136201 2006-06-09 08:16 0000 kde-base/kdebase KDM symlink vulnerability (CVE-2006-2449) 2007-05-31 10:55:58 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.kde.org/info/security/advisory-20060614-1.txt A3 [glsa] jaervosz P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org dertobi123@gentoo.org jlp.bugs@gmail.com kde@gentoo.org mips@gentoo.org tcort@gentoo.org tsunam@gentoo.org weeve@gentoo.org jaervosz@gentoo.org 2006-06-09 08:16:48 0000 KDE Security Advisory: KDM symlink attack vulnerability Original Release Date: 2006-06-15 URL: http://www.kde.org/info/security/advisory-20060615-1.txt 0. References CVE XXXXX-FIXME 1. Systems affected: KDM as shipped with KDE 3.2.0 up to including 3.5.3. KDE 3.1.x and older and newer versions than KDE 3.5.3 are not affected. 2. Overview: KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, KDM can be tricked into allowing the user to read file content that would otherwise be unreadable to this particular user. This vulnerability was discovered and reported by Ludwig Nussel. 3. Impact: KDM might allow a normal user to read the content of /etc/shadow or other files, which allows compromising the privacy of another user or even the security of the whole system. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: A patch for KDE 3.4.0 - KDE 3.5.3 is available from ftp://ftp.kde.org/pub/kde/security_patches : 9daecff07d57dabba35da247e752916a post-3.5.0-kdebase-kdm.diff A patch for KDE 3.3.x is available from ftp://ftp.kde.org/pub/kde/security_patches : f2e1424d97f2cd18674bef833274c5e3 post-3.3.0-kdebase-kdm.diff A patch for KDE 3.2.x is available from ftp://ftp.kde.org/pub/kde/security_patches : 8aa6b41cccca4216c6eb1cf705c2370a post-3.2.0-kdebase-kdm.diff jaervosz@gentoo.org 2006-06-09 08:17:29 0000 Created an attachment (id=88772) post-3.2.0-kdebase-kdm.diff jaervosz@gentoo.org 2006-06-09 08:17:51 0000 Created an attachment (id=88773) post-3.3.0-kdebase-kdm.diff jaervosz@gentoo.org 2006-06-09 08:18:11 0000 Created an attachment (id=88774) post-3.5.0-kdebase-kdm.diff jaervosz@gentoo.org 2006-06-09 08:22:07 0000 Carlo here it was, please provide updated ebuilds. <friendly