Rfb2theSApCisg ICAgICAgICAgICAgZ290byB1bmxvY2tfb3V0OworCisgICAgICAgIHRkID0g cmQ7CisgICAgICAgIHRyYW5zX2dyZWYgPSBncmVmOworICAgICAgICBpZiAo IHNoYTEgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0X3Bh Z2VkX2ZyYW1lKHNoYTEtPmZyYW1lLCAmZ3JhbnRfZnJhbWUsIHBhZ2UsIHJl YWRvbmx5LCByZCk7CiAgICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29r YXkgKQpAQCAtMjI5NSwxNCArMjMxNSwzNSBAQCBnbnR0YWJfc2V0X3ZlcnNp b24oWEVOX0dVRVNUX0hBTkRMRV9QQVJBCiAgICAgICAgIH0KICAgICB9CiAK LSAgICAvKiBYWFg6IElmIHdlJ3JlIGdvaW5nIHRvIHZlcnNpb24gMiwgd2Ug Y291bGQgbWF5YmUgc2hyaW5rIHRoZQotICAgICAgIGFjdGl2ZSBncmFudCB0 YWJsZSBoZXJlLiAqLwotCi0gICAgaWYgKCBvcC52ZXJzaW9uID09IDIgJiYg Z3QtPmd0X3ZlcnNpb24gPCAyICkKKyAgICBzd2l0Y2ggKCBndC0+Z3RfdmVy c2lvbiApCiAgICAgewotICAgICAgICByZXMgPSBnbnR0YWJfcG9wdWxhdGVf c3RhdHVzX2ZyYW1lcyhkLCBndCwgbnJfZ3JhbnRfZnJhbWVzKGd0KSk7Ci0g ICAgICAgIGlmICggcmVzIDwgMCkKLSAgICAgICAgICAgIGdvdG8gb3V0X3Vu bG9jazsKKyAgICBjYXNlIDA6CisgICAgICAgIGlmICggb3AudmVyc2lvbiA9 PSAyICkKKyAgICAgICAgeworICAgIGNhc2UgMToKKyAgICAgICAgICAgIC8q IFhYWDogV2UgY291bGQgbWF5YmUgc2hyaW5rIHRoZSBhY3RpdmUgZ3JhbnQg dGFibGUgaGVyZS4gKi8KKyAgICAgICAgICAgIHJlcyA9IGdudHRhYl9wb3B1 bGF0ZV9zdGF0dXNfZnJhbWVzKGQsIGd0LCBucl9ncmFudF9mcmFtZXMoZ3Qp KTsKKyAgICAgICAgICAgIGlmICggcmVzIDwgMCkKKyAgICAgICAgICAgICAg ICBnb3RvIG91dF91bmxvY2s7CisgICAgICAgIH0KKyAgICAgICAgYnJlYWs7 CisgICAgY2FzZSAyOgorICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRB Ql9OUl9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQorICAgICAgICB7CisgICAg ICAgICAgICBzd2l0Y2ggKCBzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5m bGFncyAmIEdURl90eXBlX21hc2sgKQorICAgICAgICAgICAgeworICAgICAg ICAgICAgY2FzZSBHVEZfcGVybWl0X2FjY2VzczoKKyAgICAgICAgICAgICAg ICAgaWYgKCAhKHNoYXJlZF9lbnRyeV92MihndCwgaSkuZnVsbF9wYWdlLmZy YW1lID4+IDMyKSApCisgICAgICAgICAgICAgICAgICAgICBicmVhazsKKyAg ICAgICAgICAgICAgICAgLyogZmFsbCB0aHJvdWdoICovCisgICAgICAgICAg ICBjYXNlIEdURl90cmFuc2l0aXZlOgorICAgICAgICAgICAgICAgIGdkcHJp bnRrKFhFTkxPR19XQVJOSU5HLAorICAgICAgICAgICAgICAgICAgICAgICAg ICJ0cmllZCB0byBjaGFuZ2UgZ3JhbnQgdGFibGUgdmVyc2lvbiB0byAxIHdp dGggbm9uLXJlcHJlc2VudGFibGUgZW50cmllc1xuIik7CisgICAgICAgICAg ICAgICAgcmVzID0gLUVSQU5HRTsKKyAgICAgICAgICAgICAgICBnb3RvIG91 dF91bmxvY2s7CisgICAgICAgICAgICB9CisgICAgICAgIH0KKyAgICAgICAg YnJlYWs7CiAgICAgfQogCiAgICAgLyogUHJlc2VydmUgdGhlIGZpcnN0IDgg ZW50cmllcyAodG9vbHN0YWNrIHJlc2VydmVkIGdyYW50cykgKi8K --=separator Content-Type: application/octet-stream; name="xsa226-4.6.patch" Content-Disposition: attachment; filename="xsa226-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCBkOTlhMjBhLi4xMTNiYjI5IDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzMzLDYgKzczMywyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB0aGUgc2VyaWFsIHBhcmFtZXRlcnMgZm9yIHRo ZSBHREIgc3R1Yi4KIAorIyMjIGdudHRhYgorPiBgPSBMaXN0IG9mIFsgbWF4 X3Zlcjo8aW50ZWdlcj4sIHRyYW5zaXRpdmUgXWAKKworPiBEZWZhdWx0OiBg Z250dGFiPW1heF92ZXI6Mixuby10cmFuc2l0aXZlYAorCitDb250cm9sIHZh cmlvdXMgYXNwZWN0cyBvZiB0aGUgZ3JhbnQgdGFibGUgYmVoYXZpb3VyIGF2 YWlsYWJsZSB0byBndWVzdHMuCisKKyogYG1heF92ZXJgIFNlbGVjdCB0aGUg bWF4aW11bSBncmFudCB0YWJsZSB2ZXJzaW9uIHRvIG9mZmVyIHRvIGd1ZXN0 cy4gIFZhbGlkCit2ZXJzaW9uIGFyZSAxIGFuZCAyLgorKiBgdHJhbnNpdGl2 ZWAgUGVybWl0IG9yIGRpc2FsbG93IHRoZSB1c2Ugb2YgdHJhbnNpdGl2ZSBn cmFudHMuICBOb3RlIHRoYXQgdGhlCit1c2Ugb2YgZ3JhbnQgdGFibGUgdjIg d2l0aG91dCB0cmFuc2l0aXZlIGdyYW50cyBpcyBhbiBBQkkgYnJlYWthZ2Ug ZnJvbSB0aGUKK2d1ZXN0cyBwb2ludCBvZiB2aWV3LgorCisqV2FybmluZzoq CitEdWUgdG8gWFNBLTIyNiwgdGhlIHVzZSBvZiB0cmFuc2l0aXZlIGdyYW50 cyBpcyBvdXRzaWRlIG9mIHNlY3VyaXR5IHN1cHBvcnQuCisKICMjIyBnbnR0 YWJcX21heFxfZnJhbWVzCiA+IGA9IDxpbnRlZ2VyPmAKIApkaWZmIC0tZ2l0 IGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jIGIveGVuL2NvbW1vbi9ncmFu dF90YWJsZS5jCmluZGV4IDIwMjMwZmIuLjk4ODQ1YzQgMTAwNjQ0Ci0tLSBh L3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dy YW50X3RhYmxlLmMKQEAgLTUwLDYgKzUwLDQyIEBAIGludGVnZXJfcGFyYW0o ImdudHRhYl9tYXhfbnJfZnJhbWVzIiwgbWF4X25yX2dyYW50X2ZyYW1lcyk7 CiB1bnNpZ25lZCBpbnQgX19yZWFkX21vc3RseSBtYXhfZ3JhbnRfZnJhbWVz OwogaW50ZWdlcl9wYXJhbSgiZ250dGFiX21heF9mcmFtZXMiLCBtYXhfZ3Jh bnRfZnJhbWVzKTsKIAorc3RhdGljIHVuc2lnbmVkIGludCBfX3JlYWRfbW9z dGx5IG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSAyOworc3RhdGljIGJvb2xf dCBfX3JlYWRfbW9zdGx5IG9wdF90cmFuc2l0aXZlX2dyYW50czsKKworc3Rh dGljIHZvaWQgX19pbml0IHBhcnNlX2dudHRhYihjaGFyICpzKQoreworICAg IGNoYXIgKnNzOworCisgICAgZG8geworICAgICAgICBzcyA9IHN0cmNocihz LCAnLCcpOworICAgICAgICBpZiAoIHNzICkKKyAgICAgICAgICAgICpzcyA9 ICdcMCc7CisKKyAgICAgICAgaWYgKCAhc3RybmNtcChzLCAibWF4X3Zlcjoi LCA4KSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGxvbmcgdmVyID0gc2lt cGxlX3N0cnRvbChzICsgOCwgTlVMTCwgMTApOworCisgICAgICAgICAgICBp ZiAoIHZlciA+PSAxICYmIHZlciA8PSAyICkKKyAgICAgICAgICAgICAgICBv cHRfZ250dGFiX21heF92ZXJzaW9uID0gdmVyOworICAgICAgICB9CisgICAg ICAgIGVsc2UKKyAgICAgICAgeworICAgICAgICAgICAgYm9vbF90IHZhbCA9 ICEhc3RybmNtcChzLCAibm8tIiwgMyk7CisKKyAgICAgICAgICAgIGlmICgg IXZhbCApCisgICAgICAgICAgICAgICAgcyArPSAzOworCisgICAgICAgICAg ICBpZiAoICFzdHJjbXAocywgInRyYW5zaXRpdmUiKSApCisgICAgICAgICAg ICAgICAgb3B0X3RyYW5zaXRpdmVfZ3JhbnRzID0gdmFsOworICAgICAgICB9 CisKKyAgICAgICAgcyA9IHNzICsgMTsKKyAgICB9IHdoaWxlICggc3MgKTsK K30KKworY3VzdG9tX3BhcmFtKCJnbnR0YWIiLCBwYXJzZV9nbnR0YWIpOwor CiAvKiBUaGUgbWF4aW11bSBudW1iZXIgb2YgZ3JhbnQgbWFwcGluZ3MgaXMg ZGVmaW5lZCBhcyBhIG11bHRpcGxpZXIgb2YgdGhlCiAgKiBtYXhpbXVtIG51 bWJlciBvZiBncmFudCB0YWJsZSBlbnRyaWVzLiBUaGlzIGRlZmluZXMgdGhl IG11bHRpcGxpZXIgdXNlZC4KICAqIFByZXR0eSBhcmJpdHJhcnkuIFtQT0xJ Q1ldCkBAIC0yMTc1LDYgKzIyMTEsMTAgQEAgX19hY3F1aXJlX2dyYW50X2Zv cl9jb3B5KAogICAgICAgICB9CiAgICAgICAgIGVsc2UgaWYgKCAoc2hhaC0+ ZmxhZ3MgJiBHVEZfdHlwZV9tYXNrKSA9PSBHVEZfdHJhbnNpdGl2ZSApCiAg ICAgICAgIHsKKyAgICAgICAgICAgIGlmICggIW9wdF90cmFuc2l0aXZlX2dy YW50cyApCisgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9j bGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBkaXNhbGxvd2VkIGJ5IHBvbGlj eVxuIik7CisKICAgICAgICAgICAgIGlmICggIWFsbG93X3RyYW5zaXRpdmUg KQogICAgICAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRfY2xlYXIs IEdOVFNUX2dlbmVyYWxfZXJyb3IsCiAgICAgICAgICAgICAgICAgICAgICAg ICAgInRyYW5zaXRpdmUgZ3JhbnQgd2hlbiB0cmFuc2l0aXZpdHkgbm90IGFs bG93ZWRcbiIpOwpAQCAtMzE0Myw3ICszMTgzLDEwIEBAIGRvX2dyYW50X3Rh YmxlX29wKAogICAgIH0KICAgICBjYXNlIEdOVFRBQk9QX3NldF92ZXJzaW9u OgogICAgIHsKLSAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNpb24oZ3Vl c3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25fdCkpOwor ICAgICAgICBpZiAoIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPT0gMSApCisg ICAgICAgICAgICByYyA9IC1FTk9TWVM7IC8qIEJlaGF2ZSBhcyBiZWZvcmUg c2V0X3ZlcnNpb24gd2FzIGludHJvZHVjZWQuICovCisgICAgICAgIGVsc2UK KyAgICAgICAgICAgIHJjID0gZ250dGFiX3NldF92ZXJzaW9uKGd1ZXN0X2hh bmRsZV9jYXN0KHVvcCwgZ250dGFiX3NldF92ZXJzaW9uX3QpKTsKICAgICAg ICAgYnJlYWs7CiAgICAgfQogICAgIGNhc2UgR05UVEFCT1BfZ2V0X3N0YXR1 c19mcmFtZXM6Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.6/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYworKysgYi94 ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5jCkBAIC0yNTgsOSArMjU4 LDkgQEAgaW50IGNvbXBhdF9ncmFudF90YWJsZV9vcCh1bnNpZ25lZCBpbnQg Y21kLAogICAgICAgICAgICAgICAgIHJjID0gZ250dGFiX2NvcHkoZ3Vlc3Rf aGFuZGxlX2Nhc3QobmF0LnVvcCwgZ250dGFiX2NvcHlfdCksIG4pOwogICAg ICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAgICAgICAgewotICAgICAg ICAgICAgICAgIEFTU0VSVChyYyA8IG4pOwotICAgICAgICAgICAgICAgIGkg LT0gbiAtIHJjOwotICAgICAgICAgICAgICAgIG4gPSByYzsKKyAgICAgICAg ICAgICAgICBBU1NFUlQocmMgPD0gbik7CisgICAgICAgICAgICAgICAgaSAt PSByYzsKKyAgICAgICAgICAgICAgICBuIC09IHJjOwogICAgICAgICAgICAg fQogICAgICAgICAgICAgaWYgKCByYyA+PSAwICkKICAgICAgICAgICAgIHsK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjA4OSw4ICsyMDg5LDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjQxLDEwICsyMjQzLDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjUyLDkgKzIyNTUsOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICByZWFkX3VubG9jaygmcmd0LT5s b2NrKTsKICAgICAgICAgICAgICAgICBwdXRfcGFnZSgqcGFnZSk7Ci0gICAg ICAgICAgICAgICAgcmV0dXJuIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weShy ZCwgZ3JlZiwgbGRvbSwgcmVhZG9ubHksCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcmFtZSwgcGFnZSwgcGFn ZV9vZmYsIGxlbmd0aCwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGFsbG93X3RyYW5zaXRpdmUpOworICAgICAg ICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAgICAgICByZXR1 cm4gRVJFU1RBUlQ7CiAgICAgICAgICAgICB9CiAKICAgICAgICAgICAgIC8q IFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkgb3IgbWF5IG5v dCBiZSBhCkBAIC0yNTYwLDcgKzI1NjIsNyBAQCBzdGF0aWMgaW50IGdudHRh Yl9jb3B5X29uZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRh Yl9jb3B5X3JlbGVhc2VfYnVmKHNyYyk7CiAgICAgICAgIHJjID0gZ250dGFi X2NvcHlfY2xhaW1fYnVmKG9wLCAmb3AtPnNvdXJjZSwgc3JjLCBHTlRDT1BZ X3NvdXJjZV9ncmVmKTsKLSAgICAgICAgaWYgKCByYyA8IDAgKQorICAgICAg ICBpZiAoIHJjICkKICAgICAgICAgICAgIGdvdG8gb3V0OwogICAgIH0KIApA QCAtMjU3MCw3ICsyNTcyLDcgQEAgc3RhdGljIGludCBnbnR0YWJfY29weV9v bmUoY29uc3Qgc3RydWN0CiAgICAgewogICAgICAgICBnbnR0YWJfY29weV9y ZWxlYXNlX2J1ZihkZXN0KTsKICAgICAgICAgcmMgPSBnbnR0YWJfY29weV9j bGFpbV9idWYob3AsICZvcC0+ZGVzdCwgZGVzdCwgR05UQ09QWV9kZXN0X2dy ZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAgIGlmICggcmMg KQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBAIC0yNTc5LDYg KzI1ODEsMTQgQEAgc3RhdGljIGludCBnbnR0YWJfY29weV9vbmUoY29uc3Qg c3RydWN0CiAgICAgcmV0dXJuIHJjOwogfQogCisvKgorICogZ250dGFiX2Nv cHkoKSwgb3RoZXIgdGhhbiB0aGUgdmFyaW91cyBvdGhlciBoZWxwZXJzIG9m CisgKiBkb19ncmFudF90YWJsZV9vcCgpLCByZXR1cm5zIChiZXNpZGVzIHBv c3NpYmxlIGVycm9yIGluZGljYXRvcnMpCisgKiAiY291bnQgLSBpIiByYXRo ZXIgdGhhbiAiaSIgdG8gZW5zdXJlIHRoYXQgZXZlbiBpZiBubyBwcm9ncmVz cworICogd2FzIG1hZGUgYXQgYWxsIChwZXJoYXBzIGR1ZSB0byBnbnR0YWJf Y29weV9vbmUoKSByZXR1cm5pbmcgYQorICogcG9zaXRpdmUgdmFsdWUpIGEg bm9uLXplcm8gdmFsdWUgaXMgYmVpbmcgaGFuZGVkIGJhY2sgKHplcm8gbmVl ZHMKKyAqIHRvIGJlIGF2b2lkZWQsIGFzIHRoYXQgbWVhbnMgInN1Y2Nlc3Ms IGFsbCBkb25lIikuCisgKi8KIHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAog ICAgIFhFTl9HVUVTVF9IQU5ETEVfUEFSQU0oZ250dGFiX2NvcHlfdCkgdW9w LCB1bnNpZ25lZCBpbnQgY291bnQpCiB7CkBAIC0yNTkyLDcgKzI2MDIsNyBA QCBzdGF0aWMgbG9uZyBnbnR0YWJfY29weSgKICAgICB7CiAgICAgICAgIGlm ICggaSAmJiBoeXBlcmNhbGxfcHJlZW1wdF9jaGVjaygpICkKICAgICAgICAg ewotICAgICAgICAgICAgcmMgPSBpOworICAgICAgICAgICAgcmMgPSBjb3Vu dCAtIGk7CiAgICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCkBAIC0y NjAyLDEzICsyNjEyLDIwIEBAIHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAog ICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0KIAotICAgICAgICBvcC5z dGF0dXMgPSBnbnR0YWJfY29weV9vbmUoJm9wLCAmZGVzdCwgJnNyYyk7Ci0g ICAgICAgIGlmICggb3Auc3RhdHVzICE9IEdOVFNUX29rYXkgKQorICAgICAg ICByYyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKKyAg ICAgICAgaWYgKCByYyA+IDAgKQorICAgICAgICB7CisgICAgICAgICAgICBy YyA9IGNvdW50IC0gaTsKKyAgICAgICAgICAgIGJyZWFrOworICAgICAgICB9 CisgICAgICAgIGlmICggcmMgIT0gR05UU1Rfb2theSApCiAgICAgICAgIHsK ICAgICAgICAgICAgIGdudHRhYl9jb3B5X3JlbGVhc2VfYnVmKCZzcmMpOwog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJmRlc3QpOwog ICAgICAgICB9CiAKKyAgICAgICAgb3Auc3RhdHVzID0gcmM7CisgICAgICAg IHJjID0gMDsKICAgICAgICAgaWYgKCB1bmxpa2VseShfX2NvcHlfZmllbGRf dG9fZ3Vlc3QodW9wLCAmb3AsIHN0YXR1cykpICkKICAgICAgICAgewogICAg ICAgICAgICAgcmMgPSAtRUZBVUxUOwpAQCAtMzE0Niw2ICszMTYzLDcgQEAg ZG9fZ3JhbnRfdGFibGVfb3AoCiAgICAgICAgIHJjID0gZ250dGFiX2NvcHko Y29weSwgY291bnQpOwogICAgICAgICBpZiAoIHJjID4gMCApCiAgICAgICAg IHsKKyAgICAgICAgICAgIHJjID0gY291bnQgLSByYzsKICAgICAgICAgICAg IGd1ZXN0X2hhbmRsZV9hZGRfb2Zmc2V0KGNvcHksIHJjKTsKICAgICAgICAg ICAgIHVvcCA9IGd1ZXN0X2hhbmRsZV9jYXN0KGNvcHksIHZvaWQpOwogICAg ICAgICB9Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.6/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwMzYsMTMgKzIwMzYsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICByZWFk X2xvY2soJnJndC0+bG9jayk7CiAKICAgICBhY3QgPSBhY3RpdmVfZW50cnlf YWNxdWlyZShyZ3QsIGdyZWYpOwpAQCAtMjA3MiwxNyArMjA2NywxMSBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAKICAgICAgICAgYWN0LT5waW4g LT0gR05UUElOX2hzdHdfaW5jOwogICAgICAgICBpZiAoICEoYWN0LT5waW4g JiAoR05UUElOX2RldndfbWFza3xHTlRQSU5faHN0d19tYXNrKSkgKQotICAg ICAgICB7Ci0gICAgICAgICAgICByZWxlYXNlZF93cml0ZSA9IDE7CiAgICAg ICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3dyaXRpbmcsIHN0YXR1 cyk7Ci0gICAgICAgIH0KICAgICB9CiAKICAgICBpZiAoICFhY3QtPnBpbiAp Ci0gICAgewogICAgICAgICBnbnR0YWJfY2xlYXJfZmxhZyhfR1RGX3JlYWRp bmcsIHN0YXR1cyk7Ci0gICAgICAgIHJlbGVhc2VkX3JlYWQgPSAxOwotICAg IH0KIAogICAgIGFjdGl2ZV9lbnRyeV9yZWxlYXNlKGFjdCk7CiAgICAgcmVh ZF91bmxvY2soJnJndC0+bG9jayk7CkBAIC0yMDkwLDEzICsyMDc5LDEwIEBA IF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgKICAgICBpZiAoIHRkICE9IHJk ICkKICAgICB7CiAgICAgICAgIC8qCi0gICAgICAgICAqIFJlY3Vyc2l2ZSBj YWxscywgYnV0IHRoZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9u bHkgYSBzaW5nbGUKKyAgICAgICAgICogUmVjdXJzaXZlIGNhbGwsIGJ1dCBp dCBpcyBib3VuZGVkIChhY3F1aXJlIHBlcm1pdHMgb25seSBhIHNpbmdsZQog ICAgICAgICAgKiBsZXZlbCBvZiB0cmFuc2l0aXZpdHkpLCBzbyBpdCdzIG9r YXkuCiAgICAgICAgICAqLwotICAgICAgICBpZiAoIHJlbGVhc2VkX3dyaXRl ICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0ZCwg dHJhbnNfZ3JlZiwgMCk7Ci0gICAgICAgIGVsc2UgaWYgKCByZWxlYXNlZF9y ZWFkICkKLSAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSh0 ZCwgdHJhbnNfZ3JlZiwgMSk7CisgICAgICAgIF9fcmVsZWFzZV9ncmFudF9m b3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOwogCiAgICAgICAg IHJjdV91bmxvY2tfZG9tYWluKHRkKTsKICAgICB9CkBAIC0yMTcwLDggKzIx NTYsMTA4IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAg ICAgICAgICAgYWN0LT5kb21pZCwgbGRvbSwgYWN0LT5waW4pOwogCiAgICAg b2xkX3BpbiA9IGFjdC0+cGluOwotICAgIGlmICggIWFjdC0+cGluIHx8Ci0g ICAgICAgICAoIXJlYWRvbmx5ICYmICEoYWN0LT5waW4gJiAoR05UUElOX2Rl dndfbWFza3xHTlRQSU5faHN0d19tYXNrKSkpICkKKyAgICBpZiAoIHNoYTIg JiYgKHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5z aXRpdmUgKQorICAgIHsKKyAgICAgICAgaWYgKCAoIW9sZF9waW4gfHwgKCFy ZWFkb25seSAmJgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIShvbGRf cGluICYgKEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSkg JiYKKyAgICAgICAgICAgICAocmMgPSBfc2V0X3N0YXR1c192MihsZG9tLCBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0YXR1cykpICE9IEdOVFNUX29rYXkgKQorICAgICAg ICAgICAgZ290byB1bmxvY2tfb3V0OworCisgICAgICAgIGlmICggIWFsbG93 X3RyYW5zaXRpdmUgKQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291 dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAg ICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5v dCBhbGxvd2VkXG4iKTsKKworICAgICAgICB0cmFuc19kb21pZCA9IHNoYTIt PnRyYW5zaXRpdmUudHJhbnNfZG9taWQ7CisgICAgICAgIHRyYW5zX2dyZWYg PSBzaGEyLT50cmFuc2l0aXZlLmdyZWY7CisgICAgICAgIGJhcnJpZXIoKTsg LyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5nCisgICAgICAg ICAgICAgICAgICAgICAgdHJhbnNfZG9taWQgZnJvbSBzaGFyZWQgbWVtb3J5 ICovCisgICAgICAgIGlmICggdHJhbnNfZG9taWQgPT0gcmQtPmRvbWFpbl9p ZCApCisgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBH TlRTVF9nZW5lcmFsX2Vycm9yLAorICAgICAgICAgICAgICAgICAgICAgInRy YW5zaXRpdmUgZ3JhbnRzIGNhbm5vdCBiZSBzZWxmLXJlZmVyZW50aWFsXG4i KTsKKworICAgICAgICAvKgorICAgICAgICAgKiBXZSBhbGxvdyB0aGUgdHJh bnNfZG9taWQgPT0gbGRvbSBjYXNlLCB3aGljaCBjb3JyZXNwb25kcyB0byBh CisgICAgICAgICAqIGdyYW50IGJlaW5nIGlzc3VlZCBieSBvbmUgZG9tYWlu LCBzZW50IHRvIGFub3RoZXIgb25lLCBhbmQgdGhlbgorICAgICAgICAgKiB0 cmFuc2l0aXZlbHkgZ3JhbnRlZCBiYWNrIHRvIHRoZSBvcmlnaW5hbCBkb21h aW4uICBBbGxvd2luZyBpdAorICAgICAgICAgKiBpcyBlYXN5LCBhbmQgbWVh bnMgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8KKyAgICAgICAgICogYXZvaWQgaXQgaW4gdGhlIGd1ZXN0LgorICAgICAg ICAgKi8KKworICAgICAgICAvKiBXZSBuZWVkIHRvIGxlYXZlIHRoZSBycmQg bG9ja2VkIGR1cmluZyB0aGUgZ3JhbnQgY29weS4gKi8KKyAgICAgICAgdGQg PSByY3VfbG9ja19kb21haW5fYnlfaWQodHJhbnNfZG9taWQpOworICAgICAg ICBpZiAoIHRkID09IE5VTEwgKQorICAgICAgICAgICAgUElOX0ZBSUwodW5s b2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAg ICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHJlZmVyZW5jZWQgYmFk IGRvbWFpbiAlZFxuIiwKKyAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2Rv bWlkKTsKKworICAgICAgICAvKgorICAgICAgICAgKiBfX2FjcXVpcmVfZ3Jh bnRfZm9yX2NvcHkoKSBjb3VsZCB0YWtlIHRoZSBsb2NrIG9uIHRoZQorICAg ICAgICAgKiByZW1vdGUgdGFibGUgKGlmIHJkID09IHRkKSwgc28gd2UgaGF2 ZSB0byBkcm9wIHRoZSBsb2NrCisgICAgICAgICAqIGhlcmUgYW5kIHJlYWNx dWlyZS4KKyAgICAgICAgICovCisgICAgICAgIGFjdGl2ZV9lbnRyeV9yZWxl YXNlKGFjdCk7CisgICAgICAgIHJlYWRfdW5sb2NrKCZyZ3QtPmxvY2spOwor CisgICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0 cmFuc19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBw YWdlLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAm dHJhbnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAg IHJlYWRfbG9jaygmcmd0LT5sb2NrKTsKKyAgICAgICAgYWN0ID0gYWN0aXZl X2VudHJ5X2FjcXVpcmUocmd0LCBncmVmKTsKKworICAgICAgICBpZiAoIHJj ICE9IEdOVFNUX29rYXkgKQorICAgICAgICB7CisgICAgICAgICAgICBfX2Zp eHVwX3N0YXR1c19mb3JfY29weV9waW4oYWN0LCBzdGF0dXMpOworICAgICAg ICAgICAgcmN1X3VubG9ja19kb21haW4odGQpOworICAgICAgICAgICAgYWN0 aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKKyAgICAgICAgICAgIHJlYWRfdW5s b2NrKCZyZ3QtPmxvY2spOworICAgICAgICAgICAgcmV0dXJuIHJjOworICAg ICAgICB9CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgZHJvcHBlZCB0 aGUgbG9jaywgc28gd2UgaGF2ZSB0byBjaGVjayB0aGF0IHRoZSBncmFudCBk aWRuJ3QKKyAgICAgICAgICogY2hhbmdlLCBhbmQgdGhhdCBub2JvZHkgZWxz ZSB0cmllZCB0byBwaW4vdW5waW4gaXQuIElmIGFueXRoaW5nCisgICAgICAg ICAqIGNoYW5nZWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgKi8KKyAgICAgICAgaWYgKCByZ3QtPmd0 X3ZlcnNpb24gIT0gMiB8fAorICAgICAgICAgICAgIGFjdC0+cGluICE9IG9s ZF9waW4gfHwKKyAgICAgICAgICAgICAob2xkX3BpbiAmJiAoYWN0LT5kb21p ZCAhPSBsZG9tIHx8IGFjdC0+ZnJhbWUgIT0gZ3JhbnRfZnJhbWUgfHwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5zdGFydCAhPSB0cmFuc19w YWdlX29mZiB8fAorICAgICAgICAgICAgICAgICAgICAgICAgICBhY3QtPmxl bmd0aCAhPSB0cmFuc19sZW5ndGggfHwKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgYWN0LT50cmFuc19kb21haW4gIT0gdGQgfHwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgYWN0LT50cmFuc19ncmVmICE9IHRyYW5zX2dyZWYg fHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIWFjdC0+aXNfc3ViX3Bh Z2UpKSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fcmVsZWFzZV9ncmFu dF9mb3JfY29weSh0ZCwgdHJhbnNfZ3JlZiwgcmVhZG9ubHkpOworICAgICAg ICAgICAgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwgc3RhdHVz KTsKKyAgICAgICAgICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKKyAgICAg ICAgICAgIGFjdGl2ZV9lbnRyeV9yZWxlYXNlKGFjdCk7CisgICAgICAgICAg ICByZWFkX3VubG9jaygmcmd0LT5sb2NrKTsKKyAgICAgICAgICAgIHB1dF9w YWdlKCpwYWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAg ICAgICAgIHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAg IGlmICggIW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3Qt PmRvbWlkID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFu c19wYWdlX29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNf bGVuZ3RoOworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsK KyAgICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7Cisg ICAgICAgICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAg ICAgICBhY3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAg ICAgICAgICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBv ciBtYXkgbm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQg d2UgYWx3YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tz IG1hcHBpbmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50 cy4KKyAgICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJf cGFnZSA9IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFv bGRfcGluIHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRf cGluICYgKEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSAp CiAgICAgewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+ Z3RfdmVyc2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICByZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjE5Miw3OSArMjI3 OCw2IEBAIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAg IHRyYW5zX3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0 aCA9IFBBR0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICgg KHNoYWgtPmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRp dmUgKQotICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFu c2l0aXZlICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0 X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAg ICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5 IG5vdCBhbGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQg PSBzaGEyLT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAg dHJhbnNfZ3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAg ICAgIGJhcnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1s b2FkaW5nCi0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlk IGZyb20gc2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFu c19kb21pZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQ SU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9y LAotICAgICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50 cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAg ICAgIC8qIFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2Us IHdoaWNoCi0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50 IGJlaW5nIGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAg ICAgICB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdy YW50ZWQgYmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRv bWFpbi4gIEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAg ICAgICAgICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91 ciB3YXkgdG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVz dC4gKi8KLQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUg cnJkIGxvY2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAg ICAgIHRkID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsK LSAgICAgICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAg ICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9l cnJvciwKLSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBn cmFudCByZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAg ICAgICAgICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAv KgotICAgICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkg Y291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJl bW90ZSB0YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3Ag dGhlIGxvY2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQot ICAgICAgICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVs ZWFzZShhY3QpOwotICAgICAgICAgICAgcmVhZF91bmxvY2soJnJndC0+bG9j ayk7Ci0KLSAgICAgICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9j b3B5KHRkLCB0cmFuc19ncmVmLCByZC0+ZG9tYWluX2lkLAotICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmVhZG9ubHksICZn cmFudF9mcmFtZSwgcGFnZSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICZ0cmFuc19wYWdlX29mZiwgJnRyYW5zX2xlbmd0 aCwgMCk7Ci0KLSAgICAgICAgICAgIHJlYWRfbG9jaygmcmd0LT5sb2NrKTsK LSAgICAgICAgICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9hY3F1aXJlKHJndCwg Z3JlZik7Ci0KLSAgICAgICAgICAgIGlmICggcmMgIT0gR05UU1Rfb2theSAp IHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19mb3JfY29weV9w aW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAgICAgIHJjdV91bmxvY2tf ZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVs ZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIHJlYWRfdW5sb2NrKCZyZ3Qt PmxvY2spOwotICAgICAgICAgICAgICAgIHJldHVybiByYzsKLSAgICAgICAg ICAgIH0KLQotICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRy b3BwZWQgdGhlIGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2Jv ZHkgZWxzZSB0cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9y IHRoYXQgbWF0dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoK LSAgICAgICAgICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdp dmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KLSAgICAgICAg ICAgICAqLwotICAgICAgICAgICAgaWYgKCBhY3QtPnBpbiAhPSBvbGRfcGlu ICkKLSAgICAgICAgICAgIHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0 YXR1c19mb3JfY29weV9waW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAg ICAgIHJjdV91bmxvY2tfZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBh Y3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIHJl YWRfdW5sb2NrKCZyZ3QtPmxvY2spOwotICAgICAgICAgICAgICAgIHB1dF9w YWdlKCpwYWdlKTsKLSAgICAgICAgICAgICAgICAqcGFnZSA9IE5VTEw7Ci0g ICAgICAgICAgICAgICAgcmV0dXJuIEVSRVNUQVJUOwotICAgICAgICAgICAg fQotCi0gICAgICAgICAgICAvKiBUaGUgYWN0dWFsIHJlbW90ZSByZW1vdGUg Z3JhbnQgbWF5IG9yIG1heSBub3QgYmUgYQotICAgICAgICAgICAgICAgc3Vi LXBhZ2UsIGJ1dCB3ZSBhbHdheXMgdHJlYXQgaXQgYXMgb25lIGJlY2F1c2Ug dGhhdAotICAgICAgICAgICAgICAgYmxvY2tzIG1hcHBpbmdzIG9mIHRyYW5z aXRpdmUgZ3JhbnRzLiAqLwotICAgICAgICAgICAgaXNfc3ViX3BhZ2UgPSAx OwotICAgICAgICAgICAgYWN0LT5nZm4gPSAtMXVsOwotICAgICAgICB9CiAg ICAgICAgIGVsc2UgaWYgKCAhKHNoYTItPmhkci5mbGFncyAmIEdURl9zdWJf cGFnZSkgKQogICAgICAgICB7CiAgICAgICAgICAgICByYyA9IF9fZ2V0X3Bh Z2VkX2ZyYW1lKHNoYTItPmZ1bGxfcGFnZS5mcmFtZSwgJmdyYW50X2ZyYW1l LCBwYWdlLCByZWFkb25seSwgcmQpOwpAQCAtMjY5NiwxMCArMjcwOSwxMyBA QCBnbnR0YWJfc2V0X3ZlcnNpb24oWEVOX0dVRVNUX0hBTkRMRV9QQVJBCiAg ICAgY2FzZSAyOgogICAgICAgICBmb3IgKCBpID0gMDsgaSA8IEdOVFRBQl9O Ul9SRVNFUlZFRF9FTlRSSUVTOyBpKysgKQogICAgICAgICB7Ci0gICAgICAg ICAgICBpZiAoICgoc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxhZ3Mg JiBHVEZfdHlwZV9tYXNrKSA9PQotICAgICAgICAgICAgICAgICAgR1RGX3Bl cm1pdF9hY2Nlc3MpICYmCi0gICAgICAgICAgICAgICAgIChzaGFyZWRfZW50 cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFtZSA+PiAzMikgKQorICAgICAg ICAgICAgc3dpdGNoICggc2hhcmVkX2VudHJ5X3YyKGd0LCBpKS5oZHIuZmxh Z3MgJiBHVEZfdHlwZV9tYXNrICkKICAgICAgICAgICAgIHsKKyAgICAgICAg ICAgIGNhc2UgR1RGX3Blcm1pdF9hY2Nlc3M6CisgICAgICAgICAgICAgICAg IGlmICggIShzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmZ1bGxfcGFnZS5mcmFt ZSA+PiAzMikgKQorICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CisgICAg ICAgICAgICAgICAgIC8qIGZhbGwgdGhyb3VnaCAqLworICAgICAgICAgICAg Y2FzZSBHVEZfdHJhbnNpdGl2ZToKICAgICAgICAgICAgICAgICBnZHByaW50 ayhYRU5MT0dfV0FSTklORywKICAgICAgICAgICAgICAgICAgICAgICAgICAi dHJpZWQgdG8gY2hhbmdlIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gMSB3aXRo IG5vbi1yZXByZXNlbnRhYmxlIGVudHJpZXNcbiIpOwogICAgICAgICAgICAg ICAgIHJlcyA9IC1FUkFOR0U7Cg== --=separator Content-Type: application/octet-stream; name="xsa226-4.7.patch" Content-Disposition: attachment; filename="xsa226-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IERlZmF1bHQgdG8gdjEsIGFuZCBk aXNhbGxvdyB0cmFuc2l0aXZlIGdyYW50cwoKVGhlIHJlZmVyZW5jZSBjb3Vu dGluZyBhbmQgbG9ja2luZyBkaXNjaXBsaW5lIGZvciB0cmFuc2l0aXZlIGdy YW50cyBpcyBicm9rZW4uClRoZWlyIHVzZSBpcyB0aGVyZWZvcmUgZGVjbGFy ZWQgb3V0IG9mIHNlY3VyaXR5IHN1cHBvcnQuCgpUaGlzIGlzIFhTQS0yMjYu CgpUcmFuc2l0aXZlIGdyYW50cyBhcmUgZXhwZWN0ZWQgdG8gYmUgdW5jb25k aXRpb25hbGx5IGF2YWlsYWJsZSB3aXRoIGdyYW50CnRhYmxlIHYyLiAgSGlk aW5nIHRyYW5zaXRpdmUgZ3JhbnRzIGFsb25lIGlzIGFuIEFCSSBicmVha2Fn ZSBmb3IgdGhlIGd1ZXN0LgpNb2Rlcm4gdmVyc2lvbnMgb2YgTGludXggYW5k IHRoZSBXaW5kb3dzIFBWIGRyaXZlcnMgdXNlIGdyYW50IHRhYmxlIHYxLCBi dXQKb2xkZXIgdmVyc2lvbnMgZGlkIHVzZSB2Mi4KCkluIHByaW5jaXBsZSwg ZGlzYWJsaW5nIGdudHRhYiB2MiBlbnRpcmVseSBpcyB0aGUgc2FmZXIgd2F5 IHRvIGNhdXNlIGd1ZXN0cyB0bwphdm9pZCB1c2luZyB0cmFuc2l0aXZlIGdy YW50cy4gSG93ZXZlciwgc29tZSBvbGRlciBndWVzdHMgd2hpY2ggZGVmYXVs dGVkIHRvCnVzaW5nIGdudHRhYiB2MiBkb24ndCB0b2xlcmF0ZSBmYWxsaW5n IGJhY2sgZnJvbSB2MiB0byB2MSBvdmVyIG1pZ3JhdGUuCgpUaGlzIHBhdGNo IGludHJvZHVjZXMgYSBuZXcgY29tbWFuZCBsaW5lIG9wdGlvbiB0byBjb250 cm9sIGdyYW50IHRhYmxlCmJlaGF2aW91ci4gIE9uZSBzdWJvcHRpb24gYWxs b3dzIGEgY2hvaWNlIG9mIHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNp b24KWGVuIHdpbGwgYWxsb3cgdGhlIGd1ZXN0IHRvIHVzZSwgYW5kIGRlZmF1 bHRzIHRvIHYyLiAgQSBkaWZmZXJlbnQgc3Vib3B0aW9uCmluZGVwZW5kZW50 bHkgY29udHJvbHMgd2hldGhlciB0cmFuc2l0aXZlIGdyYW50cyBjYW4gYmUg dXNlZC4KClRoZSBkZWZhdWx0IGNhc2UgaXM6CgogICAgZ250dGFiPW1heF92 ZXI6MgoKVG8gZGlzYWJsZSBnbnR0YWIgdjIgZW50aXJlbHksIHVzZToKCiAg ICBnbnR0YWI9bWF4X3ZlcjoxCgpUbyBhbGxvdyBnbnR0YWIgdjIgYW5kIHRy YW5zaXRpdmUgZ3JhbnRzLCB1c2U6CgogICAgZ250dGFiPW1heF92ZXI6Mix0 cmFuc2l0aXZlCgpSZXBvcnRlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNj L3hlbi1jb21tYW5kLWxpbmUubWFya2Rvd24gYi9kb2NzL21pc2MveGVuLWNv