From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xen.org security team Subject: Xen Security Advisory 219 - x86: insufficient reference counts during shadow emulation Date: Tue, 20 Jun 2017 12:00:07 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com Cc: "Xen.org security team" List-Id: xen-devel@lists.xenproject.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-219 version 2 x86: insufficient reference counts during shadow emulation UPDATES IN VERSION 2 ==================== Public release. Add caveat about exploitability by a single HVM guest, to Impact. ISSUE DESCRIPTION ================= When using shadow paging, writes to guest pagetables must be trapped and emulated, so the shadows can be suitably adjusted as well. When emulating the write, Xen maps the guests pagetable(s) to make the final adjustment and leave the guest's view of its state consistent. However, when mapping the frame, Xen drops the page reference before performing the write. This is a race window where the underlying frame can change ownership. One possible attack scenario is for the frame to change ownership and to be inserted into a PV guest's pagetables. At that point, the emulated write will be an unaudited modification to the PV pagetables whose value is under guest control. IMPACT ====== A malicious pair of guests may be able to elevate their privilege to that of Xen. We have not ruled out the possibility that a single malicious HVM guest may be able to elevate their privilege to that of Xen. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only x86 systems are affected. ARM systems are not vulnerable. HVM guests using shadow mode paging can exploit this vulnerability. HVM guests using Hardware Assisted Paging (HAP) cannot exploit this vulnerability. To discover whether your HVM guests are using HAP, or shadow page tables: request debug key `q' (from the Xen console, or with `xl debug-keys q'). This will print (to the console, and visible in `xl dmesg'), debug information for every domain, containing something like this: (XEN) General information for domain 2: (XEN) refcnt=1 dying=2 pause_count=2 (XEN) nr_pages=2 xenheap_pages=0 shared_pages=0 paged_pages=0 dirty_cpus={} max_pages=262400 (XEN) handle=ef58ef1a-784d-4e59-8079-42bdee87f219 vm_assist=00000000 (XEN) paging assistance: hap refcounts translate external ^^^ The presence of `hap' here indicates that the host is not vulnerable to this domain. For an HVM domain the presence of `shadow' indicates that the domain can exploit the vulnerability. Xen 4.6 and later have the option to compile-out shadow paging support. (The default is to compile with shadow paging support). If Xen is built without shadow support, it is not vulnerable. Exploiting this race condition requires coordination between an x86 HVM guest using shadow paging, and a PV guest. Running only HVM guests avoids the vulnerability, unless stub device models are in use (since stub device models are PV domains, each controlled by the corresponding guest). Running only PV guests avoids the vulnerability. MITIGATION ========== Where the HVM guest is explicitly configured to use shadow paging (eg via the `hap=0' xl domain configuration file parameter), changing to HAP (eg by setting `hap=1') will avoid exposing the vulnerability to those guests. HAP is the default (in upstream Xen), where the hardware supports it; so this mitigation is only applicable if HAP has been disabled by configuration. (This mitigation is not applicable to PV guests.) CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa219.patch xen-unstable xsa219-4.8.patch Xen 4.8, 4.7 xsa219-4.6.patch Xen 4.6 xsa219-4.5.patch Xen 4.5, 4.4 $ sha256sum xsa219* d06759d11dad3b128e65ade9e6afc1c728b65457cc32c34f46690f959c48644f xsa219.patch 0dd27ad66f964ba163dbc72e3a074d171b0e1edf9b322d811feb7f5c1deb4437 xsa219-4.5.patch d5fdd9d75dbad4a2315f48f8aec5dd3a10b92307320b5c141e2c1e69e422510c xsa219-4.6.patch a2023599abbc3b8f46cd430bec154401ef166493fcb5787f2f6fb9802b12f9b4 xsa219-4.8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZSQ3PAAoJEIP+FMlX6CvZI5sIAITAsYzu8vcLGz2erkTQOFQ/ 87MWZ/OPMHZISeG9Y1lEUYNJ0I/pkvEe6HHGpL1JZegtBkuuMnLIb4XfPFvIuVOs pwETinpd+FkmhpfPWDc6vKaS9tYUZFi/h7ORcJTn/j6/JWoaqdbCJC+x1hI5UhsA 6iZHNQuuSIM1WH7pAyywhzovsoTnsI5pBYU69cDO6szo7Ig34BmVpliin2qkp0TV T673fktUoZWcYZK05TvFbAkG7UCQk1Wu46eiHx2SB+dFZ2wXdtxCZnCY5guCrF1i BqAiJj+MrYMZ38yfoY3XgoIcam3pQTai8bYo5xj8Jcuws0cPK9ja2LBwfHv0YTM= =Eoho -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa219.patch" Content-Disposition: attachment; filename="xsa219.patch" Content-Transfer-Encoding: base64 RnJvbSBkZTc4MmMwZTEwNmM5ZWUwMTE3M2Q1MDVhMjU0YTVlZGJhZmI4ZTQw IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUaHUsIDExIE1h