145511 2006-08-29 12:14 0000 app-arch/gzip Multiple issues (CVE-2006-433{4-8}) 2006-11-11 20:49:28 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED A1 [glsa] jaervosz P2 critical --- 151252 1 jaervosz@gentoo.org security@gentoo.org base-system@gentoo.org bernd@linx.net chainsaw@gentoo.org matsuu@gentoo.org sgtphou@fire-eyes.org usata@gentoo.org jaervosz@gentoo.org 2006-08-29 12:14:07 0000 Hi there, Google have sponsored me to perform a security audit of gzip-1.3.5, in which multiple security vulnerabilities have been uncovered. These flaws could be leveraged by an attacker to compromise or disrupt any automated system relying on gzip for data decompression. These may also affect applications that execute gzip indirectly, such as tar, lynx, gv, xli, vim, less, etc. A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support, The following loop from make_table() (~139, unlzh.c) assumes that no entry in bitlen[] can exceed 16: for (i = 0; i < nchar; i++) count[bitlen[i]]++; This is not the case, bitlen[] can be populated with higher values by read_pt_len(), thus incrementing values outside the bounds of the stack buffer count[]. A datastream consisting entirely of huffman codes with set bits demonstrates this, for example: $ perl -e 'print "\x1f\xa0","\xab\xcd","\xff"x"2048"' | gzip -d Please note, this may or may not cause odd behaviour, a debugger should be used to find out if you are affected (this does not appear to be detected by valgrind). This vulnerability may or may not be exploitable, different behaviour has been observed on different systems. On some systems, several saved registers are within reach, thus allowing them to be incremented by a significant amount (count[] is of type unsigned short[], allowing you to manipulate the 2 MSB and LSB of a saved dword register independently). This may be enough to move a stack frame into an attacker controlled area, adjust the return address, or should a register jump be performed on a saved register (eg, ljmp ebx), then an attacker may be able to move the destination to another controlled area. jaervosz@gentoo.org 2006-08-29 12:14:51 0000 Created an attachment (id=95405) gzip-1.3.5-goo-sec.diff jaervosz@gentoo.org 2006-08-29 12:15:07 0000 Created an attachment (id=95406) gzip-testcases.tar.bz2.gpg jaervosz@gentoo.org 2006-09-13 23:49:06 0000 SpanKY please advise. jaervosz@gentoo.org 2006-09-18 12:36:21 0000 SpanKY this will go public tomorrow. Please be ready to commit an updated ebuild. taviso@gentoo.org 2006-09-19 06:37:10 0000 (mail was truncated, details continued below) If no stack data can be reached, the impact of this vulnerability is low. This can be found in gdb as follows: $ gdb -q gzip (gdb) b make_table Breakpoint 1 at 0x804f246: file unlzh.c, line 146. (gdb) r --decompress < testcase.Z Breakpoint 1, make_table (nchar=19, bitlen=0x80551c4 "\024\024\024", tablebits=8, table=0x8054fc0) at unlzh.c:146 (gdb) info frame Stack level 0, frame at 0xffffd5d4: eip = 0x804f246 in make_table (unlzh.c:146); saved eip 0x804f589 called by frame at 0xffffd5f4 source language c. Arglist at 0xffffd5cc, args: nchar=19, bitlen=0x80551c4 "\024\024\024", tablebits=8, table=0x8054fc0 Locals at 0xffffd5cc, Previous frame's sp is 0xffffd5d4 Saved registers: ebx at 0xffffd5c0, ebp at 0xffffd5cc, esi at 0xffffd5c4, edi at 0xffffd5c8, eip