223963 CVE-2008-1108 2008-05-28 15:02 0000 mail-client/evolution < 2.12-3-r2 iCalendar Buffer Overflow Vulnerabilities (CVE-2008-{1108,1109}) 2008-11-09 10:10:22 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/30298/ B2 [glsa] P2 normal --- 1 vorlon@gentoo.org security@gentoo.org gnome@gentoo.org vorlon@gentoo.org 2008-05-28 15:02:15 0000 This bug is marked confidential, do not disclose any information or commit anything until the bug has been made public. Secunia Research reports a vulnerability in evolution (CVE-2008-{1108,1109}). Preliminary disclosure date is 2008-06-04 10am CET. The following is an excerpt from the vulnerability report, more details are available: Secunia Research has discovered two vulnerabilities in Evolution, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists when parsing timezone strings contained within iCalendar attachments. This can be exploited to overflow a static buffer via an overly long timezone string. Successful exploitation allows execution of arbitrary code, but requires that the ITip Formatter plugin is disabled. 2) A boundary error exists when replying to an iCalendar request while in calendar view. This can be exploited to cause a heap-based buffer overflow via an overly long "DESCRIPTION" property string included in an iCalendar attachment. Successful exploitation allows execution of arbitrary code, but requires that the user accepts the iCalendar request and replies to it from the "Calendars" window. The vulnerabilities are confirmed in version 2.22.1. Other versions may also be affected. [...] Credits should go to: Alin Rad Pop, Secunia Research. vorlon@gentoo.org 2008-05-28 15:04:52 0000 Created an attachment (id=154593) patch for CVE-2008-1108 (2.22.1) vorlon@gentoo.org 2008-05-28 15:05:15 0000 Created an attachment (id=154595) patch for CVE-2008-1109 (2.22.1) dang@gentoo.org 2008-05-29 14:08:07 0000 2.22.2 and 2.23.2 are vulnerable. rbu@gentoo.org 2008-05-31 11:04:11 0000 I could also reproduce the issue with our stable 2.12.3. I'll attach the patches with clean whitespaces, as the ones above do not apply. If you can, please prepare an ebuild for prestabling. rbu@gentoo.org 2008-05-31 11:04:40 0000 Created an attachment (id=154927) evolution-2.12.3-CVE-2008-1108.patch rbu@gentoo.org 2008-05-31 11:04:51 0000 Created an attachment (id=154929) evolution-2.12.3-CVE-2008-1109.patch eva@gentoo.org 2008-05-31 20:40:15 0000 Created an attachment (id=154995) evolution-2.12.3.patch patch for 2.12.3 ebuild eva@gentoo.org 2008-05-31 20:42:39 0000 Created an attachment (id=154999) evolution-2.22.2.patch patch to 2.22.2 ebuild. The first set of patch would need to match the scheme of the second sed of patch to apply properly. rbu@gentoo.org 2008-05-31 23:46:59 0000 Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Security only cared about the (to come)evolution-2.12.3-r2 ebuild. Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86" CC'ing current Liaisons: alpha : yoswink amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer fauli@gentoo.org 2008-06-01 09:30:43 0000 x86 good to go corsair@gentoo.org 2008-06-01 10:41:38 0000 looks good on ppc64 jer@gentoo.org 2008-06-02 03:26:26 0000 HPPA is OK. armin76@gentoo.org 2008-06-02 12:46:16 0000 Looks okay on alpha/ia64/sparc dertobi123@gentoo.org 2008-06-03 19:43:41 0000 also looks good on ppc welp@gentoo.org 2008-06-04 06:24:39 0000 Looks good to go on amd64, too leio@gentoo.org 2008-06-04 07:35:31 0000 Is this 10am CET or CEST? :) py@gentoo.org 2008-06-04 12:04:07 0000 public as per $URL. removing arch liaisons and moving to glsa part. please commit the ebuild with stable keywords gathered. leio@gentoo.org 2008-06-04 13:26:19 0000 evolution-2.22.2-r1 and evolution-2.12.3-r2 has been committed to portage tree, with the gathered stable keywords for the latter, which just leaves release@. CCing them pva@gentoo.org 2008-06-05 05:32:01 0000 Fixed in release snapshot. py@gentoo.org 2008-06-16 20:57:45 0000 GLSA 200806-06 gentoo-bugs@Auftrags-Killer.org 2008-11-08 21:01:12 0000 Is anybody coordinating with upstream? rbu@gentoo.org 2008-11-09 10:10:22 0000 (In reply to comment #21) > Is anybody coordinating with upstream? Can you elaborate? 154593 2008-05-28 15:04 0000 patch for CVE-2008-1108 (2.22.1) evo-CVE-2008-1108.diff text/plain SW5kZXg6IGNhbGVuZGFyL2d1aS9lLWl0aXAtY29udHJvbC5jCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGNhbGVu ZGFyL2d1aS9lLWl0aXAtY29udHJvbC5jCShyZXZpc2lvbiAzNTU1NSkKKysrIGNhbGVuZGFyL2d1 aS9lLWl0aXAtY29udHJvbC5jCSh3b3JraW5nIGNvcHkpCkBAIC02NjAsNyArNjYwLDcgQEAgZmlu ZF9hdHRlbmRlZSAoaWNhbGNvbXBvbmVudCAqaWNhbF9jb21wLAogCiBzdGF0aWMgdm9pZAogd3Jp dGVfbGFiZWxfcGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwgRUNhbENvbXBvbmVudERhdGVUaW1l ICpkdCwKLQkJICAgY2hhciAqYnVmZmVyLCBpbnQgc2l6ZSwKKyAgICAgICAgICAgICAgICAgICBH U3RyaW5nICpidWZmZXIsCiAJCSAgIGNvbnN0IGNoYXIgKnN0ZXh0LCBjb25zdCBjaGFyICpldGV4 dCwKIAkJICAgZ2Jvb2xlYW4ganVzdF9kYXRlKQogewpAQCAtNjg1LDEzICs2ODUsMTMgQEAgd3Jp dGVfbGFiZWxfcGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwgRQogCQl0bXBfdG0udG1faG91ciA9 IHRtcF90bS50bV9taW4gPSB0bXBfdG0udG1fc2VjID0gMDsKIAogCWlmIChzdGV4dCAhPSBOVUxM KQotCQlzdHJjYXQgKGJ1ZmZlciwgc3RleHQpOworCQlnX3N0cmluZ19hcHBlbmQgKGJ1ZmZlciwg