eSAyMDE3IDE0OjQ3OjAwICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3No YWRvdzogSG9sZCByZWZlcmVuY2VzIGZvciB0aGUgZHVyYXRpb24gb2YgZW11 bGF0ZWQKIHdyaXRlcwoKVGhlIChtaXNuYW1lZCkgZW11bGF0ZV9ndmFfdG9f bWZuKCkgZnVuY3Rpb24gdHJhbnNsYXRlcyBhIGxpbmVhciBhZGRyZXNzIHRv IGFuCm1mbiwgYnV0IHJlbGVhc2VzIGl0cyBwYWdlIHJlZmVyZW5jZSBiZWZv cmUgcmV0dXJuaW5nIHRoZSBtZm4gdG8gaXRzIGNhbGxlci4KCnNoX2VtdWxh dGVfbWFwX2Rlc3QoKSB1c2VzIHRoZSByZXN1bHRzIG9mIG9uZSBvciB0d28g dHJhbnNsYXRpb25zIHRvIGNvbnN0cnVjdAphIHZpcnR1YWwgbWFwcGluZyB0 byB0aGUgdW5kZXJseWluZyBmcmFtZXMsIGNvbXBsZXRlcyBhbiBlbXVsYXRl ZAp3cml0ZS9jbXB4Y2hnLCB0aGVuIHVubWFwcyB0aGUgdmlydHVhbCBtYXBw aW5ncy4KClRoZSBwYWdlIHJlZmVyZW5jZXMgbmVlZCBob2xkaW5nIHVudGls IHRoZSBtYXBwaW5ncyBhcmUgdW5tYXBwZWQsIG9yIHRoZQpmcmFtZXMgY2Fu IGNoYW5nZSBvd25lcnNoaXAgYmVmb3JlIHRoZSB3cml0ZXMgb2NjdXJzLgoK VGhpcyBpcyBYU0EtMjE5CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8 YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5k cmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3 ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFRpbSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgotLS0KIHhlbi9hcmNo L3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMgfCA1NCArKysrKysrKysrKysrKysr KysrKysrKysrKystLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDM2 IGluc2VydGlvbnMoKyksIDE4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMgYi94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L2NvbW1vbi5jCmluZGV4IGQ0MzIxOTguLjJlNjRhNzcg MTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMK KysrIGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9jb21tb24uYwpAQCAtMTYy Nyw3ICsxNjI3LDEwIEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgc2hhZG93X2dl dF9hbGxvY2F0aW9uKHN0cnVjdCBkb21haW4gKmQpCiAvKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKiovCiAvKiBIYW5kbGluZyBndWVzdCB3cml0ZXMg dG8gcGFnZXRhYmxlcy4gKi8KIAotLyogVHJhbnNsYXRlIGEgVkEgdG8gYW4g TUZOLCBpbmplY3RpbmcgYSBwYWdlLWZhdWx0IGlmIHdlIGZhaWwuICovCisv KgorICogVHJhbnNsYXRlIGEgVkEgdG8gYW4gTUZOLCBpbmplY3RpbmcgYSBw YWdlLWZhdWx0IGlmIHdlIGZhaWwuICBJZiB0aGUKKyAqIG1hcHBpbmcgc3Vj Y2VlZHMsIGEgcmVmZXJlbmNlIHdpbGwgYmUgaGVsZCBvbiB0aGUgdW5kZXJs eWluZyBwYWdlLgorICovCiAjZGVmaW5lIEJBRF9HVkFfVE9fR0ZOICh+MFVM KQogI2RlZmluZSBCQURfR0ZOX1RPX01GTiAofjFVTCkKICNkZWZpbmUgUkVB RE9OTFlfR0ZOICAgKH4yVUwpCkBAIC0xNjczLDE2ICsxNjc2LDE1IEBAIHN0 YXRpYyBtZm5fdCBlbXVsYXRlX2d2YV90b19tZm4oc3RydWN0IHZjcHUgKnYs IHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgQVNTRVJUKG1mbl92YWxpZCht Zm4pKTsKIAogICAgIHYtPmFyY2gucGFnaW5nLmxhc3Rfd3JpdGVfd2FzX3B0 ID0gISFzaF9tZm5faXNfYV9wYWdlX3RhYmxlKG1mbik7Ci0gICAgLyoKLSAg ICAgKiBOb3RlIHNoYWRvdyBjYW5ub3QgcGFnZSBvdXQgb3IgdW5zaGFyZSB0 aGlzIG1mbiwgc28gdGhlIG1hcCB3b24ndAotICAgICAqIGRpc2FwcGVhci4g T3RoZXJ3aXNlLCBjYWxsZXIgbXVzdCBob2xkIG9udG8gcGFnZSB1bnRpbCBk b25lLgotICAgICAqLwotICAgIHB1dF9wYWdlKHBhZ2UpOwogCiAgICAgcmV0 dXJuIG1mbjsKIH0KIAotLyogQ2hlY2sgdGhhdCB0aGUgdXNlciBpcyBhbGxv d2VkIHRvIHBlcmZvcm0gdGhpcyB3cml0ZS4gKi8KKy8qCisgKiBDaGVjayB0 aGF0IHRoZSB1c2VyIGlzIGFsbG93ZWQgdG8gcGVyZm9ybSB0aGlzIHdyaXRl LiAgSWYgYSBtYXBwaW5nIGlzCisgKiByZXR1cm5lZCwgcGFnZSByZWZlcmVu Y2VzIHdpbGwgYmUgaGVsZCBvbiBzaF9jdHh0LT5tZm5bMF0gYW5kCisgKiBz aF9jdHh0LT5tZm5bMV0gaWZmICFJTlZBTElEX01GTi4KKyAqLwogdm9pZCAq c2hfZW11bGF0ZV9tYXBfZGVzdChzdHJ1Y3QgdmNwdSAqdiwgdW5zaWduZWQg bG9uZyB2YWRkciwKICAgICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWdu ZWQgaW50IGJ5dGVzLAogICAgICAgICAgICAgICAgICAgICAgICAgICBzdHJ1 Y3Qgc2hfZW11bGF0ZV9jdHh0ICpzaF9jdHh0KQpAQCAtMTY5MCwxMyArMTY5 Miw2IEBAIHZvaWQgKnNoX2VtdWxhdGVfbWFwX2Rlc3Qoc3RydWN0IHZjcHUg KnYsIHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgc3RydWN0IGRvbWFpbiAq ZCA9IHYtPmRvbWFpbjsKICAgICB2b2lkICptYXA7CiAKLSAgICBzaF9jdHh0 LT5tZm5bMF0gPSBlbXVsYXRlX2d2YV90b19tZm4odiwgdmFkZHIsIHNoX2N0 eHQpOwotICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm5bMF0pICkK LSAgICAgICAgcmV0dXJuICgobWZuX3goc2hfY3R4dC0+bWZuWzBdKSA9PSBC QURfR1ZBX1RPX0dGTikgPwotICAgICAgICAgICAgICAgIE1BUFBJTkdfRVhD RVBUSU9OIDoKLSAgICAgICAgICAgICAgICAobWZuX3goc2hfY3R4dC0+bWZu WzBdKSA9PSBSRUFET05MWV9HRk4pID8KLSAgICAgICAgICAgICAgICBNQVBQ SU5HX1NJTEVOVF9GQUlMIDogTUFQUElOR19VTkhBTkRMRUFCTEUpOwotCiAj aWZuZGVmIE5ERUJVRwogICAgIC8qIFdlIGRvbid0IGVtdWxhdGUgdXNlci1t b2RlIHdyaXRlcyB0byBwYWdlIHRhYmxlcy4gKi8KICAgICBpZiAoIGlzX2h2 bV9kb21haW4oZCkgPyBodm1fZ2V0X2NwbCh2KSA9PSAzCkBAIC0xNzA4LDYg KzE3MDMsMTcgQEAgdm9pZCAqc2hfZW11bGF0ZV9tYXBfZGVzdChzdHJ1Y3Qg dmNwdSAqdiwgdW5zaWduZWQgbG9uZyB2YWRkciwKICAgICB9CiAjZW5kaWYK IAorICAgIHNoX2N0eHQtPm1mblswXSA9IGVtdWxhdGVfZ3ZhX3RvX21mbih2 LCB2YWRkciwgc2hfY3R4dCk7CisgICAgaWYgKCAhbWZuX3ZhbGlkKHNoX2N0 eHQtPm1mblswXSkgKQorICAgIHsKKyAgICAgICAgc3dpdGNoICggbWZuX3go c2hfY3R4dC0+bWZuWzBdKSApCisgICAgICAgIHsKKyAgICAgICAgY2FzZSBC QURfR1ZBX1RPX0dGTjogcmV0dXJuIE1BUFBJTkdfRVhDRVBUSU9OOworICAg