at 0xffffd5d0 (gdb) p/x &count[21] $1 = 0xffffd5c8 In this case, the saved ebx, esi and edi are clearly attacker controllable. A .bss buffer underflow exists in gzip's pack support, where the following loop from build_tree() (unpack.c, ~146) does not enforce any lower bound while constructing the prefix table: while (prefixes--) *--prefixp = (uch)len; The simplified process of constructing a prefix table is as follows: * Read the maximum length of a huffman code used in this archive. * Ensure the maximum length is between zero and 25. * Read the number of leaves at each code length from the archive. * Check the sum of leaves does not exceed 256. * For each leaf count between code lengths 1 .. min(max_code_length, 12) initialise the prefix table to the code length. The prefix table could theoretically contain 1<<12 entries safely, however a leaf count table could be constructed in such a way as to write to index (1<<12 - (0xff << (12 - 1))), or -518144 (this is the furthest index directly reachable), thus underflowing the buffer considerably. * The values written to the underflowed area are attacker controlled, but can only be within the range 0x01 to 0x0c. * The distance from the buffer is affected by the value of the char requested, the formula for the furthest index reachable by character value n is something like (4096 - (0xff << 12 - n)). * The overwrite operation can only occur once, however the condition can be be easily modified via the first overwrite, and thus repeated multiple times. Overwriting a buffer with multiple values is possible by building up a new value using multiple overlapping writes. On big endian systems, this vulnerability should be trivially exploitable. However exploitation on intel appears to be considerably more difficult, the most likely attack vector appears to be modifying max_len, peek_bits, eob (indirectly) and lit_base in such a way as to trigger an write of arbitrary data via put_ubyte() and window[], this can then be used to modify the `work` function pointer or a .got entry (such as free(), which is called on error) to point at an attacker controlled buffer such as inbuf. Alternative attack vectors may include modifying ifd, ofd, infinite loops, etc. Please note, that on systems that compile gzip with `DYN_ALLOC` defined, the buffer underflowed is a heap buffer. I have not investigated this configuration in any detail. The file gzip_pack_underflow.c attached to this mail can be used to generate archives that demonstrate this vulnerability. A .bss buffer overflow vulnerability exists in gzip's LZH support, due to it's inability to handle exceptional input in the make_table() function, a pathological decoding table can be constructed in such a way as to generate counts so high that the rapid growth of `nextcode` exceeds the size of the table[] buffer. The decoding table construction code is considerably more complex than that of pack's. To exploit this vulnerability, an attacker would need to: * Construct a pt_len[] such that pt_len[n] is 0. * Construct a pt_table[] such that pt_table[(code buffer) >> 16 - 8] is n (where n>2) * Now c_len[] is filled with (n-2), generating exceptionally high values in count[n-2]. The most likely targets for triggering the exploitation of arbitrary code would be inptr, insize and inbuf, all of which are