From xen-announce-bounces@lists.xenproject.org Wed Apr 04 11:08:04 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 04 Apr 2018 11:08:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f3gFd-0007ua-Uc; Wed, 04 Apr 2018 11:06:49 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f3gEi-0007oF-P8 for xen-announce@lists.xenproject.org; Wed, 04 Apr 2018 11:05:52 +0000 X-Inumbo-ID: 0c6d7a3e-37f8-11e8-9728-bc764e045a96 Received: from mail-wm0-x22f.google.com (unknown [2a00:1450:400c:c09::22f]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 0c6d7a3e-37f8-11e8-9728-bc764e045a96; Wed, 04 Apr 2018 13:05:14 +0200 (CEST) Received: by mail-wm0-x22f.google.com with SMTP id f125so41307049wme.4; Wed, 04 Apr 2018 04:05:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=epuCZqSxJRC4JaTmUIqZRgr9DcSfgyg3nLbwWBjznNk=; b=aFheuiy/FldvUHYHaQsuRUssyhpzSnkT8HumuoNSbqguw+/o3XlnXrEH9gxt30N3OC LZE2KYlLj8CK5vkPUG6Iqi3MsXdidb7xeP6S1T4M6kjY5XLaj05PqamhTb+3Ifgk6MEc r9+nWHKZyudn55T6UOJ/iIPuqhBBHUWk073EeIyryAe7vcVjShZrQWe+6jqhS0PcmiSy 3NJPCU+gYNCUojdV2fnt/oH+XnIeCEm/Pq4PB/n5leTa9d8wccAghu2/fXL9HXEDbwFM 4Yng364jha0EjG2iIMAFWtTHW1Xcz6xs6BeKRlhu8+kDHutTJLbTW5udo09Ns5SnSSWa L4JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=epuCZqSxJRC4JaTmUIqZRgr9DcSfgyg3nLbwWBjznNk=; b=eGicm3MiYjqCCRce05WTID2k3UZhwRHFyS8jaNcDqejqqK9GSWUxVr7OFwguGe27ca i6k+IO1zL5kTsD944RLtMebuERFsmmsmSAoV1kdXioXch0jr2B/hBcRaaWzoq0OkxDCW TnGju+NvtfnHHo/Gvi8wr755nD0QKMCz1pFd2MK1xvg/Lv8zfR+BlhhxWaVVLsfVGWgV kLCPW9CFP6Dl8py0Va3CiS+BkPq0T4eaNnPEOI8G3WHxhF6aEKafYjmN0YRuvjyNmyHi HouK/61UhSYxGn2/Vf+f0j5EeJzf5Re6vg4KBnOjAebwRUYAOeJ9qpgF8URqyRWh+udl uj4w== X-Gm-Message-State: AElRT7GSf1W7pZXF/EZkmn63QbfffIf/L7RYoYKwJ42QYK27Bu5BmYv6 3QJ47M5Z3QT97j0qZrVEikhoXGGY X-Google-Smtp-Source: AIpwx49xH3fnyYo/O5tZGXmowbjaOJCV3LaOTfn7QEaoK4p5i5P+d82jX4qPzFDEdTr72OEiJ6Nngg== X-Received: by 10.80.242.132 with SMTP id f4mr19485636edm.115.1522839949388; Wed, 04 Apr 2018 04:05:49 -0700 (PDT) Received: from ?IPv6:2a00:c1a0:4883:a700:b104:ae45:552a:34c7? ([2a00:c1a0:4883:a700:b104:ae45:552a:34c7]) by smtp.gmail.com with ESMTPSA id g24sm3444942edj.87.2018.04.04.04.05.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 04:05:48 -0700 (PDT) From: Lars Kurth X-Google-Original-From: Lars Kurth Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Message-Id: Date: Wed, 4 Apr 2018 13:05:47 +0200 To: xen-devel , xen-announce@lists.xenproject.org X-Mailer: Apple Mail (2.3445.6.18) X-Mailman-Approved-At: Wed, 04 Apr 2018 11:06:48 +0000 Subject: [Xen-announce] Xen 4.7.5 and 4.9.2 released X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" QWxsLAoKSSBhbSBwbGVhc2VkIHRvIGFubm91bmNlIHRoZSByZWxlYXNlcyBvZiBYZW4gNC43LjUg YW5kIFhlbiA0LjkuMi4gVGhlc2UgYXJlCmF2YWlsYWJsZSBpbW1lZGlhdGVseSBmcm9tIHRoZWly IGdpdCByZXBvc2l0b3JpZXMgYW5kIFhlbiBQcm9qZWN0IGRvd25sb2FkIApwYWdlcyAod2hlcmUg YSBsaXN0IG9mIGNoYW5nZXMgY2FuIGFsc28gYmUgZm91bmQpLgoKV2UgcmVjb21tZW5kIGFsbCB1 c2VycyBvZiB0aGUgNC43IGFuZCA0Ljkgc3RhYmxlIHNlcmllcyB0byB1cGRhdGUgdG8gdGhlc2UK bGF0ZXN0IHBvaW50IHJlbGVhc2VzLgoKWGVuIDQuNy41Cj09PT09PT09PQoKaHR0cDovL3hlbmJp dHMueGVuLm9yZy9naXR3ZWIvP3A9eGVuLmdpdDthPXNob3J0bG9nO2g9cmVmcy9oZWFkcy9zdGFi bGUtNC43Cih0YWcgUkVMRUFTRS00LjcuNSkgCgpodHRwOi8vd3d3LnhlbnByb2plY3Qub3JnL2Rv d25sb2Fkcy94ZW4tYXJjaGl2ZXMveGVuLXByb2plY3QtNDctc2VyaWVzL3hlbi00NzUuaHRtbAoK ClhlbiA0LjkuMgo9PT09PT09PT0KCmh0dHA6Ly94ZW5iaXRzLnhlbi5vcmcvZ2l0d2ViLz9wPXhl bi5naXQ7YT1zaG9ydGxvZztoPXJlZnMvaGVhZHMvc3RhYmxlLTQuOQoodGFnIFJFTEVBU0UtNC45 LjIpIAoKaHR0cDovL3d3dy54ZW5wcm9qZWN0Lm9yZy9kb3dubG9hZHMveGVuLWFyY2hpdmVzL3hl bi1wcm9qZWN0LTQ5LXNlcmllcy94ZW4tNDkyLmh0bWwKCgpSZWdhcmRzLCBMYXJzCl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClhlbi1hbm5vdW5jZSBtYWls aW5nIGxpc3QKWGVuLWFubm91bmNlQGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMu eGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5mby94ZW4tYW5ub3VuY2U= From xen-announce-bounces@lists.xenproject.org Wed Apr 04 17:38:29 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 04 Apr 2018 17:38:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f3mLX-0005i0-7h; Wed, 04 Apr 2018 17:37:19 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f3mL8-0005gL-FL for xen-announce@lists.xenproject.org; Wed, 04 Apr 2018 17:36:54 +0000 X-Inumbo-ID: acc4eeb3-382e-11e8-9728-bc764e045a96 Received: from mail-wm0-x22e.google.com (unknown [2a00:1450:400c:c09::22e]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id acc4eeb3-382e-11e8-9728-bc764e045a96; Wed, 04 Apr 2018 19:36:16 +0200 (CEST) Received: by mail-wm0-x22e.google.com with SMTP id t67so23622583wmt.0 for ; Wed, 04 Apr 2018 10:36:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:references:to:date; bh=y+ZiUHdzdPK0ryETLlt3OvUekN6N5rVsDO/636nEkuU=; b=sc6IAEUaXlRWv7qHARtctUbHefIhpJtc1TCWd23l8JtVoGhpgSdSQNU1rkbFYG19Mv al5wO3PH61EmZ9QDrMgbp+i8S5FKhlsPN4+e4eFkSbZq+2Fc4x5Dq4Mtc2ph4wjGLsE8 dBcPBX42ro0kZ7eLV8fJzjSpruXhxBqKmfOnsgCzwzQwtYVDA37MyuySp5rEE69ZjxdD Vpi1355bxVsXh9VY5h9eEcEcdMOiwAoUHvW8ck4DJ94LZmXvWkA2jD7E0X5HpDeazzEK WXia0h4DrBmCJ9L29d9jzvwW5xs5g2nOAGXQ8CAV+60Z6P2H41YhJWISgOEU7PsIuAsj BAxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=y+ZiUHdzdPK0ryETLlt3OvUekN6N5rVsDO/636nEkuU=; b=Gk+oAAhxGYY4Ys5+ltMP8H3o8TixZurySXJHyY5NCuafnSKuQbYnnKpPWjhv0DCiyJ LE0K1E+8/9ZW6GVGW5zR3qbjbHVnukpcT/iCAG0A31Qj5PQ1tOLR/io26fzwCXGVAaK9 Xot6S85GbzFbQhBDzf/ymjB0huOYgSAyBhKWkrcmQ6ekciwfoGCq3KRO97gkYqJLmj1l XozC83U3vww4RKHtkowpokMiHgnSLYZysu5KoRZAKOVT3tnVNS+4codUq8q5UwtCnMfs p175qcGz+7Qa9qpad2FJPsIKu8KtHbjx5qwvUcq4wZElBlX/CqiJc5IXCPD3GzEifqKD Uo7w== X-Gm-Message-State: AElRT7EOUKGza1FaITKzQPl+UUJiBZvM5X18Uk2t5Xy6WWlmDYPZNVFR H0NZ3vgEEn9M0QYkAIUeqiwU7vlw X-Google-Smtp-Source: AIpwx49LxxXRdP6LtyCbf5PBZIM+tsw8T0qr5A+pHhEpXmNbxpqZYFlS0Z10A4a1jBDQNd3kS1oMAw== X-Received: by 10.80.136.8 with SMTP id b8mr21659718edb.274.1522863411549; Wed, 04 Apr 2018 10:36:51 -0700 (PDT) Received: from ?IPv6:2a00:c1a0:4883:a700:b104:ae45:552a:34c7? ([2a00:c1a0:4883:a700:b104:ae45:552a:34c7]) by smtp.gmail.com with ESMTPSA id r23sm1943249edm.58.2018.04.04.10.36.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 10:36:50 -0700 (PDT) From: Lars Kurth X-Google-Original-From: Lars Kurth Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Message-Id: <4E3B0536-C4C6-46A7-AE9B-09DB65EF8442@xenproject.org> References: <23237.2546.225198.36869@mariner.uk.xensource.com> To: xen-announce@lists.xenproject.org Date: Wed, 4 Apr 2018 19:36:49 +0200 X-Mailer: Apple Mail (2.3445.6.18) X-Mailman-Approved-At: Wed, 04 Apr 2018 17:37:18 +0000 Subject: [Xen-announce] Problem with Xen 4.7.5 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1089978065076368973==" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --===============1089978065076368973== Content-Type: multipart/alternative; boundary="Apple-Mail=_8991E2A5-A06C-4980-A07C-7E7872BD399E" --Apple-Mail=_8991E2A5-A06C-4980-A07C-7E7872BD399E Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii > Begin forwarded message: > > From: Ian Jackson > Subject: [Xen-devel] Problem with Xen 4.7.5 > Date: 4 April 2018 at 19:22:58 CEST > To: > Cc: xen-devel@lists.xenproject.org > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We have discovered a bug in Xen 4.7.5 (related to shadow paging). > This bug is a new regression compared to 4.7.4 and does not affect > other Xen releases. > > We are investigating the problem. For now, we recommend that users of > 4.7.x do not upgrade to 4.7.5. > > Apologies for the inconvenience. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJaxQnmAAoJEIP+FMlX6CvZhLwIAIPMOX75gmmJC9OAmgdTQ5dD > Lf99hXTg9EPENIWRy/UuHTqXLC5QiNLY5a5vWISsdzo2QAX7TpxcVmNNqOFLbCxX > D+2fjMlK7ZCvNyi+/hvRt5IAlEdA1MVGAiRzmwFUYBmf4CBJjkAVk1agyUhw4Umh > UaXCT9j1ZSVUgVsULG18/sFzU6r+8DEgqZa1Kgo4DuPRUgvt/jBw1iEpVBWYZJrv > n77ok1rMQoa3RU03hj2Np9Dli7ToV1gHcgzmExfFtML9/ptMjRC5kbk+ObxmABI9 > pZamW2JNO6tozOfA/TEQocQHypz3LY3zBBK52CCSzS9X3vXtjaPvj4qlvhTQBPU= > =S8di > -----END PGP SIGNATURE----- > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel --Apple-Mail=_8991E2A5-A06C-4980-A07C-7E7872BD399E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

Begin forwarded message:

From: = Ian Jackson <ian.jackson@citrix.com>
Subject: = [Xen-devel] = Problem with Xen 4.7.5
Date: = 4 April 2018 at 19:22:58 = CEST
To: = <xen-announce@lists.xenproject.org>
Cc: = xen-devel@lists.xenproject.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: = SHA1

We have discovered a bug in Xen 4.7.5 = (related to shadow paging).
This bug is a new regression = compared to 4.7.4 and does not affect
other Xen = releases.

We are investigating the problem. =  For now, we recommend that users of
4.7.x do not = upgrade to 4.7.5.

Apologies for the = inconvenience.