reminder>Don't commit anything to Portage yet</friendly reminder> carlo@gentoo.org 2006-06-11 06:26:31 0000 Created an attachment (id=88902) kdm-3.5.2-r1.ebuild carlo@gentoo.org 2006-06-11 06:26:58 0000 Created an attachment (id=88903) kdm-3.4.3-r2.ebuild carlo@gentoo.org 2006-06-11 06:35:37 0000 O.k., these are the kdm ebuilds to be tested ( as much as this trivial patch needs to be tested). I'll commit the corresponding kdebase ebuilds directly to the tree in time. Please assure you have synced, since I did some changes to the kde eclasses with regards to patch handling. dercorny@gentoo.org 2006-06-11 06:41:17 0000 arches please test and report back if this is stable. as always: _don't_ commit to the tree! gustavoz@gentoo.org 2006-06-12 06:50:35 0000 Passing on to weeve, he's our kde mofo and i'm not quite yet feeling good anyway. corsair@gentoo.org 2006-06-12 11:33:20 0000 compiles and runs fine on PPC64, even though I'm not sure how to test if security issue is fixed... guess it just *is*. jaervosz@gentoo.org 2006-06-12 23:31:20 0000 Arche Sec Liaisons please note that public disclosure is tomorrow so we are in a bit of a hurry here. weeve@gentoo.org 2006-06-13 08:29:46 0000 Tomorrow as in 13 Jun 2006 or 14 Jun 2006? /me doesn't know what timezone you are in. carlo@gentoo.org 2006-06-13 14:39:46 0000 (In reply to comment #10) > compiles and runs fine on PPC64, even though I'm not sure how to test if > security issue is fixed... guess it just *is*. > Formerly KDM was fine with reading ~/.dmrc - as long as it succeeded. A user could replace his ~/.dmrc with a symlink to another file to get e.g. the content of /etc/shadow. Looking at the code, this is not possible anymore, but you can still test of course. :) (In reply to comment #12) > Tomorrow as in 13 Jun 2006 or 14 Jun 2006? 14th 16:00 GMT weeve@gentoo.org 2006-06-13 19:38:24 0000 Looks good on SPARC. I'm fine with it being keyworded. dertobi123@gentoo.org 2006-06-14 04:51:57 0000 Looks also good on ppc. carlo@gentoo.org 2006-06-14 11:48:26 0000 Announcement is out, so the bug can be opened and arch teams cc'ed. Committed kdm-3.4.3-r2 kdm-3.5.2-r1 kdebase-3.4.3-r2 