fully controllable, and triggering a buffer refill operation with these modified variables. A datatream that demonstrates a pathological c_len[] can be generated as follows: $ perl -e 'print "\x1f\xa0","\xab\xcd","\xf6\x40\x01\xc2\xcc\x36\x0c\x92\x00\x00\x00\x00","\xc8","\x00"x"2048"' | gzip -d Where the third string contains codes to populate pt_len[], which in turn is used to generate the c_len[] in read_c_len(). Please note, this may not crash, you should use a debugger to identify if an overflow has occurred (valgrind doesnt detect this either). If you compile with -funit-at-a-time, you can put a watchpoint on `foreground`, making this easier to debug, which is what I did while testing this. eg, $ gdb -q ./gzip (gdb) thb unlzh Breakpoint 1 at 0x804fe49: file unlzh.c, line 425. (gdb) r --decompress < testcase.gz unlzh (in=0, out=1) at unlzh.c:425 (gdb) p/x foreground $1 = 0x1 (gdb) watch foreground != 1 Hardware watchpoint 2: foreground != 1 (gdb) c Hardware watchpoint 2: foreground != 1 Old value = 0 New value = 1 0x0804fb49 in make_table (nchar=510, bitlen=0x80916e0 '\005' <repeats 200 times>..., tablebits=12, table=0x8060e00) at unlzh.c:214 (gdb) p/x foreground $2 = 0x100 clearly foreground has been damaged here. (gdb) info symbol &table[i] foreground in section .bss oops, table[i] has reached outside d_buf. The public domain source on which unlzh.c is based on appears to be used in multiple other decompressors, I have not investigated if these are vulnerable to the same attack. The following code sequence is used in multiple locations within unlzh.c for traversing the branches of a tree structure: do { if (bitbuf & mask) j = right[j]; else j = left [j]; mask >>= 1; } while (j >= NC); In this case, if mask is 0 and j == left[j], then the loop will continue forever, perhaps disrupting the operation of any automated systems relying on gzip for data decompression. The impact of this vulnerability is obviously a minor DoS. It does not appear to be possible to construct a tree such that (for example) left[1] == 2, left[2] == 1 and so on. Therefore, detecting this loop is relatively easy, adding the condition `&& (mask || j != left[j])` should be adequate. As some of these formats are hard to come by, I have attached some valid archives in the hope of helping with any regression testing that may be required (typically pack files are distributed with a lowercase .z file extension, LZH and LZW compress archives both use an uppercase .Z, and can only be differentiated by their magic). The testcases have been symmetrically encrypted to avoid inadvertently disrupting mua's, av scanners, etc. Please use `gpg --output gzip-testcases.tar.bz2 --decrypt gzip-testcases.tar.bz2.gpg` with password "google" to extract. If there are no objections, I'll suggest an embargo date of September 5th. I'll forward this date and report to the upstream authors, although experience suggests they may be unresponsive. Please credit "Tavis Ormandy, Google Security Team" in any advisories relating to this issue. Thanks, Tavis. taviso@gentoo.org 2006-09-19 09:45:49 0000 public, glsa drafted so just waiting on commit and stabilisation... vapier? :) jaervosz@gentoo.org 2006-09-19 11:22:15 0000 Rerating since execution of gzip is fairly automated in many places such as AV gateways. falco@gentoo.org 2006-09-19 