-----BEGIN PGP = SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaxQnmAAoJEIP+FMlX6CvZhLwIAIPMOX75gmmJC9OAmgdTQ5d= D
Lf99hXTg9EPENIWRy/UuHTqXLC5QiNLY5a5vWISsdzo2QAX7TpxcVmNNqOFLbCx= X
D+2fjMlK7ZCvNyi+/hvRt5IAlEdA1MVGAiRzmwFUYBmf4CBJjkAVk1agyUhw4Um= h
UaXCT9j1ZSVUgVsULG18/sFzU6r+8DEgqZa1Kgo4DuPRUgvt/jBw1iEpVBWYZJr= v
n77ok1rMQoa3RU03hj2Np9Dli7ToV1gHcgzmExfFtML9/ptMjRC5kbk+ObxmABI= 9
pZamW2JNO6tozOfA/TEQocQHypz3LY3zBBK52CCSzS9X3vXtjaPvj4qlvhTQBPU= =3D
=3DS8di
-----END PGP SIGNATURE-----

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

= --Apple-Mail=_8991E2A5-A06C-4980-A07C-7E7872BD399E-- --===============1089978065076368973== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --===============1089978065076368973==-- From xen-announce-bounces@lists.xenproject.org Fri Apr 06 10:34:02 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 06 Apr 2018 10:34:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f4Og2-0008JS-7p; Fri, 06 Apr 2018 10:33:02 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f4Oc7-0007gY-GI for xen-announce@lists.xenproject.org; Fri, 06 Apr 2018 10:28:59 +0000 X-Inumbo-ID: 386276d7-3985-11e8-9728-bc764e045a96 Received: from mail-wm0-x22a.google.com (unknown [2a00:1450:400c:c09::22a]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 386276d7-3985-11e8-9728-bc764e045a96; Fri, 06 Apr 2018 12:28:18 +0200 (CEST) Received: by mail-wm0-x22a.google.com with SMTP id x4so2355390wmh.5 for ; Fri, 06 Apr 2018 03:28:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=dCGUE18Gu4YutbnRBztzMBbb4WtHF/IM/yd1WlVFh4A=; b=VFdYjnRd24sgmcCKuD6PQsjkKdmgBPSNcwp/LTX9N0EudqZECg0SVug+5Z0H1XdXtF WxOJYSvnk4IDmOQpxMX0Vri7eZ5CzFQLOrvM722UXzb0QM0dvyTN1QiJFecwtJhyr/kP jSMRh46q4de2gMC+cnnsTfMve9fjQfKUFgO0vyshaeD/ni4Dcg/QfTGgJY+k7hkaAkw2 /O7+7bI3PV5jhkA8qe+IPybFCce+WD4KX8tyITDqFqxRhFjA/XunhMwmPOHUv8DQKd1+ Tv9BCadXM5qKJ46W3MhwsxE9eQhuk9u9ZtZgecjiRZWoYENNUq8yfJ8sNE2SWzwvL6DC 2YLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=dCGUE18Gu4YutbnRBztzMBbb4WtHF/IM/yd1WlVFh4A=; b=Nnjv6c6XEI+6ZeaNhq0uOhZ19XJlpRIwvd/DBLvFVmNpGEQ+XzH+8AYR9uoDQFDPjz MHUWjYa6zOPdfPbbDPKIW5GB59JJX1/KsNjvVcZHtNkAj1BWjUCEpBaYnW/VKuPCN0Zs O69wJqL9JhXXhCw5ZYDg3J+nBDU48XH67/XN7152rdDlGJ9mgG95x7twto/iFp8SWWAW XTlIYnPWBYK75hq0OgwwtGI1THuClOYn1n1Yh/AQLaK17if9t5eLQ6VsJnoIi3RwBKuG M1ogBa/n1ysC4W59/92Nm8ke5LsovrGVkg/xvZ3GPvJHnDxluq0/ZAJl5N31wt4U1hXM 0Pmg== X-Gm-Message-State: ALQs6tBMOYacadJRbGZfv5g0mTPupbDaGisPt/pz8hR249hpXhy1CYaA DmI4YUFRpMO4eyJ71wRlPH6Wxds7 X-Google-Smtp-Source: AIpwx49Y7Ygn3Pb5eRKgQdJ878m180GysMHqT+N0ykA/feJK7hBhwN21eXJ97I0hPifGegW+9D4Anw== X-Received: by 10.80.146.34 with SMTP id i31mr6345852eda.188.1523010536520; Fri, 06 Apr 2018 03:28:56 -0700 (PDT) Received: from [192.168.0.15] ([92.206.65.52]) by smtp.gmail.com with ESMTPSA id c4sm503416edk.92.2018.04.06.03.28.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Apr 2018 03:28:55 -0700 (PDT) From: Lars Kurth X-Google-Original-From: Lars Kurth Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Message-Id: Date: Fri, 6 Apr 2018 12:28:53 +0200 To: xen-announce@lists.xenproject.org X-Mailer: Apple Mail (2.3445.6.18) X-Mailman-Approved-At: Fri, 06 Apr 2018 10:33:01 +0000 Subject: [Xen-announce] Reminder: 2018 Xen Project Developer and Design Summit: CfP closes Friday April 13 X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" RGVhciBjb21tdW5pdHkgbWVtYmVycywKCnRoaXMgaXMgYSBxdWljayByZW1pbmRlciB0aGF0IHRo ZSBDZlAgZm9yIHRoZSBEZXZlbG9wZXIgU3VtbWl0IGNsb3NlcyBpbiBhIHdlZWsuIEkgbWF5IGJl IGFibGUgdG8gZ2l2ZSBhIGZldyBkYXlzIGV4dGVuc2lvbiwgYnV0IHdvdWxkIG5lZWQgdG8ga25v dyB1cGZyb250LgoKTW9yZSBpbmZvcm1hdGlvbiBpcyBhdmFpbGFibGUgYXQgaGh0dHBzOi8vbGlz dHMueGVucHJvamVjdC5vcmcvYXJjaGl2ZXMvaHRtbC94ZW4tYW5ub3VuY2UvMjAxOC0wMy9tc2cw MDAwNC5odG1sCgpCZXN0IFJlZ2FyZHMKTGFycwpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5j ZUBsaXN0cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxt YW4vbGlzdGluZm8veGVuLWFubm91bmNl From xen-announce-bounces@lists.xenproject.org Wed Apr 18 09:39:19 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 18 Apr 2018 09:39:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f8jXW-0000pA-Ge; Wed, 18 Apr 2018 09:38:10 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1f8jX1-0000lT-FD for xen-announce@lists.xenproject.org; Wed, 18 Apr 2018 09:37:39 +0000 X-Inumbo-ID: fd97b997-42eb-11e8-9728-bc764e045a96 Received: from mail-wr0-x231.google.com (unknown [2a00:1450:400c:c0c::231]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id fd97b997-42eb-11e8-9728-bc764e045a96; Wed, 18 Apr 2018 11:36:38 +0200 (CEST) Received: by mail-wr0-x231.google.com with SMTP id q13-v6so2962225wre.3 for ; Wed, 18 Apr 2018 02:37:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=yqhKfgUgOu5NwDF43ugAgQnHFJmN9xqQCqePipTkch0=; b=UdArGdD6x2uvdXuKTR9QQ20l+tArfPkbR5oOaF5mHvg0Trkavh8m6tzt/1pLmH4Hk2 GopwgZPC5TW+dlzMV0YF/xq+zR+MEMSlD0RsOo6OA+2jIdxen5HYObYg11c4cuJfZGyI 1kRxoa6SYloakeZ9G2bsMn4tt4LeuHGkOog/5Zp+jIOtUfE+S9YvwMhRdroT61Qpe9Tk s6270PwXETd8FvaphYRQ6xrO1/qY7cjGAwtBknjGdWO2lDJpcyb9UXssleaF+Ahk0GLL Bs93Qcw1Lhv8lpL6vYMLdW+yqlDfkWQkG0Q88O3/SziuN4QZLqD+uPfUdHtiUu5iMoOb DdEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=yqhKfgUgOu5NwDF43ugAgQnHFJmN9xqQCqePipTkch0=; b=cJNg9zvscPDZjfSH1L8X+w9OT9M/TH5MmKYTQalWlJcqQGHKJV+6Gvp5BVzOub/Zcn Q1icQcjRTM2GELQijXNFSIKNqP41qk3ih44Wm/sMfAbMZiGi6fJu1oQZYxXuziKmte/m YIZxdwupctie+5rnjO1xc7AJXFzToy0IeO19pKqWmzemXS2mrU1hUigGKjLr/P731AP5 xd5P9F5ozKQLqyZpp97MSMmNV+E+067yKlRx6jxUFAkvZRHlUto9oaA/ch/SJo17DoAQ 0+sxPU8rtFYq8ro11MQ/viwg82idFJWnBysivGV7VHINMYSVrTyVzg2854gaxdRckziR q37g== X-Gm-Message-State: ALQs6tBHcr9SAeEy/yatZL64YulOKnnWR+Iku3+BsjoXWLOyWHYoUtsj bXNf/56q2R0JsYEAV1ZkKZmaxTl/ X-Google-Smtp-Source: AIpwx48YSQ4xRC27sHhULlR+T6jRmfsUvJoqbvgOjnBQHZd4aBnBeiXrbL+Binmnslj+Y4r/AZvmDg== X-Received: by 10.28.175.136 with SMTP id y130mr1304552wme.28.1524044255533; Wed, 18 Apr 2018 02:37:35 -0700 (PDT) Received: from ?IPv6:2a02:c7f:ac18:da00:ec64:1a3b:bf06:a535? ([2a02:c7f:ac18:da00:ec64:1a3b:bf06:a535]) by smtp.gmail.com with ESMTPSA id n8-v6sm651687wrh.51.2018.04.18.02.37.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Apr 2018 02:37:34 -0700 (PDT) From: Lars Kurth X-Google-Original-From: Lars Kurth Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Message-Id: <837CD298-1C47-421A-868D-ABE1A21F6815@xenproject.org> Date: Wed, 18 Apr 2018 10:37:33 +0100 To: xen-announce@lists.xenproject.org X-Mailer: Apple Mail (2.3445.6.18) X-Mailman-Approved-At: Wed, 18 Apr 2018 09:38:09 +0000 Subject: [Xen-announce] Announcing the Xen Project 4.11 RC and Test Day Schedules X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" RGVhciBjb21tdW5pdHkgbWVtYmVycywKCm9uIFR1ZXNkYXksIHdlIGNyZWF0ZWQgWGVuIDQuMXEg UkMxIGFuZCB3aWxsIHJlbGVhc2UgYSBuZXcgcmVsZWFzZSBjYW5kaWRhdGUKZXZlcnkgRlJJREFZ LCB1bnRpbCB3ZSBkZWNsYXJlIGEgcmVsZWFzZSBjYW5kaWRhdGUgYXMgdGhlIGZpbmFsIGNhbmRp ZGF0ZSBhbmQKY3V0IHRoZSBYZW4gNC4xMSByZWxlYXNlLiAKCldlIHdpbGwgYWxzbyBob2xkIGEg VGVzdCBEYXkgZXZlcnkgVFVFU0RBWSBmb3IgdGhlIHJlbGVhc2UgY2FuZGlkYXRlIHRoYXQgd2Fz CnJlbGVhc2VkIHRoZSB3ZWVrIHByaW9yIHRvIHRoZSBUZXN0IERheSBzdGFydGluZyBmcm9tIFJD MS4gTm90ZSB0aGF0IFJD4oCZcyBhcmUgCmFubm91bmNlZCBvbiB0aGUgZm9sbG93aW5nIG1haWxp bmcgbGlzdHM6IHhlbi1hbm5vdW5jZSwgeGVuLWRldmVsIGFuZCB4ZW4tdXNlcnMuIAoKVGhpcyBt ZWFucyB3ZSB3aWxsIGhhdmUgVGVzdCBEYXlzIGNvbWluZyB1cCBvbiBBcHJpbCAyNHRoLCBNYXkg MXN0LCA4dGgsIDE1dGggYW5kIAoyMm5kLiBZb3VyIHRlc3RpbmcgaXMgc3RpbGwgdmFsdWFibGUg b24gb3RoZXIgZGF5cywgc28gcGxlYXNlIGZlZWwgZnJlZSB0byBzZW5kIApUZXN0IFJlcG9ydHMg YXMgb3V0bGluZWQgYmVsb3cgYXQgYW55IHRpbWUuCgoKPT0gR2V0dGluZywgQnVpbGRpbmcgYW5k IEluc3RhbGxpbmcgYSBSZWxlYXNlIENhbmRpZGF0ZSA9PQoKUmVsZWFzZSBjYW5kaWRhdGVzIGFy ZSBhdmFpbGFibGUgZnJvbSBvdXIgZ2l0IHJlcG9zaXRvcnkgYXQKCmdpdDovL3hlbmJpdHMueGVu cHJvamVjdC5vcmcveGVuLmdpdCAodGFnIDQuMTEuMC08cmM+KQoKd2hlcmUgPHJjPiBpcyByYzEs IHJjMiwgcmMzLCBldGMuIGFuZCBhcyB0YXJiYWxsIGZyb20KCmh0dHBzOi8vZG93bmxvYWRzLnhl bnByb2plY3Qub3JnL3JlbGVhc2UveGVuLzQuMTEuMC08cmM+L3hlbi00LjExLjAtPHJjPi50YXIu Z3oKaHR0cHM6Ly9kb3dubG9hZHMueGVucHJvamVjdC5vcmcvcmVsZWFzZS94ZW4vNC4xMS4wLTxy Yz4veGVuLTQuMTEuMC08cmM+LnRhci5nei5zaWcKCkRldGFpbGVkIGJ1aWxkIGFuZCBJbnN0YWxs IGluc3RydWN0aW9ucyBjYW4gYmUgZm91bmQgb24gdGhlIFRlc3QgRGF5IFdpa2kuIE1ha2UKc3Vy ZSB5b3UgY2hlY2sgdGhlIGtub3duIGlzc3VlcyBzZWN0aW9uIG9mIHRoZSBpbnN0cnVjdGlvbnMg YmVmb3JlIHRyeWluZyB0bwpkb3dubG9hZCBhbiBSQy4KCgo9PSBUZXN0aW5nIG5ldyBGZWF0dXJl cywgVGVzdCBhbmQgQnVnIFJlcG9ydHMgPT0KCllvdSBjYW4gZmluZCBUZXN0IEluc3RydWN0aW9u cyBmb3IgbmV3IGZlYXR1cmVzIG9uIG91ciBUZXN0IERheSBXaWtpIGFuZAppbnN0cnVjdGlvbnMg Zm9yIGdlbmVyYWwgdGVzdHMgb24gVGVzdGluZyBYZW4uIFRoZSBmb2xsb3dpbmcgcGFnZXMgcHJv dmlkZQppbmZvcm1hdGlvbiBvbiBob3cgdG8gcmVwb3J0IHN1Y2Nlc3NmdWwgdGVzdHMgYW5kIGhv dyB0byByZXBvcnQgYnVncyBhbmQgaXNzdWVzLgoKSGFwcHkgVGVzdGluZyEKCj09IFJlc291cmNl cyA9PQoqIFRlc3QgRGF5IFdpa2k6IGh0dHBzOi8vd2lraS54ZW5wcm9qZWN0Lm9yZy93aWtpL1hl bl80LjExX1JDX3Rlc3RfaW5zdHJ1Y3Rpb25zCiogS25vd24gSXNzdWVzOgpodHRwczovL3dpa2ku eGVucHJvamVjdC5vcmcvd2lraS9YZW5fNC4xMV9SQ190ZXN0X2luc3RydWN0aW9ucyNLbm93bl9p c3N1ZXMKCkJlc3QgUmVnYXJkcwpMYXJzCgoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpYZW4tYW5ub3VuY2UgbWFpbGluZyBsaXN0Clhlbi1hbm5vdW5j ZUBsaXN0cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxt YW4vbGlzdGluZm8veGVuLWFubm91bmNl From xen-announce-bounces@lists.xenproject.org Wed Apr 25 12:04:54 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Apr 2018 12:04:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ9I-00060X-1J; Wed, 25 Apr 2018 12:03:48 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ9G-00060E-D7 for xen-announce@lists.xen.org; Wed, 25 Apr 2018 12:03:46 +0000 X-Inumbo-ID: 8a27ae21-4880-11e8-9728-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 8a27ae21-4880-11e8-9728-bc764e045a96; Wed, 25 Apr 2018 14:02:35 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ96-0004qj-6o; Wed, 25 Apr 2018 12:03:36 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1fBJ96-00044j-0I; Wed, 25 Apr 2018 12:03:36 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 25 Apr 2018 12:03:36 +0000 Subject: [Xen-announce] Xen Security Advisory 259 - x86: PV guest may crash Xen with XPTI X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-259 version 2 x86: PV guest may crash Xen with XPTI UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The workaround for the Meltdown vulnerability (XSA-254) failed to deal with an error code path connecting the INT 80 handling with general exception handling. This results in an unconditional write attempt of the value zero to an address near 2^64, in cases where a PV guest has no handler installed for INT 80 on one of its vCPU-s. IMPACT ====== A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. VULNERABLE SYSTEMS ================== All Xen versions which the XSA-254 fixes were applied to are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH and HVM guests cannot exploit the vulnerability. MITIGATION ========== Running only PVH or HVM guests avoids the vulnerability. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa259.patch xen-unstable, Xen 4.10.x ... xen 4.7.x xsa259-4.6.patch Xen 4.6.x $ sha256sum xsa259* 5c14a90af066c952974324b361e2a428c280f876b854f0c85a78e8579054a4d1 xsa259.meta ff2efb5eb2502ded988d0aa15351030a15494a9e2223eafbb88377a8e4d39dcb xsa259.patch c40bc8802077cf73f8393fb50574b7c7efbc4d127e202b0ebd757d34aa07aac3 xsa259-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa4G58AAoJEIP+FMlX6CvZrqIH+QFfC5NOoFhVZAChTU0WQ7U6 UwP7yEyLeY15VrGb4YvwzKhvTNwsRRiYTbTNB/QjAkrUkMRhBiUIz7mQqBl0Vc/N 4zblt+YNdDMjhCllTjvtYU6OJzbsqvEBByB4mFrz6fxfZiuXIbOnMUOxLHRRdXLR 6JR8+4RrheKNl9DF6lmLj50d3G/fKrNLY9id8VcDG1TGIB6E1CbJ6gibw7FiYDSq PETa5O1szo2FO2yY+xcMzzGLHv+oVeKZnmuq9KYtP7Q+G823Twz1RE6rTBEjwhs9 sDGUlgZ48QVfSzer10syzyeX0p9hLHyKhlJnCrmCiywvKq68/uVexZFNcOKRPtE= =n+01 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa259.meta" Content-Disposition: attachment; filename="xsa259.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNTksCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiLAog ICAgIjQuNyIsCiAgICAiNC42IgogIF0sCiAgIlRyZWVzIjogWwogICAgInhl biIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjJlMzQzNDNmYjJjOGI2MmU4ZTk4YjIxYTU2OWJlZWE1MDhmNTAx ZjYiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDI1OAog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAg ICAieHNhMjU5LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAg fQogICAgfSwKICAgICI0LjYiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjBiMzg5MzA0 NTJhZGNlNzIyNDRlMjM0MThhNzIxMjZhMmY4ODE0YTgiLAogICAgICAgICAg IlByZXJlcXMiOiBbCiAgICAgICAgICAgIDI1OAogICAgICAgICAgXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjU5LTQuNi5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC43IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjog ewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJkY2E4MGFiYzIwNzVhNTRmZWM1 ODM0NDc1MTM1NzAyMWIzYjViMzllIiwKICAgICAgICAgICJQcmVyZXFzIjog WwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAgICAg IF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAg ICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0 YWJsZVJlZiI6ICI4NjZkZWRhYmIzZTUxYTU2YzFiOWFkNDIwNmVlMGZmYWYw YjVjNGIzIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAy NTgKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAg ICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAg ICAgIH0KICAgIH0sCiAgICAiNC45IjogewogICAgICAiUmVjaXBlcyI6IHsK ICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJhZDRm ZWZkZDA4OGU0N2RjYzAxN2VmZWZjNDg1N2UxNjEwYzgzMmFmIiwKICAgICAg ICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0s CiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAibWFzdGVyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVu IjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJjMGQ5OGIzNTcxNGZiNzA3 MjE3YzkwNjJiNjUxOGUxNThjZDcyZWVhIiwKICAgICAgICAgICJQcmVyZXFz IjogWwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0sCiAgICAgICAgICAi UGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAg ICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa259.patch" Content-Disposition: attachment; filename="xsa259.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGZpeCBzbG93IGludDgwIHBhdGggYWZ0ZXIgWFBUSSBhZGRpdGlv bnMKCkZvciB0aGUgaW50ODAgc2xvdyBwYXRoIHRvIGp1bXAgdG8gaGFuZGxl X2V4Y2VwdGlvbl9zYXZlZCwgJXIxNCBuZWVkcyB0bwpiZSBzZXQgdXAgc3Vp dGFibHkgZm9yIFhQVEkgcHVycG9zZXMuIFRoaXMgaXMgYmVjYXVzZSBvZiB0 aGUgZGlmZmVyZW5jZQppbiBuYXR1cmUgYmV0d2VlbiB0aGUgaW50ODAgcGF0 aCAod2hpY2ggaXMgc3luY2hyb25vdXMgV1JUIGd1ZXN0CmFjdGlvbnMpIGFu ZCB0aGUgZXhjZXB0aW9uIHBhdGggd2hpY2ggaXMgcG90ZW50aWFsbHkgYXN5 bmNocm9ub3VzLgoKVGhpcyBpcyBYU0EtMjU5LgoKUmVwb3J0ZWQtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJp eC5jb20+CgotLS0gYS94ZW4vYXJjaC94ODYveDg2XzY0L2VudHJ5LlMKKysr IGIveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCkBAIC0zOTYsNiArMzk2 LDEyIEBAIGludDgwX3Nsb3dfcGF0aDoKICAgICAgICAgbW92bCAgJFRSQVBf Z3BfZmF1bHQsVVJFR1NfZW50cnlfdmVjdG9yKCVyc3ApCiAgICAgICAgIC8q IEEgR1BGIHdvdWxkbid0IGhhdmUgaW5jcmVtZW50ZWQgdGhlIGluc3RydWN0 aW9uIHBvaW50ZXIuICovCiAgICAgICAgIHN1YnEgICQyLFVSRUdTX3JpcCgl cnNwKQorICAgICAgICAvKgorICAgICAgICAgKiBXaGlsZSB3ZSd2ZSBjbGVh cmVkIHhlbl9jcjMgYWJvdmUgYWxyZWFkeSwgbm9ybWFsIGV4Y2VwdGlvbiBo YW5kbGluZworICAgICAgICAgKiBjb2RlIGhhcyBsb2dpYyB0byByZXN0b3Jl IHRoZSBvcmlnaW5hbCB2YWx1ZSBmcm9tICVyMTUuIFRoZXJlZm9yZSB3ZQor ICAgICAgICAgKiBuZWVkIHRvIHNldCB1cCAlcjE0IGhlcmUsIHdoaWxlICVy MTUgaXMgcmVxdWlyZWQgdG8gc3RpbGwgYmUgemVyby4KKyAgICAgICAgICov CisgICAgICAgIEdFVF9TVEFDS19FTkQoMTQpCiAgICAgICAgIGptcCAgIGhh bmRsZV9leGNlcHRpb25fc2F2ZWQKIAogICAgICAgICAvKiBjcmVhdGVfYm91 bmNlX2ZyYW1lICYgaGVscGVycyBkb24ndCBuZWVkIHRvIGJlIGluIC50ZXh0 LmVudHJ5ICovCg== --=separator Content-Type: application/octet-stream; name="xsa259-4.6.patch" Content-Disposition: attachment; filename="xsa259-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGZpeCBzbG93IGludDgwIHBhdGggYWZ0ZXIgWFBUSSBhZGRpdGlv bnMKCkZvciB0aGUgaW50ODAgc2xvdyBwYXRoIHRvIGp1bXAgdG8gaGFuZGxl X2V4Y2VwdGlvbl9zYXZlZCwgJXIxNCBuZWVkcyB0bwpiZSBzZXQgdXAgc3Vp dGFibHkgZm9yIFhQVEkgcHVycG9zZXMuIFRoaXMgaXMgYmVjYXVzZSBvZiB0 aGUgZGlmZmVyZW5jZQppbiBuYXR1cmUgYmV0d2VlbiB0aGUgaW50ODAgcGF0 aCAod2hpY2ggaXMgc3luY2hyb25vdXMgV1JUIGd1ZXN0CmFjdGlvbnMpIGFu ZCB0aGUgZXhjZXB0aW9uIHBhdGggd2hpY2ggaXMgcG90ZW50aWFsbHkgYXN5 bmNocm9ub3VzLgoKVGhpcyBpcyBYU0EtMjU5LgoKUmVwb3J0ZWQtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClJlcG9y dGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3Vz ZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9l bnRyeS5TCisrKyBiL3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnkuUwpAQCAt NDQyLDYgKzQ0MiwxMiBAQCBpbnQ4MF9zbG93X3BhdGg6CiAgICAgICAgIG1v dmwgICRUUkFQX2dwX2ZhdWx0LFVSRUdTX2VudHJ5X3ZlY3RvciglcnNwKQog ICAgICAgICAvKiBBIEdQRiB3b3VsZG4ndCBoYXZlIGluY3JlbWVudGVkIHRo ZSBpbnN0cnVjdGlvbiBwb2ludGVyLiAqLwogICAgICAgICBzdWJxICAkMixV UkVHU19yaXAoJXJzcCkKKyAgICAgICAgLyoKKyAgICAgICAgICogV2hpbGUg d2UndmUgY2xlYXJlZCB4ZW5fY3IzIGFib3ZlIGFscmVhZHksIG5vcm1hbCBl eGNlcHRpb24gaGFuZGxpbmcKKyAgICAgICAgICogY29kZSBoYXMgbG9naWMg dG8gcmVzdG9yZSB0aGUgb3JpZ2luYWwgdmFsdWUgZnJvbSAlcjE1LiBUaGVy ZWZvcmUgd2UKKyAgICAgICAgICogbmVlZCB0byBzZXQgdXAgJXIxNCBoZXJl LCB3aGlsZSAlcjE1IGlzIHJlcXVpcmVkIHRvIHN0aWxsIGJlIHplcm8uCisg ICAgICAgICAqLworICAgICAgICBHRVRfU1RBQ0tfQkFTRSglcjE0KQogICAg ICAgICBqbXAgICBoYW5kbGVfZXhjZXB0aW9uX3NhdmVkCiAKIC8qIENSRUFU RSBBIEJBU0lDIEVYQ0VQVElPTiBGUkFNRSBPTiBHVUVTVCBPUyBTVEFDSzog ICAgICAgICAgICAgICAgICAgICAqLwo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Wed Apr 25 12:04:54 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 25 Apr 2018 12:04:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ9I-00060d-D6; Wed, 25 Apr 2018 12:03:48 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ9G-00060D-Dl for xen-announce@lists.xen.org; Wed, 25 Apr 2018 12:03:46 +0000 X-Inumbo-ID: 8a18c68e-4880-11e8-9728-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 8a18c68e-4880-11e8-9728-bc764e045a96; Wed, 25 Apr 2018 14:02:35 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fBJ92-0004qV-3G; Wed, 25 Apr 2018 12:03:32 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1fBJ92-00043j-0a; Wed, 25 Apr 2018 12:03:32 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Wed, 25 Apr 2018 12:03:32 +0000 Subject: [Xen-announce] Xen Security Advisory 258 - Information leak via crafted user-supplied CDROM X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-258 version 2 Information leak via crafted user-supplied CDROM UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= QEMU handles many different file formats for virtual disks (e.g., raw, qcow2, vhd, &c). Some of these formats are "snapshots" that specify "patches" to an alternate disk image, whose filename is included in the snapshot file. When qemu is given a disk but the type is not specified, it attempts to guess the file format by reading it. If a disk image is intended to be 'raw', but the image is entirely controlled by an attacker, the attacker could write a header to the image, describing one of these "snapshot" formats, and pointing to an arbitrary file as the "backing" file. When attaching disks via command-line parameters at boot time (including both "normal" disks and CDROMs), libxl specifies the format; however, when inserting a CDROM live via QMP, the format was not specified. IMPACT ====== An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu devicemodel process. (The virtual CDROM device is read-only, so no data can be written.) VULNERABLE SYSTEMS ================== Only x86 HVM guests with a virtual CDROM device are affected. ARM guests, x86 PV guests, x86 PVH guests, and x86 HVM guests without a virtual CDROM device are not affected. Only systems with qemu running in dom0 are affected; systems running stub domains are not affected. Only systems using qemu-xen (aka "qemu-upstream" are affected; systems running qemu-xen-traditional are not affected. Only systems in which an attacker can provide a raw CDROM image, and cause that image to be virtually inserted while the guest is running, are affected. Systems which only have host administrator-supplied CDROM images, or systems which allow images to be added only at boot time, are not affected. MITIGATION ========== One workaround is to "wrap" the guest-supplied image in a specific format; i.e., accept a raw image from the untrusted user, and convert it into qcow2 format; for example: qemu-img convert -f raw -O qcow2 untrusted.raw wrapped.qcow2 WARNING: Make sure to specify `-f raw` if you do this, or qemu will "guess" the format of "untrusted.raw" (which the attacker may have crafted to look like a qcow2 snapshot image with an alternativee base). Another workaround is to allow guests to only change CDROMs at boot time, not while the guest is running. CREDITS ======= This issue was discovered by Anthony Perard of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa258.patch xen-unstable, Xen 4.10.x, Xen 4.9.x xsa258-4.8.patch Xen 4.8.x, Xen 4.7.x xsa258-4.6.patch Xen 4.6.x $ sha256sum xsa258* 2c35a77eeca5579b5c32517c5ba511c836fa70f8b824ca8883fc6e1a7e608405 xsa258.meta 7e8014deae4fa19464fe6570d0719f8f0d7730dd153d58b2fa38b0cd5ed2e459 xsa258.patch 2c58060a42dafbf65563941dd8c737732124b49eb47007cc60f647553227f557 xsa258-4.6.patch ebba2f1f084249cd1e1c2f59e338412161884c31c83dbba03fc1e10bf4ba57a1 xsa258-4.8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or the "wrap" mitigation described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However, deploying the "only allow guests to change CDROMs at boot time" is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because it may give attackers a hint of where to look for the vulnerability. Deployment of this mitigation is permitted only AFTER the embargo ends. Additionally, distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa4G55AAoJEIP+FMlX6CvZHjYIAJEtdHT5yPyQuSjh8ATOYN/s DrpUSw65EvvgbuGJTcmWZMc335AvyoMDtYVtk+Ouy5dMlfuUXcwjimoLWC6FfEDg aJ19puvjVaA8JcRzimlWQjru8Eqyso1+uNjuvsv1RCSkhN6qGBGCx6xlyWJL0tGk H/C9HPT7EAKw0bfyFJLOkl7PEohMxXSvGa9oiOZfEJnyr91AuvehTrQWM2Dwf2sz sXp2drOlWQphwE3o/D+qDv5LOkyJY1NaKvGtTem3TmNT/YImMCWLZ3bS76GDE0io qsMPHwndwMKDM7ST9bYcKy1Oq2f7DXHBcLVUtn1Q3DhPeSqBmxAfBuESveUIOl4= =nyQb -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa258.meta" Content-Disposition: attachment; filename="xsa258.