ICAgICBjYXNlIFJFQURPTkxZX0dGTjogICByZXR1cm4gTUFQUElOR19TSUxF TlRfRkFJTDsKKyAgICAgICAgZGVmYXVsdDogICAgICAgICAgICAgcmV0dXJu IE1BUFBJTkdfVU5IQU5ETEVBQkxFOworICAgICAgICB9CisgICAgfQorCiAg ICAgLyogVW5hbGlnbmVkIHdyaXRlcyBtZWFuIHByb2JhYmx5IHRoaXMgaXNu J3QgYSBwYWdldGFibGUuICovCiAgICAgaWYgKCB2YWRkciAmIChieXRlcyAt IDEpICkKICAgICAgICAgc2hfcmVtb3ZlX3NoYWRvd3MoZCwgc2hfY3R4dC0+ bWZuWzBdLCAwLCAwIC8qIFNsb3csIGNhbiBmYWlsLiAqLyApOwpAQCAtMTcy NCw2ICsxNzMwLDcgQEAgdm9pZCAqc2hfZW11bGF0ZV9tYXBfZGVzdChzdHJ1 Y3QgdmNwdSAqdiwgdW5zaWduZWQgbG9uZyB2YWRkciwKICAgICAgICAgICog Q3Jvc3MtcGFnZSBlbXVsYXRlZCB3cml0ZXMgYXJlIG9ubHkgc3VwcG9ydGVk IGZvciBIVk0gZ3Vlc3RzOwogICAgICAgICAgKiBQViBndWVzdHMgb3VnaHQg dG8ga25vdyBiZXR0ZXIuCiAgICAgICAgICAqLworICAgICAgICBwdXRfcGFn ZShtZm5fdG9fcGFnZShzaF9jdHh0LT5tZm5bMF0pKTsKICAgICAgICAgcmV0 dXJuIE1BUFBJTkdfVU5IQU5ETEVBQkxFOwogICAgIH0KICAgICBlbHNlCkBA IC0xNzMyLDE3ICsxNzM5LDI2IEBAIHZvaWQgKnNoX2VtdWxhdGVfbWFwX2Rl c3Qoc3RydWN0IHZjcHUgKnYsIHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAg ICAgIHNoX2N0eHQtPm1mblsxXSA9IGVtdWxhdGVfZ3ZhX3RvX21mbigKICAg ICAgICAgICAgIHYsICh2YWRkciArIGJ5dGVzIC0gMSkgJiBQQUdFX01BU0ss IHNoX2N0eHQpOwogICAgICAgICBpZiAoICFtZm5fdmFsaWQoc2hfY3R4dC0+ bWZuWzFdKSApCi0gICAgICAgICAgICByZXR1cm4gKChtZm5feChzaF9jdHh0 LT5tZm5bMV0pID09IEJBRF9HVkFfVE9fR0ZOKSA/Ci0gICAgICAgICAgICAg ICAgICAgIE1BUFBJTkdfRVhDRVBUSU9OIDoKLSAgICAgICAgICAgICAgICAg ICAgKG1mbl94KHNoX2N0eHQtPm1mblsxXSkgPT0gUkVBRE9OTFlfR0ZOKSA/ Ci0gICAgICAgICAgICAgICAgICAgIE1BUFBJTkdfU0lMRU5UX0ZBSUwgOiBN QVBQSU5HX1VOSEFORExFQUJMRSk7CisgICAgICAgIHsKKyAgICAgICAgICAg IHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0eHQtPm1mblswXSkpOworICAg ICAgICAgICAgc3dpdGNoICggbWZuX3goc2hfY3R4dC0+bWZuWzFdKSApCisg ICAgICAgICAgICB7CisgICAgICAgICAgICBjYXNlIEJBRF9HVkFfVE9fR0ZO OiByZXR1cm4gTUFQUElOR19FWENFUFRJT047CisgICAgICAgICAgICBjYXNl IFJFQURPTkxZX0dGTjogICByZXR1cm4gTUFQUElOR19TSUxFTlRfRkFJTDsK KyAgICAgICAgICAgIGRlZmF1bHQ6ICAgICAgICAgICAgIHJldHVybiBNQVBQ SU5HX1VOSEFORExFQUJMRTsKKyAgICAgICAgICAgIH0KKyAgICAgICAgfQog CiAgICAgICAgIC8qIENyb3NzLXBhZ2Ugd3JpdGVzIG1lYW4gcHJvYmFibHkg bm90IGEgcGFnZXRhYmxlLiAqLwogICAgICAgICBzaF9yZW1vdmVfc2hhZG93 cyhkLCBzaF9jdHh0LT5tZm5bMV0sIDAsIDAgLyogU2xvdywgY2FuIGZhaWwu ICovICk7CiAKICAgICAgICAgbWFwID0gdm1hcChzaF9jdHh0LT5tZm4sIDIp OwogICAgICAgICBpZiAoICFtYXAgKQorICAgICAgICB7CisgICAgICAgICAg ICBwdXRfcGFnZShtZm5fdG9fcGFnZShzaF9jdHh0LT5tZm5bMF0pKTsKKyAg ICAgICAgICAgIHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0eHQtPm1mblsx XSkpOwogICAgICAgICAgICAgcmV0dXJuIE1BUFBJTkdfVU5IQU5ETEVBQkxF OworICAgICAgICB9CiAgICAgICAgIG1hcCArPSAodmFkZHIgJiB+UEFHRV9N QVNLKTsKICAgICB9CiAKQEAgLTE4MTIsMTAgKzE4MjgsMTIgQEAgdm9pZCBz aF9lbXVsYXRlX3VubWFwX2Rlc3Qoc3RydWN0IHZjcHUgKnYsIHZvaWQgKmFk ZHIsIHVuc2lnbmVkIGludCBieXRlcywKICAgICB9CiAKICAgICBwYWdpbmdf bWFya19kaXJ0eSh2LT5kb21haW4sIHNoX2N0eHQtPm1mblswXSk7CisgICAg cHV0X3BhZ2UobWZuX3RvX3BhZ2Uoc2hfY3R4dC0+bWZuWzBdKSk7CiAKICAg ICBpZiAoIHVubGlrZWx5KG1mbl92YWxpZChzaF9jdHh0LT5tZm5bMV0pKSAp CiAgICAgewogICAgICAgICBwYWdpbmdfbWFya19kaXJ0eSh2LT5kb21haW4s IHNoX2N0eHQtPm1mblsxXSk7CisgICAgICAgIHB1dF9wYWdlKG1mbl90b19w YWdlKHNoX2N0eHQtPm1mblsxXSkpOwogICAgICAgICB2dW5tYXAoKHZvaWQg KikoKHVuc2lnbmVkIGxvbmcpYWRkciAmIFBBR0VfTUFTSykpOwogICAgIH0K ICAgICBlbHNlCi0tIAoyLjEuNAoK --=separator Content-Type: application/octet-stream; name="xsa219-4.5.patch" Content-Disposition: attachment; filename="xsa219-4.5.patch" Content-Transfer-Encoding: base64 RnJvbSA2OTI2ZTQwOTQzZWVmMGUwZWY3YWNmYzUzY2VlODE5YTQxYTQxMjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUaHUsIDExIE1h eSAyMDE3IDE0OjQ3OjAwICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3No YWRvdzogSG9sZCByZWZlcmVuY2VzIGZvciB0aGUgZHVyYXRpb24gb2YgZW11 bGF0ZWQKIHdyaXRlcwoKVGhlIChtaXNuYW1lZCkgZW11bGF0ZV9ndmFfdG9f bWZuKCkgZnVuY3Rpb24gdHJhbnNsYXRlcyBhIGxpbmVhciBhZGRyZXNzIHRv IGFuCm1mbiwgYnV0IHJlbGVhc2VzIGl0cyBwYWdlIHJlZmVyZW5jZSBiZWZv cmUgcmV0dXJuaW5nIHRoZSBtZm4gdG8gaXRzIGNhbGxlci4KCnNoX2VtdWxh dGVfbWFwX2Rlc3QoKSB1c2VzIHRoZSByZXN1bHRzIG9mIG9uZSBvciB0d28g dHJhbnNsYXRpb25zIHRvIGNvbnN0cnVjdAphIHZpcnR1YWwgbWFwcGluZyB0 byB0aGUgdW5kZXJseWluZyBmcmFtZXMsIGNvbXBsZXRlcyBhbiBlbXVsYXRl ZAp3cml0ZS9jbXB4Y2hnLCB0aGVuIHVubWFwcyB0aGUgdmlydHVhbCBtYXBw aW5ncy4KClRoZSBwYWdlIHJlZmVyZW5jZXMgbmVlZCBob2xkaW5nIHVudGls IHRoZSBtYXBwaW5ncyBhcmUgdW5tYXBwZWQsIG9yIHRoZQpmcmFtZXMgY2Fu IGNoYW5nZSBvd25lcnNoaXAgYmVmb3JlIHRoZSB3cml0ZXMgb2NjdXJzLgoK VGhpcyBpcyBYU0EtMjE5CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8 YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5k cmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3 ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFRpbSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgotLS0KIHhlbi9hcmNo L3g4Ni9tbS9zaGFkb3cvbXVsdGkuYyB8IDU4ICsrKysrKysrKysrKysrKysr KysrKysrKysrKysrLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDQw IGluc2VydGlvbnMoKyksIDE4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYyBiL3hlbi9hcmNoL3g4 Ni9tbS9zaGFkb3cvbXVsdGkuYwppbmRleCA3NTg5ZDIzLi5lMTZiZjFiIDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvbW0vc2hhZG93L211bHRpLmMKKysr IGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5jCkBAIC00NTU1LDcg KzQ1NTUsMTAgQEAgc3RhdGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0 cnVjdCB2Y3B1ICp2LCBwYWRkcl90IGdwYSkKIC8qKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKi8KIC8qIEhhbmRsaW5nIEhWTSBndWVzdCB3cml0ZXMg dG8gcGFnZXRhYmxlcyAgKi8KIAotLyogVHJhbnNsYXRlIGEgVkEgdG8gYW4g TUZOLCBpbmplY3RpbmcgYSBwYWdlLWZhdWx0IGlmIHdlIGZhaWwgKi8KKy8q CisgKiBUcmFuc2xhdGUgYSBWQSB0byBhbiBNRk4sIGluamVjdGluZyBhIHBh Z2UtZmF1bHQgaWYgd2UgZmFpbC4gIElmIHRoZQorICogbWFwcGluZyBzdWNj ZWVkcywgYSByZWZlcmVuY2Ugd2lsbCBiZSBoZWxkIG9uIHRoZSB1bmRlcmx5 aW5nIHBhZ2UuCisgKi8KICNkZWZpbmUgQkFEX0dWQV9UT19HRk4gKH4wVUwp CiAjZGVmaW5lIEJBRF9HRk5fVE9fTUZOICh+MVVMKQogI2RlZmluZSBSRUFE T05MWV9HRk4gICAofjJVTCkKQEAgLTQ2MDQsMTQgKzQ2MDcsMTUgQEAgc3Rh dGljIG1mbl90IGVtdWxhdGVfZ3ZhX3RvX21mbihzdHJ1Y3QgdmNwdSAqdiwK ICAgICBBU1NFUlQobWZuX3ZhbGlkKG1mbikpOwogCiAgICAgdi0+YXJjaC5w YWdpbmcubGFzdF93cml0ZV93YXNfcHQgPSAhIXNoX21mbl9pc19hX3BhZ2Vf dGFibGUobWZuKTsKLSAgICAvKiBOb3RlIHNoYWRvdyBjYW5ub3QgcGFnZSBv dXQgb3IgdW5zaGFyZSB0aGlzIG1mbiwgc28gdGhlIG1hcCB3b24ndAotICAg ICAqIGRpc2FwcGVhci4gT3RoZXJ3aXNlLCBjYWxsZXIgbXVzdCBob2xkIG9u dG8gcGFnZSB1bnRpbCBkb25lLiAqLwotICAgIHB1dF9wYWdlKHBhZ2UpOwor CiAgICAgcmV0dXJuIG1mbjsKIH0KIAotLyogQ2hlY2sgdGhhdCB0aGUgdXNl ciBpcyBhbGxvd2VkIHRvIHBlcmZvcm0gdGhpcyB3cml0ZS4gCi0gKiBSZXR1 cm5zIGEgbWFwcGVkIHBvaW50ZXIgdG8gd3JpdGUgdG8sIG9yIE5VTEwgZm9y IGVycm9yLiAqLworLyoKKyAqIENoZWNrIHRoYXQgdGhlIHVzZXIgaXMgYWxs b3dlZCB0byBwZXJmb3JtIHRoaXMgd3JpdGUuICBJZiBhIG1hcHBpbmcgaXMK KyAqIHJldHVybmVkLCBwYWdlIHJlZmVyZW5jZXMgd2lsbCBiZSBoZWxkIG9u IHNoX2N0eHQtPm1mbjEgYW5kCisgKiBzaF9jdHh0LT5tZm4yIGlmZiAhSU5W QUxJRF9NRk4uCisgKi8KICNkZWZpbmUgTUFQUElOR19VTkhBTkRMRUFCTEUg KCh2b2lkICopKHVuc2lnbmVkIGxvbmcpWDg2RU1VTF9VTkhBTkRMRUFCTEUp CiAjZGVmaW5lIE1BUFBJTkdfRVhDRVBUSU9OICAgICgodm9pZCAqKSh1bnNp Z25lZCBsb25nKVg4NkVNVUxfRVhDRVBUSU9OKQogI2RlZmluZSBNQVBQSU5H X1NJTEVOVF9GQUlMICAoKHZvaWQgKikodW5zaWduZWQgbG9uZylYODZFTVVM X09LQVkpCkBAIC00NjIzLDEzICs0NjI3LDYgQEAgc3RhdGljIHZvaWQgKmVt dWxhdGVfbWFwX2Rlc3Qoc3RydWN0IHZjcHUgKnYsCiB7CiAgICAgdm9pZCAq bWFwID0gTlVMTDsKIAotICAgIHNoX2N0eHQtPm1mbjEgPSBlbXVsYXRlX2d2 YV90b19tZm4odiwgdmFkZHIsIHNoX2N0eHQpOwotICAgIGlmICggIW1mbl92 YWxpZChzaF9jdHh0LT5tZm4xKSApIAotICAgICAgICByZXR1cm4gKChtZm5f eChzaF9jdHh0LT5tZm4xKSA9PSBCQURfR1ZBX1RPX0dGTikgPwotICAgICAg ICAgICAgICAgIE1BUFBJTkdfRVhDRVBUSU9OIDoKLSAgICAgICAgICAgICAg ICAobWZuX3goc2hfY3R4dC0+bWZuMSkgPT0gUkVBRE9OTFlfR0ZOKSA/Ci0g ICAgICAgICAgICAgICAgTUFQUElOR19TSUxFTlRfRkFJTCA6IE1BUFBJTkdf VU5IQU5ETEVBQkxFKTsKLQogI2lmbmRlZiBOREVCVUcKICAgICAvKiBXZSBk b24ndCBlbXVsYXRlIHVzZXItbW9kZSB3cml0ZXMgdG8gcGFnZSB0YWJsZXMg Ki8KICAgICBpZiAoIGh2bV9nZXRfc2VnX3JlZyh4ODZfc2VnX3NzLCBzaF9j dHh0KS0+YXR0ci5maWVsZHMuZHBsID09IDMgKQpAQCAtNDY0MCw2ICs0NjM3 LDE3IEBAIHN0YXRpYyB2b2lkICplbXVsYXRlX21hcF9kZXN0KHN0cnVjdCB2 Y3B1ICp2LAogICAgIH0KICNlbmRpZgogICAgICAgICAgICAgICAgIAorICAg IHNoX2N0eHQtPm1mbjEgPSBlbXVsYXRlX2d2YV90b19tZm4odiwgdmFkZHIs IHNoX2N0eHQpOworICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm4x KSApCisgICAgeworICAgICAgICBzd2l0Y2ggKCBtZm5feChzaF9jdHh0LT5t Zm4xKSApCisgICAgICAgIHsKKyAgICAgICAgY2FzZSBCQURfR1ZBX1RPX0dG TjogcmV0dXJuIE1BUFBJTkdfRVhDRVBUSU9OOworICAgICAgICBjYXNlIFJF QURPTkxZX0dGTjogICByZXR1cm4gTUFQUElOR19TSUxFTlRfRkFJTDsKKyAg ICAgICAgZGVmYXVsdDogICAgICAgICAgICAgcmV0dXJuIE1BUFBJTkdfVU5I QU5ETEVBQkxFOworICAgICAgICB9CisgICAgfQorCiAgICAgLyogVW5hbGln bmVkIHdyaXRlcyBtZWFuIHByb2JhYmx5IHRoaXMgaXNuJ3QgYSBwYWdldGFi bGUgKi8KICAgICBpZiAoIHZhZGRyICYgKGJ5dGVzIC0gMSkgKQogICAgICAg ICBzaF9yZW1vdmVfc2hhZG93cyh2LCBzaF9jdHh0LT5tZm4xLCAwLCAwIC8q IFNsb3csIGNhbiBmYWlsICovICk7CkBAIC00NjU3LDE2ICs0NjY1LDI0IEBA IHN0YXRpYyB2b2lkICplbXVsYXRlX21hcF9kZXN0KHN0cnVjdCB2Y3B1ICp2 LAogICAgICAgICAvKiBDcm9zcy1wYWdlIGVtdWxhdGVkIHdyaXRlcyBhcmUg b25seSBzdXBwb3J0ZWQgZm9yIEhWTSBndWVzdHM7IAogICAgICAgICAgKiBQ ViBndWVzdHMgb3VnaHQgdG8ga25vdyBiZXR0ZXIgKi8KICAgICAgICAgaWYg KCAhaXNfaHZtX3ZjcHUodikgKQorICAgICAgICB7CisgICAgICAgICAgICBw dXRfcGFnZShtZm5fdG9fcGFnZShzaF9jdHh0LT5tZm4xKSk7CiAgICAgICAg ICAgICByZXR1cm4gTUFQUElOR19VTkhBTkRMRUFCTEU7CisgICAgICAgIH0K IAogICAgICAgICAvKiBUaGlzIHdyaXRlIGNyb3NzZXMgYSBwYWdlIGJvdW5k YXJ5LiAgVHJhbnNsYXRlIHRoZSBzZWNvbmQgcGFnZSAqLwogICAgICAgICBz aF9jdHh0LT5tZm4yID0gZW11bGF0ZV9ndmFfdG9fbWZuKHYsICh2YWRkciAr IGJ5dGVzIC0gMSkgJiBQQUdFX01BU0ssCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgc2hfY3R4dCk7Ci0gICAgICAgIGlm ICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm4yKSApIAotICAgICAgICAgICAg