12:11:55 0000 CCing herd. Please commit since this bug is now rated critical, thanks. falco@gentoo.org 2006-09-20 07:27:25 0000 rPath RedHat Ubuntu FreeBSD SlackWare Debian have already issued their advisory :( ian@gentoo.org 2006-09-20 08:07:31 0000 In cvs in 1.3.5-r9 jaervosz@gentoo.org 2006-09-20 08:10:00 0000 20 Sep 2006; Christian Hartmann <ian@gentoo.org> +files/CVE-2006-4334-8.diff, +gzip-1.3.5-r9.ebuild: Revbump for bug #145511 - commit approved by DerCorny Arches please test and mark stable. Target keywords are: gzip-1.3.5-r9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" dertobi123@gentoo.org 2006-09-20 08:15:50 0000 ppc stable angelos@gentoo.org 2006-09-20 08:17:05 0000 - emerges fine on amd64 - passes collision-test - passes multilib-strict - works Portage 2.1.1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-ck1-r3 x86_64) ================================================================= System uname: 2.6.17-ck1-r3 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.5 Last Sync: Wed, 20 Sep 2006 11:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.6-r1, 2.0.29 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-test distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.ISO8859-1" LC_ALL="en_US.ISO8859-1" LINGUAS="" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread elibc_glibc emboss encode expat fam firefox fortran gdbm gif glut gpm gstreamer gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc mad mikmod mng mp3 mpeg musicbrainz ncurses nls nptl nptlonly offensive ogg opengl pam pcre pdflib php png ppds pppd quicktime readline reflection reiserfs rtc sdl session socks5 spl ssl svg symlink tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx vorbis wmp x264 xfs xine xinerama xml xorg xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS tove@gentoo.org 2006-09-20 09:13:20 0000 stable on x86. added ppc again, because KEYWORDS weren't changed (still ~ppc). dertobi123@gentoo.org 2006-09-20 09:13:46 0000 now ... finally ... ppc'd fauli@gentoo.org 2006-09-20 09:17:12 0000 1) emerges fine 2) passes collision test 3) works Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686) ================================================================= System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+ Gentoo Base System version 1.12.5 Last Sync: Wed, 20 Sep 2006 15:20:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.2.11-r1 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/" LANG="de_DE@euro" LC_ALL="de_DE@euro" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage" USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS corsair@gentoo.org 2006-09-20 10:59:50 0000 ppc64 stable weeve@gentoo.org 2006-09-20 20:05:47 0000 SPARC is like all good and stuff, mang blubb@gentoo.org 2006-09-21 01:49:53 0000 amd64 got the keyword hanno@gentoo.org 2006-09-21 11:28:30 0000 Does anyone have an idea if there are relevant bundled versions of gzip? dertobi123@gentoo.org 2006-09-21 12:18:40 0000 hppa stable kloeri@gentoo.org 2006-09-22 15:43:01 0000 Stable on alpha and ia64. jaervosz@gentoo.org 2006-09-23 00:16:07 0000 Thx everyone. GLSA 200609-13 matsuu@gentoo.org 2006-10-13 09:41:09 0000 app-arch/lha is also affected. cf http://www2.nsknet.or.jp/~micco/notes/gzipvul.htm (japanese) http://tinyurl.com/yerkfj (translated) matsuu@gentoo.org 