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNTgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiLAog ICAgIjQuNyIsCiAgICAiNC42IgogIF0sCiAgIlRyZWVzIjogWwogICAgInhl biIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjJlMzQzNDNmYjJjOGI2MmU4ZTk4YjIxYTU2OWJlZWE1MDhmNTAx ZjYiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRj aGVzIjogWwogICAgICAgICAgICAieHNhMjU4LnBhdGNoIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjYiOiB7CiAgICAg ICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3Rh YmxlUmVmIjogIjBiMzg5MzA0NTJhZGNlNzIyNDRlMjM0MThhNzIxMjZhMmY4 ODE0YTgiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQ YXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjU4LTQuNi5wYXRjaCIKICAg ICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC43Ijog ewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAg ICAgIlN0YWJsZVJlZiI6ICJkY2E4MGFiYzIwNzVhNTRmZWM1ODM0NDc1MTM1 NzAyMWIzYjViMzllIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAg ICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OC00LjgucGF0 Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAg IjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsK ICAgICAgICAgICJTdGFibGVSZWYiOiAiODY2ZGVkYWJiM2U1MWE1NmMxYjlh ZDQyMDZlZTBmZmFmMGI1YzRiMyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtd LAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNTgt NC44LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAg fSwKICAgICI0LjkiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4 ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImFkNGZlZmRkMDg4ZTQ3 ZGNjMDE3ZWZlZmM0ODU3ZTE2MTBjODMyYWYiLAogICAgICAgICAgIlByZXJl cXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAi eHNhMjU4LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQog ICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImMwZDk4YjM1 NzE0ZmI3MDcyMTdjOTA2MmI2NTE4ZTE1OGNkNzJlZWEiLAogICAgICAgICAg IlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMjU4LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAg ICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa258.patch" Content-Disposition: attachment; filename="xsa258.patch" Content-Transfer-Encoding: base64 RnJvbSBiZjlhYjBlYzBiNjMyNzM5ZmU2MzY2MzkxZTg5YTdkNGRjZjk5OTNi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMyArKysrKysrKysr KysrCiB0b29scy9saWJ4bC9saWJ4bF9kbS5jICAgICAgIHwgMTcgKystLS0t LS0tLS0tLS0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFsLmggfCAg MSArCiB0b29scy9saWJ4bC9saWJ4bF9xbXAuYyAgICAgIHwgIDIgKysKIDQg ZmlsZXMgY2hhbmdlZCwgMTggaW5zZXJ0aW9ucygrKSwgMTUgZGVsZXRpb25z KC0pCgpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMg Yi90b29scy9saWJ4bC9saWJ4bF9kZXZpY2UuYwppbmRleCBjNjBjYWZlNzc0 Li5hNGE4ZTlhYzMyIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9k ZXZpY2UuYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kZXZpY2UuYwpAQCAt NDYyLDYgKzQ2MiwxOSBAQCBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3Ry aW5nX29mX2JhY2tlbmQobGlieGxfZGlza19iYWNrZW5kIGJhY2tlbmQpCiAg ICAgfQogfQogCitjb25zdCBjaGFyICpsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1h dF9zdHJpbmcobGlieGxfZGlza19mb3JtYXQgZm9ybWF0KQoreworICAgIHN3 aXRjaCAoZm9ybWF0KSB7CisgICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9R Q09XOiByZXR1cm4gInFjb3ciOworICAgIGNhc2UgTElCWExfRElTS19GT1JN QVRfUUNPVzI6IHJldHVybiAicWNvdzIiOworICAgIGNhc2UgTElCWExfRElT S19GT1JNQVRfVkhEOiByZXR1cm4gInZwYyI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9SQVc6IHJldHVybiAicmF3IjsKKyAgICBjYXNlIExJQlhM X0RJU0tfRk9STUFUX0VNUFRZOiByZXR1cm4gTlVMTDsKKyAgICBjYXNlIExJ QlhMX0RJU0tfRk9STUFUX1FFRDogcmV0dXJuICJxZWQiOworICAgIGRlZmF1 bHQ6IHJldHVybiBOVUxMOworICAgIH0KK30KKwogaW50IGxpYnhsX19kZXZp Y2VfcGh5c2Rpc2tfbWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgs IGludCAqbWFqb3IsIGludCAqbWlub3IpCiB7CiAgICAgc3RydWN0IHN0YXQg YnVmOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKaW5kZXggYTNjZGRjZThiNy4uYjUxMTc4 YjlmZCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kbS5jCkBAIC02NzcsMTkgKzY3Nyw2IEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX29s ZChsaWJ4bF9fZ2MgKmdjLAogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMg Y29uc3QgY2hhciAqcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KQotewotICAgIHN3aXRjaCAoZm9ybWF0KSB7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XOiByZXR1cm4gInFjb3ci OwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNPVzI6IHJldHVybiAi cWNvdzIiOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfVkhEOiByZXR1 cm4gInZwYyI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9SQVc6IHJl dHVybiAicmF3IjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX0VNUFRZ OiByZXR1cm4gTlVMTDsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX1FF RDogcmV0dXJuICJxZWQiOwotICAgIGRlZmF1bHQ6IHJldHVybiBOVUxMOwot ICAgIH0KLX0KLQogc3RhdGljIGNoYXIgKmRtX3NwaWNlX29wdGlvbnMobGli eGxfX2djICpnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGNvbnN0IGxpYnhsX3NwaWNlX2luZm8gKnNwaWNlKQogewpAQCAtMTUx Niw5ICsxNTAzLDkgQEAgc3RhdGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNl X21vZGVsX2FyZ3NfbmV3KGxpYnhsX19nYyAqZ2MsCiAgICAgICAgICAgICAg KiBhbHdheXMgcmF3CiAgICAgICAgICAgICAgKi8KICAgICAgICAgICAgIGlm IChkaXNrc1tpXS5iYWNrZW5kID09IExJQlhMX0RJU0tfQkFDS0VORF9RRElT SykKLSAgICAgICAgICAgICAgICBmb3JtYXQgPSBxZW11X2Rpc2tfZm9ybWF0 X3N0cmluZyhkaXNrc1tpXS5mb3JtYXQpOworICAgICAgICAgICAgICAgIGZv cm1hdCA9IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhkaXNrc1tp XS5mb3JtYXQpOwogICAgICAgICAgICAgZWxzZQotICAgICAgICAgICAgICAg IGZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tf Rk9STUFUX1JBVyk7CisgICAgICAgICAgICAgICAgZm9ybWF0ID0gbGlieGxf X3FlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFUX1JB Vyk7CiAKICAgICAgICAgICAgIGlmIChkaXNrc1tpXS5mb3JtYXQgPT0gTElC WExfRElTS19GT1JNQVRfRU1QVFkpIHsKICAgICAgICAgICAgICAgICBpZiAo IWRpc2tzW2ldLmlzX2Nkcm9tKSB7CmRpZmYgLS1naXQgYS90b29scy9saWJ4 bC9saWJ4bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJu YWwuaAppbmRleCA1MDY2ODdmYmU5Li4wODEyYmU1Mzc2IDEwMDY0NAotLS0g YS90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xp YnhsL2xpYnhsX2ludGVybmFsLmgKQEAgLTEyMDIsNiArMTIwMiw3IEBAIF9o aWRkZW4gaW50IGxpYnhsX19kb21haW5fcHZjb250cm9sX3dyaXRlKGxpYnhs X19nYyAqZ2MsIHhzX3RyYW5zYWN0aW9uX3QgdCwKIC8qIGZyb20geGxfZGV2 aWNlICovCiBfaGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJp bmdfb2ZfYmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCk7CiBf aGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2ZfZm9y bWF0KGxpYnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCk7CitfaGlkZGVuIGNvbnN0 IGNoYXIgKmxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9k aXNrX2Zvcm1hdCBmb3JtYXQpOwogX2hpZGRlbiBpbnQgbGlieGxfX2Rldmlj ZV9kaXNrX3NldF9iYWNrZW5kKGxpYnhsX19nYyosIGxpYnhsX2RldmljZV9k aXNrKik7CiAKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2VfcGh5c2Rpc2tf bWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgsIGludCAqbWFqb3Is IGludCAqbWlub3IpOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxf cW1wLmMgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwppbmRleCBlYWI5OTNh Y2E5Li41NjdlZDFlNzcyIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4 bF9xbXAuYworKysgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwpAQCAtOTgy LDYgKzk4Miw4IEBAIGludCBsaWJ4bF9fcW1wX2luc2VydF9jZHJvbShsaWJ4 bF9fZ2MgKmdjLCBpbnQgZG9taWQsCiAgICAgICAgIHJldHVybiBxbXBfcnVu X2NvbW1hbmQoZ2MsIGRvbWlkLCAiZWplY3QiLCBhcmdzLCBOVUxMLCBOVUxM KTsKICAgICB9IGVsc2UgewogICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRf c3RyaW5nKGdjLCAmYXJncywgInRhcmdldCIsIGRpc2stPnBkZXZfcGF0aCk7 CisgICAgICAgIHFtcF9wYXJhbWV0ZXJzX2FkZF9zdHJpbmcoZ2MsICZhcmdz LCAiYXJnIiwKKyAgICAgICAgICAgIGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0 X3N0cmluZyhkaXNrLT5mb3JtYXQpKTsKICAgICAgICAgcmV0dXJuIHFtcF9y dW5fY29tbWFuZChnYywgZG9taWQsICJjaGFuZ2UiLCBhcmdzLCBOVUxMLCBO VUxMKTsKICAgICB9CiB9Ci0tIAoyLjE2LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa258-4.6.patch" Content-Disposition: attachment; filename="xsa258-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSA1NzViY2Q4NmVlMGNlNmQzMDgyMTI2NDE1ZDM3MTQyNGZjN2I1YmRi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMiArKysrKysrKysr KysKIHRvb2xzL2xpYnhsL2xpYnhsX2RtLmMgICAgICAgfCAyMCArKysrKyst LS0tLS0tLS0tLS0tLQogdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaCB8 ICAxICsKIHRvb2xzL2xpYnhsL2xpYnhsX3FtcC5jICAgICAgfCAgMiArKwog NCBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25zKCspLCAxNCBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9kZXZpY2Uu YyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jCmluZGV4IGE4MWJhZWU1 ODUuLjM4ZWU0MzQxNWYgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhs X2RldmljZS5jCisrKyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jCkBA IC0zOTUsNiArMzk1LDE4IEBAIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19z dHJpbmdfb2ZfYmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCkK ICAgICB9CiB9CiAKK2NvbnN0IGNoYXIgKmxpYnhsX19xZW11X2Rpc2tfZm9y bWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zvcm1hdCBmb3JtYXQpCit7CisgICAg c3dpdGNoIChmb3JtYXQpIHsKKyAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFU X1FDT1c6IHJldHVybiAicWNvdyI7CisgICAgY2FzZSBMSUJYTF9ESVNLX0ZP Uk1BVF9RQ09XMjogcmV0dXJuICJxY293MiI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9WSEQ6IHJldHVybiAidnBjIjsKKyAgICBjYXNlIExJQlhM X0RJU0tfRk9STUFUX1JBVzogcmV0dXJuICJyYXciOworICAgIGNhc2UgTElC WExfRElTS19GT1JNQVRfRU1QVFk6IHJldHVybiBOVUxMOworICAgIGRlZmF1 bHQ6IHJldHVybiBOVUxMOworICAgIH0KK30KKwogaW50IGxpYnhsX19kZXZp Y2VfcGh5c2Rpc2tfbWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgs IGludCAqbWFqb3IsIGludCAqbWlub3IpCiB7CiAgICAgc3RydWN0IHN0YXQg YnVmOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKaW5kZXggMGRiNWYxMzU1My4uZjIzOGE4 ZTRiMiAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kbS5jCkBAIC02NTYsMTggKzY1Niw2IEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX29s ZChsaWJ4bF9fZ2MgKmdjLAogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMg Y29uc3QgY2hhciAqcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KQotewotICAgIHN3aXRjaCAoZm9ybWF0KSB7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XOiByZXR1cm4gInFjb3ci OwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNPVzI6IHJldHVybiAi cWNvdzIiOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfVkhEOiByZXR1 cm4gInZwYyI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9SQVc6IHJl dHVybiAicmF3IjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX0VNUFRZ OiByZXR1cm4gTlVMTDsKLSAgICBkZWZhdWx0OiByZXR1cm4gTlVMTDsKLSAg ICB9Ci19Ci0KIHN0YXRpYyBjaGFyICpkbV9zcGljZV9vcHRpb25zKGxpYnhs X19nYyAqZ2MsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBsaWJ4bF9zcGljZV9pbmZvICpzcGljZSkKIHsKQEAgLTExMTUs NyArMTEwMyw3IEBAIHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9t b2RlbF9hcmdzX25ldyhsaWJ4bF9fZ2MgKmdjLAogICAgICAgICAgICAgaW50 IGRpc2ssIHBhcnQ7CiAgICAgICAgICAgICBpbnQgZGV2X251bWJlciA9CiAg ICAgICAgICAgICAgICAgbGlieGxfX2RldmljZV9kaXNrX2Rldl9udW1iZXIo ZGlza3NbaV0udmRldiwgJmRpc2ssICZwYXJ0KTsKLSAgICAgICAgICAgIGNv bnN0IGNoYXIgKmZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKGRp c2tzW2ldLmZvcm1hdCk7CisgICAgICAgICAgICBjb25zdCBjaGFyICpmb3Jt