bW1hbmQtbGluZS5tYXJrZG93bgppbmRleCA3M2Y1MjY1Li5iNzkyYWJmIDEw MDY0NAotLS0gYS9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93 bgorKysgYi9kb2NzL21pc2MveGVuLWNvbW1hbmQtbGluZS5tYXJrZG93bgpA QCAtNzU4LDYgKzc1OCwyMiBAQCBDb250cm9scyBFUFQgcmVsYXRlZCBmZWF0 dXJlcy4KIAogU3BlY2lmeSB3aGljaCBjb25zb2xlIGdkYnN0dWIgc2hvdWxk IHVzZS4gU2VlICoqY29uc29sZSoqLgogCisjIyMgZ250dGFiCis+IGA9IExp c3Qgb2YgWyBtYXhfdmVyOjxpbnRlZ2VyPiwgdHJhbnNpdGl2ZSBdYAorCis+ IERlZmF1bHQ6IGBnbnR0YWI9bWF4X3ZlcjoyLG5vLXRyYW5zaXRpdmVgCisK K0NvbnRyb2wgdmFyaW91cyBhc3BlY3RzIG9mIHRoZSBncmFudCB0YWJsZSBi ZWhhdmlvdXIgYXZhaWxhYmxlIHRvIGd1ZXN0cy4KKworKiBgbWF4X3ZlcmAg U2VsZWN0IHRoZSBtYXhpbXVtIGdyYW50IHRhYmxlIHZlcnNpb24gdG8gb2Zm ZXIgdG8gZ3Vlc3RzLiAgVmFsaWQKK3ZlcnNpb24gYXJlIDEgYW5kIDIuCisq IGB0cmFuc2l0aXZlYCBQZXJtaXQgb3IgZGlzYWxsb3cgdGhlIHVzZSBvZiB0 cmFuc2l0aXZlIGdyYW50cy4gIE5vdGUgdGhhdCB0aGUKK3VzZSBvZiBncmFu dCB0YWJsZSB2MiB3aXRob3V0IHRyYW5zaXRpdmUgZ3JhbnRzIGlzIGFuIEFC SSBicmVha2FnZSBmcm9tIHRoZQorZ3Vlc3RzIHBvaW50IG9mIHZpZXcuCisK KypXYXJuaW5nOioKK0R1ZSB0byBYU0EtMjI2LCB0aGUgdXNlIG9mIHRyYW5z aXRpdmUgZ3JhbnRzIGlzIG91dHNpZGUgb2Ygc2VjdXJpdHkgc3VwcG9ydC4K KwogIyMjIGdudHRhYlxfbWF4XF9mcmFtZXMKID4gYD0gPGludGVnZXI+YAog CmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMgYi94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKaW5kZXggZjA2YjY2NC4uMTA5YzU1MiAx MDA2NDQKLS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hl bi9jb21tb24vZ3JhbnRfdGFibGUuYwpAQCAtNTAsNiArNTAsNDIgQEAgaW50 ZWdlcl9wYXJhbSgiZ250dGFiX21heF9ucl9mcmFtZXMiLCBtYXhfbnJfZ3Jh bnRfZnJhbWVzKTsKIHVuc2lnbmVkIGludCBfX3JlYWRfbW9zdGx5IG1heF9n cmFudF9mcmFtZXM7CiBpbnRlZ2VyX3BhcmFtKCJnbnR0YWJfbWF4X2ZyYW1l cyIsIG1heF9ncmFudF9mcmFtZXMpOwogCitzdGF0aWMgdW5zaWduZWQgaW50 IF9fcmVhZF9tb3N0bHkgb3B0X2dudHRhYl9tYXhfdmVyc2lvbiA9IDI7Citz dGF0aWMgYm9vbF90IF9fcmVhZF9tb3N0bHkgb3B0X3RyYW5zaXRpdmVfZ3Jh bnRzOworCitzdGF0aWMgdm9pZCBfX2luaXQgcGFyc2VfZ250dGFiKGNoYXIg KnMpCit7CisgICAgY2hhciAqc3M7CisKKyAgICBkbyB7CisgICAgICAgIHNz ID0gc3RyY2hyKHMsICcsJyk7CisgICAgICAgIGlmICggc3MgKQorICAgICAg ICAgICAgKnNzID0gJ1wwJzsKKworICAgICAgICBpZiAoICFzdHJuY21wKHMs ICJtYXhfdmVyOiIsIDgpICkKKyAgICAgICAgeworICAgICAgICAgICAgbG9u ZyB2ZXIgPSBzaW1wbGVfc3RydG9sKHMgKyA4LCBOVUxMLCAxMCk7CisKKyAg ICAgICAgICAgIGlmICggdmVyID49IDEgJiYgdmVyIDw9IDIgKQorICAgICAg ICAgICAgICAgIG9wdF9nbnR0YWJfbWF4X3ZlcnNpb24gPSB2ZXI7CisgICAg ICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisgICAgICAgICAgICBi b29sX3QgdmFsID0gISFzdHJuY21wKHMsICJuby0iLCAzKTsKKworICAgICAg ICAgICAgaWYgKCAhdmFsICkKKyAgICAgICAgICAgICAgICBzICs9IDM7CisK KyAgICAgICAgICAgIGlmICggIXN0cmNtcChzLCAidHJhbnNpdGl2ZSIpICkK KyAgICAgICAgICAgICAgICBvcHRfdHJhbnNpdGl2ZV9ncmFudHMgPSB2YWw7 CisgICAgICAgIH0KKworICAgICAgICBzID0gc3MgKyAxOworICAgIH0gd2hp bGUgKCBzcyApOworfQorCitjdXN0b21fcGFyYW0oImdudHRhYiIsIHBhcnNl X2dudHRhYik7CisKIC8qIFRoZSBtYXhpbXVtIG51bWJlciBvZiBncmFudCBt YXBwaW5ncyBpcyBkZWZpbmVkIGFzIGEgbXVsdGlwbGllciBvZiB0aGUKICAq IG1heGltdW0gbnVtYmVyIG9mIGdyYW50IHRhYmxlIGVudHJpZXMuIFRoaXMg ZGVmaW5lcyB0aGUgbXVsdGlwbGllciB1c2VkLgogICogUHJldHR5IGFyYml0 cmFyeS4gW1BPTElDWV0KQEAgLTIxODgsNiArMjIyNCwxMCBAQCBfX2FjcXVp cmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgIH0KICAgICAgICAgZWxzZSBp ZiAoIChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFu c2l0aXZlICkKICAgICAgICAgeworICAgICAgICAgICAgaWYgKCAhb3B0X3Ry YW5zaXRpdmVfZ3JhbnRzICkKKyAgICAgICAgICAgICAgICBQSU5fRkFJTCh1 bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAorICAgICAg ICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50IGRpc2FsbG93 ZWQgYnkgcG9saWN5XG4iKTsKKwogICAgICAgICAgICAgaWYgKCAhYWxsb3df dHJhbnNpdGl2ZSApCiAgICAgICAgICAgICAgICAgUElOX0ZBSUwodW5sb2Nr X291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwKICAgICAgICAgICAg ICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRp dml0eSBub3QgYWxsb3dlZFxuIik7CkBAIC0zMTU2LDcgKzMxOTYsMTAgQEAg ZG9fZ3JhbnRfdGFibGVfb3AoCiAgICAgfQogICAgIGNhc2UgR05UVEFCT1Bf c2V0X3ZlcnNpb246CiAgICAgewotICAgICAgICByYyA9IGdudHRhYl9zZXRf dmVyc2lvbihndWVzdF9oYW5kbGVfY2FzdCh1b3AsIGdudHRhYl9zZXRfdmVy c2lvbl90KSk7CisgICAgICAgIGlmICggb3B0X2dudHRhYl9tYXhfdmVyc2lv biA9PSAxICkKKyAgICAgICAgICAgIHJjID0gLUVOT1NZUzsgLyogQmVoYXZl IGFzIGJlZm9yZSBzZXRfdmVyc2lvbiB3YXMgaW50cm9kdWNlZC4gKi8KKyAg ICAgICAgZWxzZQorICAgICAgICAgICAgcmMgPSBnbnR0YWJfc2V0X3ZlcnNp b24oZ3Vlc3RfaGFuZGxlX2Nhc3QodW9wLCBnbnR0YWJfc2V0X3ZlcnNpb25f dCkpOwogICAgICAgICBicmVhazsKICAgICB9CiAgICAgY2FzZSBHTlRUQUJP UF9nZXRfc3RhdHVzX2ZyYW1lczoK --=separator Content-Type: application/octet-stream; name="xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Disposition: attachment; filename="xsa226-4.9/0001-gnttab-dont-use-possibly-unbounded-tail-calls.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IHVzZSBwb3NzaWJseSB1bmJvdW5kZWQgdGFpbCBj YWxscwoKVGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgdGhlIGNvbXBpbGVy IHdvdWxkIGFjdHVhbGx5IHRyYW5zbGF0ZSB0aGVtCnRvIGJyYW5jaGVzIGlu c3RlYWQgb2YgY2FsbHMsIHNvIG9ubHkgb25lcyB3aXRoIGEga25vd24gcmVj dXJzaW9uIGxpbWl0CmFyZSBva2F5OgotIF9fcmVsZWFzZV9ncmFudF9mb3Jf Y29weSgpIGNhbiBjYWxsIGl0c2VsZiBvbmx5IG9uY2UsIGFzCiAgX19hY3F1 aXJlX2dyYW50X2Zvcl9jb3B5KCkgd29uJ3QgcGVybWl0IHVzZSBvZiBtdWx0 aS1sZXZlbCB0cmFuc2l0aXZlCiAgZ3JhbnRzLAotIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgpIGlzIGZpbmUgdG8gY2FsbCBpdHNlbGYgd2l0aCB0aGUg bGFzdAogIGFyZ3VtZW50IGZhbHNlLCBhcyB0aGF0IHByZXZlbnRzIGZ1cnRo ZXIgcmVjdXJzaW9uLAotIF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgpIG11 c3Qgbm90IGNhbGwgaXRzZWxmIHRvIHJlY292ZXIgZnJvbSBhbgogIG9ic2Vy dmVkIGNoYW5nZSB0byB0aGUgYWN0aXZlIGVudHJ5J3MgcGluIGNvdW50CgpU aGlzIGlzIHBhcnQgb2YgQ1ZFLTIwMTctMTIxMzUgLyBYU0EtMjI2LgoKU2ln bmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoK LS0tIGEveGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYworKysgYi94 ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5jCkBAIC0yNTgsOSArMjU4 LDkgQEAgaW50IGNvbXBhdF9ncmFudF90YWJsZV9vcCh1bnNpZ25lZCBpbnQg Y21kLAogICAgICAgICAgICAgICAgIHJjID0gZ250dGFiX2NvcHkoZ3Vlc3Rf aGFuZGxlX2Nhc3QobmF0LnVvcCwgZ250dGFiX2NvcHlfdCksIG4pOwogICAg ICAgICAgICAgaWYgKCByYyA+IDAgKQogICAgICAgICAgICAgewotICAgICAg ICAgICAgICAgIEFTU0VSVChyYyA8IG4pOwotICAgICAgICAgICAgICAgIGkg LT0gbiAtIHJjOwotICAgICAgICAgICAgICAgIG4gPSByYzsKKyAgICAgICAg ICAgICAgICBBU1NFUlQocmMgPD0gbik7CisgICAgICAgICAgICAgICAgaSAt PSByYzsKKyAgICAgICAgICAgICAgICBuIC09IHJjOwogICAgICAgICAgICAg fQogICAgICAgICAgICAgaWYgKCByYyA+PSAwICkKICAgICAgICAgICAgIHsK LS0tIGEveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21t b24vZ3JhbnRfdGFibGUuYwpAQCAtMjEwMyw4ICsyMTAzLDEwIEBAIF9fcmVs ZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgIGlmICggdGQgIT0gcmQgKQog ICAgIHsKLSAgICAgICAgLyogUmVjdXJzaXZlIGNhbGxzLCBidXQgdGhleSdy ZSB0YWlsIGNhbGxzLCBzbyBpdCdzCi0gICAgICAgICAgIG9rYXkuICovCisg ICAgICAgIC8qCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxscywgYnV0IHRo ZXkncmUgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUK KyAgICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBv a2F5LgorICAgICAgICAgKi8KICAgICAgICAgaWYgKCByZWxlYXNlZF93cml0 ZSApCiAgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDApOwogICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRf cmVhZCApCkBAIC0yMjU1LDEwICsyMjU3LDExIEBAIF9fYWNxdWlyZV9ncmFu dF9mb3JfY29weSgKICAgICAgICAgICAgICAgICByZXR1cm4gcmM7CiAgICAg ICAgICAgICB9CiAKLSAgICAgICAgICAgIC8qIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkKLSAgICAgICAg ICAgICAgIGVsc2UgdHJpZWQgdG8gcGluIChvciwgZm9yIHRoYXQgbWF0dGVy LCB1bnBpbikgdGhlCi0gICAgICAgICAgICAgICByZWZlcmVuY2UgaW4gKnRo aXMqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAKLSAgICAg ICAgICAgICAgIGFuZCB0cnkgYWdhaW4uICovCisgICAgICAgICAgICAvKgor ICAgICAgICAgICAgICogV2UgZHJvcHBlZCB0aGUgbG9jaywgc28gd2UgaGF2 ZSB0byBjaGVjayB0aGF0IG5vYm9keSBlbHNlIHRyaWVkCisgICAgICAgICAg ICAgKiB0byBwaW4gKG9yLCBmb3IgdGhhdCBtYXR0ZXIsIHVucGluKSB0aGUg cmVmZXJlbmNlIGluICp0aGlzKgorICAgICAgICAgICAgICogZG9tYWluLiAg SWYgdGhleSBkaWQsIGp1c3QgZ2l2ZSB1cCBhbmQgdGVsbCB0aGUgY2FsbGVy IHRvIHJldHJ5LgorICAgICAgICAgICAgICovCiAgICAgICAgICAgICBpZiAo IGFjdC0+cGluICE9IG9sZF9waW4gKQogICAgICAgICAgICAgewogICAgICAg ICAgICAgICAgIF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0 YXR1cyk7CkBAIC0yMjY2LDkgKzIyNjksOCBAQCBfX2FjcXVpcmVfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVh c2UoYWN0KTsKICAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhy Z3QpOwogICAgICAgICAgICAgICAgIHB1dF9wYWdlKCpwYWdlKTsKLSAgICAg ICAgICAgICAgICByZXR1cm4gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHJk LCBncmVmLCBsZG9tLCByZWFkb25seSwKLSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZyYW1lLCBwYWdlLCBwYWdl X29mZiwgbGVuZ3RoLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgYWxsb3dfdHJhbnNpdGl2ZSk7CisgICAgICAg ICAgICAgICAgKnBhZ2UgPSBOVUxMOworICAgICAgICAgICAgICAgIHJldHVy biBFUkVTVEFSVDsKICAgICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyog VGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkgbm90 IGJlIGEKQEAgLTI1NzQsNyArMjU3Niw3IEBAIHN0YXRpYyBpbnQgZ250dGFi X2NvcHlfb25lKGNvbnN0IHN0cnVjdAogICAgIHsKICAgICAgICAgZ250dGFi X2NvcHlfcmVsZWFzZV9idWYoc3JjKTsKICAgICAgICAgcmMgPSBnbnR0YWJf Y29weV9jbGFpbV9idWYob3AsICZvcC0+c291cmNlLCBzcmMsIEdOVENPUFlf c291cmNlX2dyZWYpOwotICAgICAgICBpZiAoIHJjIDwgMCApCisgICAgICAg IGlmICggcmMgKQogICAgICAgICAgICAgZ290byBvdXQ7CiAgICAgfQogCkBA IC0yNTg0LDcgKzI1ODYsNyBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29u ZShjb25zdCBzdHJ1Y3QKICAgICB7CiAgICAgICAgIGdudHRhYl9jb3B5X3Jl bGVhc2VfYnVmKGRlc3QpOwogICAgICAgICByYyA9IGdudHRhYl9jb3B5X2Ns YWltX2J1ZihvcCwgJm9wLT5kZXN0LCBkZXN0LCBHTlRDT1BZX2Rlc3RfZ3Jl Zik7Ci0gICAgICAgIGlmICggcmMgPCAwICkKKyAgICAgICAgaWYgKCByYyAp CiAgICAgICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI1OTMsNiAr MjU5NSwxNCBAQCBzdGF0aWMgaW50IGdudHRhYl9jb3B5X29uZShjb25zdCBz dHJ1Y3QKICAgICByZXR1cm4gcmM7CiB9CiAKKy8qCisgKiBnbnR0YWJfY29w eSgpLCBvdGhlciB0aGFuIHRoZSB2YXJpb3VzIG90aGVyIGhlbHBlcnMgb2YK KyAqIGRvX2dyYW50X3RhYmxlX29wKCksIHJldHVybnMgKGJlc2lkZXMgcG9z c2libGUgZXJyb3IgaW5kaWNhdG9ycykKKyAqICJjb3VudCAtIGkiIHJhdGhl ciB0aGFuICJpIiB0byBlbnN1cmUgdGhhdCBldmVuIGlmIG5vIHByb2dyZXNz CisgKiB3YXMgbWFkZSBhdCBhbGwgKHBlcmhhcHMgZHVlIHRvIGdudHRhYl9j b3B5X29uZSgpIHJldHVybmluZyBhCisgKiBwb3NpdGl2ZSB2YWx1ZSkgYSBu b24temVybyB2YWx1ZSBpcyBiZWluZyBoYW5kZWQgYmFjayAoemVybyBuZWVk cworICogdG8gYmUgYXZvaWRlZCwgYXMgdGhhdCBtZWFucyAic3VjY2Vzcywg YWxsIGRvbmUiKS4KKyAqLwogc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgWEVOX0dVRVNUX0hBTkRMRV9QQVJBTShnbnR0YWJfY29weV90KSB1b3As IHVuc2lnbmVkIGludCBjb3VudCkKIHsKQEAgLTI2MDYsNyArMjYxNiw3IEBA IHN0YXRpYyBsb25nIGdudHRhYl9jb3B5KAogICAgIHsKICAgICAgICAgaWYg KCBpICYmIGh5cGVyY2FsbF9wcmVlbXB0X2NoZWNrKCkgKQogICAgICAgICB7 Ci0gICAgICAgICAgICByYyA9IGk7CisgICAgICAgICAgICByYyA9IGNvdW50 IC0gaTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAKQEAgLTI2 MTYsMTMgKzI2MjYsMjAgQEAgc3RhdGljIGxvbmcgZ250dGFiX2NvcHkoCiAg ICAgICAgICAgICBicmVhazsKICAgICAgICAgfQogCi0gICAgICAgIG9wLnN0 YXR1cyA9IGdudHRhYl9jb3B5X29uZSgmb3AsICZkZXN0LCAmc3JjKTsKLSAg ICAgICAgaWYgKCBvcC5zdGF0dXMgIT0gR05UU1Rfb2theSApCisgICAgICAg IHJjID0gZ250dGFiX2NvcHlfb25lKCZvcCwgJmRlc3QsICZzcmMpOworICAg ICAgICBpZiAoIHJjID4gMCApCisgICAgICAgIHsKKyAgICAgICAgICAgIHJj ID0gY291bnQgLSBpOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0K KyAgICAgICAgaWYgKCByYyAhPSBHTlRTVF9va2F5ICkKICAgICAgICAgewog ICAgICAgICAgICAgZ250dGFiX2NvcHlfcmVsZWFzZV9idWYoJnNyYyk7CiAg ICAgICAgICAgICBnbnR0YWJfY29weV9yZWxlYXNlX2J1ZigmZGVzdCk7CiAg ICAgICAgIH0KIAorICAgICAgICBvcC5zdGF0dXMgPSByYzsKKyAgICAgICAg cmMgPSAwOwogICAgICAgICBpZiAoIHVubGlrZWx5KF9fY29weV9maWVsZF90 b19ndWVzdCh1b3AsICZvcCwgc3RhdHVzKSkgKQogICAgICAgICB7CiAgICAg ICAgICAgICByYyA9IC1FRkFVTFQ7CkBAIC0zMTYwLDYgKzMxNzcsNyBAQCBk b19ncmFudF90YWJsZV9vcCgKICAgICAgICAgcmMgPSBnbnR0YWJfY29weShj b3B5LCBjb3VudCk7CiAgICAgICAgIGlmICggcmMgPiAwICkKICAgICAgICAg eworICAgICAgICAgICAgcmMgPSBjb3VudCAtIHJjOwogICAgICAgICAgICAg Z3Vlc3RfaGFuZGxlX2FkZF9vZmZzZXQoY29weSwgcmMpOwogICAgICAgICAg ICAgdW9wID0gZ3Vlc3RfaGFuZGxlX2Nhc3QoY29weSwgdm9pZCk7CiAgICAg ICAgIH0K --=separator Content-Type: application/octet-stream; name="xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch" Content-Disposition: attachment; filename="xsa226-4.9/0002-gnttab-fix-transitive-grant-handling.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGZpeCB0cmFuc2l0aXZlIGdyYW50IGhhbmRsaW5nCgpQcm9j ZXNzaW5nIG9mIHRyYW5zaXRpdmUgZ3JhbnRzIG11c3Qgbm90IHVzZSB0aGUg ZmFzdCBwYXRoLCBvciBlbHNlCnJlZmVyZW5jZSBjb3VudGluZyBicmVha3Mg ZHVlIHRvIHRoZSBza2lwcGVkIHJlY3Vyc2l2ZSBjYWxsIHRvCl9fYWNxdWly ZV9ncmFudF9mb3JfY29weSgpIChpdHMgX19yZWxlYXNlX2dyYW50X2Zvcl9j b3B5KCkKY291bnRlcnBhcnQgb2NjdXJzIGluZGVwZW5kZW50IG9mIG9yaWdp bmFsIHBpbiBjb3VudCkuIEZ1cnRoZXJtb3JlCmFmdGVyIHJlLWFjcXVpcmlu ZyB0ZW1wb3JhcmlseSBkcm9wcGVkIGxvY2tzIHdlIG5lZWQgdG8gdmVyaWZ5 IG5vIGdyYW50CnByb3BlcnRpZXMgY2hhbmdlZCBpZiB0aGUgb3JpZ2luYWwg cGluIGNvdW50IHdhcyBub24temVybzsgY2hlY2tpbmcKanVzdCB0aGUgcGlu IGNvdW50cyBpcyBzdWZmaWNpZW50IG9ubHkgZm9yIHdlbGwtYmVoYXZlZCBn dWVzdHMuIEFzIGEKcmVzdWx0LCBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHko KSBuZWVkcyB0byBtaXJyb3IgdGhhdCBuZXcgYmVoYXZpb3IuCgpGdXJ0aGVy bW9yZSBhIF9fcmVsZWFzZV9ncmFudF9mb3JfY29weSgpIGludm9jYXRpb24g d2FzIG1pc3Npbmcgb24gdGhlCnJldHJ5IHBhdGggb2YgX19hY3F1aXJlX2dy YW50X2Zvcl9jb3B5KCksIGFuZCBnbnR0YWJfc2V0X3ZlcnNpb24oKSBhbHNv Cm5lZWRzIHRvIGJhaWwgb3V0IHVwb24gZW5jb3VudGVyaW5nIGEgdHJhbnNp dGl2ZSBncmFudC4KClRoaXMgaXMgcGFydCBvZiBDVkUtMjAxNy0xMjEzNSAv IFhTQS0yMjYuCgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3 LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdlZC1ieTogQW5kcmV3IENv b3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTIwNTAsMTMgKzIwNTAsOCBAQCBfX3JlbGVhc2VfZ3JhbnRf Zm9yX2NvcHkoCiAgICAgdW5zaWduZWQgbG9uZyByX2ZyYW1lOwogICAgIHVp bnQxNl90ICpzdGF0dXM7CiAgICAgZ3JhbnRfcmVmX3QgdHJhbnNfZ3JlZjsK LSAgICBpbnQgcmVsZWFzZWRfcmVhZDsKLSAgICBpbnQgcmVsZWFzZWRfd3Jp dGU7CiAgICAgc3RydWN0IGRvbWFpbiAqdGQ7CiAKLSAgICByZWxlYXNlZF9y ZWFkID0gMDsKLSAgICByZWxlYXNlZF93cml0ZSA9IDA7Ci0KICAgICBncmFu dF9yZWFkX2xvY2socmd0KTsKIAogICAgIGFjdCA9IGFjdGl2ZV9lbnRyeV9h