kdebase-3.5.2-r2 with ppc and sparc stable. Other arch teams are asked to follow asap. Thanks. :) jaervosz@gentoo.org 2006-06-14 12:00:25 0000 Arches please test and mark stable asap. flameeyes@gentoo.org 2006-06-14 12:19:06 0000 *** Bug 136807 has been marked as a duplicate of this bug. *** carlo@gentoo.org 2006-06-14 14:30:27 0000 Duh, I missed to commit the most important file - the patch. :( It's in cvs now. tcort@gentoo.org 2006-06-14 19:07:19 0000 kdm-3.4.3-r2, kdm-3.5.2-r1, kdebase-3.4.3-r2, and kdebase-3.5.2-r2 stable on alpha and amd64. Sorry for the delay, this one required quite a bit of compiling ;) corsair@gentoo.org 2006-06-15 00:01:05 0000 stable on ppc64 killerfox@gentoo.org 2006-06-17 03:51:29 0000 stable on hppa carlo@gentoo.org 2006-06-17 05:03:51 0000 Didn't want to wait forever on second pair of eyes. Stable on x86. jaervosz@gentoo.org 2006-06-17 06:19:43 0000 Thx Carsten. Ready for GLSA. Security please review draft. jaervosz@gentoo.org 2006-06-22 13:13:17 0000 GLSA 200606-23 ia64,mips don't forget to mark stable to benifit from the GLSA. prote@fmi.uni-stuttgart.de 2006-06-23 02:19:33 0000 In this bug report it says "fixed in kdm-3.5.2-r1" but in the GLSA it says "vulnerable < 3.5.2-r2" and "unaffected >= 3.5.2-r2". Since I can't find an kdm-3.5.2-r2 in my just synced portage tree, I think it's an typo in the GLSA. carlo@gentoo.org 2006-06-23 15:47:25 0000 As Horst said, the GLSA isn't correct. dercorny@gentoo.org 2006-06-24 07:41:01 0000 Sorry for that, should be fixed in CVS now. Thanks for reporting this. 88772 2006-06-09 08:17 0000 post-3.2.0-kdebase-kdm.diff post-3.2.0-kdebase-kdm.diff text/plain SW5kZXg6IGtkbS9iYWNrZW5kL2NsaWVudC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGtkbS9iYWNrZW5kL2Ns aWVudC5jCShyZXZpc2lvbiA1NDk1MDQpCisrKyBrZG0vYmFja2VuZC9jbGllbnQuYwkod29ya2lu ZyBjb3B5KQpAQCAtMTQ4NSwxNCArMTQ4NSw2IEBAIFJlYWREbXJjICgpCiAKICAgICBpZiAoIVN0 ckFwcCAoJmZuYW1lLCBwLT5wd19kaXIsICIvLmRtcmMiLCAoY2hhciAqKTApKQogCXJldHVybiBH RV9FcnJvcjsKLSAgICBpZiAoKGN1cmRtcmMgPSBpbmlMb2FkIChmbmFtZSkpKSB7Ci0JZnJlZSAo Zm5hbWUpOwotCXJldHVybiBHRV9PazsKLSAgICB9Ci0gICAgaWYgKGVycm5vICE9IEVQRVJNKSB7 