c3RleHQpOwogCiAJZV90aW1lX2Zvcm1hdF9kYXRlX2FuZF90aW1lICgmdG1wX3RtLAogCQkJCSAg ICAgY2FsZW5kYXJfY29uZmlnX2dldF8yNF9ob3VyX2Zvcm1hdCAoKSwKIAkJCQkgICAgIEZBTFNF LCBGQUxTRSwKIAkJCQkgICAgIHRpbWVfYnVmLCBzaXplb2YgKHRpbWVfYnVmKSk7Ci0Jc3RyY2F0 IChidWZmZXIsIHRpbWVfYnVmKTsKKwlnX3N0cmluZ19hcHBlbmQgKGJ1ZmZlciwgdGltZV9idWYp OwogCiAJaWYgKCFkdC0+dmFsdWUtPmlzX3V0YyAmJiBkdC0+dHppZCkgewogCQl6b25lID0gaWNh bGNvbXBvbmVudF9nZXRfdGltZXpvbmUgKHByaXYtPnRvcF9sZXZlbCwgZHQtPnR6aWQpOwpAQCAt NzAzLDIxICs3MDMsMjEgQEAgd3JpdGVfbGFiZWxfcGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwg RQogCQkgICBVVEYtOC4gQnV0IGl0IHByb2JhYmx5IGlzIG5vdCB0cmFuc2xhdGVkLiAqLwogCQlk aXNwbGF5X25hbWUgPSBpY2FsdGltZXpvbmVfZ2V0X2Rpc3BsYXlfbmFtZSAoem9uZSk7CiAJCWlm IChkaXNwbGF5X25hbWUgJiYgKmRpc3BsYXlfbmFtZSkgewotCQkJc3RyY2F0IChidWZmZXIsICIg PGZvbnQgc2l6ZT0tMT5bIik7CisJCQlnX3N0cmluZ19hcHBlbmRfbGVuIChidWZmZXIsICIgPGZv bnQgc2l6ZT0tMT5bIiwgMTYpOwogCiAJCQkvKiBXZSBjaGVjayBpZiBpdCBpcyBvbmUgb2Ygb3Vy IGJ1aWx0aW4gdGltZXpvbmUgbmFtZXMsCiAJCQkgICBpbiB3aGljaCBjYXNlIHdlIGNhbGwgZ2V0 dGV4dCB0byB0cmFuc2xhdGUgaXQuICovCiAJCQlpZiAoaWNhbHRpbWV6b25lX2dldF9idWlsdGlu X3RpbWV6b25lIChkaXNwbGF5X25hbWUpKSB7Ci0JCQkJc3RyY2F0IChidWZmZXIsIF8oZGlzcGxh eV9uYW1lKSk7CisJCQkJZ19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoYnVmZmVyLCAiJXMiLCBfKGRp c3BsYXlfbmFtZSkpOwogCQkJfSBlbHNlIHsKLQkJCQlzdHJjYXQgKGJ1ZmZlciwgZGlzcGxheV9u YW1lKTsKKwkJCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRmIChidWZmZXIsICIlcyIsIGRpc3BsYXlf bmFtZSk7CiAJCQl9Ci0JCQlzdHJjYXQgKGJ1ZmZlciwgIl08L2ZvbnQ+Iik7CisJCQlnX3N0cmlu Z19hcHBlbmRfbGVuIChidWZmZXIsICJdPC9mb250PiIsIDgpOwogCQl9CiAJfQogCiAJaWYgKGV0 ZXh0ICE9IE5VTEwpCi0JCXN0cmNhdCAoYnVmZmVyLCBldGV4dCk7CisJCWdfc3RyaW5nX2FwcGVu ZCAoYnVmZmVyLCBldGV4dCk7CiB9CiAKIHN0YXRpYyBjb25zdCBjaGFyICoKQEAgLTc1NCwxOSAr NzU0LDE3IEBAIGdldF9kYXluYW1lIChzdHJ1Y3QgaWNhbHJlY3VycmVuY2V0eXBlICoKIAogc3Rh dGljIHZvaWQKIHdyaXRlX3JlY3VycmVuY2VfcGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwgRUNh bENvbXBvbmVudCAqY29tcCwKLQkJCWNoYXIgKmJ1ZmZlciwgaW50IHNpemUpCisgICAgICAgICAg ICAgICAgICAgICAgICBHU3RyaW5nICpidWZmZXIpCiB7CiAJR1NMaXN0ICpycnVsZXM7CiAJc3Ry dWN0IGljYWxyZWN1cnJlbmNldHlwZSAqcjsKLQlpbnQgbGVuLCBpOworCWludCBpOwogCi0Jc3Ry Y3B5IChidWZmZXIsICI8Yj5SZWN1cnJpbmc6PC9iPiAiKTsKLQlsZW4gPSBzdHJsZW4gKGJ1ZmZl cik7Ci0JYnVmZmVyICs9IGxlbjsKLQlzaXplIC09IGxlbjsKKwlnX3N0cmluZ19hcHBlbmRfbGVu IChidWZmZXIsICI8Yj5SZWN1cnJpbmc6PC9iPiAiLCAxOCk7CiAKIAlpZiAoIWVfY2FsX2NvbXBv bmVudF9oYXNfc2ltcGxlX3JlY3VycmVuY2UgKGNvbXApKSB7Ci0JCXN0cmNweSAoYnVmZmVyLCBf KCJZZXMuIChDb21wbGV4IFJlY3VycmVuY2UpIikpOworCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRm ICgKKwkJCWJ1ZmZlciwgIiVzIiwgXygiWWVzLiAoQ29tcGxleCBSZWN1cnJlbmNlKSIpKTsKIAkJ cmV0dXJuOwogCX0KIApAQCAtNzgyLDcgKzc4MCwxMCBAQCB3cml0ZV9yZWN1cnJlbmNlX3BpZWNl IChFSXRpcENvbnRyb2wgKml0CiAgICAgICAgICAgICAgICAgIEV2ZXJ5ICVkIGRheS9kYXlzIiAq LwogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnRXZlcnkgZGF5JyBpcyBldmVudCBSZWN1cnJpbmcg ZXZlcnkgZGF5ICovCiAJCS8qIEZvciBUcmFuc2xhdG9ycyA6ICdFdmVyeSAlZCBkYXlzJyBpcyBl dmVudCBSZWN1cnJpbmcgZXZlcnkgJWQgZGF5cy4gJWQgaXMgYSBkaWdpdCAqLwotCQlzcHJpbnRm IChidWZmZXIsIG5nZXR0ZXh0KCJFdmVyeSBkYXkiLCAiRXZlcnkgJWQgZGF5cyIsIHItPmludGVy dmFsKSwgci0+aW50ZXJ2YWwpOworCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRmICgKKwkJCWJ1ZmZl ciwgbmdldHRleHQgKCJFdmVyeSBkYXkiLAorCQkJIkV2ZXJ5ICVkIGRheXMiLCByLT5pbnRlcnZh bCksCisJCQlyLT5pbnRlcnZhbCk7CiAJCWJyZWFrOwogCiAJY2FzZSBJQ0FMX1dFRUtMWV9SRUNV UlJFTkNFOgpAQCAtNzkyLDI5ICs3OTMsMzYgQEAgd3JpdGVfcmVjdXJyZW5jZV9waWVjZSAoRUl0 aXBDb250cm9sICppdAogICAgICAgICAgICAgICAgICAgICAgICAgIEV2ZXJ5ICVkIHdlZWsvd2Vl a3MiICovCiAJCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnRXZlcnkgd2VlaycgaXMgZXZlbnQgUmVj dXJyaW5nIGV2ZXJ5IHdlZWsgKi8KIAkJCS8qIEZvciBUcmFuc2xhdG9ycyA6ICdFdmVyeSAlZCB3 ZWVrcycgaXMgZXZlbnQgUmVjdXJyaW5nIGV2ZXJ5ICVkIHdlZWtzLiAlZCBpcyBhIGRpZ2l0ICov Ci0JCQlzcHJpbnRmIChidWZmZXIsIG5nZXR0ZXh0KCJFdmVyeSB3ZWVrIiwgIkV2ZXJ5ICVkIHdl ZWtzIiwgci0+aW50ZXJ2YWwpLCByLT5pbnRlcnZhbCk7CisJCQlnX3N0cmluZ19hcHBlbmRfcHJp bnRmICgKKwkJCQlidWZmZXIsIG5nZXR0ZXh0ICgiRXZlcnkgd2VlayIsCisJCQkJIkV2ZXJ5ICVk IHdlZWtzIiwgci0+aW50ZXJ2YWwpLAorCQkJCXItPmludGVydmFsKTsKIAkJfSBlbHNlIHsKIAkJ CS8qIEZvciBUcmFuc2xhdG9ycyA6ICdFdmVyeSB3ZWVrIG9uJyBpcyBldmVudCBSZWN1cnJpbmcg ZXZlcnkgd2VlayBvbiAoZGF5bmFtZSkgYW5kIChkYXluYW1lKSBhbmQgKGRheW5hbWUpICovCiAJ CQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnRXZlcnkgJWQgd2Vla3Mgb24nIGlzIGV2ZW50IFJlY3Vy cmluZzogZXZlcnkgJWQgd2Vla3Mgb24gKGRheW5hbWUpIGFuZCAoZGF5bmFtZSkuICVkIGlzIGEg ZGlnaXQgKi8KLQkJCXNwcmludGYgKGJ1ZmZlciwgbmdldHRleHQoIkV2ZXJ5IHdlZWsgb24gIiwg IkV2ZXJ5ICVkIHdlZWtzIG9uICIsIHItPmludGVydmFsKSwgci0+aW50ZXJ2YWwpOworCQkJZ19z dHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJCQkJYnVmZmVyLCBuZ2V0dGV4dCAoIkV2ZXJ5IHdlZWsg b24gIiwKKwkJCQkiRXZlcnkgJWQgd2Vla3Mgb24gIiwgci0+aW50ZXJ2YWwpLAorCQkJCXItPmlu dGVydmFsKTsKIAogCQkJZm9yIChpID0gMTsgaSA8IDggJiYgci0+YnlfZGF5W2ldICE9IElDQUxf UkVDVVJSRU5DRV9BUlJBWV9NQVg7IGkrKykgewogCQkJCWlmIChpID4gMSkKLQkJCQkJc3RyY2F0 IChidWZmZXIsICIsICIpOwotCQkJCXN0cmNhdCAoYnVmZmVyLCBnZXRfZGF5bmFtZSAociwgaSAt IDEpKTsKKwkJCQkJZ19zdHJpbmdfYXBwZW5kX2xlbiAoYnVmZmVyLCAiLCAiLCAyKTsKKwkJCQln X3N0cmluZ19hcHBlbmQgKGJ1ZmZlciwgZ2V0X2RheW5hbWUgKHIsIGkgLSAxKSk7CiAJCQl9CiAJ CQlpZiAoaSA+IDEpCiAJCQkJLyogRm9yIFRyYW5zbGF0b3JzIDogJ2FuZCcgaXMgcGFydCBvZiB0 aGUgc2VudGVuY2UgJ2V2ZW50IHJlY3VycmluZyBldmVyeSB3ZWVrIG9uIChkYXluYW1lKSBhbmQg KGRheW5hbWUpJyAqLwotCQkJCXN0cmNhdCAoYnVmZmVyLCBfKCIgYW5kICIpKTsKLQkJCXN0cmNh dCAoYnVmZmVyLCBnZXRfZGF5bmFtZSAociwgaSAtIDEpKTsKKwkJCQlnX3N0cmluZ19hcHBlbmRf cHJpbnRmIChidWZmZXIsICIlcyIsIF8oIiBhbmQgIikpOworCQkJZ19zdHJpbmdfYXBwZW5kIChi dWZmZXIsIGdldF9kYXluYW1lIChyLCBpIC0gMSkpOwogCQl9CiAJCWJyZWFrOwogCiAJY2FzZSBJ Q0FMX01PTlRITFlfUkVDVVJSRU5DRToKIAkJaWYgKHItPmJ5X21vbnRoX2RheVswXSAhPSBJQ0FM X1JFQ1VSUkVOQ0VfQVJSQVlfTUFYKSB7CiAJCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnVGhlICVz IGRheSBvZicgaXMgcGFydCBvZiB0aGUgc2VudGVuY2UgJ2V2ZW50IHJlY3VycmluZyBvbiB0aGUg KG50aCkgZGF5IG9mIGV2ZXJ5IG1vbnRoLicgKi8KLQkJCXNwcmludGYgKGJ1ZmZlciwgXygiVGhl ICVzIGRheSBvZiAiKSwKLQkJCQkgbnRoIChyLT5ieV9tb250aF9kYXlbMF0pKTsKKwkJCWdfc3Ry aW5nX2FwcGVuZF9wcmludGYgKAorCQkJCWJ1ZmZlciwgXygiVGhlICVzIGRheSBvZiAiKSwKKwkJ CQludGggKHItPmJ5X21vbnRoX2RheVswXSkpOwogCQl9IGVsc2UgewogCQkJaW50IHBvczsKIApA QCAtODI4LDIwICs4MzYsMjEgQEAgd3JpdGVfcmVjdXJyZW5jZV9waWVjZSAoRUl0aXBDb250cm9s ICppdAogCiAJCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnVGhlICVzICVzIG9mJyBpcyBwYXJ0IG9m IHRoZSBzZW50ZW5jZSAnZXZlbnQgcmVjdXJyaW5nIG9uIHRoZSAobnRoKSAoZGF5bmFtZSkgb2Yg ZXZlcnkgbW9udGguJwogCQkJICAgZWcsdGhpcmQgbW9uZGF5IG9mIGV2ZXJ5IG1vbnRoICovCi0J CQlzcHJpbnRmIChidWZmZXIsIF8oIlRoZSAlcyAlcyBvZiAiKSwKLQkJCQkgbnRoIChwb3MpLCBn ZXRfZGF5bmFtZSAociwgMCkpOworCQkJZ19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJCQkJYnVm ZmVyLCBfKCJUaGUgJXMgJXMgb2YgIiksCisJCQkJbnRoIChwb3MpLCBnZXRfZGF5bmFtZSAociwg MCkpOwogCQl9CiAKLQkJbGVuID0gc3RybGVuIChidWZmZXIpOwotCQlidWZmZXIgKz0gbGVuOwot CQlzaXplIC09IGxlbjsKICAgICAgICAgICAgICAgLyogRm9yIFRyYW5zbGF0b3JzOiBJbiB0aGlz IGNhbiBhbHNvIGJlIHRyYW5zbGF0ZWQgYXMgIldpdGggdGhlIHBlcmlvZCBvZiAlZAogICAgICAg ICAgICAgICAgICBtb250aC9tb250aHMiLCB3aGVyZSAlZCBpcyBhIG51bWJlci4gVGhlIGVudGly ZSBzZW50ZW5jZSBpcyBvZiB0aGUgZm9ybSAiUmVjdXJyaW5nOgogICAgICAgICAgICAgICAgICBF dmVyeSAlZCBtb250aC9tb250aHMiICovCiAJCS8qIEZvciBUcmFuc2xhdG9ycyA6ICdldmVyeSBt b250aCcgaXMgcGFydCBvZiB0aGUgc2VudGVuY2UgJ2V2ZW50IHJlY3VycmluZyBvbiB0aGUgKG50 aCkgZGF5IG9mIGV2ZXJ5IG1vbnRoLicgKi8KIAkJLyogRm9yIFRyYW5zbGF0b3JzIDogJ2V2ZXJ5 ICVkIG1vbnRocycgaXMgcGFydCBvZiB0aGUgc2VudGVuY2UgJ2V2ZW50IHJlY3VycmluZyBvbiB0 aGUgKG50aCkgZGF5IG9mIGV2ZXJ5ICVkIG1vbnRocy4nCiAJCSAlZCBpcyBhIGRpZ2l0ICovCi0J CXNwcmludGYgKGJ1ZmZlciwgbmdldHRleHQoImV2ZXJ5IG1vbnRoIiwiZXZlcnkgJWQgbW9udGhz Iiwgci0+aW50ZXJ2YWwpLCByLT5pbnRlcnZhbCk7CisJCWdfc3RyaW5nX2FwcGVuZF9wcmludGYg KAorCQkJYnVmZmVyLCBuZ2V0dGV4dCAoImV2ZXJ5IG1vbnRoIiwKKwkJCSJldmVyeSAlZCBtb250 aHMiLCByLT5pbnRlcnZhbCksCisJCQlyLT5pbnRlcnZhbCk7CiAJCWJyZWFrOwogCiAJY2FzZSBJ Q0FMX1lFQVJMWV9SRUNVUlJFTkNFOgpAQCAtODUwLDIwICs4NTksMjIgQEAgd3JpdGVfcmVjdXJy ZW5jZV9waWVjZSAoRUl0aXBDb250cm9sICppdAogICAgICAgICAgICAgICAgICBFdmVyeSAlZCB5 ZWFyL3llYXJzIiAqLwogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnRXZlcnkgeWVhcicgaXMgZXZl bnQgUmVjdXJyaW5nIGV2ZXJ5IHllYXIgKi8KIAkJLyogRm9yIFRyYW5zbGF0b3JzIDogJ0V2ZXJ5 ICVkIHllYXJzJyBpcyBldmVudCBSZWN1cnJpbmcgZXZlcnkgJWQgeWVhcnMuICVkIGlzIGEgZGln aXQgKi8KLQkJc3ByaW50ZiAoYnVmZmVyLCBuZ2V0dGV4dCgiRXZlcnkgeWVhciIsICJFdmVyeSAl ZCB5ZWFycyIsIHItPmludGVydmFsKSwgci0+aW50ZXJ2YWwpOworCQlnX3N0cmluZ19hcHBlbmRf cHJpbnRmICgKKwkJCWJ1ZmZlciwgbmdldHRleHQgKCJFdmVyeSB5ZWFyIiwKKwkJCSJFdmVyeSAl ZCB5ZWFycyIsIHItPmludGVydmFsKSwKKwkJCXItPmludGVydmFsKTsKIAkJYnJlYWs7CiAKIAlk ZWZhdWx0OgogCQlnX3JldHVybl9pZl9yZWFjaGVkICgpOwogCX0KIAotCWxlbiA9IHN0cmxlbiAo YnVmZmVyKTsKLQlidWZmZXIgKz0gbGVuOwotCXNpemUgLT0gbGVuOwogCWlmIChyLT5jb3VudCkg ewogCSAgICAgIC8qIEZvciBUcmFuc2xhdG9yczonYSB0b3RhbCBvZiAlZCB0aW1lJyBpcyBwYXJ0 IG9mIHRoZSBzZW50ZW5jZSBvZiB0aGUgZm9ybSAnZXZlbnQgcmVjdXJyaW5nIGV2ZXJ5IGRheSxh IHRvdGFsIG9mICUgdGltZS4nICVkIGlzIGEgZGlnaXQqLwogCSAgICAgIC8qIEZvciBUcmFuc2xh dG9yczonYSB0b3RhbCBvZiAlZCB0aW1lcycgaXMgcGFydCBvZiB0aGUgc2VudGVuY2Ugb2YgdGhl IGZvcm0gJ2V2ZW50IHJlY3VycmluZyBldmVyeSBkYXksYSB0b3RhbCBvZiAlIHRpbWVzLicgJWQg aXMgYSBkaWdpdCovCi0JCXNwcmludGYgKGJ1ZmZlciwgbmdldHRleHQoImEgdG90YWwgb2YgJWQg dGltZSIsICIgYSB0b3RhbCBvZiAlZCB0aW1lcyIsIHItPmNvdW50KSwgci0+Y291bnQpOworCQln X3N0cmluZ19hcHBlbmRfcHJpbnRmICgKKwkJCWJ1ZmZlciwgbmdldHRleHQgKCJhIHRvdGFsIG9m ICVkIHRpbWUiLAorCQkJIiBhIHRvdGFsIG9mICVkIHRpbWVzIiwgci0+Y291bnQpLCByLT5jb3Vu dCk7CiAJfSBlbHNlIGlmICghaWNhbHRpbWVfaXNfbnVsbF90aW1lIChyLT51bnRpbCkpIHsKIAkJ RUNhbENvbXBvbmVudERhdGVUaW1lIGR0OwogCkBAIC04NzEsMTIgKzg4MiwxMiBAQCB3cml0ZV9y ZWN1cnJlbmNlX3BpZWNlIChFSXRpcENvbnRyb2wgKml0CiAJCWR0LnZhbHVlID0gJnItPnVudGls OwogCQlkdC50emlkID0gaWNhbHRpbWV6b25lX2dldF90emlkICgoaWNhbHRpbWV6b25lICopci0+ dW50aWwuem9uZSk7CiAKLQkJd3JpdGVfbGFiZWxfcGllY2UgKGl0aXAsICZkdCwgYnVmZmVyLCBz aXplLAorCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmR0LCBidWZmZXIsIAogCQkJCSAgIC8q IEZvciBUcmFuc2xhdG9ycyA6ICcsIGVuZGluZyBvbicgaXMgcGFydCBvZiB0aGUgc2VudGVuY2Ug b2YgdGhlIGZvcm0gJ2V2ZW50IHJlY3VycmluZyBldmVyeSBkYXksIGVuZGluZyBvbiAoZGF0ZSku JyovCiAJCQkJICAgXygiLCBlbmRpbmcgb24gIiksIE5VTEwsIFRSVUUpOwogCX0KIAotCXN0cmNh dCAoYnVmZmVyLCAiPGJyPiIpOworCWdfc3RyaW5nX2FwcGVuZF9sZW4gKGJ1ZmZlciwgIjxicj4i LCA0KTsKIH0KIAogc3RhdGljIHZvaWQKQEAgLTg4NCw0NyArODk1LDUxIEBAIHNldF9kYXRlX2xh YmVsIChFSXRpcENvbnRyb2wgKml0aXAsIEd0a0gKIAkJRUNhbENvbXBvbmVudCAqY29tcCkKIHsK