2006-10-13 09:42:16 0000 Created an attachment (id=99551) lha-1.14i_p20050924.ebuild matsuu@gentoo.org 2006-10-13 09:42:49 0000 Created an attachment (id=99552) files/lha-1.14i_p20050924-CVE-2006-4334-8.patch matsuu@gentoo.org 2006-10-13 09:44:53 0000 the patch is from http://lists.sourceforge.jp/mailman/archives/lha-users/2006-October/000411.html vapier@gentoo.org 2006-10-13 13:33:14 0000 file a new bug report and have it depend on this one 95405 2006-08-29 12:14 0000 gzip-1.3.5-goo-sec.diff gzip-1.3.5-goo-sec.diff text/plain T25seSBpbiBnemlwLTEuMy41OiBjc2NvcGUub3V0CmRpZmYgLXJ1IGd6aXAtMS4zLjUub3JpZy9n emlwLmggZ3ppcC0xLjMuNS9nemlwLmgKLS0tIGd6aXAtMS4zLjUub3JpZy9nemlwLmgJMjAwMS0x MC0wMSAwNzo1Mzo0MS4wMDAwMDAwMDAgKzAxMDAKKysrIGd6aXAtMS4zLjUvZ3ppcC5oCTIwMDYt MDgtMTggMjI6NDQ6MzguNzU1NTk4MDAwICswMTAwCkBAIC0xOTgsNiArMTk4LDggQEAKIGV4dGVy biBpbnQgdG9fc3Rkb3V0OyAgICAgIC8qIG91dHB1dCB0byBzdGRvdXQgKC1jKSAqLwogZXh0ZXJu IGludCBzYXZlX29yaWdfbmFtZTsgLyogc2V0IGlmIG9yaWdpbmFsIG5hbWUgbXVzdCBiZSBzYXZl ZCAqLwogCisjZGVmaW5lIE1JTihhLGIpICgoYSkgPD0gKGIpID8gKGEpIDogKGIpKQorCiAjZGVm aW5lIGdldF9ieXRlKCkgIChpbnB0ciA8IGluc2l6ZSA/IGluYnVmW2lucHRyKytdIDogZmlsbF9p bmJ1ZigwKSkKICNkZWZpbmUgdHJ5X2J5dGUoKSAgKGlucHRyIDwgaW5zaXplID8gaW5idWZbaW5w dHIrK10gOiBmaWxsX2luYnVmKDEpKQogCmRpZmYgLXJ1IGd6aXAtMS4zLjUub3JpZy9pbmZsYXRl LmMgZ3ppcC0xLjMuNS9pbmZsYXRlLmMKLS0tIGd6aXAtMS4zLjUub3JpZy9pbmZsYXRlLmMJMjAw Mi0wOS0yNSAyMjoyMDoxMy4wMDAwMDAwMDAgKzAxMDAKKysrIGd6aXAtMS4zLjUvaW5mbGF0ZS5j CTIwMDYtMDctMjEgMDk6MTA6NDMuMzUwMzc2MDAwICswMTAwCkBAIC0zMzcsNyArMzM3LDcgQEAK ICAgewogICAgICp0ID0gKHN0cnVjdCBodWZ0ICopTlVMTDsKICAgICAqbSA9IDA7Ci0gICAgcmV0 dXJuIDA7CisgICAgcmV0dXJuIDI7CiAgIH0KIAogCk9ubHkgaW4gZ3ppcC0xLjMuNTogdGVzdGNh c2VzCmRpZmYgLXJ1IGd6aXAtMS4zLjUub3JpZy91bmx6aC5jIGd6aXAtMS4zLjUvdW5semguYwot LS0gZ3ppcC0xLjMuNS5vcmlnL3VubHpoLmMJMTk5OS0xMC0wNiAwNjowMDowMC4wMDAwMDAwMDAg KzAxMDAKKysrIGd6aXAtMS4zLjUvdW5semguYwkyMDA2LTA4LTE4IDIyOjU2OjE5LjQ0Njk5NzAw MCArMDEwMApAQCAtMTQ5LDEzICsxNDksMTcgQEAKICAgICB1bnNpZ25lZCBpLCBrLCBsZW4sIGNo LCBqdXRiaXRzLCBhdmFpbCwgbmV4dGNvZGUsIG1hc2s7CiAKICAgICBmb3IgKGkgPSAxOyBpIDw9 IDE2OyBpKyspIGNvdW50W2ldID0gMDsKLSAgICBmb3IgKGkgPSAwOyBpIDwgKHVuc2lnbmVkKW5j aGFyOyBpKyspIGNvdW50W2JpdGxlbltpXV0rKzsKKyAgICBmb3IgKGkgPSAwOyBpIDwgKHVuc2ln bmVkKW5jaGFyOyBpKyspIHsKKyAgICAgICAgaWYgKGJpdGxlbltpXSA+IDE2KQorICAgICAgICBl cnJvcigiQmFkIHRhYmxlIChjYXNlIGEpXG4iKTsKKyAgICAgICAgZWxzZSBjb3VudFtiaXRsZW5b aV1dKys7CisgICAgfQogCiAgICAgc3RhcnRbMV0gPSAwOwogICAgIGZvciAoaSA9IDE7IGkgPD0g MTY7IGkrKykKIAlzdGFydFtpICsgMV0gPSBzdGFydFtpXSArIChjb3VudFtpXSA8PCAoMTYgLSBp KSk7Ci0gICAgaWYgKChzdGFydFsxN10gJiAweGZmZmYpICE9IDApCi0JZXJyb3IoIkJhZCB0YWJs ZVxuIik7CisgICAgaWYgKChzdGFydFsxN10gJiAweGZmZmYpICE9IDAgfHwgdGFibGViaXRzID4g MTYpIC8qIDE2IGZvciB3ZWlnaHQgYmVsb3cgKi8KKwllcnJvcigiQmFkIHRhYmxlIChjYXNlIGIp XG4iKTsKIAogICAgIGp1dGJpdHMgPSAxNiAtIHRhYmxlYml0czsKICAgICBmb3IgKGkgPSAxOyBp IDw9ICh1bnNpZ25lZCl0YWJsZWJpdHM7IGkrKykgewpAQCAtMTY5LDE1ICsxNzMsMTUgQEAKIAog ICAgIGkgPSBzdGFydFt0YWJsZWJpdHMgKyAxXSA+PiBqdXRiaXRzOwogICAgIGlmIChpICE9IDAp IHsKLQlrID0gMSA8PCB0YWJsZWJpdHM7Ci0Jd2hpbGUgKGkgIT0gaykgdGFibGVbaSsrXSA9IDA7 CisJayA9IE1JTigxIDw8IHRhYmxlYml0cywgRElTVF9CVUZTSVpFKTsKKwl3aGlsZSAoaSA8IGsp IHRhYmxlW2krK10gPSAwOwogICAgIH0KIAogICAgIGF2YWlsID0gbmNoYXI7CiAgICAgbWFzayA9 ICh1bnNpZ25lZCkgMSA8PCAoMTUgLSB0YWJsZWJpdHMpOwogICAgIGZvciAoY2ggPSAwOyBjaCA8 