From xen-announce-bounces@lists.xenproject.org Thu Mar 01 10:50:07 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 01 Mar 2018 10:50:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erLlX-0003X1-3r; Thu, 01 Mar 2018 10:48:47 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erLkv-0003V8-PE for xen-announce@lists.xenproject.org; Thu, 01 Mar 2018 10:48:09 +0000 X-Inumbo-ID: 4c7b33a1-1d3e-11e8-b9b1-635ca7ef6cff Received: from gauss.credativ.com (unknown [93.94.130.89]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id 4c7b33a1-1d3e-11e8-b9b1-635ca7ef6cff; Thu, 01 Mar 2018 10:50:04 +0000 (UTC) Received: from gauss.credativ.com (localhost [127.0.0.1]) by gauss.credativ.com (Postfix) with ESMTP id B118F1E1958; Thu, 1 Mar 2018 11:48:02 +0100 (CET) Received: from [172.26.32.61] (fw-front.credativ.com [62.154.226.94]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: dbe@gauss.credativ.com) by gauss.credativ.com (Postfix) with ESMTPSA id 731B11E1524 for ; Thu, 1 Mar 2018 11:48:02 +0100 (CET) To: Xen-announce@lists.xenproject.org From: Dominic Brekau Message-ID: <1a1a0fcd-01f8-f43f-a26f-2a5a4089ef93@credativ.de> Date: Thu, 1 Mar 2018 11:48:02 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Language: de-DE X-Mailman-Approved-At: Thu, 01 Mar 2018 10:48:46 +0000 Subject: [Xen-announce] Scheduled Maintenance in March X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" SW4gdGhlIG5leHQgd2Vla3Mgd2UncmUgcGxhbm5pbmcgdG8gdXBncmFkZSBzZXZlcmFsIGhvc3Rz IG9mIHhlbnByb2plY3Qub3JnLgpUaGlzIHdpbGwgY2F1c2Ugc2NoZWR1bGVkIGRvd24gdGltZSBv ZiAxLTIgaG91cnMgZm9yIGVhY2ggaG9zdC4KClNjaGVkdWxlOgoKVGh1LCBNYXIgMDgsIDIwMTgK MDc6MDAgQU0gVVRDIC0gMDk6MDAgQU0gVVRDIHhlbmJpdHMueGVucHJvamVjdC5vcmcKMDg6MDAg QU0gVVRDIC0gMTA6MDAgQU0gVVRDIGV0aGVycGFkLnhlbnByb2plY3Qub3JnCgpUdWUsIE1hciAx MywgMjAxOAowNzowMCBBTSBVVEMgLSAwOTowMCBBTSBVVEMgd2lraS54ZW5wcm9qZWN0Lm9yZwow ODowMCBBTSBVVEMgLSAxMDowMCBBTSBVVEMgYmxvZy54ZW5wcm9qZWN0Lm9yZwowOTowMCBBTSBV VEMgLSAxMTowMCBBTSBVVEMgYnVncy54ZW5wcm9qZWN0Lm9yZwoKVGh1LCBNYXIgMTUsIDIwMTgK MDc6MDAgQU0gVVRDIC0gMDk6MDAgQU0gVVRDIG1haWwueGVucHJvamVjdC5vcmcKClR1ZSwgTWFy IDIwLCAyMDE4CjA3OjAwIEFNIFVUQyAtIDA5OjAwIEFNIFVUQyBsaXN0cy54ZW5wcm9qZWN0Lm9y ZwoKLS0KCkJlc3QgUmVnYXJkcwpEb21pbmljCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5j ZUBsaXN0cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxt YW4vbGlzdGluZm8veGVuLWFubm91bmNl From xen-announce-bounces@lists.xenproject.org Thu Mar 01 13:16:32 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 01 Mar 2018 13:16:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3a-0007tn-4f; Thu, 01 Mar 2018 13:15:34 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3Z-0007st-HG for xen-announce@lists.xen.org; Thu, 01 Mar 2018 13:15:33 +0000 X-Inumbo-ID: e483126b-1d52-11e8-b9b1-635ca7ef6cff Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id e483126b-1d52-11e8-b9b1-635ca7ef6cff; Thu, 01 Mar 2018 13:17:29 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3M-00078N-9H; Thu, 01 Mar 2018 13:15:20 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1erO3M-0007EH-8Z; Thu, 01 Mar 2018 13:15:20 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 01 Mar 2018 13:15:20 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 256 (CVE-2018-7542) - x86 PVH guest without LAPIC may DoS the host X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-7542 / XSA-256 version 3 x86 PVH guest without LAPIC may DoS the host UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= So far, x86 PVH guests can be configured with or without Local APICs. Configurations with Local APICs are identical to x86 HVM guests, and will use as much hardware acceleration support as possible. Configurations without Local APICs try to turn off all hardware acceleration, and disable all software emulation. Multiple paths in Xen assume the presence of a Local APIC without sufficient checks, and can fall over a NULL pointer. On Intel hardware, the logic to turn off hardware acceleration is incomplete and leaves the guest with full control of the real Task Priority Register. IMPACT ====== A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. VULNERABLE SYSTEMS ================== Xen version 4.8 and onwards are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PVH guests can exploit the vulnerability. x86 PV and HVM guests cannot exploit the vulnerability. MITIGATION ========== Running only PV or HVM guests avoids the vulnerability. Running all PVH guests with "apic=1" in the guest configuration file (or equivalent thereof) also avoids the vulnerability. CREDITS ======= This issue was discovered by Ian Jackson of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa256.patch xen-unstable, Xen 4.10.x, Xen 4.9.x xsa256-4.8.patch Xen 4.8.x $ sha256sum xsa256* 3e45cc3f2ea516e7470083592041e238c0dfe32324790b2fba0e47c9efe38865 xsa256.patch c029fcb67ff7c3c9a2adcb8e6f5e245a0d347acc8a9b3530591a639cbf321349 xsa256-4.8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJal/zVAAoJEIP+FMlX6CvZkSgIAJG8fezZnjklV1FlQpzIfy5Y qMg0PaUUg69vSmc1uxuM51pi/KATCE541VdJesZ7CviFvrNm46fj2OF4L5wGNbq7 wqi1Ywn3J8iVOkzVyhQbb0ZXzBQK0Z48Q7qcZNlnJ8Ci1MP8wjWK5Aq0BO7qUEpM oHawLRAmEY0JKxIWwlpvR35dwoGp3cOSy0yHSWrpuj+Q59rhOuY/hyn0NlMBjDqp CbJqLC1T0lfC9fpe7LRxDBusleZm/QGiWDHjFMS560koDt4gq6i8zTpVIJrpHdFF eGhKY4JhVJpNljOB0CD87qk9WpN8+jxb1hVigMfZcyMMNygPLH5Bnh5QfhZwd00= =JPu9 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa256.patch" Content-Disposition: attachment; filename="xsa256.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L2h2bTogRGlzYWxsb3cgdGhlIGNyZWF0aW9uIG9m IEhWTSBkb21haW5zIHdpdGhvdXQgTG9jYWwgQVBJQyBlbXVsYXRpb24KClRo ZXJlIGFyZSBtdWx0aXBsZSBwcm9ibGVtcywgbm90IG5lY2Vzc2VyaWx5IGxp bWl0ZWQgdG86CgogKiBHdWVzdHMgd2hpY2ggY29uZmlndXJlIGV2ZW50IGNo YW5uZWxzIHZpYSBodm1vcF9zZXRfZXZ0Y2huX3VwY2FsbF92ZWN0b3IoKSwK ICAgb3Igd2hpY2ggaGl0ICVjcjggZW11bGF0aW9uIHdpbGwgY2F1c2UgWGVu IHRvIGZhbGwgb3ZlciBhIE5VTEwgdmxhcGljLT5yZWdzCiAgIHBvaW50ZXIu CgogKiBPbiBJbnRlbCBoYXJkd2FyZSwgZGlzYWJsaW5nIHRoZSBUUFJfU0hB RE9XIGV4ZWN1dGlvbiBjb250cm9sIHdpdGhvdXQKICAgcmVlbmFibGluZyBD Ujhfe0xPQUQsU1RPUkV9IGludGVyY2VwdGlvbiBtZWFucyB0aGF0IHRoZSBn dWVzdHMgJWNyOAogICBhY2Nlc3NlcyBpbnRlcmFjdCB3aXRoIHRoZSByZWFs IFRQUi4gIEFtb25nc3Qgb3RoZXIgdGhpbmdzLCBzZXR0aW5nIHRoZQogICBy ZWFsIFRQUiB0byAweGYgYmxvY2tzIGV2ZW4gSVBJcyBmcm9tIGludGVycnVw dGluZyB0aGlzIENQVS4KCiAqIE9uIGhhcmR3YXJlIHdoaWNoIHNldHMgdXAg dGhlIHVzZSBvZiBJbnRlcnJ1cHQgUG9zdGluZywgaW5jbHVkaW5nCiAgIElP TU1VLVBvc3RpbmcsIGd1ZXN0cyBydW4gd2l0aG91dCB0aGUgYXBwcm9wcmlh dGUgbm9uLXJvb3QgY29uZmlndXJhdGlvbiwKICAgd2hpY2ggYXQgYSBtaW5p bXVtIHdpbGwgcmVzdWx0IGluIGRyb3BwZWQgaW50ZXJydXB0cy4KCldoZXRo ZXIgbm8tTEFQSUMgbW9kZSBpcyBvZiBhbnkgdXNlIGF0IGFsbCByZW1haW5z IHRvIGJlIHNlZW4uCgpUaGlzIGlzIFhTQS0yNTYuCgpSZXBvcnRlZC1ieTog SWFuIEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+ClJldmll d2VkLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3Bl cjNAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1 bGljaEBzdXNlLmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvZG9t YWluLmMgYi94ZW4vYXJjaC94ODYvZG9tYWluLmMKaW5kZXggZjkzMzI3Yi4u ZjY1ZmMxMiAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L2RvbWFpbi5jCisr KyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNDEzLDcgKzQxMyw3IEBA IHN0YXRpYyBib29sIGVtdWxhdGlvbl9mbGFnc19vayhjb25zdCBzdHJ1Y3Qg ZG9tYWluICpkLCB1aW50MzJfdCBlbWZsYWdzKQogICAgICAgICBpZiAoIGlz X2hhcmR3YXJlX2RvbWFpbihkKSAmJgogICAgICAgICAgICAgIGVtZmxhZ3Mg IT0gKFhFTl9YODZfRU1VX0xBUElDfFhFTl9YODZfRU1VX0lPQVBJQykgKQog ICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwotICAgICAgICBpZiAoICFpc19o YXJkd2FyZV9kb21haW4oZCkgJiYgZW1mbGFncyAmJgorICAgICAgICBpZiAo ICFpc19oYXJkd2FyZV9kb21haW4oZCkgJiYKICAgICAgICAgICAgICBlbWZs YWdzICE9IFhFTl9YODZfRU1VX0FMTCAmJiBlbWZsYWdzICE9IFhFTl9YODZf RU1VX0xBUElDICkKICAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICB9 Cg== --=separator Content-Type: application/octet-stream; name="xsa256-4.8.patch" Content-Disposition: attachment; filename="xsa256-4.8.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L2h2bTogRGlzYWxsb3cgdGhlIGNyZWF0aW9uIG9m IEhWTSBkb21haW5zIHdpdGhvdXQgTG9jYWwgQVBJQyBlbXVsYXRpb24KClRo ZXJlIGFyZSBtdWx0aXBsZSBwcm9ibGVtcywgbm90IG5lY2Vzc2VyaWx5IGxp bWl0ZWQgdG86CgogKiBHdWVzdHMgd2hpY2ggY29uZmlndXJlIGV2ZW50IGNo YW5uZWxzIHZpYSBodm1vcF9zZXRfZXZ0Y2huX3VwY2FsbF92ZWN0b3IoKSwK ICAgb3Igd2hpY2ggaGl0ICVjcjggZW11bGF0aW9uIHdpbGwgY2F1c2UgWGVu IHRvIGZhbGwgb3ZlciBhIE5VTEwgdmxhcGljLT5yZWdzCiAgIHBvaW50ZXIu CgogKiBPbiBJbnRlbCBoYXJkd2FyZSwgZGlzYWJsaW5nIHRoZSBUUFJfU0hB RE9XIGV4ZWN1dGlvbiBjb250cm9sIHdpdGhvdXQKICAgcmVlbmFibGluZyBD Ujhfe0xPQUQsU1RPUkV9IGludGVyY2VwdGlvbiBtZWFucyB0aGF0IHRoZSBn dWVzdHMgJWNyOAogICBhY2Nlc3NlcyBpbnRlcmFjdCB3aXRoIHRoZSByZWFs IFRQUi4gIEFtb25nc3Qgb3RoZXIgdGhpbmdzLCBzZXR0aW5nIHRoZQogICBy ZWFsIFRQUiB0byAweGYgYmxvY2tzIGV2ZW4gSVBJcyBmcm9tIGludGVycnVw dGluZyB0aGlzIENQVS4KCiAqIE9uIGhhcmR3YXJlIHdoaWNoIHNldHMgdXAg dGhlIHVzZSBvZiBJbnRlcnJ1cHQgUG9zdGluZywgaW5jbHVkaW5nCiAgIElP TU1VLVBvc3RpbmcsIGd1ZXN0cyBydW4gd2l0aG91dCB0aGUgYXBwcm9wcmlh dGUgbm9uLXJvb3QgY29uZmlndXJhdGlvbiwKICAgd2hpY2ggYXQgYSBtaW5p bXVtIHdpbGwgcmVzdWx0IGluIGRyb3BwZWQgaW50ZXJydXB0cy4KCldoZXRo ZXIgbm8tTEFQSUMgbW9kZSBpcyBvZiBhbnkgdXNlIGF0IGFsbCByZW1haW5z IHRvIGJlIHNlZW4uCgpUaGlzIGlzIFhTQS0yNTYuCgpSZXBvcnRlZC1ieTog SWFuIEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+ClJldmll d2VkLWJ5OiBSb2dlciBQYXUgTW9ubsOpIDxyb2dlci5wYXVAY2l0cml4LmNv bT4KU2lnbmVkLW9mZi1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3Bl cjNAY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1 bGljaEBzdXNlLmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvZG9t YWluLmMgYi94ZW4vYXJjaC94ODYvZG9tYWluLmMKaW5kZXggODgxNzI2My4u OTFiOWFiNyAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L2RvbWFpbi5jCisr KyBiL3hlbi9hcmNoL3g4Ni9kb21haW4uYwpAQCAtNTU3LDExICs1NTcsOSBA QCBpbnQgYXJjaF9kb21haW5fY3JlYXRlKHN0cnVjdCBkb21haW4gKmQsIHVu c2lnbmVkIGludCBkb21jcl9mbGFncywKICAgICAgICAgICAgIHJldHVybiAt RUlOVkFMOwogICAgICAgICB9CiAKLSAgICAgICAgLyogUFZIdjIgZ3Vlc3Rz IGNhbiByZXF1ZXN0IGVtdWxhdGVkIEFQSUMuICovCi0gICAgICAgIGlmICgg ZW1mbGFncyAmJgotICAgICAgICAgICAgKGlzX2h2bV9kb21haW4oZCkgPyAo KGVtZmxhZ3MgIT0gWEVOX1g4Nl9FTVVfQUxMKSAmJgotICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgKGVtZmxhZ3MgIT0gWEVOX1g4Nl9FTVVf TEFQSUMpKSA6Ci0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChl bWZsYWdzICE9IFhFTl9YODZfRU1VX1BJVCkpICkKKyAgICAgICAgaWYgKCBp c19odm1fZG9tYWluKGQpID8gKChlbWZsYWdzICE9IFhFTl9YODZfRU1VX0FM TCkgJiYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChlbWZs YWdzICE9IFhFTl9YODZfRU1VX0xBUElDKSkKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDogKGVtZmxhZ3MgJiYgZW1mbGFncyAhPSBYRU5fWDg2 X0VNVV9QSVQpICkKICAgICAgICAgewogICAgICAgICAgICAgcHJpbnRrKFhF TkxPR19HX0VSUiAiZCVkOiBYZW4gZG9lcyBub3QgYWxsb3cgJXMgZG9tYWlu IGNyZWF0aW9uICIKICAgICAgICAgICAgICAgICAgICAid2l0aCB0aGUgY3Vy cmVudCBzZWxlY3Rpb24gb2YgZW11bGF0b3JzOiAlI3hcbiIsCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 01 13:16:32 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 01 Mar 2018 13:16:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3W-0007tT-TE; Thu, 01 Mar 2018 13:15:30 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3V-0007sg-6t for xen-announce@lists.xen.org; Thu, 01 Mar 2018 13:15:29 +0000 X-Inumbo-ID: e1d5b4f0-1d52-11e8-b9b1-635ca7ef6cff Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id e1d5b4f0-1d52-11e8-b9b1-635ca7ef6cff; Thu, 01 Mar 2018 13:17:25 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3G-00077q-33; Thu, 01 Mar 2018 13:15:14 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1erO3G-0007Aw-0E; Thu, 01 Mar 2018 13:15:14 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 01 Mar 2018 13:15:14 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 252 (CVE-2018-7540) - DoS via non-preemptable L3/L4 pagetable freeing X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-7540 / XSA-252 version 3 DoS via non-preemptable L3/L4 pagetable freeing UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= Guests have the ability to request removal of memory from themselves. This operation is intended to be requested for normal read/write pages, but is also permitted to be used on other types of pages. So far this in particular included pages pinned to their current type, with the necessary unpinning happening implicitly. The unpinning of higher level page tables can, however, take a significant amount of time, and hence is generally expected to be carried out with intermediate preemption checks. Such checks were missing from the code path involved here. IMPACT ====== A malicious guest administrator can cause a Denial of Service (DoS). Specifically, prevent use of a physical CPU for a significant period of time. VULNERABLE SYSTEMS ================== All Xen versions are vulnerable. Only x86 systems are affected. ARM systems are not affected. Only PV guests can leverage this vulnerability. HVM guests cannot leverage this vulnerability. MITIGATION ========== Running only HVM guests will avoid this issue. CREDITS ======= This issue was discovered by Jann Horn of Google Project Zero. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa252.patch xen-unstable, Xen 4.10.0 xsa252-4.9.patch Xen 4.9.x, Xen 4.8.x xsa252-4.7.patch Xen 4.7.x xsa252-4.6.patch Xen 4.6.x, Xen 4.5.x $ sha256sum xsa252* 5bf651378b92520969cde49d11500bcaeffab15590d21c16736be408a85ab3fa xsa252.meta 53174dfd05eb274431dc756c9c3a39b355d485d6c9d12a8797b350bab343d22e xsa252.patch b7ba005fa62ace07f4880cc79824968c24ead3182245e4ed3a6e22cf8d2d7c05 xsa252-4.6.patch 14f37eb6b7a9fb19b258ca3c0e2da71dbc4240e6273137d5eb4003b122101aa6 xsa252-4.7.patch cb679f2145e76b1c754c4377b397d201007f50438ee18e451c4b0da3f510a293 xsa252-4.9.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJal/zQAAoJEIP+FMlX6CvZKAAH+gKqf6lQicFUpzEGqbVbXTg9 DYm8S6nKvn5/tgcquznswDZ2EpEMN4j8NaII4it2UQSZo7jOn7FOxiewdhAHcIAf vW2MHz9tkE+DXPOod4tDwhjonzLo1n0uqVuoUylq8atIrX2KxcSDJAbRp78lmUoY rxklw0uOlpno4hAJ4BaNY+fvjDyPBksApstJ6CZ/BUhaJeebYHbkCo92CTUvcThg xdA/M+w62plLCpwdnAJY5YV8NP32I5FNTe0sPnpszfk+gyDTLBMDHXdr+yegGayt ZvcH5c/NEeqeeF+MSd6ibnVfboQilDoPCnf9iL5ISOHtajkR2TK2vToi2hWQsi4= =Bn7r -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa252.meta" Content-Disposition: attachment; filename="xsa252.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNTIsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiLAog ICAgIjQuNyIsCiAgICAiNC42IiwKICAgICI0LjUiCiAgXSwKICAiVHJlZXMi OiBbCiAgICAieGVuIgogIF0sCiAgIlJlY2lwZXMiOiB7CiAgICAiNC4xMCI6 IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAg ICAgICJTdGFibGVSZWYiOiAiZmQwN2M2ZDBmMDA0Mjg2YzcwMDVlOGQ4ZjZm Y2UyNjE0MGRhMzc0NiIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAg ICAgICAgMjQ4LAogICAgICAgICAgICAyNDksCiAgICAgICAgICAgIDI1MCwK ICAgICAgICAgICAgMjUxCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNo ZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNTIucGF0Y2giCiAgICAgICAgICBd CiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAgIjQuNSI6IHsKICAgICAg IlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFi bGVSZWYiOiAiZWExNjIwZmVkODEwNGVjNDVhNmZjMGY1YWQ3ZWRjMzc5YWM1 ZjBkYSIsCiAgICAgICAgICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjQ4 LAogICAgICAgICAgICAyNDksCiAgICAgICAgICAgIDI1MCwKICAgICAgICAg ICAgMjUxCiAgICAgICAgICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAg ICAgICAgICAgICJ4c2EyNTItNC42LnBhdGNoIgogICAgICAgICAgXQogICAg ICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjYiOiB7CiAgICAgICJSZWNp cGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVm IjogIjQ3ZDNlNzM5ZTBhMWRhZjk0YjEwMmIwMjdmYTM0MjVjYmRmZjJlNjAi LAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDI0OCwKICAg ICAgICAgICAgMjQ5LAogICAgICAgICAgICAyNTAsCiAgICAgICAgICAgIDI1 MQogICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMjUyLTQuNi5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9 CiAgICAgIH0KICAgIH0sCiAgICAiNC43IjogewogICAgICAiUmVjaXBlcyI6 IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJi Mzk4MWVhOWU4OGJhOTZiYTU1YzFjZDQxZTcxMjM5MjRkMGY2OWZjIiwKICAg ICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNDgsCiAgICAgICAg ICAgIDI0OSwKICAgICAgICAgICAgMjUwLAogICAgICAgICAgICAyNTEKICAg ICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAg InhzYTI1Mi00LjcucGF0Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAg ICB9CiAgICB9LAogICAgIjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAg ICAgICAgInhlbiI6IHsKICAgICAgICAgICJTdGFibGVSZWYiOiAiZTU0YmM3 ZTk5YjdhNzAwNmZmNDBlZTFjMWQ3ZWVhMWYyMDdiODY3MSIsCiAgICAgICAg ICAiUHJlcmVxcyI6IFsKICAgICAgICAgICAgMjQ4LAogICAgICAgICAgICAy NDksCiAgICAgICAgICAgIDI1MCwKICAgICAgICAgICAgMjUxCiAgICAgICAg ICBdLAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2Ey NTItNC45LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQog ICAgfSwKICAgICI0LjkiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAg ICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjBhMGRjZGNkMjBl OTcxMWNiZmIwOGRiNWIyMWFmNTI5OWVlMWViOGIiLAogICAgICAgICAgIlBy ZXJlcXMiOiBbCiAgICAgICAgICAgIDI0OCwKICAgICAgICAgICAgMjQ5LAog ICAgICAgICAgICAyNTAsCiAgICAgICAgICAgIDI1MQogICAgICAgICAgXSwK ICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjUyLTQu OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0s CiAgICAibWFzdGVyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAi eGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICI0MzU1MDk3MjM5NWY5 YTNhNDhiYjQwODZhMGZhZjBmOGQ0NDJlMzdkIiwKICAgICAgICAgICJQcmVy ZXFzIjogWwogICAgICAgICAgICAyNDgsCiAgICAgICAgICAgIDI0OSwKICAg ICAgICAgICAgMjUwLAogICAgICAgICAgICAyNTEKICAgICAgICAgIF0sCiAg ICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1Mi5wYXRj aCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa252.patch" Content-Disposition: attachment; filename="xsa252.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBtZW1vcnk6IGRvbid0IGltcGxpY2l0bHkgdW5waW4gZm9yIGRlY3JlYXNl LXJlc2VydmF0aW9uCgpJdCB2ZXJ5IGxpa2VseSB3YXMgYSBtaXN0YWtlIChj b3B5LWFuZC1wYXN0ZSBmcm9tIGRvbWFpbiBjbGVhbnVwIGNvZGUpCnRvIGlt cGxpY2l0bHkgdW5waW4gaGVyZTogVGhlIGNhbGxlciBzaG91bGQgcmVhbGx5 IHVucGluIGl0c2VsZiBiZWZvcmUKKG9yIGFmdGVyLCBpZiB0aGV5IHNvIHdp c2gpIHJlcXVlc3RpbmcgdGhlIHBhZ2UgdG8gYmUgcmVtb3ZlZC4KClRoaXMg aXMgWFNBLTI1Mi4KClJlcG9ydGVkLWJ5OiBKYW5uIEhvcm4gPGphbm5oQGdv b2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29tbW9uL21lbW9y eS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTM1NywxMSArMzU3 LDYgQEAgaW50IGd1ZXN0X3JlbW92ZV9wYWdlKHN0cnVjdCBkb21haW4gKmQs CiAKICAgICByYyA9IGd1ZXN0X3BoeXNtYXBfcmVtb3ZlX3BhZ2UoZCwgX2dm bihnbWZuKSwgbWZuLCAwKTsKIAotI2lmZGVmIF9QR1RfcGlubmVkCi0gICAg aWYgKCAhcmMgJiYgdGVzdF9hbmRfY2xlYXJfYml0KF9QR1RfcGlubmVkLCAm cGFnZS0+dS5pbnVzZS50eXBlX2luZm8pICkKLSAgICAgICAgcHV0X3BhZ2Vf YW5kX3R5cGUocGFnZSk7Ci0jZW5kaWYKLQogICAgIC8qCiAgICAgICogV2l0 aCB0aGUgbGFjayBvZiBhbiBJT01NVSBvbiBzb21lIHBsYXRmb3JtcywgZG9t YWlucyB3aXRoIERNQS1jYXBhYmxlCiAgICAgICogZGV2aWNlIG11c3QgcmV0 cmlldmUgdGhlIHNhbWUgcGZuIHdoZW4gdGhlIGh5cGVyY2FsbCBwb3B1bGF0 ZV9waHlzbWFwCg== --=separator Content-Type: application/octet-stream; name="xsa252-4.6.patch" Content-Disposition: attachment; filename="xsa252-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBtZW1vcnk6IGRvbid0IGltcGxpY2l0bHkgdW5waW4gZm9yIGRlY3JlYXNl LXJlc2VydmF0aW9uCgpJdCB2ZXJ5IGxpa2VseSB3YXMgYSBtaXN0YWtlIChj b3B5LWFuZC1wYXN0ZSBmcm9tIGRvbWFpbiBjbGVhbnVwIGNvZGUpCnRvIGlt cGxpY2l0bHkgdW5waW4gaGVyZTogVGhlIGNhbGxlciBzaG91bGQgcmVhbGx5 IHVucGluIGl0c2VsZiBiZWZvcmUKKG9yIGFmdGVyLCBpZiB0aGV5IHNvIHdp c2gpIHJlcXVlc3RpbmcgdGhlIHBhZ2UgdG8gYmUgcmVtb3ZlZC4KClRoaXMg aXMgWFNBLTI1Mi4KClJlcG9ydGVkLWJ5OiBKYW5uIEhvcm4gPGphbm5oQGdv b2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29tbW9uL21lbW9y eS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTMxNiw5ICszMTYs NiBAQCBpbnQgZ3Vlc3RfcmVtb3ZlX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwK IAogICAgIHJjID0gZ3Vlc3RfcGh5c21hcF9yZW1vdmVfcGFnZShkLCBnbWZu LCBtZm4sIDApOwogCi0gICAgaWYgKCAhcmMgJiYgdGVzdF9hbmRfY2xlYXJf Yml0KF9QR1RfcGlubmVkLCAmcGFnZS0+dS5pbnVzZS50eXBlX2luZm8pICkK LSAgICAgICAgcHV0X3BhZ2VfYW5kX3R5cGUocGFnZSk7Ci0gICAgICAgICAg ICAKICAgICBpZiAoICFyYyAmJiB0ZXN0X2FuZF9jbGVhcl9iaXQoX1BHQ19h bGxvY2F0ZWQsICZwYWdlLT5jb3VudF9pbmZvKSApCiAgICAgICAgIHB1dF9w YWdlKHBhZ2UpOwogCg== --=separator Content-Type: application/octet-stream; name="xsa252-4.7.patch" Content-Disposition: attachment; filename="xsa252-4.7.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBtZW1vcnk6IGRvbid0IGltcGxpY2l0bHkgdW5waW4gZm9yIGRlY3JlYXNl LXJlc2VydmF0aW9uCgpJdCB2ZXJ5IGxpa2VseSB3YXMgYSBtaXN0YWtlIChj b3B5LWFuZC1wYXN0ZSBmcm9tIGRvbWFpbiBjbGVhbnVwIGNvZGUpCnRvIGlt cGxpY2l0bHkgdW5waW4gaGVyZTogVGhlIGNhbGxlciBzaG91bGQgcmVhbGx5 IHVucGluIGl0c2VsZiBiZWZvcmUKKG9yIGFmdGVyLCBpZiB0aGV5IHNvIHdp c2gpIHJlcXVlc3RpbmcgdGhlIHBhZ2UgdG8gYmUgcmVtb3ZlZC4KClRoaXMg aXMgWFNBLTI1Mi4KClJlcG9ydGVkLWJ5OiBKYW5uIEhvcm4gPGphbm5oQGdv b2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29tbW9uL21lbW9y eS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTMyMCw5ICszMjAs NiBAQCBpbnQgZ3Vlc3RfcmVtb3ZlX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwK IAogICAgIHJjID0gZ3Vlc3RfcGh5c21hcF9yZW1vdmVfcGFnZShkLCBnbWZu LCBtZm4sIDApOwogCi0gICAgaWYgKCAhcmMgJiYgdGVzdF9hbmRfY2xlYXJf Yml0KF9QR1RfcGlubmVkLCAmcGFnZS0+dS5pbnVzZS50eXBlX2luZm8pICkK LSAgICAgICAgcHV0X3BhZ2VfYW5kX3R5cGUocGFnZSk7Ci0KICAgICAvKgog ICAgICAqIFdpdGggdGhlIGxhY2sgb2YgYW4gSU9NTVUgb24gc29tZSBwbGF0 Zm9ybXMsIGRvbWFpbnMgd2l0aCBETUEtY2FwYWJsZQogICAgICAqIGRldmlj ZSBtdXN0IHJldHJpZXZlIHRoZSBzYW1lIHBmbiB3aGVuIHRoZSBoeXBlcmNh bGwgcG9wdWxhdGVfcGh5c21hcAo= --=separator Content-Type: application/octet-stream; name="xsa252-4.9.patch" Content-Disposition: attachment; filename="xsa252-4.9.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBtZW1vcnk6IGRvbid0IGltcGxpY2l0bHkgdW5waW4gZm9yIGRlY3JlYXNl LXJlc2VydmF0aW9uCgpJdCB2ZXJ5IGxpa2VseSB3YXMgYSBtaXN0YWtlIChj b3B5LWFuZC1wYXN0ZSBmcm9tIGRvbWFpbiBjbGVhbnVwIGNvZGUpCnRvIGlt cGxpY2l0bHkgdW5waW4gaGVyZTogVGhlIGNhbGxlciBzaG91bGQgcmVhbGx5 IHVucGluIGl0c2VsZiBiZWZvcmUKKG9yIGFmdGVyLCBpZiB0aGV5IHNvIHdp c2gpIHJlcXVlc3RpbmcgdGhlIHBhZ2UgdG8gYmUgcmVtb3ZlZC4KClRoaXMg aXMgWFNBLTI1Mi4KClJlcG9ydGVkLWJ5OiBKYW5uIEhvcm4gPGphbm5oQGdv b2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGlj aEBzdXNlLmNvbT4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJl dy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vY29tbW9uL21lbW9y eS5jCisrKyBiL3hlbi9jb21tb24vbWVtb3J5LmMKQEAgLTM0MSw5ICszNDEs NiBAQCBpbnQgZ3Vlc3RfcmVtb3ZlX3BhZ2Uoc3RydWN0IGRvbWFpbiAqZCwK IAogICAgIHJjID0gZ3Vlc3RfcGh5c21hcF9yZW1vdmVfcGFnZShkLCBfZ2Zu KGdtZm4pLCBtZm4sIDApOwogCi0gICAgaWYgKCAhcmMgJiYgdGVzdF9hbmRf Y2xlYXJfYml0KF9QR1RfcGlubmVkLCAmcGFnZS0+dS5pbnVzZS50eXBlX2lu Zm8pICkKLSAgICAgICAgcHV0X3BhZ2VfYW5kX3R5cGUocGFnZSk7Ci0KICAg ICAvKgogICAgICAqIFdpdGggdGhlIGxhY2sgb2YgYW4gSU9NTVUgb24gc29t ZSBwbGF0Zm9ybXMsIGRvbWFpbnMgd2l0aCBETUEtY2FwYWJsZQogICAgICAq IGRldmljZSBtdXN0IHJldHJpZXZlIHRoZSBzYW1lIHBmbiB3aGVuIHRoZSBo eXBlcmNhbGwgcG9wdWxhdGVfcGh5c21hcAo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 01 13:21:13 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 01 Mar 2018 13:21:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO8A-000123-Jn; Thu, 01 Mar 2018 13:20:18 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO89-000116-0I for xen-announce@lists.xen.org; Thu, 01 Mar 2018 13:20:17 +0000 X-Inumbo-ID: e3884450-1d52-11e8-b9b1-635ca7ef6cff Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id e3884450-1d52-11e8-b9b1-635ca7ef6cff; Thu, 01 Mar 2018 13:17:27 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1erO3J-000784-Fx; Thu, 01 Mar 2018 13:15:17 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.84_2) (envelope-from ) id 1erO3J-0007Cl-Ez; Thu, 01 Mar 2018 13:15:17 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Thu, 01 Mar 2018 13:15:17 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 255 (CVE-2018-7541) - grant table v2 -> v1 transition may crash Xen X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-7541 / XSA-255 version 4 grant table v2 -> v1 transition may crash Xen UPDATES IN VERSION 4 ==================== CVE assigned. ISSUE DESCRIPTION ================= Grant tables come in two flavors (versions), and domains are permitted to freely change between them (subject to certain constraints). For the guest to use the facility, both the "normal" shared pages (applicable to v1 and v2) and the "status" pages (applicable to v2 only) need to be mapped by the guest into its address space. When transitioning from v2 to v1, the status pages become unnecessary and are therefore freed by Xen. That means Xen needs to check that there are no mappings of those pages by the domain. However, that check was mistakenly implemented as a bug check, rather than returning an error to the guest. IMPACT ====== A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out for HVM, PVH (both x86), and ARM guests. The impact is more severe for Xen versions 4.0.x, 4.1.0 ... 