cmV0dXJuICgobWZuX3goc2hfY3R4dC0+bWZuMikgPT0gQkFEX0dWQV9UT19H Rk4pID8KLSAgICAgICAgICAgICAgICAgICAgTUFQUElOR19FWENFUFRJT04g OgotICAgICAgICAgICAgICAgICAgICAobWZuX3goc2hfY3R4dC0+bWZuMikg PT0gUkVBRE9OTFlfR0ZOKSA/Ci0gICAgICAgICAgICAgICAgICAgIE1BUFBJ TkdfU0lMRU5UX0ZBSUwgOiBNQVBQSU5HX1VOSEFORExFQUJMRSk7CisgICAg ICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm4yKSApCisgICAgICAg IHsKKyAgICAgICAgICAgIHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0eHQt Pm1mbjEpKTsKKyAgICAgICAgICAgIHN3aXRjaCAoIG1mbl94KHNoX2N0eHQt Pm1mbjIpICkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgIGNhc2UgQkFE X0dWQV9UT19HRk46IHJldHVybiBNQVBQSU5HX0VYQ0VQVElPTjsKKyAgICAg ICAgICAgIGNhc2UgUkVBRE9OTFlfR0ZOOiAgIHJldHVybiBNQVBQSU5HX1NJ TEVOVF9GQUlMOworICAgICAgICAgICAgZGVmYXVsdDogICAgICAgICAgICAg cmV0dXJuIE1BUFBJTkdfVU5IQU5ETEVBQkxFOworICAgICAgICAgICAgfQor ICAgICAgICB9CiAKICAgICAgICAgLyogQ3Jvc3MtcGFnZSB3cml0ZXMgbWVh biBwcm9iYWJseSBub3QgYSBwYWdldGFibGUgKi8KICAgICAgICAgc2hfcmVt b3ZlX3NoYWRvd3Modiwgc2hfY3R4dC0+bWZuMiwgMCwgMCAvKiBTbG93LCBj YW4gZmFpbCAqLyApOwpAQCAtNDY3NSw3ICs0NjkxLDExIEBAIHN0YXRpYyB2 b2lkICplbXVsYXRlX21hcF9kZXN0KHN0cnVjdCB2Y3B1ICp2LAogICAgICAg ICBtZm5zWzFdID0gbWZuX3goc2hfY3R4dC0+bWZuMik7CiAgICAgICAgIG1h cCA9IHZtYXAobWZucywgMik7CiAgICAgICAgIGlmICggIW1hcCApCisgICAg ICAgIHsKKyAgICAgICAgICAgIHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0 eHQtPm1mbjEpKTsKKyAgICAgICAgICAgIHB1dF9wYWdlKG1mbl90b19wYWdl KHNoX2N0eHQtPm1mbjIpKTsKICAgICAgICAgICAgIHJldHVybiBNQVBQSU5H X1VOSEFORExFQUJMRTsKKyAgICAgICAgfQogICAgICAgICBtYXAgKz0gKHZh ZGRyICYgflBBR0VfTUFTSyk7CiAgICAgfQogCkBAIC00NzUwLDEwICs0Nzcw LDEyIEBAIHN0YXRpYyB2b2lkIGVtdWxhdGVfdW5tYXBfZGVzdChzdHJ1Y3Qg dmNwdSAqdiwKICAgICB9CiAKICAgICBwYWdpbmdfbWFya19kaXJ0eSh2LT5k b21haW4sIG1mbl94KHNoX2N0eHQtPm1mbjEpKTsKKyAgICBwdXRfcGFnZSht Zm5fdG9fcGFnZShzaF9jdHh0LT5tZm4xKSk7CiAKICAgICBpZiAoIHVubGlr ZWx5KG1mbl92YWxpZChzaF9jdHh0LT5tZm4yKSkgKQogICAgIHsKICAgICAg ICAgcGFnaW5nX21hcmtfZGlydHkodi0+ZG9tYWluLCBtZm5feChzaF9jdHh0 LT5tZm4yKSk7CisgICAgICAgIHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0 eHQtPm1mbjIpKTsKICAgICAgICAgdnVubWFwKCh2b2lkICopKCh1bnNpZ25l ZCBsb25nKWFkZHIgJiBQQUdFX01BU0spKTsKICAgICB9CiAgICAgZWxzZSAK LS0gCjIuMS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa219-4.6.patch" Content-Disposition: attachment; filename="xsa219-4.6.patch" Content-Transfer-Encoding: base64 RnJvbSA5NzdlNjE5ZGNkNTNiZWM3MjMxNDE4OGFlZWYyNWYwMzI5NzUxMzVm IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUaHUsIDExIE1h eSAyMDE3IDE0OjQ3OjAwICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3No YWRvdzogSG9sZCByZWZlcmVuY2VzIGZvciB0aGUgZHVyYXRpb24gb2YgZW11 bGF0ZWQKIHdyaXRlcwoKVGhlIChtaXNuYW1lZCkgZW11bGF0ZV9ndmFfdG9f bWZuKCkgZnVuY3Rpb24gdHJhbnNsYXRlcyBhIGxpbmVhciBhZGRyZXNzIHRv IGFuCm1mbiwgYnV0IHJlbGVhc2VzIGl0cyBwYWdlIHJlZmVyZW5jZSBiZWZv cmUgcmV0dXJuaW5nIHRoZSBtZm4gdG8gaXRzIGNhbGxlci4KCnNoX2VtdWxh dGVfbWFwX2Rlc3QoKSB1c2VzIHRoZSByZXN1bHRzIG9mIG9uZSBvciB0d28g dHJhbnNsYXRpb25zIHRvIGNvbnN0cnVjdAphIHZpcnR1YWwgbWFwcGluZyB0 byB0aGUgdW5kZXJseWluZyBmcmFtZXMsIGNvbXBsZXRlcyBhbiBlbXVsYXRl ZAp3cml0ZS9jbXB4Y2hnLCB0aGVuIHVubWFwcyB0aGUgdmlydHVhbCBtYXBw aW5ncy4KClRoZSBwYWdlIHJlZmVyZW5jZXMgbmVlZCBob2xkaW5nIHVudGls IHRoZSBtYXBwaW5ncyBhcmUgdW5tYXBwZWQsIG9yIHRoZQpmcmFtZXMgY2Fu IGNoYW5nZSBvd25lcnNoaXAgYmVmb3JlIHRoZSB3cml0ZXMgb2NjdXJzLgoK VGhpcyBpcyBYU0EtMjE5CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8 YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5k cmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3 ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFRpbSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgotLS0KIHhlbi9hcmNo L3g4Ni9tbS9zaGFkb3cvbXVsdGkuYyB8IDU2ICsrKysrKysrKysrKysrKysr KysrKysrKysrKysrLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDM5 IGluc2VydGlvbnMoKyksIDE3IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYyBiL3hlbi9hcmNoL3g4 Ni9tbS9zaGFkb3cvbXVsdGkuYwppbmRleCA3MTQ3N2ZlLi5jMzRlYmUwIDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvbW0vc2hhZG93L211bHRpLmMKKysr IGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9tdWx0aS5jCkBAIC00NTg2LDcg KzQ1ODYsMTAgQEAgc3RhdGljIHZvaWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0 cnVjdCB2Y3B1ICp2LCBwYWRkcl90IGdwYSkKIC8qKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKi8KIC8qIEhhbmRsaW5nIEhWTSBndWVzdCB3cml0ZXMg dG8gcGFnZXRhYmxlcyAgKi8KIAotLyogVHJhbnNsYXRlIGEgVkEgdG8gYW4g TUZOLCBpbmplY3RpbmcgYSBwYWdlLWZhdWx0IGlmIHdlIGZhaWwgKi8KKy8q CisgKiBUcmFuc2xhdGUgYSBWQSB0byBhbiBNRk4sIGluamVjdGluZyBhIHBh Z2UtZmF1bHQgaWYgd2UgZmFpbC4gIElmIHRoZQorICogbWFwcGluZyBzdWNj ZWVkcywgYSByZWZlcmVuY2Ugd2lsbCBiZSBoZWxkIG9uIHRoZSB1bmRlcmx5 aW5nIHBhZ2UuCisgKi8KICNkZWZpbmUgQkFEX0dWQV9UT19HRk4gKH4wVUwp CiAjZGVmaW5lIEJBRF9HRk5fVE9fTUZOICh+MVVMKQogI2RlZmluZSBSRUFE