Y3F1aXJlKHJndCwgZ3JlZik7CkBAIC0yMDg2LDE3ICsyMDgxLDExIEBAIF9f cmVsZWFzZV9ncmFudF9mb3JfY29weSgKIAogICAgICAgICBhY3QtPnBpbiAt PSBHTlRQSU5faHN0d19pbmM7CiAgICAgICAgIGlmICggIShhY3QtPnBpbiAm IChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSApCi0gICAg ICAgIHsKLSAgICAgICAgICAgIHJlbGVhc2VkX3dyaXRlID0gMTsKICAgICAg ICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfd3JpdGluZywgc3RhdHVz KTsKLSAgICAgICAgfQogICAgIH0KIAogICAgIGlmICggIWFjdC0+cGluICkK LSAgICB7CiAgICAgICAgIGdudHRhYl9jbGVhcl9mbGFnKF9HVEZfcmVhZGlu Zywgc3RhdHVzKTsKLSAgICAgICAgcmVsZWFzZWRfcmVhZCA9IDE7Ci0gICAg fQogCiAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0KTsKICAgICBncmFu dF9yZWFkX3VubG9jayhyZ3QpOwpAQCAtMjEwNCwxMyArMjA5MywxMCBAQCBf X3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkoCiAgICAgaWYgKCB0ZCAhPSByZCAp CiAgICAgewogICAgICAgICAvKgotICAgICAgICAgKiBSZWN1cnNpdmUgY2Fs bHMsIGJ1dCB0aGV5J3JlIGJvdW5kZWQgKGFjcXVpcmUgcGVybWl0cyBvbmx5 IGEgc2luZ2xlCisgICAgICAgICAqIFJlY3Vyc2l2ZSBjYWxsLCBidXQgaXQg aXMgYm91bmRlZCAoYWNxdWlyZSBwZXJtaXRzIG9ubHkgYSBzaW5nbGUKICAg ICAgICAgICogbGV2ZWwgb2YgdHJhbnNpdGl2aXR5KSwgc28gaXQncyBva2F5 LgogICAgICAgICAgKi8KLSAgICAgICAgaWYgKCByZWxlYXNlZF93cml0ZSAp Ci0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQsIHRy YW5zX2dyZWYsIDApOwotICAgICAgICBlbHNlIGlmICggcmVsZWFzZWRfcmVh ZCApCi0gICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIDEpOworICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKIAogICAgICAgICBy Y3VfdW5sb2NrX2RvbWFpbih0ZCk7CiAgICAgfQpAQCAtMjE4NCw4ICsyMTcw LDEwOCBAQCBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkoCiAgICAgICAgICAg ICAgICAgIGFjdC0+ZG9taWQsIGxkb20sIGFjdC0+cGluKTsKIAogICAgIG9s ZF9waW4gPSBhY3QtPnBpbjsKLSAgICBpZiAoICFhY3QtPnBpbiB8fAotICAg ICAgICAgKCFyZWFkb25seSAmJiAhKGFjdC0+cGluICYgKEdOVFBJTl9kZXZ3 X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCisgICAgaWYgKCBzaGEyICYm IChzaGFoLT5mbGFncyAmIEdURl90eXBlX21hc2spID09IEdURl90cmFuc2l0 aXZlICkKKyAgICB7CisgICAgICAgIGlmICggKCFvbGRfcGluIHx8ICghcmVh ZG9ubHkgJiYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICEob2xkX3Bp biAmIChHTlRQSU5fZGV2d19tYXNrfEdOVFBJTl9oc3R3X21hc2spKSkpICYm CisgICAgICAgICAgICAgKHJjID0gX3NldF9zdGF0dXNfdjIobGRvbSwgcmVh ZG9ubHksIDAsIHNoYWgsIGFjdCwKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzdGF0dXMpKSAhPSBHTlRTVF9va2F5ICkKKyAgICAgICAg ICAgIGdvdG8gdW5sb2NrX291dDsKKworICAgICAgICBpZiAoICFhbGxvd190 cmFuc2l0aXZlICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9ja19vdXRf Y2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAgICAgICAg ICAgICAidHJhbnNpdGl2ZSBncmFudCB3aGVuIHRyYW5zaXRpdml0eSBub3Qg YWxsb3dlZFxuIik7CisKKyAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEyLT50 cmFuc2l0aXZlLnRyYW5zX2RvbWlkOworICAgICAgICB0cmFuc19ncmVmID0g c2hhMi0+dHJhbnNpdGl2ZS5ncmVmOworICAgICAgICBiYXJyaWVyKCk7IC8q IFN0b3AgdGhlIGNvbXBpbGVyIGZyb20gcmUtbG9hZGluZworICAgICAgICAg ICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20gc2hhcmVkIG1lbW9yeSAq LworICAgICAgICBpZiAoIHRyYW5zX2RvbWlkID09IHJkLT5kb21haW5faWQg KQorICAgICAgICAgICAgUElOX0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05U U1RfZ2VuZXJhbF9lcnJvciwKKyAgICAgICAgICAgICAgICAgICAgICJ0cmFu c2l0aXZlIGdyYW50cyBjYW5ub3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7 CisKKyAgICAgICAgLyoKKyAgICAgICAgICogV2UgYWxsb3cgdGhlIHRyYW5z X2RvbWlkID09IGxkb20gY2FzZSwgd2hpY2ggY29ycmVzcG9uZHMgdG8gYQor ICAgICAgICAgKiBncmFudCBiZWluZyBpc3N1ZWQgYnkgb25lIGRvbWFpbiwg c2VudCB0byBhbm90aGVyIG9uZSwgYW5kIHRoZW4KKyAgICAgICAgICogdHJh bnNpdGl2ZWx5IGdyYW50ZWQgYmFjayB0byB0aGUgb3JpZ2luYWwgZG9tYWlu LiAgQWxsb3dpbmcgaXQKKyAgICAgICAgICogaXMgZWFzeSwgYW5kIG1lYW5z IHRoYXQgeW91IGRvbid0IG5lZWQgdG8gZ28gb3V0IG9mIHlvdXIgd2F5IHRv CisgICAgICAgICAqIGF2b2lkIGl0IGluIHRoZSBndWVzdC4KKyAgICAgICAg ICovCisKKyAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkuICovCisgICAgICAgIHRkID0g cmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKKyAgICAgICAg aWYgKCB0ZCA9PSBOVUxMICkKKyAgICAgICAgICAgIFBJTl9GQUlMKHVubG9j a19vdXRfY2xlYXIsIEdOVFNUX2dlbmVyYWxfZXJyb3IsCisgICAgICAgICAg ICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCByZWZlcmVuY2VkIGJhZCBk b21haW4gJWRcbiIsCisgICAgICAgICAgICAgICAgICAgICB0cmFuc19kb21p ZCk7CisKKyAgICAgICAgLyoKKyAgICAgICAgICogX19hY3F1aXJlX2dyYW50 X2Zvcl9jb3B5KCkgY291bGQgdGFrZSB0aGUgbG9jayBvbiB0aGUKKyAgICAg ICAgICogcmVtb3RlIHRhYmxlIChpZiByZCA9PSB0ZCksIHNvIHdlIGhhdmUg dG8gZHJvcCB0aGUgbG9jaworICAgICAgICAgKiBoZXJlIGFuZCByZWFjcXVp cmUuCisgICAgICAgICAqLworICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFz ZShhY3QpOworICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOworCisg ICAgICAgIHJjID0gX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KHRkLCB0cmFu c19ncmVmLCByZC0+ZG9tYWluX2lkLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2ZyYW1lLCBwYWdl LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmdHJh bnNfcGFnZV9vZmYsICZ0cmFuc19sZW5ndGgsIDApOworCisgICAgICAgIGdy YW50X3JlYWRfbG9jayhyZ3QpOworICAgICAgICBhY3QgPSBhY3RpdmVfZW50 cnlfYWNxdWlyZShyZ3QsIGdyZWYpOworCisgICAgICAgIGlmICggcmMgIT0g R05UU1Rfb2theSApCisgICAgICAgIHsKKyAgICAgICAgICAgIF9fZml4dXBf c3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7CisgICAgICAgICAg ICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAgICBhY3RpdmVf ZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3JhbnRfcmVhZF91 bmxvY2socmd0KTsKKyAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAg fQorCisgICAgICAgIC8qCisgICAgICAgICAqIFdlIGRyb3BwZWQgdGhlIGxv Y2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCB0aGUgZ3JhbnQgZGlkbid0 CisgICAgICAgICAqIGNoYW5nZSwgYW5kIHRoYXQgbm9ib2R5IGVsc2UgdHJp ZWQgdG8gcGluL3VucGluIGl0LiBJZiBhbnl0aGluZworICAgICAgICAgKiBj aGFuZ2VkLCBqdXN0IGdpdmUgdXAgYW5kIHRlbGwgdGhlIGNhbGxlciB0byBy ZXRyeS4KKyAgICAgICAgICovCisgICAgICAgIGlmICggcmd0LT5ndF92ZXJz aW9uICE9IDIgfHwKKyAgICAgICAgICAgICBhY3QtPnBpbiAhPSBvbGRfcGlu IHx8CisgICAgICAgICAgICAgKG9sZF9waW4gJiYgKGFjdC0+ZG9taWQgIT0g bGRvbSB8fCBhY3QtPmZyYW1lICE9IGdyYW50X2ZyYW1lIHx8CisgICAgICAg ICAgICAgICAgICAgICAgICAgIGFjdC0+c3RhcnQgIT0gdHJhbnNfcGFnZV9v ZmYgfHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgYWN0LT5sZW5ndGgg IT0gdHJhbnNfbGVuZ3RoIHx8CisgICAgICAgICAgICAgICAgICAgICAgICAg IGFjdC0+dHJhbnNfZG9tYWluICE9IHRkIHx8CisgICAgICAgICAgICAgICAg ICAgICAgICAgIGFjdC0+dHJhbnNfZ3JlZiAhPSB0cmFuc19ncmVmIHx8Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICFhY3QtPmlzX3N1Yl9wYWdlKSkg KQorICAgICAgICB7CisgICAgICAgICAgICBfX3JlbGVhc2VfZ3JhbnRfZm9y X2NvcHkodGQsIHRyYW5zX2dyZWYsIHJlYWRvbmx5KTsKKyAgICAgICAgICAg IF9fZml4dXBfc3RhdHVzX2Zvcl9jb3B5X3BpbihhY3QsIHN0YXR1cyk7Cisg ICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0ZCk7CisgICAgICAgICAg ICBhY3RpdmVfZW50cnlfcmVsZWFzZShhY3QpOworICAgICAgICAgICAgZ3Jh bnRfcmVhZF91bmxvY2socmd0KTsKKyAgICAgICAgICAgIHB1dF9wYWdlKCpw YWdlKTsKKyAgICAgICAgICAgICpwYWdlID0gTlVMTDsKKyAgICAgICAgICAg IHJldHVybiBFUkVTVEFSVDsKKyAgICAgICAgfQorCisgICAgICAgIGlmICgg IW9sZF9waW4gKQorICAgICAgICB7CisgICAgICAgICAgICBhY3QtPmRvbWlk ID0gbGRvbTsKKyAgICAgICAgICAgIGFjdC0+c3RhcnQgPSB0cmFuc19wYWdl