245960 CVE-2008-4225 2008-11-07 13:26 0000 dev-libs/libxml2 <2.7.2-r1 Integer overflow/infinite loop (CVE-2008-4225, CVE-2008-4226) 2008-12-02 17:46:50 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED A2 [glsa] P2 normal --- 1 rbu@gentoo.org security@gentoo.org gnome@gentoo.org m68k@gentoo.org s390@gentoo.org sh@gentoo.org rbu@gentoo.org 2008-11-07 13:26:19 0000 ** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** Drew Yao of Apple Product Security reported two issues in libxml CVE-2008-4225: A maliciously crafted xml file could cause the application to go into an infinite loop, leading to a denial of service. It requires a very large xml file to trigger the bug, but it's very common to parse compressed xml files, and the file compresses well. CVE-2008-4226: A maliciously crafted xml file could cause an integer overflow leading to memory corruption and potential arbitrary code execution. It requires a very large xml file to trigger the bug, but it's very common to parse compressed xml files, and the file compresses well. rbu@gentoo.org 2008-11-07 13:33:53 0000 Created an attachment (id=170985) libxml2-CVE-2008-4225.patch Patches are provided by Drew Yao and not approved by upstream yet rbu@gentoo.org 2008-11-07 13:34:06 0000 Created an attachment (id=170987) libxml2-CVE-2008-4226.patch leio@gentoo.org 2008-11-08 18:14:11 0000 Waiting a bit then for upstream response on the patches before providing a preebuild. Please let us know if there is any response on that, or feel free to remind us for a preebuild 4-7 days before confidential end date leio@gentoo.org 2008-11-08 18:15:41 0000 And sample compressed XML files would be nice for testing. Attached or sent via e-mail, as appropriate rbu@gentoo.org 2008-11-08 20:53:19 0000 Mart, I'll mail it to you. leio@gentoo.org 2008-11-17 04:12:55 0000 Created an attachment (id=172041) Straight-forward preebuild The first patch is a no-go for me, as even my standard amd64 system doesn't have SIZE_T_MAX available: SAX2.c:2459: error: 'SIZE_T_MAX' undeclared (first use in this function) Nevertheless here's the obvious ebuild that patches those two patches in, so it can be seen it fails... Note that I intend to rename the patches to include the version number (${P} instead of ${PN}) in the version that goes into portage tree once the bugs are disclosed and there's working patches, but don't think I should hassle the arch teams with renaming the patches as saved off of the attachments here for that. The end result will have comment in the ebuild stating what they do as well, once a good description is available from publicly viewable CVE records. Any updates, especially for the platform compatibility, from vendor-sec? Though it shouldn't be hard to fix it ourselves too to compile, but... rbu@gentoo.org 2008-11-17 18:18:42 0000 This is now public, Daniel Veillard provided more portable patches (which he probably applied upstream). rbu@gentoo.org 2008-11-17 18:19:18 0000 Created an attachment (id=172099) libxml2-2.7.2-CVE-2008-4225.patch rbu@gentoo.org 2008-11-17 18:19:37 0000 Created an attachment (id=172101) libxml2-2.7.2-CVE-2008-4226.patch leio@gentoo.org 2008-11-18 01:27:05 0000 libxml2-2.7.2-r1 is in the tree with the patch that was committed upstream, which is the both combined, plus some extra safeguards for possible future found problems in parser.c (if I read that right). Target keywords for dev-libs/libxml2-2.7.2-r1 - everyone: alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparch x86 fmccor@gentoo.org 2008-11-18 13:38:15 0000 Sparc stable, all tests run successfully. jer@gentoo.org 2008-11-18 15:04:16 0000 Stable for HPPA. dertobi123@gentoo.org 2008-11-18 17:47:03 0000 ppc stable maekke@gentoo.org 2008-11-19 22:23:43 0000 amd64/x86 stable armin76@gentoo.org 2008-11-20 10:12:29 0000 alpha/arm/ia64 stable ranger@gentoo.org 2008-11-24 17:01:35 0000 ppc64 done rbu@gentoo.org 2008-12-02 17:46:50 0000 GLSA 200812-06 170985 2008-11-07 13:33 0000 libxml2-CVE-2008-4225.patch libxml2-CVE-2008-4225.patch text/plain LS0tIFNBWDIuYy5vcmlnCTIwMDgtMTAtMzEgMTM6NTc6MzIuMDAwMDAwMDAwIC0wNzAwCisrKyBT QVgyLmMJMjAwOC0xMC0zMSAxOTowNjoyNi4wMDAwMDAwMDAgLTA3MDAKQEAgLTExLDYgKzExLDcg QEAKICNpbmNsdWRlICJsaWJ4bWwuaCIKICNpbmNsdWRlIDxzdGRsaWIuaD4KICNpbmNsdWRlIDxz dHJpbmcuaD4KKyNpbmNsdWRlIDxsaW1pdHMuaD4KICNpbmNsdWRlIDxsaWJ4bWwveG1sbWVtb3J5 Lmg+CiAjaW5jbHVkZSA8bGlieG1sL3RyZWUuaD4KICNpbmNsdWRlIDxsaWJ4bWwvcGFyc2VyLmg+ CkBAIC0yNDU1LDkgKzI0NTYsMTQgQEAKIAkgICAgICAgICAgICAgICAoeG1sRGljdE93bnMoY3R4 dC0+ZGljdCwgbGFzdENoaWxkLT5jb250ZW50KSkpIHsKIAkJbGFzdENoaWxkLT5jb250ZW50ID0g eG1sU3RyZHVwKGxhc3RDaGlsZC0+Y29udGVudCk7CiAJICAgIH0KKwkgICAgaWYgKChzaXplX3Qp Y3R4dC0+bm9kZWxlbiA+IFNJWkVfVF9NQVggLSAoc2l6ZV90KWxlbiB8fCAKKwkgICAgICAgIChz aXplX3QpY3R4dC0+bm9kZW1lbSArIChzaXplX3QpbGVuID4gU0laRV9UX01BWCAvIDIpIHsKKwkg ICAgICAgICAgICB4bWxTQVgyRXJyTWVtb3J5KGN0eHQsICJ4bWxTQVgyQ2hhcmFjdGVycyBvdmVy ZmxvdyBwcmV2ZW50ZWQiKTsKKwkgICAgICAgICAgICByZXR1cm47CisJICAgIH0KIAkgICAgaWYg KGN0eHQtPm5vZGVsZW4gKyBsZW4gPj0gY3R4dC0+bm9kZW1lbSkgewogCQl4bWxDaGFyICpuZXdi dWY7Ci0JCWludCBzaXplOworCQlzaXplX3Qgc2l6ZTsKIAogCQlzaXplID0gY3R4dC0+bm9kZW1l bSArIGxlbjsKIAkJc2l6ZSAqPSAyOwo= 170987 2008-11-07 13:34 0000 libxml2-CVE-2008-4226.patch libxml2-CVE-2008-4226.patch text/plain LS0tIHRyZWUuYy5vcmlnCTIwMDgtMTAtMzEgMTg6MTQ6MDAuMDAwMDAwMDAwIC0wNzAwCisrKyB0 cmVlLmMJMjAwOC0xMC0zMSAxODoxNDozNS4wMDAwMDAwMDAgLTA3MDAKQEAgLTE0LDcgKzE0LDcg QEAKICNpbmNsdWRlICJsaWJ4bWwuaCIKIAogI2luY2x1ZGUgPHN0cmluZy5oPiAvKiBmb3IgbWVt c2V0KCkgb25seSAhICovCi0KKyNpbmNsdWRlIDxsaW1pdHMuaD4KICNpZmRlZiBIQVZFX0NUWVBF X0gKICNpbmNsdWRlIDxjdHlwZS5oPgogI2VuZGlmCkBAIC02OTk2LDcgKzY5OTYsMTMgQEAKIAlj YXNlIFhNTF9CVUZGRVJfQUxMT0NfRE9VQkxFSVQ6CiAJICAgIC8qdGFrZSBjYXJlIG9mIGVtcHR5 IGNhc2UqLwogCSAgICBuZXdTaXplID0gKGJ1Zi0+c2l6ZSA/IGJ1Zi0+c2l6ZSoyIDogc2l6ZSAr IDEwKTsKLQkgICAgd2hpbGUgKHNpemUgPiBuZXdTaXplKSBuZXdTaXplICo9IDI7CisJICAgIHdo aWxlIChzaXplID4gbmV3U2l6ZSkgeworCSAgICAgICAgaWYgKG5ld1NpemUgPiBVSU5UX01BWCAv IDIpIHsKKwkgICAgICAgICAgICB4bWxUcmVlRXJyTWVtb3J5KCJncm93aW5nIGJ1ZmZlciIpOwor CSAgICAgICAgICAgIHJldHVybiAwOworCSAgICAgICAgfQorCSAgICAgICAgbmV3U2l6ZSAqPSAy OworCSAgICB9CiAJICAgIGJyZWFrOwogCWNhc2UgWE1MX0JVRkZFUl9BTExPQ19FWEFDVDoKIAkg ICAgbmV3U2l6ZSA9IHNpemUrMTA7Cg== 172041 2008-11-17 04:12 0000 Straight-forward preebuild libxml2-2.7.2-r1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA4IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2Rldi1saWJzL2xpYnhtbDIvbGlieG1sMi0yLjcu Mi5lYnVpbGQsdiAxLjggMjAwOC8xMS8wOSAxMjoxNTo0MCB2YXBpZXIgRXhwICQKCmluaGVyaXQg bGlidG9vbCBmbGFnLW8tbWF0aWMgZXV0aWxzCgpERVNDUklQVElPTj0iVmVyc2lvbiAyIG9mIHRo ZSBsaWJyYXJ5IHRvIG1hbmlwdWxhdGUgWE1MIGZpbGVzIgpIT01FUEFHRT0iaHR0cDovL3d3dy54 bWxzb2Z0Lm9yZy8iCgpMSUNFTlNFPSJNSVQiClNMT1Q9IjIiCktFWVdPUkRTPSJhbHBoYSBhbWQ2 NCBhcm0gaHBwYSBpYTY0IG02OGsgfm1pcHMgcHBjIHBwYzY0IHMzOTAgc2ggc3BhcmMgfnNwYXJj LWZic2QgeDg2IH54ODYtZmJzZCIKSVVTRT0iYm9vdHN0cmFwIGJ1aWxkIGRlYnVnIGRvYyBleGFt cGxlcyBpcHY2IHB5dGhvbiByZWFkbGluZSB0ZXN0IgoKWFNUU19IT01FPSJodHRwOi8vd3d3Lncz Lm9yZy9YTUwvMjAwNC94bWwtc2NoZW1hLXRlc3Qtc3VpdGUiClhTVFNfTkFNRV8xPSJ4bWxzY2hl bWEyMDAyLTAxLTE2IgpYU1RTX05BTUVfMj0ieG1sc2NoZW1hMjAwNC0wMS0xNCIKWFNUU19UQVJC QUxMXzE9InhzdHMtMjAwMi0wMS0xNi50YXIuZ3oiClhTVFNfVEFSQkFMTF8yPSJ4c3RzLTIwMDQt MDEtMTQudGFyLmd6IgoKU1JDX1VSST0iZnRwOi8veG1sc29mdC5vcmcvJHtQTn0vJHtQfS50YXIu Z3oKCXRlc3Q/ICgKCQkke1hTVFNfSE9NRX0vJHtYU1RTX05BTUVfMX0vJHtYU1RTX1RBUkJBTExf MX0KCQkke1hTVFNfSE9NRX0vJHtYU1RTX05BTUVfMn0vJHtYU1RTX1RBUkJBTExfMn0gKSIKClJE RVBFTkQ9InN5cy1saWJzL3psaWIKCXB5dGhvbj8gICAoIGRldi1sYW5nL3B5dGhvbiApCglyZWFk bGluZT8gKCBzeXMtbGlicy9yZWFkbGluZSApIgoKREVQRU5EPSIke1JERVBFTkR9CglocHBhPyAo ID49c3lzLWRldmVsL2JpbnV0aWxzLTIuMTUuOTIuMC4yICkiCgpzcmNfdW5wYWNrKCkgewoJdW5w YWNrICR7UH0udGFyLmd6CgljZCAiJHtTfSIKCgllcGF0Y2ggIiR7RklMRVNESVJ9LyR7UE59LUNW RS0yMDA4LTQyMjUucGF0Y2giCgllcGF0Y2ggIiR7RklMRVNESVJ9LyR7UE59LUNWRS0yMDA4LTQy MjYucGF0Y2giCgoJaWYgdXNlIHRlc3Q7IHRoZW4KCQljcCAiJHtESVNURElSfS8ke1hTVFNfVEFS QkFMTF8xfSIgXAoJCQkiJHtESVNURElSfS8ke1hTVFNfVEFSQkFMTF8yfSIgXAoJCQkiJHtTfSIv eHN0Yy8gXAoJCQl8fCBkaWUgIkZhaWxlZCB0byBpbnN0YWxsIHRlc3QgdGFyYmFsbHMiCglmaQoK CWVwdW50X2N4eAp9CgpzcmNfY29tcGlsZSgpIHsKCSMgVVNFIHpsaWIgc3VwcG9ydCBicmVha3Mg Z25vbWUyCgkjIChsaWJnbm9tZXByaW50IGZvciBpbnN0YW5jZSBmYWlscyB0byBjb21waWxlIHdp dGgKCSMgZnJlc2ggaW5zdGFsbCwgYW5kIGV4aXN0aW5nKSAtIDxhemFyYWhAZ2VudG9vLm9yZz4g KDIyIERlYyAyMDAyKS4KCgkjIFRoZSBtZWFuaW5nIG9mIHRoZSAnZGVidWcnIFVTRSBmbGFnIGRv ZXMgbm90IGFwcGx5IHRvIHRoZSAtLXdpdGgtZGVidWcKCSMgc3dpdGNoIChlbmFibGluZyB0aGUg bGlieG1sMiBkZWJ1ZyBtb2R1bGUpLiBTZWUgYnVnICMxMDA4OTguCgoJIyAtLXdpdGgtbWVtLWRl YnVnIGNhdXNlcyB1bnVzdWFsIHNlZ21lbnRhdGlvbiBmYXVsdHMgKGJ1ZyAjMTA1MTIwKS4KCgls b2NhbCBteWNvbmY9Ii0td2l0aC16bGliIFwKCQkkKHVzZV93aXRoIGRlYnVnIHJ1bi1kZWJ1Zykg IFwKCQkkKHVzZV93aXRoIHB5dGhvbikgICAgICAgICAgIFwKCQkkKHVzZV93aXRoIHJlYWRsaW5l KSAgICAgICAgIFwKCQkkKHVzZV93aXRoIHJlYWRsaW5lIGhpc3RvcnkpIFwKCQkkKHVzZV9lbmFi bGUgaXB2NikiCgoJIyBQbGVhc2UgZG8gbm90IHJlbW92ZSwgYXMgZWxzZSB3ZSBnZXQgcmVmZXJl bmNlcyB0byBQT1JUQUdFX1RNUERJUgoJIyBpbiAvdXNyL2xpYi9weXRob24/Lj8vc2l0ZS1wYWNr YWdlcy9saWJ4bWwybW9kLmxhIGFtb25nIHRoaW5ncy4KCWVsaWJ0b29saXplCgoJIyBmaWx0ZXIg c2VlbWluZ2x5IHByb2JsZW1hdGljIENGTEFHUyAoIzI2MzIwKQoJZmlsdGVyLWZsYWdzIC1mcHJl ZmV0Y2gtbG9vcC1hcnJheXMgLWZ1bnJvbGwtbG9vcHMKCgllY29uZiAkbXljb25mIHx8IGRpZSAi Q29uZmlndXJhdGlvbiBmYWlsZWQiCgoJIyBQYXRjaGluZyB0aGUgTWFrZWZpbGVzIHRvIHJlc3Bl Y3QgZ2V0X2xpYmRpcgoJIyBGaXhlcyBCVUcgIzg2NzY2LCBwbGVhc2Uga2VlcCB0aGlzLgoJIyBE YW5ueSB2YW4gRHlrIDxrdWdlbGZhbmdAZ2VudG9vLm9yZz4gMjAwNS8wMy8yNgoJZm9yIHggaW4g JChmaW5kICIke1N9IiAtbmFtZSAiTWFrZWZpbGUiKSA7IGRvCgkJc2VkIFwKCQkJLWUgInN8Xlwo UFlUSE9OX1NJVEVfUEFDS0FHRVNcID1cIFwvdXNyXC9cKS4qXChcL3B5dGhvbi4qXCl8XDEkKGdl dF9saWJkaXIpXDJ8ZyIgXAoJCQktaSAke3h9IFwKCQkJfHwgZGllICJzZWQgZmFpbGVkIgoJZG9u ZQoKCWVtYWtlIHx8IGRpZSAiQ29tcGlsYXRpb24gZmFpbGVkIgp9CgpzcmNfaW5zdGFsbCgpIHsK CWVtYWtlIERFU1RESVI9IiR7RH0iIGluc3RhbGwgfHwgZGllICJJbnN0YWxsYXRpb24gZmFpbGVk IgoKCWRvZG9jIEFVVEhPUlMgQ2hhbmdlTG9nIENvcHlyaWdodCBORVdTIFJFQURNRSogVE9ETyoK CglpZiAhIHVzZSBkb2M7IHRoZW4KCQlybSAtcmYgIiR7RH0iL3Vzci9zaGFyZS9ndGstZG9jCgkJ cm0gLXJmICIke0R9Ii91c3Ivc2hhcmUvZG9jLyR7UH0vaHRtbAoJZmkKCglpZiAhIHVzZSBleGFt cGxlczsgdGhlbgoJCXJtIC1yZiAiJHtEfS91c3Ivc2hhcmUvZG9jLyR7UH0vZXhhbXBsZXMiCgkJ cm0gLXJmICIke0R9L3Vzci9zaGFyZS9kb2MvJHtQTn0tcHl0aG9uLSR7UFZ9L2V4YW1wbGVzIgoJ ZmkKfQoKcGtnX3Bvc3RpbnN0KCkgewoJIyBXZSBkb24ndCB3YW50IHRvIGRvIHRoZSB4bWxjYXRh bG9nIGR1cmluZyBzdGFnZTEsIGFzIHhtbGNhdGFsb2cgd2lsbCBub3QKCSMgYmUgaW4gLyBhbmQg c3RhZ2UxIGJ1aWxkcyB0byBST09UPS90bXAvc3RhZ2Uxcm9vdC4gVGhpcyBmaXhlcyBidWcgIzIw ODg4Ny4KCWlmIFtbICIke1JPT1R9IiAhPSAiLyIgXV0KCXRoZW4KCQllbG9nICJTa2lwcGluZyBY TUwgY2F0YWxvZyBjcmVhdGlvbiBmb3Igc3RhZ2UgYnVpbGRpbmcgKGJ1ZyAjMjA4ODg3KS4iCgll bHNlCgkJIyBuZWVkIGFuIFhNTCBjYXRhbG9nLCBzbyBuby1vbmUgd3JpdGVzIHRvIGEgbm9uLWV4 aXN0ZW50IG9uZQoJCUNBVEFMT0c9IiR7Uk9PVH1ldGMveG1sL2NhdGFsb2ciCgoJCSMgd2UgZG9u dCB3YW50IHRvIGNsb2JiZXIgYW4gZXhpc3RpbmcgY2F0YWxvZyB0aG91Z2gsCgkJIyBvbmx5IGVu c3VyZSB0aGF0IG9uZSBpcyB0aGVyZQoJCSMgPG9iekBnZW50b28ub3JnPgoJCWlmIFsgISAtZSAk e0NBVEFMT0d9IF07IHRoZW4KCQkJWyAtZCAiJHtST09UfWV0Yy94bWwiIF0gfHwgbWtkaXIgLXAg IiR7Uk9PVH1ldGMveG1sIgoJCQkvdXNyL2Jpbi94bWxjYXRhbG9nIC0tY3JlYXRlID4gJHtDQVRB TE9HfQoJCQllaW5mbyAiQ3JlYXRlZCBYTUwgY2F0YWxvZyBpbiAke0NBVEFMT0d9IgoJCWZpCglm aQp9Cg== 172099 2008-11-17 18:19 0000 libxml2-2.7.2-CVE-2008-4225.patch libxml2-2.7.2-CVE-2008-4225.patch text/plain SW5kZXg6IGxpYnhtbDItMi43LjIvdHJlZS5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGxpYnhtbDItMi43LjIu b3JpZy90cmVlLmMKKysrIGxpYnhtbDItMi43LjIvdHJlZS5jCkBAIC0xNCw3ICsxNCw3IEBACiAj aW5jbHVkZSAibGlieG1sLmgiCiAKICNpbmNsdWRlIDxzdHJpbmcuaD4gLyogZm9yIG1lbXNldCgp IG9ubHkgISAqLwotCisjaW5jbHVkZSA8bGltaXRzLmg+CiAjaWZkZWYgSEFWRV9DVFlQRV9ICiAj aW5jbHVkZSA8Y3R5cGUuaD4KICNlbmRpZgpAQCAtNjk5Niw3ICs2OTk2LDEzIEBAIHhtbEJ1ZmZl clJlc2l6ZSh4bWxCdWZmZXJQdHIgYnVmLCB1bnNpZ24KIAljYXNlIFhNTF9CVUZGRVJfQUxMT0Nf RE9VQkxFSVQ6CiAJICAgIC8qdGFrZSBjYXJlIG9mIGVtcHR5IGNhc2UqLwogCSAgICBuZXdTaXpl ID0gKGJ1Zi0+c2l6ZSA/IGJ1Zi0+c2l6ZSoyIDogc2l6ZSArIDEwKTsKLQkgICAgd2hpbGUgKHNp emUgPiBuZXdTaXplKSBuZXdTaXplICo9IDI7CisJICAgIHdoaWxlIChzaXplID4gbmV3U2l6ZSkg eworCSAgICAgICAgaWYgKG5ld1NpemUgPiBVSU5UX01BWCAvIDIpIHsKKwkgICAgICAgICAgICB4 bWxUcmVlRXJyTWVtb3J5KCJncm93aW5nIGJ1ZmZlciIpOworCSAgICAgICAgICAgIHJldHVybiAw OworCSAgICAgICAgfQorCSAgICAgICAgbmV3U2l6ZSAqPSAyOworCSAgICB9CiAJICAgIGJyZWFr OwogCWNhc2UgWE1MX0JVRkZFUl9BTExPQ19FWEFDVDoKIAkgICAgbmV3U2l6ZSA9IHNpemUrMTA7 Cg== 172101 2008-11-17 18:19 0000 libxml2-2.7.2-CVE-2008-4226.patch libxml2-2.7.2-CVE-2008-4226.patch text/plain SW5kZXg6IGxpYnhtbDItMi43LjIvU0FYMi5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGxpYnhtbDItMi43LjIu b3JpZy9TQVgyLmMKKysrIGxpYnhtbDItMi43LjIvU0FYMi5jCkBAIC0xMSw2ICsxMSw3IEBACiAj aW5jbHVkZSAibGlieG1sLmgiCiAjaW5jbHVkZSA8c3RkbGliLmg+CiAjaW5jbHVkZSA8c3RyaW5n Lmg+CisjaW5jbHVkZSA8bGltaXRzLmg+CiAjaW5jbHVkZSA8bGlieG1sL3htbG1lbW9yeS5oPgog I2luY2x1ZGUgPGxpYnhtbC90cmVlLmg+CiAjaW5jbHVkZSA8bGlieG1sL3BhcnNlci5oPgpAQCAt MjYsNiArMjcsMTEgQEAKICNpbmNsdWRlIDxsaWJ4bWwvSFRNTHRyZWUuaD4KICNpbmNsdWRlIDxs aWJ4bWwvZ2xvYmFscy5oPgogCisvKiBEZWZpbmUgU0laRV9UX01BWCB1bmxlc3MgZGVmaW5lZCB0 aHJvdWdoIDxsaW1pdHMuaD4uICovCisjaWZuZGVmIFNJWkVfVF9NQVgKKyMgZGVmaW5lIFNJWkVf VF9NQVggICAgICgoc2l6ZV90KS0xKQorI2VuZGlmIC8qICFTSVpFX1RfTUFYICovCisKIC8qICNk ZWZpbmUgREVCVUdfU0FYMiAqLwogLyogI2RlZmluZSBERUJVR19TQVgyX1RSRUUgKi8KIApAQCAt MjQ1NSw5ICsyNDYxLDE0IEBAIHhtbFNBWDJDaGFyYWN0ZXJzKHZvaWQgKmN0eCwgY29uc3QgeG1s Q2gKIAkgICAgICAgICAgICAgICAoeG1sRGljdE93bnMoY3R4dC0+ZGljdCwgbGFzdENoaWxkLT5j b250ZW50KSkpIHsKIAkJbGFzdENoaWxkLT5jb250ZW50ID0geG1sU3RyZHVwKGxhc3RDaGlsZC0+ Y29udGVudCk7CiAJICAgIH0KKwkgICAgaWYgKChzaXplX3QpY3R4dC0+bm9kZWxlbiA+IFNJWkVf VF9NQVggLSAoc2l6ZV90KWxlbiB8fAorCSAgICAgICAgKHNpemVfdCljdHh0LT5ub2RlbWVtICsg KHNpemVfdClsZW4gPiBTSVpFX1RfTUFYIC8gMikgeworCSAgICAgICAgICAgIHhtbFNBWDJFcnJN ZW1vcnkoY3R4dCwgInhtbFNBWDJDaGFyYWN0ZXJzIG92ZXJmbG93IHByZXZlbnRlZCIpOworCSAg ICAgICAgICAgIHJldHVybjsKKwkgICAgfQogCSAgICBpZiAoY3R4dC0+bm9kZWxlbiArIGxlbiA+ PSBjdHh0LT5ub2RlbWVtKSB7CiAJCXhtbENoYXIgKm5ld2J1ZjsKLQkJaW50IHNpemU7CisJCXNp emVfdCBzaXplOwogCiAJCXNpemUgPSBjdHh0LT5ub2RlbWVtICsgbGVuOwogCQlzaXplICo9IDI7 Cg==