4.1.3, and 4.2 in that the pages are freed without any checking, thus allowing their re-use for another domain, or by Xen itself, while there still are active mappings (see XSA-26). VULNERABLE SYSTEMS ================== Xen versions 4.0 and newer are vulnerable. Both x86 and ARM systems are vulnerable. MITIGATION ========== Using the "gnttab=max_ver:1" hypervisor command line option, where available, to disable use of v2 grant tables allows to avoid the vulnerability. Use of this option will, however, break any guests which require to make use of v2 functionality. The patch introducing this option was not merged so far, but is available (in its current form) at https://lists.xenproject.org/archives/html/xen-devel/2018-02/msg00059.html ("common/gnttab: Introduce command line feature controls"). There is no other known mitigation. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa255-?.patch xen-unstable, Xen 4.10.x xsa255-4.9-?.patch Xen 4.9.x, Xen 4.8.x xsa255-4.7-?.patch Xen 4.7.x xsa255-4.6-?.patch Xen 4.6.x $ sha256sum xsa255* 05a5570ecf4354f7aad35bb77a4c2f5f556bcabf3555829a98c94dcfb6dd4696 xsa255-1.patch df43a147f1e1a2b7d59588bc91cdaac05d4e45bcfc4e2c8cb5e8de840d44b43d xsa255-2.patch be62d81583df10a6be275427d5cfa02084c8717473b3694cd2a9bbdc10cbadcb xsa255-4.6-1.patch 3dd58114c5ce68fd8dd43f8f92eaafdcec1fd9add37eb41faed1cf818058539a xsa255-4.6-2.patch 9bfc4a33a0faeb36aec8449ea940cef52d523cc3d13529b4eeaae64bf5a7b644 xsa255-4.7-1.patch 6d95ceb54298de7863dc7133c0f3adf85f7da9b8d326146ff46e641194a47fc0 xsa255-4.7-2.patch 0b4706f0d2d21d4f6414ae9c0205e553bfb792c23d44e129b3a0f90be557d13f xsa255-4.9-1.patch 9c6b2d2183ffa484182ca75e1a048d0713c4d150e750ccf58be5a24991a3e1de xsa255-4.9-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However, deployment of the mitigation is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because this produces a guest-visible change which will indicate which component contains the vulnerability. Additionally, distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJal/zSAAoJEIP+FMlX6CvZT6EH/1V/ZKiEzRRz7zdQtP29RKFJ vlqhVO76d1jerdS19crtthQIP9y0hXBBZqLOcbkzH1JrSA9Zt6GrsvOBB/YTczzr 8pEBEapnlUbTr6zk0V6+maXtmIzmmMhUjy6qvdZIE3qs9gxS2ZQkAAFRJNP/mPNY 3saNnh1h66ojWmGZYq6Corb3bNbOEX51uKNsUP8f5jbPSNPV6iwgQ5ogM3HsI+LV vibg2VVnlDlHP5Wf2Bzz7KQOUR+FH+4fyJoUJIK7nwWQikBp5Px7uvGBiNcwwUG6 fpEKB1QnrW1FVl9CkrqzcFJs2ChjFW9mORTflth5Ai7g86ZyEtVdhfJNav4mLmk= =+53n -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa255-1.patch" Content-Disposition: attachment; filename="xsa255-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWIvQVJNOiBkb24ndCBjb3JydXB0IHNoYXJlZCBHRk4gYXJyYXkK Ci4uLiBieSB3cml0aW5nIHN0YXR1cyBHRk5zIHRvIGl0LiBJbnRyb2R1Y2Ug YSBzZWNvbmQgYXJyYXkgaW5zdGVhZC4KQWxzbyBpbXBsZW1lbnQgZ250dGFi X3N0YXR1c19nbWZuKCkgcHJvcGVybHkgbm93IHRoYXQgdGhlIGluZm9ybWF0 aW9uIGlzCnN1aXRhYmx5IGJlaW5nIHRyYWNrZWQuCgpXaGlsZSB0b3VjaGlu ZyBpdCBhbnl3YXksIHJlbW92ZSBhIG1pc2d1aWRlZCAoYnV0IGx1Y2tpbHkg YmVuaWduKSB1cHBlcgpib3VuZCBjaGVjayBmcm9tIGdudHRhYl9zaGFyZWRf Z21mbigpOiBXZSBzaG91bGQgbmV2ZXIgYWNjZXNzIGJleW9uZCB0aGUKYm91 bmRzIG9mIHRoYXQgYXJyYXkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KUmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxp bmlAa2VybmVsLm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFu ZHJldy5jb29wZXIzQGNpdHJpeC5jb20+Ci0tLQp2MzogRG9uJ3QgaW5pdCB0 aGUgQVJNIEdGTiBhcnJheXMgdG8gemVybyBhbnltb3JlLCB1c2UgSU5WQUxJ RF9HRk4uCnYyOiBOZXcuCgotLS0gYS94ZW4vY29tbW9uL2dyYW50X3RhYmxl LmMKKysrIGIveGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCkBAIC0zNzc1LDYg KzM3NzUsNyBAQCBpbnQgZ250dGFiX21hcF9mcmFtZShzdHJ1Y3QgZG9tYWlu ICpkLCB1CiB7CiAgICAgaW50IHJjID0gMDsKICAgICBzdHJ1Y3QgZ3JhbnRf dGFibGUgKmd0ID0gZC0+Z3JhbnRfdGFibGU7CisgICAgYm9vbCBzdGF0dXMg PSBmYWxzZTsKIAogICAgIGdyYW50X3dyaXRlX2xvY2soZ3QpOwogCkBAIC0z Nzg1LDYgKzM3ODYsNyBAQCBpbnQgZ250dGFiX21hcF9mcmFtZShzdHJ1Y3Qg ZG9tYWluICpkLCB1CiAgICAgICAgICAoaWR4ICYgWEVOTUFQSURYX2dyYW50 X3RhYmxlX3N0YXR1cykgKQogICAgIHsKICAgICAgICAgaWR4ICY9IH5YRU5N QVBJRFhfZ3JhbnRfdGFibGVfc3RhdHVzOworICAgICAgICBzdGF0dXMgPSB0 cnVlOwogICAgICAgICBpZiAoIGlkeCA8IG5yX3N0YXR1c19mcmFtZXMoZ3Qp ICkKICAgICAgICAgICAgICptZm4gPSBfbWZuKHZpcnRfdG9fbWZuKGd0LT5z dGF0dXNbaWR4XSkpOwogICAgICAgICBlbHNlCkBAIC0zODAyLDcgKzM4MDQs NyBAQCBpbnQgZ250dGFiX21hcF9mcmFtZShzdHJ1Y3QgZG9tYWluICpkLCB1 CiAgICAgfQogCiAgICAgaWYgKCAhcmMgKQotICAgICAgICBnbnR0YWJfc2V0 X2ZyYW1lX2dmbihndCwgaWR4LCBnZm4pOworICAgICAgICBnbnR0YWJfc2V0 X2ZyYW1lX2dmbihndCwgc3RhdHVzLCBpZHgsIGdmbik7CiAKICAgICBncmFu dF93cml0ZV91bmxvY2soZ3QpOwogCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS1h cm0vZ3JhbnRfdGFibGUuaAorKysgYi94ZW4vaW5jbHVkZS9hc20tYXJtL2dy YW50X3RhYmxlLmgKQEAgLTksNyArOSw4IEBACiAjZGVmaW5lIElOSVRJQUxf TlJfR1JBTlRfRlJBTUVTIDFVCiAKIHN0cnVjdCBncmFudF90YWJsZV9hcmNo IHsKLSAgICBnZm5fdCAqZ2ZuOworICAgIGdmbl90ICpzaGFyZWRfZ2ZuOwor ICAgIGdmbl90ICpzdGF0dXNfZ2ZuOwogfTsKIAogdm9pZCBnbnR0YWJfY2xl YXJfZmxhZyh1bnNpZ25lZCBsb25nIG5yLCB1aW50MTZfdCAqYWRkcik7CkBA IC0yMSw3ICsyMiw2IEBAIGludCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGlu Zyh1bnNpZ25lZAogICAgICAgICB1bnNpZ25lZCBsb25nIG5ld19ncGFkZHIs IHVuc2lnbmVkIGludCBmbGFncyk7CiB2b2lkIGdudHRhYl9tYXJrX2RpcnR5 KHN0cnVjdCBkb21haW4gKmQsIHVuc2lnbmVkIGxvbmcgbCk7CiAjZGVmaW5l IGdudHRhYl9jcmVhdGVfc3RhdHVzX3BhZ2UoZCwgdCwgaSkgZG8ge30gd2hp bGUgKDApCi0jZGVmaW5lIGdudHRhYl9zdGF0dXNfZ21mbihkLCB0LCBpKSAo MCkKICNkZWZpbmUgZ250dGFiX3JlbGVhc2VfaG9zdF9tYXBwaW5ncyhkb21h aW4pIDEKIHN0YXRpYyBpbmxpbmUgaW50IHJlcGxhY2VfZ3JhbnRfc3VwcG9y dGVkKHZvaWQpCiB7CkBAIC00MiwxOSArNDIsMzUgQEAgc3RhdGljIGlubGlu ZSB1bnNpZ25lZCBpbnQgZ250dGFiX2RvbTBfbQogCiAjZGVmaW5lIGdudHRh Yl9pbml0X2FyY2goZ3QpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgXAogKHsgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKLSAgICAoZ3QpLT5hcmNoLmdmbiA9IHh6YWxsb2NfYXJyYXkoZ2ZuX3Qs IChndCktPm1heF9ncmFudF9mcmFtZXMpOyAgICAgICBcCi0gICAgKCAoZ3Qp LT5hcmNoLmdmbiA/IDAgOiAtRU5PTUVNICk7ICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgXAorICAgIHVuc2lnbmVkIGludCBuZ2ZfID0g KGd0KS0+bWF4X2dyYW50X2ZyYW1lczsgICAgICAgICAgICAgICAgICAgICAg ICAgIFwKKyAgICB1bnNpZ25lZCBpbnQgbnNmXyA9IGdyYW50X3RvX3N0YXR1 c19mcmFtZXMobmdmXyk7ICAgICAgICAgICAgICAgICAgICBcCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgXAorICAgIChndCktPmFyY2guc2hhcmVk X2dmbiA9IHhtYWxsb2NfYXJyYXkoZ2ZuX3QsIG5nZl8pOyAgICAgICAgICAg ICAgICAgIFwKKyAgICAoZ3QpLT5hcmNoLnN0YXR1c19nZm4gPSB4bWFsbG9j X2FycmF5KGdmbl90LCBuc2ZfKTsgICAgICAgICAgICAgICAgICBcCisgICAg aWYgKCAoZ3QpLT5hcmNoLnNoYXJlZF9nZm4gJiYgKGd0KS0+YXJjaC5zdGF0 dXNfZ2ZuICkgICAgICAgICAgICAgICAgXAorICAgIHsgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIFwKKyAgICAgICAgd2hpbGUgKCBuZ2ZfLS0gKSAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCisg ICAgICAgICAgICAoZ3QpLT5hcmNoLnNoYXJlZF9nZm5bbmdmX10gPSBJTlZB TElEX0dGTjsgICAgICAgICAgICAgICAgICAgXAorICAgICAgICB3aGlsZSAo IG5zZl8tLSApICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIFwKKyAgICAgICAgICAgIChndCktPmFyY2guc3RhdHVz X2dmbltuc2ZfXSA9IElOVkFMSURfR0ZOOyAgICAgICAgICAgICAgICAgICBc CisgICAgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAorICAgIGVsc2UgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIFwKKyAgICAgICAgZ250dGFiX2Rlc3Ryb3lfYXJj aChndCk7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBcCisgICAgKGd0KS0+YXJjaC5zaGFyZWRfZ2ZuID8gMCA6IC1FTk9NRU07 ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogfSkKIAogI2Rl ZmluZSBnbnR0YWJfZGVzdHJveV9hcmNoKGd0KSAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICBkbyB7ICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBcCi0gICAgICAgIHhmcmVlKChndCktPmFyY2guZ2ZuKTsg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAot ICAgICAgICAoZ3QpLT5hcmNoLmdmbiA9IE5VTEw7ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAgICAgICAgeGZyZWUo KGd0KS0+YXJjaC5zaGFyZWRfZ2ZuKTsgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcCisgICAgICAgIChndCktPmFyY2guc2hhcmVkX2dm biA9IE5VTEw7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg XAorICAgICAgICB4ZnJlZSgoZ3QpLT5hcmNoLnN0YXR1c19nZm4pOyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAgICAgICAgKGd0 KS0+YXJjaC5zdGF0dXNfZ2ZuID0gTlVMTDsgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBcCiAgICAgfSB3aGlsZSAoIDAgKQogCi0jZGVm aW5lIGdudHRhYl9zZXRfZnJhbWVfZ2ZuKGd0LCBpZHgsIGdmbikgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgXAorI2RlZmluZSBnbnR0YWJfc2V0 X2ZyYW1lX2dmbihndCwgc3QsIGlkeCwgZ2ZuKSAgICAgICAgICAgICAgICAg ICAgICAgICAgIFwKICAgICBkbyB7ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCi0g ICAgICAgIChndCktPmFyY2guZ2ZuW2lkeF0gPSBnZm47ICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgXAorICAgICAgICAoKHN0KSA/ IChndCktPmFyY2guc3RhdHVzX2dmbiA6IChndCktPmFyY2guc2hhcmVkX2dm bilbaWR4XSA9ICAgIFwKKyAgICAgICAgICAgIChnZm4pOyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgfSB3aGlsZSAoIDAgKQogCiAjZGVmaW5lIGdudHRhYl9jcmVhdGVf c2hhcmVkX3BhZ2UoZCwgdCwgaSkgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgXApAQCAtNjUsOCArODEsMTAgQEAgc3RhdGljIGlubGluZSB1bnNp Z25lZCBpbnQgZ250dGFiX2RvbTBfbQogICAgIH0gd2hpbGUgKCAwICkKIAog I2RlZmluZSBnbnR0YWJfc2hhcmVkX2dtZm4oZCwgdCwgaSkgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKLSAgICAoICgoaSA+PSBu cl9ncmFudF9mcmFtZXModCkpICYmICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcCi0gICAgICAgKGkgPCAodCktPm1heF9ncmFudF9m cmFtZXMpKT8gMCA6IGdmbl94KCh0KS0+YXJjaC5nZm5baV0pKQorICAgIGdm bl94KCgoaSkgPj0gbnJfZ3JhbnRfZnJhbWVzKHQpKSA/IElOVkFMSURfR0ZO IDogKHQpLT5hcmNoLnNoYXJlZF9nZm5baV0pCisKKyNkZWZpbmUgZ250dGFi X3N0YXR1c19nbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcCisgICAgZ2ZuX3goKChpKSA+PSBucl9zdGF0dXNf ZnJhbWVzKHQpKSA/IElOVkFMSURfR0ZOIDogKHQpLT5hcmNoLnN0YXR1c19n Zm5baV0pCiAKICNkZWZpbmUgZ250dGFiX25lZWRfaW9tbXVfbWFwcGluZyhk KSAgICAgICAgICAgICAgICAgICAgXAogICAgIChpc19kb21haW5fZGlyZWN0 X21hcHBlZChkKSAmJiBuZWVkX2lvbW11KGQpKQotLS0gYS94ZW4vaW5jbHVk ZS9hc20teDg2L2dyYW50X3RhYmxlLmgKKysrIGIveGVuL2luY2x1ZGUvYXNt LXg4Ni9ncmFudF90YWJsZS5oCkBAIC00Niw3ICs0Niw3IEBAIHN0YXRpYyBp bmxpbmUgdW5zaWduZWQgaW50IGdudHRhYl9kb20wX20KIAogI2RlZmluZSBn bnR0YWJfaW5pdF9hcmNoKGd0KSAwCiAjZGVmaW5lIGdudHRhYl9kZXN0cm95 X2FyY2goZ3QpIGRvIHt9IHdoaWxlICggMCApCi0jZGVmaW5lIGdudHRhYl9z ZXRfZnJhbWVfZ2ZuKGd0LCBpZHgsIGdmbikgZG8ge30gd2hpbGUgKCAwICkK KyNkZWZpbmUgZ250dGFiX3NldF9mcmFtZV9nZm4oZ3QsIHN0LCBpZHgsIGdm bikgZG8ge30gd2hpbGUgKCAwICkKIAogI2RlZmluZSBnbnR0YWJfY3JlYXRl X3NoYXJlZF9wYWdlKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFwKICAgICBkbyB7ICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCg== --=separator Content-Type: application/octet-stream; name="xsa255-2.patch" Content-Disposition: attachment; filename="xsa255-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IGJsaW5kbHkgZnJlZSBzdGF0dXMgcGFnZXMgdXBv biB2ZXJzaW9uIGNoYW5nZQoKVGhlcmUgbWF5IHN0aWxsIGJlIGFjdGl2ZSBt YXBwaW5ncywgd2hpY2ggd291bGQgdHJpZ2dlciB0aGUgcmVzcGVjdGl2ZQpC VUdfT04oKS4gU3BsaXQgdGhlIGxvb3AgaW50byBvbmUgZGVhbGluZyB3aXRo IHRoZSBwYWdlIGF0dHJpYnV0ZXMgYW5kCnRoZSBzZWNvbmQgKHdoZW4gdGhl IGZpcnN0IGZ1bGx5IHBhc3NlZCkgZnJlZWluZyB0aGUgcGFnZXMuIFJldHVy biBhbgplcnJvciBpZiBhbnkgcGFnZXMgc3RpbGwgaGF2ZSBwZW5kaW5nIHJl ZmVyZW5jZXMuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxpbmlAa2VybmVs Lm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+Ci0tLQp2NDogQWRkIGdwcmludGsoWEVOTE9HX0VS UiwgLi4uKSB0byBkb21haW5fY3Jhc2goKSBpbnZvY2F0aW9ucy4KdjM6IENh bGwgZ3Vlc3RfcGh5c21hcF9yZW1vdmVfcGFnZSgpIGZyb20gZ250dGFiX21h cF9mcmFtZSgpLCBtYWtpbmcgdGhlCiAgICBjb2RlIHVuY29uZGl0aW9uYWwg YXQgdGhlIHNhbWUgdGltZS4gUmUtYmFzZSBvdmVyIGNoYW5nZXMgdG8gZmly c3QKICAgIHBhdGNoLgp2MjogQWxzbyBkZWFsIHdpdGggdHJhbnNsYXRlZCBn