IAlFQ2FsQ29tcG9uZW50RGF0ZVRpbWUgZGF0ZXRpbWU7Ci0Jc3RhdGljIGNoYXIgYnVmZmVyWzEw MjRdOworCUdTdHJpbmcgKmJ1ZmZlcjsKIAlnY2hhciAqc3RyOwogCWdib29sZWFuIHdyb3RlID0g RkFMU0UsIHRhc2tfY29tcGxldGVkID0gRkFMU0U7CiAJRUNhbENvbXBvbmVudFZUeXBlIHR5cGU7 CiAKKwlidWZmZXIgPSBnX3N0cmluZ19zaXplZF9uZXcgKDEwMjQpOwogCXR5cGUgPSBlX2NhbF9j b21wb25lbnRfZ2V0X3Z0eXBlIChjb21wKTsKIAotCWJ1ZmZlclswXSA9ICdcMCc7CiAJZV9jYWxf Y29tcG9uZW50X2dldF9kdHN0YXJ0IChjb21wLCAmZGF0ZXRpbWUpOwogCWlmIChkYXRldGltZS52 YWx1ZSkgewogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnc3RhcnRzJyBpcyBzdGFydHM6ZGF0ZSBp bXBseWluZyBhIHRhc2sgc3RhcnRzIG9uIHdoYXQgZGF0ZSAqLwogCQlzdHIgPSBnX3N0cmR1cF9w cmludGYgKCI8Yj4lczo8L2I+IiwgXygiU3RhcnRzIikpOwotCQl3cml0ZV9sYWJlbF9waWVjZSAo aXRpcCwgJmRhdGV0aW1lLCBidWZmZXIsIDEwMjQsCi0JCQkJICBzdHIsCi0JCQkJICAgIjxicj4i LCBGQUxTRSk7Ci0JCWd0a19odG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLCBz dHJsZW4oYnVmZmVyKSk7CisJCXdyaXRlX2xhYmVsX3BpZWNlIChpdGlwLCAmZGF0ZXRpbWUsIGJ1 ZmZlciwgc3RyLCAiPGJyPiIsIEZBTFNFKTsKKwkJZ3RrX2h0bWxfd3JpdGUgKGh0bWwsIGh0bWxf c3RyZWFtLCBidWZmZXItPnN0ciwgYnVmZmVyLT5sZW4pOwogCQl3cm90ZSA9IFRSVUU7CiAJCWdf ZnJlZSAoc3RyKTsKIAl9CiAJZV9jYWxfY29tcG9uZW50X2ZyZWVfZGF0ZXRpbWUgKCZkYXRldGlt ZSk7CiAKLQlidWZmZXJbMF0gPSAnXDAnOworCS8qIFJlc2V0IHRoZSBidWZmZXIuICovCisJZ19z dHJpbmdfdHJ1bmNhdGUgKGJ1ZmZlciwgMCk7CisKIAllX2NhbF9jb21wb25lbnRfZ2V0X2R0ZW5k IChjb21wLCAmZGF0ZXRpbWUpOwogCWlmIChkYXRldGltZS52YWx1ZSl7CiAJCS8qIEZvciBUcmFu c2xhdG9ycyA6ICdlbmRzJyBpcyBlbmRzOmRhdGUgaW1wbHlpbmcgYSB0YXNrIGVuZHMgb24gd2hh dCBkYXRlICovCiAJCXN0ciA9IGdfc3RyZHVwX3ByaW50ZiAoIjxiPiVzOjwvYj4iLCBfKCJFbmRz IikpOwotCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmRhdGV0aW1lLCBidWZmZXIsIDEwMjQs IHN0ciwgIjxicj4iLCBGQUxTRSk7Ci0JCWd0a19odG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVh bSwgYnVmZmVyLCBzdHJsZW4gKGJ1ZmZlcikpOworCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwg JmRhdGV0aW1lLCBidWZmZXIsIHN0ciwgIjxicj4iLCBGQUxTRSk7CisJCWd0a19odG1sX3dyaXRl IChodG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLT5zdHIsIGJ1ZmZlci0+bGVuKTsKIAkJd3JvdGUg PSBUUlVFOwogCQlnX2ZyZWUgKHN0cik7CiAJfQogCWVfY2FsX2NvbXBvbmVudF9mcmVlX2RhdGV0 aW1lICgmZGF0ZXRpbWUpOwogCi0JYnVmZmVyWzBdID0gJ1wwJzsKKwkvKiBSZXNldCB0aGUgYnVm ZmVyLiAqLworCWdfc3RyaW5nX3RydW5jYXRlIChidWZmZXIsIDApOworCiAJaWYgKGVfY2FsX2Nv bXBvbmVudF9oYXNfcmVjdXJyZW5jZXMgKGNvbXApKSB7Ci0JCXdyaXRlX3JlY3VycmVuY2VfcGll Y2UgKGl0aXAsIGNvbXAsIGJ1ZmZlciwgMTAyNCk7Ci0JCWd0a19odG1sX3dyaXRlIChodG1sLCBo dG1sX3N0cmVhbSwgYnVmZmVyLCBzdHJsZW4gKGJ1ZmZlcikpOworCQl3cml0ZV9yZWN1cnJlbmNl X3BpZWNlIChpdGlwLCBjb21wLCBidWZmZXIpOworCQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRt bF9zdHJlYW0sIGJ1ZmZlci0+c3RyLCBidWZmZXItPmxlbik7CiAJCXdyb3RlID0gVFJVRTsKIAl9 CiAKLQlidWZmZXJbMF0gPSAnXDAnOworCS8qIFJlc2V0IHRoZSBidWZmZXIuICovCisJZ19zdHJp bmdfdHJ1bmNhdGUgKGJ1ZmZlciwgMCk7CisKIAlkYXRldGltZS50emlkID0gTlVMTDsKIAllX2Nh bF9jb21wb25lbnRfZ2V0X2NvbXBsZXRlZCAoY29tcCwgJmRhdGV0aW1lLnZhbHVlKTsKIAlpZiAo dHlwZSA9PSBFX0NBTF9DT01QT05FTlRfVE9ETyAmJiBkYXRldGltZS52YWx1ZSkgewpAQCAtOTMy LDIwICs5NDcsMjIgQEAgc2V0X2RhdGVfbGFiZWwgKEVJdGlwQ29udHJvbCAqaXRpcCwgR3RrSAog CQkgICB0aW1lem9uZS4gKi8KIAkJc3RyID0gZ19zdHJkdXBfcHJpbnRmICgiPGI+JXM6PC9iPiIs IF8oIkNvbXBsZXRlZCIpKTsKIAkJZGF0ZXRpbWUudmFsdWUtPmlzX3V0YyA9IFRSVUU7Ci0JCXdy aXRlX2xhYmVsX3BpZWNlIChpdGlwLCAmZGF0ZXRpbWUsIGJ1ZmZlciwgMTAyNCwgc3RyLCAiPGJy PiIsIEZBTFNFKTsKLQkJZ3RrX2h0bWxfd3JpdGUgKGh0bWwsIGh0bWxfc3RyZWFtLCBidWZmZXIs IHN0cmxlbiAoYnVmZmVyKSk7CisJCXdyaXRlX2xhYmVsX3BpZWNlIChpdGlwLCAmZGF0ZXRpbWUs IGJ1ZmZlciwgc3RyLCAiPGJyPiIsIEZBTFNFKTsKKwkJZ3RrX2h0bWxfd3JpdGUgKGh0bWwsIGh0 bWxfc3RyZWFtLCBidWZmZXItPnN0ciwgYnVmZmVyLT5sZW4pOwogCQl3cm90ZSA9IFRSVUU7CiAJ CXRhc2tfY29tcGxldGVkID0gVFJVRTsKIAkJZ19mcmVlIChzdHIpOwogCX0KIAllX2NhbF9jb21w b25lbnRfZnJlZV9kYXRldGltZSAoJmRhdGV0aW1lKTsKIAotCWJ1ZmZlclswXSA9ICdcMCc7CisJ LyogUmVzZXQgdGhlIGJ1ZmZlci4gKi8KKwlnX3N0cmluZ190cnVuY2F0ZSAoYnVmZmVyLCAwKTsK KwogCWVfY2FsX2NvbXBvbmVudF9nZXRfZHVlIChjb21wLCAmZGF0ZXRpbWUpOwogCWlmICh0eXBl ID09IEVfQ0FMX0NPTVBPTkVOVF9UT0RPICYmICF0YXNrX2NvbXBsZXRlZCAmJiBkYXRldGltZS52 YWx1ZSkgewogCQlzdHIgPSBnX3N0cmR1cF9wcmludGYgKCI8Yj4lczo8L2I+IiwgXygiRHVlIikp OwotCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmRhdGV0aW1lLCBidWZmZXIsIDEwMjQsIHN0 ciwgIjxicj4iLCBGQUxTRSk7Ci0JCWd0a19odG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVhbSwg YnVmZmVyLCBzdHJsZW4gKGJ1ZmZlcikpOworCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmRh dGV0aW1lLCBidWZmZXIsIHN0ciwgIjxicj4iLCBGQUxTRSk7CisJCWd0a19odG1sX3dyaXRlICho dG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLT5zdHIsIGJ1ZmZlci0+bGVuKTsKIAkJd3JvdGUgPSBU UlVFOwogCQlnX2ZyZWUgKHN0cik7CiAJfQpAQCAtOTU0LDYgKzk3MSw4IEBAIHNldF9kYXRlX2xh YmVsIChFSXRpcENvbnRyb2wgKml0aXAsIEd0a0gKIAogCWlmICh3cm90ZSkKIAkJZ3RrX2h0bWxf c3RyZWFtX3ByaW50ZiAoaHRtbF9zdHJlYW0sICI8YnI+Iik7CisKKwlnX3N0cmluZ19mcmVlIChi dWZmZXIsIFRSVUUpOwogfQogCiBzdGF0aWMgdm9pZAo= 154595 2008-05-28 15:05 0000 patch for CVE-2008-1109 (2.22.1) evo-CVE-2008-1109.diff text/plain SW5kZXg6IGNhbGVuZGFyL2d1aS9pdGlwLXV0aWxzLmMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY2FsZW5kYXIv Z3VpL2l0aXAtdXRpbHMuYwkocmV2aXNpb24gMzU1NTUpCisrKyBjYWxlbmRhci9ndWkvaXRpcC11 dGlscy5jCSh3b3JraW5nIGNvcHkpCkBAIC0xNzIsNTAgKzE3MiwxNiBAQCBnZXRfYXR0ZW5kZWVf aWZfYXR0ZW5kZWVfc2VudGJ5X2lzX3VzZXIgCiB9CiAKIHN0YXRpYyBjaGFyICoKLWh0bWxfbmV3 