Ci0JZnJlZSAoZm5hbWUpOwotCXJldHVybiBHRV9Ob0ZpbGU7Ci0gICAgfQogCiAgICAgaWYgKHBp cGUgKHBmZCkpCiAJcmV0dXJuIEdFX0Vycm9yOwo= 88773 2006-06-09 08:17 0000 post-3.3.0-kdebase-kdm.diff post-3.3.0-kdebase-kdm.diff text/plain SW5kZXg6IGtkbS9iYWNrZW5kL2NsaWVudC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGtkbS9iYWNrZW5kL2Ns aWVudC5jCShyZXZpc2lvbiA1NDk2MjUpCisrKyBrZG0vYmFja2VuZC9jbGllbnQuYwkod29ya2lu ZyBjb3B5KQpAQCAtMTYwNywxNyArMTYwNyw2IEBAIFJlYWREbXJjICgpCiAKICAgICBpZiAoIVN0 ckFwcCAoJmZuYW1lLCBwLT5wd19kaXIsICIvLmRtcmMiLCAoY2hhciAqKTApKQogCXJldHVybiBH RV9FcnJvcjsKLSAgICBpZiAoKGN1cmRtcmMgPSBpbmlMb2FkIChmbmFtZSkpKSB7Ci0JZnJlZSAo Zm5hbWUpOwotCXJldHVybiBHRV9PazsKLSAgICB9Ci0KLSAgICAvKiBvbiBQT1NJWCBzeXN0ZW1z IG9ubHkgRUFDQ0VTIGNhbiBiZSByZXR1cm5lZCAtIAotICAgICAgIEkgbGVhdmUgdGhlIEVQRVJN IGhlcmUganVzdCBiZWNhdXNlIEkgZG9uJ3Qga25vdyBhbGwgbm9uLVBPU0lYIHN5c3RlbXMgKi8K LSAgICBpZiAoZXJybm8gIT0gRUFDQ0VTICYmIGVycm5vICE9IEVQRVJNKSB7Ci0JZnJlZSAoZm5h bWUpOwotCXJldHVybiBHRV9Ob0ZpbGU7Ci0gICAgfQogCiAgICAgaWYgKHBpcGUgKHBmZCkpCiAJ cmV0dXJuIEdFX0Vycm9yOwo= 88774 2006-06-09 08:18 0000 post-3.5.0-kdebase-kdm.diff post-3.5.0-kdebase-kdm.diff text/plain SW5kZXg6IGtkbS9iYWNrZW5kL2NsaWVudC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGtkbS9iYWNrZW5kL2Ns aWVudC5jCShyZXZpc2lvbiA1NDc1NjApCisrKyBrZG0vYmFja2VuZC9jbGllbnQuYwkod29ya2lu ZyBjb3B5KQpAQCAtMTUzNywxNiArMTU0Miw2IEBAIFJlYWREbXJjKCkKIAogCWlmICghU3RyQXBw KCAmZm5hbWUsIHAtPnB3X2RpciwgIi8uZG1yYyIsIChjaGFyICopMCApKQogCQlyZXR1cm4gR0Vf RXJyb3I7Ci0JaWYgKChjdXJkbXJjID0gaW5pTG9hZCggZm5hbWUgKSkpIHsKLQkJZnJlZSggZm5h bWUgKTsKLQkJcmV0dXJuIEdFX09rOwotCX0KLQotCWlmIChlcnJubyAhPSBFQUNDRVMpIHsKLQkJ ZnJlZSggZm5hbWUgKTsKLQkJcmV0dXJuIEdFX05vRmlsZTsKLQl9Ci0KIAlpZiAocGlwZSggcGZk ICkpCiAJCXJldHVybiBHRV9FcnJvcjsKIAlpZiAoKHBpZCA9IEZvcmsoKSkgPCAwKSB7Cg== 88902 2006-06-11 06:26 0000 kdm-3.5.2-r1.ebuild kdm-3.5.2-r1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2tkZS1iYXNlL2tkbS9rZG0tMy41LjIuZWJ1aWxk LHYgMS4xMiAyMDA2LzA2LzAxIDA4OjAwOjU2IHRjb3J0IEV4cCAkCgpLTU5BTUU9a2RlYmFzZQpN QVhLREVWRVI9JFBWCktNX0RFUFJBTkdFPSIkUFYgJE1BWEtERVZFUiIKaW5oZXJpdCBrZGUtbWV0 YSBldXRpbHMKClNSQ19VUkk9IiR7U1JDX1VSSX0KCW1pcnJvcjovL2dlbnRvby9rZGViYXNlLTMu