dWVzdHMuCgotLS0gYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIv eGVuL2NvbW1vbi9ncmFudF90YWJsZS5jCkBAIC0xNjM2LDIzICsxNjM2LDc0 IEBAIHN0YXR1c19hbGxvY19mYWlsZWQ6CiAgICAgcmV0dXJuIC1FTk9NRU07 CiB9CiAKLXN0YXRpYyB2b2lkCitzdGF0aWMgaW50CiBnbnR0YWJfdW5wb3B1 bGF0ZV9zdGF0dXNfZnJhbWVzKHN0cnVjdCBkb21haW4gKmQsIHN0cnVjdCBn cmFudF90YWJsZSAqZ3QpCiB7Ci0gICAgaW50IGk7CisgICAgdW5zaWduZWQg aW50IGk7CiAKICAgICBmb3IgKCBpID0gMDsgaSA8IG5yX3N0YXR1c19mcmFt ZXMoZ3QpOyBpKysgKQogICAgIHsKICAgICAgICAgc3RydWN0IHBhZ2VfaW5m byAqcGcgPSB2aXJ0X3RvX3BhZ2UoZ3QtPnN0YXR1c1tpXSk7CisgICAgICAg IGdmbl90IGdmbiA9IGdudHRhYl9nZXRfZnJhbWVfZ2ZuKGd0LCB0cnVlLCBp KTsKKworICAgICAgICAvKgorICAgICAgICAgKiBGb3IgdHJhbnNsYXRlZCBk b21haW5zLCByZWNvdmVyaW5nIGZyb20gZmFpbHVyZSBhZnRlciBwYXJ0aWFs CisgICAgICAgICAqIGNoYW5nZXMgd2VyZSBtYWRlIGlzIG1vcmUgY29tcGxp Y2F0ZWQgdGhhbiBpdCBzZWVtcyB3b3J0aAorICAgICAgICAgKiBpbXBsZW1l bnRpbmcgYXQgdGhpcyB0aW1lLiBIZW5jZSByZXNwZWN0aXZlIGVycm9yIHBh dGhzIGJlbG93CisgICAgICAgICAqIGNyYXNoIHRoZSBkb21haW4gaW4gc3Vj aCBhIGNhc2UuCisgICAgICAgICAqLworICAgICAgICBpZiAoIHBhZ2luZ19t b2RlX3RyYW5zbGF0ZShkKSApCisgICAgICAgIHsKKyAgICAgICAgICAgIGlu dCByYyA9IGdmbl9lcShnZm4sIElOVkFMSURfR0ZOKQorICAgICAgICAgICAg ICAgICAgICAgPyAwCisgICAgICAgICAgICAgICAgICAgICA6IGd1ZXN0X3Bo eXNtYXBfcmVtb3ZlX3BhZ2UoZCwgZ2ZuLAorICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIF9tZm4ocGFnZV90b19t Zm4ocGcpKSwgMCk7CisKKyAgICAgICAgICAgIGlmICggcmMgKQorICAgICAg ICAgICAgeworICAgICAgICAgICAgICAgIGdwcmludGsoWEVOTE9HX0VSUiwK KyAgICAgICAgICAgICAgICAgICAgICAgICJDb3VsZCBub3QgcmVtb3ZlIHN0 YXR1cyBmcmFtZSAldSAoR0ZOICUjbHgpIGZyb20gUDJNXG4iLAorICAgICAg ICAgICAgICAgICAgICAgICAgaSwgZ2ZuX3goZ2ZuKSk7CisgICAgICAgICAg ICAgICAgZG9tYWluX2NyYXNoKGQpOworICAgICAgICAgICAgICAgIHJldHVy biByYzsKKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIGdudHRhYl9zZXRf ZnJhbWVfZ2ZuKGd0LCB0cnVlLCBpLCBJTlZBTElEX0dGTik7CisgICAgICAg IH0KIAogICAgICAgICBCVUdfT04ocGFnZV9nZXRfb3duZXIocGcpICE9IGQp OwogICAgICAgICBpZiAoIHRlc3RfYW5kX2NsZWFyX2JpdChfUEdDX2FsbG9j YXRlZCwgJnBnLT5jb3VudF9pbmZvKSApCiAgICAgICAgICAgICBwdXRfcGFn ZShwZyk7Ci0gICAgICAgIEJVR19PTihwZy0+Y291bnRfaW5mbyAmIH5QR0Nf eGVuX2hlYXApOworCisgICAgICAgIGlmICggcGctPmNvdW50X2luZm8gJiB+ UEdDX3hlbl9oZWFwICkKKyAgICAgICAgeworICAgICAgICAgICAgaWYgKCBw YWdpbmdfbW9kZV90cmFuc2xhdGUoZCkgKQorICAgICAgICAgICAgeworICAg ICAgICAgICAgICAgIGdwcmludGsoWEVOTE9HX0VSUiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICJXcm9uZyBwYWdlIHN0YXRlICUjbHggb2Ygc3RhdHVz IGZyYW1lICV1IChHRk4gJSNseClcbiIsCisgICAgICAgICAgICAgICAgICAg ICAgICBwZy0+Y291bnRfaW5mbywgaSwgZ2ZuX3goZ2ZuKSk7CisgICAgICAg ICAgICAgICAgZG9tYWluX2NyYXNoKGQpOworICAgICAgICAgICAgfQorICAg ICAgICAgICAgZWxzZQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAg IGlmICggZ2V0X3BhZ2UocGcsIGQpICkKKyAgICAgICAgICAgICAgICAgICAg c2V0X2JpdChfUEdDX2FsbG9jYXRlZCwgJnBnLT5jb3VudF9pbmZvKTsKKyAg ICAgICAgICAgICAgICB3aGlsZSAoIGktLSApCisgICAgICAgICAgICAgICAg ICAgIGdudHRhYl9jcmVhdGVfc3RhdHVzX3BhZ2UoZCwgZ3QsIGkpOworICAg ICAgICAgICAgfQorICAgICAgICAgICAgcmV0dXJuIC1FQlVTWTsKKyAgICAg ICAgfQorCisgICAgICAgIHBhZ2Vfc2V0X293bmVyKHBnLCBOVUxMKTsKKyAg ICB9CisKKyAgICBmb3IgKCBpID0gMDsgaSA8IG5yX3N0YXR1c19mcmFtZXMo Z3QpOyBpKysgKQorICAgIHsKICAgICAgICAgZnJlZV94ZW5oZWFwX3BhZ2Uo Z3QtPnN0YXR1c1tpXSk7CiAgICAgICAgIGd0LT5zdGF0dXNbaV0gPSBOVUxM OwogICAgIH0KICAgICBndC0+bnJfc3RhdHVzX2ZyYW1lcyA9IDA7CisKKyAg ICByZXR1cm4gMDsKIH0KIAogLyoKQEAgLTI5NjIsOCArMzAxMyw5IEBAIGdu dHRhYl9zZXRfdmVyc2lvbihYRU5fR1VFU1RfSEFORExFX1BBUkEKICAgICAg ICAgYnJlYWs7CiAgICAgfQogCi0gICAgaWYgKCBvcC52ZXJzaW9uIDwgMiAm JiBndC0+Z3RfdmVyc2lvbiA9PSAyICkKLSAgICAgICAgZ250dGFiX3VucG9w dWxhdGVfc3RhdHVzX2ZyYW1lcyhjdXJyZCwgZ3QpOworICAgIGlmICggb3Au dmVyc2lvbiA8IDIgJiYgZ3QtPmd0X3ZlcnNpb24gPT0gMiAmJgorICAgICAg ICAgKHJlcyA9IGdudHRhYl91bnBvcHVsYXRlX3N0YXR1c19mcmFtZXMoY3Vy cmQsIGd0KSkgIT0gMCApCisgICAgICAgIGdvdG8gb3V0X3VubG9jazsKIAog ICAgIC8qIE1ha2Ugc3VyZSB0aGVyZSdzIG5vIGNydWQgbGVmdCBvdmVyIGZy b20gdGhlIG9sZCB2ZXJzaW9uLiAqLwogICAgIGZvciAoIGkgPSAwOyBpIDwg bnJfZ3JhbnRfZnJhbWVzKGd0KTsgaSsrICkKQEAgLTM4MDMsNiArMzg1NSwx MSBAQCBpbnQgZ250dGFiX21hcF9mcmFtZShzdHJ1Y3QgZG9tYWluICpkLCB1 CiAgICAgICAgICAgICByYyA9IC1FSU5WQUw7CiAgICAgfQogCisgICAgaWYg KCAhcmMgJiYgcGFnaW5nX21vZGVfdHJhbnNsYXRlKGQpICYmCisgICAgICAg ICAhZ2ZuX2VxKGdudHRhYl9nZXRfZnJhbWVfZ2ZuKGd0LCBzdGF0dXMsIGlk eCksIElOVkFMSURfR0ZOKSApCisgICAgICAgIHJjID0gZ3Vlc3RfcGh5c21h cF9yZW1vdmVfcGFnZShkLCBnbnR0YWJfZ2V0X2ZyYW1lX2dmbihndCwgc3Rh dHVzLCBpZHgpLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgKm1mbiwgMCk7CisKICAgICBpZiAoICFyYyApCiAgICAgICAgIGdu dHRhYl9zZXRfZnJhbWVfZ2ZuKGd0LCBzdGF0dXMsIGlkeCwgZ2ZuKTsKIAot LS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2dyYW50X3RhYmxlLmgKKysrIGIv eGVuL2luY2x1ZGUvYXNtLWFybS9ncmFudF90YWJsZS5oCkBAIC03Myw2ICs3 MywxMSBAQCBzdGF0aWMgaW5saW5lIHVuc2lnbmVkIGludCBnbnR0YWJfZG9t MF9tCiAgICAgICAgICAgICAoZ2ZuKTsgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgIH0gd2hp bGUgKCAwICkKIAorI2RlZmluZSBnbnR0YWJfZ2V0X2ZyYW1lX2dmbihndCwg c3QsIGlkeCkgKHsgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAg IF9nZm4oKHN0KSA/IGdudHRhYl9zdGF0dXNfZ21mbihOVUxMLCBndCwgaWR4 KSAgICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgICAgICAgICAgOiBn bnR0YWJfc2hhcmVkX2dtZm4oTlVMTCwgZ3QsIGlkeCkpOyAgICAgICAgICAg ICAgICAgICAgICAgXAorfSkKKwogI2RlZmluZSBnbnR0YWJfY3JlYXRlX3No YXJlZF9wYWdlKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIFwKICAgICBkbyB7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgICAg IHNoYXJlX3hlbl9wYWdlX3dpdGhfZ3Vlc3QoICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgXAotLS0gYS94ZW4vaW5jbHVkZS9hc20t eDg2L2dyYW50X3RhYmxlLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9n cmFudF90YWJsZS5oCkBAIC00Nyw2ICs0NywxMiBAQCBzdGF0aWMgaW5saW5l IHVuc2lnbmVkIGludCBnbnR0YWJfZG9tMF9tCiAjZGVmaW5lIGdudHRhYl9p bml0X2FyY2goZ3QpIDAKICNkZWZpbmUgZ250dGFiX2Rlc3Ryb3lfYXJjaChn dCkgZG8ge30gd2hpbGUgKCAwICkKICNkZWZpbmUgZ250dGFiX3NldF9mcmFt ZV9nZm4oZ3QsIHN0LCBpZHgsIGdmbikgZG8ge30gd2hpbGUgKCAwICkKKyNk ZWZpbmUgZ250dGFiX2dldF9mcmFtZV9nZm4oZ3QsIHN0LCBpZHgpICh7ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgdW5zaWduZWQgbG9u ZyBtZm5fID0gKHN0KSA/IGdudHRhYl9zdGF0dXNfbWZuKGd0LCBpZHgpICAg ICAgICAgICAgICAgXAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg OiBnbnR0YWJfc2hhcmVkX21mbihndCwgaWR4KTsgICAgICAgICAgICAgIFwK KyAgICB1bnNpZ25lZCBsb25nIGdwZm5fID0gZ2V0X2dwZm5fZnJvbV9tZm4o bWZuXyk7ICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgVkFMSURfTTJQ KGdwZm5fKSA/IF9nZm4oZ3Bmbl8pIDogSU5WQUxJRF9HRk47ICAgICAgICAg ICAgICAgICAgICAgICAgXAorfSkKIAogI2RlZmluZSBnbnR0YWJfY3JlYXRl X3NoYXJlZF9wYWdlKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFwKICAgICBkbyB7ICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCkBAIC02 MywxMSArNjksMTEgQEAgc3RhdGljIGlubGluZSB1bnNpZ25lZCBpbnQgZ250 dGFiX2RvbTBfbQogICAgIH0gd2hpbGUgKCAwICkKIAogCi0jZGVmaW5lIGdu dHRhYl9zaGFyZWRfbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAg IFwKKyNkZWZpbmUgZ250dGFiX3NoYXJlZF9tZm4odCwgaSkgICAgICAgICAg ICAgICAgICAgICAgICAgXAogICAgICgodmlydF90b19tYWRkcigodCktPnNo YXJlZF9yYXdbaV0pID4+IFBBR0VfU0hJRlQpKQogCiAjZGVmaW5lIGdudHRh Yl9zaGFyZWRfZ21mbihkLCB0LCBpKSAgICAgICAgICAgICAgICAgICAgIFwK LSAgICAobWZuX3RvX2dtZm4oZCwgZ250dGFiX3NoYXJlZF9tZm4oZCwgdCwg aSkpKQorICAgIChtZm5fdG9fZ21mbihkLCBnbnR0YWJfc2hhcmVkX21mbih0 LCBpKSkpCiAKIAogI2RlZmluZSBnbnR0YWJfc3RhdHVzX21mbih0LCBpKSAg ICAgICAgICAgICAgICAgICAgICAgICBcCg== --=separator Content-Type: application/octet-stream; name="xsa255-4.6-1.patch" Content-Disposition: attachment; filename="xsa255-4.6-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWIvQVJNOiBkb24ndCBjb3JydXB0IHNoYXJlZCBHRk4gYXJyYXkK Ci4uLiBieSB3cml0aW5nIHN0YXR1cyBHRk5zIHRvIGl0LiBJbnRyb2R1Y2Ug YSBzZWNvbmQgYXJyYXkgaW5zdGVhZC4KQWxzbyBpbXBsZW1lbnQgZ250dGFi X3N0YXR1c19nbWZuKCkgcHJvcGVybHkgbm93IHRoYXQgdGhlIGluZm9ybWF0 aW9uIGlzCnN1aXRhYmx5IGJlaW5nIHRyYWNrZWQuCgpXaGlsZSB0b3VjaGlu ZyBpdCBhbnl3YXksIHJlbW92ZSBhIG1pc2d1aWRlZCAoYnV0IGx1Y2tpbHkg YmVuaWduKSB1cHBlcgpib3VuZCBjaGVjayBmcm9tIGdudHRhYl9zaGFyZWRf Z21mbigpOiBXZSBzaG91bGQgbmV2ZXIgYWNjZXNzIGJleW9uZCB0aGUKYm91 bmRzIG9mIHRoYXQgYXJyYXkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KUmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxp bmlAa2VybmVsLm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFu ZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0v ZG9tYWluLmMKKysrIGIveGVuL2FyY2gvYXJtL2RvbWFpbi5jCkBAIC00Mjgs MTkgKzQyOCwzNyBAQCB2b2lkIHN0YXJ0dXBfY3B1X2lkbGVfbG9vcCh2b2lk KQogc3RydWN0IGRvbWFpbiAqYWxsb2NfZG9tYWluX3N0cnVjdCh2b2lkKQog ewogICAgIHN0cnVjdCBkb21haW4gKmQ7CisgICAgdW5zaWduZWQgaW50IGks IG1heF9zdGF0dXNfZnJhbWVzOworCiAgICAgQlVJTERfQlVHX09OKHNpemVv ZigqZCkgPiBQQUdFX1NJWkUpOwogICAgIGQgPSBhbGxvY194ZW5oZWFwX3Bh Z2VzKDAsIDApOwogICAgIGlmICggZCA9PSBOVUxMICkKICAgICAgICAgcmV0 dXJuIE5VTEw7CiAKICAgICBjbGVhcl9wYWdlKGQpOwotICAgIGQtPmFyY2gu Z3JhbnRfdGFibGVfZ3BmbiA9IHh6YWxsb2NfYXJyYXkoeGVuX3Bmbl90LCBt YXhfZ3JhbnRfZnJhbWVzKTsKKworICAgIGQtPmFyY2guZ3JhbnRfc2hhcmVk X2dmbiA9IHhtYWxsb2NfYXJyYXkoZ2ZuX3QsIG1heF9ncmFudF9mcmFtZXMp OworICAgIG1heF9zdGF0dXNfZnJhbWVzID0gZ3JhbnRfdG9fc3RhdHVzX2Zy YW1lcyhtYXhfZ3JhbnRfZnJhbWVzKTsKKyAgICBkLT5hcmNoLmdyYW50X3N0 YXR1c19nZm4gPSB4bWFsbG9jX2FycmF5KGdmbl90LCBtYXhfc3RhdHVzX2Zy YW1lcyk7CisgICAgaWYgKCAhZC0+YXJjaC5ncmFudF9zaGFyZWRfZ2ZuIHx8 ICFkLT5hcmNoLmdyYW50X3N0YXR1c19nZm4gKQorICAgIHsKKyAgICAgICAg ZnJlZV9kb21haW5fc3RydWN0KGQpOworICAgICAgICByZXR1cm4gTlVMTDsK KyAgICB9CisKKyAgICBmb3IgKCBpID0gMDsgaSA8IG1heF9ncmFudF9mcmFt ZXM7ICsraSApCisgICAgICAgIGQtPmFyY2guZ3JhbnRfc2hhcmVkX2dmbltp XSA9IF9nZm4oSU5WQUxJRF9HRk4pOworCisgICAgZm9yICggaSA9IDA7IGkg PCBtYXhfc3RhdHVzX2ZyYW1lczsgKytpICkKKyAgICAgICAgZC0+YXJjaC5n cmFudF9zdGF0dXNfZ2ZuW2ldID0gX2dmbihJTlZBTElEX0dGTik7CisKICAg ICByZXR1cm4gZDsKIH0KIAogdm9pZCBmcmVlX2RvbWFpbl9zdHJ1Y3Qoc3Ry dWN0IGRvbWFpbiAqZCkKIHsKLSAgICB4ZnJlZShkLT5hcmNoLmdyYW50X3Rh YmxlX2dwZm4pOworICAgIHhmcmVlKGQtPmFyY2guZ3JhbnRfc2hhcmVkX2dm bik7CisgICAgeGZyZWUoZC0+YXJjaC5ncmFudF9zdGF0dXNfZ2ZuKTsKICAg ICBmcmVlX3hlbmhlYXBfcGFnZShkKTsKIH0KIAotLS0gYS94ZW4vYXJjaC9h cm0vbW0uYworKysgYi94ZW4vYXJjaC9hcm0vbW0uYwpAQCAtMTA1Nyw2ICsx MDU3LDcgQEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAg aW50IHJjOwogICAgIHAybV90eXBlX3QgdDsKICAgICBzdHJ1Y3QgcGFnZV9p bmZvICpwYWdlID0gTlVMTDsKKyAgICBib29sX3Qgc3RhdHVzID0gMDsKIAog ICAgIHN3aXRjaCAoIHNwYWNlICkKICAgICB7CkBAIC0xMDc0LDYgKzEwNzUs NyBAQCBpbnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKICAgICAgICAg ICAgICAgICBtZm4gPSB2aXJ0X3RvX21mbihkLT5ncmFudF90YWJsZS0+c3Rh dHVzW2lkeF0pOwogICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAg IG1mbiA9IElOVkFMSURfTUZOOworICAgICAgICAgICAgc3RhdHVzID0gMTsK ICAgICAgICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEwODks NyArMTA5MSwxMCBAQCBpbnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgK ICAgICAgICAgCiAgICAgICAgIGlmICggbWZuICE9IElOVkFMSURfTUZOICkK ICAgICAgICAgewotICAgICAgICAgICAgZC0+YXJjaC5ncmFudF90YWJsZV9n cGZuW2lkeF0gPSBncGZuOworICAgICAgICAgICAgaWYgKCBzdGF0dXMgKQor ICAgICAgICAgICAgICAgIGQtPmFyY2guZ3JhbnRfc3RhdHVzX2dmbltpZHhd ID0gX2dmbihncGZuKTsKKyAgICAgICAgICAgIGVsc2UKKyAgICAgICAgICAg ICAgICBkLT5hcmNoLmdyYW50X3NoYXJlZF9nZm5baWR4XSA9IF9nZm4oZ3Bm bik7CiAKICAgICAgICAgICAgIHQgPSBwMm1fcmFtX3J3OwogICAgICAgICB9 Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS1hcm0vZG9tYWluLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9kb21haW4uaApAQCAtNTIsNyArNTIsOCBAQCBz dHJ1Y3QgYXJjaF9kb21haW4KICAgICB1aW50NjRfdCB2dHRicjsKIAogICAg IHN0cnVjdCBodm1fZG9tYWluIGh2bV9kb21haW47Ci0gICAgeGVuX3Bmbl90 ICpncmFudF90YWJsZV9ncGZuOworICAgIGdmbl90ICpncmFudF9zaGFyZWRf Z2ZuOworICAgIGdmbl90ICpncmFudF9zdGF0dXNfZ2ZuOwogCiAgICAgc3Ry dWN0IGlvX2hhbmRsZXIgaW9faGFuZGxlcnM7CiAgICAgLyogQ29udGludWFi bGUgZG9tYWluX3JlbGlucXVpc2hfcmVzb3VyY2VzKCkuICovCi0tLSBhL3hl bi9pbmNsdWRlL2FzbS1hcm0vZ3JhbnRfdGFibGUuaAorKysgYi94ZW4vaW5j bHVkZS9hc20tYXJtL2dyYW50X3RhYmxlLmgKQEAgLTE0LDcgKzE0LDYgQEAg aW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKHVuc2lnbmVkCiAgICAg ICAgIHVuc2lnbmVkIGxvbmcgbmV3X2dwYWRkciwgdW5zaWduZWQgaW50IGZs YWdzKTsKIHZvaWQgZ250dGFiX21hcmtfZGlydHkoc3RydWN0IGRvbWFpbiAq ZCwgdW5zaWduZWQgbG9uZyBsKTsKICNkZWZpbmUgZ250dGFiX2NyZWF0ZV9z dGF0dXNfcGFnZShkLCB0LCBpKSBkbyB7fSB3aGlsZSAoMCkKLSNkZWZpbmUg Z250dGFiX3N0YXR1c19nbWZuKGQsIHQsIGkpICgwKQogI2RlZmluZSBnbnR0 