X2xpbmVzX2ZvciAoY2hhciAqc3RyaW5nKQoraHRtbF9uZXdfbGluZXNfZm9yIChjb25zdCBjaGFy ICpzdHJpbmcpCiB7Ci0JY2hhciAqaHRtbF9zdHJpbmcgPSAoY2hhciAqKSBtYWxsb2MgKHNpemVv ZiAoY2hhcikqICgzNTAwKSk7Ci0JaW50IGxlbmd0aCA9IHN0cmxlbiAoc3RyaW5nKTsKLQlpbnQg aW5kZXggPSAwOwotCWNoYXIgKmluZGV4X3B0ciA9IHN0cmluZzsKLQljaGFyICp0ZW1wID0gc3Ry aW5nOworCWdjaGFyICoqbGluZXM7CisJZ2NoYXIgKmpvaW5lZDsKIAotCS8qRmluZCB0aGUgZmly c3Qgb2NjdXJlbmNlKi8KLQlpbmRleF9wdHIgPSBzdHJzdHIgKChjb25zdCBjaGFyICopdGVtcCwg IlxuIik7CisJbGluZXMgPSBnX3N0cnNwbGl0X3NldCAoc3RyaW5nLCAiXG4iLCAtMSk7CisJam9p bmVkID0gZ19zdHJqb2ludiAoIjxicj4iLCBsaW5lcyk7CisJZ19zdHJmcmVldiAobGluZXMpOwog Ci0JLypEb2Vzbid0IG9jY3VyKi8KLQlpZiAoaW5kZXhfcHRyID09IE5VTEwpIHsKLQkJc3RyY3B5 IChodG1sX3N0cmluZywgKGNvbnN0IGNoYXIgKilzdHJpbmcpOwotCQlodG1sX3N0cmluZ1tsZW5n dGhdID0gJ1wwJzsKLQkJcmV0dXJuIGh0bWxfc3RyaW5nOwotCX0KLQotCS8qU3BsaXQgaW50byBj aHVua3MgaW5zZXJ0aW5nIDxicj4gZm9yIFxuICovCi0JZG97Ci0JCXdoaWxlICh0ZW1wICE9IGlu ZGV4X3B0cil7Ci0JCQlodG1sX3N0cmluZ1tpbmRleCsrXSA9ICp0ZW1wOwotCQkJdGVtcCsrOwot CQl9Ci0JCXRlbXArKzsKLQotCQlodG1sX3N0cmluZ1tpbmRleCsrXSA9ICc8JzsKLQkJaHRtbF9z dHJpbmdbaW5kZXgrK10gPSAnYic7Ci0JCWh0bWxfc3RyaW5nW2luZGV4KytdID0gJ3InOwotCQlo dG1sX3N0cmluZ1tpbmRleCsrXSA9ICc+JzsKLQotCQlpbmRleF9wdHIgPSBzdHJzdHIgKChjb25z dCBjaGFyICopdGVtcCwgIlxuIik7Ci0KLQl9IHdoaWxlIChpbmRleF9wdHIpOwotCi0JLypEb24n dCBsZWF2ZSBvdXQgdGhlIGxhc3QgY2h1bmsqLwotCXdoaWxlICgqdGVtcCAhPSAnXDAnKXsKLQkJ aHRtbF9zdHJpbmdbaW5kZXgrK10gPSAqdGVtcDsKLQkJdGVtcCsrOwotCX0KLQotCWh0bWxfc3Ry aW5nW2luZGV4XSA9ICdcMCc7Ci0KLQlyZXR1cm4gaHRtbF9zdHJpbmc7CisJcmV0dXJuIGpvaW5l ZDsKIH0KIAogY2hhciAqCg== 154927 2008-05-31 11:04 0000 evolution-2.12.3-CVE-2008-1108.patch evolution-2.12.3-CVE-2008-1108.patch text/plain SW5kZXg6IGNhbGVuZGFyL2d1aS9lLWl0aXAtY29udHJvbC5jCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGNhbGVu ZGFyL2d1aS9lLWl0aXAtY29udHJvbC5jLm9yaWcKKysrIGNhbGVuZGFyL2d1aS9lLWl0aXAtY29u dHJvbC5jCkBAIC02NTAsNyArNjUwLDcgQEAgZmluZF9hdHRlbmRlZSAoaWNhbGNvbXBvbmVudCAq aWNhbF9jb21wLAogCiBzdGF0aWMgdm9pZAogd3JpdGVfbGFiZWxfcGllY2UgKEVJdGlwQ29udHJv bCAqaXRpcCwgRUNhbENvbXBvbmVudERhdGVUaW1lICpkdCwKLQkJICAgY2hhciAqYnVmZmVyLCBp bnQgc2l6ZSwKKyAgICAgICAgICAgICAgICAgICBHU3RyaW5nICpidWZmZXIsCiAJCSAgIGNvbnN0 IGNoYXIgKnN0ZXh0LCBjb25zdCBjaGFyICpldGV4dCwKIAkJICAgZ2Jvb2xlYW4ganVzdF9kYXRl KQogewpAQCAtNjc1LDEzICs2NzUsMTMgQEAgd3JpdGVfbGFiZWxfcGllY2UgKEVJdGlwQ29udHJv bCAqaXRpcCwgRQogCQl0bXBfdG0udG1faG91ciA9IHRtcF90bS50bV9taW4gPSB0bXBfdG0udG1f c2VjID0gMDsKIAogCWlmIChzdGV4dCAhPSBOVUxMKQotCQlzdHJjYXQgKGJ1ZmZlciwgc3RleHQp OworCQlnX3N0cmluZ19hcHBlbmQgKGJ1ZmZlciwgc3RleHQpOwogCiAJZV90aW1lX2Zvcm1hdF9k YXRlX2FuZF90aW1lICgmdG1wX3RtLAogCQkJCSAgICAgY2FsZW5kYXJfY29uZmlnX2dldF8yNF9o b3VyX2Zvcm1hdCAoKSwKIAkJCQkgICAgIEZBTFNFLCBGQUxTRSwKIAkJCQkgICAgIHRpbWVfYnVm LCBzaXplb2YgKHRpbWVfYnVmKSk7Ci0Jc3RyY2F0IChidWZmZXIsIHRpbWVfYnVmKTsKKwlnX3N0 cmluZ19hcHBlbmQgKGJ1ZmZlciwgdGltZV9idWYpOwogCiAJaWYgKCFkdC0+dmFsdWUtPmlzX3V0 YyAmJiBkdC0+dHppZCkgewogCQl6b25lID0gaWNhbGNvbXBvbmVudF9nZXRfdGltZXpvbmUgKHBy aXYtPnRvcF9sZXZlbCwgZHQtPnR6aWQpOwpAQCAtNjkzLDIxICs2OTMsMjEgQEAgd3JpdGVfbGFi ZWxfcGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwgRQogCQkgICBVVEYtOC4gQnV0IGl0IHByb2Jh Ymx5IGlzIG5vdCB0cmFuc2xhdGVkLiAqLwogCQlkaXNwbGF5X25hbWUgPSBpY2FsdGltZXpvbmVf Z2V0X2Rpc3BsYXlfbmFtZSAoem9uZSk7CiAJCWlmIChkaXNwbGF5X25hbWUgJiYgKmRpc3BsYXlf bmFtZSkgewotCQkJc3RyY2F0IChidWZmZXIsICIgPGZvbnQgc2l6ZT0tMT5bIik7CisJCQlnX3N0 cmluZ19hcHBlbmRfbGVuIChidWZmZXIsICIgPGZvbnQgc2l6ZT0tMT5bIiwgMTYpOwogCiAJCQkv KiBXZSBjaGVjayBpZiBpdCBpcyBvbmUgb2Ygb3VyIGJ1aWx0aW4gdGltZXpvbmUgbmFtZXMsCiAJ CQkgICBpbiB3aGljaCBjYXNlIHdlIGNhbGwgZ2V0dGV4dCB0byB0cmFuc2xhdGUgaXQuICovCiAJ CQlpZiAoaWNhbHRpbWV6b25lX2dldF9idWlsdGluX3RpbWV6b25lIChkaXNwbGF5X25hbWUpKSB7 Ci0JCQkJc3RyY2F0IChidWZmZXIsIF8oZGlzcGxheV9uYW1lKSk7CisJCQkJZ19zdHJpbmdfYXBw ZW5kX3ByaW50ZiAoYnVmZmVyLCAiJXMiLCBfKGRpc3BsYXlfbmFtZSkpOwogCQkJfSBlbHNlIHsK LQkJCQlzdHJjYXQgKGJ1ZmZlciwgZGlzcGxheV9uYW1lKTsKKwkJCQlnX3N0cmluZ19hcHBlbmRf cHJpbnRmIChidWZmZXIsICIlcyIsIGRpc3BsYXlfbmFtZSk7CiAJCQl9Ci0JCQlzdHJjYXQgKGJ1 ZmZlciwgIl08L2ZvbnQ+Iik7CisJCQlnX3N0cmluZ19hcHBlbmRfbGVuIChidWZmZXIsICJdPC9m b250PiIsIDgpOwogCQl9CiAJfQogCiAJaWYgKGV0ZXh0ICE9IE5VTEwpCi0JCXN0cmNhdCAoYnVm ZmVyLCBldGV4dCk7CisJCWdfc3RyaW5nX2FwcGVuZCAoYnVmZmVyLCBldGV4dCk7CiB9CiAKIHN0 YXRpYyBjb25zdCBjaGFyICoKQEAgLTc0NCwxOSArNzQ0LDE3IEBAIGdldF9kYXluYW1lIChzdHJ1 Y3QgaWNhbHJlY3VycmVuY2V0eXBlICoKIAogc3RhdGljIHZvaWQKIHdyaXRlX3JlY3VycmVuY2Vf cGllY2UgKEVJdGlwQ29udHJvbCAqaXRpcCwgRUNhbENvbXBvbmVudCAqY29tcCwKLQkJCWNoYXIg KmJ1ZmZlciwgaW50IHNpemUpCisgICAgICAgICAgICAgICAgICAgICAgICBHU3RyaW5nICpidWZm ZXIpCiB7CiAJR1NMaXN0ICpycnVsZXM7CiAJc3RydWN0IGljYWxyZWN1cnJlbmNldHlwZSAqcjsK LQlpbnQgbGVuLCBpOworCWludCBpOwogCi0Jc3RyY3B5IChidWZmZXIsICI8Yj5SZWN1cnJpbmc6 PC9iPiAiKTsKLQlsZW4gPSBzdHJsZW4gKGJ1ZmZlcik7Ci0JYnVmZmVyICs9IGxlbjsKLQlzaXpl IC09IGxlbjsKKwlnX3N0cmluZ19hcHBlbmRfbGVuIChidWZmZXIsICI8Yj5SZWN1cnJpbmc6PC9i PiAiLCAxOCk7CiAKIAlpZiAoIWVfY2FsX2NvbXBvbmVudF9oYXNfc2ltcGxlX3JlY3VycmVuY2Ug KGNvbXApKSB7Ci0JCXN0cmNweSAoYnVmZmVyLCBfKCJZZXMuIChDb21wbGV4IFJlY3VycmVuY2Up IikpOworCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRmICgKKwkJCWJ1ZmZlciwgIiVzIiwgXygiWWVz LiAoQ29tcGxleCBSZWN1cnJlbmNlKSIpKTsKIAkJcmV0dXJuOwogCX0KIApAQCAtNzcyLDcgKzc3 MCwxMCBAQCB3cml0ZV9yZWN1cnJlbmNlX3BpZWNlIChFSXRpcENvbnRyb2wgKml0CiAgICAgICAg ICAgICAgICAgIEV2ZXJ5ICVkIGRheS9kYXlzIiAqLwogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAn RXZlcnkgZGF5JyBpcyBldmVudCBSZWN1cnJpbmcgZXZlcnkgZGF5ICovCiAJCS8qIEZvciBUcmFu c2xhdG9ycyA6ICdFdmVyeSAlZCBkYXlzJyBpcyBldmVudCBSZWN1cnJpbmcgZXZlcnkgJWQgZGF5 cy4gJWQgaXMgYSBkaWdpdCAqLwotCQlzcHJpbnRmIChidWZmZXIsIG5nZXR0ZXh0KCJFdmVyeSBk YXkiLCAiRXZlcnkgJWQgZGF5cyIsIHItPmludGVydmFsKSwgci0+aW50ZXJ2YWwpOworCQlnX3N0 cmluZ19hcHBlbmRfcHJpbnRmICgKKwkJCWJ1ZmZlciwgbmdldHRleHQgKCJFdmVyeSBkYXkiLAor CQkJIkV2ZXJ5ICVkIGRheXMiLCByLT5pbnRlcnZhbCksCisJCQlyLT5pbnRlcnZhbCk7CiAJCWJy ZWFrOwogCiAJY2FzZSBJQ0FMX1dFRUtMWV9SRUNVUlJFTkNFOgpAQCAtNzgyLDI5ICs3ODMsMzYg QEAgd3JpdGVfcmVjdXJyZW5jZV9waWVjZSAoRUl0aXBDb250cm9sICppdAogICAgICAgICAgICAg ICAgICAgICAgICAgIEV2ZXJ5ICVkIHdlZWsvd2Vla3MiICovCQkJCiAJCQkvKiBGb3IgVHJhbnNs YXRvcnMgOiAnRXZlcnkgd2VlaycgaXMgZXZlbnQgUmVjdXJyaW5nIGV2ZXJ5IHdlZWsgKi8KIAkJ CS8qIEZvciBUcmFuc2xhdG9ycyA6ICdFdmVyeSAlZCB3ZWVrcycgaXMgZXZlbnQgUmVjdXJyaW5n IGV2ZXJ5ICVkIHdlZWtzLiAlZCBpcyBhIGRpZ2l0ICovCi0JCQlzcHJpbnRmIChidWZmZXIsIG5n ZXR0ZXh0KCJFdmVyeSB3ZWVrIiwgIkV2ZXJ5ICVkIHdlZWtzIiwgci0+aW50ZXJ2YWwpLCByLT5p bnRlcnZhbCk7CisJCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRmICgKKwkJCQlidWZmZXIsIG5nZXR0 ZXh0ICgiRXZlcnkgd2VlayIsCisJCQkJIkV2ZXJ5ICVkIHdlZWtzIiwgci0+aW50ZXJ2YWwpLAor CQkJCXItPmludGVydmFsKTsKIAkJfSBlbHNlIHsKIAkJCS8qIEZvciBUcmFuc2xhdG9ycyA6ICdF dmVyeSB3ZWVrIG9uJyBpcyBldmVudCBSZWN1cnJpbmcgZXZlcnkgd2VlayBvbiAoZGF5bmFtZSkg YW5kIChkYXluYW1lKSBhbmQgKGRheW5hbWUpICovCiAJCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAn RXZlcnkgJWQgd2Vla3Mgb24nIGlzIGV2ZW50IFJlY3VycmluZzogZXZlcnkgJWQgd2Vla3Mgb24g KGRheW5hbWUpIGFuZCAoZGF5bmFtZSkuICVkIGlzIGEgZGlnaXQgKi8KLQkJCXNwcmludGYgKGJ1 ZmZlciwgbmdldHRleHQoIkV2ZXJ5IHdlZWsgb24gIiwgIkV2ZXJ5ICVkIHdlZWtzIG9uICIsIHIt PmludGVydmFsKSwgci0+aW50ZXJ2YWwpOworCQkJZ19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJ CQkJYnVmZmVyLCBuZ2V0dGV4dCAoIkV2ZXJ5IHdlZWsgb24gIiwKKwkJCQkiRXZlcnkgJWQgd2Vl a3Mgb24gIiwgci0+aW50ZXJ2YWwpLAorCQkJCXItPmludGVydmFsKTsKIAogCQkJZm9yIChpID0g MTsgaSA8IDggJiYgci0+YnlfZGF5W2ldICE9IElDQUxfUkVDVVJSRU5DRV9BUlJBWV9NQVg7IGkr KykgewogCQkJCWlmIChpID4gMSkKLQkJCQkJc3RyY2F0IChidWZmZXIsICIsICIpOwotCQkJCXN0 cmNhdCAoYnVmZmVyLCBnZXRfZGF5bmFtZSAociwgaSAtIDEpKTsKKwkJCQkJZ19zdHJpbmdfYXBw ZW5kX2xlbiAoYnVmZmVyLCAiLCAiLCAyKTsKKwkJCQlnX3N0cmluZ19hcHBlbmQgKGJ1ZmZlciwg Z2V0X2RheW5hbWUgKHIsIGkgLSAxKSk7CiAJCQl9CiAJCQlpZiAoaSA+IDEpCiAJCQkJLyogRm9y IFRyYW5zbGF0b3JzIDogJ2FuZCcgaXMgcGFydCBvZiB0aGUgc2VudGVuY2UgJ2V2ZW50IHJlY3Vy cmluZyBldmVyeSB3ZWVrIG9uIChkYXluYW1lKSBhbmQgKGRheW5hbWUpJyAqLwotCQkJCXN0cmNh dCAoYnVmZmVyLCBfKCIgYW5kICIpKTsKLQkJCXN0cmNhdCAoYnVmZmVyLCBnZXRfZGF5bmFtZSAo ciwgaSAtIDEpKTsKKwkJCQlnX3N0cmluZ19hcHBlbmRfcHJpbnRmIChidWZmZXIsICIlcyIsIF8o IiBhbmQgIikpOworCQkJZ19zdHJpbmdfYXBwZW5kIChidWZmZXIsIGdldF9kYXluYW1lIChyLCBp IC0gMSkpOwogCQl9CiAJCWJyZWFrOwogCiAJY2FzZSBJQ0FMX01PTlRITFlfUkVDVVJSRU5DRToK IAkJaWYgKHItPmJ5X21vbnRoX2RheVswXSAhPSBJQ0FMX1JFQ1VSUkVOQ0VfQVJSQVlfTUFYKSB7 CiAJCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnVGhlICVzIGRheSBvZicgaXMgcGFydCBvZiB0aGUg c2VudGVuY2UgJ2V2ZW50IHJlY3VycmluZyBvbiB0aGUgKG50aCkgZGF5IG9mIGV2ZXJ5IG1vbnRo LicgKi8KLQkJCXNwcmludGYgKGJ1ZmZlciwgXygiVGhlICVzIGRheSBvZiAiKSwKLQkJCQkgbnRo IChyLT5ieV9tb250aF9kYXlbMF0pKTsKKwkJCWdfc3RyaW5nX2FwcGVuZF9wcmludGYgKAorCQkJ CWJ1ZmZlciwgXygiVGhlICVzIGRheSBvZiAiKSwKKwkJCQludGggKHItPmJ5X21vbnRoX2RheVsw XSkpOwogCQl9IGVsc2UgewogCQkJaW50IHBvczsKIApAQCAtODE4LDIwICs4MjYsMjEgQEAgd3Jp dGVfcmVjdXJyZW5jZV9waWVjZSAoRUl0aXBDb250cm9sICppdAogCiAJCQkvKiBGb3IgVHJhbnNs YXRvcnMgOiAnVGhlICVzICVzIG9mJyBpcyBwYXJ0IG9mIHRoZSBzZW50ZW5jZSAnZXZlbnQgcmVj dXJyaW5nIG9uIHRoZSAobnRoKSAoZGF5bmFtZSkgb2YgZXZlcnkgbW9udGguJwogCQkJICAgZWcs dGhpcmQgbW9uZGF5IG9mIGV2ZXJ5IG1vbnRoICovCi0JCQlzcHJpbnRmIChidWZmZXIsIF8oIlRo ZSAlcyAlcyBvZiAiKSwKLQkJCQkgbnRoIChwb3MpLCBnZXRfZGF5bmFtZSAociwgMCkpOworCQkJ Z19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJCQkJYnVmZmVyLCBfKCJUaGUgJXMgJXMgb2YgIiks CisJCQkJbnRoIChwb3MpLCBnZXRfZGF5bmFtZSAociwgMCkpOwogCQl9CiAKLQkJbGVuID0gc3Ry bGVuIChidWZmZXIpOwotCQlidWZmZXIgKz0gbGVuOwotCQlzaXplIC09IGxlbjsKICAgICAgICAg ICAgICAgLyogRm9yIFRyYW5zbGF0b3JzOiBJbiB0aGlzIGNhbiBhbHNvIGJlIHRyYW5zbGF0ZWQg YXMgIldpdGggdGhlIHBlcmlvZCBvZiAlZAogICAgICAgICAgICAgICAgICBtb250aC9tb250aHMi LCB3aGVyZSAlZCBpcyBhIG51bWJlci4gVGhlIGVudGlyZSBzZW50ZW5jZSBpcyBvZiB0aGUgZm9y bSAiUmVjdXJyaW5nOgogICAgICAgICAgICAgICAgICBFdmVyeSAlZCBtb250aC9tb250aHMiICov CQkKIAkJLyogRm9yIFRyYW5zbGF0b3JzIDogJ2V2ZXJ5IG1vbnRoJyBpcyBwYXJ0IG9mIHRoZSBz ZW50ZW5jZSAnZXZlbnQgcmVjdXJyaW5nIG9uIHRoZSAobnRoKSBkYXkgb2YgZXZlcnkgbW9udGgu JyAqLwogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnZXZlcnkgJWQgbW9udGhzJyBpcyBwYXJ0IG9m IHRoZSBzZW50ZW5jZSAnZXZlbnQgcmVjdXJyaW5nIG9uIHRoZSAobnRoKSBkYXkgb2YgZXZlcnkg JWQgbW9udGhzLicKIAkJICVkIGlzIGEgZGlnaXQgKi8KLQkJc3ByaW50ZiAoYnVmZmVyLCBuZ2V0 dGV4dCgiZXZlcnkgbW9udGgiLCJldmVyeSAlZCBtb250aHMiLCByLT5pbnRlcnZhbCksIHItPmlu dGVydmFsKTsKKwkJZ19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJCQlidWZmZXIsIG5nZXR0ZXh0 ICgiZXZlcnkgbW9udGgiLAorCQkJImV2ZXJ5ICVkIG1vbnRocyIsIHItPmludGVydmFsKSwKKwkJ CXItPmludGVydmFsKTsKIAkJYnJlYWs7CiAKIAljYXNlIElDQUxfWUVBUkxZX1JFQ1VSUkVOQ0U6 CkBAIC04NDAsMjAgKzg0OSwyMiBAQCB3cml0ZV9yZWN1cnJlbmNlX3BpZWNlIChFSXRpcENvbnRy b2wgKml0CiAgICAgICAgICAgICAgICAgIEV2ZXJ5ICVkIHllYXIveWVhcnMiICovCQkKIAkJLyog Rm9yIFRyYW5zbGF0b3JzIDogJ0V2ZXJ5IHllYXInIGlzIGV2ZW50IFJlY3VycmluZyBldmVyeSB5 ZWFyICovCiAJCS8qIEZvciBUcmFuc2xhdG9ycyA6ICdFdmVyeSAlZCB5ZWFycycgaXMgZXZlbnQg UmVjdXJyaW5nIGV2ZXJ5ICVkIHllYXJzLiAlZCBpcyBhIGRpZ2l0ICovCi0JCXNwcmludGYgKGJ1 ZmZlciwgbmdldHRleHQoIkV2ZXJ5IHllYXIiLCAiRXZlcnkgJWQgeWVhcnMiLCByLT5pbnRlcnZh bCksIHItPmludGVydmFsKTsKKwkJZ19zdHJpbmdfYXBwZW5kX3ByaW50ZiAoCisJCQlidWZmZXIs IG5nZXR0ZXh0ICgiRXZlcnkgeWVhciIsCisJCQkiRXZlcnkgJWQgeWVhcnMiLCByLT5pbnRlcnZh bCksCisJCQlyLT5pbnRlcnZhbCk7CiAJCWJyZWFrOwogCiAJZGVmYXVsdDoKIAkJZ19yZXR1cm5f aWZfcmVhY2hlZCAoKTsKIAl9CiAKLQlsZW4gPSBzdHJsZW4gKGJ1ZmZlcik7Ci0JYnVmZmVyICs9 IGxlbjsKLQlzaXplIC09IGxlbjsKIAlpZiAoci0+Y291bnQpIHsKIAkgICAgICAvKiBGb3IgVHJh bnNsYXRvcnM6J2EgdG90YWwgb2YgJWQgdGltZScgaXMgcGFydCBvZiB0aGUgc2VudGVuY2Ugb2Yg dGhlIGZvcm0gJ2V2ZW50IHJlY3VycmluZyBldmVyeSBkYXksYSB0b3RhbCBvZiAlIHRpbWUuJyAl ZCBpcyBhIGRpZ2l0Ki8KIAkgICAgICAvKiBGb3IgVHJhbnNsYXRvcnM6J2EgdG90YWwgb2YgJWQg dGltZXMnIGlzIHBhcnQgb2YgdGhlIHNlbnRlbmNlIG9mIHRoZSBmb3JtICdldmVudCByZWN1cnJp bmcgZXZlcnkgZGF5LGEgdG90YWwgb2YgJSB0aW1lcy4nICVkIGlzIGEgZGlnaXQqLwotCQlzcHJp bnRmIChidWZmZXIsIG5nZXR0ZXh0KCJhIHRvdGFsIG9mICVkIHRpbWUiLCAiIGEgdG90YWwgb2Yg JWQgdGltZXMiLCByLT5jb3VudCksIHItPmNvdW50KTsKKwkJZ19zdHJpbmdfYXBwZW5kX3ByaW50 ZiAoCisJCQlidWZmZXIsIG5nZXR0ZXh0ICgiYSB0b3RhbCBvZiAlZCB0aW1lIiwKKwkJCSIgYSB0 b3RhbCBvZiAlZCB0aW1lcyIsIHItPmNvdW50KSwgci0+Y291bnQpOwogCX0gZWxzZSBpZiAoIWlj YWx0aW1lX2lzX251bGxfdGltZSAoci0+dW50aWwpKSB7CiAJCUVDYWxDb21wb25lbnREYXRlVGlt ZSBkdDsKIApAQCAtODYxLDEyICs4NzIsMTIgQEAgd3JpdGVfcmVjdXJyZW5jZV9waWVjZSAoRUl0 aXBDb250cm9sICppdAogCQlkdC52YWx1ZSA9ICZyLT51bnRpbDsKIAkJZHQudHppZCA9IGljYWx0 aW1lem9uZV9nZXRfdHppZCAoKGljYWx0aW1lem9uZSAqKXItPnVudGlsLnpvbmUpOwogCi0JCXdy aXRlX2xhYmVsX3BpZWNlIChpdGlwLCAmZHQsIGJ1ZmZlciwgc2l6ZSwKKwkJd3JpdGVfbGFiZWxf cGllY2UgKGl0aXAsICZkdCwgYnVmZmVyLCAKIAkJCQkgICAvKiBGb3IgVHJhbnNsYXRvcnMgOiAn LCBlbmRpbmcgb24nIGlzIHBhcnQgb2YgdGhlIHNlbnRlbmNlIG9mIHRoZSBmb3JtICdldmVudCBy ZWN1cnJpbmcgZXZlcnkgZGF5LCBlbmRpbmcgb24gKGRhdGUpLicqLwogCQkJCSAgIF8oIiwgZW5k aW5nIG9uICIpLCBOVUxMLCBUUlVFKTsKIAl9CiAKLQlzdHJjYXQgKGJ1ZmZlciwgIjxicj4iKTsK KwlnX3N0cmluZ19hcHBlbmRfbGVuIChidWZmZXIsICI8YnI+IiwgNCk7CiB9CiAKIHN0YXRpYyB2 b2lkCkBAIC04NzQsNDcgKzg4NSw1MSBAQCBzZXRfZGF0ZV9sYWJlbCAoRUl0aXBDb250cm9sICpp dGlwLCBHdGtICiAJCUVDYWxDb21wb25lbnQgKmNvbXApCiB7CiAJRUNhbENvbXBvbmVudERhdGVU aW1lIGRhdGV0aW1lOwotCXN0YXRpYyBjaGFyIGJ1ZmZlclsxMDI0XTsKKwlHU3RyaW5nICpidWZm ZXI7CiAJZ2NoYXIgKnN0cjsKIAlnYm9vbGVhbiB3cm90ZSA9IEZBTFNFLCB0YXNrX2NvbXBsZXRl ZCA9IEZBTFNFOwogCUVDYWxDb21wb25lbnRWVHlwZSB0eXBlOwogCisJYnVmZmVyID0gZ19zdHJp bmdfc2l6ZWRfbmV3ICgxMDI0KTsKIAl0eXBlID0gZV9jYWxfY29tcG9uZW50X2dldF92dHlwZSAo Y29tcCk7CiAKLQlidWZmZXJbMF0gPSAnXDAnOwogCWVfY2FsX2NvbXBvbmVudF9nZXRfZHRzdGFy dCAoY29tcCwgJmRhdGV0aW1lKTsKIAlpZiAoZGF0ZXRpbWUudmFsdWUpIHsKIAkJLyogRm9yIFRy YW5zbGF0b3JzIDogJ3N0YXJ0cycgaXMgc3RhcnRzOmRhdGUgaW1wbHlpbmcgYSB0YXNrIHN0YXJ0 cyBvbiB3aGF0IGRhdGUgKi8KIAkJc3RyID0gZ19zdHJkdXBfcHJpbnRmICgiPGI+JXM6PC9iPiIs IF8oIlN0YXJ0cyIpKTsKLQkJd3JpdGVfbGFiZWxfcGllY2UgKGl0aXAsICZkYXRldGltZSwgYnVm ZmVyLCAxMDI0LAotCQkJCSAgc3RyLAotCQkJCSAgICI8YnI+IiwgRkFMU0UpOwotCQlndGtfaHRt bF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0sIGJ1ZmZlciwgc3RybGVuKGJ1ZmZlcikpOworCQl3 cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmRhdGV0aW1lLCBidWZmZXIsIHN0ciwgIjxicj4iLCBG QUxTRSk7CisJCWd0a19odG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLT5zdHIs IGJ1ZmZlci0+bGVuKTsKIAkJd3JvdGUgPSBUUlVFOwogCQlnX2ZyZWUgKHN0cik7CiAJfQogCWVf Y2FsX2NvbXBvbmVudF9mcmVlX2RhdGV0aW1lICgmZGF0ZXRpbWUpOwogCi0JYnVmZmVyWzBdID0g J1wwJzsKKwkvKiBSZXNldCB0aGUgYnVmZmVyLiAqLworCWdfc3RyaW5nX3RydW5jYXRlIChidWZm ZXIsIDApOworCiAJZV9jYWxfY29tcG9uZW50X2dldF9kdGVuZCAoY29tcCwgJmRhdGV0aW1lKTsK IAlpZiAoZGF0ZXRpbWUudmFsdWUpewogCQkvKiBGb3IgVHJhbnNsYXRvcnMgOiAnZW5kcycgaXMg ZW5kczpkYXRlIGltcGx5aW5nIGEgdGFzayBlbmRzIG9uIHdoYXQgZGF0ZSAqLwogCQlzdHIgPSBn X3N0cmR1cF9wcmludGYgKCI8Yj4lczo8L2I+IiwgXygiRW5kcyIpKTsKLQkJd3JpdGVfbGFiZWxf cGllY2UgKGl0aXAsICZkYXRldGltZSwgYnVmZmVyLCAxMDI0LCBzdHIsICI8YnI+IiwgRkFMU0Up OwotCQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0sIGJ1ZmZlciwgc3RybGVuIChi dWZmZXIpKTsKKwkJd3JpdGVfbGFiZWxfcGllY2UgKGl0aXAsICZkYXRldGltZSwgYnVmZmVyLCBz dHIsICI8YnI+IiwgRkFMU0UpOworCQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0s IGJ1ZmZlci0+c3RyLCBidWZmZXItPmxlbik7CiAJCXdyb3RlID0gVFJVRTsKIAkJZ19mcmVlIChz dHIpOwogCX0KIAllX2NhbF9jb21wb25lbnRfZnJlZV9kYXRldGltZSAoJmRhdGV0aW1lKTsKIAot CWJ1ZmZlclswXSA9ICdcMCc7CisJLyogUmVzZXQgdGhlIGJ1ZmZlci4gKi8KKwlnX3N0cmluZ190 cnVuY2F0ZSAoYnVmZmVyLCAwKTsKKwogCWlmIChlX2NhbF9jb21wb25lbnRfaGFzX3JlY3VycmVu Y2VzIChjb21wKSkgewotCQl3cml0ZV9yZWN1cnJlbmNlX3BpZWNlIChpdGlwLCBjb21wLCBidWZm ZXIsIDEwMjQpOwotCQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0sIGJ1ZmZlciwg c3RybGVuIChidWZmZXIpKTsKKwkJd3JpdGVfcmVjdXJyZW5jZV9waWVjZSAoaXRpcCwgY29tcCwg YnVmZmVyKTsKKwkJZ3RrX2h0bWxfd3JpdGUgKGh0bWwsIGh0bWxfc3RyZWFtLCBidWZmZXItPnN0 ciwgYnVmZmVyLT5sZW4pOwogCQl3cm90ZSA9IFRSVUU7CiAJfQogCi0JYnVmZmVyWzBdID0gJ1ww JzsKKwkvKiBSZXNldCB0aGUgYnVmZmVyLiAqLworCWdfc3RyaW5nX3RydW5jYXRlIChidWZmZXIs IDApOworCiAJZGF0ZXRpbWUudHppZCA9IE5VTEw7CiAJZV9jYWxfY29tcG9uZW50X2dldF9jb21w bGV0ZWQgKGNvbXAsICZkYXRldGltZS52YWx1ZSk7CiAJaWYgKHR5cGUgPT0gRV9DQUxfQ09NUE9O RU5UX1RPRE8gJiYgZGF0ZXRpbWUudmFsdWUpIHsKQEAgLTkyMiwyMCArOTM3LDIyIEBAIHNldF9k YXRlX2xhYmVsIChFSXRpcENvbnRyb2wgKml0aXAsIEd0a0gKIAkJICAgdGltZXpvbmUuICovCiAJ CXN0ciA9IGdfc3RyZHVwX3ByaW50ZiAoIjxiPiVzOjwvYj4iLCBfKCJDb21wbGV0ZWQiKSk7CiAJ CWRhdGV0aW1lLnZhbHVlLT5pc191dGMgPSBUUlVFOwotCQl3cml0ZV9sYWJlbF9waWVjZSAoaXRp cCwgJmRhdGV0aW1lLCBidWZmZXIsIDEwMjQsIHN0ciwgIjxicj4iLCBGQUxTRSk7Ci0JCWd0a19o dG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLCBzdHJsZW4gKGJ1ZmZlcikpOwor CQl3cml0ZV9sYWJlbF9waWVjZSAoaXRpcCwgJmRhdGV0aW1lLCBidWZmZXIsIHN0ciwgIjxicj4i LCBGQUxTRSk7CisJCWd0a19odG1sX3dyaXRlIChodG1sLCBodG1sX3N0cmVhbSwgYnVmZmVyLT5z dHIsIGJ1ZmZlci0+bGVuKTsKIAkJd3JvdGUgPSBUUlVFOwogCQl0YXNrX2NvbXBsZXRlZCA9IFRS VUU7CiAJCWdfZnJlZSAoc3RyKTsKIAl9CiAJZV9jYWxfY29tcG9uZW50X2ZyZWVfZGF0ZXRpbWUg KCZkYXRldGltZSk7CiAKLQlidWZmZXJbMF0gPSAnXDAnOworCS8qIFJlc2V0IHRoZSBidWZmZXIu ICovCisJZ19zdHJpbmdfdHJ1bmNhdGUgKGJ1ZmZlciwgMCk7CisKIAllX2NhbF9jb21wb25lbnRf Z2V0X2R1ZSAoY29tcCwgJmRhdGV0aW1lKTsKIAlpZiAodHlwZSA9PSBFX0NBTF9DT01QT05FTlRf VE9ETyAmJiAhdGFza19jb21wbGV0ZWQgJiYgZGF0ZXRpbWUudmFsdWUpIHsKIAkJc3RyID0gZ19z dHJkdXBfcHJpbnRmICgiPGI+JXM6PC9iPiIsIF8oIkR1ZSIpKTsKLQkJd3JpdGVfbGFiZWxfcGll Y2UgKGl0aXAsICZkYXRldGltZSwgYnVmZmVyLCAxMDI0LCBzdHIsICI8YnI+IiwgRkFMU0UpOwot CQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0sIGJ1ZmZlciwgc3RybGVuIChidWZm ZXIpKTsKKwkJd3JpdGVfbGFiZWxfcGllY2UgKGl0aXAsICZkYXRldGltZSwgYnVmZmVyLCBzdHIs ICI8YnI+IiwgRkFMU0UpOworCQlndGtfaHRtbF93cml0ZSAoaHRtbCwgaHRtbF9zdHJlYW0sIGJ1 ZmZlci0+c3RyLCBidWZmZXItPmxlbik7CiAJCXdyb3RlID0gVFJVRTsKIAkJZ19mcmVlIChzdHIp OwogCX0KQEAgLTk0NCw2ICs5NjEsOCBAQCBzZXRfZGF0ZV9sYWJlbCAoRUl0aXBDb250cm9sICpp dGlwLCBHdGtICiAKIAlpZiAod3JvdGUpCiAJCWd0a19odG1sX3N0cmVhbV9wcmludGYgKGh0bWxf c3RyZWFtLCAiPGJyPiIpOworCisJZ19zdHJpbmdfZnJlZSAoYnVmZmVyLCBUUlVFKTsKIH0KIAog c3RhdGljIHZvaWQK 154929 2008-05-31 11:04 0000 evolution-2.12.3-CVE-2008-1109.patch evolution-2.12.3-CVE-2008-1109.patch text/plain SW5kZXg6IGNhbGVuZGFyL2d1aS9pdGlwLXV0aWxzLmMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY2FsZW5kYXIv Z3VpL2l0aXAtdXRpbHMuYy5vcmlnCisrKyBjYWxlbmRhci9ndWkvaXRpcC11dGlscy5jCkBAIC0x NzYsNTAgKzE3NiwxNiBAQCBnZXRfYXR0ZW5kZWVfaWZfYXR0ZW5kZWVfc2VudGJ5X2lzX3VzZXIg CiB9CiAKIHN0YXRpYyBjaGFyICoKLWh0bWxfbmV3X2xpbmVzX2ZvciAoY2hhciAqc3RyaW5nKQor aHRtbF9uZXdfbGluZXNfZm9yIChjb25zdCBjaGFyICpzdHJpbmcpCiB7Ci0JY2hhciAqaHRtbF9z dHJpbmcgPSAoY2hhciAqKSBtYWxsb2MgKHNpemVvZiAoY2hhcikqICgzNTAwKSk7Ci0JaW50IGxl bmd0aCA9IHN0cmxlbiAoc3RyaW5nKTsKLQlpbnQgaW5kZXggPSAwOwotCWNoYXIgKmluZGV4X3B0 ciA9IHN0cmluZzsKLQljaGFyICp0ZW1wID0gc3RyaW5nOworCWdjaGFyICoqbGluZXM7CisJZ2No YXIgKmpvaW5lZDsKIAotCS8qRmluZCB0aGUgZmlyc3Qgb2NjdXJlbmNlKi8KLQlpbmRleF9wdHIg PSBzdHJzdHIgKChjb25zdCBjaGFyICopdGVtcCwgIlxuIik7CisJbGluZXMgPSBnX3N0cnNwbGl0 X3NldCAoc3RyaW5nLCAiXG4iLCAtMSk7CisJam9pbmVkID0gZ19zdHJqb2ludiAoIjxicj4iLCBs aW5lcyk7CisJZ19zdHJmcmVldiAobGluZXMpOwogCi0JLypEb2Vzbid0IG9jY3VyKi8KLQlpZiAo aW5kZXhfcHRyID09IE5VTEwpIHsKLQkJc3RyY3B5IChodG1sX3N0cmluZywgKGNvbnN0IGNoYXIg KilzdHJpbmcpOwotCQlodG1sX3N0cmluZ1tsZW5ndGhdID0gJ1wwJzsKLQkJcmV0dXJuIGh0bWxf c3RyaW5nOwotCX0KLQotCS8qU3BsaXQgaW50byBjaHVua3MgaW5zZXJ0aW5nIDxicj4gZm9yIFxu ICovCi0JZG97Ci0JCXdoaWxlICh0ZW1wICE9IGluZGV4X3B0cil7Ci0JCQlodG1sX3N0cmluZ1tp bmRleCsrXSA9ICp0ZW1wOwotCQkJdGVtcCsrOwotCQl9Ci0JCXRlbXArKzsgCi0JCQotCQlodG1s X3N0cmluZ1tpbmRleCsrXSA9ICc8JzsKLQkJaHRtbF9zdHJpbmdbaW5kZXgrK10gPSAnYic7Ci0J CWh0bWxfc3RyaW5nW2luZGV4KytdID0gJ3InOwotCQlodG1sX3N0cmluZ1tpbmRleCsrXSA9ICc+ JzsKLQotCQlpbmRleF9wdHIgPSBzdHJzdHIgKChjb25zdCBjaGFyICopdGVtcCwgIlxuIik7Ci0K LQl9IHdoaWxlIChpbmRleF9wdHIpOwotCi0JLypEb24ndCBsZWF2ZSBvdXQgdGhlIGxhc3QgY2h1 bmsqLwotCXdoaWxlICgqdGVtcCAhPSAnXDAnKXsKLQkJaHRtbF9zdHJpbmdbaW5kZXgrK10gPSAq dGVtcDsKLQkJdGVtcCsrOwotCX0KLQkJCi0JaHRtbF9zdHJpbmdbaW5kZXhdID0gJ1wwJzsKLQkJ Ci0JcmV0dXJuIGh0bWxfc3RyaW5nOworCXJldHVybiBqb2luZWQ7CiB9CiAKIGNoYXIgKgo= 154995 2008-05-31 20:40 0000 evolution-2.12.3.patch evolution-2.12.3.patch text/plain LS0tIGV2b2x1dGlvbi0yLjEyLjMtcjEuZWJ1aWxkCTIwMDgtMDQtMDMgMjM6NDc6MTMuMDAwMDAw MDAwICswMjAwCisrKyBldm9sdXRpb24tMi4xMi4zLXIyLmVidWlsZAkyMDA4LTA1LTMxIDIyOjMy OjI0LjAwMDAwMDAwMCArMDIwMApAQCAtMTE3LDYgKzExNywxMCBAQAogCSMgRml4IENWRS0yMDA4 LTAwNzIKIAllcGF0Y2ggIiR7RklMRVNESVJ9Ii8ke1BOfS1DVkUtMjAwOC0wMDcyLnBhdGNoCiAK KwkjIEZpeCBzZWN1cml0eSBpc3N1ZXMsIGJ1ZyAjMjIzOTYzCisJZXBhdGNoICIke0ZJTEVTRElS fS8ke1B9LUNWRS0yMDA4LTExMDgucGF0Y2giCisJZXBhdGNoICIke0ZJTEVTRElSfS8ke1B9LUNW RS0yMDA4LTExMDkucGF0Y2giCisKIAkjIEZpeCBidWlsZCB3aXRoIGxpYnNvdXAtMi40IHByZXNl bnQgb24gc3lzdGVtCiAJZXBhdGNoICIke0ZJTEVTRElSfSIvJHtQfS1uby1saWJzb3VwMjQucGF0 Y2gKIAo= 154999 2008-05-31 20:42 0000 evolution-2.22.2.patch evolution-2.22.2.patch text/plain LS0tIGV2b2x1dGlvbi0yLjIyLjIuZWJ1aWxkCTIwMDgtMDUtMjcgMDA6NDU6NTkuMDAwMDAwMDAw ICswMjAwCisrKyBldm9sdXRpb24tMi4yMi4yLXIxLmVidWlsZAkyMDA4LTA1LTMxIDIyOjI3OjI5 LjAwMDAwMDAwMCArMDIwMApAQCAtMTA2LDYgKzEwNiwxMCBAQAogCiAJIyBGaXggdGltZXpvbmUg b2Zmc2V0cyBvbiBmYnNkLiAgYnVnICMxODM3MDgKIAllcGF0Y2ggIiR7RklMRVNESVJ9Ii8ke1BO fS0yLjIxLjMtZmJzZC5wYXRjaAorCisJIyBGaXggc2VjdXJpdHkgaXNzdWVzLCBidWcgIzIyMzk2 MworCWVwYXRjaCAiJHtGSUxFU0RJUn0vJHtQfS1DVkUtMjAwOC0xMTA4LnBhdGNoIgorCWVwYXRj aCAiJHtGSUxFU0RJUn0vJHtQfS1DVkUtMjAwOC0xMTA5LnBhdGNoIgogfQogCiBzcmNfY29tcGls ZSgpIHsK