YXQ7CiAgICAgICAgICAgICBjaGFyICpkcml2ZTsKICAgICAgICAgICAgIGNv bnN0IGNoYXIgKnBkZXZfcGF0aDsKIApAQCAtMTEyNSw2ICsxMTEzLDExIEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX25l dyhsaWJ4bF9fZ2MgKmdjLAogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwog ICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoZGlza3NbaV0uYmFj a2VuZCA9PSBMSUJYTF9ESVNLX0JBQ0tFTkRfUURJU0spCisgICAgICAgICAg ICAgICAgZm9ybWF0ID0gbGlieGxfX3FlbXVfZGlza19mb3JtYXRfc3RyaW5n KGRpc2tzW2ldLmZvcm1hdCk7CisgICAgICAgICAgICBlbHNlIAorICAgICAg ICAgICAgICAgIGZvcm1hdCA9IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0 cmluZyhMSUJYTF9ESVNLX0ZPUk1BVF9SQVcpOworCiAgICAgICAgICAgICBp ZiAoZGlza3NbaV0uaXNfY2Ryb20pIHsKICAgICAgICAgICAgICAgICBpZiAo ZGlza3NbaV0uZm9ybWF0ID09IExJQlhMX0RJU0tfRk9STUFUX0VNUFRZKQog ICAgICAgICAgICAgICAgICAgICBkcml2ZSA9IGxpYnhsX19zcHJpbnRmCkBA IC0xMTUzLDcgKzExNDYsNiBAQCBzdGF0aWMgaW50IGxpYnhsX19idWlsZF9k ZXZpY2VfbW9kZWxfYXJnc19uZXcobGlieGxfX2djICpnYywKICAgICAgICAg ICAgICAgICB9CiAKICAgICAgICAgICAgICAgICBpZiAoZGlza3NbaV0uYmFj a2VuZCA9PSBMSUJYTF9ESVNLX0JBQ0tFTkRfVEFQKSB7Ci0gICAgICAgICAg ICAgICAgICAgIGZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJ QlhMX0RJU0tfRk9STUFUX1JBVyk7CiAgICAgICAgICAgICAgICAgICAgIHBk ZXZfcGF0aCA9IGxpYnhsX19ibGt0YXBfZGV2cGF0aChnYywgZGlza3NbaV0u cGRldl9wYXRoLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZGlza3NbaV0uZm9ybWF0KTsKICAgICAg ICAgICAgICAgICB9IGVsc2UgewpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwv bGlieGxfaW50ZXJuYWwuaCBiL3Rvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmgKaW5kZXggYTM1OTdkYTIyYS4uMmU4MjRmNjI0OSAxMDA2NDQKLS0tIGEv dG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaAorKysgYi90b29scy9saWJ4 bC9saWJ4bF9pbnRlcm5hbC5oCkBAIC0xMTM2LDYgKzExMzYsNyBAQCBfaGlk ZGVuIGludCBsaWJ4bF9fZG9tYWluX3B2Y29udHJvbF93cml0ZShsaWJ4bF9f Z2MgKmdjLCB4c190cmFuc2FjdGlvbl90IHQsCiAvKiBmcm9tIHhsX2Rldmlj ZSAqLwogX2hpZGRlbiBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3RyaW5n X29mX2JhY2tlbmQobGlieGxfZGlza19iYWNrZW5kIGJhY2tlbmQpOwogX2hp ZGRlbiBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3RyaW5nX29mX2Zvcm1h dChsaWJ4bF9kaXNrX2Zvcm1hdCBmb3JtYXQpOworX2hpZGRlbiBjb25zdCBj aGFyICpsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KTsKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2Vf ZGlza19zZXRfYmFja2VuZChsaWJ4bF9fZ2MqLCBsaWJ4bF9kZXZpY2VfZGlz ayopOwogCiBfaGlkZGVuIGludCBsaWJ4bF9fZGV2aWNlX3BoeXNkaXNrX21h am9yX21pbm9yKGNvbnN0IGNoYXIgKnBoeXNwYXRoLCBpbnQgKm1ham9yLCBp bnQgKm1pbm9yKTsKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX3Ft cC5jIGIvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMKaW5kZXggZjc5OGRlNzRj NS4uM2Q1MmI4NzA3MiAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxf cW1wLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMKQEAgLTk1NSw2 ICs5NTUsOCBAQCBpbnQgbGlieGxfX3FtcF9pbnNlcnRfY2Ryb20obGlieGxf X2djICpnYywgaW50IGRvbWlkLAogICAgICAgICByZXR1cm4gcW1wX3J1bl9j b21tYW5kKGdjLCBkb21pZCwgImVqZWN0IiwgYXJncywgTlVMTCwgTlVMTCk7 CiAgICAgfSBlbHNlIHsKICAgICAgICAgcW1wX3BhcmFtZXRlcnNfYWRkX3N0 cmluZyhnYywgJmFyZ3MsICJ0YXJnZXQiLCBkaXNrLT5wZGV2X3BhdGgpOwor ICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRfc3RyaW5nKGdjLCAmYXJncywg ImFyZyIsCisgICAgICAgICAgICBsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1hdF9z dHJpbmcoZGlzay0+Zm9ybWF0KSk7CiAgICAgICAgIHJldHVybiBxbXBfcnVu X2NvbW1hbmQoZ2MsIGRvbWlkLCAiY2hhbmdlIiwgYXJncywgTlVMTCwgTlVM TCk7CiAgICAgfQogfQotLSAKMi4xNi4yCgo= --=separator Content-Type: application/octet-stream; name="xsa258-4.8.patch" Content-Disposition: attachment; filename="xsa258-4.8.patch" Content-Transfer-Encoding: base64 RnJvbSA0MzdjM2IzYWQzMzdjNDMwNTY5MDNlNDgyNDQ0ODQyOGQzYjVhOTU2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMiArKysrKysrKysr KysKIHRvb2xzL2xpYnhsL2xpYnhsX2RtLmMgICAgICAgfCAxNiArKy0tLS0t LS0tLS0tLS0tCiB0b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oIHwgIDEg KwogdG9vbHMvbGlieGwvbGlieGxfcW1wLmMgICAgICB8ICAyICsrCiA0IGZp bGVzIGNoYW5nZWQsIDE3IGluc2VydGlvbnMoKyksIDE0IGRlbGV0aW9ucygt KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jIGIv dG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMKaW5kZXggM2U3YTEwMjZjNC4u Y2QyYTk4MGYxOCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZGV2 aWNlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMKQEAgLTQy NSw2ICs0MjUsMTggQEAgY2hhciAqbGlieGxfX2RldmljZV9kaXNrX3N0cmlu Z19vZl9iYWNrZW5kKGxpYnhsX2Rpc2tfYmFja2VuZCBiYWNrZW5kKQogICAg IH0KIH0KIAorY29uc3QgY2hhciAqbGlieGxfX3FlbXVfZGlza19mb3JtYXRf c3RyaW5nKGxpYnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCkKK3sKKyAgICBzd2l0 Y2ggKGZvcm1hdCkgeworICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNP VzogcmV0dXJuICJxY293IjsKKyAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFU X1FDT1cyOiByZXR1cm4gInFjb3cyIjsKKyAgICBjYXNlIExJQlhMX0RJU0tf Rk9STUFUX1ZIRDogcmV0dXJuICJ2cGMiOworICAgIGNhc2UgTElCWExfRElT S19GT1JNQVRfUkFXOiByZXR1cm4gInJhdyI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9FTVBUWTogcmV0dXJuIE5VTEw7CisgICAgZGVmYXVsdDog cmV0dXJuIE5VTEw7CisgICAgfQorfQorCiBpbnQgbGlieGxfX2RldmljZV9w aHlzZGlza19tYWpvcl9taW5vcihjb25zdCBjaGFyICpwaHlzcGF0aCwgaW50 ICptYWpvciwgaW50ICptaW5vcikKIHsKICAgICBzdHJ1Y3Qgc3RhdCBidWY7 CmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9kbS5jIGIvdG9vbHMv bGlieGwvbGlieGxfZG0uYwppbmRleCBhZDM2NmE4Y2QzLi5iNmJjNDA3Nzk1 IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9kbS5jCisrKyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKQEAgLTY2OSwxOCArNjY5LDYgQEAgc3Rh dGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNlX21vZGVsX2FyZ3Nfb2xkKGxp YnhsX19nYyAqZ2MsCiAgICAgcmV0dXJuIDA7CiB9CiAKLXN0YXRpYyBjb25z dCBjaGFyICpxZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zv cm1hdCBmb3JtYXQpCi17Ci0gICAgc3dpdGNoIChmb3JtYXQpIHsKLSAgICBj YXNlIExJQlhMX0RJU0tfRk9STUFUX1FDT1c6IHJldHVybiAicWNvdyI7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XMjogcmV0dXJuICJxY293 MiI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9WSEQ6IHJldHVybiAi dnBjIjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX1JBVzogcmV0dXJu ICJyYXciOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfRU1QVFk6IHJl dHVybiBOVUxMOwotICAgIGRlZmF1bHQ6IHJldHVybiBOVUxMOwotICAgIH0K LX0KLQogc3RhdGljIGNoYXIgKmRtX3NwaWNlX29wdGlvbnMobGlieGxfX2dj ICpnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IGxpYnhsX3NwaWNlX2luZm8gKnNwaWNlKQogewpAQCAtMTM0Miw5ICsx MzMwLDkgQEAgc3RhdGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNlX21vZGVs X2FyZ3NfbmV3KGxpYnhsX19nYyAqZ2MsCiAgICAgICAgICAgICAgKiBhbHdh eXMgcmF3CiAgICAgICAgICAgICAgKi8KICAgICAgICAgICAgIGlmIChkaXNr c1tpXS5iYWNrZW5kID09IExJQlhMX0RJU0tfQkFDS0VORF9RRElTSykKLSAg ICAgICAgICAgICAgICBmb3JtYXQgPSBxZW11X2Rpc2tfZm9ybWF0X3N0cmlu ZyhkaXNrc1tpXS5mb3JtYXQpOworICAgICAgICAgICAgICAgIGZvcm1hdCA9 IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhkaXNrc1tpXS5mb3Jt YXQpOwogICAgICAgICAgICAgZWxzZQotICAgICAgICAgICAgICAgIGZvcm1h dCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFU X1JBVyk7CisgICAgICAgICAgICAgICAgZm9ybWF0ID0gbGlieGxfX3FlbXVf ZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFUX1JBVyk7CiAK ICAgICAgICAgICAgIGlmIChkaXNrc1tpXS5mb3JtYXQgPT0gTElCWExfRElT S19GT1JNQVRfRU1QVFkpIHsKICAgICAgICAgICAgICAgICBpZiAoIWRpc2tz W2ldLmlzX2Nkcm9tKSB7CmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4 bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaApp bmRleCA4MzY2ZmVlMjVmLi5jMzJhNDA1NzZhIDEwMDY0NAotLS0gYS90b29s cy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xpYnhsL2xp YnhsX2ludGVybmFsLmgKQEAgLTExNzAsNiArMTE3MCw3IEBAIF9oaWRkZW4g aW50IGxpYnhsX19kb21haW5fcHZjb250cm9sX3dyaXRlKGxpYnhsX19nYyAq Z2MsIHhzX3RyYW5zYWN0aW9uX3QgdCwKIC8qIGZyb20geGxfZGV2aWNlICov CiBfaGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2Zf YmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCk7CiBfaGlkZGVu IGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2ZfZm9ybWF0KGxp YnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCk7CitfaGlkZGVuIGNvbnN0IGNoYXIg KmxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zv cm1hdCBmb3JtYXQpOwogX2hpZGRlbiBpbnQgbGlieGxfX2RldmljZV9kaXNr X3NldF9iYWNrZW5kKGxpYnhsX19nYyosIGxpYnhsX2RldmljZV9kaXNrKik7 CiAKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2VfcGh5c2Rpc2tfbWFqb3Jf bWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgsIGludCAqbWFqb3IsIGludCAq bWlub3IpOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMg Yi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwppbmRleCBmOGFkZGY5YmE2Li42 ZmM1NDU0YTZlIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9xbXAu YworKysgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwpAQCAtOTgyLDYgKzk4 Miw4IEBAIGludCBsaWJ4bF9fcW1wX2luc2VydF9jZHJvbShsaWJ4bF9fZ2Mg KmdjLCBpbnQgZG9taWQsCiAgICAgICAgIHJldHVybiBxbXBfcnVuX2NvbW1h bmQoZ2MsIGRvbWlkLCAiZWplY3QiLCBhcmdzLCBOVUxMLCBOVUxMKTsKICAg ICB9IGVsc2UgewogICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRfc3RyaW5n KGdjLCAmYXJncywgInRhcmdldCIsIGRpc2stPnBkZXZfcGF0aCk7CisgICAg ICAgIHFtcF9wYXJhbWV0ZXJzX2FkZF9zdHJpbmcoZ2MsICZhcmdzLCAiYXJn IiwKKyAgICAgICAgICAgIGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmlu ZyhkaXNrLT5mb3JtYXQpKTsKICAgICAgICAgcmV0dXJuIHFtcF9ydW5fY29t bWFuZChnYywgZG9taWQsICJjaGFuZ2UiLCBhcmdzLCBOVUxMLCBOVUxMKTsK ICAgICB9CiB9Ci0tIAoyLjE2LjIKCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Apr 30 13:17:39 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 30 Apr 2018 13:17:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8fR-0001Cu-2q; Mon, 30 Apr 2018 13:16:33 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8fP-0001CW-Ei for xen-announce@lists.xen.org; Mon, 30 Apr 2018 13:16:31 +0000 X-Inumbo-ID: 8302ebe6-4c78-11e8-9728-bc764e045a96 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 8302ebe6-4c78-11e8-9728-bc764e045a96; Mon, 30 Apr 2018 15:15:12 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8fC-0001FX-Eu; Mon, 30 Apr 2018 13:16:18 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1fD8fC-0007uy-C3; Mon, 30 Apr 2018 13:16:18 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Mon, 30 Apr 2018 13:16:18 +0000 Subject: [Xen-announce] Xen Security Advisory 258 (CVE-2018-10472) - Information leak via crafted user-supplied CDROM X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-10472 / XSA-258 version 3 Information leak via crafted user-supplied CDROM UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= QEMU handles many different file formats for virtual disks (e.g., raw, qcow2, vhd, &c). Some of these formats are "snapshots" that specify "patches" to an alternate disk image, whose filename is included in the snapshot file. When qemu is given a disk but the type is not specified, it attempts to guess the file format by reading it. If a disk image is intended to be 'raw', but the image is entirely controlled by an attacker, the attacker could write a header to the image, describing one of these "snapshot" formats, and pointing to an arbitrary file as the "backing" file. When attaching disks via command-line parameters at boot time (including both "normal" disks and CDROMs), libxl specifies the format; however, when inserting a CDROM live via QMP, the format was not specified. IMPACT ====== An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu devicemodel process. (The virtual CDROM device is read-only, so no data can be written.) VULNERABLE SYSTEMS ================== Only x86 HVM guests with a virtual CDROM device are affected. ARM guests, x86 PV guests, x86 PVH guests, and x86 HVM guests without a virtual CDROM device are not affected. Only systems with qemu running in dom0 are affected; systems running stub domains are not affected. Only systems using qemu-xen (aka "qemu-upstream" are affected; systems running qemu-xen-traditional are not affected. Only systems in which an attacker can provide a raw CDROM image, and cause that image to be virtually inserted while the guest is running, are affected. Systems which only have host administrator-supplied CDROM images, or systems which allow images to be added only at boot time, are not affected. MITIGATION ========== One workaround is to "wrap" the guest-supplied image in a specific format; i.e., accept a raw image from the untrusted user, and convert it into qcow2 format; for example: qemu-img convert -f raw -O qcow2 untrusted.raw wrapped.qcow2 WARNING: Make sure to specify `-f raw` if you do this, or qemu will "guess" the format of "untrusted.raw" (which the attacker may have crafted to look like a qcow2 snapshot image with an alternativee base). Another workaround is to allow guests to only change CDROMs at boot time, not while the guest is running. CREDITS ======= This issue was discovered by Anthony Perard of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa258.patch xen-unstable, Xen 4.10.x, Xen 4.9.x xsa258-4.8.patch Xen 4.8.x, Xen 4.7.x xsa258-4.6.patch Xen 4.6.x $ sha256sum xsa258* 2c35a77eeca5579b5c32517c5ba511c836fa70f8b824ca8883fc6e1a7e608405 xsa258.meta 7e8014deae4fa19464fe6570d0719f8f0d7730dd153d58b2fa38b0cd5ed2e459 xsa258.patch 2c58060a42dafbf65563941dd8c737732124b49eb47007cc60f647553227f557 xsa258-4.6.patch ebba2f1f084249cd1e1c2f59e338412161884c31c83dbba03fc1e10bf4ba57a1 xsa258-4.8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or the "wrap" mitigation described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However, deploying the "only allow guests to change CDROMs at boot time" is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because it may give attackers a hint of where to look for the vulnerability. Deployment of this mitigation is permitted only AFTER the embargo ends. Additionally, distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa5xaxAAoJEIP+FMlX6CvZYdgIAMiidM7VGBh2l+DUooYZjKm/ BQEzqlM7EMqq8IiK7lNSXrZIXdLiR8S4oNhRZlqv3m2zxjDmdpS1N2F/6Xt37qOv UKnp3LlnIbOfxo3nusYOgiBMVboANv1ugIwnWygywolXHFZCaDatdNXBJgc3cfvh 2aYA3+023KdaCL/qGYMyJ0jMM1iZHsQhU38Ol26owhBmZb0EcONU6YKgT5FM/LOP TlUx2Fe/uPIKXfsJHveD7Qn97ncrgE3obT+JsICyVKcymBMn38813POCDFgEMJwy bgcU38gvbUXp9+MrhBLuN6HHJHspumuTW3Wb7TaJe0iKm4wok84ZfpYZG9ihvas= =/vXD -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa258.meta" Content-Disposition: attachment; filename="xsa258.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNTgsCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiLAog ICAgIjQuNyIsCiAgICAiNC42IgogIF0sCiAgIlRyZWVzIjogWwogICAgInhl biIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjJlMzQzNDNmYjJjOGI2MmU4ZTk4YjIxYTU2OWJlZWE1MDhmNTAx ZjYiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRj aGVzIjogWwogICAgICAgICAgICAieHNhMjU4LnBhdGNoIgogICAgICAgICAg XQogICAgICAgIH0KICAgICAgfQogICAgfSwKICAgICI0LjYiOiB7CiAgICAg ICJSZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3Rh YmxlUmVmIjogIjBiMzg5MzA0NTJhZGNlNzIyNDRlMjM0MThhNzIxMjZhMmY4 ODE0YTgiLAogICAgICAgICAgIlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQ YXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjU4LTQuNi5wYXRjaCIKICAg ICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC43Ijog ewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAg ICAgIlN0YWJsZVJlZiI6ICJkY2E4MGFiYzIwNzVhNTRmZWM1ODM0NDc1MTM1 NzAyMWIzYjViMzllIiwKICAgICAgICAgICJQcmVyZXFzIjogW10sCiAgICAg ICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OC00LjgucGF0 Y2giCiAgICAgICAgICBdCiAgICAgICAgfQogICAgICB9CiAgICB9LAogICAg IjQuOCI6IHsKICAgICAgIlJlY2lwZXMiOiB7CiAgICAgICAgInhlbiI6IHsK ICAgICAgICAgICJTdGFibGVSZWYiOiAiODY2ZGVkYWJiM2U1MWE1NmMxYjlh ZDQyMDZlZTBmZmFmMGI1YzRiMyIsCiAgICAgICAgICAiUHJlcmVxcyI6IFtd LAogICAgICAgICAgIlBhdGNoZXMiOiBbCiAgICAgICAgICAgICJ4c2EyNTgt NC44LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQogICAg fSwKICAgICI0LjkiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAgICAgICJ4 ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImFkNGZlZmRkMDg4ZTQ3 ZGNjMDE3ZWZlZmM0ODU3ZTE2MTBjODMyYWYiLAogICAgICAgICAgIlByZXJl cXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAi eHNhMjU4LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAgfQog ICAgfSwKICAgICJtYXN0ZXIiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogImMwZDk4YjM1 NzE0ZmI3MDcyMTdjOTA2MmI2NTE4ZTE1OGNkNzJlZWEiLAogICAgICAgICAg IlByZXJlcXMiOiBbXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAg ICAgICAieHNhMjU4LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAg ICAgfQogICAgfQogIH0KfQ== --=separator Content-Type: application/octet-stream; name="xsa258.patch" Content-Disposition: attachment; filename="xsa258.patch" Content-Transfer-Encoding: base64 RnJvbSBiZjlhYjBlYzBiNjMyNzM5ZmU2MzY2MzkxZTg5YTdkNGRjZjk5OTNi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMyArKysrKysrKysr KysrCiB0b29scy9saWJ4bC9saWJ4bF9kbS5jICAgICAgIHwgMTcgKystLS0t LS0tLS0tLS0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFsLmggfCAg MSArCiB0b29scy9saWJ4bC9saWJ4bF9xbXAuYyAgICAgIHwgIDIgKysKIDQg ZmlsZXMgY2hhbmdlZCwgMTggaW5zZXJ0aW9ucygrKSwgMTUgZGVsZXRpb25z KC0pCgpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMg Yi90b29scy9saWJ4bC9saWJ4bF9kZXZpY2UuYwppbmRleCBjNjBjYWZlNzc0 Li5hNGE4ZTlhYzMyIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9k ZXZpY2UuYworKysgYi90b29scy9saWJ4bC9saWJ4bF9kZXZpY2UuYwpAQCAt NDYyLDYgKzQ2MiwxOSBAQCBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3Ry aW5nX29mX2JhY2tlbmQobGlieGxfZGlza19iYWNrZW5kIGJhY2tlbmQpCiAg ICAgfQogfQogCitjb25zdCBjaGFyICpsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1h dF9zdHJpbmcobGlieGxfZGlza19mb3JtYXQgZm9ybWF0KQoreworICAgIHN3 aXRjaCAoZm9ybWF0KSB7CisgICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9R Q09XOiByZXR1cm4gInFjb3ciOworICAgIGNhc2UgTElCWExfRElTS19GT1JN QVRfUUNPVzI6IHJldHVybiAicWNvdzIiOworICAgIGNhc2UgTElCWExfRElT S19GT1JNQVRfVkhEOiByZXR1cm4gInZwYyI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9SQVc6IHJldHVybiAicmF3IjsKKyAgICBjYXNlIExJQlhM X0RJU0tfRk9STUFUX0VNUFRZOiByZXR1cm4gTlVMTDsKKyAgICBjYXNlIExJ QlhMX0RJU0tfRk9STUFUX1FFRDogcmV0dXJuICJxZWQiOworICAgIGRlZmF1 bHQ6IHJldHVybiBOVUxMOworICAgIH0KK30KKwogaW50IGxpYnhsX19kZXZp Y2VfcGh5c2Rpc2tfbWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgs IGludCAqbWFqb3IsIGludCAqbWlub3IpCiB7CiAgICAgc3RydWN0IHN0YXQg YnVmOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKaW5kZXggYTNjZGRjZThiNy4uYjUxMTc4 YjlmZCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kbS5jCkBAIC02NzcsMTkgKzY3Nyw2IEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX29s ZChsaWJ4bF9fZ2MgKmdjLAogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMg Y29uc3QgY2hhciAqcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KQotewotICAgIHN3aXRjaCAoZm9ybWF0KSB7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XOiByZXR1cm4gInFjb3ci OwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNPVzI6IHJldHVybiAi cWNvdzIiOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfVkhEOiByZXR1 cm4gInZwYyI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9SQVc6IHJl dHVybiAicmF3IjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX0VNUFRZ OiByZXR1cm4gTlVMTDsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX1FF RDogcmV0dXJuICJxZWQiOwotICAgIGRlZmF1bHQ6IHJldHVybiBOVUxMOwot ICAgIH0KLX0KLQogc3RhdGljIGNoYXIgKmRtX3NwaWNlX29wdGlvbnMobGli eGxfX2djICpnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGNvbnN0IGxpYnhsX3NwaWNlX2luZm8gKnNwaWNlKQogewpAQCAtMTUx Niw5ICsxNTAzLDkgQEAgc3RhdGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNl X21vZGVsX2FyZ3NfbmV3KGxpYnhsX19nYyAqZ2MsCiAgICAgICAgICAgICAg KiBhbHdheXMgcmF3CiAgICAgICAgICAgICAgKi8KICAgICAgICAgICAgIGlm IChkaXNrc1tpXS5iYWNrZW5kID09IExJQlhMX0RJU0tfQkFDS0VORF9RRElT SykKLSAgICAgICAgICAgICAgICBmb3JtYXQgPSBxZW11X2Rpc2tfZm9ybWF0 X3N0cmluZyhkaXNrc1tpXS5mb3JtYXQpOworICAgICAgICAgICAgICAgIGZv cm1hdCA9IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhkaXNrc1tp XS5mb3JtYXQpOwogICAgICAgICAgICAgZWxzZQotICAgICAgICAgICAgICAg IGZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tf Rk9STUFUX1JBVyk7CisgICAgICAgICAgICAgICAgZm9ybWF0ID0gbGlieGxf X3FlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFUX1JB Vyk7CiAKICAgICAgICAgICAgIGlmIChkaXNrc1tpXS5mb3JtYXQgPT0gTElC WExfRElTS19GT1JNQVRfRU1QVFkpIHsKICAgICAgICAgICAgICAgICBpZiAo IWRpc2tzW2ldLmlzX2Nkcm9tKSB7CmRpZmYgLS1naXQgYS90b29scy9saWJ4 bC9saWJ4bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJu YWwuaAppbmRleCA1MDY2ODdmYmU5Li4wODEyYmU1Mzc2IDEwMDY0NAotLS0g YS90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xp YnhsL2xpYnhsX2ludGVybmFsLmgKQEAgLTEyMDIsNiArMTIwMiw3IEBAIF9o aWRkZW4gaW50IGxpYnhsX19kb21haW5fcHZjb250cm9sX3dyaXRlKGxpYnhs X19nYyAqZ2MsIHhzX3RyYW5zYWN0aW9uX3QgdCwKIC8qIGZyb20geGxfZGV2 aWNlICovCiBfaGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJp bmdfb2ZfYmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCk7CiBf aGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2ZfZm9y bWF0KGxpYnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCk7CitfaGlkZGVuIGNvbnN0 IGNoYXIgKmxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9k aXNrX2Zvcm1hdCBmb3JtYXQpOwogX2hpZGRlbiBpbnQgbGlieGxfX2Rldmlj ZV9kaXNrX3NldF9iYWNrZW5kKGxpYnhsX19nYyosIGxpYnhsX2RldmljZV9k aXNrKik7CiAKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2VfcGh5c2Rpc2tf bWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgsIGludCAqbWFqb3Is IGludCAqbWlub3IpOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxf cW1wLmMgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwppbmRleCBlYWI5OTNh Y2E5Li41NjdlZDFlNzcyIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4 bF9xbXAuYworKysgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwpAQCAtOTgy LDYgKzk4Miw4IEBAIGludCBsaWJ4bF9fcW1wX2luc2VydF9jZHJvbShsaWJ4 bF9fZ2MgKmdjLCBpbnQgZG9taWQsCiAgICAgICAgIHJldHVybiBxbXBfcnVu X2NvbW1hbmQoZ2MsIGRvbWlkLCAiZWplY3QiLCBhcmdzLCBOVUxMLCBOVUxM KTsKICAgICB9IGVsc2UgewogICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRf c3RyaW5nKGdjLCAmYXJncywgInRhcmdldCIsIGRpc2stPnBkZXZfcGF0aCk7 CisgICAgICAgIHFtcF9wYXJhbWV0ZXJzX2FkZF9zdHJpbmcoZ2MsICZhcmdz LCAiYXJnIiwKKyAgICAgICAgICAgIGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0 X3N0cmluZyhkaXNrLT5mb3JtYXQpKTsKICAgICAgICAgcmV0dXJuIHFtcF9y dW5fY29tbWFuZChnYywgZG9taWQsICJjaGFuZ2UiLCBhcmdzLCBOVUxMLCBO VUxMKTsKICAgICB9CiB9Ci0tIAoyLjE2LjIKCg== --=separator Content-Type: application/octet-stream; name="xsa258-4.6.patch" Content-Disposition: attachment; filename="xsa258-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSA1NzViY2Q4NmVlMGNlNmQzMDgyMTI2NDE1ZDM3MTQyNGZjN2I1YmRi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMiArKysrKysrKysr KysKIHRvb2xzL2xpYnhsL2xpYnhsX2RtLmMgICAgICAgfCAyMCArKysrKyst LS0tLS0tLS0tLS0tLQogdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaCB8 ICAxICsKIHRvb2xzL2xpYnhsL2xpYnhsX3FtcC5jICAgICAgfCAgMiArKwog NCBmaWxlcyBjaGFuZ2VkLCAyMSBpbnNlcnRpb25zKCspLCAxNCBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9kZXZpY2Uu YyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jCmluZGV4IGE4MWJhZWU1 ODUuLjM4ZWU0MzQxNWYgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhs X2RldmljZS5jCisrKyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jCkBA IC0zOTUsNiArMzk1LDE4IEBAIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19z dHJpbmdfb2ZfYmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCkK ICAgICB9CiB9CiAKK2NvbnN0IGNoYXIgKmxpYnhsX19xZW11X2Rpc2tfZm9y bWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zvcm1hdCBmb3JtYXQpCit7CisgICAg c3dpdGNoIChmb3JtYXQpIHsKKyAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFU X1FDT1c6IHJldHVybiAicWNvdyI7CisgICAgY2FzZSBMSUJYTF9ESVNLX0ZP Uk1BVF9RQ09XMjogcmV0dXJuICJxY293MiI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9WSEQ6IHJldHVybiAidnBjIjsKKyAgICBjYXNlIExJQlhM X0RJU0tfRk9STUFUX1JBVzogcmV0dXJuICJyYXciOworICAgIGNhc2UgTElC WExfRElTS19GT1JNQVRfRU1QVFk6IHJldHVybiBOVUxMOworICAgIGRlZmF1 bHQ6IHJldHVybiBOVUxMOworICAgIH0KK30KKwogaW50IGxpYnhsX19kZXZp Y2VfcGh5c2Rpc2tfbWFqb3JfbWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgs IGludCAqbWFqb3IsIGludCAqbWlub3IpCiB7CiAgICAgc3RydWN0IHN0YXQg YnVmOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKaW5kZXggMGRiNWYxMzU1My4uZjIzOGE4 ZTRiMiAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYworKysg Yi90b29scy9saWJ4bC9saWJ4bF9kbS5jCkBAIC02NTYsMTggKzY1Niw2IEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX29s ZChsaWJ4bF9fZ2MgKmdjLAogICAgIHJldHVybiAwOwogfQogCi1zdGF0aWMg Y29uc3QgY2hhciAqcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KQotewotICAgIHN3aXRjaCAoZm9ybWF0KSB7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XOiByZXR1cm4gInFjb3ci OwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNPVzI6IHJldHVybiAi cWNvdzIiOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfVkhEOiByZXR1 cm4gInZwYyI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9SQVc6IHJl dHVybiAicmF3IjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX0VNUFRZ OiByZXR1cm4gTlVMTDsKLSAgICBkZWZhdWx0OiByZXR1cm4gTlVMTDsKLSAg ICB9Ci19Ci0KIHN0YXRpYyBjaGFyICpkbV9zcGljZV9vcHRpb25zKGxpYnhs X19nYyAqZ2MsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBsaWJ4bF9zcGljZV9pbmZvICpzcGljZSkKIHsKQEAgLTExMTUs NyArMTEwMyw3IEBAIHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9t b2RlbF9hcmdzX25ldyhsaWJ4bF9fZ2MgKmdjLAogICAgICAgICAgICAgaW50 IGRpc2ssIHBhcnQ7CiAgICAgICAgICAgICBpbnQgZGV2X251bWJlciA9CiAg ICAgICAgICAgICAgICAgbGlieGxfX2RldmljZV9kaXNrX2Rldl9udW1iZXIo ZGlza3NbaV0udmRldiwgJmRpc2ssICZwYXJ0KTsKLSAgICAgICAgICAgIGNv bnN0IGNoYXIgKmZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKGRp c2tzW2ldLmZvcm1hdCk7CisgICAgICAgICAgICBjb25zdCBjaGFyICpmb3Jt YXQ7CiAgICAgICAgICAgICBjaGFyICpkcml2ZTsKICAgICAgICAgICAgIGNv bnN0IGNoYXIgKnBkZXZfcGF0aDsKIApAQCAtMTEyNSw2ICsxMTEzLDExIEBA IHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX25l dyhsaWJ4bF9fZ2MgKmdjLAogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwog ICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoZGlza3NbaV0uYmFj a2VuZCA9PSBMSUJYTF9ESVNLX0JBQ0tFTkRfUURJU0spCisgICAgICAgICAg ICAgICAgZm9ybWF0ID0gbGlieGxfX3FlbXVfZGlza19mb3JtYXRfc3RyaW5n KGRpc2tzW2ldLmZvcm1hdCk7CisgICAgICAgICAgICBlbHNlIAorICAgICAg ICAgICAgICAgIGZvcm1hdCA9IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0 cmluZyhMSUJYTF9ESVNLX0ZPUk1BVF9SQVcpOworCiAgICAgICAgICAgICBp ZiAoZGlza3NbaV0uaXNfY2Ryb20pIHsKICAgICAgICAgICAgICAgICBpZiAo ZGlza3NbaV0uZm9ybWF0ID09IExJQlhMX0RJU0tfRk9STUFUX0VNUFRZKQog ICAgICAgICAgICAgICAgICAgICBkcml2ZSA9IGxpYnhsX19zcHJpbnRmCkBA IC0xMTUzLDcgKzExNDYsNiBAQCBzdGF0aWMgaW50IGxpYnhsX19idWlsZF9k ZXZpY2VfbW9kZWxfYXJnc19uZXcobGlieGxfX2djICpnYywKICAgICAgICAg ICAgICAgICB9CiAKICAgICAgICAgICAgICAgICBpZiAoZGlza3NbaV0uYmFj a2VuZCA9PSBMSUJYTF9ESVNLX0JBQ0tFTkRfVEFQKSB7Ci0gICAgICAgICAg ICAgICAgICAgIGZvcm1hdCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJ QlhMX0RJU0tfRk9STUFUX1JBVyk7CiAgICAgICAgICAgICAgICAgICAgIHBk ZXZfcGF0aCA9IGxpYnhsX19ibGt0YXBfZGV2cGF0aChnYywgZGlza3NbaV0u cGRldl9wYXRoLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZGlza3NbaV0uZm9ybWF0KTsKICAgICAg ICAgICAgICAgICB9IGVsc2UgewpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwv bGlieGxfaW50ZXJuYWwuaCBiL3Rvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFs LmgKaW5kZXggYTM1OTdkYTIyYS4uMmU4MjRmNjI0OSAxMDA2NDQKLS0tIGEv dG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaAorKysgYi90b29scy9saWJ4 bC9saWJ4bF9pbnRlcm5hbC5oCkBAIC0xMTM2LDYgKzExMzYsNyBAQCBfaGlk ZGVuIGludCBsaWJ4bF9fZG9tYWluX3B2Y29udHJvbF93cml0ZShsaWJ4bF9f Z2MgKmdjLCB4c190cmFuc2FjdGlvbl90IHQsCiAvKiBmcm9tIHhsX2Rldmlj ZSAqLwogX2hpZGRlbiBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3RyaW5n X29mX2JhY2tlbmQobGlieGxfZGlza19iYWNrZW5kIGJhY2tlbmQpOwogX2hp ZGRlbiBjaGFyICpsaWJ4bF9fZGV2aWNlX2Rpc2tfc3RyaW5nX29mX2Zvcm1h dChsaWJ4bF9kaXNrX2Zvcm1hdCBmb3JtYXQpOworX2hpZGRlbiBjb25zdCBj aGFyICpsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1hdF9zdHJpbmcobGlieGxfZGlz a19mb3JtYXQgZm9ybWF0KTsKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2Vf ZGlza19zZXRfYmFja2VuZChsaWJ4bF9fZ2MqLCBsaWJ4bF9kZXZpY2VfZGlz ayopOwogCiBfaGlkZGVuIGludCBsaWJ4bF9fZGV2aWNlX3BoeXNkaXNrX21h am9yX21pbm9yKGNvbnN0IGNoYXIgKnBoeXNwYXRoLCBpbnQgKm1ham9yLCBp bnQgKm1pbm9yKTsKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX3Ft cC5jIGIvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMKaW5kZXggZjc5OGRlNzRj NS4uM2Q1MmI4NzA3MiAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxf cW1wLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMKQEAgLTk1NSw2 ICs5NTUsOCBAQCBpbnQgbGlieGxfX3FtcF9pbnNlcnRfY2Ryb20obGlieGxf X2djICpnYywgaW50IGRvbWlkLAogICAgICAgICByZXR1cm4gcW1wX3J1bl9j b21tYW5kKGdjLCBkb21pZCwgImVqZWN0IiwgYXJncywgTlVMTCwgTlVMTCk7 CiAgICAgfSBlbHNlIHsKICAgICAgICAgcW1wX3BhcmFtZXRlcnNfYWRkX3N0 cmluZyhnYywgJmFyZ3MsICJ0YXJnZXQiLCBkaXNrLT5wZGV2X3BhdGgpOwor ICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRfc3RyaW5nKGdjLCAmYXJncywg ImFyZyIsCisgICAgICAgICAgICBsaWJ4bF9fcWVtdV9kaXNrX2Zvcm1hdF9z dHJpbmcoZGlzay0+Zm9ybWF0KSk7CiAgICAgICAgIHJldHVybiBxbXBfcnVu X2NvbW1hbmQoZ2MsIGRvbWlkLCAiY2hhbmdlIiwgYXJncywgTlVMTCwgTlVM TCk7CiAgICAgfQogfQotLSAKMi4xNi4yCgo= --=separator Content-Type: application/octet-stream; name="xsa258-4.8.patch" Content-Disposition: attachment; filename="xsa258-4.8.patch" Content-Transfer-Encoding: base64 RnJvbSA0MzdjM2IzYWQzMzdjNDMwNTY5MDNlNDgyNDQ0ODQyOGQzYjVhOTU2 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbnRob255IFBFUkFS RCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KRGF0ZTogVGh1LCA4IE1h ciAyMDE4IDE4OjE2OjQxICswMDAwClN1YmplY3Q6IFtQQVRDSF0gbGlieGw6 IFNwZWNpZnkgZm9ybWF0IG9mIGluc2VydGVkIGNkcm9tCgpXaXRob3V0IHRo aXMgZXh0cmEgcGFyYW1ldGVyIG9uIHRoZSBRTVAgY29tbWFuZCwgUUVNVSB3 aWxsIGd1ZXNzIHRoZQpmb3JtYXQgb2YgdGhlIG5ldyBmaWxlLgoKVGhpcyBp cyBYU0EtMjU4LgoKUmVwb3J0ZWQtYnk6IEFudGhvbnkgUEVSQVJEIDxhbnRo b255LnBlcmFyZEBjaXRyaXguY29tPgpTaWduZWQtb2ZmLWJ5OiBBbnRob255 IFBFUkFSRCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KQWNrZWQtYnk6 IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0K IHRvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jICAgfCAxMiArKysrKysrKysr KysKIHRvb2xzL2xpYnhsL2xpYnhsX2RtLmMgICAgICAgfCAxNiArKy0tLS0t LS0tLS0tLS0tCiB0b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oIHwgIDEg KwogdG9vbHMvbGlieGwvbGlieGxfcW1wLmMgICAgICB8ICAyICsrCiA0IGZp bGVzIGNoYW5nZWQsIDE3IGluc2VydGlvbnMoKyksIDE0IGRlbGV0aW9ucygt KQoKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2RldmljZS5jIGIv dG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMKaW5kZXggM2U3YTEwMjZjNC4u Y2QyYTk4MGYxOCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZGV2 aWNlLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfZGV2aWNlLmMKQEAgLTQy NSw2ICs0MjUsMTggQEAgY2hhciAqbGlieGxfX2RldmljZV9kaXNrX3N0cmlu Z19vZl9iYWNrZW5kKGxpYnhsX2Rpc2tfYmFja2VuZCBiYWNrZW5kKQogICAg IH0KIH0KIAorY29uc3QgY2hhciAqbGlieGxfX3FlbXVfZGlza19mb3JtYXRf c3RyaW5nKGxpYnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCkKK3sKKyAgICBzd2l0 Y2ggKGZvcm1hdCkgeworICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfUUNP VzogcmV0dXJuICJxY293IjsKKyAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFU X1FDT1cyOiByZXR1cm4gInFjb3cyIjsKKyAgICBjYXNlIExJQlhMX0RJU0tf Rk9STUFUX1ZIRDogcmV0dXJuICJ2cGMiOworICAgIGNhc2UgTElCWExfRElT S19GT1JNQVRfUkFXOiByZXR1cm4gInJhdyI7CisgICAgY2FzZSBMSUJYTF9E SVNLX0ZPUk1BVF9FTVBUWTogcmV0dXJuIE5VTEw7CisgICAgZGVmYXVsdDog cmV0dXJuIE5VTEw7CisgICAgfQorfQorCiBpbnQgbGlieGxfX2RldmljZV9w aHlzZGlza19tYWpvcl9taW5vcihjb25zdCBjaGFyICpwaHlzcGF0aCwgaW50 ICptYWpvciwgaW50ICptaW5vcikKIHsKICAgICBzdHJ1Y3Qgc3RhdCBidWY7 CmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9kbS5jIGIvdG9vbHMv bGlieGwvbGlieGxfZG0uYwppbmRleCBhZDM2NmE4Y2QzLi5iNmJjNDA3Nzk1 IDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9kbS5jCisrKyBiL3Rv b2xzL2xpYnhsL2xpYnhsX2RtLmMKQEAgLTY2OSwxOCArNjY5LDYgQEAgc3Rh dGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNlX21vZGVsX2FyZ3Nfb2xkKGxp YnhsX19nYyAqZ2MsCiAgICAgcmV0dXJuIDA7CiB9CiAKLXN0YXRpYyBjb25z dCBjaGFyICpxZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zv cm1hdCBmb3JtYXQpCi17Ci0gICAgc3dpdGNoIChmb3JtYXQpIHsKLSAgICBj YXNlIExJQlhMX0RJU0tfRk9STUFUX1FDT1c6IHJldHVybiAicWNvdyI7Ci0g ICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9RQ09XMjogcmV0dXJuICJxY293 MiI7Ci0gICAgY2FzZSBMSUJYTF9ESVNLX0ZPUk1BVF9WSEQ6IHJldHVybiAi dnBjIjsKLSAgICBjYXNlIExJQlhMX0RJU0tfRk9STUFUX1JBVzogcmV0dXJu ICJyYXciOwotICAgIGNhc2UgTElCWExfRElTS19GT1JNQVRfRU1QVFk6IHJl dHVybiBOVUxMOwotICAgIGRlZmF1bHQ6IHJldHVybiBOVUxMOwotICAgIH0K LX0KLQogc3RhdGljIGNoYXIgKmRtX3NwaWNlX29wdGlvbnMobGlieGxfX2dj ICpnYywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IGxpYnhsX3NwaWNlX2luZm8gKnNwaWNlKQogewpAQCAtMTM0Miw5ICsx MzMwLDkgQEAgc3RhdGljIGludCBsaWJ4bF9fYnVpbGRfZGV2aWNlX21vZGVs X2FyZ3NfbmV3KGxpYnhsX19nYyAqZ2MsCiAgICAgICAgICAgICAgKiBhbHdh eXMgcmF3CiAgICAgICAgICAgICAgKi8KICAgICAgICAgICAgIGlmIChkaXNr c1tpXS5iYWNrZW5kID09IExJQlhMX0RJU0tfQkFDS0VORF9RRElTSykKLSAg ICAgICAgICAgICAgICBmb3JtYXQgPSBxZW11X2Rpc2tfZm9ybWF0X3N0cmlu ZyhkaXNrc1tpXS5mb3JtYXQpOworICAgICAgICAgICAgICAgIGZvcm1hdCA9 IGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhkaXNrc1tpXS5mb3Jt YXQpOwogICAgICAgICAgICAgZWxzZQotICAgICAgICAgICAgICAgIGZvcm1h dCA9IHFlbXVfZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFU X1JBVyk7CisgICAgICAgICAgICAgICAgZm9ybWF0ID0gbGlieGxfX3FlbXVf ZGlza19mb3JtYXRfc3RyaW5nKExJQlhMX0RJU0tfRk9STUFUX1JBVyk7CiAK ICAgICAgICAgICAgIGlmIChkaXNrc1tpXS5mb3JtYXQgPT0gTElCWExfRElT S19GT1JNQVRfRU1QVFkpIHsKICAgICAgICAgICAgICAgICBpZiAoIWRpc2tz W2ldLmlzX2Nkcm9tKSB7CmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4 bF9pbnRlcm5hbC5oIGIvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaApp bmRleCA4MzY2ZmVlMjVmLi5jMzJhNDA1NzZhIDEwMDY0NAotLS0gYS90b29s cy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCisrKyBiL3Rvb2xzL2xpYnhsL2xp