T05MWV9HRk4gICAofjJVTCkKQEAgLTQ2MzUsMTQgKzQ2MzgsMTUgQEAgc3Rh dGljIG1mbl90IGVtdWxhdGVfZ3ZhX3RvX21mbihzdHJ1Y3QgdmNwdSAqdiwK ICAgICBBU1NFUlQobWZuX3ZhbGlkKG1mbikpOwogCiAgICAgdi0+YXJjaC5w YWdpbmcubGFzdF93cml0ZV93YXNfcHQgPSAhIXNoX21mbl9pc19hX3BhZ2Vf dGFibGUobWZuKTsKLSAgICAvKiBOb3RlIHNoYWRvdyBjYW5ub3QgcGFnZSBv dXQgb3IgdW5zaGFyZSB0aGlzIG1mbiwgc28gdGhlIG1hcCB3b24ndAotICAg ICAqIGRpc2FwcGVhci4gT3RoZXJ3aXNlLCBjYWxsZXIgbXVzdCBob2xkIG9u dG8gcGFnZSB1bnRpbCBkb25lLiAqLwotICAgIHB1dF9wYWdlKHBhZ2UpOwor CiAgICAgcmV0dXJuIG1mbjsKIH0KIAotLyogQ2hlY2sgdGhhdCB0aGUgdXNl ciBpcyBhbGxvd2VkIHRvIHBlcmZvcm0gdGhpcyB3cml0ZS4KLSAqIFJldHVy bnMgYSBtYXBwZWQgcG9pbnRlciB0byB3cml0ZSB0bywgb3IgTlVMTCBmb3Ig ZXJyb3IuICovCisvKgorICogQ2hlY2sgdGhhdCB0aGUgdXNlciBpcyBhbGxv d2VkIHRvIHBlcmZvcm0gdGhpcyB3cml0ZS4gIElmIGEgbWFwcGluZyBpcwor ICogcmV0dXJuZWQsIHBhZ2UgcmVmZXJlbmNlcyB3aWxsIGJlIGhlbGQgb24g c2hfY3R4dC0+bWZuMSBhbmQKKyAqIHNoX2N0eHQtPm1mbjIgaWZmICFJTlZB TElEX01GTi4KKyAqLwogI2RlZmluZSBNQVBQSU5HX1VOSEFORExFQUJMRSAo KHZvaWQgKikodW5zaWduZWQgbG9uZylYODZFTVVMX1VOSEFORExFQUJMRSkK ICNkZWZpbmUgTUFQUElOR19FWENFUFRJT04gICAgKCh2b2lkICopKHVuc2ln bmVkIGxvbmcpWDg2RU1VTF9FWENFUFRJT04pCiAjZGVmaW5lIE1BUFBJTkdf U0lMRU5UX0ZBSUwgICgodm9pZCAqKSh1bnNpZ25lZCBsb25nKVg4NkVNVUxf T0tBWSkKQEAgLTQ2NTUsMTMgKzQ2NTksNiBAQCBzdGF0aWMgdm9pZCAqZW11 bGF0ZV9tYXBfZGVzdChzdHJ1Y3QgdmNwdSAqdiwKICAgICBzdHJ1Y3QgZG9t YWluICpkID0gdi0+ZG9tYWluOwogICAgIHZvaWQgKm1hcCA9IE5VTEw7CiAK LSAgICBzaF9jdHh0LT5tZm4xID0gZW11bGF0ZV9ndmFfdG9fbWZuKHYsIHZh ZGRyLCBzaF9jdHh0KTsKLSAgICBpZiAoICFtZm5fdmFsaWQoc2hfY3R4dC0+ bWZuMSkgKQotICAgICAgICByZXR1cm4gKChtZm5feChzaF9jdHh0LT5tZm4x KSA9PSBCQURfR1ZBX1RPX0dGTikgPwotICAgICAgICAgICAgICAgIE1BUFBJ TkdfRVhDRVBUSU9OIDoKLSAgICAgICAgICAgICAgICAobWZuX3goc2hfY3R4 dC0+bWZuMSkgPT0gUkVBRE9OTFlfR0ZOKSA/Ci0gICAgICAgICAgICAgICAg TUFQUElOR19TSUxFTlRfRkFJTCA6IE1BUFBJTkdfVU5IQU5ETEVBQkxFKTsK LQogI2lmbmRlZiBOREVCVUcKICAgICAvKiBXZSBkb24ndCBlbXVsYXRlIHVz ZXItbW9kZSB3cml0ZXMgdG8gcGFnZSB0YWJsZXMgKi8KICAgICBpZiAoIGh2 bV9nZXRfc2VnX3JlZyh4ODZfc2VnX3NzLCBzaF9jdHh0KS0+YXR0ci5maWVs ZHMuZHBsID09IDMgKQpAQCAtNDY3Miw2ICs0NjY5LDE3IEBAIHN0YXRpYyB2 b2lkICplbXVsYXRlX21hcF9kZXN0KHN0cnVjdCB2Y3B1ICp2LAogICAgIH0K ICNlbmRpZgogCisgICAgc2hfY3R4dC0+bWZuMSA9IGVtdWxhdGVfZ3ZhX3Rv X21mbih2LCB2YWRkciwgc2hfY3R4dCk7CisgICAgaWYgKCAhbWZuX3ZhbGlk KHNoX2N0eHQtPm1mbjEpICkKKyAgICB7CisgICAgICAgIHN3aXRjaCAoIG1m bl94KHNoX2N0eHQtPm1mbjEpICkKKyAgICAgICAgeworICAgICAgICBjYXNl IEJBRF9HVkFfVE9fR0ZOOiByZXR1cm4gTUFQUElOR19FWENFUFRJT047Cisg ICAgICAgIGNhc2UgUkVBRE9OTFlfR0ZOOiAgIHJldHVybiBNQVBQSU5HX1NJ TEVOVF9GQUlMOworICAgICAgICBkZWZhdWx0OiAgICAgICAgICAgICByZXR1 cm4gTUFQUElOR19VTkhBTkRMRUFCTEU7CisgICAgICAgIH0KKyAgICB9CisK ICAgICAvKiBVbmFsaWduZWQgd3JpdGVzIG1lYW4gcHJvYmFibHkgdGhpcyBp c24ndCBhIHBhZ2V0YWJsZSAqLwogICAgIGlmICggdmFkZHIgJiAoYnl0ZXMg LSAxKSApCiAgICAgICAgIHNoX3JlbW92ZV9zaGFkb3dzKGQsIHNoX2N0eHQt Pm1mbjEsIDAsIDAgLyogU2xvdywgY2FuIGZhaWwgKi8gKTsKQEAgLTQ2ODks MTYgKzQ2OTcsMjQgQEAgc3RhdGljIHZvaWQgKmVtdWxhdGVfbWFwX2Rlc3Qo c3RydWN0IHZjcHUgKnYsCiAgICAgICAgIC8qIENyb3NzLXBhZ2UgZW11bGF0 ZWQgd3JpdGVzIGFyZSBvbmx5IHN1cHBvcnRlZCBmb3IgSFZNIGd1ZXN0czsK ICAgICAgICAgICogUFYgZ3Vlc3RzIG91Z2h0IHRvIGtub3cgYmV0dGVyICov CiAgICAgICAgIGlmICggIWlzX2h2bV9kb21haW4oZCkgKQorICAgICAgICB7 CisgICAgICAgICAgICBwdXRfcGFnZShtZm5fdG9fcGFnZShzaF9jdHh0LT5t Zm4xKSk7CiAgICAgICAgICAgICByZXR1cm4gTUFQUElOR19VTkhBTkRMRUFC TEU7CisgICAgICAgIH0KIAogICAgICAgICAvKiBUaGlzIHdyaXRlIGNyb3Nz ZXMgYSBwYWdlIGJvdW5kYXJ5LiAgVHJhbnNsYXRlIHRoZSBzZWNvbmQgcGFn ZSAqLwogICAgICAgICBzaF9jdHh0LT5tZm4yID0gZW11bGF0ZV9ndmFfdG9f bWZuKHYsICh2YWRkciArIGJ5dGVzIC0gMSkgJiBQQUdFX01BU0ssCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2hfY3R4 dCk7CiAgICAgICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm4yKSAp Ci0gICAgICAgICAgICByZXR1cm4gKChtZm5feChzaF9jdHh0LT5tZm4yKSA9 PSBCQURfR1ZBX1RPX0dGTikgPwotICAgICAgICAgICAgICAgICAgICBNQVBQ SU5HX0VYQ0VQVElPTiA6Ci0gICAgICAgICAgICAgICAgICAgIChtZm5feChz aF9jdHh0LT5tZm4yKSA9PSBSRUFET05MWV9HRk4pID8KLSAgICAgICAgICAg ICAgICAgICAgTUFQUElOR19TSUxFTlRfRkFJTCA6IE1BUFBJTkdfVU5IQU5E TEVBQkxFKTsKKyAgICAgICAgeworICAgICAgICAgICAgcHV0X3BhZ2UobWZu X3RvX3BhZ2Uoc2hfY3R4dC0+bWZuMSkpOworICAgICAgICAgICAgc3dpdGNo ICggbWZuX3goc2hfY3R4dC0+bWZuMikgKQorICAgICAgICAgICAgeworICAg ICAgICAgICAgY2FzZSBCQURfR1ZBX1RPX0dGTjogcmV0dXJuIE1BUFBJTkdf RVhDRVBUSU9OOworICAgICAgICAgICAgY2FzZSBSRUFET05MWV9HRk46ICAg cmV0dXJuIE1BUFBJTkdfU0lMRU5UX0ZBSUw7CisgICAgICAgICAgICBkZWZh dWx0OiAgICAgICAgICAgICByZXR1cm4gTUFQUElOR19VTkhBTkRMRUFCTEU7 CisgICAgICAgICAgICB9CisgICAgICAgIH0KIAogICAgICAgICAvKiBDcm9z cy1wYWdlIHdyaXRlcyBtZWFuIHByb2JhYmx5IG5vdCBhIHBhZ2V0YWJsZSAq LwogICAgICAgICBzaF9yZW1vdmVfc2hhZG93cyhkLCBzaF9jdHh0LT5tZm4y LCAwLCAwIC8qIFNsb3csIGNhbiBmYWlsICovICk7CkBAIC00NzA3LDcgKzQ3 MjMsMTEgQEAgc3RhdGljIHZvaWQgKmVtdWxhdGVfbWFwX2Rlc3Qoc3RydWN0 