From xen-announce-bounces@lists.xen.org Tue Sep 12 12:04:59 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Sep 2017 12:04:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjuw-0002Bq-Jc; Tue, 12 Sep 2017 12:03:50 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjuv-0002Aq-BM; Tue, 12 Sep 2017 12:03:49 +0000 Received: from [85.158.143.35] by server-4.bemta-6.messagelabs.com id C7/6F-03283-42DC7B95; Tue, 12 Sep 2017 12:03:48 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRWlGSWpSXmKPExsWS0XRdVVfh7PZ Ig3kdiha3brYyWyz5uJjFYtXVA6wOzB5Hd/9mCmCMYs3MS8qvSGDNaLw0j6XgumPFkZdPWRsY V9p2MXJxCAlcYZSYufcxE4SziFHia9sLli5GTg5mAVeJG/s2s0HYihIX7jWAxXkFBCVOznwCZ ksIaErcebOKHcQWESiS2HnuJZjNJqAnMffsJCaIXkuJ+RNPgc0RFoiU+LPkPRPEHDOJxz0dYP UsAqoSs869Yp/AyDMLyepZSFbPQrJ6FiMHUFxTYv0ufQhTWmL5Pw6IanmJ7W/nMEPYVhIb/j9 ngrDNJQ5fWMoMM3FK90N2iFZriTPzDCDCFhL3d59lQlaygJFnFaNGcWpRWWqRrqGpXlJRZnpG SW5iZo6uoYGZXm5qcXFiempOYlKxXnJ+7iZGYJwwAMEOxm/LAg4xSnIwKYnyHlm/PVKILyk/p TIjsTgjvqg0J7X4EKMMB4eSBK/yGaCcYFFqempFWmYOMGJh0hIcPEoivBwgad7igsTc4sx0iN QpRnuOYysu/mHiOLbpMpBcM+86kOy4efcPkxBLXn5eqpQ47+/TQG0CIG0ZpXlwQ2EJ5hKjrJQ wLyPQmUI8BalFuZklqPKvGMU5GJWEeS+CTOHJzCuB2/0K6CwmoLN4Lm0BOaskESEl1cCoujdt uaHvz47Ct5WHcqc5f8zh93dvi5tSx7H9akFD/XRXs7B7HxgKbc5z1LEv+8Vs8ERnAd9xxUlT1 sx8vnNG8rIbRYuK1xb8vVN6d9P5bTfePeIx7s+bqd68Iyhdj1/D9JEM7+/FqxQ2BM2u4v1zv7 L2+sE9z6YXOyTnalqovVsm8ecUl0ScEktxRqKhFnNRcSIATX9BCisDAAA= X-Env-Sender: aliasfile-bounces@xenproject.org X-Msg-Ref: server-15.tower-21.messagelabs.com!1505217823!82286634!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 56949 invoked from network); 12 Sep 2017 12:03:44 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-15.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Sep 2017 12:03:44 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjug-0002v2-ND; Tue, 12 Sep 2017 12:03:34 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1drjug-00084W-JI; Tue, 12 Sep 2017 12:03:34 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 12 Sep 2017 12:03:34 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 233 (CVE-2017-14317) - cxenstored: Race in domain cleanup X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-14317 / XSA-233 version 3 cxenstored: Race in domain cleanup UPDATES IN VERSION 3 ==================== Added metadata file Public release. ISSUE DESCRIPTION ================= When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. IMPACT ====== The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc). VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only systems running the C version os xenstored ("xenstored") are vulnerable; systems running the Ocaml version ("oxenstored") are not vulnerable. Only systems running devicemodel stubdomains are vulnerable. Only x86 HVM guests can use stubdomains. Therefore ARM systems, x86 systems running only PV guests, and x86 systems running HVM guests with the devicemodel not in a stubdomain (eg in dom0), are not vulnerable. MITIGATION ========== Running oxenstored will mitigate this issue. Not using stubdomains will also mitigate the issue. CREDITS ======= This issue was discovered by Eric Chanudet of AIS. RESOLUTION ========== Applying the attached patch resolves this issue. xsa233.patch xen-unstable, Xen 4.9.x Xen 4.8.x Xen 4.7.x Xen 4.6.x Xen 4.5.x $ sha256sum xsa233* 66b6f6c0837a5d12a77db7e5cbfd0514968bd47e2d192824da3bc9ddf119bfe0 xsa233.meta f721cc49ba692b2f36299b631451f51d7340b8b4732f74c98f01cb7a80d8662b xsa233.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZt80GAAoJEIP+FMlX6CvZVO8IALTEAV/xiPTN1uUPISLQYLmX 6Bu80yrD+5UjVVI01FrkeUfNJBABmxf5q6sTOFeuYctwY6iPMJI46jHda8ugew5j wnOgtgat0lfQT1/E/C8SsGEHeTULXPHVOaaXRQT55ExhVvEhLvSQV5vd6YNituyq ow3hYrK3crK3uCOdLyZlxbuHXMFyLIbpoTYnRgXzV/3uLOB5TPsoRzKf4E+Z1Muo chQXk8OQG+CEYupf00+H/QTvrDLSnf4KT4t4rZXDqUd39QoxV1l9s0daLyMjyJg/ Lu5t1WmcmarZvYICJhWf3Vi2NpaNTyQEeepwUM/XHe+vgHJXzesWyuRoLApmEfE= =trYV -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa233.meta" Content-Disposition: attachment; filename="xsa233.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzMsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMzEsCiAgICAgICAgICAgIDIzMgogICAg ICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMzLnBhdGNo IiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuNiI6IHsKICAg ICAgIlhlblZlcnNpb24iOiAiNC42IiwKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiYjQ2NjBi NGQ0YTM1ZWRhYzcxNWMwMDNjODQzMjZkZTJiMGZhNGY0NyIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjMxLAogICAgICAgICAgICAy MzIKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIz My5wYXRjaCIgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0Ljci OiB7CiAgICAgICJYZW5WZXJzaW9uIjogIjQuNyIsCiAgICAgICJSZWNpcGVz IjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjog IjUxNTEyNTc2MjYxNTVkNmUzMzFjYzllNjZkODk2Yzg0ZGIxNjExZTEiLAog ICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIzMSwKICAgICAg ICAgICAgMjMyCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBb ICJ4c2EyMzMucGF0Y2giIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC44IjogewogICAgICAiWGVuVmVyc2lvbiI6ICI0LjgiLAogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICJmNTIxMWNlNzU4MjFlMGYyY2M1NWVmZmQyOGRmYmU5MDgyMjY5 NzBmIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyMzEs CiAgICAgICAgICAgIDIzMgogICAgICAgICAgXSwKICAgICAgICAgICJQYXRj aGVzIjogWyAieHNhMjMzLnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAg ICB9LAogICAgIjQuOSI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC45IiwK ICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAg ICJTdGFibGVSZWYiOiAiOWJmMTRiYmY5OTA4NDNiZmVjMTZhNWQ2OWQzNmNm NDZjNzU5M2Q4OCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAg ICAgMjMxLAogICAgICAgICAgICAyMzIKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsgInhzYTIzMy5wYXRjaCIgXQogICAgICAgIH0KICAg ICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJYZW5WZXJzaW9u IjogIm1hc3RlciIsCiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4i OiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjkwNTNhNzRjMDhmZDZhYmY0 M2JiNDVmZjkzMmI0Mzg2ZGU3ZTg1MTAiLAogICAgICAgICAgIlByZXJlcXMi OiBbCiAgICAgICAgICAgIDIzMSwKICAgICAgICAgICAgMjMyCiAgICAgICAg ICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbICJ4c2EyMzMucGF0Y2giIF0K ICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa233.patch" Content-Disposition: attachment; filename="xsa233.patch" Content-Transfer-Encoding: base64 RnJvbTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpTdWJqZWN0 OiB0b29scy94ZW5zdG9yZTogZG9udCB1bmxpbmsgY29ubmVjdGlvbiBvYmpl Y3QgdHdpY2UKCkEgY29ubmVjdGlvbiBvYmplY3Qgb2YgYSBkb21haW4gd2l0 aCBhc3NvY2lhdGVkIHN0dWJkb20gaGFzIHR3bwpwYXJlbnRzOiB0aGUgZG9t YWluIGFuZCB0aGUgc3R1YmRvbS4gV2hlbiBjbGVhbmluZyB1cCB0aGUgbGlz dCBvZgphY3RpdmUgZG9tYWlucyBpbiBkb21haW5fY2xlYW51cCgpIG1ha2Ug c3VyZSBub3QgdG8gdW5saW5rIHRoZQpjb25uZWN0aW9uIHR3aWNlIGZyb20g dGhlIHNhbWUgZG9tYWluLiBUaGlzIGNvdWxkIGhhcHBlbiB3aGVuIHRoZQpk b21haW4gYW5kIGl0cyBzdHViZG9tIGFyZSBiZWluZyBkZXN0cm95ZWQgYXQg dGhlIHNhbWUgdGltZSBsZWFkaW5nCnRvIHRoZSBkb21haW4gbG9vcCBiZWlu ZyBlbnRlcmVkIHR3aWNlLgoKQWRkaXRpb25hbGx5IGRvbid0IHVzZSB0YWxs b2NfZnJlZSgpIGluIHRoaXMgY2FzZSBhcyBpdCB3aWxsIHJlbW92ZQphIHJh bmRvbSBwYXJlbnQgbGluaywgbGVhZGluZyBldmVudHVhbGx5IHRvIGEgbWVt b3J5IGxlYWsuIFVzZQp0YWxsb2NfdW5saW5rKCkgaW5zdGVhZCBzcGVjaWZ5 aW5nIHRoZSBjb250ZXh0IGZyb20gd2hpY2ggdGhlCmNvbm5lY3Rpb24gb2Jq ZWN0IHNob3VsZCBiZSByZW1vdmVkLgoKVGhpcyBpcyBYU0EtMjMzLgoKUmVw b3J0ZWQtYnk6IEVyaWMgQ2hhbnVkZXQgPGNoYW51ZGV0ZUBhaW5mb3NlYy5j b20+ClNpZ25lZC1vZmYtYnk6IEp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNl LmNvbT4KUmV2aWV3ZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBl dS5jaXRyaXguY29tPgoKLS0tIGEvdG9vbHMveGVuc3RvcmUveGVuc3RvcmVk X2RvbWFpbi5jCisrKyBiL3Rvb2xzL3hlbnN0b3JlL3hlbnN0b3JlZF9kb21h aW4uYwpAQCAtMjIxLDEwICsyMjEsMTEgQEAgc3RhdGljIGludCBkZXN0cm95 X2RvbWFpbih2b2lkICpfZG9tYWluKQogc3RhdGljIHZvaWQgZG9tYWluX2Ns ZWFudXAodm9pZCkKIHsKIAl4Y19kb21pbmZvX3QgZG9taW5mbzsKLQlzdHJ1 Y3QgZG9tYWluICpkb21haW4sICp0bXA7CisJc3RydWN0IGRvbWFpbiAqZG9t YWluOwogCWludCBub3RpZnkgPSAwOwogCi0JbGlzdF9mb3JfZWFjaF9lbnRy eV9zYWZlKGRvbWFpbiwgdG1wLCAmZG9tYWlucywgbGlzdCkgeworIGFnYWlu OgorCWxpc3RfZm9yX2VhY2hfZW50cnkoZG9tYWluLCAmZG9tYWlucywgbGlz dCkgewogCQlpZiAoeGNfZG9tYWluX2dldGluZm8oKnhjX2hhbmRsZSwgZG9t YWluLT5kb21pZCwgMSwKIAkJCQkgICAgICAmZG9taW5mbykgPT0gMSAmJgog CQkgICAgZG9taW5mby5kb21pZCA9PSBkb21haW4tPmRvbWlkKSB7CkBAIC0y MzYsOCArMjM3LDEyIEBAIHN0YXRpYyB2b2lkIGRvbWFpbl9jbGVhbnVwKHZv aWQpCiAJCQlpZiAoIWRvbWluZm8uZHlpbmcpCiAJCQkJY29udGludWU7CiAJ CX0KLQkJdGFsbG9jX2ZyZWUoZG9tYWluLT5jb25uKTsKLQkJbm90aWZ5ID0g MDsgLyogZGVzdHJveV9kb21haW4oKSBmaXJlcyB0aGUgd2F0Y2ggKi8KKwkJ aWYgKGRvbWFpbi0+Y29ubikgeworCQkJdGFsbG9jX3VubGluayh0YWxsb2Nf YXV0b2ZyZWVfY29udGV4dCgpLCBkb21haW4tPmNvbm4pOworCQkJZG9tYWlu LT5jb25uID0gTlVMTDsKKwkJCW5vdGlmeSA9IDA7IC8qIGRlc3Ryb3lfZG9t YWluKCkgZmlyZXMgdGhlIHdhdGNoICovCisJCQlnb3RvIGFnYWluOworCQl9 CiAJfQogCiAJaWYgKG5vdGlmeSkK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Sep 12 12:04:59 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Sep 2017 12:04:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjuy-0002Du-IU; Tue, 12 Sep 2017 12:03:52 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjux-0002CP-Uq; Tue, 12 Sep 2017 12:03:52 +0000 Received: from [85.158.139.211] by server-5.bemta-5.messagelabs.com id 9E/4D-02202-62DC7B95; Tue, 12 Sep 2017 12:03:50 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRWlGSWpSXmKPExsWS0XRdVVft7PZ Ig7PzmS1u3WxltljycTGLxaqrB1gdmD2O7v7NFMAYxZqZl5RfkcCasalhB3PBbauKztV3WBoY j5h2MXJxCAlcYZQ4/uAmM4SziFHixuSdbF2MnBzMAq4SN/ZthrIVJS7ca2ABsXkFBCVOznwCZ ksIaErcebOKHcQWESiS2HnuJZjNJqAnMffsJCaIXkuJ+RNPgc0RFgiR2HRpLjPEHDOJpV3XwO awCKhK9Fx4yTyBkWcWktWzkKyehWT1LEYOoLimxPpd+hCmtMTyfxwQ1fIS29/OYYawrST+fZk LZZtLbHj5hglm4pTuh+wQtrXEtDVNjBC2hcSHM22MyGoWMPKsYlQvTi0qSy3SNdFLKspMzyjJ TczM0TU0MNXLTS0uTkxPzUlMKtZLzs/dxAiMEwYg2MF4q8/5EKMkB5OSKO+R9dsjhfiS8lMqM xKLM+KLSnNSiw8xanBwCPStWX2BUYolLz8vVUmC9/5poDrBotT01Iq0zBxgJMOUSnDwKInwng ZJ8xYXJOYWZ6ZDpE4xWnIcW3HxDxPHmnnXgWTHzbt/mITA5kmJ884AaRAAacgozYMbB0s2lxh lpYR5GYGOFeIpSC3KzSxBlX/FKM7BqCTMexFkCk9mXgnc1ldABzEBHcRzaQvIQSWJCCmpBsZ+ Jv6k7ruTJ1tUVJe8VJZkUnErd7z/qDeas9x/sWZisPWOmKjt72X+/8w4azlN9PgX66N+PNxpj +y+FC56fJt7+6F2Z+1ecfndDBqyQlunZVfMqNOUkzu0+8zCYqkfArd/hX3S2O/qqPrx73evwB yfuluJvVovflccvfAvc0KSbkam+W8tWSWW4oxEQy3mouJEAP84nUYxAwAA X-Env-Sender: aliasfile-bounces@xenproject.org X-Msg-Ref: server-8.tower-206.messagelabs.com!1505217828!111008297!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 53502 invoked from network); 12 Sep 2017 12:03:49 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-8.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Sep 2017 12:03:49 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjue-0002uq-42; Tue, 12 Sep 2017 12:03:32 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1drjue-00081T-1W; Tue, 12 Sep 2017 12:03:32 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 12 Sep 2017 12:03:32 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 232 (CVE-2017-14318) - Missing check for grant table X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-14318 / XSA-232 version 4 Missing check for grant table UPDATES IN VERSION 4 ==================== Added metadata file Public release. ISSUE DESCRIPTION ================= The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a null pointer in the domain struct. IMPACT ====== The guest can get Xen to dereference a NULL pointer. For ARM guests and x86 PV guests on systems with SMAP enabled, this will cause a host crash (denial-of-service). For x86 PV guests on systems without SMAP enabled, an attacker can map a crafted grant structure at virtual address 0. This can be leveraged to increment an arbitrary virtual address, which can then probably be leveraged into a full privilege escalation. VULNERABLE SYSTEMS ================== All versions of Xen since Xen 4.5 are vulnerable. x86 HVM guests do not expose the vulnerability. ARM guests and x86 PV guests on systems with SMAP enabled are only vulnerable to a Denial-of-Service (host crash). x86 PV guests on systems without SMAP running are vulnerable to a privilege escalation. MITIGATION ========== Hardware supporting Supervisor Mode Access Prevention (Intel Broadwell, AMD Zen) can mitigate the privilege escalation to a DoS. CREDITS ======= This issue was discovered by Matthew Daley. RESOLUTION ========== Applying the attached patch resolves this issue. xsa232.patch xen-unstable, 4.9, 4.8, 4.7, 4.6, 4.5 $ sha256sum xsa232* b193a711d013fe14556610ef3e703585164fdfc437c3a32a717c419e7a5afab2 xsa232.meta 5068a78293daa58557c30c95141b775becfb650de6a5eda0d82a4a321ced551c xsa232.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZt80FAAoJEIP+FMlX6CvZjCcH/0arWvHYjB/Zrnu9dMEjbfW8 ydFwwHm0foHY7ALp/RDazJjsNBDyt7iol0Z1Kv5wgxt+iLvgCuqVokkg80eoI6ku TYkytzWsZOw1NOJQJ2nH7v5kW76qXceMAByrWZOm09xfFQ2hhGthz8IMwfyAhWc/ GtbsK4K3k2hEp2Uh1yhvT0m2pKvB1190MfNzsKeYIoAlYnDKQu1BB93NTkIlKypz TgVfvm/1M6F/nnsekipFbGJ6/v7TEi0YqSm6uOudlbUSj0DTZYU5smBizfGwA8Ih D5ROdlqfRsXsXiUdu/HAT/IB9r9knZpicQQPPmwYPhyB+Fn8UCQei3Z+pRYzGYI= =aOmL -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa232.meta" Content-Disposition: attachment; filename="xsa232.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzIsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMzEKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsgInhzYTIzMi5wYXRjaCIgXQogICAgICAgIH0KICAg ICAgfQogICAgfSwKICAgICI0LjYiOiB7CiAgICAgICJYZW5WZXJzaW9uIjog IjQuNiIsCiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAg ICAgICAgICAiU3RhYmxlUmVmIjogImI0NjYwYjRkNGEzNWVkYWM3MTVjMDAz Yzg0MzI2ZGUyYjBmYTRmNDciLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAg ICAgICAgICAgIDIzMQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVz IjogWyAieHNhMjMyLnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9 LAogICAgIjQuNyI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC43IiwKICAg ICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJT dGFibGVSZWYiOiAiNTE1MTI1NzYyNjE1NWQ2ZTMzMWNjOWU2NmQ4OTZjODRk YjE2MTFlMSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAg MjMxCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbICJ4c2Ey MzIucGF0Y2giIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44 IjogewogICAgICAiWGVuVmVyc2lvbiI6ICI0LjgiLAogICAgICAiUmVjaXBl cyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6 ICJmNTIxMWNlNzU4MjFlMGYyY2M1NWVmZmQyOGRmYmU5MDgyMjY5NzBmIiwK ICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyMzEKICAgICAg ICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsgInhzYTIzMi5wYXRjaCIg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjkiOiB7CiAgICAg ICJYZW5WZXJzaW9uIjogIjQuOSIsCiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjliZjE0YmJm OTkwODQzYmZlYzE2YTVkNjlkMzZjZjQ2Yzc1OTNkODgiLAogICAgICAgICAg IlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIzMQogICAgICAgICAgXSwKICAg ICAgICAgICJQYXRjaGVzIjogWyAieHNhMjMyLnBhdGNoIiBdCiAgICAgICAg fQogICAgICB9CiAgICB9LAogICAgIm1hc3RlciI6IHsKICAgICAgIlhlblZl cnNpb24iOiAibWFzdGVyIiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAg InhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiOTA1M2E3NGMwOGZk NmFiZjQzYmI0NWZmOTMyYjQzODZkZTdlODUxMCIsCiAgICAgICAgICAiUHJl cmVxcyI6IFsKICAgICAgICAgICAgMjMxCiAgICAgICAgICBdLAogICAgICAg ICAgIlBhdGNoZXMiOiBbICJ4c2EyMzIucGF0Y2giIF0KICAgICAgICB9CiAg ICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa232.patch" Content-Disposition: attachment; filename="xsa232.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogZ3JhbnRfdGFibGU6IGZpeCBHTlRUQUJPUF9jYWNoZV9m bHVzaCBoYW5kbGluZwoKRG9uJ3QgZmFsbCBvdmVyIGEgTlVMTCBncmFudF90 YWJsZSBwb2ludGVyIHdoZW4gdGhlIG93bmVyIG9mIHRoZSBkb21haW4KaXMg YSBzeXN0ZW0gZG9tYWluIChET01JRF97WEVOLElPfSBldGMpLgoKVGhpcyBp cyBYU0EtMjMyLgoKUmVwb3J0ZWQtYnk6IE1hdHRoZXcgRGFsZXkgPG1hdHRk QGJ1Z2Z1enouY29tPgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxh bmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJl dWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgoKLS0tIGEveGVuL2NvbW1vbi9n cmFudF90YWJsZS5jCisrKyBiL3hlbi9jb21tb24vZ3JhbnRfdGFibGUuYwpA QCAtMzA1Myw3ICszMDUzLDcgQEAgc3RhdGljIGludCBjYWNoZV9mbHVzaChn bnR0YWJfY2FjaGVfZmx1cwogCiAgICAgcGFnZSA9IG1mbl90b19wYWdlKG1m bik7CiAgICAgb3duZXIgPSBwYWdlX2dldF9vd25lcl9hbmRfcmVmZXJlbmNl KHBhZ2UpOwotICAgIGlmICggIW93bmVyICkKKyAgICBpZiAoICFvd25lciB8 fCAhb3duZXItPmdyYW50X3RhYmxlICkKICAgICB7CiAgICAgICAgIHJjdV91 bmxvY2tfZG9tYWluKGQpOwogICAgICAgICByZXR1cm4gLUVQRVJNOwo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Sep 12 12:04:59 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Sep 2017 12:04:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjuu-0002Ar-Of; Tue, 12 Sep 2017 12:03:48 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjus-0002AL-V5; Tue, 12 Sep 2017 12:03:47 +0000 Received: from [85.158.137.68] by server-12.bemta-3.messagelabs.com id FC/BC-18858-12DC7B95; Tue, 12 Sep 2017 12:03:45 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgk+JIrShJLcpLzFFi42LJaLquqqtwdnu kwYYVaha3brYyWyz5uJjFYtXVA6wOzB5Hd/9mCmCMYs3MS8qvSGDNeLbnEWvB7mOMFVu+aTUw 3tjP2MXIxSEkcIVR4vS96WwQziJGiXNnp7J3MXJyMAu4StzYt5kNwlaUuHCvgQXE5hUQlDg58 wmYLSGgKXHnzSqwehGBIomd516C2WwCehJzz05igui1lJg/8RTYHGGBeIn7144yQ8wxk/gxbx LYHBYBVYmem0dYJjDyzEKyehaS1bOQrJ7FyAEU15RYv0sfwpSWWP6PA6JaXmL72znMELaVRPv SD1C2ucT8Rd9YYCZO6X7IDmFbS3TuOAa1yULi8MKLrJhq7CW2zVgHZdtItM07iVXNph2vGGFq 5uy8wIRNzaU7t5hgat7/uoLingWMoqsYNYpTi8pSi3QNDfWSijLTM0pyEzNzdA0NjPVyU4uLE 9NTcxKTivWS83M3MQJTAAMQ7GBc/dvpEKMkB5OSKO+R9dsjhfiS8lMqMxKLM+KLSnNSiw8xyn BwKEnw3j8NlBMsSk1PrUjLzAEmI5i0BAePkghvEEiat7ggMbc4Mx0idYrRkuPYiot/mDjWzLs OJDtu3v3DJMSSl5+XKiXOOwOkQQCkIaM0D24cLGFeYpSVEuZlBDpQiKcgtSg3swRV/hWjOAej kjDvRZApPJl5JXBbXwEdxAR0EM+lLSAHlSQipKQaGLczlr39aPQzcvm0ncUr9PdH2ixosTE/f POy5o31fzVucnUnddllhnb3h2fvD+Nb8H/rGv+bz/Vfff0duXVe35NVIQtPRIjbtT+zPdv8/h fLn8xejQel3+Z/j9pyVmuD2goWrYCb83btWsRcZrcpfa+A0Pc5WQ5yEwLnc63Xu7D7pqwRu9r 9i7VKLMUZiYZazEXFiQCY4iSTkwMAAA== X-Env-Sender: aliasfile-bounces@xenproject.org X-Msg-Ref: server-2.tower-31.messagelabs.com!1505217823!102701828!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 59884 invoked from network); 12 Sep 2017 12:03:44 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-2.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Sep 2017 12:03:44 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjub-0002ug-Ec; Tue, 12 Sep 2017 12:03:29 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1drjub-000809-A0; Tue, 12 Sep 2017 12:03:29 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 12 Sep 2017 12:03:29 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 231 (CVE-2017-14316) - Missing NUMA node parameter verification X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-14316 / XSA-231 version 3 Missing NUMA node parameter verification UPDATES IN VERSION 3 ==================== Updated metadata file Public release. ISSUE DESCRIPTION ================= The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. IMPACT ====== An attacker using crafted hypercalls can execute arbitrary code within Xen. VULNERABLE SYSTEMS ================== All versions of Xen are affected. Both ARM and x86 are affected. Both systems running HVM guests and system running PV guests are affected. MITIGATION ========== No known mitigation. CREDITS ======= This issue was discovered by Matthew Daley. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa231.patch xen-unstable xsa231-4.9.patch Xen 4.9, Xen 4.8 xsa231-4.7.patch Xen 4.7, Xen 4.6 xsa231-4.5.patch Xen 4.5 $ sha256sum xsa231* 4255d2bc4ca668e7abcbf8256b0a8f21acef2a47a06d626aad6d22c685034587 xsa231.meta b72af3fb8c44925ea7973533e8a8701becfc194f3e1c97f12af0392e1edd16a3 xsa231.patch d9853b2d2649679d8810bd7e93f7b51bd9fefb3472da60ae464bde88aae3389c xsa231-4.5.patch ce29b56a0480f4835b37835b351e704d204bb0ccd22325f487127aa2776cc2cf xsa231-4.7.patch 71a53a5133c8d4e381dd0e3e54205d31dea545ab62b261084dd3aea140f88cad xsa231-4.9.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZt80DAAoJEIP+FMlX6CvZrooIALgotDR4DC367J1SF87V2dHW Wo2O05rF8uBl12ofMA4LirjPfbNq49ZikaDr01jq+srFZLDw72IzgjbNJOwThkZt DHFR12LABvAPHT/Je58vGqS24HKKhK1o+Q0vDcbZHzBGXkj6gwxNC+DJAzF9D9Ye qXtZv4GmkmhFs0nQuzUF8bLu7ZvIQjB7QVoXnOvynx/mpCI9GPvoRGLptIJhbc8A CqSLsgF+7cXC6E8u/pp9XorpsQf2ekQwJMkLiG3UXieeShwrmY1mCE/vWBgsFeyj k7/+dQhj6X+7vwLA385Df3cF7hDjDi23AJMUN1AuVd9fx9/ie4o+9nJIa0FpUOA= =al8X -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa231.meta" Content-Disposition: attachment; filename="xsa231.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzEsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMjYsCiAgICAgICAgICAgIDIyNywKICAg ICAgICAgICAgMjMwCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMi OiBbCiAgICAgICAgICAgICJ4c2EyMzEtNC41LnBhdGNoIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjYiOiB7CiAgICAg ICJYZW5WZXJzaW9uIjogIjQuNiIsCiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImI0NjYwYjRk NGEzNWVkYWM3MTVjMDAzYzg0MzI2ZGUyYjBmYTRmNDciLAogICAgICAgICAg IlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMjMxLTQuNy5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9 CiAgICAgIH0KICAgIH0sCiAgICAiNC43IjogewogICAgICAiWGVuVmVyc2lv biI6ICI0LjciLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjog ewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI1MTUxMjU3NjI2MTU1ZDZlMzMx Y2M5ZTY2ZDg5NmM4NGRiMTYxMWUxIiwKICAgICAgICAgICJQcmVyZXFzIjog W10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTIz MS00LjcucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAg ICB9LAogICAgIjQuOCI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC44IiwK ICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAg ICJTdGFibGVSZWYiOiAiZjUyMTFjZTc1ODIxZTBmMmNjNTVlZmZkMjhkZmJl OTA4MjI2OTcwZiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtdLAogICAgICAg ICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyMzEtNC45LnBhdGNo IgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0 LjkiOiB7CiAgICAgICJYZW5WZXJzaW9uIjogIjQuOSIsCiAgICAgICJSZWNp cGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVm IjogIjliZjE0YmJmOTkwODQzYmZlYzE2YTVkNjlkMzZjZjQ2Yzc1OTNkODgi LAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVz IjogWwogICAgICAgICAgICAieHNhMjMxLTQuOS5wYXRjaCIKICAgICAgICAg IF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAibWFzdGVyIjogewog ICAgICAiWGVuVmVyc2lvbiI6ICJtYXN0ZXIiLAogICAgICAiUmVjaXBlcyI6 IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI5 MDUzYTc0YzA4ZmQ2YWJmNDNiYjQ1ZmY5MzJiNDM4NmRlN2U4NTEwIiwKICAg ICAgICAgICJQcmVyZXFzIjogW10sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsK ICAgICAgICAgICAgInhzYTIzMS5wYXRjaCIKICAgICAgICAgIF0KICAgICAg ICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa231.patch" Content-Disposition: attachment; filename="xsa231.patch" Content-Transfer-Encoding: base64 RnJvbTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29t PgpTdWJqZWN0OiB4ZW4vbW06IG1ha2Ugc3VyZSBub2RlIGlzIGxlc3MgdGhh biBNQVhfTlVNTk9ERVMKClRoZSBvdXRwdXQgb2YgTUVNRl9nZXRfbm9kZSht ZW1mbGFncykgY2FuIGJlIGFzIGxhcmdlIGFzIG5vZGVpZF90IGNhbgpob2xk IChjdXJyZW50bHkgMjU1KS4gIFRoaXMgaXMgdGhlbiB1c2VkIGFzIGFuIGlu ZGV4IHRvIGFycmF5cyBvZiBzaXplCk1BWF9OVU1OT0RFLCB3aGljaCBpcyA2 NCBvbiB4ODYgYW5kIDEgb24gQVJNLCBjYW4gYmUgcGFzc2VkIGluIGJ5IGFu CnVudHJ1c3RlZCBndWVzdCAodmlhIG1lbW9yeV9leGNoYW5nZSBhbmQgaW5j cmVhc2VfcmVzZXJ2YXRpb24pIGFuZCBpcwpub3QgY3VycmVudGx5IGJvdW5k cy1jaGVja2VkLgoKQ2hlY2sgdGhlIHZhbHVlIGluIHBhZ2VfYWxsb2MuYyBi ZWZvcmUgdXNpbmcgaXQsIGFuZCBhbHNvIGNoZWNrIHRoZQp2YWx1ZSBpbiB0 aGUgaHlwZXJjYWxsIGNhbGwgc2l0ZXMgYW5kIHJldHVybiAtRUlOVkFMIGlm IGFwcHJvcHJpYXRlLgpEb24ndCBwZXJtaXQgZG9tYWlucyBvdGhlciB0aGFu IHRoZSBoYXJkd2FyZSBvciBjb250cm9sIGRvbWFpbiB0bwphbGxvY2F0ZSBu b2RlLWNvbnN0cmFpbmVkIG1lbW9yeS4KClRoaXMgaXMgWFNBLTIzMS4KClJl cG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBidWdmdXp6LmNvbT4K U2lnbmVkLW9mZi1ieTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBj aXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgotLS0KdjQ6IElnbm9yZSBwaHlzaWNh bCBub2RlIGlucHV0IGZvciBvdGhlciB0aGFuIGhhcmR3YXJlIGFuZCBjb250 cm9sCiAgICBkb21haW5zLgp2MzogRHJvcCBwcmludGsoKS4KdjI6IFByb3Bl cmx5IGRlYWwgd2l0aCBOVU1BX05PX05PREUgYmVpbmcgdmFsaWQgYXMgaW5w dXQsIGJ1dCBsYXJnZXIKICAgIHRoYW4gTUFYX05VTU5PREVTLiBEcm9wIHRy YWlsaW5nIHdoaXRlIHNwYWNlLgoKLS0tIGEveGVuL2NvbW1vbi9tZW1vcnku YworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00MjksNiArNDI5LDMx IEBAIHN0YXRpYyB2b2lkIGRlY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVjdAog ICAgIGEtPm5yX2RvbmUgPSBpOwogfQogCitzdGF0aWMgYm9vbCBwcm9wYWdh dGVfbm9kZSh1bnNpZ25lZCBpbnQgeG1mLCB1bnNpZ25lZCBpbnQgKm1lbWZs YWdzKQoreworICAgIGNvbnN0IHN0cnVjdCBkb21haW4gKmN1cnJkID0gY3Vy cmVudC0+ZG9tYWluOworCisgICAgQlVJTERfQlVHX09OKFhFTk1FTUZfZ2V0 X25vZGUoMCkgIT0gTlVNQV9OT19OT0RFKTsKKyAgICBCVUlMRF9CVUdfT04o TUVNRl9nZXRfbm9kZSgwKSAhPSBOVU1BX05PX05PREUpOworCisgICAgaWYg KCBYRU5NRU1GX2dldF9ub2RlKHhtZikgPT0gTlVNQV9OT19OT0RFICkKKyAg ICAgICAgcmV0dXJuIHRydWU7CisKKyAgICBpZiAoIGlzX2hhcmR3YXJlX2Rv bWFpbihjdXJyZCkgfHwgaXNfY29udHJvbF9kb21haW4oY3VycmQpICkKKyAg ICB7CisgICAgICAgIGlmICggWEVOTUVNRl9nZXRfbm9kZSh4bWYpID49IE1B WF9OVU1OT0RFUyApCisgICAgICAgICAgICByZXR1cm4gZmFsc2U7CisKKyAg ICAgICAgKm1lbWZsYWdzIHw9IE1FTUZfbm9kZShYRU5NRU1GX2dldF9ub2Rl KHhtZikpOworICAgICAgICBpZiAoIHhtZiAmIFhFTk1FTUZfZXhhY3Rfbm9k ZV9yZXF1ZXN0ICkKKyAgICAgICAgICAgICptZW1mbGFncyB8PSBNRU1GX2V4 YWN0X25vZGU7CisgICAgfQorICAgIGVsc2UgaWYgKCB4bWYgJiBYRU5NRU1G X2V4YWN0X25vZGVfcmVxdWVzdCApCisgICAgICAgIHJldHVybiBmYWxzZTsK KworICAgIHJldHVybiB0cnVlOworfQorCiBzdGF0aWMgbG9uZyBtZW1vcnlf ZXhjaGFuZ2UoWEVOX0dVRVNUX0hBTkRMRV9QQVJBTSh4ZW5fbWVtb3J5X2V4 Y2hhbmdlX3QpIGFyZykKIHsKICAgICBzdHJ1Y3QgeGVuX21lbW9yeV9leGNo YW5nZSBleGNoOwpAQCAtNTAxLDYgKzUyNiwxMiBAQCBzdGF0aWMgbG9uZyBt ZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgICAgIH0KICAgICB9 CiAKKyAgICBpZiAoIHVubGlrZWx5KCFwcm9wYWdhdGVfbm9kZShleGNoLm91 dC5tZW1fZmxhZ3MsICZtZW1mbGFncykpICkKKyAgICB7CisgICAgICAgIHJj ID0gLUVJTlZBTDsKKyAgICAgICAgZ290byBmYWlsX2Vhcmx5OworICAgIH0K KwogICAgIGQgPSByY3VfbG9ja19kb21haW5fYnlfYW55X2lkKGV4Y2guaW4u ZG9taWQpOwogICAgIGlmICggZCA9PSBOVUxMICkKICAgICB7CkBAIC01MTks NyArNTUwLDYgQEAgc3RhdGljIGxvbmcgbWVtb3J5X2V4Y2hhbmdlKFhFTl9H VUVTVF9IQQogICAgICAgICBkLAogICAgICAgICBYRU5NRU1GX2dldF9hZGRy ZXNzX2JpdHMoZXhjaC5vdXQubWVtX2ZsYWdzKSA/IDoKICAgICAgICAgKEJJ VFNfUEVSX0xPTkcrUEFHRV9TSElGVCkpKTsKLSAgICBtZW1mbGFncyB8PSBN RU1GX25vZGUoWEVOTUVNRl9nZXRfbm9kZShleGNoLm91dC5tZW1fZmxhZ3Mp KTsKIAogICAgIGZvciAoIGkgPSAoZXhjaC5ucl9leGNoYW5nZWQgPj4gaW5f Y2h1bmtfb3JkZXIpOwogICAgICAgICAgIGkgPCAoZXhjaC5pbi5ucl9leHRl bnRzID4+IGluX2NodW5rX29yZGVyKTsKQEAgLTg4MiwxMiArOTEyLDggQEAg c3RhdGljIGludCBjb25zdHJ1Y3RfbWVtb3BfZnJvbV9yZXNlcnZhdAogICAg ICAgICB9CiAgICAgICAgIHJlYWRfdW5sb2NrKCZkLT52bnVtYV9yd2xvY2sp OwogICAgIH0KLSAgICBlbHNlCi0gICAgewotICAgICAgICBhLT5tZW1mbGFn cyB8PSBNRU1GX25vZGUoWEVOTUVNRl9nZXRfbm9kZShyLT5tZW1fZmxhZ3Mp KTsKLSAgICAgICAgaWYgKCByLT5tZW1fZmxhZ3MgJiBYRU5NRU1GX2V4YWN0 X25vZGVfcmVxdWVzdCApCi0gICAgICAgICAgICBhLT5tZW1mbGFncyB8PSBN RU1GX2V4YWN0X25vZGU7Ci0gICAgfQorICAgIGVsc2UgaWYgKCB1bmxpa2Vs eSghcHJvcGFnYXRlX25vZGUoci0+bWVtX2ZsYWdzLCAmYS0+bWVtZmxhZ3Mp KSApCisgICAgICAgIHJldHVybiAtRUlOVkFMOwogCiAgICAgcmV0dXJuIDA7 CiB9Ci0tLSBhL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCisrKyBiL3hlbi9j b21tb24vcGFnZV9hbGxvYy5jCkBAIC03NzYsOSArNzc2LDEyIEBAIHN0YXRp YyBzdHJ1Y3QgcGFnZV9pbmZvICphbGxvY19oZWFwX3BhZ2UKICAgICAgICAg aWYgKCBub2RlID49IE1BWF9OVU1OT0RFUyApCiAgICAgICAgICAgICBub2Rl ID0gY3B1X3RvX25vZGUoc21wX3Byb2Nlc3Nvcl9pZCgpKTsKICAgICB9Cisg ICAgZWxzZSBpZiAoIHVubGlrZWx5KG5vZGUgPj0gTUFYX05VTU5PREVTKSAp CisgICAgeworICAgICAgICBBU1NFUlRfVU5SRUFDSEFCTEUoKTsKKyAgICAg ICAgcmV0dXJuIE5VTEw7CisgICAgfQogICAgIGZpcnN0X25vZGUgPSBub2Rl OwotCi0gICAgQVNTRVJUKG5vZGUgPCBNQVhfTlVNTk9ERVMpOwogCiAgICAg LyoKICAgICAgKiBTdGFydCB3aXRoIHJlcXVlc3RlZCBub2RlLCBidXQgZXho YXVzdCBhbGwgbm9kZSBtZW1vcnkgaW4gcmVxdWVzdGVkIAo= --=separator Content-Type: application/octet-stream; name="xsa231-4.5.patch" Content-Disposition: attachment; filename="xsa231-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29t PgpTdWJqZWN0OiB4ZW4vbW06IG1ha2Ugc3VyZSBub2RlIGlzIGxlc3MgdGhh biBNQVhfTlVNTk9ERVMKClRoZSBvdXRwdXQgb2YgTUVNRl9nZXRfbm9kZSht ZW1mbGFncykgY2FuIGJlIGFzIGxhcmdlIGFzIG5vZGVpZF90IGNhbgpob2xk IChjdXJyZW50bHkgMjU1KS4gIFRoaXMgaXMgdGhlbiB1c2VkIGFzIGFuIGlu ZGV4IHRvIGFycmF5cyBvZiBzaXplCk1BWF9OVU1OT0RFLCB3aGljaCBpcyA2 NCBvbiB4ODYgYW5kIDEgb24gQVJNLCBjYW4gYmUgcGFzc2VkIGluIGJ5IGFu CnVudHJ1c3RlZCBndWVzdCAodmlhIG1lbW9yeV9leGNoYW5nZSBhbmQgaW5j cmVhc2VfcmVzZXJ2YXRpb24pIGFuZCBpcwpub3QgY3VycmVudGx5IGJvdW5k cy1jaGVja2VkLgoKQ2hlY2sgdGhlIHZhbHVlIGluIHBhZ2VfYWxsb2MuYyBi ZWZvcmUgdXNpbmcgaXQsIGFuZCBhbHNvIGNoZWNrIHRoZQp2YWx1ZSBpbiB0 aGUgaHlwZXJjYWxsIGNhbGwgc2l0ZXMgYW5kIHJldHVybiAtRUlOVkFMIGlm IGFwcHJvcHJpYXRlLgpEb24ndCBwZXJtaXQgZG9tYWlucyBvdGhlciB0aGFu IHRoZSBoYXJkd2FyZSBvciBjb250cm9sIGRvbWFpbiB0bwphbGxvY2F0ZSBu