YnhsX2ludGVybmFsLmgKQEAgLTExNzAsNiArMTE3MCw3IEBAIF9oaWRkZW4g aW50IGxpYnhsX19kb21haW5fcHZjb250cm9sX3dyaXRlKGxpYnhsX19nYyAq Z2MsIHhzX3RyYW5zYWN0aW9uX3QgdCwKIC8qIGZyb20geGxfZGV2aWNlICov CiBfaGlkZGVuIGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2Zf YmFja2VuZChsaWJ4bF9kaXNrX2JhY2tlbmQgYmFja2VuZCk7CiBfaGlkZGVu IGNoYXIgKmxpYnhsX19kZXZpY2VfZGlza19zdHJpbmdfb2ZfZm9ybWF0KGxp YnhsX2Rpc2tfZm9ybWF0IGZvcm1hdCk7CitfaGlkZGVuIGNvbnN0IGNoYXIg KmxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmluZyhsaWJ4bF9kaXNrX2Zv cm1hdCBmb3JtYXQpOwogX2hpZGRlbiBpbnQgbGlieGxfX2RldmljZV9kaXNr X3NldF9iYWNrZW5kKGxpYnhsX19nYyosIGxpYnhsX2RldmljZV9kaXNrKik7 CiAKIF9oaWRkZW4gaW50IGxpYnhsX19kZXZpY2VfcGh5c2Rpc2tfbWFqb3Jf bWlub3IoY29uc3QgY2hhciAqcGh5c3BhdGgsIGludCAqbWFqb3IsIGludCAq bWlub3IpOwpkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfcW1wLmMg Yi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwppbmRleCBmOGFkZGY5YmE2Li42 ZmM1NDU0YTZlIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9xbXAu YworKysgYi90b29scy9saWJ4bC9saWJ4bF9xbXAuYwpAQCAtOTgyLDYgKzk4 Miw4IEBAIGludCBsaWJ4bF9fcW1wX2luc2VydF9jZHJvbShsaWJ4bF9fZ2Mg KmdjLCBpbnQgZG9taWQsCiAgICAgICAgIHJldHVybiBxbXBfcnVuX2NvbW1h bmQoZ2MsIGRvbWlkLCAiZWplY3QiLCBhcmdzLCBOVUxMLCBOVUxMKTsKICAg ICB9IGVsc2UgewogICAgICAgICBxbXBfcGFyYW1ldGVyc19hZGRfc3RyaW5n KGdjLCAmYXJncywgInRhcmdldCIsIGRpc2stPnBkZXZfcGF0aCk7CisgICAg ICAgIHFtcF9wYXJhbWV0ZXJzX2FkZF9zdHJpbmcoZ2MsICZhcmdzLCAiYXJn IiwKKyAgICAgICAgICAgIGxpYnhsX19xZW11X2Rpc2tfZm9ybWF0X3N0cmlu ZyhkaXNrLT5mb3JtYXQpKTsKICAgICAgICAgcmV0dXJuIHFtcF9ydW5fY29t bWFuZChnYywgZG9taWQsICJjaGFuZ2UiLCBhcmdzLCBOVUxMLCBOVUxMKTsK ICAgICB9CiB9Ci0tIAoyLjE2LjIKCg== --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator-- From xen-announce-bounces@lists.xenproject.org Mon Apr 30 13:17:39 2018 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 30 Apr 2018 13:17:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8ff-0001Ez-2Z; Mon, 30 Apr 2018 13:16:47 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8fd-0001ER-TA for xen-announce@lists.xen.org; Mon, 30 Apr 2018 13:16:45 +0000 X-Inumbo-ID: 17974b36-4c79-11e8-8249-2fda3a446a53 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id 17974b36-4c79-11e8-8249-2fda3a446a53; Mon, 30 Apr 2018 13:19:21 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fD8fT-0001G8-WB; Mon, 30 Apr 2018 13:16:35 +0000 Received: from iwj by xenbits.xenproject.org with local (Exim 4.89) (envelope-from ) id 1fD8fT-0007wS-Ti; Mon, 30 Apr 2018 13:16:35 +0000 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.508 (Entity 5.508) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Message-Id: Date: Mon, 30 Apr 2018 13:16:35 +0000 Subject: [Xen-announce] Xen Security Advisory 259 (CVE-2018-10471) - x86: PV guest may crash Xen with XPTI X-BeenThere: xen-announce@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "Xen.org security team" Errors-To: xen-announce-bounces@lists.xenproject.org Sender: "Xen-announce" --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2018-10471 / XSA-259 version 3 x86: PV guest may crash Xen with XPTI UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= The workaround for the Meltdown vulnerability (XSA-254) failed to deal with an error code path connecting the INT 80 handling with general exception handling. This results in an unconditional write attempt of the value zero to an address near 2^64, in cases where a PV guest has no handler installed for INT 80 on one of its vCPU-s. IMPACT ====== A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. VULNERABLE SYSTEMS ================== All Xen versions which the XSA-254 fixes were applied to are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH and HVM guests cannot exploit the vulnerability. MITIGATION ========== Running only PVH or HVM guests avoids the vulnerability. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa259.patch xen-unstable, Xen 4.10.x ... xen 4.7.x xsa259-4.6.patch Xen 4.6.x $ sha256sum xsa259* 5c14a90af066c952974324b361e2a428c280f876b854f0c85a78e8579054a4d1 xsa259.meta ff2efb5eb2502ded988d0aa15351030a15494a9e2223eafbb88377a8e4d39dcb xsa259.patch c40bc8802077cf73f8393fb50574b7c7efbc4d127e202b0ebd757d34aa07aac3 xsa259-4.6.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJa5xa0AAoJEIP+FMlX6CvZDGEIAL5KbzcBUVjNsguU0HQ2Q6k8 WejwrXdKkncObK3yoxuybDE4NS+A5o0FbhdpJ86ukemZd2pMutgz79Z14UhSiURk Owdj7BlzD64O42OftKqXiNKVp4QhOlOh02TU08Q4m6GKAtCi+HlBcK8EQFR8URhX E2zLtpqGv5z6qx26raTDWQAssak4qL/NPSQ7oc3Eqo7P7H8B3Jw+F7DoR9a1g2ye gwuINHuk0ea9+jLoinNTDDn17xDAwp8KHPGrI/ivlwGyFipBISICdReDHe/EfIWS BNvrZl4ccDe95B1SosN8d0/qGYPLfpSN910hmm0ZTit0XffDseLv/odxoLuDvuQ= =clOX -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa259.meta" Content-Disposition: attachment; filename="xsa259.meta" Content-Transfer-Encoding: base64 ewogICJYU0EiOiAyNTksCiAgIlN1cHBvcnRlZFZlcnNpb25zIjogWwogICAg Im1hc3RlciIsCiAgICAiNC4xMCIsCiAgICAiNC45IiwKICAgICI0LjgiLAog ICAgIjQuNyIsCiAgICAiNC42IgogIF0sCiAgIlRyZWVzIjogWwogICAgInhl biIKICBdLAogICJSZWNpcGVzIjogewogICAgIjQuMTAiOiB7CiAgICAgICJS ZWNpcGVzIjogewogICAgICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxl UmVmIjogIjJlMzQzNDNmYjJjOGI2MmU4ZTk4YjIxYTU2OWJlZWE1MDhmNTAx ZjYiLAogICAgICAgICAgIlByZXJlcXMiOiBbCiAgICAgICAgICAgIDI1OAog ICAgICAgICAgXSwKICAgICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAg ICAieHNhMjU5LnBhdGNoIgogICAgICAgICAgXQogICAgICAgIH0KICAgICAg fQogICAgfSwKICAgICI0LjYiOiB7CiAgICAgICJSZWNpcGVzIjogewogICAg ICAgICJ4ZW4iOiB7CiAgICAgICAgICAiU3RhYmxlUmVmIjogIjBiMzg5MzA0 NTJhZGNlNzIyNDRlMjM0MThhNzIxMjZhMmY4ODE0YTgiLAogICAgICAgICAg IlByZXJlcXMiOiBbCiAgICAgICAgICAgIDI1OAogICAgICAgICAgXSwKICAg ICAgICAgICJQYXRjaGVzIjogWwogICAgICAgICAgICAieHNhMjU5LTQuNi5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAiNC43IjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjog ewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJkY2E4MGFiYzIwNzVhNTRmZWM1 ODM0NDc1MTM1NzAyMWIzYjViMzllIiwKICAgICAgICAgICJQcmVyZXFzIjog WwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0 Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAgICAg IF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAgICAiNC44IjogewogICAg ICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0 YWJsZVJlZiI6ICI4NjZkZWRhYmIzZTUxYTU2YzFiOWFkNDIwNmVlMGZmYWYw YjVjNGIzIiwKICAgICAgICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAy NTgKICAgICAgICAgIF0sCiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAg ICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAg ICAgIH0KICAgIH0sCiAgICAiNC45IjogewogICAgICAiUmVjaXBlcyI6IHsK ICAgICAgICAieGVuIjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJhZDRm ZWZkZDA4OGU0N2RjYzAxN2VmZWZjNDg1N2UxNjEwYzgzMmFmIiwKICAgICAg ICAgICJQcmVyZXFzIjogWwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0s CiAgICAgICAgICAiUGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5w YXRjaCIKICAgICAgICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0sCiAg ICAibWFzdGVyIjogewogICAgICAiUmVjaXBlcyI6IHsKICAgICAgICAieGVu IjogewogICAgICAgICAgIlN0YWJsZVJlZiI6ICJjMGQ5OGIzNTcxNGZiNzA3 MjE3YzkwNjJiNjUxOGUxNThjZDcyZWVhIiwKICAgICAgICAgICJQcmVyZXFz IjogWwogICAgICAgICAgICAyNTgKICAgICAgICAgIF0sCiAgICAgICAgICAi UGF0Y2hlcyI6IFsKICAgICAgICAgICAgInhzYTI1OS5wYXRjaCIKICAgICAg ICAgIF0KICAgICAgICB9CiAgICAgIH0KICAgIH0KICB9Cn0= --=separator Content-Type: application/octet-stream; name="xsa259.patch" Content-Disposition: attachment; filename="xsa259.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGZpeCBzbG93IGludDgwIHBhdGggYWZ0ZXIgWFBUSSBhZGRpdGlv bnMKCkZvciB0aGUgaW50ODAgc2xvdyBwYXRoIHRvIGp1bXAgdG8gaGFuZGxl X2V4Y2VwdGlvbl9zYXZlZCwgJXIxNCBuZWVkcyB0bwpiZSBzZXQgdXAgc3Vp dGFibHkgZm9yIFhQVEkgcHVycG9zZXMuIFRoaXMgaXMgYmVjYXVzZSBvZiB0 aGUgZGlmZmVyZW5jZQppbiBuYXR1cmUgYmV0d2VlbiB0aGUgaW50ODAgcGF0 aCAod2hpY2ggaXMgc3luY2hyb25vdXMgV1JUIGd1ZXN0CmFjdGlvbnMpIGFu ZCB0aGUgZXhjZXB0aW9uIHBhdGggd2hpY2ggaXMgcG90ZW50aWFsbHkgYXN5 bmNocm9ub3VzLgoKVGhpcyBpcyBYU0EtMjU5LgoKUmVwb3J0ZWQtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClNpZ25l ZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2 aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJp eC5jb20+CgotLS0gYS94ZW4vYXJjaC94ODYveDg2XzY0L2VudHJ5LlMKKysr IGIveGVuL2FyY2gveDg2L3g4Nl82NC9lbnRyeS5TCkBAIC0zOTYsNiArMzk2 LDEyIEBAIGludDgwX3Nsb3dfcGF0aDoKICAgICAgICAgbW92bCAgJFRSQVBf Z3BfZmF1bHQsVVJFR1NfZW50cnlfdmVjdG9yKCVyc3ApCiAgICAgICAgIC8q IEEgR1BGIHdvdWxkbid0IGhhdmUgaW5jcmVtZW50ZWQgdGhlIGluc3RydWN0 aW9uIHBvaW50ZXIuICovCiAgICAgICAgIHN1YnEgICQyLFVSRUdTX3JpcCgl cnNwKQorICAgICAgICAvKgorICAgICAgICAgKiBXaGlsZSB3ZSd2ZSBjbGVh cmVkIHhlbl9jcjMgYWJvdmUgYWxyZWFkeSwgbm9ybWFsIGV4Y2VwdGlvbiBo YW5kbGluZworICAgICAgICAgKiBjb2RlIGhhcyBsb2dpYyB0byByZXN0b3Jl IHRoZSBvcmlnaW5hbCB2YWx1ZSBmcm9tICVyMTUuIFRoZXJlZm9yZSB3ZQor ICAgICAgICAgKiBuZWVkIHRvIHNldCB1cCAlcjE0IGhlcmUsIHdoaWxlICVy MTUgaXMgcmVxdWlyZWQgdG8gc3RpbGwgYmUgemVyby4KKyAgICAgICAgICov CisgICAgICAgIEdFVF9TVEFDS19FTkQoMTQpCiAgICAgICAgIGptcCAgIGhh bmRsZV9leGNlcHRpb25fc2F2ZWQKIAogICAgICAgICAvKiBjcmVhdGVfYm91 bmNlX2ZyYW1lICYgaGVscGVycyBkb24ndCBuZWVkIHRvIGJlIGluIC50ZXh0 LmVudHJ5ICovCg== --=separator Content-Type: application/octet-stream; name="xsa259-4.6.patch" Content-Disposition: attachment; filename="xsa259-4.6.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiB4ODY6IGZpeCBzbG93IGludDgwIHBhdGggYWZ0ZXIgWFBUSSBhZGRpdGlv bnMKCkZvciB0aGUgaW50ODAgc2xvdyBwYXRoIHRvIGp1bXAgdG8gaGFuZGxl X2V4Y2VwdGlvbl9zYXZlZCwgJXIxNCBuZWVkcyB0bwpiZSBzZXQgdXAgc3Vp dGFibHkgZm9yIFhQVEkgcHVycG9zZXMuIFRoaXMgaXMgYmVjYXVzZSBvZiB0 aGUgZGlmZmVyZW5jZQppbiBuYXR1cmUgYmV0d2VlbiB0aGUgaW50ODAgcGF0 aCAod2hpY2ggaXMgc3luY2hyb25vdXMgV1JUIGd1ZXN0CmFjdGlvbnMpIGFu ZCB0aGUgZXhjZXB0aW9uIHBhdGggd2hpY2ggaXMgcG90ZW50aWFsbHkgYXN5 bmNocm9ub3VzLgoKVGhpcyBpcyBYU0EtMjU5LgoKUmVwb3J0ZWQtYnk6IEFu ZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+ClJlcG9y dGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXgu Y29tPgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3Vz ZS5jb20+ClJldmlld2VkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9l bnRyeS5TCisrKyBiL3hlbi9hcmNoL3g4Ni94ODZfNjQvZW50cnkuUwpAQCAt NDQyLDYgKzQ0MiwxMiBAQCBpbnQ4MF9zbG93X3BhdGg6CiAgICAgICAgIG1v dmwgICRUUkFQX2dwX2ZhdWx0LFVSRUdTX2VudHJ5X3ZlY3RvciglcnNwKQog ICAgICAgICAvKiBBIEdQRiB3b3VsZG4ndCBoYXZlIGluY3JlbWVudGVkIHRo ZSBpbnN0cnVjdGlvbiBwb2ludGVyLiAqLwogICAgICAgICBzdWJxICAkMixV UkVHU19yaXAoJXJzcCkKKyAgICAgICAgLyoKKyAgICAgICAgICogV2hpbGUg d2UndmUgY2xlYXJlZCB4ZW5fY3IzIGFib3ZlIGFscmVhZHksIG5vcm1hbCBl eGNlcHRpb24gaGFuZGxpbmcKKyAgICAgICAgICogY29kZSBoYXMgbG9naWMg dG8gcmVzdG9yZSB0aGUgb3JpZ2luYWwgdmFsdWUgZnJvbSAlcjE1LiBUaGVy ZWZvcmUgd2UKKyAgICAgICAgICogbmVlZCB0byBzZXQgdXAgJXIxNCBoZXJl LCB3aGlsZSAlcjE1IGlzIHJlcXVpcmVkIHRvIHN0aWxsIGJlIHplcm8uCisg ICAgICAgICAqLworICAgICAgICBHRVRfU1RBQ0tfQkFTRSglcjE0KQogICAg ICAgICBqbXAgICBoYW5kbGVfZXhjZXB0aW9uX3NhdmVkCiAKIC8qIENSRUFU RSBBIEJBU0lDIEVYQ0VQVElPTiBGUkFNRSBPTiBHVUVTVCBPUyBTVEFDSzog ICAgICAgICAgICAgICAgICAgICAqLwo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWFubm91 bmNlIG1haWxpbmcgbGlzdApYZW4tYW5ub3VuY2VAbGlzdHMueGVucHJvamVjdC5vcmcKaHR0cHM6 Ly9saXN0cy54ZW5wcm9qZWN0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3hlbi1hbm5vdW5jZQ== --=separator--