YWJfcmVsZWFzZV9ob3N0X21hcHBpbmdzKGRvbWFpbikgMQogc3RhdGljIGlu bGluZSBpbnQgcmVwbGFjZV9ncmFudF9zdXBwb3J0ZWQodm9pZCkKIHsKQEAg LTI5LDggKzI4LDEyIEBAIHN0YXRpYyBpbmxpbmUgaW50IHJlcGxhY2VfZ3Jh bnRfc3VwcG9ydGUKICAgICB9IHdoaWxlICggMCApCiAKICNkZWZpbmUgZ250 dGFiX3NoYXJlZF9nbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBcCi0gICAgKCAoKGkgPj0gbnJfZ3JhbnRfZnJh bWVzKGQtPmdyYW50X3RhYmxlKSkgJiYgICAgICAgICAgICAgICAgICAgICAg ICAgXAotICAgICAoaSA8IG1heF9ncmFudF9mcmFtZXMpKSA/IDAgOiAoZC0+ YXJjaC5ncmFudF90YWJsZV9ncGZuW2ldKSkKKyAgICBnZm5feCgoKGkpID49 IG5yX2dyYW50X2ZyYW1lcyh0KSkgPyBfZ2ZuKElOVkFMSURfR0ZOKSAgICAg ICAgICAgICAgICBcCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDogKGQpLT5hcmNoLmdyYW50X3NoYXJlZF9nZm5baV0pCisKKyNk ZWZpbmUgZ250dGFiX3N0YXR1c19nbWZuKGQsIHQsIGkpICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgZ2ZuX3goKChpKSA+ PSBucl9zdGF0dXNfZnJhbWVzKHQpKSA/IF9nZm4oSU5WQUxJRF9HRk4pICAg ICAgICAgICAgICAgXAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgOiAoZCktPmFyY2guZ3JhbnRfc3RhdHVzX2dmbltpXSkKIAog I2RlZmluZSBnbnR0YWJfbmVlZF9pb21tdV9tYXBwaW5nKGQpICAgICAgICAg ICAgICAgICAgICBcCiAgICAgKGlzX2RvbWFpbl9kaXJlY3RfbWFwcGVkKGQp ICYmIG5lZWRfaW9tbXUoZCkpCg== --=separator Content-Type: application/octet-stream; name="xsa255-4.6-2.patch" Content-Disposition: attachment; filename="xsa255-4.6-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IGJsaW5kbHkgZnJlZSBzdGF0dXMgcGFnZXMgdXBv biB2ZXJzaW9uIGNoYW5nZQoKVGhlcmUgbWF5IHN0aWxsIGJlIGFjdGl2ZSBt YXBwaW5ncywgd2hpY2ggd291bGQgdHJpZ2dlciB0aGUgcmVzcGVjdGl2ZQpC VUdfT04oKS4gU3BsaXQgdGhlIGxvb3AgaW50byBvbmUgZGVhbGluZyB3aXRo IHRoZSBwYWdlIGF0dHJpYnV0ZXMgYW5kCnRoZSBzZWNvbmQgKHdoZW4gdGhl IGZpcnN0IGZ1bGx5IHBhc3NlZCkgZnJlZWluZyB0aGUgcGFnZXMuIFJldHVy biBhbgplcnJvciBpZiBhbnkgcGFnZXMgc3RpbGwgaGF2ZSBwZW5kaW5nIHJl ZmVyZW5jZXMuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxpbmlAa2VybmVs Lm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0vbW0uYworKysg Yi94ZW4vYXJjaC9hcm0vbW0uYwpAQCAtMTA4OSwxMiArMTA4OSwyMyBAQCBp bnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKICAgICAgICAgICAgICAg ICBtZm4gPSBJTlZBTElEX01GTjsKICAgICAgICAgfQogICAgICAgICAKKyAg ICAgICAgaWYgKCBtZm4gIT0gSU5WQUxJRF9NRk4gJiYKKyAgICAgICAgICAg ICBnZm5feChnbnR0YWJfZ2V0X2ZyYW1lX2dmbihkLCBzdGF0dXMsIGlkeCkp ICE9IElOVkFMSURfR0ZOICkKKyAgICAgICAgeworICAgICAgICAgICAgcmMg PSBndWVzdF9waHlzbWFwX3JlbW92ZV9wYWdlKGQsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZ2ZuX3goZ250dGFiX2dl dF9mcmFtZV9nZm4oZCwgc3RhdHVzLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGlkeCkpLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIG1mbiwgMCk7CisgICAgICAgICAgICBpZiAoIHJjICkKKyAg ICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICB3cml0ZV91bmxvY2soJmQt PmdyYW50X3RhYmxlLT5sb2NrKTsKKyAgICAgICAgICAgICAgICByZXR1cm4g cmM7CisgICAgICAgICAgICB9CisgICAgICAgIH0KKwogICAgICAgICBpZiAo IG1mbiAhPSBJTlZBTElEX01GTiApCiAgICAgICAgIHsKLSAgICAgICAgICAg IGlmICggc3RhdHVzICkKLSAgICAgICAgICAgICAgICBkLT5hcmNoLmdyYW50 X3N0YXR1c19nZm5baWR4XSA9IF9nZm4oZ3Bmbik7Ci0gICAgICAgICAgICBl bHNlCi0gICAgICAgICAgICAgICAgZC0+YXJjaC5ncmFudF9zaGFyZWRfZ2Zu W2lkeF0gPSBfZ2ZuKGdwZm4pOworICAgICAgICAgICAgZ250dGFiX3NldF9m cmFtZV9nZm4oZCwgc3RhdHVzLCBpZHgsIF9nZm4oZ3BmbikpOwogCiAgICAg ICAgICAgICB0ID0gcDJtX3JhbV9ydzsKICAgICAgICAgfQotLS0gYS94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1vbi9ncmFudF90 YWJsZS5jCkBAIC0xNTEyLDIzICsxNTEyLDc0IEBAIHN0YXR1c19hbGxvY19m YWlsZWQ6CiAgICAgcmV0dXJuIC1FTk9NRU07CiB9CiAKLXN0YXRpYyB2b2lk CitzdGF0aWMgaW50CiBnbnR0YWJfdW5wb3B1bGF0ZV9zdGF0dXNfZnJhbWVz KHN0cnVjdCBkb21haW4gKmQsIHN0cnVjdCBncmFudF90YWJsZSAqZ3QpCiB7 Ci0gICAgaW50IGk7CisgICAgdW5zaWduZWQgaW50IGk7CiAKICAgICBmb3Ig KCBpID0gMDsgaSA8IG5yX3N0YXR1c19mcmFtZXMoZ3QpOyBpKysgKQogICAg IHsKICAgICAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGcgPSB2aXJ0X3RvX3Bh Z2UoZ3QtPnN0YXR1c1tpXSk7CisgICAgICAgIGdmbl90IGdmbiA9IGdudHRh Yl9nZXRfZnJhbWVfZ2ZuKGQsIDEsIGkpOworCisgICAgICAgIC8qCisgICAg ICAgICAqIEZvciB0cmFuc2xhdGVkIGRvbWFpbnMsIHJlY292ZXJpbmcgZnJv bSBmYWlsdXJlIGFmdGVyIHBhcnRpYWwKKyAgICAgICAgICogY2hhbmdlcyB3 ZXJlIG1hZGUgaXMgbW9yZSBjb21wbGljYXRlZCB0aGFuIGl0IHNlZW1zIHdv cnRoCisgICAgICAgICAqIGltcGxlbWVudGluZyBhdCB0aGlzIHRpbWUuIEhl bmNlIHJlc3BlY3RpdmUgZXJyb3IgcGF0aHMgYmVsb3cKKyAgICAgICAgICog Y3Jhc2ggdGhlIGRvbWFpbiBpbiBzdWNoIGEgY2FzZS4KKyAgICAgICAgICov CisgICAgICAgIGlmICggcGFnaW5nX21vZGVfdHJhbnNsYXRlKGQpICkKKyAg ICAgICAgeworICAgICAgICAgICAgaW50IHJjID0gZ2ZuX3goZ2ZuKSA9PSBJ TlZBTElEX0dGTgorICAgICAgICAgICAgICAgICAgICAgPyAwCisgICAgICAg ICAgICAgICAgICAgICA6IGd1ZXN0X3BoeXNtYXBfcmVtb3ZlX3BhZ2UoZCwg Z2ZuX3goZ2ZuKSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBwYWdlX3RvX21mbihwZyksIDApOworCisgICAg ICAgICAgICBpZiAoIHJjICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAg ICAgICBncHJpbnRrKFhFTkxPR19FUlIsCisgICAgICAgICAgICAgICAgICAg ICAgICAiQ291bGQgbm90IHJlbW92ZSBzdGF0dXMgZnJhbWUgJXUgKEdGTiAl I2x4KSBmcm9tIFAyTVxuIiwKKyAgICAgICAgICAgICAgICAgICAgICAgIGks IGdmbl94KGdmbikpOworICAgICAgICAgICAgICAgIGRvbWFpbl9jcmFzaChk KTsKKyAgICAgICAgICAgICAgICByZXR1cm4gcmM7CisgICAgICAgICAgICB9 CisgICAgICAgICAgICBnbnR0YWJfc2V0X2ZyYW1lX2dmbihkLCAxLCBpLCBf Z2ZuKElOVkFMSURfR0ZOKSk7CisgICAgICAgIH0KIAogICAgICAgICBCVUdf T04ocGFnZV9nZXRfb3duZXIocGcpICE9IGQpOwogICAgICAgICBpZiAoIHRl c3RfYW5kX2NsZWFyX2JpdChfUEdDX2FsbG9jYXRlZCwgJnBnLT5jb3VudF9p bmZvKSApCiAgICAgICAgICAgICBwdXRfcGFnZShwZyk7Ci0gICAgICAgIEJV R19PTihwZy0+Y291bnRfaW5mbyAmIH5QR0NfeGVuX2hlYXApOworCisgICAg ICAgIGlmICggcGctPmNvdW50X2luZm8gJiB+UEdDX3hlbl9oZWFwICkKKyAg ICAgICAgeworICAgICAgICAgICAgaWYgKCBwYWdpbmdfbW9kZV90cmFuc2xh dGUoZCkgKQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIGdwcmlu dGsoWEVOTE9HX0VSUiwKKyAgICAgICAgICAgICAgICAgICAgICAgICJXcm9u ZyBwYWdlIHN0YXRlICUjbHggb2Ygc3RhdHVzIGZyYW1lICV1IChHRk4gJSNs eClcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICBwZy0+Y291bnRfaW5m bywgaSwgZ2ZuX3goZ2ZuKSk7CisgICAgICAgICAgICAgICAgZG9tYWluX2Ny YXNoKGQpOworICAgICAgICAgICAgfQorICAgICAgICAgICAgZWxzZQorICAg ICAgICAgICAgeworICAgICAgICAgICAgICAgIGlmICggZ2V0X3BhZ2UocGcs IGQpICkKKyAgICAgICAgICAgICAgICAgICAgc2V0X2JpdChfUEdDX2FsbG9j YXRlZCwgJnBnLT5jb3VudF9pbmZvKTsKKyAgICAgICAgICAgICAgICB3aGls ZSAoIGktLSApCisgICAgICAgICAgICAgICAgICAgIGdudHRhYl9jcmVhdGVf c3RhdHVzX3BhZ2UoZCwgZ3QsIGkpOworICAgICAgICAgICAgfQorICAgICAg ICAgICAgcmV0dXJuIC1FQlVTWTsKKyAgICAgICAgfQorCisgICAgICAgIHBh Z2Vfc2V0X293bmVyKHBnLCBOVUxMKTsKKyAgICB9CisKKyAgICBmb3IgKCBp ID0gMDsgaSA8IG5yX3N0YXR1c19mcmFtZXMoZ3QpOyBpKysgKQorICAgIHsK ICAgICAgICAgZnJlZV94ZW5oZWFwX3BhZ2UoZ3QtPnN0YXR1c1tpXSk7CiAg ICAgICAgIGd0LT5zdGF0dXNbaV0gPSBOVUxMOwogICAgIH0KICAgICBndC0+ bnJfc3RhdHVzX2ZyYW1lcyA9IDA7CisKKyAgICByZXR1cm4gMDsKIH0KIAog LyoKQEAgLTI3NjgsOCArMjgxOSw5IEBAIGdudHRhYl9zZXRfdmVyc2lvbihY RU5fR1VFU1RfSEFORExFX1BBUkEKICAgICAgICAgYnJlYWs7CiAgICAgfQog Ci0gICAgaWYgKCBvcC52ZXJzaW9uIDwgMiAmJiBndC0+Z3RfdmVyc2lvbiA9 PSAyICkKLSAgICAgICAgZ250dGFiX3VucG9wdWxhdGVfc3RhdHVzX2ZyYW1l cyhjdXJyZCwgZ3QpOworICAgIGlmICggb3AudmVyc2lvbiA8IDIgJiYgZ3Qt Pmd0X3ZlcnNpb24gPT0gMiAmJgorICAgICAgICAgKHJlcyA9IGdudHRhYl91 bnBvcHVsYXRlX3N0YXR1c19mcmFtZXMoY3VycmQsIGd0KSkgIT0gMCApCisg ICAgICAgIGdvdG8gb3V0X3VubG9jazsKIAogICAgIC8qIE1ha2Ugc3VyZSB0 aGVyZSdzIG5vIGNydWQgbGVmdCBvdmVyIGZyb20gdGhlIG9sZCB2ZXJzaW9u LiAqLwogICAgIGZvciAoIGkgPSAwOyBpIDwgbnJfZ3JhbnRfZnJhbWVzKGd0 KTsgaSsrICkKLS0tIGEveGVuL2luY2x1ZGUvYXNtLWFybS9ncmFudF90YWJs ZS5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS1hcm0vZ3JhbnRfdGFibGUuaApA QCAtMjAsNiArMjAsMTcgQEAgc3RhdGljIGlubGluZSBpbnQgcmVwbGFjZV9n cmFudF9zdXBwb3J0ZQogICAgIHJldHVybiAxOwogfQogCisjZGVmaW5lIGdu dHRhYl9zZXRfZnJhbWVfZ2ZuKGQsIHN0LCBpZHgsIGdmbikgICAgICAgICAg ICAgICAgICAgICAgICAgICAgXAorICAgIGRvIHsgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIFwKKyAgICAgICAgKChzdCkgPyAoZCktPmFyY2guZ3JhbnRfc3RhdHVz X2dmbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCisgICAgICAg ICAgICAgIDogKGQpLT5hcmNoLmdyYW50X3NoYXJlZF9nZm4pW2lkeF0gPSAo Z2ZuKTsgICAgICAgICAgICAgICAgXAorICAgIH0gd2hpbGUgKCAwICkKKwor I2RlZmluZSBnbnR0YWJfZ2V0X2ZyYW1lX2dmbihkLCBzdCwgaWR4KSAoeyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAgIF9nZm4oKHN0KSA/ IGdudHRhYl9zdGF0dXNfZ21mbihkLCAoZCktPmdyYW50X3RhYmxlLCBpZHgp ICAgICAgICAgICAgICBcCisgICAgICAgICAgICAgOiBnbnR0YWJfc2hhcmVk X2dtZm4oZCwgKGQpLT5ncmFudF90YWJsZSwgaWR4KSk7ICAgICAgICAgICAg XAorfSkKKwogI2RlZmluZSBnbnR0YWJfY3JlYXRlX3NoYXJlZF9wYWdlKGQs IHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICBk byB7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgICAgIHNoYXJlX3hlbl9w YWdlX3dpdGhfZ3Vlc3QoICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgXAotLS0gYS94ZW4vaW5jbHVkZS9hc20teDg2L2dyYW50X3Rh YmxlLmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLXg4Ni9ncmFudF90YWJsZS5o CkBAIC0xOCw2ICsxOCwxNCBAQCBpbnQgY3JlYXRlX2dyYW50X2hvc3RfbWFw cGluZyh1aW50NjRfdCBhCiBpbnQgcmVwbGFjZV9ncmFudF9ob3N0X21hcHBp bmcoCiAgICAgdWludDY0X3QgYWRkciwgdW5zaWduZWQgbG9uZyBmcmFtZSwg dWludDY0X3QgbmV3X2FkZHIsIHVuc2lnbmVkIGludCBmbGFncyk7CiAKKyNk ZWZpbmUgZ250dGFiX3NldF9mcmFtZV9nZm4oZCwgc3QsIGlkeCwgZ2ZuKSBk byB7fSB3aGlsZSAoIDAgKQorI2RlZmluZSBnbnR0YWJfZ2V0X2ZyYW1lX2dm bihkLCBzdCwgaWR4KSAoeyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFwKKyAgICB1bnNpZ25lZCBsb25nIG1mbl8gPSAoc3QpID8gZ250dGFiX3N0 YXR1c19tZm4oKGQpLT5ncmFudF90YWJsZSwgaWR4KSBcCisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA6IGdudHRhYl9zaGFyZWRfbWZuKChkKS0+ Z3JhbnRfdGFibGUsIGlkeCk7IFwKKyAgICB1bnNpZ25lZCBsb25nIGdwZm5f ID0gZ2V0X2dwZm5fZnJvbV9tZm4obWZuXyk7ICAgICAgICAgICAgICAgICAg ICAgICBcCisgICAgX2dmbihWQUxJRF9NMlAoZ3Bmbl8pID8gZ3Bmbl8gOiBJ TlZBTElEX0dGTik7ICAgICAgICAgICAgICAgICAgICAgICAgXAorfSkKKwog I2RlZmluZSBnbnR0YWJfY3JlYXRlX3NoYXJlZF9wYWdlKGQsIHQsIGkpICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKICAgICBkbyB7ICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcCiAgICAgICAgIHNoYXJlX3hlbl9wYWdlX3dpdGhf Z3Vlc3QoICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg XApAQCAtMzMsMTEgKzQxLDExIEBAIGludCByZXBsYWNlX2dyYW50X2hvc3Rf bWFwcGluZygKICAgICB9IHdoaWxlICggMCApCiAKIAotI2RlZmluZSBnbnR0 YWJfc2hhcmVkX21mbihkLCB0LCBpKSAgICAgICAgICAgICAgICAgICAgICBc CisjZGVmaW5lIGdudHRhYl9zaGFyZWRfbWZuKHQsIGkpICAgICAgICAgICAg ICAgICAgICAgICAgIFwKICAgICAoKHZpcnRfdG9fbWFkZHIoKHQpLT5zaGFy ZWRfcmF3W2ldKSA+PiBQQUdFX1NISUZUKSkKIAogI2RlZmluZSBnbnR0YWJf c2hhcmVkX2dtZm4oZCwgdCwgaSkgICAgICAgICAgICAgICAgICAgICBcCi0g ICAgKG1mbl90b19nbWZuKGQsIGdudHRhYl9zaGFyZWRfbWZuKGQsIHQsIGkp KSkKKyAgICAobWZuX3RvX2dtZm4oZCwgZ250dGFiX3NoYXJlZF9tZm4odCwg aSkpKQogCiAKICNkZWZpbmUgZ250dGFiX3N0YXR1c19tZm4odCwgaSkgICAg ICAgICAgICAgICAgICAgICAgICAgXAo= --=separator Content-Type: application/octet-stream; name="xsa255-4.7-1.patch" Content-Disposition: attachment; filename="xsa255-4.7-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWIvQVJNOiBkb24ndCBjb3JydXB0IHNoYXJlZCBHRk4gYXJyYXkK Ci4uLiBieSB3cml0aW5nIHN0YXR1cyBHRk5zIHRvIGl0LiBJbnRyb2R1Y2Ug YSBzZWNvbmQgYXJyYXkgaW5zdGVhZC4KQWxzbyBpbXBsZW1lbnQgZ250dGFi X3N0YXR1c19nbWZuKCkgcHJvcGVybHkgbm93IHRoYXQgdGhlIGluZm9ybWF0 aW9uIGlzCnN1aXRhYmx5IGJlaW5nIHRyYWNrZWQuCgpXaGlsZSB0b3VjaGlu ZyBpdCBhbnl3YXksIHJlbW92ZSBhIG1pc2d1aWRlZCAoYnV0IGx1Y2tpbHkg YmVuaWduKSB1cHBlcgpib3VuZCBjaGVjayBmcm9tIGdudHRhYl9zaGFyZWRf Z21mbigpOiBXZSBzaG91bGQgbmV2ZXIgYWNjZXNzIGJleW9uZCB0aGUKYm91 bmRzIG9mIHRoYXQgYXJyYXkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KUmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxp bmlAa2VybmVsLm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFu ZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0v ZG9tYWluLmMKKysrIGIveGVuL2FyY2gvYXJtL2RvbWFpbi5jCkBAIC00Mzgs MTkgKzQzOCwzNyBAQCB2b2lkIHN0YXJ0dXBfY3B1X2lkbGVfbG9vcCh2b2lk KQogc3RydWN0IGRvbWFpbiAqYWxsb2NfZG9tYWluX3N0cnVjdCh2b2lkKQog ewogICAgIHN0cnVjdCBkb21haW4gKmQ7CisgICAgdW5zaWduZWQgaW50IGks IG1heF9zdGF0dXNfZnJhbWVzOworCiAgICAgQlVJTERfQlVHX09OKHNpemVv ZigqZCkgPiBQQUdFX1NJWkUpOwogICAgIGQgPSBhbGxvY194ZW5oZWFwX3Bh Z2VzKDAsIDApOwogICAgIGlmICggZCA9PSBOVUxMICkKICAgICAgICAgcmV0 dXJuIE5VTEw7CiAKICAgICBjbGVhcl9wYWdlKGQpOwotICAgIGQtPmFyY2gu Z3JhbnRfdGFibGVfZ3BmbiA9IHh6YWxsb2NfYXJyYXkoeGVuX3Bmbl90LCBt YXhfZ3JhbnRfZnJhbWVzKTsKKworICAgIGQtPmFyY2guZ3JhbnRfc2hhcmVk X2dmbiA9IHhtYWxsb2NfYXJyYXkoZ2ZuX3QsIG1heF9ncmFudF9mcmFtZXMp OworICAgIG1heF9zdGF0dXNfZnJhbWVzID0gZ3JhbnRfdG9fc3RhdHVzX2Zy YW1lcyhtYXhfZ3JhbnRfZnJhbWVzKTsKKyAgICBkLT5hcmNoLmdyYW50X3N0 