b2RlLWNvbnN0cmFpbmVkIG1lbW9yeS4KClRoaXMgaXMgWFNBLTIzMS4KClJl cG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBidWdmdXp6LmNvbT4K U2lnbmVkLW9mZi1ieTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBj aXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2NvbW1vbi9tZW1v cnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC0zODMsNiArMzgz LDMwIEBAIHN0YXRpYyB2b2lkIGRlY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgIGEtPm5yX2RvbmUgPSBpOwogfQogCitzdGF0aWMgYm9vbF90IHBy b3BhZ2F0ZV9ub2RlKHVuc2lnbmVkIGludCB4bWYsIHVuc2lnbmVkIGludCAq bWVtZmxhZ3MpCit7CisgICAgY29uc3Qgc3RydWN0IGRvbWFpbiAqY3VycmQg PSBjdXJyZW50LT5kb21haW47CisKKyAgICBCVUlMRF9CVUdfT04oWEVOTUVN Rl9nZXRfbm9kZSgwKSAhPSBOVU1BX05PX05PREUpOworCisgICAgaWYgKCBY RU5NRU1GX2dldF9ub2RlKHhtZikgPT0gTlVNQV9OT19OT0RFICkKKyAgICAg ICAgcmV0dXJuIDE7CisKKyAgICBpZiAoIGlzX2hhcmR3YXJlX2RvbWFpbihj dXJyZCkgfHwgaXNfY29udHJvbF9kb21haW4oY3VycmQpICkKKyAgICB7Cisg ICAgICAgIGlmICggWEVOTUVNRl9nZXRfbm9kZSh4bWYpID49IE1BWF9OVU1O T0RFUyApCisgICAgICAgICAgICByZXR1cm4gMDsKKworICAgICAgICAqbWVt ZmxhZ3MgfD0gTUVNRl9ub2RlKFhFTk1FTUZfZ2V0X25vZGUoeG1mKSk7Cisg ICAgICAgIGlmICggeG1mICYgWEVOTUVNRl9leGFjdF9ub2RlX3JlcXVlc3Qg KQorICAgICAgICAgICAgKm1lbWZsYWdzIHw9IE1FTUZfZXhhY3Rfbm9kZTsK KyAgICB9CisgICAgZWxzZSBpZiAoIHhtZiAmIFhFTk1FTUZfZXhhY3Rfbm9k ZV9yZXF1ZXN0ICkKKyAgICAgICAgcmV0dXJuIDA7CisKKyAgICByZXR1cm4g MTsKK30KKwogc3RhdGljIGxvbmcgbWVtb3J5X2V4Y2hhbmdlKFhFTl9HVUVT VF9IQU5ETEVfUEFSQU0oeGVuX21lbW9yeV9leGNoYW5nZV90KSBhcmcpCiB7 CiAgICAgc3RydWN0IHhlbl9tZW1vcnlfZXhjaGFuZ2UgZXhjaDsKQEAgLTQ1 NSw2ICs0NzksMTIgQEAgc3RhdGljIGxvbmcgbWVtb3J5X2V4Y2hhbmdlKFhF Tl9HVUVTVF9IQQogICAgICAgICB9CiAgICAgfQogCisgICAgaWYgKCB1bmxp a2VseSghcHJvcGFnYXRlX25vZGUoZXhjaC5vdXQubWVtX2ZsYWdzLCAmbWVt ZmxhZ3MpKSApCisgICAgeworICAgICAgICByYyA9IC1FSU5WQUw7CisgICAg ICAgIGdvdG8gZmFpbF9lYXJseTsKKyAgICB9CisKICAgICBkID0gcmN1X2xv Y2tfZG9tYWluX2J5X2FueV9pZChleGNoLmluLmRvbWlkKTsKICAgICBpZiAo IGQgPT0gTlVMTCApCiAgICAgewpAQCAtNDczLDcgKzUwMyw2IEBAIHN0YXRp YyBsb25nIG1lbW9yeV9leGNoYW5nZShYRU5fR1VFU1RfSEEKICAgICAgICAg ZCwKICAgICAgICAgWEVOTUVNRl9nZXRfYWRkcmVzc19iaXRzKGV4Y2gub3V0 Lm1lbV9mbGFncykgPyA6CiAgICAgICAgIChCSVRTX1BFUl9MT05HK1BBR0Vf U0hJRlQpKSk7Ci0gICAgbWVtZmxhZ3MgfD0gTUVNRl9ub2RlKFhFTk1FTUZf Z2V0X25vZGUoZXhjaC5vdXQubWVtX2ZsYWdzKSk7CiAKICAgICBmb3IgKCBp ID0gKGV4Y2gubnJfZXhjaGFuZ2VkID4+IGluX2NodW5rX29yZGVyKTsKICAg ICAgICAgICBpIDwgKGV4Y2guaW4ubnJfZXh0ZW50cyA+PiBpbl9jaHVua19v cmRlcik7CkBAIC04MTQsOSArODQzLDggQEAgbG9uZyBkb19tZW1vcnlfb3Ao dW5zaWduZWQgbG9uZyBjbWQsIFhFTgogICAgICAgICAgICAgYXJncy5tZW1m bGFncyA9IE1FTUZfYml0cyhhZGRyZXNzX2JpdHMpOwogICAgICAgICB9CiAK LSAgICAgICAgYXJncy5tZW1mbGFncyB8PSBNRU1GX25vZGUoWEVOTUVNRl9n ZXRfbm9kZShyZXNlcnZhdGlvbi5tZW1fZmxhZ3MpKTsKLSAgICAgICAgaWYg KCByZXNlcnZhdGlvbi5tZW1fZmxhZ3MgJiBYRU5NRU1GX2V4YWN0X25vZGVf cmVxdWVzdCApCi0gICAgICAgICAgICBhcmdzLm1lbWZsYWdzIHw9IE1FTUZf ZXhhY3Rfbm9kZTsKKyAgICAgICAgaWYgKCB1bmxpa2VseSghcHJvcGFnYXRl X25vZGUocmVzZXJ2YXRpb24ubWVtX2ZsYWdzLCAmYXJncy5tZW1mbGFncykp ICkKKyAgICAgICAgICAgIHJldHVybiAtRUlOVkFMOwogCiAgICAgICAgIGlm ICggb3AgPT0gWEVOTUVNX3BvcHVsYXRlX3BoeXNtYXAKICAgICAgICAgICAg ICAmJiAocmVzZXJ2YXRpb24ubWVtX2ZsYWdzICYgWEVOTUVNRl9wb3B1bGF0 ZV9vbl9kZW1hbmQpICkKLS0tIGEveGVuL2NvbW1vbi9wYWdlX2FsbG9jLmMK KysrIGIveGVuL2NvbW1vbi9wYWdlX2FsbG9jLmMKQEAgLTYxMCw5ICs2MTAs MTMgQEAgc3RhdGljIHN0cnVjdCBwYWdlX2luZm8gKmFsbG9jX2hlYXBfcGFn ZQogICAgICAgICBpZiAoIG5vZGUgPj0gTUFYX05VTU5PREVTICkKICAgICAg ICAgICAgIG5vZGUgPSBjcHVfdG9fbm9kZShzbXBfcHJvY2Vzc29yX2lkKCkp OwogICAgIH0KKyAgICBlbHNlIGlmICggdW5saWtlbHkobm9kZSA+PSBNQVhf TlVNTk9ERVMpICkKKyAgICB7CisgICAgICAgIEFTU0VSVF9VTlJFQUNIQUJM RSgpOworICAgICAgICByZXR1cm4gTlVMTDsKKyAgICB9CiAgICAgZmlyc3Rf bm9kZSA9IG5vZGU7CiAKLSAgICBBU1NFUlQobm9kZSA+PSAwKTsKICAgICBB U1NFUlQoem9uZV9sbyA8PSB6b25lX2hpKTsKICAgICBBU1NFUlQoem9uZV9o aSA8IE5SX1pPTkVTKTsKIAo= --=separator Content-Type: application/octet-stream; name="xsa231-4.7.patch" Content-Disposition: attachment; filename="xsa231-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29t PgpTdWJqZWN0OiB4ZW4vbW06IG1ha2Ugc3VyZSBub2RlIGlzIGxlc3MgdGhh biBNQVhfTlVNTk9ERVMKClRoZSBvdXRwdXQgb2YgTUVNRl9nZXRfbm9kZSht ZW1mbGFncykgY2FuIGJlIGFzIGxhcmdlIGFzIG5vZGVpZF90IGNhbgpob2xk IChjdXJyZW50bHkgMjU1KS4gIFRoaXMgaXMgdGhlbiB1c2VkIGFzIGFuIGlu ZGV4IHRvIGFycmF5cyBvZiBzaXplCk1BWF9OVU1OT0RFLCB3aGljaCBpcyA2 NCBvbiB4ODYgYW5kIDEgb24gQVJNLCBjYW4gYmUgcGFzc2VkIGluIGJ5IGFu CnVudHJ1c3RlZCBndWVzdCAodmlhIG1lbW9yeV9leGNoYW5nZSBhbmQgaW5j cmVhc2VfcmVzZXJ2YXRpb24pIGFuZCBpcwpub3QgY3VycmVudGx5IGJvdW5k cy1jaGVja2VkLgoKQ2hlY2sgdGhlIHZhbHVlIGluIHBhZ2VfYWxsb2MuYyBi ZWZvcmUgdXNpbmcgaXQsIGFuZCBhbHNvIGNoZWNrIHRoZQp2YWx1ZSBpbiB0 aGUgaHlwZXJjYWxsIGNhbGwgc2l0ZXMgYW5kIHJldHVybiAtRUlOVkFMIGlm IGFwcHJvcHJpYXRlLgpEb24ndCBwZXJtaXQgZG9tYWlucyBvdGhlciB0aGFu IHRoZSBoYXJkd2FyZSBvciBjb250cm9sIGRvbWFpbiB0bwphbGxvY2F0ZSBu b2RlLWNvbnN0cmFpbmVkIG1lbW9yeS4KClRoaXMgaXMgWFNBLTIzMS4KClJl cG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBidWdmdXp6LmNvbT4K U2lnbmVkLW9mZi1ieTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBj aXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2NvbW1vbi9tZW1v cnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC0zOTAsNiArMzkw LDMxIEBAIHN0YXRpYyB2b2lkIGRlY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgIGEtPm5yX2RvbmUgPSBpOwogfQogCitzdGF0aWMgYm9vbF90IHBy b3BhZ2F0ZV9ub2RlKHVuc2lnbmVkIGludCB4bWYsIHVuc2lnbmVkIGludCAq bWVtZmxhZ3MpCit7CisgICAgY29uc3Qgc3RydWN0IGRvbWFpbiAqY3VycmQg PSBjdXJyZW50LT5kb21haW47CisKKyAgICBCVUlMRF9CVUdfT04oWEVOTUVN Rl9nZXRfbm9kZSgwKSAhPSBOVU1BX05PX05PREUpOworICAgIEJVSUxEX0JV R19PTihNRU1GX2dldF9ub2RlKDApICE9IE5VTUFfTk9fTk9ERSk7CisKKyAg ICBpZiAoIFhFTk1FTUZfZ2V0X25vZGUoeG1mKSA9PSBOVU1BX05PX05PREUg KQorICAgICAgICByZXR1cm4gMTsKKworICAgIGlmICggaXNfaGFyZHdhcmVf ZG9tYWluKGN1cnJkKSB8fCBpc19jb250cm9sX2RvbWFpbihjdXJyZCkgKQor ICAgIHsKKyAgICAgICAgaWYgKCBYRU5NRU1GX2dldF9ub2RlKHhtZikgPj0g TUFYX05VTU5PREVTICkKKyAgICAgICAgICAgIHJldHVybiAwOworCisgICAg ICAgICptZW1mbGFncyB8PSBNRU1GX25vZGUoWEVOTUVNRl9nZXRfbm9kZSh4 bWYpKTsKKyAgICAgICAgaWYgKCB4bWYgJiBYRU5NRU1GX2V4YWN0X25vZGVf cmVxdWVzdCApCisgICAgICAgICAgICAqbWVtZmxhZ3MgfD0gTUVNRl9leGFj dF9ub2RlOworICAgIH0KKyAgICBlbHNlIGlmICggeG1mICYgWEVOTUVNRl9l eGFjdF9ub2RlX3JlcXVlc3QgKQorICAgICAgICByZXR1cm4gMDsKKworICAg IHJldHVybiAxOworfQorCiBzdGF0aWMgbG9uZyBtZW1vcnlfZXhjaGFuZ2Uo WEVOX0dVRVNUX0hBTkRMRV9QQVJBTSh4ZW5fbWVtb3J5X2V4Y2hhbmdlX3Qp IGFyZykKIHsKICAgICBzdHJ1Y3QgeGVuX21lbW9yeV9leGNoYW5nZSBleGNo OwpAQCAtNDYyLDYgKzQ4NywxMiBAQCBzdGF0aWMgbG9uZyBtZW1vcnlfZXhj aGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgICAgIH0KICAgICB9CiAKKyAgICBp ZiAoIHVubGlrZWx5KCFwcm9wYWdhdGVfbm9kZShleGNoLm91dC5tZW1fZmxh Z3MsICZtZW1mbGFncykpICkKKyAgICB7CisgICAgICAgIHJjID0gLUVJTlZB TDsKKyAgICAgICAgZ290byBmYWlsX2Vhcmx5OworICAgIH0KKwogICAgIGQg PSByY3VfbG9ja19kb21haW5fYnlfYW55X2lkKGV4Y2guaW4uZG9taWQpOwog ICAgIGlmICggZCA9PSBOVUxMICkKICAgICB7CkBAIC00ODAsNyArNTExLDYg QEAgc3RhdGljIGxvbmcgbWVtb3J5X2V4Y2hhbmdlKFhFTl9HVUVTVF9IQQog ICAgICAgICBkLAogICAgICAgICBYRU5NRU1GX2dldF9hZGRyZXNzX2JpdHMo ZXhjaC5vdXQubWVtX2ZsYWdzKSA/IDoKICAgICAgICAgKEJJVFNfUEVSX0xP TkcrUEFHRV9TSElGVCkpKTsKLSAgICBtZW1mbGFncyB8PSBNRU1GX25vZGUo WEVOTUVNRl9nZXRfbm9kZShleGNoLm91dC5tZW1fZmxhZ3MpKTsKIAogICAg IGZvciAoIGkgPSAoZXhjaC5ucl9leGNoYW5nZWQgPj4gaW5fY2h1bmtfb3Jk ZXIpOwogICAgICAgICAgIGkgPCAoZXhjaC5pbi5ucl9leHRlbnRzID4+IGlu X2NodW5rX29yZGVyKTsKQEAgLTgzNCwxMiArODY0LDggQEAgc3RhdGljIGlu dCBjb25zdHJ1Y3RfbWVtb3BfZnJvbV9yZXNlcnZhdAogICAgICAgICB9CiAg ICAgICAgIHJlYWRfdW5sb2NrKCZkLT52bnVtYV9yd2xvY2spOwogICAgIH0K LSAgICBlbHNlCi0gICAgewotICAgICAgICBhLT5tZW1mbGFncyB8PSBNRU1G X25vZGUoWEVOTUVNRl9nZXRfbm9kZShyLT5tZW1fZmxhZ3MpKTsKLSAgICAg ICAgaWYgKCByLT5tZW1fZmxhZ3MgJiBYRU5NRU1GX2V4YWN0X25vZGVfcmVx dWVzdCApCi0gICAgICAgICAgICBhLT5tZW1mbGFncyB8PSBNRU1GX2V4YWN0 X25vZGU7Ci0gICAgfQorICAgIGVsc2UgaWYgKCB1bmxpa2VseSghcHJvcGFn YXRlX25vZGUoci0+bWVtX2ZsYWdzLCAmYS0+bWVtZmxhZ3MpKSApCisgICAg ICAgIHJldHVybiAtRUlOVkFMOwogCiAgICAgcmV0dXJuIDA7CiB9Ci0tLSBh L3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCisrKyBiL3hlbi9jb21tb24vcGFn ZV9hbGxvYy5jCkBAIC03MTEsOSArNzExLDEzIEBAIHN0YXRpYyBzdHJ1Y3Qg cGFnZV9pbmZvICphbGxvY19oZWFwX3BhZ2UKICAgICAgICAgaWYgKCBub2Rl ID49IE1BWF9OVU1OT0RFUyApCiAgICAgICAgICAgICBub2RlID0gY3B1X3Rv X25vZGUoc21wX3Byb2Nlc3Nvcl9pZCgpKTsKICAgICB9CisgICAgZWxzZSBp ZiAoIHVubGlrZWx5KG5vZGUgPj0gTUFYX05VTU5PREVTKSApCisgICAgewor ICAgICAgICBBU1NFUlRfVU5SRUFDSEFCTEUoKTsKKyAgICAgICAgcmV0dXJu IE5VTEw7CisgICAgfQogICAgIGZpcnN0X25vZGUgPSBub2RlOwogCi0gICAg QVNTRVJUKG5vZGUgPCBNQVhfTlVNTk9ERVMpOwogICAgIEFTU0VSVCh6b25l X2xvIDw9IHpvbmVfaGkpOwogICAgIEFTU0VSVCh6b25lX2hpIDwgTlJfWk9O RVMpOwogCg== --=separator Content-Type: application/octet-stream; name="xsa231-4.9.patch" Content-Disposition: attachment; filename="xsa231-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBjaXRyaXguY29t PgpTdWJqZWN0OiB4ZW4vbW06IG1ha2Ugc3VyZSBub2RlIGlzIGxlc3MgdGhh biBNQVhfTlVNTk9ERVMKClRoZSBvdXRwdXQgb2YgTUVNRl9nZXRfbm9kZSht ZW1mbGFncykgY2FuIGJlIGFzIGxhcmdlIGFzIG5vZGVpZF90IGNhbgpob2xk IChjdXJyZW50bHkgMjU1KS4gIFRoaXMgaXMgdGhlbiB1c2VkIGFzIGFuIGlu ZGV4IHRvIGFycmF5cyBvZiBzaXplCk1BWF9OVU1OT0RFLCB3aGljaCBpcyA2 NCBvbiB4ODYgYW5kIDEgb24gQVJNLCBjYW4gYmUgcGFzc2VkIGluIGJ5IGFu CnVudHJ1c3RlZCBndWVzdCAodmlhIG1lbW9yeV9leGNoYW5nZSBhbmQgaW5j cmVhc2VfcmVzZXJ2YXRpb24pIGFuZCBpcwpub3QgY3VycmVudGx5IGJvdW5k cy1jaGVja2VkLgoKQ2hlY2sgdGhlIHZhbHVlIGluIHBhZ2VfYWxsb2MuYyBi ZWZvcmUgdXNpbmcgaXQsIGFuZCBhbHNvIGNoZWNrIHRoZQp2YWx1ZSBpbiB0 aGUgaHlwZXJjYWxsIGNhbGwgc2l0ZXMgYW5kIHJldHVybiAtRUlOVkFMIGlm IGFwcHJvcHJpYXRlLgpEb24ndCBwZXJtaXQgZG9tYWlucyBvdGhlciB0aGFu IHRoZSBoYXJkd2FyZSBvciBjb250cm9sIGRvbWFpbiB0bwphbGxvY2F0ZSBu b2RlLWNvbnN0cmFpbmVkIG1lbW9yeS4KClRoaXMgaXMgWFNBLTIzMS4KClJl cG9ydGVkLWJ5OiBNYXR0aGV3IERhbGV5IDxtYXR0ZEBidWdmdXp6LmNvbT4K U2lnbmVkLW9mZi1ieTogR2VvcmdlIER1bmxhcCA8Z2VvcmdlLmR1bmxhcEBj aXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRy ZXcuY29vcGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2NvbW1vbi9tZW1v cnkuYworKysgYi94ZW4vY29tbW9uL21lbW9yeS5jCkBAIC00MTEsNiArNDEx LDMxIEBAIHN0YXRpYyB2b2lkIGRlY3JlYXNlX3Jlc2VydmF0aW9uKHN0cnVj dAogICAgIGEtPm5yX2RvbmUgPSBpOwogfQogCitzdGF0aWMgYm9vbCBwcm9w YWdhdGVfbm9kZSh1bnNpZ25lZCBpbnQgeG1mLCB1bnNpZ25lZCBpbnQgKm1l bWZsYWdzKQoreworICAgIGNvbnN0IHN0cnVjdCBkb21haW4gKmN1cnJkID0g Y3VycmVudC0+ZG9tYWluOworCisgICAgQlVJTERfQlVHX09OKFhFTk1FTUZf Z2V0X25vZGUoMCkgIT0gTlVNQV9OT19OT0RFKTsKKyAgICBCVUlMRF9CVUdf T04oTUVNRl9nZXRfbm9kZSgwKSAhPSBOVU1BX05PX05PREUpOworCisgICAg aWYgKCBYRU5NRU1GX2dldF9ub2RlKHhtZikgPT0gTlVNQV9OT19OT0RFICkK KyAgICAgICAgcmV0dXJuIHRydWU7CisKKyAgICBpZiAoIGlzX2hhcmR3YXJl X2RvbWFpbihjdXJyZCkgfHwgaXNfY29udHJvbF9kb21haW4oY3VycmQpICkK KyAgICB7CisgICAgICAgIGlmICggWEVOTUVNRl9nZXRfbm9kZSh4bWYpID49 IE1BWF9OVU1OT0RFUyApCisgICAgICAgICAgICByZXR1cm4gZmFsc2U7CisK KyAgICAgICAgKm1lbWZsYWdzIHw9IE1FTUZfbm9kZShYRU5NRU1GX2dldF9u b2RlKHhtZikpOworICAgICAgICBpZiAoIHhtZiAmIFhFTk1FTUZfZXhhY3Rf bm9kZV9yZXF1ZXN0ICkKKyAgICAgICAgICAgICptZW1mbGFncyB8PSBNRU1G X2V4YWN0X25vZGU7CisgICAgfQorICAgIGVsc2UgaWYgKCB4bWYgJiBYRU5N RU1GX2V4YWN0X25vZGVfcmVxdWVzdCApCisgICAgICAgIHJldHVybiBmYWxz ZTsKKworICAgIHJldHVybiB0cnVlOworfQorCiBzdGF0aWMgbG9uZyBtZW1v cnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBTkRMRV9QQVJBTSh4ZW5fbWVtb3J5 X2V4Y2hhbmdlX3QpIGFyZykKIHsKICAgICBzdHJ1Y3QgeGVuX21lbW9yeV9l eGNoYW5nZSBleGNoOwpAQCAtNDgzLDYgKzUwOCwxMiBAQCBzdGF0aWMgbG9u ZyBtZW1vcnlfZXhjaGFuZ2UoWEVOX0dVRVNUX0hBCiAgICAgICAgIH0KICAg ICB9CiAKKyAgICBpZiAoIHVubGlrZWx5KCFwcm9wYWdhdGVfbm9kZShleGNo Lm91dC5tZW1fZmxhZ3MsICZtZW1mbGFncykpICkKKyAgICB7CisgICAgICAg IHJjID0gLUVJTlZBTDsKKyAgICAgICAgZ290byBmYWlsX2Vhcmx5OworICAg IH0KKwogICAgIGQgPSByY3VfbG9ja19kb21haW5fYnlfYW55X2lkKGV4Y2gu aW4uZG9taWQpOwogICAgIGlmICggZCA9PSBOVUxMICkKICAgICB7CkBAIC01 MDEsNyArNTMyLDYgQEAgc3RhdGljIGxvbmcgbWVtb3J5X2V4Y2hhbmdlKFhF Tl9HVUVTVF9IQQogICAgICAgICBkLAogICAgICAgICBYRU5NRU1GX2dldF9h ZGRyZXNzX2JpdHMoZXhjaC5vdXQubWVtX2ZsYWdzKSA/IDoKICAgICAgICAg KEJJVFNfUEVSX0xPTkcrUEFHRV9TSElGVCkpKTsKLSAgICBtZW1mbGFncyB8 PSBNRU1GX25vZGUoWEVOTUVNRl9nZXRfbm9kZShleGNoLm91dC5tZW1fZmxh Z3MpKTsKIAogICAgIGZvciAoIGkgPSAoZXhjaC5ucl9leGNoYW5nZWQgPj4g aW5fY2h1bmtfb3JkZXIpOwogICAgICAgICAgIGkgPCAoZXhjaC5pbi5ucl9l eHRlbnRzID4+IGluX2NodW5rX29yZGVyKTsKQEAgLTg2NCwxMiArODk0LDgg QEAgc3RhdGljIGludCBjb25zdHJ1Y3RfbWVtb3BfZnJvbV9yZXNlcnZhdAog ICAgICAgICB9CiAgICAgICAgIHJlYWRfdW5sb2NrKCZkLT52bnVtYV9yd2xv Y2spOwogICAgIH0KLSAgICBlbHNlCi0gICAgewotICAgICAgICBhLT5tZW1m bGFncyB8PSBNRU1GX25vZGUoWEVOTUVNRl9nZXRfbm9kZShyLT5tZW1fZmxh Z3MpKTsKLSAgICAgICAgaWYgKCByLT5tZW1fZmxhZ3MgJiBYRU5NRU1GX2V4 YWN0X25vZGVfcmVxdWVzdCApCi0gICAgICAgICAgICBhLT5tZW1mbGFncyB8 PSBNRU1GX2V4YWN0X25vZGU7Ci0gICAgfQorICAgIGVsc2UgaWYgKCB1bmxp a2VseSghcHJvcGFnYXRlX25vZGUoci0+bWVtX2ZsYWdzLCAmYS0+bWVtZmxh Z3MpKSApCisgICAgICAgIHJldHVybiAtRUlOVkFMOwogCiAgICAgcmV0dXJu IDA7CiB9Ci0tLSBhL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCisrKyBiL3hl bi9jb21tb24vcGFnZV9hbGxvYy5jCkBAIC03MDYsOSArNzA2LDEzIEBAIHN0 YXRpYyBzdHJ1Y3QgcGFnZV9pbmZvICphbGxvY19oZWFwX3BhZ2UKICAgICAg ICAgaWYgKCBub2RlID49IE1BWF9OVU1OT0RFUyApCiAgICAgICAgICAgICBu b2RlID0gY3B1X3RvX25vZGUoc21wX3Byb2Nlc3Nvcl9pZCgpKTsKICAgICB9 CisgICAgZWxzZSBpZiAoIHVubGlrZWx5KG5vZGUgPj0gTUFYX05VTU5PREVT KSApCisgICAgeworICAgICAgICBBU1NFUlRfVU5SRUFDSEFCTEUoKTsKKyAg ICAgICAgcmV0dXJuIE5VTEw7CisgICAgfQogICAgIGZpcnN0X25vZGUgPSBu b2RlOwogCi0gICAgQVNTRVJUKG5vZGUgPCBNQVhfTlVNTk9ERVMpOwogICAg IEFTU0VSVCh6b25lX2xvIDw9IHpvbmVfaGkpOwogICAgIEFTU0VSVCh6b25l X2hpIDwgTlJfWk9ORVMpOwogCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Tue Sep 12 12:04:59 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 12 Sep 2017 12:04:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjv5-0002IY-E0; Tue, 12 Sep 2017 12:03:59 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjv3-0002Gv-11; Tue, 12 Sep 2017 12:03:57 +0000 Received: from [85.158.139.211] by server-3.bemta-5.messagelabs.com id A0/83-30688-C2DC7B95; Tue, 12 Sep 2017 12:03:56 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrAJsWRWlGSWpSXmKPExsWS0XRdVVfj7PZ Ig9+TzSxu3WxltljycTGLxaqrB1gdmD2O7v7NFMAYxZqZl5RfkcCa0fnkEGNB6w7mir3bZrE1 MG5ew9zFyMUhJHCFUeLqoQ5GCGcRo0THitWsXYycHMwCrhI39m1mg7AVJS7ca2ABsXkFBCVOz nwCZksIaErcebOKHcQWESiS2HnuJZjNJqAnMffsJCaIXkuJ+RNPgc0RFsiRuNv9ghFijpnEv0 tnwXaxCKhKPL9zi2kCI88sJKtnIVk9C8nqWYwcQHFNifW79CFMaYnl/zggquUltr+dwwxhW0n MWvAUyjaXOD+5ix1m4pTuh1C2tcSMbYcYIWwLiR17T7FiqrGXaDmxjQXCtpG4N/kLGzY1N478 ZoapmfV3DRa77CWuHn/BCFOz/dhVJmxqbl6ZyAjxlo3EkX91yEoWMEqsYtQoTi0qSy3SNTLQS yrKTM8oyU3MzNE1NDDVy00tLk5MT81JTCrWS87P3cQITCX1DAyMOxgbZ/sdYpTkYFIS5T2yfn ukEF9SfkplRmJxRnxRaU5q8SFGDQ4Ogb41qy8wSrHk5eelKknw3j8NVCdYlJqeWpGWmQNMdjC lEhw8SiK8p0HSvMUFibnFmekQqVOMlhzHVlz8w8SxZt51INlx8+4fJiGweVLivDNAGgRAGjJK 8+DGwRLyJUZZKWFeRgYGBiGegtSi3MwSVPlXjOIcjErCvFNApvBk5pXAbX0FdBAT0EE8l7aAH FSSiJCSamDMN/1Tta1y62+rScy+Z70/Sljt7BNUubL9/MZ1s42YblmbqrlWehX37zfgO8UkNN 90RsDWw8rOjCdPTj5RclDEaPmkl9Ub781+z75y24qVLjvlu493yu4Lj4q//uQAO2v09qr9u0X C7VeWWIYrTD20dAMwwCTySxInWeyUf/KMxyZtz/KcI1+UWIozEg21mIuKEwGGcbHFwwMAAA== X-Env-Sender: aliasfile-bounces@xenproject.org X-Msg-Ref: server-15.tower-206.messagelabs.com!1505217831!97127215!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2086 invoked from network); 12 Sep 2017 12:03:52 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-15.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Sep 2017 12:03:52 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drjui-0002vN-MR; Tue, 12 Sep 2017 12:03:36 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1drjui-00085v-K8; Tue, 12 Sep 2017 12:03:36 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Tue, 12 Sep 2017 12:03:36 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 234 (CVE-2017-14319) - insufficient grant unmapping checks for x86 PV guests X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2017-14319 / XSA-234 version 3 insufficient grant unmapping checks for x86 PV guests UPDATES IN VERSION 3 ==================== Added metadata file Public release. ISSUE DESCRIPTION ================= When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. IMPACT ====== A malicious or buggy x86 PV guest could escalate its privileges or crash the hypervisor. VULNERABLE SYSTEMS ================== All Xen versions are affected. Only x86 PV guests can leverage the vulnerability. x86 HVM guests as well as ARM guests cannot leverage the vulnerability. MITIGATION ========== Running only HVM guests will avoid this vulnerability. However, the vulnerability is exposed to PV stub qemu serving as the device model for HVM guests. Our default assumption is that an HVM guest has compromised its PV stub qemu. By extension, it is likely that the vulnerability is exposed to HVM guests which are served by a PV stub qemu. For PV guests, the vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa234.patch xen-unstable xsa234-4.9.patch Xen 4.9.x xsa234-4.8.patch Xen 4.8.x, Xen 4.7.x xsa234-4.6.patch Xen 4.6.x xsa234-4.5.patch Xen 4.5.x $ sha256sum xsa234* efbcc7eac0f010281c5651d191076ac08cc7dd22a1945e88e92ba8a03ae8cc40 xsa234.meta 08ffa79e5c2a77db0b91b3bfcf9fa5c50f174fe842b7418e2e1549d47e0aec4d xsa234.patch 4b74f3c85a98bc6f40c6a448b068bf45e71f7cce887b7cb1481aca0e8746d990 xsa234-4.5.patch 3df4ce173196111c1ff849039ea4927c0b4bd632b08a501fb26f64e31b951fba xsa234-4.6.patch 169e4e0eaa6b27e58ff0f4ce50e8fcc3f81b1e0a10210decf22d1b4cac7501fb xsa234-4.8.patch 213f9d81a4ab785db67b9f579c9e88c9c8586c46b93f466a309060750df2df32 xsa234-4.9.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZt80HAAoJEIP+FMlX6CvZBCsH/1ghPnUr7fpKSgd7huB5gtGC +QsoqJlmI8U+eWqmS8RlAZ0f5A2Umy7GyYDWqFbvJR2o60AMf7DI9d1QVHQYRSfD JFw+M4ohZ/gZoHykof929QYY15Fhrnt5PoMJ6ztt3ZsBXYkXTJfyvHwVjCD43Nvt fANPcYOpm8NneV9mAviVEjR3u08ultjcfq0Gdks22L5zWKzG38j/rbBtA75mx5eT v/eYXEqrSgXEfI2zJOP/j53D2CwMJnmbbsxgQTvAalSLq1zqNrXFSHEkfyqi+Aix QReMmubpNVbIv1ybtZsE1tRMgBY7VJBJEbT5/PrOUErb9XMoL0wtMwP+kHuVD2w= =qFgP -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa234.meta" Content-Disposition: attachment; filename="xsa234.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyMzQsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICIzMjE3MTI5ZWI2NWMw ZDQ5OTVlZDA4ZmI4OTE5ZTNjMzM0Y2FkNTQ4IiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMzEsCiAgICAgICAgICAgIDIzMiwKICAg ICAgICAgICAgMjMzCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMi OiBbICJ4c2EyMzQtNC41LnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAg ICB9LAogICAgIjQuNiI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC42IiwK ICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAg ICJTdGFibGVSZWYiOiAiYjQ2NjBiNGQ0YTM1ZWRhYzcxNWMwMDNjODQzMjZk ZTJiMGZhNGY0NyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAg ICAgMjMxLAogICAgICAgICAgICAyMzIsCiAgICAgICAgICAgIDIzMwogICAg ICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjM0LTQuNi5w YXRjaCIgXQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjciOiB7 CiAgICAgICJYZW5WZXJzaW9uIjogIjQuNyIsCiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjUx NTEyNTc2MjYxNTVkNmUzMzFjYzllNjZkODk2Yzg0ZGIxNjExZTEiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIzMSwKICAgICAgICAg ICAgMjMyLAogICAgICAgICAgICAyMzMKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsgInhzYTIzNC00LjgucGF0Y2giIF0KICAgICAgICB9 CiAgICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAgICAiWGVuVmVyc2lv biI6ICI0LjgiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjog ewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJmNTIxMWNlNzU4MjFlMGYyY2M1 NWVmZmQyOGRmYmU5MDgyMjY5NzBmIiwKICAgICAgICAgICJQcmVyZXFzIjog WwogICAgICAgICAgICAyMzEsCiAgICAgICAgICAgIDIzMiwKICAgICAgICAg ICAgMjMzCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbICJ4 c2EyMzQtNC44LnBhdGNoIiBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAog ICAgIjQuOSI6IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC45IiwKICAgICAg IlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFi bGVSZWYiOiAiOWJmMTRiYmY5OTA4NDNiZmVjMTZhNWQ2OWQzNmNmNDZjNzU5 M2Q4OCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjMx LAogICAgICAgICAgICAyMzIsCiAgICAgICAgICAgIDIzMwogICAgICAgICAg XSwKICAgICAgICAgICJQYXRjaGVzIjogWyAieHNhMjM0LTQuOS5wYXRjaCIg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAg ICAgICJYZW5WZXJzaW9uIjogIm1hc3RlciIsCiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjkw NTNhNzRjMDhmZDZhYmY0M2JiNDVmZjkzMmI0Mzg2ZGU3ZTg1MTAiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIzMSwKICAgICAgICAg ICAgMjMyLAogICAgICAgICAgICAyMzMKICAgICAgICAgIF0sCiAgICAgICAg ICAiUGF0Y2hlcyI6IFsgInhzYTIzNC5wYXRjaCIgXQogICAgICAgIH0KICAg ICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa234.patch" Content-Disposition: attachment; filename="xsa234.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFsc28gdmFsaWRhdGUgUFRFIHBlcm1pc3Npb25zIHVwb24g ZGVzdHJveS9yZXBsYWNlCgpJbiBvcmRlciBmb3IgUFRFIGhhbmRsaW5nIHRv IG1hdGNoIHVwIHdpdGggdGhlIHJlZmVyZW5jZSBjb3VudGluZyBkb25lCmJ5 IGNvbW1vbiBjb2RlLCBwcmVzZW5jZSBhbmQgd3JpdGFiaWxpdHkgb2YgZ3Jh bnQgbWFwcGluZyBQVEVzIG11c3QKYWxzbyBiZSB0YWtlbiBpbnRvIGFjY291 bnQ7IHZhbGlkYXRpbmcganVzdCB0aGUgZnJhbWUgbnVtYmVyIGlzIG5vdApl bm91Z2guIFRoaXMgaXMgaW4gcGFydGljdWxhciByZWxldmFudCBpZiBhIGd1 ZXN0IGZpZGRsZXMgd2l0aCBncmFudApQVEVzIHZpYSBub24tZ3JhbnQgaHlw ZXJjYWxscy4KCk5vdGUgdGhhdCB0aGUgZmxhZ3MgYmVpbmcgcGFzc2VkIHRv IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKYWxyZWFkeSBoYXBwZW4g dG8gYmUgdGhvc2Ugb2YgdGhlIGV4aXN0aW5nIG1hcHBpbmcsIHNvIG5vIG5l dyBmdW5jdGlvbgpwYXJhbWV0ZXIgaXMgbmVlZGVkLgoKVGhpcyBpcyBYU0Et MjM0LgoKUmVwb3J0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIg PGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+Ci0tLQp2NTogSW52ZXJ0IHRo ZSBtYXNrIHVzZWQgZm9yIHRoZSAiUFRFIGZsYWdzIGRvbid0IG1hdGNoIiBj aGVja3MuCnY0OiBTbGlnaHRseSByZWxheCB0aGUgIlBURSBmbGFncyBkb24n dCBtYXRjaCIgY2hlY2tzIHRvIGNvcGUgd2l0aAogICAgcmVwbGFjZSBoYW5k bGluZyBhbHNvIGhvbm9yaW5nIF9QQUdFX0FWQUlMIGFuZCBQQUdFX0NBQ0hF X0FUVFJTCiAgICBldmVudHVhbGx5Lgp2MzogUmV2ZXJ0IHRvIHYxLgoKLS0t IGEveGVuL2FyY2gveDg2L21tLmMKKysrIGIveGVuL2FyY2gveDg2L21tLmMK QEAgLTM4NTUsNyArMzg1NSw4IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dyYW50 X3B0ZV9tYXBwaW5nKAogfQogCiBzdGF0aWMgaW50IGRlc3Ryb3lfZ3JhbnRf cHRlX21hcHBpbmcoCi0gICAgdWludDY0X3QgYWRkciwgdW5zaWduZWQgbG9u ZyBmcmFtZSwgc3RydWN0IGRvbWFpbiAqZCkKKyAgICB1aW50NjRfdCBhZGRy LCB1bnNpZ25lZCBsb25nIGZyYW1lLCB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRl X2ZsYWdzLAorICAgIHN0cnVjdCBkb21haW4gKmQpCiB7CiAgICAgaW50IHJj ID0gR05UU1Rfb2theTsKICAgICB2b2lkICp2YTsKQEAgLTM5MDEsMTcgKzM5 MDIsMjkgQEAgc3RhdGljIGludCBkZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5n KAogCiAgICAgb2wxZSA9ICoobDFfcGdlbnRyeV90ICopdmE7CiAKLSAgICAv KiBDaGVjayB0aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMg YWN0dWFsbHkgbWFwcGVkIHRvIGZyYW1lLiAqLwotICAgIGlmICggdW5saWtl bHkobDFlX2dldF9wZm4ob2wxZSkgIT0gZnJhbWUpICkKKyAgICAvKgorICAg ICAqIENoZWNrIHRoYXQgdGhlIFBURSBzdXBwbGllZCBhY3R1YWxseSBtYXBz IGZyYW1lICh3aXRoIGFwcHJvcHJpYXRlCisgICAgICogcGVybWlzc2lvbnMp LgorICAgICAqLworICAgIGlmICggdW5saWtlbHkobDFlX2dldF9wZm4ob2wx ZSkgIT0gZnJhbWUpIHx8CisgICAgICAgICB1bmxpa2VseSgobDFlX2dldF9m bGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAgICAgICAg ICAgICAgKF9QQUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkKICAgICB7CiAg ICAgICAgIHBhZ2VfdW5sb2NrKHBhZ2UpOwotICAgICAgICBnZHByaW50ayhY RU5MT0dfV0FSTklORywKLSAgICAgICAgICAgICAgICAgIlBURSBlbnRyeSAl IlBSSXB0ZSIgZm9yIGFkZHJlc3MgJSJQUkl4NjQiIGRvZXNuJ3QgbWF0Y2gg ZnJhbWUgJWx4XG4iLAotICAgICAgICAgICAgICAgICBsMWVfZ2V0X2ludHB0 ZShvbDFlKSwgYWRkciwgZnJhbWUpOworICAgICAgICBnZHByaW50ayhYRU5M T0dfRVJSLAorICAgICAgICAgICAgICAgICAiUFRFICUiUFJJcHRlIiBhdCAl IlBSSXg2NCIgZG9lc24ndCBtYXRjaCBncmFudCAoJSJQUklwdGUiKVxuIiwK KyAgICAgICAgICAgICAgICAgbDFlX2dldF9pbnRwdGUob2wxZSksIGFkZHIs CisgICAgICAgICAgICAgICAgIGwxZV9nZXRfaW50cHRlKGwxZV9mcm9tX3Bm bihmcmFtZSwgZ3JhbnRfcHRlX2ZsYWdzKSkpOwogICAgICAgICByYyA9IEdO VFNUX2dlbmVyYWxfZXJyb3I7CiAgICAgICAgIGdvdG8gZmFpbGVkOwogICAg IH0KIAorICAgIGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkg XiBncmFudF9wdGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BB R0VfQVZBSUwgfCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBnZHBy aW50ayhYRU5MT0dfV0FSTklORywKKyAgICAgICAgICAgICAgICAgIlBURSBm bGFncyAleCBhdCAlIlBSSXg2NCIgZG9uJ3QgbWF0Y2ggZ3JhbnQgKCV4KVxu IiwKKyAgICAgICAgICAgICAgICAgbDFlX2dldF9mbGFncyhvbDFlKSwgYWRk ciwgZ3JhbnRfcHRlX2ZsYWdzKTsKKwogICAgIC8qIERlbGV0ZSBwYWdldGFi bGUgZW50cnkuICovCiAgICAgaWYgKCB1bmxpa2VseSghVVBEQVRFX0VOVFJZ KGwxLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAobDFfcGdl bnRyeV90ICopdmEsIG9sMWUsIGwxZV9lbXB0eSgpLCBtZm4sCkBAIC0zOTE5 LDcgKzM5MzIsOCBAQCBzdGF0aWMgaW50IGRlc3Ryb3lfZ3JhbnRfcHRlX21h cHBpbmcoCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDApKSAp CiAgICAgewogICAgICAgICBwYWdlX3VubG9jayhwYWdlKTsKLSAgICAgICAg Z2RwcmludGsoWEVOTE9HX1dBUk5JTkcsICJDYW5ub3QgZGVsZXRlIFBURSBl bnRyeSBhdCAlcFxuIiwgdmEpOworICAgICAgICBnZHByaW50ayhYRU5MT0df V0FSTklORywgIkNhbm5vdCBkZWxldGUgUFRFIGVudHJ5IGF0ICUiUFJJeDY0 IlxuIiwKKyAgICAgICAgICAgICAgICAgYWRkcik7CiAgICAgICAgIHJjID0g R05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAgZ290byBmYWlsZWQ7CiAg ICAgfQpAQCAtMzk4Nyw3ICs0MDAxLDggQEAgc3RhdGljIGludCBjcmVhdGVf Z3JhbnRfdmFfbWFwcGluZygKIH0KIAogc3RhdGljIGludCByZXBsYWNlX2dy YW50X3ZhX21hcHBpbmcoCi0gICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNp Z25lZCBsb25nIGZyYW1lLCBsMV9wZ2VudHJ5X3QgbmwxZSwgc3RydWN0IHZj cHUgKnYpCisgICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25lZCBsb25n IGZyYW1lLCB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRlX2ZsYWdzLAorICAgIGwx X3BnZW50cnlfdCBubDFlLCBzdHJ1Y3QgdmNwdSAqdikKIHsKICAgICBsMV9w Z2VudHJ5X3QgKnBsMWUsIG9sMWU7CiAgICAgdW5zaWduZWQgbG9uZyBnbDFt Zm47CkBAIC00MDIzLDIwICs0MDM4LDMzIEBAIHN0YXRpYyBpbnQgcmVwbGFj ZV9ncmFudF92YV9tYXBwaW5nKAogCiAgICAgb2wxZSA9ICpwbDFlOwogCi0g ICAgLyogQ2hlY2sgdGhhdCB0aGUgdmlydHVhbCBhZGRyZXNzIHN1cHBsaWVk IGlzIGFjdHVhbGx5IG1hcHBlZCB0byBmcmFtZS4gKi8KLSAgICBpZiAoIHVu bGlrZWx5KGwxZV9nZXRfcGZuKG9sMWUpICE9IGZyYW1lKSApCi0gICAgewot ICAgICAgICBnZHByaW50ayhYRU5MT0dfV0FSTklORywKLSAgICAgICAgICAg ICAgICAgIlBURSBlbnRyeSAlbHggZm9yIGFkZHJlc3MgJWx4IGRvZXNuJ3Qg bWF0Y2ggZnJhbWUgJWx4XG4iLAotICAgICAgICAgICAgICAgICBsMWVfZ2V0 X3BmbihvbDFlKSwgYWRkciwgZnJhbWUpOworICAgIC8qCisgICAgICogQ2hl Y2sgdGhhdCB0aGUgdmlydHVhbCBhZGRyZXNzIHN1cHBsaWVkIGlzIGFjdHVh bGx5IG1hcHBlZCB0byBmcmFtZQorICAgICAqICh3aXRoIGFwcHJvcHJpYXRl IHBlcm1pc3Npb25zKS4KKyAgICAgKi8KKyAgICBpZiAoIHVubGlrZWx5KGwx ZV9nZXRfcGZuKG9sMWUpICE9IGZyYW1lKSB8fAorICAgICAgICAgdW5saWtl bHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBncmFudF9wdGVfZmxhZ3MpICYK KyAgICAgICAgICAgICAgICAgIChfUEFHRV9QUkVTRU5UIHwgX1BBR0VfUlcp KSApCisgICAgeworICAgICAgICBnZHByaW50ayhYRU5MT0dfRVJSLAorICAg ICAgICAgICAgICAgICAiUFRFICUiUFJJcHRlIiBmb3IgJWx4IGRvZXNuJ3Qg bWF0Y2ggZ3JhbnQgKCUiUFJJcHRlIilcbiIsCisgICAgICAgICAgICAgICAg IGwxZV9nZXRfaW50cHRlKG9sMWUpLCBhZGRyLAorICAgICAgICAgICAgICAg ICBsMWVfZ2V0X2ludHB0ZShsMWVfZnJvbV9wZm4oZnJhbWUsIGdyYW50X3B0 ZV9mbGFncykpKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFsX2Vycm9y OwogICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0KIAorICAg IGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBncmFudF9w dGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BBR0VfQVZBSUwg fCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBnZHByaW50ayhYRU5M T0dfV0FSTklORywKKyAgICAgICAgICAgICAgICAgIlBURSBmbGFncyAleCBm b3IgJSJQUkl4NjQiIGRvbid0IG1hdGNoIGdyYW50ICgleClcbiIsCisgICAg ICAgICAgICAgICAgIGwxZV9nZXRfZmxhZ3Mob2wxZSksIGFkZHIsIGdyYW50 X3B0ZV9mbGFncyk7CisKICAgICAvKiBEZWxldGUgcGFnZXRhYmxlIGVudHJ5 LiAqLwogICAgIGlmICggdW5saWtlbHkoIVVQREFURV9FTlRSWShsMSwgcGwx ZSwgb2wxZSwgbmwxZSwgZ2wxbWZuLCB2LCAwKSkgKQogICAgIHsKLSAgICAg ICAgZ2RwcmludGsoWEVOTE9HX1dBUk5JTkcsICJDYW5ub3QgZGVsZXRlIFBU RSBlbnRyeSBhdCAlcFxuIiwgcGwxZSk7CisgICAgICAgIGdkcHJpbnRrKFhF TkxPR19XQVJOSU5HLCAiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkgZm9yICUi UFJJeDY0IlxuIiwKKyAgICAgICAgICAgICAgICAgYWRkcik7CiAgICAgICAg IHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAgZ290byB1bmxv Y2tfYW5kX291dDsKICAgICB9CkBAIC00MDUwLDkgKzQwNzgsMTEgQEAgc3Rh dGljIGludCByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmcoCiB9CiAKIHN0YXRp YyBpbnQgZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKAotICAgIHVuc2lnbmVk IGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwgc3RydWN0IHZjcHUg KnYpCisgICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25lZCBsb25nIGZy YW1lLCB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRlX2ZsYWdzLAorICAgIHN0cnVj dCB2Y3B1ICp2KQogewotICAgIHJldHVybiByZXBsYWNlX2dyYW50X3ZhX21h cHBpbmcoYWRkciwgZnJhbWUsIGwxZV9lbXB0eSgpLCB2KTsKKyAgICByZXR1 cm4gcmVwbGFjZV9ncmFudF92YV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBncmFu dF9wdGVfZmxhZ3MsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBsMWVfZW1wdHkoKSwgdik7CiB9CiAKIGludCBjcmVhdGVfZ3JhbnRf cHZfbWFwcGluZyh1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1l LApAQCAtNDA5MSwxNyArNDEyMSwzNiBAQCBpbnQgcmVwbGFjZV9ncmFudF9w dl9tYXBwaW5nKAogICAgIHVuc2lnbmVkIGxvbmcgZ2wxbWZuOwogICAgIHN0 cnVjdCBwYWdlX2luZm8gKmwxcGc7CiAgICAgaW50IHJjOworICAgIHVuc2ln bmVkIGludCBncmFudF9wdGVfZmxhZ3M7CiAKKyAgICBncmFudF9wdGVfZmxh Z3MgPQorICAgICAgICBfUEFHRV9QUkVTRU5UIHwgX1BBR0VfQUNDRVNTRUQg fCBfUEFHRV9ESVJUWSB8IF9QQUdFX0dOVFRBQiB8IF9QQUdFX05YOworCisg ICAgaWYgKCBmbGFncyAmIEdOVE1BUF9hcHBsaWNhdGlvbl9tYXAgKQorICAg ICAgICBncmFudF9wdGVfZmxhZ3MgfD0gX1BBR0VfVVNFUjsKKyAgICBpZiAo ICEoZmxhZ3MgJiBHTlRNQVBfcmVhZG9ubHkpICkKKyAgICAgICAgZ3JhbnRf cHRlX2ZsYWdzIHw9IF9QQUdFX1JXOworICAgIC8qCisgICAgICogT24gdG9w IG9mIHRoZSBleHBsaWNpdCBzZXR0aW5ncyBkb25lIGJ5IGNyZWF0ZV9ncmFu dF9ob3N0X21hcHBpbmcoKQorICAgICAqIGFsc28gb3Blbi1jb2RlIHJlbGV2 YW50IHBhcnRzIG9mIGFkanVzdF9ndWVzdF9sMWUoKS4gRG9uJ3QgbWlycm9y CisgICAgICogYXZhaWxhYmxlIGFuZCBjYWNoYWJpbGl0eSBmbGFncywgdGhv dWdoLgorICAgICAqLworICAgIGlmICggIWlzX3B2XzMyYml0X2RvbWFpbihj dXJyLT5kb21haW4pICkKKyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IChn cmFudF9wdGVfZmxhZ3MgJiBfUEFHRV9VU0VSKQorICAgICAgICAgICAgICAg ICAgICAgICAgICAgPyBfUEFHRV9HTE9CQUwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgIDogX1BBR0VfR1VFU1RfS0VSTkVMIHwgX1BBR0VfVVNFUjsK KwogICAgIGlmICggZmxhZ3MgJiBHTlRNQVBfY29udGFpbnNfcHRlICkKICAg ICB7CiAgICAgICAgIGlmICggIW5ld19hZGRyICkKLSAgICAgICAgICAgIHJl dHVybiBkZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBj dXJyLT5kb21haW4pOworICAgICAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3Jh bnRfcHRlX21hcHBpbmcoYWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGN1cnItPmRvbWFpbik7CiAKICAgICAgICAgcmV0dXJuIEdOVFNUX2dlbmVy YWxfZXJyb3I7CiAgICAgfQogCiAgICAgaWYgKCAhbmV3X2FkZHIgKQotICAg ICAgICByZXR1cm4gZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKGFkZHIsIGZy YW1lLCBjdXJyKTsKKyAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfdmFf bWFwcGluZyhhZGRyLCBmcmFtZSwgZ3JhbnRfcHRlX2ZsYWdzLCBjdXJyKTsK IAogICAgIHBsMWUgPSBndWVzdF9tYXBfbDFlKG5ld19hZGRyLCAmZ2wxbWZu KTsKICAgICBpZiAoICFwbDFlICkKQEAgLTQxNDksNyArNDE5OCw3IEBAIGlu dCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGluZygKICAgICBwdXRfcGFnZShs MXBnKTsKICAgICBndWVzdF91bm1hcF9sMWUocGwxZSk7CiAKLSAgICByYyA9 IHJlcGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgb2wxZSwg Y3Vycik7CisgICAgcmMgPSByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmcoYWRk ciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywgb2wxZSwgY3Vycik7CiAgICAg aWYgKCByYyApCiAgICAgICAgIHB1dF9wYWdlX2Zyb21fbDFlKG9sMWUsIGN1 cnItPmRvbWFpbik7CiAK --=separator Content-Type: application/octet-stream; name="xsa234-4.5.patch" Content-Disposition: attachment; filename="xsa234-4.5.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFsc28gdmFsaWRhdGUgUFRFIHBlcm1pc3Npb25zIHVwb24g ZGVzdHJveS9yZXBsYWNlCgpJbiBvcmRlciBmb3IgUFRFIGhhbmRsaW5nIHRv IG1hdGNoIHVwIHdpdGggdGhlIHJlZmVyZW5jZSBjb3VudGluZyBkb25lCmJ5 IGNvbW1vbiBjb2RlLCBwcmVzZW5jZSBhbmQgd3JpdGFiaWxpdHkgb2YgZ3Jh bnQgbWFwcGluZyBQVEVzIG11c3QKYWxzbyBiZSB0YWtlbiBpbnRvIGFjY291 bnQ7IHZhbGlkYXRpbmcganVzdCB0aGUgZnJhbWUgbnVtYmVyIGlzIG5vdApl bm91Z2guIFRoaXMgaXMgaW4gcGFydGljdWxhciByZWxldmFudCBpZiBhIGd1 ZXN0IGZpZGRsZXMgd2l0aCBncmFudApQVEVzIHZpYSBub24tZ3JhbnQgaHlw ZXJjYWxscy4KCk5vdGUgdGhhdCB0aGUgZmxhZ3MgYmVpbmcgcGFzc2VkIHRv IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKYWxyZWFkeSBoYXBwZW4g dG8gYmUgdGhvc2Ugb2YgdGhlIGV4aXN0aW5nIG1hcHBpbmcsIHNvIG5vIG5l dyBmdW5jdGlvbgpwYXJhbWV0ZXIgaXMgbmVlZGVkLgoKVGhpcyBpcyBYU0Et MjM0LgoKUmVwb3J0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIg PGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC94 ODYvbW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtMzgzMyw3ICsz ODMzLDggQEAgc3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcHRlX21hcHBpbmco CiB9CiAKIHN0YXRpYyBpbnQgZGVzdHJveV9ncmFudF9wdGVfbWFwcGluZygK LSAgICB1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCBzdHJ1 Y3QgZG9tYWluICpkKQorICAgIHVpbnQ2NF90IGFkZHIsIHVuc2lnbmVkIGxv bmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVfZmxhZ3MsCisgICAg c3RydWN0IGRvbWFpbiAqZCkKIHsKICAgICBpbnQgcmMgPSBHTlRTVF9va2F5 OwogICAgIHZvaWQgKnZhOwpAQCAtMzg3OSwxNiArMzg4MCwyNyBAQCBzdGF0 aWMgaW50IGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAKICAgICBvbDFl ID0gKihsMV9wZ2VudHJ5X3QgKil2YTsKICAgICAKLSAgICAvKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lLiAqLwotICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpICkKKyAgICAvKgorICAgICAqIENoZWNr IHRoYXQgdGhlIFBURSBzdXBwbGllZCBhY3R1YWxseSBtYXBzIGZyYW1lICh3 aXRoIGFwcHJvcHJpYXRlCisgICAgICogcGVybWlzc2lvbnMpLgorICAgICAq LworICAgIGlmICggdW5saWtlbHkobDFlX2dldF9wZm4ob2wxZSkgIT0gZnJh bWUpIHx8CisgICAgICAgICB1bmxpa2VseSgobDFlX2dldF9mbGFncyhvbDFl KSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAgICAgICAgICAgICAgKF9Q QUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkKICAgICB7CiAgICAgICAgIHBh Z2VfdW5sb2NrKHBhZ2UpOwotICAgICAgICBNRU1fTE9HKCJQVEUgZW50cnkg JWx4IGZvciBhZGRyZXNzICUiUFJJeDY0IiBkb2Vzbid0IG1hdGNoIGZyYW1l ICVseCIsCi0gICAgICAgICAgICAgICAgKHVuc2lnbmVkIGxvbmcpbDFlX2dl dF9pbnRwdGUob2wxZSksIGFkZHIsIGZyYW1lKTsKKyAgICAgICAgTUVNX0xP RygiUFRFICUiUFJJcHRlIiBhdCAlIlBSSXg2NCIgZG9lc24ndCBtYXRjaCBn cmFudCAoJSJQUklwdGUiKSIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUob2wxZSksIGFkZHIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUobDFlX2Zyb21fcGZuKGZyYW1lLCBncmFudF9wdGVfZmxhZ3MpKSk7 CiAgICAgICAgIHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAg Z290byBmYWlsZWQ7CiAgICAgfQogCisgICAgaWYgKCB1bmxpa2VseSgobDFl X2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAg ICAgICAgICAgICAgfihfUEFHRV9BVkFJTCB8IFBBR0VfQ0FDSEVfQVRUUlMp KSApCisgICAgICAgIE1FTV9MT0coIlBURSBmbGFncyAleCBhdCAlIlBSSXg2 NCIgZG9uJ3QgbWF0Y2ggZ3JhbnQgKCV4KVxuIiwKKyAgICAgICAgICAgICAg ICBsMWVfZ2V0X2ZsYWdzKG9sMWUpLCBhZGRyLCBncmFudF9wdGVfZmxhZ3Mp OworCiAgICAgLyogRGVsZXRlIHBhZ2V0YWJsZSBlbnRyeS4gKi8KICAgICBp ZiAoIHVubGlrZWx5KCFVUERBVEVfRU5UUlkKICAgICAgICAgICAgICAgICAg IChsMSwgCkBAIC0zODk3LDcgKzM5MDksNyBAQCBzdGF0aWMgaW50IGRlc3Ry b3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAgICAgICAgICAgICAgICAgICAgMCkp ICkKICAgICB7CiAgICAgICAgIHBhZ2VfdW5sb2NrKHBhZ2UpOwotICAgICAg ICBNRU1fTE9HKCJDYW5ub3QgZGVsZXRlIFBURSBlbnRyeSBhdCAlcCIsIHZh KTsKKyAgICAgICAgTUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkg YXQgJSJQUkl4NjQsIGFkZHIpOwogICAgICAgICByYyA9IEdOVFNUX2dlbmVy YWxfZXJyb3I7CiAgICAgICAgIGdvdG8gZmFpbGVkOwogICAgIH0KQEAgLTM5 NjUsNyArMzk3Nyw4IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dyYW50X3ZhX21h cHBpbmcoCiB9CiAKIHN0YXRpYyBpbnQgcmVwbGFjZV9ncmFudF92YV9tYXBw aW5nKAotICAgIHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBm cmFtZSwgbDFfcGdlbnRyeV90IG5sMWUsIHN0cnVjdCB2Y3B1ICp2KQorICAg IHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwgdW5z aWduZWQgaW50IGdyYW50X3B0ZV9mbGFncywKKyAgICBsMV9wZ2VudHJ5X3Qg bmwxZSwgc3RydWN0IHZjcHUgKnYpCiB7CiAgICAgbDFfcGdlbnRyeV90ICpw bDFlLCBvbDFlOwogICAgIHVuc2lnbmVkIGxvbmcgZ2wxbWZuOwpAQCAtNDAw MSwxOSArNDAxNCwzMCBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFf bWFwcGluZygKIAogICAgIG9sMWUgPSAqcGwxZTsKIAotICAgIC8qIENoZWNr IHRoYXQgdGhlIHZpcnR1YWwgYWRkcmVzcyBzdXBwbGllZCBpcyBhY3R1YWxs eSBtYXBwZWQgdG8gZnJhbWUuICovCi0gICAgaWYgKCB1bmxpa2VseShsMWVf Z2V0X3BmbihvbDFlKSAhPSBmcmFtZSkgKQotICAgIHsKLSAgICAgICAgTUVN X0xPRygiUFRFIGVudHJ5ICVseCBmb3IgYWRkcmVzcyAlbHggZG9lc24ndCBt YXRjaCBmcmFtZSAlbHgiLAotICAgICAgICAgICAgICAgIGwxZV9nZXRfcGZu KG9sMWUpLCBhZGRyLCBmcmFtZSk7CisgICAgLyoKKyAgICAgKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lCisgICAgICogKHdpdGggYXBwcm9wcmlhdGUgcGVy bWlzc2lvbnMpLgorICAgICAqLworICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpIHx8CisgICAgICAgICB1bmxpa2VseSgo bDFlX2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAg ICAgICAgICAgICAgICAgKF9QQUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkK KyAgICB7CisgICAgICAgIE1FTV9MT0coIlBURSAlIlBSSXB0ZSIgZm9yICVs eCBkb2Vzbid0IG1hdGNoIGdyYW50ICglIlBSSXB0ZSIpIiwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShvbDFlKSwgYWRkciwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShsMWVfZnJvbV9wZm4oZnJhbWUsIGdy YW50X3B0ZV9mbGFncykpKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFs X2Vycm9yOwogICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0K IAorICAgIGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBn cmFudF9wdGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BBR0Vf QVZBSUwgfCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBNRU1fTE9H KCJQVEUgZmxhZ3MgJXggZm9yICUiUFJJeDY0IiBkb24ndCBtYXRjaCBncmFu dCAoJXgpIiwKKyAgICAgICAgICAgICAgICBsMWVfZ2V0X2ZsYWdzKG9sMWUp LCBhZGRyLCBncmFudF9wdGVfZmxhZ3MpOworCiAgICAgLyogRGVsZXRlIHBh Z2V0YWJsZSBlbnRyeS4gKi8KICAgICBpZiAoIHVubGlrZWx5KCFVUERBVEVf RU5UUlkobDEsIHBsMWUsIG9sMWUsIG5sMWUsIGdsMW1mbiwgdiwgMCkpICkK ICAgICB7Ci0gICAgICAgIE1FTV9MT0coIkNhbm5vdCBkZWxldGUgUFRFIGVu dHJ5IGF0ICVwIiwgKHVuc2lnbmVkIGxvbmcgKilwbDFlKTsKKyAgICAgICAg TUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkgZm9yICUiUFJJeDY0 LCBhZGRyKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFsX2Vycm9yOwog ICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0KQEAgLTQwMjcs OSArNDA1MSwxMSBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFfbWFw cGluZygKIH0KIAogc3RhdGljIGludCBkZXN0cm95X2dyYW50X3ZhX21hcHBp bmcoCi0gICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25lZCBsb25nIGZy YW1lLCBzdHJ1Y3QgdmNwdSAqdikKKyAgICB1bnNpZ25lZCBsb25nIGFkZHIs IHVuc2lnbmVkIGxvbmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3MsCisgICAgc3RydWN0IHZjcHUgKnYpCiB7Ci0gICAgcmV0dXJuIHJl cGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgbDFlX2VtcHR5 KCksIHYpOworICAgIHJldHVybiByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmco YWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGwxZV9lbXB0eSgpLCB2KTsKIH0KIAog c3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcDJtX21hcHBpbmcodWludDY0X3Qg YWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwKQEAgLTQxMjMsMjEgKzQxNDks NDIgQEAgaW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKAogICAgIHVu c2lnbmVkIGxvbmcgZ2wxbWZuOwogICAgIHN0cnVjdCBwYWdlX2luZm8gKmwx cGc7CiAgICAgaW50IHJjOworICAgIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3M7CiAgICAgCiAgICAgaWYgKCBwYWdpbmdfbW9kZV9leHRlcm5hbChj dXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0dXJuIHJlcGxhY2VfZ3Jh bnRfcDJtX21hcHBpbmcoYWRkciwgZnJhbWUsIG5ld19hZGRyLCBmbGFncyk7 CiAKKyAgICBncmFudF9wdGVfZmxhZ3MgPQorICAgICAgICBfUEFHRV9QUkVT RU5UIHwgX1BBR0VfQUNDRVNTRUQgfCBfUEFHRV9ESVJUWSB8IF9QQUdFX0dO VFRBQjsKKyAgICBpZiAoIGNwdV9oYXNfbnggKQorICAgICAgICBncmFudF9w dGVfZmxhZ3MgfD0gX1BBR0VfTlhfQklUOworCisgICAgaWYgKCBmbGFncyAm IEdOVE1BUF9hcHBsaWNhdGlvbl9tYXAgKQorICAgICAgICBncmFudF9wdGVf ZmxhZ3MgfD0gX1BBR0VfVVNFUjsKKyAgICBpZiAoICEoZmxhZ3MgJiBHTlRN QVBfcmVhZG9ubHkpICkKKyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IF9Q QUdFX1JXOworICAgIC8qCisgICAgICogT24gdG9wIG9mIHRoZSBleHBsaWNp dCBzZXR0aW5ncyBkb25lIGJ5IGNyZWF0ZV9ncmFudF9ob3N0X21hcHBpbmco KQorICAgICAqIGFsc28gb3Blbi1jb2RlIHJlbGV2YW50IHBhcnRzIG9mIGFk anVzdF9ndWVzdF9sMWUoKS4gRG9uJ3QgbWlycm9yCisgICAgICogYXZhaWxh YmxlIGFuZCBjYWNoYWJpbGl0eSBmbGFncywgdGhvdWdoLgorICAgICAqLwor ICAgIGlmICggIWlzX3B2XzMyYml0X2RvbWFpbihjdXJyLT5kb21haW4pICkK KyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IChncmFudF9wdGVfZmxhZ3Mg JiBfUEFHRV9VU0VSKQorICAgICAgICAgICAgICAgICAgICAgICAgICAgPyBf UEFHRV9HTE9CQUwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIDogX1BB R0VfR1VFU1RfS0VSTkVMIHwgX1BBR0VfVVNFUjsKKwogICAgIGlmICggZmxh Z3MgJiBHTlRNQVBfY29udGFpbnNfcHRlICkKICAgICB7CiAgICAgICAgIGlm ICggIW5ld19hZGRyICkKLSAgICAgICAgICAgIHJldHVybiBkZXN0cm95X2dy YW50X3B0ZV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBjdXJyLT5kb21haW4pOwor ICAgICAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmco YWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGN1cnItPmRvbWFpbik7 CiAgICAgICAgIAogICAgICAgICBNRU1fTE9HKCJVbnN1cHBvcnRlZCBncmFu dCB0YWJsZSBvcGVyYXRpb24iKTsKICAgICAgICAgcmV0dXJuIEdOVFNUX2dl bmVyYWxfZXJyb3I7CiAgICAgfQogCiAgICAgaWYgKCAhbmV3X2FkZHIgKQot ICAgICAgICByZXR1cm4gZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKGFkZHIs IGZyYW1lLCBjdXJyKTsKKyAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRf dmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgZ3JhbnRfcHRlX2ZsYWdzLCBjdXJy KTsKIAogICAgIHBsMWUgPSBndWVzdF9tYXBfbDFlKGN1cnIsIG5ld19hZGRy LCAmZ2wxbWZuKTsKICAgICBpZiAoICFwbDFlICkKQEAgLTQxODUsNyArNDIz Miw3IEBAIGludCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGluZygKICAgICBw dXRfcGFnZShsMXBnKTsKICAgICBndWVzdF91bm1hcF9sMWUoY3VyciwgcGwx ZSk7CiAKLSAgICByYyA9IHJlcGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRy LCBmcmFtZSwgb2wxZSwgY3Vycik7CisgICAgcmMgPSByZXBsYWNlX2dyYW50 X3ZhX21hcHBpbmcoYWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywgb2wx ZSwgY3Vycik7CiAgICAgaWYgKCByYyAmJiAhcGFnaW5nX21vZGVfcmVmY291 bnRzKGN1cnItPmRvbWFpbikgKQogICAgICAgICBwdXRfcGFnZV9mcm9tX2wx ZShvbDFlLCBjdXJyLT5kb21haW4pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa234-4.6.patch" Content-Disposition: attachment; filename="xsa234-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFsc28gdmFsaWRhdGUgUFRFIHBlcm1pc3Npb25zIHVwb24g ZGVzdHJveS9yZXBsYWNlCgpJbiBvcmRlciBmb3IgUFRFIGhhbmRsaW5nIHRv IG1hdGNoIHVwIHdpdGggdGhlIHJlZmVyZW5jZSBjb3VudGluZyBkb25lCmJ5 IGNvbW1vbiBjb2RlLCBwcmVzZW5jZSBhbmQgd3JpdGFiaWxpdHkgb2YgZ3Jh bnQgbWFwcGluZyBQVEVzIG11c3QKYWxzbyBiZSB0YWtlbiBpbnRvIGFjY291 bnQ7IHZhbGlkYXRpbmcganVzdCB0aGUgZnJhbWUgbnVtYmVyIGlzIG5vdApl bm91Z2guIFRoaXMgaXMgaW4gcGFydGljdWxhciByZWxldmFudCBpZiBhIGd1 ZXN0IGZpZGRsZXMgd2l0aCBncmFudApQVEVzIHZpYSBub24tZ3JhbnQgaHlw ZXJjYWxscy4KCk5vdGUgdGhhdCB0aGUgZmxhZ3MgYmVpbmcgcGFzc2VkIHRv IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKYWxyZWFkeSBoYXBwZW4g dG8gYmUgdGhvc2Ugb2YgdGhlIGV4aXN0aW5nIG1hcHBpbmcsIHNvIG5vIG5l dyBmdW5jdGlvbgpwYXJhbWV0ZXIgaXMgbmVlZGVkLgoKVGhpcyBpcyBYU0Et MjM0LgoKUmVwb3J0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIg PGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC94 ODYvbW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtMzkzMCw3ICsz OTMwLDggQEAgc3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcHRlX21hcHBpbmco CiB9CiAKIHN0YXRpYyBpbnQgZGVzdHJveV9ncmFudF9wdGVfbWFwcGluZygK LSAgICB1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCBzdHJ1 Y3QgZG9tYWluICpkKQorICAgIHVpbnQ2NF90IGFkZHIsIHVuc2lnbmVkIGxv bmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVfZmxhZ3MsCisgICAg c3RydWN0IGRvbWFpbiAqZCkKIHsKICAgICBpbnQgcmMgPSBHTlRTVF9va2F5 OwogICAgIHZvaWQgKnZhOwpAQCAtMzk3NiwxNiArMzk3NywyNyBAQCBzdGF0 aWMgaW50IGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAKICAgICBvbDFl ID0gKihsMV9wZ2VudHJ5X3QgKil2YTsKICAgICAKLSAgICAvKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lLiAqLwotICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpICkKKyAgICAvKgorICAgICAqIENoZWNr IHRoYXQgdGhlIFBURSBzdXBwbGllZCBhY3R1YWxseSBtYXBzIGZyYW1lICh3 aXRoIGFwcHJvcHJpYXRlCisgICAgICogcGVybWlzc2lvbnMpLgorICAgICAq LworICAgIGlmICggdW5saWtlbHkobDFlX2dldF9wZm4ob2wxZSkgIT0gZnJh bWUpIHx8CisgICAgICAgICB1bmxpa2VseSgobDFlX2dldF9mbGFncyhvbDFl KSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAgICAgICAgICAgICAgKF9Q QUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkKICAgICB7CiAgICAgICAgIHBh Z2VfdW5sb2NrKHBhZ2UpOwotICAgICAgICBNRU1fTE9HKCJQVEUgZW50cnkg JWx4IGZvciBhZGRyZXNzICUiUFJJeDY0IiBkb2Vzbid0IG1hdGNoIGZyYW1l ICVseCIsCi0gICAgICAgICAgICAgICAgKHVuc2lnbmVkIGxvbmcpbDFlX2dl dF9pbnRwdGUob2wxZSksIGFkZHIsIGZyYW1lKTsKKyAgICAgICAgTUVNX0xP RygiUFRFICUiUFJJcHRlIiBhdCAlIlBSSXg2NCIgZG9lc24ndCBtYXRjaCBn cmFudCAoJSJQUklwdGUiKSIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUob2wxZSksIGFkZHIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUobDFlX2Zyb21fcGZuKGZyYW1lLCBncmFudF9wdGVfZmxhZ3MpKSk7 CiAgICAgICAgIHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAg Z290byBmYWlsZWQ7CiAgICAgfQogCisgICAgaWYgKCB1bmxpa2VseSgobDFl X2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAg ICAgICAgICAgICAgfihfUEFHRV9BVkFJTCB8IFBBR0VfQ0FDSEVfQVRUUlMp KSApCisgICAgICAgIE1FTV9MT0coIlBURSBmbGFncyAleCBhdCAlIlBSSXg2 NCIgZG9uJ3QgbWF0Y2ggZ3JhbnQgKCV4KVxuIiwKKyAgICAgICAgICAgICAg ICBsMWVfZ2V0X2ZsYWdzKG9sMWUpLCBhZGRyLCBncmFudF9wdGVfZmxhZ3Mp OworCiAgICAgLyogRGVsZXRlIHBhZ2V0YWJsZSBlbnRyeS4gKi8KICAgICBp ZiAoIHVubGlrZWx5KCFVUERBVEVfRU5UUlkKICAgICAgICAgICAgICAgICAg IChsMSwgCkBAIC0zOTk0LDcgKzQwMDYsNyBAQCBzdGF0aWMgaW50IGRlc3Ry b3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAgICAgICAgICAgICAgICAgICAgMCkp ICkKICAgICB7CiAgICAgICAgIHBhZ2VfdW5sb2NrKHBhZ2UpOwotICAgICAg ICBNRU1fTE9HKCJDYW5ub3QgZGVsZXRlIFBURSBlbnRyeSBhdCAlcCIsIHZh KTsKKyAgICAgICAgTUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkg YXQgJSJQUkl4NjQsIGFkZHIpOwogICAgICAgICByYyA9IEdOVFNUX2dlbmVy YWxfZXJyb3I7CiAgICAgICAgIGdvdG8gZmFpbGVkOwogICAgIH0KQEAgLTQw NjIsNyArNDA3NCw4IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dyYW50X3ZhX21h cHBpbmcoCiB9CiAKIHN0YXRpYyBpbnQgcmVwbGFjZV9ncmFudF92YV9tYXBw aW5nKAotICAgIHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBm cmFtZSwgbDFfcGdlbnRyeV90IG5sMWUsIHN0cnVjdCB2Y3B1ICp2KQorICAg IHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwgdW5z aWduZWQgaW50IGdyYW50X3B0ZV9mbGFncywKKyAgICBsMV9wZ2VudHJ5X3Qg bmwxZSwgc3RydWN0IHZjcHUgKnYpCiB7CiAgICAgbDFfcGdlbnRyeV90ICpw bDFlLCBvbDFlOwogICAgIHVuc2lnbmVkIGxvbmcgZ2wxbWZuOwpAQCAtNDA5 OCwxOSArNDExMSwzMCBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFf bWFwcGluZygKIAogICAgIG9sMWUgPSAqcGwxZTsKIAotICAgIC8qIENoZWNr IHRoYXQgdGhlIHZpcnR1YWwgYWRkcmVzcyBzdXBwbGllZCBpcyBhY3R1YWxs eSBtYXBwZWQgdG8gZnJhbWUuICovCi0gICAgaWYgKCB1bmxpa2VseShsMWVf Z2V0X3BmbihvbDFlKSAhPSBmcmFtZSkgKQotICAgIHsKLSAgICAgICAgTUVN X0xPRygiUFRFIGVudHJ5ICVseCBmb3IgYWRkcmVzcyAlbHggZG9lc24ndCBt YXRjaCBmcmFtZSAlbHgiLAotICAgICAgICAgICAgICAgIGwxZV9nZXRfcGZu KG9sMWUpLCBhZGRyLCBmcmFtZSk7CisgICAgLyoKKyAgICAgKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lCisgICAgICogKHdpdGggYXBwcm9wcmlhdGUgcGVy bWlzc2lvbnMpLgorICAgICAqLworICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpIHx8CisgICAgICAgICB1bmxpa2VseSgo bDFlX2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAg ICAgICAgICAgICAgICAgKF9QQUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkK KyAgICB7CisgICAgICAgIE1FTV9MT0coIlBURSAlIlBSSXB0ZSIgZm9yICVs eCBkb2Vzbid0IG1hdGNoIGdyYW50ICglIlBSSXB0ZSIpIiwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShvbDFlKSwgYWRkciwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShsMWVfZnJvbV9wZm4oZnJhbWUsIGdy YW50X3B0ZV9mbGFncykpKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFs X2Vycm9yOwogICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0K IAorICAgIGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBn cmFudF9wdGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BBR0Vf QVZBSUwgfCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBNRU1fTE9H KCJQVEUgZmxhZ3MgJXggZm9yICUiUFJJeDY0IiBkb24ndCBtYXRjaCBncmFu dCAoJXgpIiwKKyAgICAgICAgICAgICAgICBsMWVfZ2V0X2ZsYWdzKG9sMWUp LCBhZGRyLCBncmFudF9wdGVfZmxhZ3MpOworCiAgICAgLyogRGVsZXRlIHBh Z2V0YWJsZSBlbnRyeS4gKi8KICAgICBpZiAoIHVubGlrZWx5KCFVUERBVEVf RU5UUlkobDEsIHBsMWUsIG9sMWUsIG5sMWUsIGdsMW1mbiwgdiwgMCkpICkK ICAgICB7Ci0gICAgICAgIE1FTV9MT0coIkNhbm5vdCBkZWxldGUgUFRFIGVu dHJ5IGF0ICVwIiwgKHVuc2lnbmVkIGxvbmcgKilwbDFlKTsKKyAgICAgICAg TUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkgZm9yICUiUFJJeDY0 LCBhZGRyKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFsX2Vycm9yOwog ICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0KQEAgLTQxMjQs OSArNDE0OCwxMSBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFfbWFw cGluZygKIH0KIAogc3RhdGljIGludCBkZXN0cm95X2dyYW50X3ZhX21hcHBp bmcoCi0gICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25lZCBsb25nIGZy YW1lLCBzdHJ1Y3QgdmNwdSAqdikKKyAgICB1bnNpZ25lZCBsb25nIGFkZHIs IHVuc2lnbmVkIGxvbmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3MsCisgICAgc3RydWN0IHZjcHUgKnYpCiB7Ci0gICAgcmV0dXJuIHJl cGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgbDFlX2VtcHR5 KCksIHYpOworICAgIHJldHVybiByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmco YWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGwxZV9lbXB0eSgpLCB2KTsKIH0KIAog c3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcDJtX21hcHBpbmcodWludDY0X3Qg YWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwKQEAgLTQyMTksMjEgKzQyNDUs NDAgQEAgaW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKAogICAgIHVu c2lnbmVkIGxvbmcgZ2wxbWZuOwogICAgIHN0cnVjdCBwYWdlX2luZm8gKmwx cGc7CiAgICAgaW50IHJjOworICAgIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3M7CiAgICAgCiAgICAgaWYgKCBwYWdpbmdfbW9kZV9leHRlcm5hbChj dXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0dXJuIHJlcGxhY2VfZ3Jh bnRfcDJtX21hcHBpbmcoYWRkciwgZnJhbWUsIG5ld19hZGRyLCBmbGFncyk7 CiAKKyAgICBncmFudF9wdGVfZmxhZ3MgPQorICAgICAgICBfUEFHRV9QUkVT RU5UIHwgX1BBR0VfQUNDRVNTRUQgfCBfUEFHRV9ESVJUWSB8IF9QQUdFX0dO VFRBQiB8IF9QQUdFX05YOworCisgICAgaWYgKCBmbGFncyAmIEdOVE1BUF9h cHBsaWNhdGlvbl9tYXAgKQorICAgICAgICBncmFudF9wdGVfZmxhZ3MgfD0g X1BBR0VfVVNFUjsKKyAgICBpZiAoICEoZmxhZ3MgJiBHTlRNQVBfcmVhZG9u bHkpICkKKyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IF9QQUdFX1JXOwor ICAgIC8qCisgICAgICogT24gdG9wIG9mIHRoZSBleHBsaWNpdCBzZXR0aW5n cyBkb25lIGJ5IGNyZWF0ZV9ncmFudF9ob3N0X21hcHBpbmcoKQorICAgICAq IGFsc28gb3Blbi1jb2RlIHJlbGV2YW50IHBhcnRzIG9mIGFkanVzdF9ndWVz dF9sMWUoKS4gRG9uJ3QgbWlycm9yCisgICAgICogYXZhaWxhYmxlIGFuZCBj YWNoYWJpbGl0eSBmbGFncywgdGhvdWdoLgorICAgICAqLworICAgIGlmICgg IWlzX3B2XzMyYml0X2RvbWFpbihjdXJyLT5kb21haW4pICkKKyAgICAgICAg Z3JhbnRfcHRlX2ZsYWdzIHw9IChncmFudF9wdGVfZmxhZ3MgJiBfUEFHRV9V U0VSKQorICAgICAgICAgICAgICAgICAgICAgICAgICAgPyBfUEFHRV9HTE9C QUwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIDogX1BBR0VfR1VFU1Rf S0VSTkVMIHwgX1BBR0VfVVNFUjsKKwogICAgIGlmICggZmxhZ3MgJiBHTlRN QVBfY29udGFpbnNfcHRlICkKICAgICB7CiAgICAgICAgIGlmICggIW5ld19h ZGRyICkKLSAgICAgICAgICAgIHJldHVybiBkZXN0cm95X2dyYW50X3B0ZV9t YXBwaW5nKGFkZHIsIGZyYW1lLCBjdXJyLT5kb21haW4pOworICAgICAgICAg ICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoYWRkciwgZnJh bWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGN1cnItPmRvbWFpbik7CiAgICAgICAg IAogICAgICAgICBNRU1fTE9HKCJVbnN1cHBvcnRlZCBncmFudCB0YWJsZSBv cGVyYXRpb24iKTsKICAgICAgICAgcmV0dXJuIEdOVFNUX2dlbmVyYWxfZXJy b3I7CiAgICAgfQogCiAgICAgaWYgKCAhbmV3X2FkZHIgKQotICAgICAgICBy ZXR1cm4gZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBj dXJyKTsKKyAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfdmFfbWFwcGlu ZyhhZGRyLCBmcmFtZSwgZ3JhbnRfcHRlX2ZsYWdzLCBjdXJyKTsKIAogICAg IHBsMWUgPSBndWVzdF9tYXBfbDFlKGN1cnIsIG5ld19hZGRyLCAmZ2wxbWZu KTsKICAgICBpZiAoICFwbDFlICkKQEAgLTQyODEsNyArNDMyNiw3IEBAIGlu dCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGluZygKICAgICBwdXRfcGFnZShs MXBnKTsKICAgICBndWVzdF91bm1hcF9sMWUoY3VyciwgcGwxZSk7CiAKLSAg ICByYyA9IHJlcGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwg b2wxZSwgY3Vycik7CisgICAgcmMgPSByZXBsYWNlX2dyYW50X3ZhX21hcHBp bmcoYWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywgb2wxZSwgY3Vycik7 CiAgICAgaWYgKCByYyAmJiAhcGFnaW5nX21vZGVfcmVmY291bnRzKGN1cnIt PmRvbWFpbikgKQogICAgICAgICBwdXRfcGFnZV9mcm9tX2wxZShvbDFlLCBj dXJyLT5kb21haW4pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa234-4.8.patch" Content-Disposition: attachment; filename="xsa234-4.8.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFsc28gdmFsaWRhdGUgUFRFIHBlcm1pc3Npb25zIHVwb24g ZGVzdHJveS9yZXBsYWNlCgpJbiBvcmRlciBmb3IgUFRFIGhhbmRsaW5nIHRv IG1hdGNoIHVwIHdpdGggdGhlIHJlZmVyZW5jZSBjb3VudGluZyBkb25lCmJ5 IGNvbW1vbiBjb2RlLCBwcmVzZW5jZSBhbmQgd3JpdGFiaWxpdHkgb2YgZ3Jh bnQgbWFwcGluZyBQVEVzIG11c3QKYWxzbyBiZSB0YWtlbiBpbnRvIGFjY291 bnQ7IHZhbGlkYXRpbmcganVzdCB0aGUgZnJhbWUgbnVtYmVyIGlzIG5vdApl bm91Z2guIFRoaXMgaXMgaW4gcGFydGljdWxhciByZWxldmFudCBpZiBhIGd1 ZXN0IGZpZGRsZXMgd2l0aCBncmFudApQVEVzIHZpYSBub24tZ3JhbnQgaHlw ZXJjYWxscy4KCk5vdGUgdGhhdCB0aGUgZmxhZ3MgYmVpbmcgcGFzc2VkIHRv IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKYWxyZWFkeSBoYXBwZW4g dG8gYmUgdGhvc2Ugb2YgdGhlIGV4aXN0aW5nIG1hcHBpbmcsIHNvIG5vIG5l dyBmdW5jdGlvbgpwYXJhbWV0ZXIgaXMgbmVlZGVkLgoKVGhpcyBpcyBYU0Et MjM0LgoKUmVwb3J0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIg PGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC94 ODYvbW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtNDAxNyw3ICs0 MDE3LDggQEAgc3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcHRlX21hcHBpbmco CiB9CiAKIHN0YXRpYyBpbnQgZGVzdHJveV9ncmFudF9wdGVfbWFwcGluZygK LSAgICB1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCBzdHJ1 Y3QgZG9tYWluICpkKQorICAgIHVpbnQ2NF90IGFkZHIsIHVuc2lnbmVkIGxv bmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVfZmxhZ3MsCisgICAg c3RydWN0IGRvbWFpbiAqZCkKIHsKICAgICBpbnQgcmMgPSBHTlRTVF9va2F5 OwogICAgIHZvaWQgKnZhOwpAQCAtNDA2MywxNiArNDA2NCwyNyBAQCBzdGF0 aWMgaW50IGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAKICAgICBvbDFl ID0gKihsMV9wZ2VudHJ5X3QgKil2YTsKICAgICAKLSAgICAvKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lLiAqLwotICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpICkKKyAgICAvKgorICAgICAqIENoZWNr IHRoYXQgdGhlIFBURSBzdXBwbGllZCBhY3R1YWxseSBtYXBzIGZyYW1lICh3 aXRoIGFwcHJvcHJpYXRlCisgICAgICogcGVybWlzc2lvbnMpLgorICAgICAq LworICAgIGlmICggdW5saWtlbHkobDFlX2dldF9wZm4ob2wxZSkgIT0gZnJh bWUpIHx8CisgICAgICAgICB1bmxpa2VseSgobDFlX2dldF9mbGFncyhvbDFl KSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAgICAgICAgICAgICAgKF9Q QUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkKICAgICB7CiAgICAgICAgIHBh Z2VfdW5sb2NrKHBhZ2UpOwotICAgICAgICBNRU1fTE9HKCJQVEUgZW50cnkg JWx4IGZvciBhZGRyZXNzICUiUFJJeDY0IiBkb2Vzbid0IG1hdGNoIGZyYW1l ICVseCIsCi0gICAgICAgICAgICAgICAgKHVuc2lnbmVkIGxvbmcpbDFlX2dl dF9pbnRwdGUob2wxZSksIGFkZHIsIGZyYW1lKTsKKyAgICAgICAgTUVNX0xP RygiUFRFICUiUFJJcHRlIiBhdCAlIlBSSXg2NCIgZG9lc24ndCBtYXRjaCBn cmFudCAoJSJQUklwdGUiKSIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUob2wxZSksIGFkZHIsCisgICAgICAgICAgICAgICAgbDFlX2dldF9p bnRwdGUobDFlX2Zyb21fcGZuKGZyYW1lLCBncmFudF9wdGVfZmxhZ3MpKSk7 CiAgICAgICAgIHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAg Z290byBmYWlsZWQ7CiAgICAgfQogCisgICAgaWYgKCB1bmxpa2VseSgobDFl X2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAg ICAgICAgICAgICAgfihfUEFHRV9BVkFJTCB8IFBBR0VfQ0FDSEVfQVRUUlMp KSApCisgICAgICAgIE1FTV9MT0coIlBURSBmbGFncyAleCBhdCAlIlBSSXg2 NCIgZG9uJ3QgbWF0Y2ggZ3JhbnQgKCV4KVxuIiwKKyAgICAgICAgICAgICAg ICBsMWVfZ2V0X2ZsYWdzKG9sMWUpLCBhZGRyLCBncmFudF9wdGVfZmxhZ3Mp OworCiAgICAgLyogRGVsZXRlIHBhZ2V0YWJsZSBlbnRyeS4gKi8KICAgICBp ZiAoIHVubGlrZWx5KCFVUERBVEVfRU5UUlkKICAgICAgICAgICAgICAgICAg IChsMSwgCkBAIC00MDgxLDcgKzQwOTMsNyBAQCBzdGF0aWMgaW50IGRlc3Ry b3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAgICAgICAgICAgICAgICAgICAgMCkp ICkKICAgICB7CiAgICAgICAgIHBhZ2VfdW5sb2NrKHBhZ2UpOwotICAgICAg ICBNRU1fTE9HKCJDYW5ub3QgZGVsZXRlIFBURSBlbnRyeSBhdCAlcCIsIHZh KTsKKyAgICAgICAgTUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkg YXQgJSJQUkl4NjQsIGFkZHIpOwogICAgICAgICByYyA9IEdOVFNUX2dlbmVy YWxfZXJyb3I7CiAgICAgICAgIGdvdG8gZmFpbGVkOwogICAgIH0KQEAgLTQx NDksNyArNDE2MSw4IEBAIHN0YXRpYyBpbnQgY3JlYXRlX2dyYW50X3ZhX21h cHBpbmcoCiB9CiAKIHN0YXRpYyBpbnQgcmVwbGFjZV9ncmFudF92YV9tYXBw aW5nKAotICAgIHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBm cmFtZSwgbDFfcGdlbnRyeV90IG5sMWUsIHN0cnVjdCB2Y3B1ICp2KQorICAg IHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwgdW5z aWduZWQgaW50IGdyYW50X3B0ZV9mbGFncywKKyAgICBsMV9wZ2VudHJ5X3Qg bmwxZSwgc3RydWN0IHZjcHUgKnYpCiB7CiAgICAgbDFfcGdlbnRyeV90ICpw bDFlLCBvbDFlOwogICAgIHVuc2lnbmVkIGxvbmcgZ2wxbWZuOwpAQCAtNDE4 NSwxOSArNDE5OCwzMCBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFf bWFwcGluZygKIAogICAgIG9sMWUgPSAqcGwxZTsKIAotICAgIC8qIENoZWNr IHRoYXQgdGhlIHZpcnR1YWwgYWRkcmVzcyBzdXBwbGllZCBpcyBhY3R1YWxs eSBtYXBwZWQgdG8gZnJhbWUuICovCi0gICAgaWYgKCB1bmxpa2VseShsMWVf Z2V0X3BmbihvbDFlKSAhPSBmcmFtZSkgKQotICAgIHsKLSAgICAgICAgTUVN X0xPRygiUFRFIGVudHJ5ICVseCBmb3IgYWRkcmVzcyAlbHggZG9lc24ndCBt YXRjaCBmcmFtZSAlbHgiLAotICAgICAgICAgICAgICAgIGwxZV9nZXRfcGZu KG9sMWUpLCBhZGRyLCBmcmFtZSk7CisgICAgLyoKKyAgICAgKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lCisgICAgICogKHdpdGggYXBwcm9wcmlhdGUgcGVy bWlzc2lvbnMpLgorICAgICAqLworICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpIHx8CisgICAgICAgICB1bmxpa2VseSgo bDFlX2dldF9mbGFncyhvbDFlKSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAg ICAgICAgICAgICAgICAgKF9QQUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkK KyAgICB7CisgICAgICAgIE1FTV9MT0coIlBURSAlIlBSSXB0ZSIgZm9yICVs eCBkb2Vzbid0IG1hdGNoIGdyYW50ICglIlBSSXB0ZSIpIiwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShvbDFlKSwgYWRkciwKKyAgICAgICAg ICAgICAgICBsMWVfZ2V0X2ludHB0ZShsMWVfZnJvbV9wZm4oZnJhbWUsIGdy YW50X3B0ZV9mbGFncykpKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFs X2Vycm9yOwogICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0K IAorICAgIGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBn cmFudF9wdGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BBR0Vf QVZBSUwgfCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBNRU1fTE9H KCJQVEUgZmxhZ3MgJXggZm9yICUiUFJJeDY0IiBkb24ndCBtYXRjaCBncmFu dCAoJXgpIiwKKyAgICAgICAgICAgICAgICBsMWVfZ2V0X2ZsYWdzKG9sMWUp LCBhZGRyLCBncmFudF9wdGVfZmxhZ3MpOworCiAgICAgLyogRGVsZXRlIHBh Z2V0YWJsZSBlbnRyeS4gKi8KICAgICBpZiAoIHVubGlrZWx5KCFVUERBVEVf RU5UUlkobDEsIHBsMWUsIG9sMWUsIG5sMWUsIGdsMW1mbiwgdiwgMCkpICkK ICAgICB7Ci0gICAgICAgIE1FTV9MT0coIkNhbm5vdCBkZWxldGUgUFRFIGVu dHJ5IGF0ICVwIiwgKHVuc2lnbmVkIGxvbmcgKilwbDFlKTsKKyAgICAgICAg TUVNX0xPRygiQ2Fubm90IGRlbGV0ZSBQVEUgZW50cnkgZm9yICUiUFJJeDY0 LCBhZGRyKTsKICAgICAgICAgcmMgPSBHTlRTVF9nZW5lcmFsX2Vycm9yOwog ICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0OwogICAgIH0KQEAgLTQyMTEs OSArNDIzNSwxMSBAQCBzdGF0aWMgaW50IHJlcGxhY2VfZ3JhbnRfdmFfbWFw cGluZygKIH0KIAogc3RhdGljIGludCBkZXN0cm95X2dyYW50X3ZhX21hcHBp bmcoCi0gICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNpZ25lZCBsb25nIGZy YW1lLCBzdHJ1Y3QgdmNwdSAqdikKKyAgICB1bnNpZ25lZCBsb25nIGFkZHIs IHVuc2lnbmVkIGxvbmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3MsCisgICAgc3RydWN0IHZjcHUgKnYpCiB7Ci0gICAgcmV0dXJuIHJl cGxhY2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgbDFlX2VtcHR5 KCksIHYpOworICAgIHJldHVybiByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmco YWRkciwgZnJhbWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGwxZV9lbXB0eSgpLCB2KTsKIH0KIAog c3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcDJtX21hcHBpbmcodWludDY0X3Qg YWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwKQEAgLTQzMDcsMjEgKzQzMzMs NDAgQEAgaW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKAogICAgIHVu c2lnbmVkIGxvbmcgZ2wxbWZuOwogICAgIHN0cnVjdCBwYWdlX2luZm8gKmwx cGc7CiAgICAgaW50IHJjOworICAgIHVuc2lnbmVkIGludCBncmFudF9wdGVf ZmxhZ3M7CiAgICAgCiAgICAgaWYgKCBwYWdpbmdfbW9kZV9leHRlcm5hbChj dXJyZW50LT5kb21haW4pICkKICAgICAgICAgcmV0dXJuIHJlcGxhY2VfZ3Jh bnRfcDJtX21hcHBpbmcoYWRkciwgZnJhbWUsIG5ld19hZGRyLCBmbGFncyk7 CiAKKyAgICBncmFudF9wdGVfZmxhZ3MgPQorICAgICAgICBfUEFHRV9QUkVT RU5UIHwgX1BBR0VfQUNDRVNTRUQgfCBfUEFHRV9ESVJUWSB8IF9QQUdFX0dO VFRBQiB8IF9QQUdFX05YOworCisgICAgaWYgKCBmbGFncyAmIEdOVE1BUF9h cHBsaWNhdGlvbl9tYXAgKQorICAgICAgICBncmFudF9wdGVfZmxhZ3MgfD0g X1BBR0VfVVNFUjsKKyAgICBpZiAoICEoZmxhZ3MgJiBHTlRNQVBfcmVhZG9u bHkpICkKKyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IF9QQUdFX1JXOwor ICAgIC8qCisgICAgICogT24gdG9wIG9mIHRoZSBleHBsaWNpdCBzZXR0aW5n cyBkb25lIGJ5IGNyZWF0ZV9ncmFudF9ob3N0X21hcHBpbmcoKQorICAgICAq IGFsc28gb3Blbi1jb2RlIHJlbGV2YW50IHBhcnRzIG9mIGFkanVzdF9ndWVz dF9sMWUoKS4gRG9uJ3QgbWlycm9yCisgICAgICogYXZhaWxhYmxlIGFuZCBj YWNoYWJpbGl0eSBmbGFncywgdGhvdWdoLgorICAgICAqLworICAgIGlmICgg IWlzX3B2XzMyYml0X2RvbWFpbihjdXJyLT5kb21haW4pICkKKyAgICAgICAg Z3JhbnRfcHRlX2ZsYWdzIHw9IChncmFudF9wdGVfZmxhZ3MgJiBfUEFHRV9V U0VSKQorICAgICAgICAgICAgICAgICAgICAgICAgICAgPyBfUEFHRV9HTE9C QUwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIDogX1BBR0VfR1VFU1Rf S0VSTkVMIHwgX1BBR0VfVVNFUjsKKwogICAgIGlmICggZmxhZ3MgJiBHTlRN QVBfY29udGFpbnNfcHRlICkKICAgICB7CiAgICAgICAgIGlmICggIW5ld19h ZGRyICkKLSAgICAgICAgICAgIHJldHVybiBkZXN0cm95X2dyYW50X3B0ZV9t YXBwaW5nKGFkZHIsIGZyYW1lLCBjdXJyLT5kb21haW4pOworICAgICAgICAg ICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoYWRkciwgZnJh bWUsIGdyYW50X3B0ZV9mbGFncywKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGN1cnItPmRvbWFpbik7CiAgICAgICAg IAogICAgICAgICBNRU1fTE9HKCJVbnN1cHBvcnRlZCBncmFudCB0YWJsZSBv cGVyYXRpb24iKTsKICAgICAgICAgcmV0dXJuIEdOVFNUX2dlbmVyYWxfZXJy b3I7CiAgICAgfQogCiAgICAgaWYgKCAhbmV3X2FkZHIgKQotICAgICAgICBy ZXR1cm4gZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBj dXJyKTsKKyAgICAgICAgcmV0dXJuIGRlc3Ryb3lfZ3JhbnRfdmFfbWFwcGlu ZyhhZGRyLCBmcmFtZSwgZ3JhbnRfcHRlX2ZsYWdzLCBjdXJyKTsKIAogICAg IHBsMWUgPSBndWVzdF9tYXBfbDFlKG5ld19hZGRyLCAmZ2wxbWZuKTsKICAg ICBpZiAoICFwbDFlICkKQEAgLTQzNjksNyArNDQxNCw3IEBAIGludCByZXBs YWNlX2dyYW50X2hvc3RfbWFwcGluZygKICAgICBwdXRfcGFnZShsMXBnKTsK ICAgICBndWVzdF91bm1hcF9sMWUocGwxZSk7CiAKLSAgICByYyA9IHJlcGxh Y2VfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwgb2wxZSwgY3Vycik7 CisgICAgcmMgPSByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmcoYWRkciwgZnJh bWUsIGdyYW50X3B0ZV9mbGFncywgb2wxZSwgY3Vycik7CiAgICAgaWYgKCBy YyAmJiAhcGFnaW5nX21vZGVfcmVmY291bnRzKGN1cnItPmRvbWFpbikgKQog ICAgICAgICBwdXRfcGFnZV9mcm9tX2wxZShvbDFlLCBjdXJyLT5kb21haW4p OwogCg== --=separator Content-Type: application/octet-stream; name="xsa234-4.9.patch" Content-Disposition: attachment; filename="xsa234-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFsc28gdmFsaWRhdGUgUFRFIHBlcm1pc3Npb25zIHVwb24g ZGVzdHJveS9yZXBsYWNlCgpJbiBvcmRlciBmb3IgUFRFIGhhbmRsaW5nIHRv IG1hdGNoIHVwIHdpdGggdGhlIHJlZmVyZW5jZSBjb3VudGluZyBkb25lCmJ5 IGNvbW1vbiBjb2RlLCBwcmVzZW5jZSBhbmQgd3JpdGFiaWxpdHkgb2YgZ3Jh bnQgbWFwcGluZyBQVEVzIG11c3QKYWxzbyBiZSB0YWtlbiBpbnRvIGFjY291 bnQ7IHZhbGlkYXRpbmcganVzdCB0aGUgZnJhbWUgbnVtYmVyIGlzIG5vdApl bm91Z2guIFRoaXMgaXMgaW4gcGFydGljdWxhciByZWxldmFudCBpZiBhIGd1 ZXN0IGZpZGRsZXMgd2l0aCBncmFudApQVEVzIHZpYSBub24tZ3JhbnQgaHlw ZXJjYWxscy4KCk5vdGUgdGhhdCB0aGUgZmxhZ3MgYmVpbmcgcGFzc2VkIHRv IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKYWxyZWFkeSBoYXBwZW4g dG8gYmUgdGhvc2Ugb2YgdGhlIGV4aXN0aW5nIG1hcHBpbmcsIHNvIG5vIG5l dyBmdW5jdGlvbgpwYXJhbWV0ZXIgaXMgbmVlZGVkLgoKVGhpcyBpcyBYU0Et MjM0LgoKUmVwb3J0ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxq YmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIg PGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC94 ODYvbW0uYworKysgYi94ZW4vYXJjaC94ODYvbW0uYwpAQCAtNDA1OCw3ICs0 MDU4LDggQEAgc3RhdGljIGludCBjcmVhdGVfZ3JhbnRfcHRlX21hcHBpbmco CiB9CiAKIHN0YXRpYyBpbnQgZGVzdHJveV9ncmFudF9wdGVfbWFwcGluZygK LSAgICB1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCBzdHJ1 Y3QgZG9tYWluICpkKQorICAgIHVpbnQ2NF90IGFkZHIsIHVuc2lnbmVkIGxv bmcgZnJhbWUsIHVuc2lnbmVkIGludCBncmFudF9wdGVfZmxhZ3MsCisgICAg c3RydWN0IGRvbWFpbiAqZCkKIHsKICAgICBpbnQgcmMgPSBHTlRTVF9va2F5 OwogICAgIHZvaWQgKnZhOwpAQCAtNDEwNCwxNyArNDEwNSwyOSBAQCBzdGF0 aWMgaW50IGRlc3Ryb3lfZ3JhbnRfcHRlX21hcHBpbmcoCiAKICAgICBvbDFl ID0gKihsMV9wZ2VudHJ5X3QgKil2YTsKICAgICAKLSAgICAvKiBDaGVjayB0 aGF0IHRoZSB2aXJ0dWFsIGFkZHJlc3Mgc3VwcGxpZWQgaXMgYWN0dWFsbHkg bWFwcGVkIHRvIGZyYW1lLiAqLwotICAgIGlmICggdW5saWtlbHkobDFlX2dl dF9wZm4ob2wxZSkgIT0gZnJhbWUpICkKKyAgICAvKgorICAgICAqIENoZWNr IHRoYXQgdGhlIFBURSBzdXBwbGllZCBhY3R1YWxseSBtYXBzIGZyYW1lICh3 aXRoIGFwcHJvcHJpYXRlCisgICAgICogcGVybWlzc2lvbnMpLgorICAgICAq LworICAgIGlmICggdW5saWtlbHkobDFlX2dldF9wZm4ob2wxZSkgIT0gZnJh bWUpIHx8CisgICAgICAgICB1bmxpa2VseSgobDFlX2dldF9mbGFncyhvbDFl KSBeIGdyYW50X3B0ZV9mbGFncykgJgorICAgICAgICAgICAgICAgICAgKF9Q QUdFX1BSRVNFTlQgfCBfUEFHRV9SVykpICkKICAgICB7CiAgICAgICAgIHBh Z2VfdW5sb2NrKHBhZ2UpOwotICAgICAgICBnZHByaW50ayhYRU5MT0dfV0FS TklORywKLSAgICAgICAgICAgICAgICAgIlBURSBlbnRyeSAlIlBSSXB0ZSIg Zm9yIGFkZHJlc3MgJSJQUkl4NjQiIGRvZXNuJ3QgbWF0Y2ggZnJhbWUgJWx4 XG4iLAotICAgICAgICAgICAgICAgICBsMWVfZ2V0X2ludHB0ZShvbDFlKSwg YWRkciwgZnJhbWUpOworICAgICAgICBnZHByaW50ayhYRU5MT0dfRVJSLAor ICAgICAgICAgICAgICAgICAiUFRFICUiUFJJcHRlIiBhdCAlIlBSSXg2NCIg ZG9lc24ndCBtYXRjaCBncmFudCAoJSJQUklwdGUiKVxuIiwKKyAgICAgICAg ICAgICAgICAgbDFlX2dldF9pbnRwdGUob2wxZSksIGFkZHIsCisgICAgICAg ICAgICAgICAgIGwxZV9nZXRfaW50cHRlKGwxZV9mcm9tX3BmbihmcmFtZSwg Z3JhbnRfcHRlX2ZsYWdzKSkpOwogICAgICAgICByYyA9IEdOVFNUX2dlbmVy YWxfZXJyb3I7CiAgICAgICAgIGdvdG8gZmFpbGVkOwogICAgIH0KIAorICAg IGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBncmFudF9w dGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4oX1BBR0VfQVZBSUwg fCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBnZHByaW50ayhYRU5M T0dfV0FSTklORywKKyAgICAgICAgICAgICAgICAgIlBURSBmbGFncyAleCBh dCAlIlBSSXg2NCIgZG9uJ3QgbWF0Y2ggZ3JhbnQgKCV4KVxuIiwKKyAgICAg ICAgICAgICAgICAgbDFlX2dldF9mbGFncyhvbDFlKSwgYWRkciwgZ3JhbnRf cHRlX2ZsYWdzKTsKKwogICAgIC8qIERlbGV0ZSBwYWdldGFibGUgZW50cnku ICovCiAgICAgaWYgKCB1bmxpa2VseSghVVBEQVRFX0VOVFJZCiAgICAgICAg ICAgICAgICAgICAobDEsIApAQCAtNDEyMyw3ICs0MTM2LDggQEAgc3RhdGlj IGludCBkZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5nKAogICAgICAgICAgICAg ICAgICAgIDApKSApCiAgICAgewogICAgICAgICBwYWdlX3VubG9jayhwYWdl KTsKLSAgICAgICAgZ2RwcmludGsoWEVOTE9HX1dBUk5JTkcsICJDYW5ub3Qg ZGVsZXRlIFBURSBlbnRyeSBhdCAlcFxuIiwgdmEpOworICAgICAgICBnZHBy aW50ayhYRU5MT0dfV0FSTklORywgIkNhbm5vdCBkZWxldGUgUFRFIGVudHJ5 IGF0ICUiUFJJeDY0IlxuIiwKKyAgICAgICAgICAgICAgICAgYWRkcik7CiAg ICAgICAgIHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAgICAgZ290 byBmYWlsZWQ7CiAgICAgfQpAQCAtNDE5MSw3ICs0MjA1LDggQEAgc3RhdGlj IGludCBjcmVhdGVfZ3JhbnRfdmFfbWFwcGluZygKIH0KIAogc3RhdGljIGlu dCByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmcoCi0gICAgdW5zaWduZWQgbG9u ZyBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCBsMV9wZ2VudHJ5X3Qgbmwx ZSwgc3RydWN0IHZjcHUgKnYpCisgICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1 bnNpZ25lZCBsb25nIGZyYW1lLCB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRlX2Zs YWdzLAorICAgIGwxX3BnZW50cnlfdCBubDFlLCBzdHJ1Y3QgdmNwdSAqdikK IHsKICAgICBsMV9wZ2VudHJ5X3QgKnBsMWUsIG9sMWU7CiAgICAgdW5zaWdu ZWQgbG9uZyBnbDFtZm47CkBAIC00MjI3LDIwICs0MjQyLDMzIEBAIHN0YXRp YyBpbnQgcmVwbGFjZV9ncmFudF92YV9tYXBwaW5nKAogCiAgICAgb2wxZSA9 ICpwbDFlOwogCi0gICAgLyogQ2hlY2sgdGhhdCB0aGUgdmlydHVhbCBhZGRy ZXNzIHN1cHBsaWVkIGlzIGFjdHVhbGx5IG1hcHBlZCB0byBmcmFtZS4gKi8K LSAgICBpZiAoIHVubGlrZWx5KGwxZV9nZXRfcGZuKG9sMWUpICE9IGZyYW1l KSApCi0gICAgewotICAgICAgICBnZHByaW50ayhYRU5MT0dfV0FSTklORywK LSAgICAgICAgICAgICAgICAgIlBURSBlbnRyeSAlbHggZm9yIGFkZHJlc3Mg JWx4IGRvZXNuJ3QgbWF0Y2ggZnJhbWUgJWx4XG4iLAotICAgICAgICAgICAg ICAgICBsMWVfZ2V0X3BmbihvbDFlKSwgYWRkciwgZnJhbWUpOworICAgIC8q CisgICAgICogQ2hlY2sgdGhhdCB0aGUgdmlydHVhbCBhZGRyZXNzIHN1cHBs aWVkIGlzIGFjdHVhbGx5IG1hcHBlZCB0byBmcmFtZQorICAgICAqICh3aXRo IGFwcHJvcHJpYXRlIHBlcm1pc3Npb25zKS4KKyAgICAgKi8KKyAgICBpZiAo IHVubGlrZWx5KGwxZV9nZXRfcGZuKG9sMWUpICE9IGZyYW1lKSB8fAorICAg ICAgICAgdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wxZSkgXiBncmFudF9w dGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIChfUEFHRV9QUkVTRU5U IHwgX1BBR0VfUlcpKSApCisgICAgeworICAgICAgICBnZHByaW50ayhYRU5M T0dfRVJSLAorICAgICAgICAgICAgICAgICAiUFRFICUiUFJJcHRlIiBmb3Ig JWx4IGRvZXNuJ3QgbWF0Y2ggZ3JhbnQgKCUiUFJJcHRlIilcbiIsCisgICAg ICAgICAgICAgICAgIGwxZV9nZXRfaW50cHRlKG9sMWUpLCBhZGRyLAorICAg ICAgICAgICAgICAgICBsMWVfZ2V0X2ludHB0ZShsMWVfZnJvbV9wZm4oZnJh bWUsIGdyYW50X3B0ZV9mbGFncykpKTsKICAgICAgICAgcmMgPSBHTlRTVF9n ZW5lcmFsX2Vycm9yOwogICAgICAgICBnb3RvIHVubG9ja19hbmRfb3V0Owog ICAgIH0KIAorICAgIGlmICggdW5saWtlbHkoKGwxZV9nZXRfZmxhZ3Mob2wx ZSkgXiBncmFudF9wdGVfZmxhZ3MpICYKKyAgICAgICAgICAgICAgICAgIH4o X1BBR0VfQVZBSUwgfCBQQUdFX0NBQ0hFX0FUVFJTKSkgKQorICAgICAgICBn ZHByaW50ayhYRU5MT0dfV0FSTklORywKKyAgICAgICAgICAgICAgICAgIlBU RSBmbGFncyAleCBmb3IgJSJQUkl4NjQiIGRvbid0IG1hdGNoIGdyYW50ICgl eClcbiIsCisgICAgICAgICAgICAgICAgIGwxZV9nZXRfZmxhZ3Mob2wxZSks IGFkZHIsIGdyYW50X3B0ZV9mbGFncyk7CisKICAgICAvKiBEZWxldGUgcGFn ZXRhYmxlIGVudHJ5LiAqLwogICAgIGlmICggdW5saWtlbHkoIVVQREFURV9F TlRSWShsMSwgcGwxZSwgb2wxZSwgbmwxZSwgZ2wxbWZuLCB2LCAwKSkgKQog ICAgIHsKLSAgICAgICAgZ2RwcmludGsoWEVOTE9HX1dBUk5JTkcsICJDYW5u b3QgZGVsZXRlIFBURSBlbnRyeSBhdCAlcFxuIiwgcGwxZSk7CisgICAgICAg IGdkcHJpbnRrKFhFTkxPR19XQVJOSU5HLCAiQ2Fubm90IGRlbGV0ZSBQVEUg ZW50cnkgZm9yICUiUFJJeDY0IlxuIiwKKyAgICAgICAgICAgICAgICAgYWRk cik7CiAgICAgICAgIHJjID0gR05UU1RfZ2VuZXJhbF9lcnJvcjsKICAgICAg ICAgZ290byB1bmxvY2tfYW5kX291dDsKICAgICB9CkBAIC00MjU0LDkgKzQy ODIsMTEgQEAgc3RhdGljIGludCByZXBsYWNlX2dyYW50X3ZhX21hcHBpbmco CiB9CiAKIHN0YXRpYyBpbnQgZGVzdHJveV9ncmFudF92YV9tYXBwaW5nKAot ICAgIHVuc2lnbmVkIGxvbmcgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwg c3RydWN0IHZjcHUgKnYpCisgICAgdW5zaWduZWQgbG9uZyBhZGRyLCB1bnNp Z25lZCBsb25nIGZyYW1lLCB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRlX2ZsYWdz LAorICAgIHN0cnVjdCB2Y3B1ICp2KQogewotICAgIHJldHVybiByZXBsYWNl X2dyYW50X3ZhX21hcHBpbmcoYWRkciwgZnJhbWUsIGwxZV9lbXB0eSgpLCB2 KTsKKyAgICByZXR1cm4gcmVwbGFjZV9ncmFudF92YV9tYXBwaW5nKGFkZHIs IGZyYW1lLCBncmFudF9wdGVfZmxhZ3MsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBsMWVfZW1wdHkoKSwgdik7CiB9CiAKIHN0YXRp YyBpbnQgY3JlYXRlX2dyYW50X3AybV9tYXBwaW5nKHVpbnQ2NF90IGFkZHIs IHVuc2lnbmVkIGxvbmcgZnJhbWUsCkBAIC00MzUxLDIwICs0MzgxLDM5IEBA IGludCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGluZygKICAgICB1bnNpZ25l ZCBsb25nIGdsMW1mbjsKICAgICBzdHJ1Y3QgcGFnZV9pbmZvICpsMXBnOwog ICAgIGludCByYzsKKyAgICB1bnNpZ25lZCBpbnQgZ3JhbnRfcHRlX2ZsYWdz OwogICAgIAogICAgIGlmICggcGFnaW5nX21vZGVfZXh0ZXJuYWwoY3VycmVu dC0+ZG9tYWluKSApCiAgICAgICAgIHJldHVybiByZXBsYWNlX2dyYW50X3Ay bV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBuZXdfYWRkciwgZmxhZ3MpOwogCisg ICAgZ3JhbnRfcHRlX2ZsYWdzID0KKyAgICAgICAgX1BBR0VfUFJFU0VOVCB8 IF9QQUdFX0FDQ0VTU0VEIHwgX1BBR0VfRElSVFkgfCBfUEFHRV9HTlRUQUIg fCBfUEFHRV9OWDsKKworICAgIGlmICggZmxhZ3MgJiBHTlRNQVBfYXBwbGlj YXRpb25fbWFwICkKKyAgICAgICAgZ3JhbnRfcHRlX2ZsYWdzIHw9IF9QQUdF X1VTRVI7CisgICAgaWYgKCAhKGZsYWdzICYgR05UTUFQX3JlYWRvbmx5KSAp CisgICAgICAgIGdyYW50X3B0ZV9mbGFncyB8PSBfUEFHRV9SVzsKKyAgICAv KgorICAgICAqIE9uIHRvcCBvZiB0aGUgZXhwbGljaXQgc2V0dGluZ3MgZG9u ZSBieSBjcmVhdGVfZ3JhbnRfaG9zdF9tYXBwaW5nKCkKKyAgICAgKiBhbHNv IG9wZW4tY29kZSByZWxldmFudCBwYXJ0cyBvZiBhZGp1c3RfZ3Vlc3RfbDFl KCkuIERvbid0IG1pcnJvcgorICAgICAqIGF2YWlsYWJsZSBhbmQgY2FjaGFi aWxpdHkgZmxhZ3MsIHRob3VnaC4KKyAgICAgKi8KKyAgICBpZiAoICFpc19w dl8zMmJpdF9kb21haW4oY3Vyci0+ZG9tYWluKSApCisgICAgICAgIGdyYW50 X3B0ZV9mbGFncyB8PSAoZ3JhbnRfcHRlX2ZsYWdzICYgX1BBR0VfVVNFUikK KyAgICAgICAgICAgICAgICAgICAgICAgICAgID8gX1BBR0VfR0xPQkFMCisg ICAgICAgICAgICAgICAgICAgICAgICAgICA6IF9QQUdFX0dVRVNUX0tFUk5F TCB8IF9QQUdFX1VTRVI7CisKICAgICBpZiAoIGZsYWdzICYgR05UTUFQX2Nv bnRhaW5zX3B0ZSApCiAgICAgewogICAgICAgICBpZiAoICFuZXdfYWRkciAp Ci0gICAgICAgICAgICByZXR1cm4gZGVzdHJveV9ncmFudF9wdGVfbWFwcGlu ZyhhZGRyLCBmcmFtZSwgY3Vyci0+ZG9tYWluKTsKKyAgICAgICAgICAgIHJl dHVybiBkZXN0cm95X2dyYW50X3B0ZV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBn cmFudF9wdGVfZmxhZ3MsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBjdXJyLT5kb21haW4pOwogICAgICAgICAKICAg ICAgICAgcmV0dXJuIEdOVFNUX2dlbmVyYWxfZXJyb3I7CiAgICAgfQogCiAg ICAgaWYgKCAhbmV3X2FkZHIgKQotICAgICAgICByZXR1cm4gZGVzdHJveV9n cmFudF92YV9tYXBwaW5nKGFkZHIsIGZyYW1lLCBjdXJyKTsKKyAgICAgICAg cmV0dXJuIGRlc3Ryb3lfZ3JhbnRfdmFfbWFwcGluZyhhZGRyLCBmcmFtZSwg Z3JhbnRfcHRlX2ZsYWdzLCBjdXJyKTsKIAogICAgIHBsMWUgPSBndWVzdF9t YXBfbDFlKG5ld19hZGRyLCAmZ2wxbWZuKTsKICAgICBpZiAoICFwbDFlICkK QEAgLTQ0MTIsNyArNDQ2MSw3IEBAIGludCByZXBsYWNlX2dyYW50X2hvc3Rf bWFwcGluZygKICAgICBwdXRfcGFnZShsMXBnKTsKICAgICBndWVzdF91bm1h cF9sMWUocGwxZSk7CiAKLSAgICByYyA9IHJlcGxhY2VfZ3JhbnRfdmFfbWFw cGluZyhhZGRyLCBmcmFtZSwgb2wxZSwgY3Vycik7CisgICAgcmMgPSByZXBs YWNlX2dyYW50X3ZhX21hcHBpbmcoYWRkciwgZnJhbWUsIGdyYW50X3B0ZV9m bGFncywgb2wxZSwgY3Vycik7CiAgICAgaWYgKCByYyAmJiAhcGFnaW5nX21v ZGVfcmVmY291bnRzKGN1cnItPmRvbWFpbikgKQogICAgICAgICBwdXRfcGFn ZV9mcm9tX2wxZShvbDFlLCBjdXJyLT5kb21haW4pOwogCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator-- From xen-announce-bounces@lists.xen.org Thu Sep 28 17:27:36 2017 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 28 Sep 2017 17:27:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxca0-0005Cu-Ej; Thu, 28 Sep 2017 17:26:32 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxcZz-0005Ci-B0; Thu, 28 Sep 2017 17:26:31 +0000 Received: from [193.109.254.147] by server-6.bemta-6.messagelabs.com id 71/EA-03423-6C03DC95; Thu, 28 Sep 2017 17:26:30 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCKsWRWlGSWpSXmKPExsWS0XRdVfeIwdl Ig+UTeS1u3WxltljycTGLxaqrB1gdmD2O7v7NFMAYxZqZl5RfkcCaMWfdNMaCC/EVs0+/Zmxg fB/dxcjFISRwhVFi95XnzF2MnEDOIkaJptO+IDazgKvEjX2b2SBsRYkL9xpYQGxeAUGJkzOfg NkSApoSd96sYgexRQSKJHaeewlmswnoScw9O4kJotdSYv7EU2BzhAW8JHpPTmKHmGMm0T5rCi OIzSKgKrF7wTrGCYw8s5CsnoVk9Swkq2cxcgDFNSXW79KHMKUllv/jgKiWl9j+dg4zhG0lce7 9fCjbXGLh84MsMBOndD9kh7DLJGbsnAVVUywxdepKRmxqfp5pZ4JYVSxx4qQdspIFjPyrGNWL U4vKUot0DfWSijLTM0pyEzNzdA0NzPRyU4uLE9NTcxKTivWS83M3MQJjjQEIdjDufO50iFGSg 0lJlNdA/2ykEF9SfkplRmJxRnxRaU5q8SFGGQ4OJQneDyA5waLU9NSKtMwcYNTDpCU4eJREeK eBpHmLCxJzizPTIVKnGC05jq24+IeJY82860Cy4+bdP0xCLHn5ealS4rwiwNQiJADSkFGaBzc OlpguMcpKCfMyAh0oxFOQWpSbWYIq/4pRnINRSZj3Pchansy8Eritr4AOYgI6aPLEMyAHlSQi pKQaGG2T3ghf7/46k396Sd9s5p+b5izq2s3AlOlYbPxUT0zwhdDS02df/K/lcjmay1LAxPBq7 5U5E/Kyev64Ohl4bp3HnOVy8kCf/mxupjQ1gemTsme3zXziOHv6lHc2k2Z+6JXlPhXze6dn0X 3OFJeyDeIX/z9+sdo1O9yiVWvtjNcPJ3CLeUec/qLEUpyRaKjFXFScCACYmddvRwMAAA== X-Env-Sender: aliasfile-bounces@xenproject.org X-Msg-Ref: server-16.tower-27.messagelabs.com!1506619587!118713002!1 X-Originating-IP: [104.130.215.37] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 35746 invoked from network); 28 Sep 2017 17:26:27 -0000 Received: from mail.xenproject.org (HELO mail.xenproject.org) (104.130.215.37) by server-16.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 28 Sep 2017 17:26:27 -0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxcZo-0000jX-7I; Thu, 28 Sep 2017 17:26:20 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1dxcZo-0000QF-6K; Thu, 28 Sep 2017 17:26:20 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 28 Sep 2017 17:26:20 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xen.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-245 ARM: Some memory not scrubbed at boot NOTE REGARDING LACK OF EMBARGO ============================== This bug was discussed publicly before it was realised that it was a security vulnerability. ISSUE DESCRIPTION ================= Data can remain readable in DRAM across soft and even hard reboots. To ensure that sensitive data is not leaked from one domain to another after a reboot, Xen must "scrub" all memory on boot (write it with zeroes). Unfortunately, it was discovered that when memory was in disjoint blocks, or when the first block didn't begin at physical address 0, arithmetic errors meant that some memory was not scrubbed. IMPACT ====== Sensitive information from one domain before a reboot might be visible to another domain after a reboot. VULNERABLE SYSTEMS ================== Only ARM systems are vulnerable. All versions of Xen since 4.5 are vulnerable. Only hardware with disjoint blocks, or physical addresses not starting at 0 are vulnerable; this includes the majority of ARM systems. MITIGATION ========== None. RESOLUTION ========== Applying the appropriate attached patches resolves this issue. xsa245/*.patch All versions of Xen $ sha256sum xsa245* xsa245*/* 121829263b85fcb5eac8e38fb44e77d3aab1dd7ae6ef665bf84bb49e5e161d24 xsa245.meta 526f9e1b127fbb316762ce8e8f4563bc9de0c55a1db581456a3017d570d35bdd xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch 7164010112fcccd9cd88e72ace2eeabdb364dd6f4d05c434686267d18067f420 xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZzTANAAoJEIP+FMlX6CvZHk4IAJpF4ruPkFKdCgsQ/ljjrpxO 8CVQFVwxTLtLZGUB1ZP0nFntkT/FnhDo870EmDvjPZTq3MmQwlPwVhgPqmF+tsTC aMecUftEJxHm6cSRLYiIGEphGbJZR6utjTKd7l0ddni5QtnzUED8mE5WFAq4aLrS y8FHuyghE6nwBXEMhRiDYYZ2X0MeMeTisc/0s1Loe002zcpw0RUlmys21Uzzd1Xv t4n5e4RDMLUNpfpY3o4UVWcJJi55Bpxw9ke4IMExlNSbYR5qQeNigDT0CcE1bv6n mNwlADAUKT4t/K1fyk6XJLFIdzHt5NVmN2O9cYKt6voVMu1r1dh3TgiAffAJsxk= =Pi1Y -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa245.meta" Content-Disposition: attachment; filename="xsa245.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNDUsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC45IiwKICAgICI0LjgiLAogICAgIjQuNyIsCiAg ICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMiOiBbCiAgICAieGVu IgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC41IjogewogICAgICAiWGVu VmVyc2lvbiI6ICI0LjUiLAogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI4MzcyNGQ5ZjNhZTIx YTNiOTYzNjI3NDJlMmYwNTJiMTlkOWY1NTlhIiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyMzcsCiAgICAgICAgICAgIDIzOCwKICAg ICAgICAgICAgMjM5LAogICAgICAgICAgICAyNDAsCiAgICAgICAgICAgIDI0 MSwKICAgICAgICAgICAgMjQyLAogICAgICAgICAgICAyNDMsCiAgICAgICAg ICAgIDI0NAogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwog ICAgICAgICAgICAieHNhMjQ1LyoiCiAgICAgICAgICBdCiAgICAgICAgfQog ICAgICB9CiAgICB9LAogICAgIjQuNiI6IHsKICAgICAgIlhlblZlcnNpb24i OiAiNC42IiwKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsK ICAgICAgICAgICJTdGFibGVSZWYiOiAiMTY1OGE4NzY5MGFjODM5ZTg1ZGIx MmJiZjQwOWJlNjJiYjkzODY0MCIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsK ICAgICAgICAgICAgMjM3LAogICAgICAgICAgICAyMzgsCiAgICAgICAgICAg IDIzOSwKICAgICAgICAgICAgMjQwLAogICAgICAgICAgICAyNDEsCiAgICAg ICAgICAgIDI0MiwKICAgICAgICAgICAgMjQzLAogICAgICAgICAgICAyNDQK ICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAg ICAgInhzYTI0NS8qIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQog ICAgfSwKICAgICI0LjciOiB7CiAgICAgICJYZW5WZXJzaW9uIjogIjQuNyIs CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAg ICAiU3RhYmxlUmVmIjogImM3NzgzZDljMjZmYzE5MTg2MmQ5ODgzZGEyMjM4 NzM0MGIxZmFiMTgiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAg ICAgIDIzNywKICAgICAgICAgICAgMjM4LAogICAgICAgICAgICAyMzksCiAg ICAgICAgICAgIDI0MCwKICAgICAgICAgICAgMjQxLAogICAgICAgICAgICAy NDIsCiAgICAgICAgICAgIDI0MywKICAgICAgICAgICAgMjQ0CiAgICAgICAg ICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2Ey NDUvKiIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC44IjogewogICAgICAiWGVuVmVyc2lvbiI6ICI0LjgiLAogICAgICAi UmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJs ZVJlZiI6ICIzNjg5OGViMTI1NzJmMGExZjg1Y2I1NGQ0YTllOTBhZmNiNmY3 MDQ1IiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyMzcs CiAgICAgICAgICAgIDIzOCwKICAgICAgICAgICAgMjM5LAogICAgICAgICAg ICAyNDAsCiAgICAgICAgICAgIDI0MSwKICAgICAgICAgICAgMjQyLAogICAg ICAgICAgICAyNDMsCiAgICAgICAgICAgIDI0NAogICAgICAgICAgXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjQ1LyoiCiAg ICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuOSI6 IHsKICAgICAgIlhlblZlcnNpb24iOiAiNC45IiwKICAgICAgIlJlY2lwZXMi OiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAi MmNjM2QzMmY0MGM3MWNiMjQyNDc3YTNmODkzODA3NGQ0ZmMzNjgyOSIsCiAg ICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjM3LAogICAgICAg ICAgICAyMzgsCiAgICAgICAgICAgIDIzOSwKICAgICAgICAgICAgMjQwLAog ICAgICAgICAgICAyNDEsCiAgICAgICAgICAgIDI0MiwKICAgICAgICAgICAg MjQzLAogICAgICAgICAgICAyNDQKICAgICAgICAgIF0sCiAgICAgICAgICAi UGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI0NS8qIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICJtYXN0ZXIiOiB7CiAg ICAgICJYZW5WZXJzaW9uIjogIm1hc3RlciIsCiAgICAgICJSZWNpcGVzIjog ewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImE4 ZWE2ZTI2ODgxMThhM2UxOWUyOWIzOWUzMTZmYWE1Zjk2YWI5ZDEiLAogICAg ICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDIzNywKICAgICAgICAg ICAgMjM4LAogICAgICAgICAgICAyMzksCiAgICAgICAgICAgIDI0MCwKICAg ICAgICAgICAgMjQxLAogICAgICAgICAgICAyNDIsCiAgICAgICAgICAgIDI0 MywKICAgICAgICAgICAgMjQ0CiAgICAgICAgICBdLAogICAgICAgICAgIlBh dGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNDUvKiIKICAgICAgICAgIF0K ICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch" Content-Disposition: attachment; filename="xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch" Content-Transfer-Encoding: base64 RnJvbSBhNDhkNDdmZWJjMTM0MGYyN2Q2YzcxNjU0NTY5MjY0MWEwOWI0MTRj IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBhcm0uY29tPgpEYXRlOiBUaHUsIDIxIFNlcCAyMDE3 IDE0OjEzOjA4ICswMTAwClN1YmplY3Q6IFtQQVRDSCAxLzJdIHhlbi9wYWdl X2FsbG9jOiBDb3ZlciBtZW1vcnkgdW5yZXNlcnZlZCBhZnRlciBib290IGlu CiBmaXJzdF92YWxpZF9tZm4KCk9uIEFybSwgc29tZSByZWdpb25zIChlLmcg SW5pdHJhbWZzLCBEb20wIEtlcm5lbC4uLikgYXJlIG1hcmtlZCBhcwpyZXNl cnZlZCB1bnRpbCB0aGUgaGFyZHdhcmUgZG9tYWluIGlzIGJ1aWx0IGFuZCB0 aGV5IGFyZSBjb3BpZWQgaW50byBpdHMKbWVtb3J5LiBUaGVyZWZvcmUsIHRo ZXkgd2lsbCBub3QgYmUgYWRkZWQgaW4gdGhlIGJvb3QgYWxsb2NhdG9yIHZp YQppbml0X2Jvb3RfcGFnZXMuCgpJbnN0ZWFkLCBpbml0X3hlbmhlYXBfcGFn ZXMgd2lsbCBiZSBjYWxsZWQgb25jZSB0aGUgcmVnaW9uIGFyZSBub3QgdXNl ZAphbnltb3JlLgoKVXBkYXRlIGZpcnN0X3ZhbGlkX21mbiBpbiBib3RoIGlu aXRfaGVhcF9wYWdlcyBhbmQgaW5pdF9ib290X3BhZ2VzCihhbHJlYWR5IGV4 aXN0KSB0byBjb3ZlciBhbGwgdGhlIGNhc2VzLgoKU2lnbmVkLW9mZi1ieTog SnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAYXJtLmNvbT4KW0FkanVzdCBj b21tZW50LCBhZGRlZCBsb2NraW5nIGFyb3VuZCBmaXJzdF92YWxpZF9tZm4g dXBkYXRlXQpTaWduZWQtb2ZmLWJ5OiBCb3JpcyBPc3Ryb3Zza3kgPGJvcmlz Lm9zdHJvdnNreUBvcmFjbGUuY29tPgotLS0KIHhlbi9jb21tb24vcGFnZV9h bGxvYy5jIHwgMTAgKysrKysrKysrKwogMSBmaWxlIGNoYW5nZWQsIDEwIGlu c2VydGlvbnMoKykKCmRpZmYgLS1naXQgYS94ZW4vY29tbW9uL3BhZ2VfYWxs b2MuYyBiL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCmluZGV4IDBiOWY2Y2M2 ZGYuLmZiZTVhOGFmMzkgMTAwNjQ0Ci0tLSBhL3hlbi9jb21tb24vcGFnZV9h bGxvYy5jCisrKyBiL3hlbi9jb21tb24vcGFnZV9hbGxvYy5jCkBAIC0xNzAw LDYgKzE3MDAsMTYgQEAgc3RhdGljIHZvaWQgaW5pdF9oZWFwX3BhZ2VzKAog ewogICAgIHVuc2lnbmVkIGxvbmcgaTsKIAorICAgIC8qCisgICAgICogU29t ZSBwYWdlcyBtYXkgbm90IGdvIHRocm91Z2ggdGhlIGJvb3QgYWxsb2NhdG9y IChlLmcgcmVzZXJ2ZWQKKyAgICAgKiBtZW1vcnkgYXQgYm9vdCBidXQgcmVs ZWFzZWQganVzdCBhZnRlciAtLS0ga2VybmVsLCBpbml0cmFtZnMsCisgICAg ICogZXRjLikuCisgICAgICogVXBkYXRlIGZpcnN0X3ZhbGlkX21mbiB0byBl bnN1cmUgdGhvc2UgcmVnaW9ucyBhcmUgY292ZXJlZC4KKyAgICAgKi8KKyAg ICBzcGluX2xvY2soJmhlYXBfbG9jayk7CisgICAgZmlyc3RfdmFsaWRfbWZu ID0gbWluX3QodW5zaWduZWQgbG9uZywgcGFnZV90b19tZm4ocGcpLCBmaXJz dF92YWxpZF9tZm4pOworICAgIHNwaW5fdW5sb2NrKCZoZWFwX2xvY2spOwor CiAgICAgZm9yICggaSA9IDA7IGkgPCBucl9wYWdlczsgaSsrICkKICAgICB7 CiAgICAgICAgIHVuc2lnbmVkIGludCBuaWQgPSBwaHlzX3RvX25pZChwYWdl X3RvX21hZGRyKHBnK2kpKTsKLS0gCjIuMTEuMAoK --=separator Content-Type: application/octet-stream; name="xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch" Content-Disposition: attachment; filename="xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch" Content-Transfer-Encoding: base64 RnJvbSBjYmZjZjAzOWQwZTBiNmY0YzRjYjNkZTYxMmY3YmY3ODhhMGM0N2Nk IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWxpZW4gR3JhbGwg PGp1bGllbi5ncmFsbEBhcm0uY29tPgpEYXRlOiBNb24sIDE4IFNlcCAyMDE3 IDE0OjI0OjA4ICswMTAwClN1YmplY3Q6IFtQQVRDSCAyLzJdIHhlbi9hcm06 IENvcnJlY3RseSByZXBvcnQgdGhlIG1lbW9yeSByZWdpb24gaW4gdGhlIGR1 bW15CiBOVU1BIGhlbHBlcnMKCk5VTUEgaXMgY3VycmVudGx5IG5vdCBzdXBw b3J0ZWQgb24gQXJtLiBCZWNhdXNlIGNvbW1vbiBjb2RlIGlzCk5VTUEtYXdh cmUsIGR1bW15IGhlbHBlcnMgYXJlIGluc3RlYWQgcHJvdmlkZWQgdG8gZXhw b3NlIGEgc2luZ2xlIG5vZGUuCgpUaG9zZSBoZWxwZXJzIGFyZSBmb3IgaW5z dGFuY2UgdXNlZCB0byBrbm93IHRoZSByZWdpb24gdG8gc2NydWIuCgpIb3dl dmVyIHRoZSBtZW1vcnkgcmVnaW9uIGlzIG5vdCByZXBvcnRlZCBjb3JyZWN0 bHkuIEluZGVlZCwgdGhlCmZyYW1ldGFibGUgbWF5IG5vdCBiZSBhdCB0aGUg YmVnaW5uaW5nIG9mIHRoZSBtZW1vcnkgYW5kIHRoZXJlIG1pZ2h0IGJlCm11 bHRpcGxlIG1lbW9yeSBiYW5rcy4gVGhpcyB3aWxsIGxlYWQgdG8gbm90IHNj cnViIHNvbWUgcGFydCBvZiB0aGUKbWVtb3J5LgoKVGhlIG1lbW9yeSBpbmZv cm1hdGlvbiBjYW4gYmUgZm91bmQgdXNpbmc6CiAgICAqIGZpcnN0X3ZhbGlk X21mbiBhcyB0aGUgc3RhcnQgb2YgdGhlIG1lbW9yeQogICAgKiBtYXhfcGFn ZSAtIGZpcnN0X3ZhbGlkX21mbiBhcyB0aGUgc3Bhbm5lZCBwYWdlcwoKTm90 ZSB0aGF0IGZpcnN0X3ZhbGlkX21mbiBpcyBub3cgYmVlbiBleHBvcnRlZC4g VGhlIHByb3RvdHlwZSBoYXMgYmVlbgphZGRlZCBpbiBhc20tYXJtL251bWEu aCBhbmQgbm90IGluIGEgY29tbW9uIGhlYWRlciBiZWNhdXNlIEkgd291bGQK ZXhwZWN0IHRoZSB2YXJpYWJsZSB0byBiZWNvbWUgc3RhdGljIG9uY2UgTlVN QSBpcyBmdWxseSBzdXBwb3J0ZWQgb24KQXJtLgoKU2lnbmVkLW9mZi1ieTog SnVsaWVuIEdyYWxsIDxqdWxpZW4uZ3JhbGxAYXJtLmNvbT4KLS0tCiB4ZW4v Y29tbW9uL3BhZ2VfYWxsb2MuYyAgICB8ICA2ICsrKysrLQogeGVuL2luY2x1 ZGUvYXNtLWFybS9udW1hLmggfCAxMCArKysrKysrKy0tCiAyIGZpbGVzIGNo YW5nZWQsIDEzIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZm IC0tZ2l0IGEveGVuL2NvbW1vbi9wYWdlX2FsbG9jLmMgYi94ZW4vY29tbW9u L3BhZ2VfYWxsb2MuYwppbmRleCBmYmU1YThhZjM5Li40NzJjNmZlMzI5IDEw MDY0NAotLS0gYS94ZW4vY29tbW9uL3BhZ2VfYWxsb2MuYworKysgYi94ZW4v Y29tbW9uL3BhZ2VfYWxsb2MuYwpAQCAtMTkyLDcgKzE5MiwxMSBAQCBQQUdF X0xJU1RfSEVBRChwYWdlX2Jyb2tlbl9saXN0KTsKICAqIEJPT1QtVElNRSBB TExPQ0FUT1IKICAqLwogCi1zdGF0aWMgdW5zaWduZWQgbG9uZyBfX2luaXRk YXRhIGZpcnN0X3ZhbGlkX21mbiA9IH4wVUw7CisvKgorICogZmlyc3RfdmFs aWRfbWZuIGlzIGV4cG9ydGVkIGJlY2F1c2UgaXQgaXMgdXNlIGluIEFSTSBz cGVjaWZpYyBOVU1BCisgKiBoZWxwZXJzLiBTZWUgY29tbWVudCBpbiBhc20t YXJtL251bWEuaC4KKyAqLwordW5zaWduZWQgbG9uZyBmaXJzdF92YWxpZF9t Zm4gPSB+MFVMOwogCiBzdGF0aWMgc3RydWN0IGJvb3RtZW1fcmVnaW9uIHsK ICAgICB1bnNpZ25lZCBsb25nIHMsIGU7IC8qIE1GTnMgQHMgdGhyb3VnaCBA ZS0xIGluY2x1c2l2ZSBhcmUgZnJlZSAqLwpkaWZmIC0tZ2l0IGEveGVuL2lu Y2x1ZGUvYXNtLWFybS9udW1hLmggYi94ZW4vaW5jbHVkZS9hc20tYXJtL251 bWEuaAppbmRleCBhMmMxYTM0NzZkLi4zZTczODRkYTllIDEwMDY0NAotLS0g YS94ZW4vaW5jbHVkZS9hc20tYXJtL251bWEuaAorKysgYi94ZW4vaW5jbHVk ZS9hc20tYXJtL251bWEuaApAQCAtMTIsOSArMTIsMTUgQEAgc3RhdGljIGlu bGluZSBfX2F0dHJpYnV0ZV9fKChwdXJlKSkgbm9kZWlkX3QgcGh5c190b19u aWQocGFkZHJfdCBhZGRyKQogICAgIHJldHVybiAwOwogfQogCisvKgorICog VE9ETzogbWFrZSBmaXJzdF92YWxpZF9tZm4gc3RhdGljIHdoZW4gTlVNQSBp cyBzdXBwb3J0ZWQgb24gQXJtLCB0aGlzCisgKiBpcyByZXF1aXJlZCBiZWNh dXNlIHRoZSBkdW1teSBoZWxwZXJzIGlzIHVzaW5nIGl0LgorICovCitleHRl cm4gdW5zaWduZWQgbG9uZyBmaXJzdF92YWxpZF9tZm47CisKIC8qIFhYWDog aW1wbGVtZW50IE5VTUEgc3VwcG9ydCAqLwotI2RlZmluZSBub2RlX3NwYW5u ZWRfcGFnZXMobmlkKSAodG90YWxfcGFnZXMpCi0jZGVmaW5lIG5vZGVfc3Rh cnRfcGZuKG5pZCkgKHBkeF90b19wZm4oZnJhbWV0YWJsZV9iYXNlX3BkeCkp CisjZGVmaW5lIG5vZGVfc3Bhbm5lZF9wYWdlcyhuaWQpIChtYXhfcGFnZSAt IGZpcnN0X3ZhbGlkX21mbikKKyNkZWZpbmUgbm9kZV9zdGFydF9wZm4obmlk KSAoZmlyc3RfdmFsaWRfbWZuKQogI2RlZmluZSBfX25vZGVfZGlzdGFuY2Uo YSwgYikgKDIwKQogCiBzdGF0aWMgaW5saW5lIHVuc2lnbmVkIGludCBhcmNo X2dldF9kbWFfYml0c2l6ZSh2b2lkKQotLSAKMi4xMS4wCgo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3Rz Lnhlbi5vcmcveGVuLWFubm91bmNl --=separator--