X29mZjsKKyAgICAgICAgICAgIGFjdC0+bGVuZ3RoID0gdHJhbnNfbGVuZ3Ro OworICAgICAgICAgICAgYWN0LT50cmFuc19kb21haW4gPSB0ZDsKKyAgICAg ICAgICAgIGFjdC0+dHJhbnNfZ3JlZiA9IHRyYW5zX2dyZWY7CisgICAgICAg ICAgICBhY3QtPmZyYW1lID0gZ3JhbnRfZnJhbWU7CisgICAgICAgICAgICBh Y3QtPmdmbiA9IC0xdWw7CisgICAgICAgICAgICAvKgorICAgICAgICAgICAg ICogVGhlIGFjdHVhbCByZW1vdGUgcmVtb3RlIGdyYW50IG1heSBvciBtYXkg bm90IGJlIGEgc3ViLXBhZ2UsCisgICAgICAgICAgICAgKiBidXQgd2UgYWx3 YXlzIHRyZWF0IGl0IGFzIG9uZSBiZWNhdXNlIHRoYXQgYmxvY2tzIG1hcHBp bmdzIG9mCisgICAgICAgICAgICAgKiB0cmFuc2l0aXZlIGdyYW50cy4KKyAg ICAgICAgICAgICAqLworICAgICAgICAgICAgYWN0LT5pc19zdWJfcGFnZSA9 IDE7CisgICAgICAgIH0KKyAgICB9CisgICAgZWxzZSBpZiAoICFvbGRfcGlu IHx8CisgICAgICAgICAgICAgICghcmVhZG9ubHkgJiYgIShvbGRfcGluICYg KEdOVFBJTl9kZXZ3X21hc2t8R05UUElOX2hzdHdfbWFzaykpKSApCiAgICAg ewogICAgICAgICBpZiAoIChyYyA9IF9zZXRfc3RhdHVzKHJndC0+Z3RfdmVy c2lvbiwgbGRvbSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBy ZWFkb25seSwgMCwgc2hhaCwgYWN0LApAQCAtMjIwNiw3OSArMjI5Miw2IEBA IF9fYWNxdWlyZV9ncmFudF9mb3JfY29weSgKICAgICAgICAgICAgIHRyYW5z X3BhZ2Vfb2ZmID0gMDsKICAgICAgICAgICAgIHRyYW5zX2xlbmd0aCA9IFBB R0VfU0laRTsKICAgICAgICAgfQotICAgICAgICBlbHNlIGlmICggKHNoYWgt PmZsYWdzICYgR1RGX3R5cGVfbWFzaykgPT0gR1RGX3RyYW5zaXRpdmUgKQot ICAgICAgICB7Ci0gICAgICAgICAgICBpZiAoICFhbGxvd190cmFuc2l0aXZl ICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJTCh1bmxvY2tfb3V0X2NsZWFy LCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAgICAgICAgICAgICAgICAgICAg ICAgICJ0cmFuc2l0aXZlIGdyYW50IHdoZW4gdHJhbnNpdGl2aXR5IG5vdCBh bGxvd2VkXG4iKTsKLQotICAgICAgICAgICAgdHJhbnNfZG9taWQgPSBzaGEy LT50cmFuc2l0aXZlLnRyYW5zX2RvbWlkOwotICAgICAgICAgICAgdHJhbnNf Z3JlZiA9IHNoYTItPnRyYW5zaXRpdmUuZ3JlZjsKLSAgICAgICAgICAgIGJh cnJpZXIoKTsgLyogU3RvcCB0aGUgY29tcGlsZXIgZnJvbSByZS1sb2FkaW5n Ci0gICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zX2RvbWlkIGZyb20g c2hhcmVkIG1lbW9yeSAqLwotICAgICAgICAgICAgaWYgKCB0cmFuc19kb21p ZCA9PSByZC0+ZG9tYWluX2lkICkKLSAgICAgICAgICAgICAgICBQSU5fRkFJ TCh1bmxvY2tfb3V0X2NsZWFyLCBHTlRTVF9nZW5lcmFsX2Vycm9yLAotICAg ICAgICAgICAgICAgICAgICAgICAgICJ0cmFuc2l0aXZlIGdyYW50cyBjYW5u b3QgYmUgc2VsZi1yZWZlcmVudGlhbFxuIik7Ci0KLSAgICAgICAgICAgIC8q IFdlIGFsbG93IHRoZSB0cmFuc19kb21pZCA9PSBsZG9tIGNhc2UsIHdoaWNo Ci0gICAgICAgICAgICAgICBjb3JyZXNwb25kcyB0byBhIGdyYW50IGJlaW5n IGlzc3VlZCBieSBvbmUgZG9tYWluLCBzZW50Ci0gICAgICAgICAgICAgICB0 byBhbm90aGVyIG9uZSwgYW5kIHRoZW4gdHJhbnNpdGl2ZWx5IGdyYW50ZWQg YmFjayB0bwotICAgICAgICAgICAgICAgdGhlIG9yaWdpbmFsIGRvbWFpbi4g IEFsbG93aW5nIGl0IGlzIGVhc3ksIGFuZCBtZWFucwotICAgICAgICAgICAg ICAgdGhhdCB5b3UgZG9uJ3QgbmVlZCB0byBnbyBvdXQgb2YgeW91ciB3YXkg dG8gYXZvaWQgaXQKLSAgICAgICAgICAgICAgIGluIHRoZSBndWVzdC4gKi8K LQotICAgICAgICAgICAgLyogV2UgbmVlZCB0byBsZWF2ZSB0aGUgcnJkIGxv Y2tlZCBkdXJpbmcgdGhlIGdyYW50IGNvcHkgKi8KLSAgICAgICAgICAgIHRk ID0gcmN1X2xvY2tfZG9tYWluX2J5X2lkKHRyYW5zX2RvbWlkKTsKLSAgICAg ICAgICAgIGlmICggdGQgPT0gTlVMTCApCi0gICAgICAgICAgICAgICAgUElO X0ZBSUwodW5sb2NrX291dF9jbGVhciwgR05UU1RfZ2VuZXJhbF9lcnJvciwK LSAgICAgICAgICAgICAgICAgICAgICAgICAidHJhbnNpdGl2ZSBncmFudCBy ZWZlcmVuY2VkIGJhZCBkb21haW4gJWRcbiIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgdHJhbnNfZG9taWQpOwotCi0gICAgICAgICAgICAvKgotICAg ICAgICAgICAgICogX19hY3F1aXJlX2dyYW50X2Zvcl9jb3B5KCkgY291bGQg dGFrZSB0aGUgbG9jayBvbiB0aGUKLSAgICAgICAgICAgICAqIHJlbW90ZSB0 YWJsZSAoaWYgcmQgPT0gdGQpLCBzbyB3ZSBoYXZlIHRvIGRyb3AgdGhlIGxv Y2sKLSAgICAgICAgICAgICAqIGhlcmUgYW5kIHJlYWNxdWlyZQotICAgICAg ICAgICAgICovCi0gICAgICAgICAgICBhY3RpdmVfZW50cnlfcmVsZWFzZShh Y3QpOwotICAgICAgICAgICAgZ3JhbnRfcmVhZF91bmxvY2socmd0KTsKLQot ICAgICAgICAgICAgcmMgPSBfX2FjcXVpcmVfZ3JhbnRfZm9yX2NvcHkodGQs IHRyYW5zX2dyZWYsIHJkLT5kb21haW5faWQsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICByZWFkb25seSwgJmdyYW50X2Zy YW1lLCBwYWdlLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgJnRyYW5zX3BhZ2Vfb2ZmLCAmdHJhbnNfbGVuZ3RoLCAwKTsK LQotICAgICAgICAgICAgZ3JhbnRfcmVhZF9sb2NrKHJndCk7Ci0gICAgICAg ICAgICBhY3QgPSBhY3RpdmVfZW50cnlfYWNxdWlyZShyZ3QsIGdyZWYpOwot Ci0gICAgICAgICAgICBpZiAoIHJjICE9IEdOVFNUX29rYXkgKSB7Ci0gICAg ICAgICAgICAgICAgX19maXh1cF9zdGF0dXNfZm9yX2NvcHlfcGluKGFjdCwg c3RhdHVzKTsKLSAgICAgICAgICAgICAgICByY3VfdW5sb2NrX2RvbWFpbih0 ZCk7Ci0gICAgICAgICAgICAgICAgYWN0aXZlX2VudHJ5X3JlbGVhc2UoYWN0 KTsKLSAgICAgICAgICAgICAgICBncmFudF9yZWFkX3VubG9jayhyZ3QpOwot ICAgICAgICAgICAgICAgIHJldHVybiByYzsKLSAgICAgICAgICAgIH0KLQot ICAgICAgICAgICAgLyoKLSAgICAgICAgICAgICAqIFdlIGRyb3BwZWQgdGhl IGxvY2ssIHNvIHdlIGhhdmUgdG8gY2hlY2sgdGhhdCBub2JvZHkgZWxzZSB0 cmllZAotICAgICAgICAgICAgICogdG8gcGluIChvciwgZm9yIHRoYXQgbWF0 dGVyLCB1bnBpbikgdGhlIHJlZmVyZW5jZSBpbiAqdGhpcyoKLSAgICAgICAg ICAgICAqIGRvbWFpbi4gIElmIHRoZXkgZGlkLCBqdXN0IGdpdmUgdXAgYW5k IHRlbGwgdGhlIGNhbGxlciB0byByZXRyeS4KLSAgICAgICAgICAgICAqLwot ICAgICAgICAgICAgaWYgKCBhY3QtPnBpbiAhPSBvbGRfcGluICkKLSAgICAg ICAgICAgIHsKLSAgICAgICAgICAgICAgICBfX2ZpeHVwX3N0YXR1c19mb3Jf Y29weV9waW4oYWN0LCBzdGF0dXMpOwotICAgICAgICAgICAgICAgIHJjdV91 bmxvY2tfZG9tYWluKHRkKTsKLSAgICAgICAgICAgICAgICBhY3RpdmVfZW50 cnlfcmVsZWFzZShhY3QpOwotICAgICAgICAgICAgICAgIGdyYW50X3JlYWRf dW5sb2NrKHJndCk7Ci0gICAgICAgICAgICAgICAgcHV0X3BhZ2UoKnBhZ2Up OwotICAgICAgICAgICAgICAgICpwYWdlID0gTlVMTDsKLSAgICAgICAgICAg ICAgICByZXR1cm4gRVJFU1RBUlQ7Ci0gICAgICAgICAgICB9Ci0KLSAgICAg ICAgICAgIC8qIFRoZSBhY3R1YWwgcmVtb3RlIHJlbW90ZSBncmFudCBtYXkg b3IgbWF5IG5vdCBiZSBhCi0gICAgICAgICAgICAgICBzdWItcGFnZSwgYnV0 IHdlIGFsd2F5cyB0cmVhdCBpdCBhcyBvbmUgYmVjYXVzZSB0aGF0Ci0gICAg ICAgICAgICAgICBibG9ja3MgbWFwcGluZ3Mgb2YgdHJhbnNpdGl2ZSBncmFu dHMuICovCi0gICAgICAgICAgICBpc19zdWJfcGFnZSA9IDE7Ci0gICAgICAg ICAgICBhY3QtPmdmbiA9IC0xdWw7Ci0gICAgICAgIH0KICAgICAgICAgZWxz ZSBpZiAoICEoc2hhMi0+aGRyLmZsYWdzICYgR1RGX3N1Yl9wYWdlKSApCiAg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0gX19nZXRfcGFnZWRfZnJhbWUo c2hhMi0+ZnVsbF9wYWdlLmZyYW1lLCAmZ3JhbnRfZnJhbWUsIHBhZ2UsIHJl YWRvbmx5LCByZCk7CkBAIC0yNzEwLDEwICsyNzIzLDEzIEBAIGdudHRhYl9z ZXRfdmVyc2lvbihYRU5fR1VFU1RfSEFORExFX1BBUkEKICAgICBjYXNlIDI6 CiAgICAgICAgIGZvciAoIGkgPSAwOyBpIDwgR05UVEFCX05SX1JFU0VSVkVE X0VOVFJJRVM7IGkrKyApCiAgICAgICAgIHsKLSAgICAgICAgICAgIGlmICgg KChzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5mbGFncyAmIEdURl90eXBl X21hc2spID09Ci0gICAgICAgICAgICAgICAgICBHVEZfcGVybWl0X2FjY2Vz cykgJiYKLSAgICAgICAgICAgICAgICAgKHNoYXJlZF9lbnRyeV92MihndCwg aSkuZnVsbF9wYWdlLmZyYW1lID4+IDMyKSApCisgICAgICAgICAgICBzd2l0 Y2ggKCBzaGFyZWRfZW50cnlfdjIoZ3QsIGkpLmhkci5mbGFncyAmIEdURl90 eXBlX21hc2sgKQogICAgICAgICAgICAgeworICAgICAgICAgICAgY2FzZSBH VEZfcGVybWl0X2FjY2VzczoKKyAgICAgICAgICAgICAgICAgaWYgKCAhKHNo YXJlZF9lbnRyeV92MihndCwgaSkuZnVsbF9wYWdlLmZyYW1lID4+IDMyKSAp CisgICAgICAgICAgICAgICAgICAgICBicmVhazsKKyAgICAgICAgICAgICAg ICAgLyogZmFsbCB0aHJvdWdoICovCisgICAgICAgICAgICBjYXNlIEdURl90 cmFuc2l0aXZlOgogICAgICAgICAgICAgICAgIGdkcHJpbnRrKFhFTkxPR19X QVJOSU5HLAogICAgICAgICAgICAgICAgICAgICAgICAgICJ0cmllZCB0byBj aGFuZ2UgZ3JhbnQgdGFibGUgdmVyc2lvbiB0byAxIHdpdGggbm9uLXJlcHJl c2VudGFibGUgZW50cmllc1xuIik7CiAgICAgICAgICAgICAgICAgcmVzID0g LUVSQU5HRTsK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator--