120343 2006-01-25 14:11 0000 dev-db/firebird-1.5.3 deals with security issue 2007-05-20 16:08:07 0000 1 1 1 Unclassified Gentoo Security Default Configs unspecified All Linux RESOLVED FIXED B3 [noglsa] DerCorny P2 normal --- 144224 1 carlo@gentoo.org security@gentoo.org sekretarz@gentoo.org carlo@gentoo.org 2006-01-25 14:11:22 0000 (1.5.3) Closed an Endemic Security Hole Alex Peshkoff Previously, a user could log into a server on a Unix/Linux host remotely, using a Linux UID and pass- word accepted on that host. It was recognised as a security hole and fixed in Firebird 2 development. It is an endemic security bug in previous versions and InterBase. The security fix has been back-por- ted to Firebird 1.5.3: a UID received from the client side is now not trusted. dercorny@gentoo.org 2006-01-25 14:16:44 0000 please provide fixed ebuilds, thanks andy@benow.ca 2006-01-26 12:22:35 0000 Created an attachment (id=78207) firebird 1.5.3 ebuild andy@benow.ca 2006-01-26 12:23:55 0000 (In reply to comment #2) > Created an attachment (id=78207) [edit] > firebird 1.5.3 ebuild > ebuild requires: cp files/firebird-1.5.2-build.patch files/firebird-1.5.3-build.patch sekretarz@gentoo.org 2006-01-29 13:24:09 0000 firebird-1.5.3 is now in portage dercorny@gentoo.org 2006-01-29 13:28:28 0000 arches, please give us your blessing, thx halcy0n@gentoo.org 2006-01-30 17:10:54 0000 x86 done durchanek@gmail.com 2006-01-31 03:26:02 0000 Someone taking care about Firebird again? Nice, thanks gustavoz@gentoo.org 2006-01-31 06:57:41 0000 sparc stable. dercorny@gentoo.org 2006-01-31 07:28:36 0000 ready for glsa vote, tend to a yes here. sekretarz@gentoo.org 2006-02-01 04:47:58 0000 i'm for yes jaervosz@gentoo.org 2006-02-01 13:16:35 0000 I vote NO as upstream doesn't even mention it in their 1.5.3 release blurb. Though you find this note if you dig deep enough: * Fixed unregistered security related bugs. 1) Server crashed when too long filename is provided 2) No longer trust UID received from the client side 3) isc_user_* functions worked wrongly under "superuser" account on win32 Contributor(s): Alex Peshkov <peshkoff at mail.ru> carlo@gentoo.org 2006-02-01 15:30:46 0000 Looking at their 2.0 roadmap carlo@gentoo.org 2006-02-01 15:30:46 0000 Looking at their 2.0 roadmapĀ¹ it sounds like there are more security relevant issues with the 1.5.x code. The exact wording is " Weak security and many known vulnerabilities". [1] http://firebird.sourceforge.net/devel/engine/roadmap2006.html jaervosz@gentoo.org 2006-02-01 22:50:48 0000 I suggest we mask it until we have a fixed version then. jaervosz@gentoo.org 2006-02-06 12:27:13 0000 Security please comment. dercorny@gentoo.org 2006-02-08 10:53:39 0000 yes, masking seems like a good idea. carlo@gentoo.org 2006-02-08 11:35:19 0000 (In reply to comment #15) > yes, masking seems like a good idea. > That would implicate quite some other packages to mask or remove Firebird support from the relevant ebuilds. Given that Firebird is not that widely used and if, then more likely in a restircted environment, I'd say a post install warning should do it. Especially since we do not have specific information. jaervosz@gentoo.org 2006-02-08 22:12:19 0000 Please provide an appropriate post install message. carlo@gentoo.org 2006-02-09 13:20:14 0000 (In reply to comment #17) > Please provide an appropriate post install message. > Sune, that was just my opinion, weighing the implications of possible malicious sql code or whatever may cause problems against some unwanted extra work. A possible message would be "The developers of Firebird attest their 1.5.x code base weak security, so please take this into account when using this database." It's of course Karol's and the security herds voices that count. :) sekretarz@gentoo.org 2006-02-17 04:25:47 0000 I'm for information. Masking it would impact many users, because firebird is widely used. It's not a good idea to mask it, really. dercorny@gentoo.org 2006-02-23 08:03:52 0000 Ok, if masking is no good idea then I'd say make a big fat warning, something one simply *has* to see while emerging so we can get rid of this bug. We might send an informational glsa too, but no clue about our usual methods in such cases. jaervosz@gentoo.org 2006-03-18 06:26:03 0000 After some reconsideration I'm not too much in favour of post-install message. If it really has these problems it ought to be masked according to policy. Perhaps we should poke upstream about more details? carlo@gentoo.org 2006-03-19 05:34:44 0000 Packages affected by masking would be: dev-db/hk_classes dev-db/jxtray dev-db/libdbi-drivers dev-java/jdbc2-firebird dev-java/jdbc3-firebird dev-libs/ibpp dev-php5/pecl-pdo-firebird dev-python/kinterbasdb dev-python/orm dev-python/sqlobject dev-ruby/ruby-dbi gnome-extra/libgda x11-libs/qt x11-libs/qt-embedded agriffis@gentoo.org 2006-03-23 07:30:29 0000 firebird and ia64 don't presently mix at all, so I've marked them all -ia64, and ia64 is no longer affected by this bug vorlon@gentoo.org 2006-12-13 03:39:08 0000 been a little silent here... So what do we do with this one now... current stable version in the tree is 1.5.3-r1. Firebird 2.0 has officially been published last month it seems. Suggestions? frilled@gentoo.org 2006-12-13 04:08:35 0000 Wrong track, firebird's a database ^_^ vorlon@gentoo.org 2006-12-13 04:25:17 0000 i know ;-) Even though one could confuse the versions with thunderbird et al., firebird has similar versions (s. http://www.firebirdsql.org/) vorlon@gentoo.org 2007-01-17 20:09:55 0000 long time no comments here It seems the only reason for this bug to be open is comment #13 right? So do we want a notice in the ebuild or do we ignore the statement in the roadmap or are there any open publically known security issues open? carlo@gentoo.org 2007-05-09 16:19:08 0000 I've committed 1.5.4 plus some debian patches including a fix for a remotely triggerable crash. It starts, but didn't test really. There're more bugs than this one, though and Karol is completely inactive. Need to find a new maintainer (definitely not me) or have to go the unpleasing way to remove it as dependency from other packages and finally Firebird itself, I suppose. jaervosz@gentoo.org 2007-05-10 06:00:27 0000 @carlo, thx for the response, I've mailed -dev for assistance. Arches please test and mark stable. gustavoz@gentoo.org 2007-05-11 13:50:08 0000 firebird is USE.masked on sparc, and there's also bug #177916, recommendations? armin76@gentoo.org 2007-05-11 16:03:36 0000 wfm...x86 stable jaervosz@gentoo.org 2007-05-14 17:56:21 0000 Let's wait and see wether the sparc sandbox issues are solved before taking GLSA decision. wltjr@gentoo.org 2007-05-15 02:56:38 0000 Access violations have been resolved. I would like to remove all versions < 1.5.4-r2. Requesting all archs stabilize that version, firebird-1.5.4-r2. amd64 arch: Firebird was previously stable on that arch then was moved back to ~arch due to some questionable recommendations from upstream. Which are resolved in 1.5.4. Thus requesting rush stabilization even though it's not been 30 days in ~arch. fauli@gentoo.org 2007-05-15 06:27:26 0000 x86/amd64 stable carlo@gentoo.org 2007-05-15 10:34:13 0000 Eh, sorry for commiting an ebuild with access violations. :( No idea, why it didn't hit me. fmccor@gentoo.org 2007-05-15 11:55:32 0000 firebird-1.5.4-r2 stable on sparc. jaervosz@gentoo.org 2007-05-15 12:06:06 0000 This one is ready for GLSA decision. I tend to vote NO. aetius@gentoo.org 2007-05-19 13:01:20 0000 I'll vote no, unless someone has a better issue than this one that got fixed. shellsage@gentoo.org 2007-05-20 15:36:51 0000 I definitely vote no. jaervosz@gentoo.org 2007-05-20 16:08:07 0000 Let's kill this one off. Closing with NO GLSA. 78207 2006-01-26 12:22 0000 firebird 1.5.3 ebuild firebird-1.5.3.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2Rldi1kYi9maXJlYmlyZC9maXJlYmlyZC0xLjUu Mi5lYnVpbGQsdiAxLjcgMjAwNi8wMS8yNCAyMjoxMDo0NCBzZWtyZXRhcnogRXhwICQKCmluaGVy aXQgZmxhZy1vLW1hdGljIGV1dGlscwoKZXh0cmFfdmVyPSI0ODcwIgpERVNDUklQVElPTj0iQSBy ZWxhdGlvbmFsIGRhdGFiYXNlIG9mZmVyaW5nIG1hbnkgQU5TSSBTUUwtOTkgZmVhdHVyZXMiCkhP TUVQQUdFPSJodHRwOi8vZmlyZWJpcmQuc291cmNlZm9yZ2UubmV0LyIKU1JDX1VSST0ibWlycm9y Oi8vc291cmNlZm9yZ2UvZmlyZWJpcmQvJHtQfS4ke2V4dHJhX3Zlcn0udGFyLmJ6MiIKCkxJQ0VO U0U9IkludGVyYmFzZS0xLjAiClNMT1Q9IjAiCktFWVdPUkRTPSJ+YW1kNjQgfmlhNjQgfnNwYXJj IH54ODYiCklVU0U9ImluZXRkIgpSRVNUUklDVD0ibm91c2VycHJpdiIKCkRFUEVORD0idmlydHVh bC9saWJjCglpbmV0ZD8gKCB2aXJ0dWFsL2luZXRkICkiCgpTPSR7V09SS0RJUn0vJHtQfS4ke2V4 dHJhX3Zlcn0KCnBrZ19zZXR1cCgpIHsKCWVuZXdncm91cCBmaXJlYmlyZCA0NTAKCWVuZXd1c2Vy IGZpcmViaXJkIDQ1MCAvYmluL2Jhc2ggL29wdC9maXJlYmlyZCBmaXJlYmlyZAp9CgpzcmNfdW5w YWNrKCkgewoJdW5wYWNrICR7QX0KCWNkICR7U30KCgllcGF0Y2ggJHtGSUxFU0RJUn0vJHtQfS1i dWlsZC5wYXRjaAp9CgpzcmNfY29tcGlsZSgpIHsKCSMgZml4IGJ1ZyAjMzM1ODQKCSNzdHJpcC1m bGFncyAtZnVucm9sbC1sb29wcwoJIyBidXQgTWVpciBpbnRlbmRlZCAiZmlsdGVyLWZsYWdzIC1m dW5yb2xsLWxvb3BzIjsgYXdhaXRpbmcgYnVnIHJlcG9ydHMuLi4KCglmaWx0ZXItZmxhZ3MgLWZw cmVmZXRjaC1sb29wLWFycmF5cwoJZmlsdGVyLW1mcG1hdGggc3NlCgoJbG9jYWwgbXljb25mPSIt LXByZWZpeD0vb3B0L2ZpcmViaXJkIC0td2l0aC1lZGl0bGluZSIKCXVzZSBpbmV0ZCB8fCBteWNv bmY9IiR7bXljb25mfSAtLWVuYWJsZS1zdXBlcnNlcnZlciIKCglOT0NPTkZJR1VSRT0xCgkuL2F1 dG9nZW4uc2ggJHtteWNvbmZ9IHx8IGRpZSAiY291bGRuJ3QgcnVuIGF1dG9nZW4uc2giCglmaW5k IC4gLXR5cGUgZiAtZXhlYyBzZWQgLWkgLWUgInMvLWxjdXJzZXMvLWxuY3Vyc2VzL2ciIHt9IFw7 CgllY29uZiAke215Y29uZn0gfHwgZGllICIuL2NvbmZpZ3VyZSBmYWlsZWQiCgllbWFrZSAtaiAx IHx8IGRpZSAiZXJyb3IgZHVyaW5nIG1ha2UiCn0KCnNyY19pbnN0YWxsKCkgewoJY2QgJHtTfS9n ZW4KCW1ha2UgLWYgTWFrZWZpbGUuaW5zdGFsbCB0YXJmaWxlIHx8IGRpZSAiQ2FuJ3QgY3JlYXRl IGJ1aWxkcm9vdCB0YXIgZmlsZSIKCWNkICR7RH0KCXRhciB6eHBmICR7U30vZ2VuL0ZpcmViaXJk P1MtKi9idWlsZHJvb3QudGFyLmd6CgoJZG9kb2MgJHtEfS9vcHQvZmlyZWJpcmQve1JFQURNRSxX aGF0c05ldyxkb2MvKn0KCWRvY2ludG8gZXhhbXBsZXMKCWRvZG9jICR7RH0vb3B0L2ZpcmViaXJk L2V4YW1wbGVzLyoKCWRvY2ludG8gc3FsLmV4dGVuc2lvbnMKCWRvZG9jICR7RH0vb3B0L2ZpcmVi aXJkL2RvYy9zcWwuZXh0ZW5zaW9ucy8qCgoJcm0gLXIgJHtEfS9vcHQvZmlyZWJpcmQve1JFQURN RSxXaGF0c05ldyxkb2MsbWlzY30KCXJtIC1yICR7RH0vb3B0L2ZpcmViaXJkL2V4YW1wbGVzCgoJ aWYgdXNlIGluZXRkIDsgdGhlbgoJCWluc2ludG8gL2V0Yy94aW5ldGQuZCA7IG5ld2lucyAke0ZJ TEVTRElSfS8ke1BOfS0xLjUuMC54aW5ldGQgZmlyZWJpcmQKCWVsc2UKCQlleGVpbnRvIC9ldGMv aW5pdC5kIDsgbmV3ZXhlICR7RklMRVNESVJ9LyR7UE59LmluaXQuZCBmaXJlYmlyZAoJCWluc2lu dG8gL2V0Yy9jb25mLmQgOyBuZXdpbnMgJHtGSUxFU0RJUn0vZmlyZWJpcmQuY29uZi5kIGZpcmVi aXJkCgkJZnBlcm1zIDY0MCAvZXRjL2NvbmYuZC9maXJlYmlyZAoJZmkKCWluc2ludG8gL2V0Yy9l bnYuZCA7IG5ld2lucyAke0ZJTEVTRElSfS83MCR7UE59IDcwZmlyZWJpcmQKCgkjIEZvbGxvd2lu ZyBpcyBhZGFwdGVkIGZyb20gcG9zdGluc3RhbGwuc2gKCgkjIG1ha2Ugc3VyZSBldmVyeXRoaW5n IGlzIG93bmVkIGJ5IGZpcmViaXJkCgljaG93biAtUiBmaXJlYmlyZDpmaXJlYmlyZCAke0R9L29w dC9maXJlYmlyZAoKCSMgbWFrZSBzdXJlIHBlcm1pc3Npb25zIGFyZSBzZXQKCWNobW9kIC1SIG89 ICR7RH0vb3B0L2ZpcmViaXJkCgoJIyBmaXggZGlyZWN0b3JpZXMKCWZpbmQgJHtEfS9vcHQvZmly ZWJpcmQgLXByaW50IC10eXBlIGQgfCB4YXJncyBjaG1vZCBvPXJ4CgoJIyBzZXQgcGVybWlzc2lv bnMgZm9yIC9iaW4KCWNkICR7RH0vb3B0L2ZpcmViaXJkL2JpbgoJY2htb2QgdWc9cngsbz0gKgoJ Y2htb2QgYT1yeCBpc3FsCgljaG1vZCBhPXJ4IHFsaQoKCXVzZSBpbmV0ZCAmJiBjaG1vZCB1Zz1y eHMsbz0gJHtEfS9vcHQvZmlyZWJpcmQvYmluL3tmYl9sb2NrX21ncixnZHNfZHJvcCxmYl9pbmV0 X3NlcnZlcn0KCWNobW9kIHU9cncsZ289ciAke0R9L29wdC9maXJlYmlyZC97YWxpYXNlcy5jb25m LGZpcmViaXJkLmNvbmZ9CgljaG1vZCB1Zz1ydyxvPSAke0R9L29wdC9maXJlYmlyZC97c2VjdXJp dHkuZmRiLGhlbHAvaGVscC5mZGJ9CgoJZm9yIGkgaW4gaW5jbHVkZSBsaWIgVURGIGludGw7IGRv IGNobW9kIGE9ciAke0R9L29wdC9maXJlYmlyZC8ke2l9Lyo7IGRvbmUKCWNobW9kIHVnPXJ4LG89 ICR7RH0vb3B0L2ZpcmViaXJkL3tpbnRsL2ZiaW50bCxVREYvZmJ1ZGYuc28sVURGL2liX3VkZi5z b30KCgkjIGNyZWF0ZSBsaW5rcyBmb3IgYmFjayBjb21wYXRpYmlsaXR5Cglkb3N5bSAvb3B0L2Zp cmViaXJkL2xpYi9saWJmYmNsaWVudC5zbyAvdXNyL2xpYi9saWJnZHMuc28KCWRvc3ltIC9vcHQv ZmlyZWJpcmQvbGliL2xpYmZiY2xpZW50LnNvIC91c3IvbGliL2xpYmdkcy5zby4wCglkb3N5bSAv b3B0L2ZpcmViaXJkL2xpYi9saWJmYmNsaWVudC5zbyAvb3B0L2ZpcmViaXJkL2xpYi9saWJnZHMu c28KCWRvc3ltIC9vcHQvZmlyZWJpcmQvbGliL2xpYmZiY2xpZW50LnNvIC9vcHQvZmlyZWJpcmQv bGliL2xpYmdkcy5zby4wCgoJIyBtb3ZlIGFuZCBsaW5rIGNvbmZpZyBmaWxlcyB0byAvZXRjL2Zp cmViaXJkIHNvIHRoZXknbGwgYmUgcHJvdGVjdGVkCglkb2RpciAvZXRjL2ZpcmViaXJkCgltdiAk e0R9L29wdC9maXJlYmlyZC97c2VjdXJpdHkuZmRiLGFsaWFzZXMuY29uZixmaXJlYmlyZC5jb25m fSAke0R9L2V0Yy9maXJlYmlyZAoJZG9zeW0gL2V0Yy9maXJlYmlyZC9zZWN1cml0eS5mZGIgL29w dC9maXJlYmlyZC9zZWN1cml0eS5mZGIKCWRvc3ltIC9ldGMvZmlyZWJpcmQvYWxpYXNlcy5jb25m IC9vcHQvZmlyZWJpcmQvYWxpYXNlcy5jb25mCglkb3N5bSAvZXRjL2ZpcmViaXJkL2ZpcmViaXJk LmNvbmYgL29wdC9maXJlYmlyZC9maXJlYmlyZC5jb25mCn0KCnBrZ19wb3N0aW5zdCgpIHsKCWVp bmZvCgllaW5mbyAiMS4gSWYgaGF2ZW4ndCBkb25lIHNvIGFscmVhZHksIHBsZWFzZSBydW46IgoJ ZWluZm8KCWVpbmZvICIgICBcImVtZXJnZSAtLWNvbmZpZyA9JHtQVn1cIiIKCWVpbmZvCgllaW5m byAiICAgdG8gY3JlYXRlIGxvY2tmaWxlcywgc2V0IHBlcm1pc3Npb25zIGFuZCBtb3JlIgoJZWlu Zm8KCWVpbmZvICIyLiBGaXJlYmlyZCBub3cgcnVucyB3aXRoIGl0J3Mgb3duIHVzZXIuIFBsZWFz ZSByZW1lbWJlciB0byIKCWVpbmZvICIgICBzZXQgcGVybWlzc2lvbnMgdG8gZmlyZWJpcmQ6Zmly ZWJpcmQgb24gZGF0YWJhc2VzIHlvdSAiCgllaW5mbyAiICAgYWxyZWFkeSBoYXZlIChpZiBhbnkp LiIKCWVpbmZvCgoJaWYgISB1c2UgaW5ldGQKCXRoZW4KCQllaW5mbyAiMy4gWW91J3ZlIGJ1aWx0 IHRoZSBzdGFuZCBhbG9uZSBkZWFtb24gdmVyc2lvbiwiCgkJZWluZm8gIiAgIFN1cGVyU2VydmVy LiBJZiB5b3Ugd2VyZSB1c2luZyBwcmUgMS41LjAgZWJ1aWxkcyIKCQllaW5mbyAiICAgeW91J3Jl IHByb2JhYmx5IGhhdmUgb25lIGluc3RhbGxlZCB2aWEgeGluZXRkLiBwbGVhc2UiCgkJZWluZm8g IiAgIHJlbWVtYmVyIHRvIGRpc2FibGUgaXQgKHVzdWFsbHkgaW4gL2V0Yy94aW5ldGQuZC9maXJl YmlyZCksIgoJCWVpbmZvICIgICBzaW5jZSB0aGUgY3VycmVudCBvbmUgaGFzIGl0J3Mgb3duIGlu aXQgc2NyaXB0IHVuZGVyIgoJCWVpbmZvICIgICAvZXRjL2luaXQuZCIKCWZpCn0KCnBrZ19jb25m aWcoKSB7CgljZCAvb3B0L2ZpcmViaXJkCgoJIyBDcmVhdGUgTG9jayBmaWxlcwoJZm9yIGkgaW4g aXNjX2luaXQxIGlzY19sb2NrMSBpc2NfZXZlbnQxCglkbwoJCUZpbGVOYW1lPSRpLmBob3N0bmFt ZWAKCQl0b3VjaCAkRmlsZU5hbWUKCQljaG93biBmaXJlYmlyZDpmaXJlYmlyZCAkRmlsZU5hbWUK CQljaG1vZCB1Zz1ydyxvPSAkRmlsZU5hbWUKCWRvbmUKCgkjIENyZWF0ZSBsb2cKCWlmIFsgISAt aCBmaXJlYmlyZC5sb2cgXQoJdGhlbgoJCWlmIFsgLWYgZmlyZWJpcmQubG9nIF0KCQl0aGVuCgkJ CW12IGZpcmViaXJkLmxvZyAvdmFyL2xvZwoJCWVsc2UKCQkJdG91Y2ggL3Zhci9sb2cvZmlyZWJp cmQubG9nCgkJCWNob3duIGZpcmViaXJkOmZpcmViaXJkIC92YXIvbG9nL2ZpcmViaXJkLmxvZwoJ CQljaG1vZCB1Zz1ydyxvPSAvdmFyL2xvZy9maXJlYmlyZC5sb2cKCQlmaQoKCQkjIHN5bWxpbmsg dGhlIGxvZyB0byAvdmFyL2xvZwoJCWxuIC1zIC92YXIvbG9nL2ZpcmViaXJkLmxvZyBmaXJlYmly ZC5sb2cKCWZpCgoJIyBhZGQgZ2RzX2RiIHRvIC9ldGMvc2VydmljZXMKCWlmIFsgLXogImBncmVw IGdkc19kYiAgL2V0Yy9zZXJ2aWNlc2AiIF0KCXRoZW4KCQllY2hvIC1lICIjXG4jU2VydmljZSBh ZGRlZCBmb3IgZ2RzX2RiIChmaXJlYmlyZClcbiMiID4+IC9ldGMvc2VydmljZXMKCQllY2hvICJn ZHNfZGIJCTMwNTAvdGNwIiA+PiAvZXRjL3NlcnZpY2VzCgkJZWluZm8gImFkZGVkIGdkc19kYiB0 byAvZXRjL3NlcnZpY2VzIgoJZmkKCgkjIGlmIGZvdW5kIC9ldGMvaXNjNC5nZGIgZnJvbSBwcmV2 aW91cyBpbnN0YWxsLCBiYWNrdXAsIGFuZCByZXN0b3JlIGFzCgkjIC9ldGMvc2VjdXJpdHkuZmRi CglpZiBbIC1mIC9ldGMvZmlyZWJpcmQvaXNjNC5nZGIgXQoJdGhlbgoJCSMgaWYgd2UgaGF2ZSBz Y3VyaXR5LmZkYiBhbHJlYWR5LCBiYWNrIGl0IDFzdAoJCWlmIFsgLWYgL2V0Yy9maXJlYmlyZC9z ZWN1cml0eS5mZGIgXQoJCXRoZW4KCQkJY3AgL2V0Yy9maXJlYmlyZC9zZWN1cml0eS5mZGIgL2V0 Yy9maXJlYmlyZC9zZWN1cml0eS5mZGIub2xkCgkJZmkKCQlnYmFrIC1CIC9ldGMvZmlyZWJpcmQv aXNjNC5nZGIgL2V0Yy9maXJlYmlyZC9pc2M0LmdiawoJCWdiYWsgLVIgL2V0Yy9maXJlYmlyZC9p c2M0LmdiayAvZXRjL2ZpcmViaXJkL3NlY3VyaXR5LmZkYgoJCW12IC9ldGMvZmlyZWJpcmQvaXNj NC5nZGIgL2V0Yy9maXJlYmlyZC9pc2M0LmdkYi5vbGQKCQlybSAvZXRjL2ZpcmViaXJkL2lzYzQu Z2JrCgoJCSMgbWFrZSBzdXJlIHRoZXkgYXJlIHJlYWRhYmxlIG9ubHkgdG8gZmlyZWJpcmQKCQlj aG93biBmaXJlYmlyZDpmaXJlYmlyZCAvZXRjL2ZpcmViaXJkL3tpc2M0Liosc2VjdXJpdHkuKn0K CQljaG1vZCA2NjAgL2V0Yy9maXJlYmlyZC97aXNjNC4qLHNlY3VyaXR5Lip9CgoJCWVpbmZvCgkJ ZWluZm8gIkNvbnZlcnRlZCBvbGQgaXNjNC5nZGIgdG8gc2VjdXJpdHkuZmRiLCBpc2M0LmdkYiBo YXMgYmVlbiAiCgkJZWluZm8gInJlbmFtZWQgdG8gaXNjNC5nZGIub2xkLiBpZiB5b3UgaGFkIHBy ZXZpb3VzIHNlY3VyaXR5LmZkYiwgIgoJCWVpbmZvICJpdCdzIGJhY2tlZCB0byBzZWN1cml0eS5m ZGIub2xkIChhbGwgdW5kZXIgL2V0Yy9maXJlYmlyZCkuIgoJCWVpbmZvCglmaQoKCSMgd2UgbmVl ZCB0byBlbmFibGUgbG9jYWwgYWNjZXNzIHRvIHRoZSBzZXJ2ZXIKCWlmIFsgISAtZiAvZXRjL2hv c3RzLmVxdWl2IF0KCXRoZW4KCQl0b3VjaCAvZXRjL2hvc3RzLmVxdWl2CgkJY2hvd24gcm9vdDow IC9ldGMvaG9zdHMuZXF1aXYKCQljaG1vZCB1PXJ3LGdvPXIgL2V0Yy9ob3N0cy5lcXVpdgoJZmkK CglpZiBbIC16ICJgZ3JlcCAnbG9jYWxob3N0JCcgL2V0Yy9ob3N0cy5lcXVpdmAiIF0KCXRoZW4K CQllY2hvICJsb2NhbGhvc3QiID4+IC9ldGMvaG9zdHMuZXF1aXYKCQllaW5mbyAiQWRkZWQgbG9j YWxob3N0IHRvIC9ldGMvaG9zdHMuZXF1aXYiCglmaQoKCUhTX05BTUU9YGhvc3RuYW1lYAoJaWYg WyAteiAiYGdyZXAgJHtIU19OQU1FfSAvZXRjL2hvc3RzLmVxdWl2YCIgXQoJdGhlbgoJCWVjaG8g IiR7SFNfTkFNRX0iID4+IC9ldGMvaG9zdHMuZXF1aXYKCQllaW5mbyAiQWRkZWQgJHtIU19OQU1F fSB0byAvZXRjL2hvc3RzLmVxdWl2IgoJZmkKCgllaW5mbyAiSWYgeW91J3JlIHVzaW5nIFVERnMs IHBsZWFzZSByZW1lbWJlciB0byBtb3ZlIHRoZW0iCgllaW5mbyAidG8gL29wdC9maXJlYmlyZC9V REYiCn0K