NS1wYXRjaHNldC0wMS50YXIuYnoyIgoKREVTQ1JJUFRJT049IktERSBsb2dpbiBtYW5hZ2VyLCBz aW1pbGFyIHRvIHhkbSBhbmQgZ2RtIgpLRVlXT1JEUz0ifmFscGhhIH5hbWQ2NCB+aWE2NCB+cHBj IH5wcGM2NCB+c3BhcmMgfng4NiB+eDg2LWZic2QiCklVU0U9InBhbSIKCktNRVhUUkE9ImtkbWxp Yi8iCiMga2lvc2xhdmUvdGh1bWJuYWlsL2NvbmZpZ3VyZS5pbi5pbiBpcyB0byBoYXZlIEhBVkVf TElCQVJULiBDYW4gYmUgZHJvcHBlZCBvbgojIDMuNV9iZXRhMS4KS01FWFRSQUNUT05MWT0ibGli a29ucS9rb25xX2RlZmF1bHRzLmgiCiMJICAgIGtpb3NsYXZlL3RodW1ibmFpbC9jb25maWd1cmUu aW4uaW4iCktNQ09NUElMRU9OTFk9Imtjb250cm9sL2JhY2tncm91bmQiCkRFUEVORD0icGFtPyAo IGtkZS1iYXNlL2tkZWJhc2UtcGFtICkKCSQoZGVwcmFuZ2UgJFBWICRNQVhLREVWRVIga2RlLWJh c2Uva2NvbnRyb2wpIgoJIyBSZXF1aXJlcyB0aGUgZGVza3RvcCBiYWNrZ3JvdW5kIHNldHRpbmdz IGFuZCBrZG0ga2NvbnRyb2wgbW9kdWxlcwpSREVQRU5EPSIke0RFUEVORH0KCWtkZS1iYXNlL2tk ZXBhc3N3ZCIKCgpzcmNfdW5wYWNrKCkgewoJa2RlLW1ldGFfc3JjX3VucGFjawoKCSMgQXZvaWQg dXNpbmcgaW1ha2UgKGtkZSBidWcgMTE0NDY2KQoJZXBhdGNoICIke1dPUktESVJ9L3BhdGNoZXMv a2RlYmFzZS0zLjUuMF9iZXRhMi1ub2ltYWtlLnBhdGNoIgoKCWVwYXRjaCAiJHtGSUxFU0RJUn0v cG9zdC0zLjUuMC1rZGViYXNlLWtkbS5kaWZmIgp9CgpzcmNfY29tcGlsZSgpIHsKCWxvY2FsIG15 Y29uZj0iLS13aXRoLXgtYmluYXJpZXMtZGlyPS91c3IvYmluIgoKCWlmIHVzZSBwYW07IHRoZW4K CQlteWNvbmY9IiR7bXljb25mfSAtLXdpdGgtcGFtPXllcyIKCWVsc2UKCQlteWNvbmY9IiR7bXlj b25mfSAtLXdpdGgtcGFtPW5vIC0td2l0aC1zaGFkb3ciCglmaQoKCWV4cG9ydCBVU0VSX0xERkxB R1M9IiR7TERGTEFHU30iCgoJa2RlLW1ldGFfc3JjX2NvbXBpbGUgbXljb25mIGNvbmZpZ3VyZQoJ a2RlX3JlbW92ZV9mbGFnIGtkbS9rZnJvbnRlbmQgLWZvbWl0LWZyYW1lLXBvaW50ZXIKCWtkZS1t ZXRhX3NyY19jb21waWxlIG1ha2UKfQoKc3JjX2luc3RhbGwoKSB7CglrZGUtbWV0YV9zcmNfaW5z dGFsbAoJY2QgJHtTfS9rZG0gJiYgbWFrZSBERVNURElSPSR7RH0gR0VOS0RNQ09ORl9GTEFHUz0i LS1uby1vbGQgLS1uby1iYWNrdXAgLS1uby1pbi1ub3RpY2UiIGluc3RhbGwKCgkjIEN1c3RvbWl6 ZSB0aGUga2RtcmMgY29uZmlndXJhdGlvbgoJc2VkIC1pIC1lICJzOiNTZXNzaW9uc0RpcnM9OlNl c3Npb25zRGlycz0vdXNyL3NoYXJlL3hzZXNzaW9uc1xuI1Nlc3Npb25zRGlycz06IiBcCgkJJHtE fS8ke0tERURJUn0vc2hhcmUvY29uZmlnL2tkbS9rZG1yYyB8fCBkaWUKfQoKcGtnX3Bvc3RpbnN0 KCkgewoJIyBzZXQgdGhlIGRlZmF1bHQga2RtIGZhY2UgaWNvbiBpZiBpdCdzIG5vdCBhbHJlYWR5 IHNldCBieSB0aGUgc3lzdGVtIGFkbWluCgkjIGJlY2F1c2UgdGhpcyBpcyB1c2VyLW92ZXJyaWRl YWJsZSBpbiB0aGF0IHdheSwgaXQncyBub3QgaW4gc3JjX2luc3RhbGwKCWlmIFsgISAtZSAiJHtS