YXR1c19nZm4gPSB4bWFsbG9jX2FycmF5KGdmbl90LCBtYXhfc3RhdHVzX2Zy YW1lcyk7CisgICAgaWYgKCAhZC0+YXJjaC5ncmFudF9zaGFyZWRfZ2ZuIHx8 ICFkLT5hcmNoLmdyYW50X3N0YXR1c19nZm4gKQorICAgIHsKKyAgICAgICAg ZnJlZV9kb21haW5fc3RydWN0KGQpOworICAgICAgICByZXR1cm4gTlVMTDsK KyAgICB9CisKKyAgICBmb3IgKCBpID0gMDsgaSA8IG1heF9ncmFudF9mcmFt ZXM7ICsraSApCisgICAgICAgIGQtPmFyY2guZ3JhbnRfc2hhcmVkX2dmbltp XSA9IF9nZm4oSU5WQUxJRF9HRk4pOworCisgICAgZm9yICggaSA9IDA7IGkg PCBtYXhfc3RhdHVzX2ZyYW1lczsgKytpICkKKyAgICAgICAgZC0+YXJjaC5n cmFudF9zdGF0dXNfZ2ZuW2ldID0gX2dmbihJTlZBTElEX0dGTik7CisKICAg ICByZXR1cm4gZDsKIH0KIAogdm9pZCBmcmVlX2RvbWFpbl9zdHJ1Y3Qoc3Ry dWN0IGRvbWFpbiAqZCkKIHsKLSAgICB4ZnJlZShkLT5hcmNoLmdyYW50X3Rh YmxlX2dwZm4pOworICAgIHhmcmVlKGQtPmFyY2guZ3JhbnRfc2hhcmVkX2dm bik7CisgICAgeGZyZWUoZC0+YXJjaC5ncmFudF9zdGF0dXNfZ2ZuKTsKICAg ICBmcmVlX3hlbmhlYXBfcGFnZShkKTsKIH0KIAotLS0gYS94ZW4vYXJjaC9h cm0vbW0uYworKysgYi94ZW4vYXJjaC9hcm0vbW0uYwpAQCAtMTA2NSw2ICsx MDY1LDcgQEAgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAg aW50IHJjOwogICAgIHAybV90eXBlX3QgdDsKICAgICBzdHJ1Y3QgcGFnZV9p bmZvICpwYWdlID0gTlVMTDsKKyAgICBib29sX3Qgc3RhdHVzID0gMDsKIAog ICAgIHN3aXRjaCAoIHNwYWNlICkKICAgICB7CkBAIC0xMDgyLDYgKzEwODMs NyBAQCBpbnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKICAgICAgICAg ICAgICAgICBtZm4gPSB2aXJ0X3RvX21mbihkLT5ncmFudF90YWJsZS0+c3Rh dHVzW2lkeF0pOwogICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAg IG1mbiA9IElOVkFMSURfTUZOOworICAgICAgICAgICAgc3RhdHVzID0gMTsK ICAgICAgICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTEwOTcs NyArMTA5OSwxMCBAQCBpbnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgK ICAgICAgICAgCiAgICAgICAgIGlmICggbWZuICE9IElOVkFMSURfTUZOICkK ICAgICAgICAgewotICAgICAgICAgICAgZC0+YXJjaC5ncmFudF90YWJsZV9n cGZuW2lkeF0gPSBncGZuOworICAgICAgICAgICAgaWYgKCBzdGF0dXMgKQor ICAgICAgICAgICAgICAgIGQtPmFyY2guZ3JhbnRfc3RhdHVzX2dmbltpZHhd ID0gX2dmbihncGZuKTsKKyAgICAgICAgICAgIGVsc2UKKyAgICAgICAgICAg ICAgICBkLT5hcmNoLmdyYW50X3NoYXJlZF9nZm5baWR4XSA9IF9nZm4oZ3Bm bik7CiAKICAgICAgICAgICAgIHQgPSBwMm1fcmFtX3J3OwogICAgICAgICB9 Ci0tLSBhL3hlbi9pbmNsdWRlL2FzbS1hcm0vZG9tYWluLmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLWFybS9kb21haW4uaApAQCAtNTEsNyArNTEsOCBAQCBz dHJ1Y3QgYXJjaF9kb21haW4KICAgICB1aW50NjRfdCB2dHRicjsKIAogICAg IHN0cnVjdCBodm1fZG9tYWluIGh2bV9kb21haW47Ci0gICAgeGVuX3Bmbl90 ICpncmFudF90YWJsZV9ncGZuOworICAgIGdmbl90ICpncmFudF9zaGFyZWRf Z2ZuOworICAgIGdmbl90ICpncmFudF9zdGF0dXNfZ2ZuOwogCiAgICAgc3Ry dWN0IHZtbWlvIHZtbWlvOwogCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS1hcm0v Z3JhbnRfdGFibGUuaAorKysgYi94ZW4vaW5jbHVkZS9hc20tYXJtL2dyYW50 X3RhYmxlLmgKQEAgLTE0LDcgKzE0LDYgQEAgaW50IHJlcGxhY2VfZ3JhbnRf aG9zdF9tYXBwaW5nKHVuc2lnbmVkCiAgICAgICAgIHVuc2lnbmVkIGxvbmcg bmV3X2dwYWRkciwgdW5zaWduZWQgaW50IGZsYWdzKTsKIHZvaWQgZ250dGFi X21hcmtfZGlydHkoc3RydWN0IGRvbWFpbiAqZCwgdW5zaWduZWQgbG9uZyBs KTsKICNkZWZpbmUgZ250dGFiX2NyZWF0ZV9zdGF0dXNfcGFnZShkLCB0LCBp KSBkbyB7fSB3aGlsZSAoMCkKLSNkZWZpbmUgZ250dGFiX3N0YXR1c19nbWZu KGQsIHQsIGkpICgwKQogI2RlZmluZSBnbnR0YWJfcmVsZWFzZV9ob3N0X21h cHBpbmdzKGRvbWFpbikgMQogc3RhdGljIGlubGluZSBpbnQgcmVwbGFjZV9n cmFudF9zdXBwb3J0ZWQodm9pZCkKIHsKQEAgLTI5LDggKzI4LDEyIEBAIHN0 YXRpYyBpbmxpbmUgaW50IHJlcGxhY2VfZ3JhbnRfc3VwcG9ydGUKICAgICB9 IHdoaWxlICggMCApCiAKICNkZWZpbmUgZ250dGFiX3NoYXJlZF9nbWZuKGQs IHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc Ci0gICAgKCAoKGkgPj0gbnJfZ3JhbnRfZnJhbWVzKGQtPmdyYW50X3RhYmxl KSkgJiYgICAgICAgICAgICAgICAgICAgICAgICAgXAotICAgICAoaSA8IG1h eF9ncmFudF9mcmFtZXMpKSA/IDAgOiAoZC0+YXJjaC5ncmFudF90YWJsZV9n cGZuW2ldKSkKKyAgICBnZm5feCgoKGkpID49IG5yX2dyYW50X2ZyYW1lcyh0 KSkgPyBfZ2ZuKElOVkFMSURfR0ZOKSAgICAgICAgICAgICAgICBcCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDogKGQpLT5hcmNo LmdyYW50X3NoYXJlZF9nZm5baV0pCisKKyNkZWZpbmUgZ250dGFiX3N0YXR1 c19nbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBcCisgICAgZ2ZuX3goKChpKSA+PSBucl9zdGF0dXNfZnJhbWVz KHQpKSA/IF9nZm4oSU5WQUxJRF9HRk4pICAgICAgICAgICAgICAgXAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgOiAoZCktPmFy Y2guZ3JhbnRfc3RhdHVzX2dmbltpXSkKIAogI2RlZmluZSBnbnR0YWJfbmVl ZF9pb21tdV9tYXBwaW5nKGQpICAgICAgICAgICAgICAgICAgICBcCiAgICAg KGlzX2RvbWFpbl9kaXJlY3RfbWFwcGVkKGQpICYmIG5lZWRfaW9tbXUoZCkp Cg== --=separator Content-Type: application/octet-stream; name="xsa255-4.7-2.patch" Content-Disposition: attachment; filename="xsa255-4.7-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IGJsaW5kbHkgZnJlZSBzdGF0dXMgcGFnZXMgdXBv biB2ZXJzaW9uIGNoYW5nZQoKVGhlcmUgbWF5IHN0aWxsIGJlIGFjdGl2ZSBt YXBwaW5ncywgd2hpY2ggd291bGQgdHJpZ2dlciB0aGUgcmVzcGVjdGl2ZQpC VUdfT04oKS4gU3BsaXQgdGhlIGxvb3AgaW50byBvbmUgZGVhbGluZyB3aXRo IHRoZSBwYWdlIGF0dHJpYnV0ZXMgYW5kCnRoZSBzZWNvbmQgKHdoZW4gdGhl IGZpcnN0IGZ1bGx5IHBhc3NlZCkgZnJlZWluZyB0aGUgcGFnZXMuIFJldHVy biBhbgplcnJvciBpZiBhbnkgcGFnZXMgc3RpbGwgaGF2ZSBwZW5kaW5nIHJl ZmVyZW5jZXMuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxpbmlAa2VybmVs Lm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0vbW0uYworKysg Yi94ZW4vYXJjaC9hcm0vbW0uYwpAQCAtMTA5NywxMiArMTA5NywyMyBAQCBp bnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKICAgICAgICAgICAgICAg ICBtZm4gPSBJTlZBTElEX01GTjsKICAgICAgICAgfQogICAgICAgICAKKyAg ICAgICAgaWYgKCBtZm4gIT0gSU5WQUxJRF9NRk4gJiYKKyAgICAgICAgICAg ICBnZm5feChnbnR0YWJfZ2V0X2ZyYW1lX2dmbihkLCBzdGF0dXMsIGlkeCkp ICE9IElOVkFMSURfR0ZOICkKKyAgICAgICAgeworICAgICAgICAgICAgcmMg PSBndWVzdF9waHlzbWFwX3JlbW92ZV9wYWdlKGQsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZ2ZuX3goZ250dGFiX2dl dF9mcmFtZV9nZm4oZCwgc3RhdHVzLAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGlkeCkpLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIG1mbiwgMCk7CisgICAgICAgICAgICBpZiAoIHJjICkKKyAg ICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBncmFudF93cml0ZV91bmxv Y2soZC0+Z3JhbnRfdGFibGUpOworICAgICAgICAgICAgICAgIHJldHVybiBy YzsKKyAgICAgICAgICAgIH0KKyAgICAgICAgfQorCiAgICAgICAgIGlmICgg bWZuICE9IElOVkFMSURfTUZOICkKICAgICAgICAgewotICAgICAgICAgICAg aWYgKCBzdGF0dXMgKQotICAgICAgICAgICAgICAgIGQtPmFyY2guZ3JhbnRf c3RhdHVzX2dmbltpZHhdID0gX2dmbihncGZuKTsKLSAgICAgICAgICAgIGVs c2UKLSAgICAgICAgICAgICAgICBkLT5hcmNoLmdyYW50X3NoYXJlZF9nZm5b aWR4XSA9IF9nZm4oZ3Bmbik7CisgICAgICAgICAgICBnbnR0YWJfc2V0X2Zy YW1lX2dmbihkLCBzdGF0dXMsIGlkeCwgX2dmbihncGZuKSk7CiAKICAgICAg ICAgICAgIHQgPSBwMm1fcmFtX3J3OwogICAgICAgICB9Ci0tLSBhL3hlbi9j b21tb24vZ3JhbnRfdGFibGUuYworKysgYi94ZW4vY29tbW9uL2dyYW50X3Rh YmxlLmMKQEAgLTE1MTYsMjMgKzE1MTYsNzQgQEAgc3RhdHVzX2FsbG9jX2Zh aWxlZDoKICAgICByZXR1cm4gLUVOT01FTTsKIH0KIAotc3RhdGljIHZvaWQK K3N0YXRpYyBpbnQKIGdudHRhYl91bnBvcHVsYXRlX3N0YXR1c19mcmFtZXMo c3RydWN0IGRvbWFpbiAqZCwgc3RydWN0IGdyYW50X3RhYmxlICpndCkKIHsK LSAgICBpbnQgaTsKKyAgICB1bnNpZ25lZCBpbnQgaTsKIAogICAgIGZvciAo IGkgPSAwOyBpIDwgbnJfc3RhdHVzX2ZyYW1lcyhndCk7IGkrKyApCiAgICAg ewogICAgICAgICBzdHJ1Y3QgcGFnZV9pbmZvICpwZyA9IHZpcnRfdG9fcGFn ZShndC0+c3RhdHVzW2ldKTsKKyAgICAgICAgZ2ZuX3QgZ2ZuID0gZ250dGFi X2dldF9mcmFtZV9nZm4oZCwgMSwgaSk7CisKKyAgICAgICAgLyoKKyAgICAg ICAgICogRm9yIHRyYW5zbGF0ZWQgZG9tYWlucywgcmVjb3ZlcmluZyBmcm9t IGZhaWx1cmUgYWZ0ZXIgcGFydGlhbAorICAgICAgICAgKiBjaGFuZ2VzIHdl cmUgbWFkZSBpcyBtb3JlIGNvbXBsaWNhdGVkIHRoYW4gaXQgc2VlbXMgd29y dGgKKyAgICAgICAgICogaW1wbGVtZW50aW5nIGF0IHRoaXMgdGltZS4gSGVu Y2UgcmVzcGVjdGl2ZSBlcnJvciBwYXRocyBiZWxvdworICAgICAgICAgKiBj cmFzaCB0aGUgZG9tYWluIGluIHN1Y2ggYSBjYXNlLgorICAgICAgICAgKi8K KyAgICAgICAgaWYgKCBwYWdpbmdfbW9kZV90cmFuc2xhdGUoZCkgKQorICAg ICAgICB7CisgICAgICAgICAgICBpbnQgcmMgPSBnZm5feChnZm4pID09IElO VkFMSURfR0ZOCisgICAgICAgICAgICAgICAgICAgICA/IDAKKyAgICAgICAg ICAgICAgICAgICAgIDogZ3Vlc3RfcGh5c21hcF9yZW1vdmVfcGFnZShkLCBn Zm5feChnZm4pLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHBhZ2VfdG9fbWZuKHBnKSwgMCk7CisKKyAgICAg ICAgICAgIGlmICggcmMgKQorICAgICAgICAgICAgeworICAgICAgICAgICAg ICAgIGdwcmludGsoWEVOTE9HX0VSUiwKKyAgICAgICAgICAgICAgICAgICAg ICAgICJDb3VsZCBub3QgcmVtb3ZlIHN0YXR1cyBmcmFtZSAldSAoR0ZOICUj bHgpIGZyb20gUDJNXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAgaSwg Z2ZuX3goZ2ZuKSk7CisgICAgICAgICAgICAgICAgZG9tYWluX2NyYXNoKGQp OworICAgICAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAgICAgIH0K KyAgICAgICAgICAgIGdudHRhYl9zZXRfZnJhbWVfZ2ZuKGQsIDEsIGksIF9n Zm4oSU5WQUxJRF9HRk4pKTsKKyAgICAgICAgfQogCiAgICAgICAgIEJVR19P TihwYWdlX2dldF9vd25lcihwZykgIT0gZCk7CiAgICAgICAgIGlmICggdGVz dF9hbmRfY2xlYXJfYml0KF9QR0NfYWxsb2NhdGVkLCAmcGctPmNvdW50X2lu Zm8pICkKICAgICAgICAgICAgIHB1dF9wYWdlKHBnKTsKLSAgICAgICAgQlVH X09OKHBnLT5jb3VudF9pbmZvICYgflBHQ194ZW5faGVhcCk7CisKKyAgICAg ICAgaWYgKCBwZy0+Y291bnRfaW5mbyAmIH5QR0NfeGVuX2hlYXAgKQorICAg ICAgICB7CisgICAgICAgICAgICBpZiAoIHBhZ2luZ19tb2RlX3RyYW5zbGF0 ZShkKSApCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgZ3ByaW50 ayhYRU5MT0dfRVJSLAorICAgICAgICAgICAgICAgICAgICAgICAgIldyb25n IHBhZ2Ugc3RhdGUgJSNseCBvZiBzdGF0dXMgZnJhbWUgJXUgKEdGTiAlI2x4 KVxuIiwKKyAgICAgICAgICAgICAgICAgICAgICAgIHBnLT5jb3VudF9pbmZv LCBpLCBnZm5feChnZm4pKTsKKyAgICAgICAgICAgICAgICBkb21haW5fY3Jh c2goZCk7CisgICAgICAgICAgICB9CisgICAgICAgICAgICBlbHNlCisgICAg ICAgICAgICB7CisgICAgICAgICAgICAgICAgaWYgKCBnZXRfcGFnZShwZywg ZCkgKQorICAgICAgICAgICAgICAgICAgICBzZXRfYml0KF9QR0NfYWxsb2Nh dGVkLCAmcGctPmNvdW50X2luZm8pOworICAgICAgICAgICAgICAgIHdoaWxl ICggaS0tICkKKyAgICAgICAgICAgICAgICAgICAgZ250dGFiX2NyZWF0ZV9z dGF0dXNfcGFnZShkLCBndCwgaSk7CisgICAgICAgICAgICB9CisgICAgICAg ICAgICByZXR1cm4gLUVCVVNZOworICAgICAgICB9CisKKyAgICAgICAgcGFn ZV9zZXRfb3duZXIocGcsIE5VTEwpOworICAgIH0KKworICAgIGZvciAoIGkg PSAwOyBpIDwgbnJfc3RhdHVzX2ZyYW1lcyhndCk7IGkrKyApCisgICAgewog ICAgICAgICBmcmVlX3hlbmhlYXBfcGFnZShndC0+c3RhdHVzW2ldKTsKICAg ICAgICAgZ3QtPnN0YXR1c1tpXSA9IE5VTEw7CiAgICAgfQogICAgIGd0LT5u cl9zdGF0dXNfZnJhbWVzID0gMDsKKworICAgIHJldHVybiAwOwogfQogCiAv KgpAQCAtMjc3Myw4ICsyODI0LDkgQEAgZ250dGFiX3NldF92ZXJzaW9uKFhF Tl9HVUVTVF9IQU5ETEVfUEFSQQogICAgICAgICBicmVhazsKICAgICB9CiAK LSAgICBpZiAoIG9wLnZlcnNpb24gPCAyICYmIGd0LT5ndF92ZXJzaW9uID09 IDIgKQotICAgICAgICBnbnR0YWJfdW5wb3B1bGF0ZV9zdGF0dXNfZnJhbWVz KGN1cnJkLCBndCk7CisgICAgaWYgKCBvcC52ZXJzaW9uIDwgMiAmJiBndC0+ Z3RfdmVyc2lvbiA9PSAyICYmCisgICAgICAgICAocmVzID0gZ250dGFiX3Vu cG9wdWxhdGVfc3RhdHVzX2ZyYW1lcyhjdXJyZCwgZ3QpKSAhPSAwICkKKyAg ICAgICAgZ290byBvdXRfdW5sb2NrOwogCiAgICAgLyogTWFrZSBzdXJlIHRo ZXJlJ3Mgbm8gY3J1ZCBsZWZ0IG92ZXIgZnJvbSB0aGUgb2xkIHZlcnNpb24u ICovCiAgICAgZm9yICggaSA9IDA7IGkgPCBucl9ncmFudF9mcmFtZXMoZ3Qp OyBpKysgKQotLS0gYS94ZW4vaW5jbHVkZS9hc20tYXJtL2dyYW50X3RhYmxl LmgKKysrIGIveGVuL2luY2x1ZGUvYXNtLWFybS9ncmFudF90YWJsZS5oCkBA IC0yMCw2ICsyMCwxNyBAQCBzdGF0aWMgaW5saW5lIGludCByZXBsYWNlX2dy YW50X3N1cHBvcnRlCiAgICAgcmV0dXJuIDE7CiB9CiAKKyNkZWZpbmUgZ250 dGFiX3NldF9mcmFtZV9nZm4oZCwgc3QsIGlkeCwgZ2ZuKSAgICAgICAgICAg ICAgICAgICAgICAgICAgICBcCisgICAgZG8geyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgXAorICAgICAgICAoKHN0KSA/IChkKS0+YXJjaC5ncmFudF9zdGF0dXNf Z2ZuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAgICAgICAg ICAgICAgOiAoZCktPmFyY2guZ3JhbnRfc2hhcmVkX2dmbilbaWR4XSA9IChn Zm4pOyAgICAgICAgICAgICAgICBcCisgICAgfSB3aGlsZSAoIDAgKQorCisj ZGVmaW5lIGdudHRhYl9nZXRfZnJhbWVfZ2ZuKGQsIHN0LCBpZHgpICh7ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgXAorICAgX2dmbigoc3QpID8g Z250dGFiX3N0YXR1c19nbWZuKGQsIChkKS0+Z3JhbnRfdGFibGUsIGlkeCkg ICAgICAgICAgICAgIFwKKyAgICAgICAgICAgICA6IGdudHRhYl9zaGFyZWRf Z21mbihkLCAoZCktPmdyYW50X3RhYmxlLCBpZHgpKTsgICAgICAgICAgICBc Cit9KQorCiAjZGVmaW5lIGdudHRhYl9jcmVhdGVfc2hhcmVkX3BhZ2UoZCwg dCwgaSkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgIGRv IHsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIFwKICAgICAgICAgc2hhcmVfeGVuX3Bh Z2Vfd2l0aF9ndWVzdCggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBcCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYvZ3JhbnRfdGFi bGUuaAorKysgYi94ZW4vaW5jbHVkZS9hc20teDg2L2dyYW50X3RhYmxlLmgK QEAgLTE4LDYgKzE4LDE0IEBAIGludCBjcmVhdGVfZ3JhbnRfaG9zdF9tYXBw aW5nKHVpbnQ2NF90IGEKIGludCByZXBsYWNlX2dyYW50X2hvc3RfbWFwcGlu ZygKICAgICB1aW50NjRfdCBhZGRyLCB1bnNpZ25lZCBsb25nIGZyYW1lLCB1 aW50NjRfdCBuZXdfYWRkciwgdW5zaWduZWQgaW50IGZsYWdzKTsKIAorI2Rl ZmluZSBnbnR0YWJfc2V0X2ZyYW1lX2dmbihkLCBzdCwgaWR4LCBnZm4pIGRv IHt9IHdoaWxlICggMCApCisjZGVmaW5lIGdudHRhYl9nZXRfZnJhbWVfZ2Zu KGQsIHN0LCBpZHgpICh7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg XAorICAgIHVuc2lnbmVkIGxvbmcgbWZuXyA9IChzdCkgPyBnbnR0YWJfc3Rh dHVzX21mbigoZCktPmdyYW50X3RhYmxlLCBpZHgpIFwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDogZ250dGFiX3NoYXJlZF9tZm4oKGQpLT5n cmFudF90YWJsZSwgaWR4KTsgXAorICAgIHVuc2lnbmVkIGxvbmcgZ3Bmbl8g PSBnZXRfZ3Bmbl9mcm9tX21mbihtZm5fKTsgICAgICAgICAgICAgICAgICAg ICAgIFwKKyAgICBfZ2ZuKFZBTElEX00yUChncGZuXykgPyBncGZuXyA6IElO VkFMSURfR0ZOKTsgICAgICAgICAgICAgICAgICAgICAgICBcCit9KQorCiAj ZGVmaW5lIGdudHRhYl9jcmVhdGVfc2hhcmVkX3BhZ2UoZCwgdCwgaSkgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgIGRvIHsgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIFwKICAgICAgICAgc2hhcmVfeGVuX3BhZ2Vfd2l0aF9n dWVzdCggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CkBAIC0zMywxMSArNDEsMTEgQEAgaW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9t YXBwaW5nKAogICAgIH0gd2hpbGUgKCAwICkKIAogCi0jZGVmaW5lIGdudHRh Yl9zaGFyZWRfbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAgICAgIFwK KyNkZWZpbmUgZ250dGFiX3NoYXJlZF9tZm4odCwgaSkgICAgICAgICAgICAg ICAgICAgICAgICAgXAogICAgICgodmlydF90b19tYWRkcigodCktPnNoYXJl ZF9yYXdbaV0pID4+IFBBR0VfU0hJRlQpKQogCiAjZGVmaW5lIGdudHRhYl9z aGFyZWRfZ21mbihkLCB0LCBpKSAgICAgICAgICAgICAgICAgICAgIFwKLSAg ICAobWZuX3RvX2dtZm4oZCwgZ250dGFiX3NoYXJlZF9tZm4oZCwgdCwgaSkp KQorICAgIChtZm5fdG9fZ21mbihkLCBnbnR0YWJfc2hhcmVkX21mbih0LCBp KSkpCiAKIAogI2RlZmluZSBnbnR0YWJfc3RhdHVzX21mbih0LCBpKSAgICAg ICAgICAgICAgICAgICAgICAgICBcCg== --=separator Content-Type: application/octet-stream; name="xsa255-4.9-1.patch" Content-Disposition: attachment; filename="xsa255-4.9-1.