IHZjcHUgKnYsCiAgICAgICAgIG1mbnNbMV0gPSBzaF9jdHh0LT5tZm4yOwog ICAgICAgICBtYXAgPSB2bWFwKG1mbnMsIDIpOwogICAgICAgICBpZiAoICFt YXAgKQorICAgICAgICB7CisgICAgICAgICAgICBwdXRfcGFnZShtZm5fdG9f cGFnZShzaF9jdHh0LT5tZm4xKSk7CisgICAgICAgICAgICBwdXRfcGFnZSht Zm5fdG9fcGFnZShzaF9jdHh0LT5tZm4yKSk7CiAgICAgICAgICAgICByZXR1 cm4gTUFQUElOR19VTkhBTkRMRUFCTEU7CisgICAgICAgIH0KICAgICAgICAg bWFwICs9ICh2YWRkciAmIH5QQUdFX01BU0spOwogICAgIH0KIApAQCAtNDc4 MiwxMCArNDgwMiwxMiBAQCBzdGF0aWMgdm9pZCBlbXVsYXRlX3VubWFwX2Rl c3Qoc3RydWN0IHZjcHUgKnYsCiAgICAgfQogCiAgICAgcGFnaW5nX21hcmtf ZGlydHkodi0+ZG9tYWluLCBtZm5feChzaF9jdHh0LT5tZm4xKSk7CisgICAg cHV0X3BhZ2UobWZuX3RvX3BhZ2Uoc2hfY3R4dC0+bWZuMSkpOwogCiAgICAg aWYgKCB1bmxpa2VseShtZm5fdmFsaWQoc2hfY3R4dC0+bWZuMikpICkKICAg ICB7CiAgICAgICAgIHBhZ2luZ19tYXJrX2RpcnR5KHYtPmRvbWFpbiwgbWZu X3goc2hfY3R4dC0+bWZuMikpOworICAgICAgICBwdXRfcGFnZShtZm5fdG9f cGFnZShzaF9jdHh0LT5tZm4yKSk7CiAgICAgICAgIHZ1bm1hcCgodm9pZCAq KSgodW5zaWduZWQgbG9uZylhZGRyICYgUEFHRV9NQVNLKSk7CiAgICAgfQog ICAgIGVsc2UKLS0gCjIuMS40Cgo= --=separator Content-Type: application/octet-stream; name="xsa219-4.8.patch" Content-Disposition: attachment; filename="xsa219-4.8.patch" Content-Transfer-Encoding: base64 RnJvbSAzOTg2Yjg0NWU4N2MzZjk2MzIyN2VjZTg2YmI2MzM0NTA3NjFlYzE4 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBBbmRyZXcgQ29vcGVy IDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpEYXRlOiBUaHUsIDExIE1h eSAyMDE3IDE0OjQ3OjAwICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3No YWRvdzogSG9sZCByZWZlcmVuY2VzIGZvciB0aGUgZHVyYXRpb24gb2YgZW11 bGF0ZWQKIHdyaXRlcwoKVGhlIChtaXNuYW1lZCkgZW11bGF0ZV9ndmFfdG9f bWZuKCkgZnVuY3Rpb24gdHJhbnNsYXRlcyBhIGxpbmVhciBhZGRyZXNzIHRv IGFuCm1mbiwgYnV0IHJlbGVhc2VzIGl0cyBwYWdlIHJlZmVyZW5jZSBiZWZv cmUgcmV0dXJuaW5nIHRoZSBtZm4gdG8gaXRzIGNhbGxlci4KCnNoX2VtdWxh dGVfbWFwX2Rlc3QoKSB1c2VzIHRoZSByZXN1bHRzIG9mIG9uZSBvciB0d28g dHJhbnNsYXRpb25zIHRvIGNvbnN0cnVjdAphIHZpcnR1YWwgbWFwcGluZyB0 byB0aGUgdW5kZXJseWluZyBmcmFtZXMsIGNvbXBsZXRlcyBhbiBlbXVsYXRl ZAp3cml0ZS9jbXB4Y2hnLCB0aGVuIHVubWFwcyB0aGUgdmlydHVhbCBtYXBw aW5ncy4KClRoZSBwYWdlIHJlZmVyZW5jZXMgbmVlZCBob2xkaW5nIHVudGls IHRoZSBtYXBwaW5ncyBhcmUgdW5tYXBwZWQsIG9yIHRoZQpmcmFtZXMgY2Fu IGNoYW5nZSBvd25lcnNoaXAgYmVmb3JlIHRoZSB3cml0ZXMgb2NjdXJzLgoK VGhpcyBpcyBYU0EtMjE5CgpSZXBvcnRlZC1ieTogQW5kcmV3IENvb3BlciA8 YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KU2lnbmVkLW9mZi1ieTogQW5k cmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNvbT4KUmV2aWV3 ZWQtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KUmV2aWV3 ZWQtYnk6IFRpbSBEZWVnYW4gPHRpbUB4ZW4ub3JnPgotLS0KIHhlbi9hcmNo L3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMgfCA1NCArKysrKysrKysrKysrKysr KysrKysrKysrKystLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDM2 IGluc2VydGlvbnMoKyksIDE4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMgYi94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L2NvbW1vbi5jCmluZGV4IGNlZDIzMTMuLjEzMzA1ZDIg MTAwNjQ0Ci0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9zaGFkb3cvY29tbW9uLmMK KysrIGIveGVuL2FyY2gveDg2L21tL3NoYWRvdy9jb21tb24uYwpAQCAtMTcw Myw3ICsxNzAzLDEwIEBAIHN0YXRpYyB1bnNpZ25lZCBpbnQgc2hhZG93X2dl dF9hbGxvY2F0aW9uKHN0cnVjdCBkb21haW4gKmQpCiAvKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKiovCiAvKiBIYW5kbGluZyBndWVzdCB3cml0ZXMg dG8gcGFnZXRhYmxlcy4gKi8KIAotLyogVHJhbnNsYXRlIGEgVkEgdG8gYW4g TUZOLCBpbmplY3RpbmcgYSBwYWdlLWZhdWx0IGlmIHdlIGZhaWwuICovCisv KgorICogVHJhbnNsYXRlIGEgVkEgdG8gYW4gTUZOLCBpbmplY3RpbmcgYSBw YWdlLWZhdWx0IGlmIHdlIGZhaWwuICBJZiB0aGUKKyAqIG1hcHBpbmcgc3Vj Y2VlZHMsIGEgcmVmZXJlbmNlIHdpbGwgYmUgaGVsZCBvbiB0aGUgdW5kZXJs eWluZyBwYWdlLgorICovCiAjZGVmaW5lIEJBRF9HVkFfVE9fR0ZOICh+MFVM KQogI2RlZmluZSBCQURfR0ZOX1RPX01GTiAofjFVTCkKICNkZWZpbmUgUkVB RE9OTFlfR0ZOICAgKH4yVUwpCkBAIC0xNzUxLDE2ICsxNzU0LDE1IEBAIHN0 YXRpYyBtZm5fdCBlbXVsYXRlX2d2YV90b19tZm4oc3RydWN0IHZjcHUgKnYs IHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgQVNTRVJUKG1mbl92YWxpZCht Zm4pKTsKIAogICAgIHYtPmFyY2gucGFnaW5nLmxhc3Rfd3JpdGVfd2FzX3B0 ID0gISFzaF9tZm5faXNfYV9wYWdlX3RhYmxlKG1mbik7Ci0gICAgLyoKLSAg ICAgKiBOb3RlIHNoYWRvdyBjYW5ub3QgcGFnZSBvdXQgb3IgdW5zaGFyZSB0 aGlzIG1mbiwgc28gdGhlIG1hcCB3b24ndAotICAgICAqIGRpc2FwcGVhci4g T3RoZXJ3aXNlLCBjYWxsZXIgbXVzdCBob2xkIG9udG8gcGFnZSB1bnRpbCBk b25lLgotICAgICAqLwotICAgIHB1dF9wYWdlKHBhZ2UpOwogCiAgICAgcmV0 dXJuIG1mbjsKIH0KIAotLyogQ2hlY2sgdGhhdCB0aGUgdXNlciBpcyBhbGxv d2VkIHRvIHBlcmZvcm0gdGhpcyB3cml0ZS4gKi8KKy8qCisgKiBDaGVjayB0 aGF0IHRoZSB1c2VyIGlzIGFsbG93ZWQgdG8gcGVyZm9ybSB0aGlzIHdyaXRl LiAgSWYgYSBtYXBwaW5nIGlzCisgKiByZXR1cm5lZCwgcGFnZSByZWZlcmVu Y2VzIHdpbGwgYmUgaGVsZCBvbiBzaF9jdHh0LT5tZm5bMF0gYW5kCisgKiBz aF9jdHh0LT5tZm5bMV0gaWZmICFJTlZBTElEX01GTi4KKyAqLwogdm9pZCAq c2hfZW11bGF0ZV9tYXBfZGVzdChzdHJ1Y3QgdmNwdSAqdiwgdW5zaWduZWQg bG9uZyB2YWRkciwKICAgICAgICAgICAgICAgICAgICAgICAgICAgdW5zaWdu