T09UfSR7S0RFRElSfS9zaGFyZS9hcHBzL2tkbS9mYWNlcy8uZGVmYXVsdC5mYWNlLmljb24iIF07 CXRoZW4KCQlta2RpciAtcCAiJHtST09UfSR7S0RFRElSfS9zaGFyZS9hcHBzL2tkbS9mYWNlcyIK CQljcCAiJHtST09UfSR7S0RFRElSfS9zaGFyZS9hcHBzL2tkbS9waWNzL3VzZXJzL2RlZmF1bHQx LnBuZyIgXAoJCSAgICAiJHtST09UfSR7S0RFRElSfS9zaGFyZS9hcHBzL2tkbS9mYWNlcy8uZGVm YXVsdC5mYWNlLmljb24iCglmaQoJaWYgWyAhIC1lICIke1JPT1R9JHtLREVESVJ9L3NoYXJlL2Fw cHMva2RtL2ZhY2VzL3Jvb3QuZmFjZS5pY29uIiBdOyB0aGVuCgkJbWtkaXIgLXAgIiR7Uk9PVH0k e0tERURJUn0vc2hhcmUvYXBwcy9rZG0vZmFjZXMiCgkJY3AgIiR7Uk9PVH0ke0tERURJUn0vc2hh cmUvYXBwcy9rZG0vcGljcy91c2Vycy9yb290MS5wbmciIFwKCQkJIiR7Uk9PVH0ke0tERURJUn0v c2hhcmUvYXBwcy9rZG0vZmFjZXMvcm9vdC5mYWNlLmljb24iCglmaQp9Cg== 88903 2006-06-11 06:26 0000 kdm-3.4.3-r2.ebuild kdm-3.4.3-r2.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2tkZS1iYXNlL2tkbS9rZG0tMy40LjMtcjEuZWJ1 aWxkLHYgMS44IDIwMDYvMDMvMjcgMTU6MzE6MTggYWdyaWZmaXMgRXhwICQKCktNTkFNRT1rZGVi YXNlCk1BWEtERVZFUj0kUFYKS01fREVQUkFOR0U9IiRQViAkTUFYS0RFVkVSIgppbmhlcml0IGtk ZS1tZXRhIGV1dGlscwoKREVTQ1JJUFRJT049IktERSBsb2dpbiBtYW5hZ2VyLCBzaW1pbGFyIHRv IHhkbSBhbmQgZ2RtIgpLRVlXT1JEUz0ifmFscGhhIH5hbWQ2NCB+aWE2NCB+cHBjIH5wcGM2NCB+ c3BhcmMgfng4NiIKSVVTRT0icGFtIgoKS01FWFRSQT0ia2RtbGliLyIKS01FWFRSQUNUT05MWT0i bGlia29ucS9rb25xX2RlZmF1bHRzLmgKCSAgICBraW9zbGF2ZS90aHVtYm5haWwvY29uZmlndXJl LmluLmluIiAjIGZvciB0aGUgSEFWRV9MSUJBUlQgdGVzdApLTUNPTVBJTEVPTkxZPSJrY29udHJv bC9iYWNrZ3JvdW5kIgpERVBFTkQ9InBhbT8gKCBrZGUtYmFzZS9rZGViYXNlLXBhbSApCgkkKGRl cHJhbmdlICRQViAkTUFYS0RFVkVSIGtkZS1iYXNlL2tjb250cm9sKSIKCSMgUmVxdWlyZXMgdGhl IGRlc2t0b3AgYmFja2dyb3VuZCBzZXR0aW5ncyBhbmQga2RtIG1vZHVsZXMsCgkjIHNvIHVudGls IHdlIHNlcGFyYXRlIHRoZSBrY29udHJvbCBtb2R1bGVzIGludG8gc2VwYXJhdGUgZWJ1aWxkcyA6 LSksCgkjIHRoZXJlJ3MgYSBkZXAgaGVyZQoKIyBGaXggWERNQ1AgKGtkZSBidWcgMTE0Mzg1KS4g QXBwbGllZCBmb3IgMy40LjQuClBBVENIRVM9IiR7RklMRVNESVJ9L2tkZWJhc2UtMy40LjMteGRt Y3AucGF0Y2giCgojIEF2b2lkIHVzaW5nIGltYWtlIChrZGUgYnVnIDExNDQ2NikuClBBVENIRVM9 IiR7UEFUQ0hFU30gJHtGSUxFU0RJUn0va2RlYmFzZS0zLjQuMy1ub2ltYWtlLnBhdGNoIgoKIyAK UEFUQ0hFUz0iJHtQQVRDSEVTfSAkRklMRVNESVIvcG9zdC0zLjUuMC1rZGViYXNlLWtkbS5kaWZm IgoKc3JjX2NvbXBpbGUoKSB7Cglsb2NhbCBteWNvbmY9Ii0td2l0aC14LWJpbmFyaWVzLWRpcj0v