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWIvQVJNOiBkb24ndCBjb3JydXB0IHNoYXJlZCBHRk4gYXJyYXkK Ci4uLiBieSB3cml0aW5nIHN0YXR1cyBHRk5zIHRvIGl0LiBJbnRyb2R1Y2Ug YSBzZWNvbmQgYXJyYXkgaW5zdGVhZC4KQWxzbyBpbXBsZW1lbnQgZ250dGFi X3N0YXR1c19nbWZuKCkgcHJvcGVybHkgbm93IHRoYXQgdGhlIGluZm9ybWF0 aW9uIGlzCnN1aXRhYmx5IGJlaW5nIHRyYWNrZWQuCgpXaGlsZSB0b3VjaGlu ZyBpdCBhbnl3YXksIHJlbW92ZSBhIG1pc2d1aWRlZCAoYnV0IGx1Y2tpbHkg YmVuaWduKSB1cHBlcgpib3VuZCBjaGVjayBmcm9tIGdudHRhYl9zaGFyZWRf Z21mbigpOiBXZSBzaG91bGQgbmV2ZXIgYWNjZXNzIGJleW9uZCB0aGUKYm91 bmRzIG9mIHRoYXQgYXJyYXkuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4K ClNpZ25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNv bT4KUmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxp bmlAa2VybmVsLm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFu ZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0v ZG9tYWluLmMKKysrIGIveGVuL2FyY2gvYXJtL2RvbWFpbi5jCkBAIC00NjEs MTkgKzQ2MSwzNyBAQCB2b2lkIHN0YXJ0dXBfY3B1X2lkbGVfbG9vcCh2b2lk KQogc3RydWN0IGRvbWFpbiAqYWxsb2NfZG9tYWluX3N0cnVjdCh2b2lkKQog ewogICAgIHN0cnVjdCBkb21haW4gKmQ7CisgICAgdW5zaWduZWQgaW50IGks IG1heF9zdGF0dXNfZnJhbWVzOworCiAgICAgQlVJTERfQlVHX09OKHNpemVv ZigqZCkgPiBQQUdFX1NJWkUpOwogICAgIGQgPSBhbGxvY194ZW5oZWFwX3Bh Z2VzKDAsIDApOwogICAgIGlmICggZCA9PSBOVUxMICkKICAgICAgICAgcmV0 dXJuIE5VTEw7CiAKICAgICBjbGVhcl9wYWdlKGQpOwotICAgIGQtPmFyY2gu Z3JhbnRfdGFibGVfZ2ZuID0geHphbGxvY19hcnJheShnZm5fdCwgbWF4X2dy YW50X2ZyYW1lcyk7CisKKyAgICBkLT5hcmNoLmdyYW50X3NoYXJlZF9nZm4g PSB4bWFsbG9jX2FycmF5KGdmbl90LCBtYXhfZ3JhbnRfZnJhbWVzKTsKKyAg ICBtYXhfc3RhdHVzX2ZyYW1lcyA9IGdyYW50X3RvX3N0YXR1c19mcmFtZXMo bWF4X2dyYW50X2ZyYW1lcyk7CisgICAgZC0+YXJjaC5ncmFudF9zdGF0dXNf Z2ZuID0geG1hbGxvY19hcnJheShnZm5fdCwgbWF4X3N0YXR1c19mcmFtZXMp OworICAgIGlmICggIWQtPmFyY2guZ3JhbnRfc2hhcmVkX2dmbiB8fCAhZC0+ YXJjaC5ncmFudF9zdGF0dXNfZ2ZuICkKKyAgICB7CisgICAgICAgIGZyZWVf ZG9tYWluX3N0cnVjdChkKTsKKyAgICAgICAgcmV0dXJuIE5VTEw7CisgICAg fQorCisgICAgZm9yICggaSA9IDA7IGkgPCBtYXhfZ3JhbnRfZnJhbWVzOyAr K2kgKQorICAgICAgICBkLT5hcmNoLmdyYW50X3NoYXJlZF9nZm5baV0gPSBJ TlZBTElEX0dGTjsKKworICAgIGZvciAoIGkgPSAwOyBpIDwgbWF4X3N0YXR1 c19mcmFtZXM7ICsraSApCisgICAgICAgIGQtPmFyY2guZ3JhbnRfc3RhdHVz X2dmbltpXSA9IElOVkFMSURfR0ZOOworCiAgICAgcmV0dXJuIGQ7CiB9CiAK IHZvaWQgZnJlZV9kb21haW5fc3RydWN0KHN0cnVjdCBkb21haW4gKmQpCiB7 Ci0gICAgeGZyZWUoZC0+YXJjaC5ncmFudF90YWJsZV9nZm4pOworICAgIHhm cmVlKGQtPmFyY2guZ3JhbnRfc2hhcmVkX2dmbik7CisgICAgeGZyZWUoZC0+ YXJjaC5ncmFudF9zdGF0dXNfZ2ZuKTsKICAgICBmcmVlX3hlbmhlYXBfcGFn ZShkKTsKIH0KIAotLS0gYS94ZW4vYXJjaC9hcm0vbW0uYworKysgYi94ZW4v YXJjaC9hcm0vbW0uYwpAQCAtMTE0OCw2ICsxMTQ4LDcgQEAgaW50IHhlbm1l bV9hZGRfdG9fcGh5c21hcF9vbmUoCiAgICAgaW50IHJjOwogICAgIHAybV90 eXBlX3QgdDsKICAgICBzdHJ1Y3QgcGFnZV9pbmZvICpwYWdlID0gTlVMTDsK KyAgICBib29sIHN0YXR1cyA9IGZhbHNlOwogCiAgICAgc3dpdGNoICggc3Bh Y2UgKQogICAgIHsKQEAgLTExNjUsNiArMTE2Niw3IEBAIGludCB4ZW5tZW1f YWRkX3RvX3BoeXNtYXBfb25lKAogICAgICAgICAgICAgICAgIG1mbiA9IHZp cnRfdG9fbWZuKGQtPmdyYW50X3RhYmxlLT5zdGF0dXNbaWR4XSk7CiAgICAg ICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICAgbWZuID0gbWZuX3goSU5W QUxJRF9NRk4pOworICAgICAgICAgICAgc3RhdHVzID0gdHJ1ZTsKICAgICAg ICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKQEAgLTExODAsNyArMTE4 MiwxMCBAQCBpbnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKIAogICAg ICAgICBpZiAoIG1mbiAhPSBtZm5feChJTlZBTElEX01GTikgKQogICAgICAg ICB7Ci0gICAgICAgICAgICBkLT5hcmNoLmdyYW50X3RhYmxlX2dmbltpZHhd ID0gZ2ZuOworICAgICAgICAgICAgaWYgKCBzdGF0dXMgKQorICAgICAgICAg ICAgICAgIGQtPmFyY2guZ3JhbnRfc3RhdHVzX2dmbltpZHhdID0gZ2ZuOwor ICAgICAgICAgICAgZWxzZQorICAgICAgICAgICAgICAgIGQtPmFyY2guZ3Jh bnRfc2hhcmVkX2dmbltpZHhdID0gZ2ZuOwogCiAgICAgICAgICAgICB0ID0g cDJtX3JhbV9ydzsKICAgICAgICAgfQotLS0gYS94ZW4vaW5jbHVkZS9hc20t YXJtL2RvbWFpbi5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS1hcm0vZG9tYWlu LmgKQEAgLTUwLDcgKzUwLDggQEAgc3RydWN0IGFyY2hfZG9tYWluCiAgICAg c3RydWN0IHAybV9kb21haW4gcDJtOwogCiAgICAgc3RydWN0IGh2bV9kb21h aW4gaHZtX2RvbWFpbjsKLSAgICBnZm5fdCAqZ3JhbnRfdGFibGVfZ2ZuOwor ICAgIGdmbl90ICpncmFudF9zaGFyZWRfZ2ZuOworICAgIGdmbl90ICpncmFu dF9zdGF0dXNfZ2ZuOwogCiAgICAgc3RydWN0IHZtbWlvIHZtbWlvOwogCi0t LSBhL3hlbi9pbmNsdWRlL2FzbS1hcm0vZ3JhbnRfdGFibGUuaAorKysgYi94 ZW4vaW5jbHVkZS9hc20tYXJtL2dyYW50X3RhYmxlLmgKQEAgLTE0LDcgKzE0 LDYgQEAgaW50IHJlcGxhY2VfZ3JhbnRfaG9zdF9tYXBwaW5nKHVuc2lnbmVk CiAgICAgICAgIHVuc2lnbmVkIGxvbmcgbmV3X2dwYWRkciwgdW5zaWduZWQg aW50IGZsYWdzKTsKIHZvaWQgZ250dGFiX21hcmtfZGlydHkoc3RydWN0IGRv bWFpbiAqZCwgdW5zaWduZWQgbG9uZyBsKTsKICNkZWZpbmUgZ250dGFiX2Ny ZWF0ZV9zdGF0dXNfcGFnZShkLCB0LCBpKSBkbyB7fSB3aGlsZSAoMCkKLSNk ZWZpbmUgZ250dGFiX3N0YXR1c19nbWZuKGQsIHQsIGkpICgwKQogI2RlZmlu ZSBnbnR0YWJfcmVsZWFzZV9ob3N0X21hcHBpbmdzKGRvbWFpbikgMQogc3Rh dGljIGlubGluZSBpbnQgcmVwbGFjZV9ncmFudF9zdXBwb3J0ZWQodm9pZCkK IHsKQEAgLTI5LDggKzI4LDEyIEBAIHN0YXRpYyBpbmxpbmUgaW50IHJlcGxh Y2VfZ3JhbnRfc3VwcG9ydGUKICAgICB9IHdoaWxlICggMCApCiAKICNkZWZp bmUgZ250dGFiX3NoYXJlZF9nbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBcCi0gICAgKCAoKGkgPj0gbnJfZ3Jh bnRfZnJhbWVzKGQtPmdyYW50X3RhYmxlKSkgJiYgICAgICAgICAgICAgICAg ICAgICAgICAgXAotICAgICAoaSA8IG1heF9ncmFudF9mcmFtZXMpKSA/IDAg OiBnZm5feChkLT5hcmNoLmdyYW50X3RhYmxlX2dmbltpXSkpCisgICAgZ2Zu X3goKChpKSA+PSBucl9ncmFudF9mcmFtZXModCkpID8gSU5WQUxJRF9HRk4g ICAgICAgICAgICAgICAgICAgICAgXAorICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA6IChkKS0+YXJjaC5ncmFudF9zaGFyZWRfZ2Zu W2ldKQorCisjZGVmaW5lIGdudHRhYl9zdGF0dXNfZ21mbihkLCB0LCBpKSAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAorICAgIGdm bl94KCgoaSkgPj0gbnJfc3RhdHVzX2ZyYW1lcyh0KSkgPyBJTlZBTElEX0dG TiAgICAgICAgICAgICAgICAgICAgIFwKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDogKGQpLT5hcmNoLmdyYW50X3N0YXR1c19n Zm5baV0pCiAKICNkZWZpbmUgZ250dGFiX25lZWRfaW9tbXVfbWFwcGluZyhk KSAgICAgICAgICAgICAgICAgICAgXAogICAgIChpc19kb21haW5fZGlyZWN0 X21hcHBlZChkKSAmJiBuZWVkX2lvbW11KGQpKQo= --=separator Content-Type: application/octet-stream; name="xsa255-4.9-2.patch" Content-Disposition: attachment; filename="xsa255-4.9-2.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGRvbid0IGJsaW5kbHkgZnJlZSBzdGF0dXMgcGFnZXMgdXBv biB2ZXJzaW9uIGNoYW5nZQoKVGhlcmUgbWF5IHN0aWxsIGJlIGFjdGl2ZSBt YXBwaW5ncywgd2hpY2ggd291bGQgdHJpZ2dlciB0aGUgcmVzcGVjdGl2ZQpC VUdfT04oKS4gU3BsaXQgdGhlIGxvb3AgaW50byBvbmUgZGVhbGluZyB3aXRo IHRoZSBwYWdlIGF0dHJpYnV0ZXMgYW5kCnRoZSBzZWNvbmQgKHdoZW4gdGhl IGZpcnN0IGZ1bGx5IHBhc3NlZCkgZnJlZWluZyB0aGUgcGFnZXMuIFJldHVy biBhbgplcnJvciBpZiBhbnkgcGFnZXMgc3RpbGwgaGF2ZSBwZW5kaW5nIHJl ZmVyZW5jZXMuCgpUaGlzIGlzIHBhcnQgb2YgWFNBLTI1NS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3N0YWJlbGxpbmlAa2VybmVs Lm9yZz4KUmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29w ZXIzQGNpdHJpeC5jb20+CgotLS0gYS94ZW4vYXJjaC9hcm0vbW0uYworKysg Yi94ZW4vYXJjaC9hcm0vbW0uYwpAQCAtMTE4MCwxMiArMTE4MCwyMiBAQCBp bnQgeGVubWVtX2FkZF90b19waHlzbWFwX29uZSgKICAgICAgICAgICAgICAg ICBtZm4gPSBtZm5feChJTlZBTElEX01GTik7CiAgICAgICAgIH0KIAorICAg ICAgICBpZiAoIG1mbiAhPSBtZm5feChJTlZBTElEX01GTikgJiYKKyAgICAg ICAgICAgICAhZ2ZuX2VxKGdudHRhYl9nZXRfZnJhbWVfZ2ZuKGQsIHN0YXR1 cywgaWR4KSwgSU5WQUxJRF9HRk4pICkKKyAgICAgICAgeworICAgICAgICAg ICAgcmMgPSBndWVzdF9waHlzbWFwX3JlbW92ZV9wYWdlKGQsCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZ250dGFiX2dl dF9mcmFtZV9nZm4oZCwgc3RhdHVzLCBpZHgpLAorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIF9tZm4obWZuKSwgMCk7Cisg ICAgICAgICAgICBpZiAoIHJjICkKKyAgICAgICAgICAgIHsKKyAgICAgICAg ICAgICAgICBncmFudF93cml0ZV91bmxvY2soZC0+Z3JhbnRfdGFibGUpOwor ICAgICAgICAgICAgICAgIHJldHVybiByYzsKKyAgICAgICAgICAgIH0KKyAg ICAgICAgfQorCiAgICAgICAgIGlmICggbWZuICE9IG1mbl94KElOVkFMSURf TUZOKSApCiAgICAgICAgIHsKLSAgICAgICAgICAgIGlmICggc3RhdHVzICkK LSAgICAgICAgICAgICAgICBkLT5hcmNoLmdyYW50X3N0YXR1c19nZm5baWR4 XSA9IGdmbjsKLSAgICAgICAgICAgIGVsc2UKLSAgICAgICAgICAgICAgICBk LT5hcmNoLmdyYW50X3NoYXJlZF9nZm5baWR4XSA9IGdmbjsKKyAgICAgICAg ICAgIGdudHRhYl9zZXRfZnJhbWVfZ2ZuKGQsIHN0YXR1cywgaWR4LCBnZm4p OwogCiAgICAgICAgICAgICB0ID0gcDJtX3JhbV9ydzsKICAgICAgICAgfQot LS0gYS94ZW4vY29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1v bi9ncmFudF90YWJsZS5jCkBAIC0xNTE2LDIzICsxNTE2LDc0IEBAIHN0YXR1 c19hbGxvY19mYWlsZWQ6CiAgICAgcmV0dXJuIC1FTk9NRU07CiB9CiAKLXN0 YXRpYyB2b2lkCitzdGF0aWMgaW50CiBnbnR0YWJfdW5wb3B1bGF0ZV9zdGF0 dXNfZnJhbWVzKHN0cnVjdCBkb21haW4gKmQsIHN0cnVjdCBncmFudF90YWJs ZSAqZ3QpCiB7Ci0gICAgaW50IGk7CisgICAgdW5zaWduZWQgaW50IGk7CiAK ICAgICBmb3IgKCBpID0gMDsgaSA8IG5yX3N0YXR1c19mcmFtZXMoZ3QpOyBp KysgKQogICAgIHsKICAgICAgICAgc3RydWN0IHBhZ2VfaW5mbyAqcGcgPSB2 aXJ0X3RvX3BhZ2UoZ3QtPnN0YXR1c1tpXSk7CisgICAgICAgIGdmbl90IGdm biA9IGdudHRhYl9nZXRfZnJhbWVfZ2ZuKGQsIHRydWUsIGkpOworCisgICAg ICAgIC8qCisgICAgICAgICAqIEZvciB0cmFuc2xhdGVkIGRvbWFpbnMsIHJl Y292ZXJpbmcgZnJvbSBmYWlsdXJlIGFmdGVyIHBhcnRpYWwKKyAgICAgICAg ICogY2hhbmdlcyB3ZXJlIG1hZGUgaXMgbW9yZSBjb21wbGljYXRlZCB0aGFu IGl0IHNlZW1zIHdvcnRoCisgICAgICAgICAqIGltcGxlbWVudGluZyBhdCB0 aGlzIHRpbWUuIEhlbmNlIHJlc3BlY3RpdmUgZXJyb3IgcGF0aHMgYmVsb3cK KyAgICAgICAgICogY3Jhc2ggdGhlIGRvbWFpbiBpbiBzdWNoIGEgY2FzZS4K KyAgICAgICAgICovCisgICAgICAgIGlmICggcGFnaW5nX21vZGVfdHJhbnNs YXRlKGQpICkKKyAgICAgICAgeworICAgICAgICAgICAgaW50IHJjID0gZ2Zu X2VxKGdmbiwgSU5WQUxJRF9HRk4pCisgICAgICAgICAgICAgICAgICAgICA/ IDAKKyAgICAgICAgICAgICAgICAgICAgIDogZ3Vlc3RfcGh5c21hcF9yZW1v dmVfcGFnZShkLCBnZm4sCisgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgX21mbihwYWdlX3RvX21mbihwZykpLCAw KTsKKworICAgICAgICAgICAgaWYgKCByYyApCisgICAgICAgICAgICB7Cisg ICAgICAgICAgICAgICAgZ3ByaW50ayhYRU5MT0dfRVJSLAorICAgICAgICAg ICAgICAgICAgICAgICAgIkNvdWxkIG5vdCByZW1vdmUgc3RhdHVzIGZyYW1l ICV1IChHRk4gJSNseCkgZnJvbSBQMk1cbiIsCisgICAgICAgICAgICAgICAg ICAgICAgICBpLCBnZm5feChnZm4pKTsKKyAgICAgICAgICAgICAgICBkb21h aW5fY3Jhc2goZCk7CisgICAgICAgICAgICAgICAgcmV0dXJuIHJjOworICAg ICAgICAgICAgfQorICAgICAgICAgICAgZ250dGFiX3NldF9mcmFtZV9nZm4o ZCwgdHJ1ZSwgaSwgSU5WQUxJRF9HRk4pOworICAgICAgICB9CiAKICAgICAg ICAgQlVHX09OKHBhZ2VfZ2V0X293bmVyKHBnKSAhPSBkKTsKICAgICAgICAg aWYgKCB0ZXN0X2FuZF9jbGVhcl9iaXQoX1BHQ19hbGxvY2F0ZWQsICZwZy0+ Y291bnRfaW5mbykgKQogICAgICAgICAgICAgcHV0X3BhZ2UocGcpOwotICAg ICAgICBCVUdfT04ocGctPmNvdW50X2luZm8gJiB+UEdDX3hlbl9oZWFwKTsK KworICAgICAgICBpZiAoIHBnLT5jb3VudF9pbmZvICYgflBHQ194ZW5faGVh cCApCisgICAgICAgIHsKKyAgICAgICAgICAgIGlmICggcGFnaW5nX21vZGVf dHJhbnNsYXRlKGQpICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAg ICBncHJpbnRrKFhFTkxPR19FUlIsCisgICAgICAgICAgICAgICAgICAgICAg ICAiV3JvbmcgcGFnZSBzdGF0ZSAlI2x4IG9mIHN0YXR1cyBmcmFtZSAldSAo R0ZOICUjbHgpXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAgcGctPmNv dW50X2luZm8sIGksIGdmbl94KGdmbikpOworICAgICAgICAgICAgICAgIGRv bWFpbl9jcmFzaChkKTsKKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIGVs c2UKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBpZiAoIGdldF9w YWdlKHBnLCBkKSApCisgICAgICAgICAgICAgICAgICAgIHNldF9iaXQoX1BH Q19hbGxvY2F0ZWQsICZwZy0+Y291bnRfaW5mbyk7CisgICAgICAgICAgICAg