ZWQgaW50IGJ5dGVzLAogICAgICAgICAgICAgICAgICAgICAgICAgICBzdHJ1 Y3Qgc2hfZW11bGF0ZV9jdHh0ICpzaF9jdHh0KQpAQCAtMTc2OCwxMyArMTc3 MCw2IEBAIHZvaWQgKnNoX2VtdWxhdGVfbWFwX2Rlc3Qoc3RydWN0IHZjcHUg KnYsIHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgc3RydWN0IGRvbWFpbiAq ZCA9IHYtPmRvbWFpbjsKICAgICB2b2lkICptYXA7CiAKLSAgICBzaF9jdHh0 LT5tZm5bMF0gPSBlbXVsYXRlX2d2YV90b19tZm4odiwgdmFkZHIsIHNoX2N0 eHQpOwotICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm5bMF0pICkK LSAgICAgICAgcmV0dXJuICgobWZuX3goc2hfY3R4dC0+bWZuWzBdKSA9PSBC QURfR1ZBX1RPX0dGTikgPwotICAgICAgICAgICAgICAgIE1BUFBJTkdfRVhD RVBUSU9OIDoKLSAgICAgICAgICAgICAgICAobWZuX3goc2hfY3R4dC0+bWZu WzBdKSA9PSBSRUFET05MWV9HRk4pID8KLSAgICAgICAgICAgICAgICBNQVBQ SU5HX1NJTEVOVF9GQUlMIDogTUFQUElOR19VTkhBTkRMRUFCTEUpOwotCiAj aWZuZGVmIE5ERUJVRwogICAgIC8qIFdlIGRvbid0IGVtdWxhdGUgdXNlci1t b2RlIHdyaXRlcyB0byBwYWdlIHRhYmxlcy4gKi8KICAgICBpZiAoIGhhc19o dm1fY29udGFpbmVyX2RvbWFpbihkKQpAQCAtMTc4Nyw2ICsxNzgyLDE3IEBA IHZvaWQgKnNoX2VtdWxhdGVfbWFwX2Rlc3Qoc3RydWN0IHZjcHUgKnYsIHVu c2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgfQogI2VuZGlmCiAKKyAgICBzaF9j dHh0LT5tZm5bMF0gPSBlbXVsYXRlX2d2YV90b19tZm4odiwgdmFkZHIsIHNo X2N0eHQpOworICAgIGlmICggIW1mbl92YWxpZChzaF9jdHh0LT5tZm5bMF0p ICkKKyAgICB7CisgICAgICAgIHN3aXRjaCAoIG1mbl94KHNoX2N0eHQtPm1m blswXSkgKQorICAgICAgICB7CisgICAgICAgIGNhc2UgQkFEX0dWQV9UT19H Rk46IHJldHVybiBNQVBQSU5HX0VYQ0VQVElPTjsKKyAgICAgICAgY2FzZSBS RUFET05MWV9HRk46ICAgcmV0dXJuIE1BUFBJTkdfU0lMRU5UX0ZBSUw7Cisg ICAgICAgIGRlZmF1bHQ6ICAgICAgICAgICAgIHJldHVybiBNQVBQSU5HX1VO SEFORExFQUJMRTsKKyAgICAgICAgfQorICAgIH0KKwogICAgIC8qIFVuYWxp Z25lZCB3cml0ZXMgbWVhbiBwcm9iYWJseSB0aGlzIGlzbid0IGEgcGFnZXRh YmxlLiAqLwogICAgIGlmICggdmFkZHIgJiAoYnl0ZXMgLSAxKSApCiAgICAg ICAgIHNoX3JlbW92ZV9zaGFkb3dzKGQsIHNoX2N0eHQtPm1mblswXSwgMCwg MCAvKiBTbG93LCBjYW4gZmFpbC4gKi8gKTsKQEAgLTE4MDMsNiArMTgwOSw3 IEBAIHZvaWQgKnNoX2VtdWxhdGVfbWFwX2Rlc3Qoc3RydWN0IHZjcHUgKnYs IHVuc2lnbmVkIGxvbmcgdmFkZHIsCiAgICAgICAgICAqIENyb3NzLXBhZ2Ug ZW11bGF0ZWQgd3JpdGVzIGFyZSBvbmx5IHN1cHBvcnRlZCBmb3IgSFZNIGd1 ZXN0czsKICAgICAgICAgICogUFYgZ3Vlc3RzIG91Z2h0IHRvIGtub3cgYmV0 dGVyLgogICAgICAgICAgKi8KKyAgICAgICAgcHV0X3BhZ2UobWZuX3RvX3Bh Z2Uoc2hfY3R4dC0+bWZuWzBdKSk7CiAgICAgICAgIHJldHVybiBNQVBQSU5H X1VOSEFORExFQUJMRTsKICAgICB9CiAgICAgZWxzZQpAQCAtMTgxMCwxNyAr MTgxNywyNiBAQCB2b2lkICpzaF9lbXVsYXRlX21hcF9kZXN0KHN0cnVjdCB2 Y3B1ICp2LCB1bnNpZ25lZCBsb25nIHZhZGRyLAogICAgICAgICAvKiBUaGlz IHdyaXRlIGNyb3NzZXMgYSBwYWdlIGJvdW5kYXJ5LiBUcmFuc2xhdGUgdGhl IHNlY29uZCBwYWdlLiAqLwogICAgICAgICBzaF9jdHh0LT5tZm5bMV0gPSBl bXVsYXRlX2d2YV90b19tZm4odiwgdmFkZHIgKyBieXRlcyAtIDEsIHNoX2N0 eHQpOwogICAgICAgICBpZiAoICFtZm5fdmFsaWQoc2hfY3R4dC0+bWZuWzFd KSApCi0gICAgICAgICAgICByZXR1cm4gKChtZm5feChzaF9jdHh0LT5tZm5b MV0pID09IEJBRF9HVkFfVE9fR0ZOKSA/Ci0gICAgICAgICAgICAgICAgICAg IE1BUFBJTkdfRVhDRVBUSU9OIDoKLSAgICAgICAgICAgICAgICAgICAgKG1m bl94KHNoX2N0eHQtPm1mblsxXSkgPT0gUkVBRE9OTFlfR0ZOKSA/Ci0gICAg ICAgICAgICAgICAgICAgIE1BUFBJTkdfU0lMRU5UX0ZBSUwgOiBNQVBQSU5H X1VOSEFORExFQUJMRSk7CisgICAgICAgIHsKKyAgICAgICAgICAgIHB1dF9w YWdlKG1mbl90b19wYWdlKHNoX2N0eHQtPm1mblswXSkpOworICAgICAgICAg ICAgc3dpdGNoICggbWZuX3goc2hfY3R4dC0+bWZuWzFdKSApCisgICAgICAg ICAgICB7CisgICAgICAgICAgICBjYXNlIEJBRF9HVkFfVE9fR0ZOOiByZXR1 cm4gTUFQUElOR19FWENFUFRJT047CisgICAgICAgICAgICBjYXNlIFJFQURP TkxZX0dGTjogICByZXR1cm4gTUFQUElOR19TSUxFTlRfRkFJTDsKKyAgICAg ICAgICAgIGRlZmF1bHQ6ICAgICAgICAgICAgIHJldHVybiBNQVBQSU5HX1VO SEFORExFQUJMRTsKKyAgICAgICAgICAgIH0KKyAgICAgICAgfQogCiAgICAg ICAgIC8qIENyb3NzLXBhZ2Ugd3JpdGVzIG1lYW4gcHJvYmFibHkgbm90IGEg cGFnZXRhYmxlLiAqLwogICAgICAgICBzaF9yZW1vdmVfc2hhZG93cyhkLCBz aF9jdHh0LT5tZm5bMV0sIDAsIDAgLyogU2xvdywgY2FuIGZhaWwuICovICk7 CiAKICAgICAgICAgbWFwID0gdm1hcChzaF9jdHh0LT5tZm4sIDIpOwogICAg ICAgICBpZiAoICFtYXAgKQorICAgICAgICB7CisgICAgICAgICAgICBwdXRf cGFnZShtZm5fdG9fcGFnZShzaF9jdHh0LT5tZm5bMF0pKTsKKyAgICAgICAg ICAgIHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0eHQtPm1mblsxXSkpOwog ICAgICAgICAgICAgcmV0dXJuIE1BUFBJTkdfVU5IQU5ETEVBQkxFOworICAg ICAgICB9CiAgICAgICAgIG1hcCArPSAodmFkZHIgJiB+UEFHRV9NQVNLKTsK ICAgICB9CiAKQEAgLTE4OTAsMTAgKzE5MDYsMTIgQEAgdm9pZCBzaF9lbXVs YXRlX3VubWFwX2Rlc3Qoc3RydWN0IHZjcHUgKnYsIHZvaWQgKmFkZHIsIHVu c2lnbmVkIGludCBieXRlcywKICAgICB9CiAKICAgICBwYWdpbmdfbWFya19k aXJ0eSh2LT5kb21haW4sIG1mbl94KHNoX2N0eHQtPm1mblswXSkpOworICAg IHB1dF9wYWdlKG1mbl90b19wYWdlKHNoX2N0eHQtPm1mblswXSkpOwogCiAg ICAgaWYgKCB1bmxpa2VseShtZm5fdmFsaWQoc2hfY3R4dC0+bWZuWzFdKSkg KQogICAgIHsKICAgICAgICAgcGFnaW5nX21hcmtfZGlydHkodi0+ZG9tYWlu LCBtZm5feChzaF9jdHh0LT5tZm5bMV0pKTsKKyAgICAgICAgcHV0X3BhZ2Uo bWZuX3RvX3BhZ2Uoc2hfY3R4dC0+bWZuWzFdKSk7CiAgICAgICAgIHZ1bm1h cCgodm9pZCAqKSgodW5zaWduZWQgbG9uZylhZGRyICYgUEFHRV9NQVNLKSk7 CiAgICAgfQogICAgIGVsc2UKLS0gCjIuMS40Cgo= --=separator Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v cmcveGVuLWRldmVsCg== --=separator--