dXNyL2JpbiIKCglpZiB1c2UgcGFtOyB0aGVuCgkJbXljb25mPSIke215Y29uZn0gLS13aXRoLXBh bT15ZXMiCgllbHNlCgkJbXljb25mPSIke215Y29uZn0gLS13aXRoLXBhbT1ubyAtLXdpdGgtc2hh ZG93IgoJZmkKCglrZGUtbWV0YV9zcmNfY29tcGlsZSBteWNvbmYgY29uZmlndXJlCglrZGVfcmVt b3ZlX2ZsYWcga2RtL2tmcm9udGVuZCAtZm9taXQtZnJhbWUtcG9pbnRlcgoJa2RlLW1ldGFfc3Jj X2NvbXBpbGUgbWFrZQp9CgpzcmNfaW5zdGFsbCgpIHsKCWtkZS1tZXRhX3NyY19pbnN0YWxsCglj ZCAke1N9L2tkbSAmJiBtYWtlIERFU1RESVI9JHtEfSBHRU5LRE1DT05GX0ZMQUdTPSItLW5vLW9s ZCAtLW5vLWJhY2t1cCAtLW5vLWluLW5vdGljZSIgaW5zdGFsbAoKCSMgV2UgdGVsbCBrZG0gdG8g L3VzZSBzZXNzaW9uIGZpbGVzIGZyb20gL3Vzci9zaGFyZS94c2Vzc2lvbnMuCgkjIEkndmUgcmVt b3ZlZCBzb21lIG90aGVyIGtkbXJjIG1vZHMgZnJvbSBoZXJlLCBzaW5jZSBpdCdzIG5vdCBjbGVh ciB3aHkKCSMgdGhlIGRlZmF1bHQgYXJlbid0IG9rIChhbmQgSSdtIG5vdCBzdXJlIGFib3V0IHRo ZSBiZW5lZml0cyBvZiB1c2luZwoJIyB0aGUgeGRtIGNvbmZpZ2ZpbGVzIHVuZGVyIC9ldGMvWDEx IGluc3RlYWQgb2Ygb3VyIG93biBvbmVzKSwKCSMgYW5kIGl0J3MgdGhlIEdlbnRvbyBXYXkgdG8g YXZvaWQgbW9kaWZ5aW5nIHVwc3RyZWFtIGJlaGF2aW91ci4KCSMgVGVsbCBtZSBpZiB5b3UgZG9u J3QgbGlrZSB0aGlzLiAtLWRhbmFybWFrCgljZCAke0R9LyR7S0RFRElSfS9zaGFyZS9jb25maWcv a2RtIHx8IGRpZQoJc2VkIC1pIC1lICJzOiNTZXNzaW9uc0RpcnM9OlNlc3Npb25zRGlycz0vdXNy L3NoYXJlL3hzZXNzaW9uc1xuI1Nlc3Npb25zRGlycz06IiBcCgkJLWUgInM6I0dyZWV0Rm9udD06 R3JlZXRGb250PVNhbnMgU2VyaWYsMjQsLTEsNSw1MCwwLDAsMCwwLDBcbiNHcmVldEZvbnQ9OiIg XAoJCS1lICJzOiNTdGRGb250PTpTdGRGb250PVNhbnMgU2VyaWYsMTIsLTEsNSw1MCwwLDAsMCww LDBcbiNTdGRGb250PToiIFwKCQktZSAiczojRmFpbEZvbnQ9OkZhaWxGb250PVNhbnMgU2VyaWYs MTIsLTEsNSw3NSwwLDAsMCwwLDBcbiNGYWlsRm9udD06IiBcCgkJLWUgInM6I0FudGlBbGlhc2lu Zz06QW50aUFsaWFzaW5nPXRydWVcbiNBbnRpQWxpYXNpbmc9OiIgXAoJCWtkbXJjCn0KCnBrZ19w b3N0aW5zdCgpIHsKCSMgc2V0IHRoZSBkZWZhdWx0IGtkbSBmYWNlIGljb24gaWYgaXQncyBub3Qg YWxyZWFkeSBzZXQgYnkgdGhlIHN5c3RlbSBhZG1pbgoJIyBiZWNhdXNlIHRoaXMgaXMgdXNlci1v dmVycmlkZWFibGUgaW4gdGhhdCB3YXksIGl0J3Mgbm90IGluIHNyY19pbnN0YWxsCglpZiBbICEg LWUgIiR7Uk9PVH0ke0tERURJUn0vc2hhcmUvYXBwcy9rZG0vZmFjZXMvLmRlZmF1bHQuZmFjZS5p Y29uIiBdOwl0aGVuCgkJbWtkaXIgLXAgIiR7Uk9PVH0ke0tERURJUn0vc2hhcmUvYXBwcy9rZG0v ZmFjZXMiCgkJY3AgIiR7Uk9PVH0ke0tERURJUn0vc2hhcmUvYXBwcy9rZG0vcGljcy91c2Vycy9k ZWZhdWx0MS5wbmciIFwKCQkgICAgIiR7Uk9PVH0ke0tERURJUn0vc2hhcmUvYXBwcy9rZG0vZmFj ZXMvLmRlZmF1bHQuZmFjZS5pY29uIgoJZmkKfQo=