ICh1bnNpZ25lZCluY2hhcjsgY2grKykgewogCWlmICgobGVuID0gYml0bGVuW2NoXSkgPT0gMCkg Y29udGludWU7Ci0JbmV4dGNvZGUgPSBzdGFydFtsZW5dICsgd2VpZ2h0W2xlbl07CisJbmV4dGNv ZGUgPSBNSU4oc3RhcnRbbGVuXSArIHdlaWdodFtsZW5dLCBESVNUX0JVRlNJWkUpOwogCWlmIChs ZW4gPD0gKHVuc2lnbmVkKXRhYmxlYml0cykgewogCSAgICBmb3IgKGkgPSBzdGFydFtsZW5dOyBp IDwgbmV4dGNvZGU7IGkrKykgdGFibGVbaV0gPSBjaDsKIAl9IGVsc2UgewpAQCAtMjE4LDcgKzIy Miw3IEBACiAJZm9yIChpID0gMDsgaSA8IDI1NjsgaSsrKSBwdF90YWJsZVtpXSA9IGM7CiAgICAg fSBlbHNlIHsKIAlpID0gMDsKLQl3aGlsZSAoaSA8IG4pIHsKKwl3aGlsZSAoaSA8IE1JTihuLE5Q VCkpIHsKIAkgICAgYyA9IGJpdGJ1ZiA+PiAoQklUQlVGU0laIC0gMyk7CiAJICAgIGlmIChjID09 IDcpIHsKIAkJbWFzayA9ICh1bnNpZ25lZCkgMSA8PCAoQklUQlVGU0laIC0gMSAtIDMpOwpAQCAt MjI4LDcgKzIzMiw3IEBACiAJICAgIHB0X2xlbltpKytdID0gYzsKIAkgICAgaWYgKGkgPT0gaV9z cGVjaWFsKSB7CiAJCWMgPSBnZXRiaXRzKDIpOwotCQl3aGlsZSAoLS1jID49IDApIHB0X2xlbltp KytdID0gMDsKKwkJd2hpbGUgKC0tYyA+PSAwICYmIGkgPCBOUFQpIHB0X2xlbltpKytdID0gMDsK IAkgICAgfQogCX0KIAl3aGlsZSAoaSA8IG5uKSBwdF9sZW5baSsrXSA9IDA7CkBAIC0yNDgsNyAr MjUyLDcgQEAKIAlmb3IgKGkgPSAwOyBpIDwgNDA5NjsgaSsrKSBjX3RhYmxlW2ldID0gYzsKICAg ICB9IGVsc2UgewogCWkgPSAwOwotCXdoaWxlIChpIDwgbikgeworCXdoaWxlIChpIDwgTUlOKG4s TkMpKSB7CiAJICAgIGMgPSBwdF90YWJsZVtiaXRidWYgPj4gKEJJVEJVRlNJWiAtIDgpXTsKIAkg ICAgaWYgKGMgPj0gTlQpIHsKIAkJbWFzayA9ICh1bnNpZ25lZCkgMSA8PCAoQklUQlVGU0laIC0g MSAtIDgpOwpAQCAtMjU2LDE0ICsyNjAsMTQgQEAKIAkJICAgIGlmIChiaXRidWYgJiBtYXNrKSBj ID0gcmlnaHRbY107CiAJCSAgICBlbHNlICAgICAgICAgICAgICAgYyA9IGxlZnQgW2NdOwogCQkg ICAgbWFzayA+Pj0gMTsKLQkJfSB3aGlsZSAoYyA+PSBOVCk7CisJCX0gd2hpbGUgKGMgPj0gTlQg JiYgKG1hc2sgfHwgYyAhPSBsZWZ0W2NdKSk7CiAJICAgIH0KIAkgICAgZmlsbGJ1ZigoaW50KSBw dF9sZW5bY10pOwogCSAgICBpZiAoYyA8PSAyKSB7CiAJCWlmICAgICAgKGMgPT0gMCkgYyA9IDE7 CiAJCWVsc2UgaWYgKGMgPT0gMSkgYyA9IGdldGJpdHMoNCkgKyAzOwogCQllbHNlICAgICAgICAg ICAgIGMgPSBnZXRiaXRzKENCSVQpICsgMjA7Ci0JCXdoaWxlICgtLWMgPj0gMCkgY19sZW5baSsr XSA9IDA7CisJCXdoaWxlICgtLWMgPj0gMCAmJiBpIDwgTkMpIGNfbGVuW2krK10gPSAwOwogCSAg ICB9IGVsc2UgY19sZW5baSsrXSA9IGMgLSAyOwogCX0KIAl3aGlsZSAoaSA8IE5DKSBjX2xlbltp KytdID0gMDsKQEAgLTI5Miw3ICsyOTYsNyBAQAogCSAgICBpZiAoYml0YnVmICYgbWFzaykgaiA9 IHJpZ2h0W2pdOwogCSAgICBlbHNlICAgICAgICAgICAgICAgaiA9IGxlZnQgW2pdOwogCSAgICBt YXNrID4+PSAxOwotCX0gd2hpbGUgKGogPj0gTkMpOworCX0gd2hpbGUgKGogPj0gTkMgJiYgKG1h c2sgfHwgaiAhPSBsZWZ0W2pdKSk7CiAgICAgfQogICAgIGZpbGxidWYoKGludCkgY19sZW5bal0p OwogICAgIHJldHVybiBqOwpAQCAtMzA5LDcgKzMxMyw3IEBACiAJICAgIGlmIChiaXRidWYgJiBt YXNrKSBqID0gcmlnaHRbal07CiAJICAgIGVsc2UgICAgICAgICAgICAgICBqID0gbGVmdCBbal07 CiAJICAgIG1hc2sgPj49IDE7Ci0JfSB3aGlsZSAoaiA+PSBOUCk7CisJfSB3aGlsZSAoaiA+PSBO UCAmJiAobWFzayB8fCBqICE9IGxlZnRbal0pKTsKICAgICB9CiAgICAgZmlsbGJ1ZigoaW50KSBw dF9sZW5bal0pOwogICAgIGlmIChqICE9IDApIGogPSAoKHVuc2lnbmVkKSAxIDw8IChqIC0gMSkp ICsgZ2V0Yml0cygoaW50KSAoaiAtIDEpKTsKQEAgLTM1Niw3ICszNjAsNyBAQAogICAgIHdoaWxl ICgtLWogPj0gMCkgewogCWJ1ZmZlcltyXSA9IGJ1ZmZlcltpXTsKIAlpID0gKGkgKyAxKSAmIChE SUNTSVogLSAxKTsKLQlpZiAoKytyID09IGNvdW50KSByZXR1cm4gcjsKKwlpZiAoKytyID49IGNv dW50KSByZXR1cm4gcjsKICAgICB9CiAgICAgZm9yICggOyA7ICkgewogCWMgPSBkZWNvZGVfYygp OwpAQCAtMzY2LDE0ICszNzAsMTQgQEAKIAl9CiAJaWYgKGMgPD0gVUNIQVJfTUFYKSB7CiAJICAg IGJ1ZmZlcltyXSA9IGM7Ci0JICAgIGlmICgrK3IgPT0gY291bnQpIHJldHVybiByOworCSAgICBp ZiAoKytyID49IGNvdW50KSByZXR1cm4gcjsKIAl9IGVsc2UgewogCSAgICBqID0gYyAtIChVQ0hB Ul9NQVggKyAxIC0gVEhSRVNIT0xEKTsKIAkgICAgaSA9IChyIC0gZGVjb2RlX3AoKSAtIDEpICYg KERJQ1NJWiAtIDEpOwogCSAgICB3aGlsZSAoLS1qID49IDApIHsKIAkJYnVmZmVyW3JdID0gYnVm