ICAgd2hpbGUgKCBpLS0gKQorICAgICAgICAgICAgICAgICAgICBnbnR0YWJf Y3JlYXRlX3N0YXR1c19wYWdlKGQsIGd0LCBpKTsKKyAgICAgICAgICAgIH0K KyAgICAgICAgICAgIHJldHVybiAtRUJVU1k7CisgICAgICAgIH0KKworICAg ICAgICBwYWdlX3NldF9vd25lcihwZywgTlVMTCk7CisgICAgfQorCisgICAg Zm9yICggaSA9IDA7IGkgPCBucl9zdGF0dXNfZnJhbWVzKGd0KTsgaSsrICkK KyAgICB7CiAgICAgICAgIGZyZWVfeGVuaGVhcF9wYWdlKGd0LT5zdGF0dXNb aV0pOwogICAgICAgICBndC0+c3RhdHVzW2ldID0gTlVMTDsKICAgICB9CiAg ICAgZ3QtPm5yX3N0YXR1c19mcmFtZXMgPSAwOworCisgICAgcmV0dXJuIDA7 CiB9CiAKIC8qCkBAIC0yNzc0LDggKzI4MjUsOSBAQCBnbnR0YWJfc2V0X3Zl cnNpb24oWEVOX0dVRVNUX0hBTkRMRV9QQVJBCiAgICAgICAgIGJyZWFrOwog ICAgIH0KIAotICAgIGlmICggb3AudmVyc2lvbiA8IDIgJiYgZ3QtPmd0X3Zl cnNpb24gPT0gMiApCi0gICAgICAgIGdudHRhYl91bnBvcHVsYXRlX3N0YXR1 c19mcmFtZXMoY3VycmQsIGd0KTsKKyAgICBpZiAoIG9wLnZlcnNpb24gPCAy ICYmIGd0LT5ndF92ZXJzaW9uID09IDIgJiYKKyAgICAgICAgIChyZXMgPSBn bnR0YWJfdW5wb3B1bGF0ZV9zdGF0dXNfZnJhbWVzKGN1cnJkLCBndCkpICE9 IDAgKQorICAgICAgICBnb3RvIG91dF91bmxvY2s7CiAKICAgICAvKiBNYWtl IHN1cmUgdGhlcmUncyBubyBjcnVkIGxlZnQgb3ZlciBmcm9tIHRoZSBvbGQg dmVyc2lvbi4gKi8KICAgICBmb3IgKCBpID0gMDsgaSA8IG5yX2dyYW50X2Zy YW1lcyhndCk7IGkrKyApCi0tLSBhL3hlbi9pbmNsdWRlL2FzbS1hcm0vZ3Jh bnRfdGFibGUuaAorKysgYi94ZW4vaW5jbHVkZS9hc20tYXJtL2dyYW50X3Rh YmxlLmgKQEAgLTIwLDYgKzIwLDE3IEBAIHN0YXRpYyBpbmxpbmUgaW50IHJl cGxhY2VfZ3JhbnRfc3VwcG9ydGUKICAgICByZXR1cm4gMTsKIH0KIAorI2Rl ZmluZSBnbnR0YWJfc2V0X2ZyYW1lX2dmbihkLCBzdCwgaWR4LCBnZm4pICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFwKKyAgICBkbyB7ICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBcCisgICAgICAgICgoc3QpID8gKGQpLT5hcmNoLmdyYW50 X3N0YXR1c19nZm4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAor ICAgICAgICAgICAgICA6IChkKS0+YXJjaC5ncmFudF9zaGFyZWRfZ2ZuKVtp ZHhdID0gKGdmbik7ICAgICAgICAgICAgICAgIFwKKyAgICB9IHdoaWxlICgg MCApCisKKyNkZWZpbmUgZ250dGFiX2dldF9mcmFtZV9nZm4oZCwgc3QsIGlk eCkgKHsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCisgICBfZ2Zu KChzdCkgPyBnbnR0YWJfc3RhdHVzX2dtZm4oZCwgKGQpLT5ncmFudF90YWJs ZSwgaWR4KSAgICAgICAgICAgICAgXAorICAgICAgICAgICAgIDogZ250dGFi X3NoYXJlZF9nbWZuKGQsIChkKS0+Z3JhbnRfdGFibGUsIGlkeCkpOyAgICAg ICAgICAgIFwKK30pCisKICNkZWZpbmUgZ250dGFiX2NyZWF0ZV9zaGFyZWRf cGFnZShkLCB0LCBpKSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBc CiAgICAgZG8geyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgICBzaGFy ZV94ZW5fcGFnZV93aXRoX2d1ZXN0KCAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIFwKLS0tIGEveGVuL2luY2x1ZGUvYXNtLXg4Ni9n cmFudF90YWJsZS5oCisrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYvZ3JhbnRf dGFibGUuaApAQCAtMTgsNiArMTgsMTQgQEAgaW50IGNyZWF0ZV9ncmFudF9o b3N0X21hcHBpbmcodWludDY0X3QgYQogaW50IHJlcGxhY2VfZ3JhbnRfaG9z dF9tYXBwaW5nKAogICAgIHVpbnQ2NF90IGFkZHIsIHVuc2lnbmVkIGxvbmcg ZnJhbWUsIHVpbnQ2NF90IG5ld19hZGRyLCB1bnNpZ25lZCBpbnQgZmxhZ3Mp OwogCisjZGVmaW5lIGdudHRhYl9zZXRfZnJhbWVfZ2ZuKGQsIHN0LCBpZHgs IGdmbikgZG8ge30gd2hpbGUgKCAwICkKKyNkZWZpbmUgZ250dGFiX2dldF9m cmFtZV9nZm4oZCwgc3QsIGlkeCkgKHsgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBcCisgICAgdW5zaWduZWQgbG9uZyBtZm5fID0gKHN0KSA/IGdu dHRhYl9zdGF0dXNfbWZuKChkKS0+Z3JhbnRfdGFibGUsIGlkeCkgXAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgOiBnbnR0YWJfc2hhcmVkX21m bigoZCktPmdyYW50X3RhYmxlLCBpZHgpOyBcCisgICAgdW5zaWduZWQgbG9u ZyBncGZuXyA9IGdldF9ncGZuX2Zyb21fbWZuKG1mbl8pOyAgICAgICAgICAg ICAgICAgICAgICAgXAorICAgIFZBTElEX00yUChncGZuXykgPyBfZ2ZuKGdw Zm5fKSA6IElOVkFMSURfR0ZOOyAgICAgICAgICAgICAgICAgICAgICAgIFwK K30pCisKICNkZWZpbmUgZ250dGFiX2NyZWF0ZV9zaGFyZWRfcGFnZShkLCB0 LCBpKSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcCiAgICAgZG8g eyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgXAogICAgICAgICBzaGFyZV94ZW5fcGFn ZV93aXRoX2d1ZXN0KCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFwKQEAgLTMzLDExICs0MSwxMSBAQCBpbnQgcmVwbGFjZV9ncmFu dF9ob3N0X21hcHBpbmcoCiAgICAgfSB3aGlsZSAoIDAgKQogCiAKLSNkZWZp bmUgZ250dGFiX3NoYXJlZF9tZm4oZCwgdCwgaSkgICAgICAgICAgICAgICAg ICAgICAgXAorI2RlZmluZSBnbnR0YWJfc2hhcmVkX21mbih0LCBpKSAgICAg ICAgICAgICAgICAgICAgICAgICBcCiAgICAgKCh2aXJ0X3RvX21hZGRyKCh0 KS0+c2hhcmVkX3Jhd1tpXSkgPj4gUEFHRV9TSElGVCkpCiAKICNkZWZpbmUg Z250dGFiX3NoYXJlZF9nbWZuKGQsIHQsIGkpICAgICAgICAgICAgICAgICAg ICAgXAotICAgIChtZm5fdG9fZ21mbihkLCBnbnR0YWJfc2hhcmVkX21mbihk LCB0LCBpKSkpCisgICAgKG1mbl90b19nbWZuKGQsIGdudHRhYl9zaGFyZWRf bWZuKHQsIGkpKSkKIAogCiAjZGVmaW5lIGdudHRhYl9zdGF0dXNfbWZuKHQs IGkpICAgICAgICAgICAgICAgICAgICAgICAgIFwK --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 15 16:14:44 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 15 Mar 2018 16:14:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ewVVb-00029I-PD; Thu, 15 Mar 2018 16:13:39 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ewVVC-00025U-3q for xen-announce@lists.xenproject.org; Thu, 15 Mar 2018 16:13:14 +0000 X-Inumbo-ID: bf2c1dd4-286b-11e8-9728-bc764e045a96 Received: from mail-wm0-x244.google.com (unknown [2a00:1450:400c:c09::244]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id bf2c1dd4-286b-11e8-9728-bc764e045a96; Thu, 15 Mar 2018 17:13:07 +0100 (CET) Received: by mail-wm0-x244.google.com with SMTP id t6so11608276wmt.5 for ; Thu, 15 Mar 2018 09:13:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=ajX+e8XJ9cTRTaXsYX4CQTqZ07jVVph0jVdRbIho3J8=; b=SwMQQxpoxrcXCaW1DFL1O0FETqX6+56Uns+C6sPWELCW91dWviIKuwyxbIMCIDiz7C 9zA15GO23fIZGrwF9cI2ml881zDfTVrbooZZ1fjxWE2eVv7njlEfEOVPQZxncrQiiSQh ce070uIN6xFl16B1aMa4EuOJVGcTrQ1xcSFBdSGEFrL7S59Fsc+QgnI2EDLkjO5IWUj2 zTpzNQb90lhh0s8w4SLHf5wUhmQhClBK3SQmAKKWUxg2Qnvk+gs+ahBNAc6v4j8FYC0c z9y2HjjN5E6xxOFWIeD4jYs2KZp9Vxi5iv4HxpYcLOPk0ZVRC2zMb+WjhheIqdQ3g0OP kF8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=ajX+e8XJ9cTRTaXsYX4CQTqZ07jVVph0jVdRbIho3J8=; b=fMtzXbdvhNJdDFc6ih+vKVtIGJmqYJE7P0hCmLwYmhzKaPvDkoh4fBVU8d/m5w3M2F ZBIYuqSeBf0G+X8JNH8bmc1DuKmMTEd3L+v/kjIBk4qpy7SD0La6Vtq2v84Eu1wy2OLv xIMBmZXEE0u1xlzRP8vCt/yIQJiNWwTd16jPf41i8hoZu8NNvxndYWPcCah1QmZcDAjK PgZ6QQOSWVBbmLnJOMcn3O0OAEe/vWwnC68puOnWo0RbBwPPmm8W7mLWHB7iIlnnRqu1 i6Q6XYNdXtprJ+5amzuX5wWlX0EAwtoV6ggfhGIbXkBr5Fm5PgIGOnHnRuYUK7g9etS2 s+Dw== X-Gm-Message-State: AElRT7GspaC0kKKdy/lmQiGSC06/ByzNLleyXSeU1wfVI9d6v+RG/z6h j16QGyJsfIVyqY7bTfuTVf/lLH/E X-Google-Smtp-Source: AG47ELtJaT9GFYeQyLLUVqmxE4IpTvfVIbLBir6lK3GYl1n8MZOcqh7z5szzQ3tq4z4AqPu0Fju/mA== X-Received: by 10.80.190.133 with SMTP id b5mr9314187edk.246.1521130391165; Thu, 15 Mar 2018 09:13:11 -0700 (PDT) Received: from ?IPv6:2a00:c1a0:4883:a700:81ec:b016:3b25:4325? ([2a00:c1a0:4883:a700:81ec:b016:3b25:4325]) by smtp.gmail.com with ESMTPSA id j90sm1494146edb.37.2018.03.15.09.13.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Mar 2018 09:13:10 -0700 (PDT) From: Lars Kurth Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Message-Id: <66B6EF5A-0B3E-482D-9744-8AC7DB8D9E4A@gmail.com> Date: Thu, 15 Mar 2018 17:13:08 +0100 To: xen-announce@lists.xenproject.org X-Mailer: Apple Mail (2.3445.5.20) X-Mailman-Approved-At: Thu, 15 Mar 2018 16:13:38 +0000 Subject: [Xen-announce] 2018 Xen Project Developer and Design Summit: CfP open from now to April 13, Event is held June 20-22, 2018 in Nanjing, China X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0665143941804121506==" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --===============0665143941804121506== Content-Type: multipart/signed; boundary="Apple-Mail=_0C73C264-EE3F-4F19-A770-AAE4AE4609E0"; protocol="application/pgp-signature"; micalg=pgp-sha512 --Apple-Mail=_0C73C264-EE3F-4F19-A770-AAE4AE4609E0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Dear Community Members, I am excited to announce that registration and the call for proposals is open for Xen Project Developer and Design Summit 2018. The event will be held in at the Crowne Plaza Nanjing, China from June 20-22, 2018. The Xen Project Developer and Design Summit will follow the same format as last year combining Xen Project Developer Summits with Xen Project Hackathons. We will have talks in the mornings and smaller interactive design and problem solving sessions in the afternoon. Note that the CfP period is quite short: if you need extra time, or you otherwise have difficulties with the CfP please contact me via community.manager@xenproject.org. Submit a Talk =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Several formats are being accepted for speaking proposals, including: * Presentations and Panels: these are presentations and panels as we always had them at Developer Summits in the past. * Interactive design and problem solving sessions. These sessions can be submitted as part of the CFP, but we will reserve a number of design sessions to be allocated during the event. Proposers of design sessions are expected to host and moderate design sessions following the format we have used at Xen Project Hackathons. If you have not participated in these in the past, check out past event reports from 2018 * https://xen.markmail.org/thread/hs6gpgjbbx2smadn (Notes from PCI Passthrough design discussion at Xen Summit) * https://markmail.org/thread/7e2mdpimvrmsppq5 (Notes Design Session: Making Releases Lessons Learned: Improving Our Release Process and Tooling) * https://xen.markmail.org/thread/37annnvm7wwygr4j (Notes from Design Summit Hypervisor Fuzzing Session) Never talked at a conference before? Don=E2=80=99t worry! We encourage new speakers to submit for our events and have plenty of resources to help you prepare for your presentation. Here are some dates to remember for submissions and in general: * CFP Close: April 13, 2018 * CFP Notifications: April 30, 2018 * Schedule Announced: May 3, 2018 * Event: June 20-22, 2018 Links to the CfP are at: https://www.lfasiallc.com/events/xensummit2018/program/cfp/ = https://www.lfasiallc.com/events/xensummit2018/program/cfp-designsessions/= Note that each link goes to the same back-end: the main difference between the two links are the instructions. Registration =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Registration information is available at https://www.regonline.com/registration/Checkin.aspx?EventID=3D2239305 Travel stipends are only available for students or individuals that are not associated with a company. Accommodation and other information =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D General information about the event can be found on https://www.lfasiallc.com/events/xensummit2018/ Note that the following information is not yet in place: we will add this shortly - hotel block booking information Travel =3D=3D=3D=3D=3D=3D Most international flights to Nanjing will go via Beijing or Shanghai. There are non-stop flights from many Asian cities, as well as Frankfurt (Lufthansa), Milan (Neos) and Los Angeles (China Eastern). It is also possible to take a flight to Shanghai and then a bullet train from Shanghai Hongqiao to Nanjing South (G trains take about 1h15 - 1h30). If you want to take up this option, drop me a line. I have done this many times before. If you have any questions, please contact me via community.manager@xenproject.org Best Regards Lars --Apple-Mail=_0C73C264-EE3F-4F19-A770-AAE4AE4609E0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIzBAEBCgAdFiEEGMt8INYPShzLT5l8yRKINn2yyNoFAlqqm5QACgkQyRKINn2y yNptlg//RCIycpQRlQRpELQoKvCxo/LPnwyUcECoB5LorKtQVHO2Ze3RhK3t0yCC PMvsuqv4h/el3unSIwbsRomTfEydwYizBc628LFOpPXd2YoASlssTTGtZqNqpf5W FAyzY45iw4zL2WXGkur3fpDEcHRX2hgwGENSsPCnAILZOEKYgwvdiDjvgozOkeib htuUb1KxB26qR54vIV4JbVfcWWQuW7yogdbl8EoqJTSpXghWzXxRQ/4BHaNmpwJC PzfyQfEn054zwc4xO64T/VKmbQTZ+YH/aR3Yz4jvI7nWMTV9R98t2wzc1RJDIN8c 2lIC1z7j4gAn5D82fenFbWCA8uLFusW+fkb13C0QOYj94S8DL6N5EmI5AuJFm9+N FEqUSnn05DFQRgwm5xMZsrTijIvtWAn7Bowuy+UBbvurN9i61C8f8mB9W5T7eckb X/I3GVCMmf3w/HVjU2bwl5EfFAeKHOjU6nPL6+VEBBBWTIwRTngZ3QbIyMZTYXsL n5rLlJeqKpFg2nzES/S8pRjmA87MHF8cYrrMhOQoPJpFLZq7uOBn/EKWa7ahrQHG RlVWg7mzivvLbcxvKbgqEarGtek2RFou8ByfIA76aTk0wb+J8iz2KsLFxdViNv3K DjWe/YAY/PObB5OSFtgp/ZhWMWq/VoSDu9xybL/Isw25U1IpcT4= =3g3Q -----END PGP SIGNATURE----- --Apple-Mail=_0C73C264-EE3F-4F19-A770-AAE4AE4609E0-- --===============0665143941804121506== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --===============0665143941804121506==--