ZmVyW2ldOwogCQlpID0gKGkgKyAxKSAmIChESUNTSVogLSAxKTsKLQkJaWYgKCsrciA9PSBjb3Vu dCkgcmV0dXJuIHI7CisJCWlmICgrK3IgPj0gY291bnQpIHJldHVybiByOwogCSAgICB9CiAJfQog ICAgIH0KZGlmZiAtcnUgZ3ppcC0xLjMuNS5vcmlnL3VucGFjay5jIGd6aXAtMS4zLjUvdW5wYWNr LmMKLS0tIGd6aXAtMS4zLjUub3JpZy91bnBhY2suYwkxOTk5LTEwLTA2IDA2OjAwOjAwLjAwMDAw MDAwMCArMDEwMAorKysgZ3ppcC0xLjMuNS91bnBhY2suYwkyMDA2LTA3LTIxIDE1OjQ5OjQ4LjYx NTE5MDAwMCArMDEwMApAQCAtMTMsNyArMTMsNiBAQAogI2luY2x1ZGUgImd6aXAuaCIKICNpbmNs dWRlICJjcnlwdC5oIgogCi0jZGVmaW5lIE1JTihhLGIpICgoYSkgPD0gKGIpID8gKGEpIDogKGIp KQogLyogVGhlIGFyZ3VtZW50cyBtdXN0IG5vdCBoYXZlIHNpZGUgZWZmZWN0cy4gKi8KIAogI2Rl ZmluZSBNQVhfQklUTEVOIDI1CkBAIC0xMzMsNyArMTMyLDcgQEAKIAkvKiBSZW1lbWJlciB3aGVy ZSB0aGUgbGl0ZXJhbHMgb2YgdGhpcyBsZW5ndGggc3RhcnQgaW4gbGl0ZXJhbFtdIDogKi8KIAls aXRfYmFzZVtsZW5dID0gYmFzZTsKIAkvKiBBbmQgcmVhZCB0aGUgbGl0ZXJhbHM6ICovCi0JZm9y IChuID0gbGVhdmVzW2xlbl07IG4gPiAwOyBuLS0pIHsKKwlmb3IgKG4gPSBsZWF2ZXNbbGVuXTsg biA+IDAgJiYgYmFzZSA8IExJVEVSQUxTOyBuLS0pIHsKIAkgICAgbGl0ZXJhbFtiYXNlKytdID0g KHVjaClnZXRfYnl0ZSgpOwogCX0KICAgICB9CkBAIC0xNjksNyArMTY4LDcgQEAKICAgICBwcmVm aXhwID0gJnByZWZpeF9sZW5bMTw8cGVla19iaXRzXTsKICAgICBmb3IgKGxlbiA9IDE7IGxlbiA8 PSBwZWVrX2JpdHM7IGxlbisrKSB7CiAJaW50IHByZWZpeGVzID0gbGVhdmVzW2xlbl0gPDwgKHBl ZWtfYml0cy1sZW4pOyAvKiBtYXkgYmUgMCAqLwotCXdoaWxlIChwcmVmaXhlcy0tKSAqLS1wcmVm aXhwID0gKHVjaClsZW47CisJd2hpbGUgKHByZWZpeGVzLS0gJiYgcHJlZml4cCA+IHByZWZpeF9s ZW4pICotLXByZWZpeHAgPSAodWNoKWxlbjsKICAgICB9CiAgICAgLyogVGhlIGxlbmd0aCBvZiBh bGwgb3RoZXIgY29kZXMgaXMgdW5rbm93bjogKi8KICAgICB3aGlsZSAocHJlZml4cCA+IHByZWZp eF9sZW4pICotLXByZWZpeHAgPSAwOwo= 95406 2006-08-29 12:15 0000 gzip-testcases.tar.bz2.gpg gzip-testcases.tar.bz2.gpg text/plain jA0EAwMCC4fIQrsJwfJgyezBifmimwv+Q1xjx4YsBLJaqwAQ1A987cPxORZE+Avf+pqprXQK8/cJ sOdwVhJnM5YVEyoI7rUqQOqRMNAUeqABB7VyzBRUzxzHWwgUKLWpsRJFykC2RfMVA9hKfJ9ehfUO +FF37BH9hsLqvPFKm0v9YdW+PiqNHupap+yDba/vYv00aaxE8QtBDEtlnRP1ncTmomxT8zgifAmS hy9xo9x2qMgrgsr3mQPkGkF8QGQUa+zcXIhaWYwtwcWfFLm7blIkFDzZ1KkBnHs2rraOPrRF7IW0 7JLi/5EGzHoGP9DedueiybPPX7hp+GhPfuMwiDrmTtkIBBgl/8zEtFR3fjWvvOqLLWrU16uEsKaE rhOPqHCZOWrp6nrk6xaxCjS5wYhwQBHK9dPkbuz1q4MNE/3mo5zQ/SBCKHowFTUwK+QcNFJtvUMp bYMNdvMZuESSsFATnv+RMA5vJo/4PjEnkf64VU8LruvyU2oU9DEft31fd9LXMDLU1Tk+p9OrvoaI WGepiCK+aMlfOisprY+zk6HBO0FctIzTS9FVgjzA7ocRtdl6dwDaUsGAI0MqiKEo71Bp9HGoRvyX rajCA9Ot1Ngtx9+tTQd7b+hRToPRie2ruwnxob9NyzKlII6YEMHSfF7Kz0w0wSGM+b6xctYXh3wc RSouMroO8GhzO4d9xId7CH787gfnT64SWrkDNELoT6ZGOJOAvNW96vVE2vPb9bC+X4+jVj84eeng ynQc1wouNY6xLS4s+wYN42MidDzAfHDRnfTe7H4N5Mnm5YawIZ6iYaIkh8gFyoIUZR4CjGMlP3eb QbMClkzIOL2n2NjBFSSEe6zWUVJ6HVovL3aEzI+/XQ8fs4QikUatxsBer5/8sA0S2P2QvLymI1Uc TtoThWE+XtV1VU8/fQE9SLhBxo9a2uKUgJAaXP0/iMeungmz9Ep5Zl02gcD6RQIV4ys3X4XRKZG/ PI6OlS0ihr9W/wyL/dYzsQq8lDEDCOy0DmknELFZiAm/zBXf1fHdJ3l62hIAnKaqg0cplVvSmW5B wSqmmmy6ZthHAIVwRwxrO4qmuqU+/3rITpBxt+L5HZly/fjw0zmpBgLoldHsYJsHFkA72xpmiwmY o4NBJaQhvqsdbmw/NaOobbNd5WvZS/9wdNR6GkPRX3Y4wdsB7WMZwWK3MpuJmCDDVS5rhJZh1wNV 1Gd2Frvf5RUitMvvj2DlbNFZi6/Pe/sAFamXG6GiiRRm6RDlLdELOH2b3adArc5uX75JX7elOAho HK466IEvJzQCDWkZhXZl2PSEqXLHvf+fuQLcm7bZdyKGh1/OIBiZnuPnXZtLg8gLFdzCtNlnhODA 0zsXZJUFBJfxtXZuDYuS4a0QeJTrYLM12sOX1Z6Kd2/BHse5fYtt8FgJJc4kKdEB0Pm9zrwgOtGb ZMGJ+GrDFxY28Bm9yT8AoYzgE4PJjAMVqMO/U30b3gZN05sehqGkLthxLjMhvbJ1dzXMFTIhFKSp TwRo88a7TVE/1AM0Q8W2xZCEMthm0Rgldnc0K0Yv6ckY9Y8gHKfE6V0Z6MvS31rk3mFZWmt8VeJz 54cxhvkwLLlqf2AbXf+EEOIRHOZZFhfPT0tLRlcOAC/+K9Pmp4Wx9yTjbJ3IrHxABxI8ofzCHvOk /7mjmeSP+yY2Rop3Y3mHqygHgU/6pOaQH7Rn9EGwZmYzXTTc11I32j0ZsiXCC+ABhdQZ1V3QiMJm h/1VQr0+fuf5KwvaRCUwwW0gZPesAgcYIAHVenuglWqb8+QNmk5A19mwIhZ2A1VHg76r3crkWtVW 1hIZLFnFN5kf2UkQ9rKajSZfTHuPTH02TYi+ce5l2raNNhAPta6AccN4bO8OaOrv3oJ31Y6iGUix csyXHOhBMsiv7fgsmkpQGjGlPj/hh1kcjzAJ310tw27gKSXvC+ZYnZFRHdci6l9xKoa1/Qy1yHkh 3vvgyY7qekhUK2VzerFpZe3YiU07qb/hQcVC3b7taUNLKzaINzhqIt6KpqRB45sxYM30Y5O5FRrC R1I20DoDlrd3OkTWRwUPeZFukACMJuBQSrEzsJrUvcRh0rVxEVFQSFUAtSDDhnmrJ4aCYnH9sGQd UQfZoIsJww0UGpuzgXhF7+/XA/x5Nooo5P8t0BIW8y4skSAapqNalyVVKmOcuyFJNDZzsDDZCBw7 aUN1tR2af4t68NSmRNyNFBI8zhkTK24q5DwC6TbgizMgS9YYTvDSw8phABgSg+pcSdfhW1D4ptQg /4K4YezSZZBO4aFZ5sOlN0ARaJhPRN4zDqZKt+VKi7M/P/MtynnKsawKTc0H5/5EhEi6zDTk6ros jJR/Cm/CgqW9x6bfcJw0awp0C5ymYEwmTS/bvLgRxPMSK7K88Dbre+kY6LQPD+GpzjlQdcEOpWdb R2aUHJeDYt0ujfIJiiZ3eYojAYzh7Bl7qMvWKj1pV+1WoSJShxgvaPgp/Rm+wHzvuFa0gTGTC7IB bqbwRSIpnLHh03Nauj0f4g2NWMAfWnHLTm3IanElVywg9XPD+xEXOZcXfGCXEfE961Ip5Xv0tAhK JvDGGGRdbOx3It7vF/ZhT4s9jU8K0wRpuyciedXfIP7cWb7h+r6ir2NkrLAdAQFpovrKj+941lJ/ J5cJClh+kn3AE5OnhxlxBEmDwN8AtHsbCl1CBXnP9D5LbFeGztb5O0e2Inz6eTYFDqvOecqLXLiP jugRrcDpROy2bkDoUf8p3We/Vk79K644RdiiK/5pNoBh/L/JyGYiL0NlHwPT5eKZT4kF48vfNwb9 s/Mpc2Lkbv+tuxXT4IWT4m7hoAjXEhQYV346ZxRKIRFvaRr+fbrG8sI6hqQ8vriu7AfB8/qGAEM0 iBfuMA1mScbzf/P2FwqQRDB+la6F6b0OxPbWoRHsyQG80VYp7r3UhEYdWDi3FJzS63lG2V2net3I c0sJxUi19P7cFYMF9FNlms2+kS5yKFlNMJgTIngDghwIHVRrp0e3rUR6piGnP7oAAhOKkLSoZ0AO 7WcqHcoigtTYJtaydtf/QVHyZVuJfn26S4Pcl4q5eogawpJEU6R4ZA5YtM+WuscBUmg5jkbN6jx2 Y7SkCfdu9BHR/HS5ALrbIa0a1SZTXB0KAekDzT1hJjmuWWvjP17uQQwAMNcOU+Qy6JD4vLUgAGBe QJ9hmfdHkGSDVccCSVoryzBm+oVhtHPmqlPgvVLmrn0AQRUx2v+XcPjp0sYz2puXLjlgJ3xz9SwN 0M+LWDofjKfqfFWhfYrw9+7LYTh3jhGYfBHI5SmNlw9K9B/r7x2O7Ef/bdvV6QWjzcoqXsMPo8lv COwfm8Ta7H19yTNBn4dSZDrW/y7/giEmSeYiZnD05eoG0STk5d8ImSJufbduDeo4vFFnSF2AOMea HiF1KnKOtwX/qoY1foWvO5gkrV+aP6QKR4vIreKFe5sQ54cooX/kxt7iPec8cb6Xwq4SpQOrJx5K e0jrKMICJs98/p9jnBD0NqsRYaHAZZu+9i39bfWDrXmShRR8Nj7Z+/79RH0fGGGlY/2m/iJKXmjB gYw6qreOAaPtdILer9W5P//UrOVT060sqRzLKFTEDHe+nCf/Jd4E11xADhgHAe8PpoYefXuu9K7e 3b2rIl2v6n6r9i5M5uZcxqN+Au16ZNuLoprHm3MdcVT3irXBhQGvmR6WwPbkGirzep5XvO+HXQb1 rFhYFiLQ2yieIK06+x3uCwjM1N5t6o4HNhnCOn35XfAhgUog2qH/1nc4xQKEeTa1JME+tJ9d3qoK yTFhc7YqndQ/RilGjTIOLZt0BPn92ijASET0AjTLkjNKU4E1ITgy6Mha2HEm9rzpFn3CQ553KfiP UH8tVUxH3moV3pabgxzciJZOOhW2gsuPjfcsFIhM4oL4THwTcXGxXsVQPkscvf/+YCrDld0Rxmhh rMj9tsqqVm2DAxPCh10SBRLnpUSEf5Ysn/wU7sc1q2Uga+2Qg4KKfkWNpKk16bC0Y583RKXj45Hg c8TxydXM4uKiWu55A/5PDTwmanaE2q3FLXr5TmXl09hnYvNkgqCILdKtWoOsgMM6JR+talu2Kigh kLu5kw/G+sa7h+YhF6nE7Eabhtca19Ak6MCqCk4CXYdIHBhNSvHip5t6J2nSxp5GYplldLRO8oUc DQzI2P54cv2obpPWJZlM+mXBXBjCrMIhOahc0ZYqaN31KqMJ5vMRxaVUpZCMMsZnqDs0IZ7uuMEY oYupW6jHZavZBlqz3nlYeeuncsBxyWi5nL5GISappvbavTOBC9DPa/PCQeiLnRSyLSOQ3b2r/iD7 FADdoE7jctuirSGq/PRXaZCSaaO3+B+Vkb9viUh8jDohkKq7a8SHbcXlPIvNzPjPyTE/B1NI8BF/ /6TDsy0rOU0BTNwxDpeCvyPcysYHdLWZtggLtl5a/c6eUlHTx4WlPl+0YuT5Fb98HhsNsguYwZG3 X9GtpyfB4K0yx0ek12Ud6rT+xjzHZg/70/qA+MlbS5ZU3dJdbBTHdgVJaaETEQIibbkGrS4hNKGN b19vzGAFO8Xto/RtG2aWqQ+/LXnyu24JPBxj7R1csfNmhFB7yeAMnyM47VfII3xK49dUjXnRn0UF QtVv+T3nleM0yiOgOQ/nOHeI7Ei9EDhOi1YjsdzZ/b23KQrZMxMViIARjhKUbuaB8KgQF/JyzwVh MxlgSK/lQ0Dvv3Cdd6ghiyy77xjzYqzTGDfEuG9FMTP3jIowH4itckxCh/AqeE+D/o82gPRAzNhU LeCS7asIVUBtqOKy5nUnb+EvoAVo0VfGew0iM2FyuDc+3W2wC/idcGUpYA3at0rml0kN5krMzvPA QBJpqa1aWWbgWsBAFluvJaAra3laa5V0tRNPNKNS55+DkFJdxBLQnxiRD3CExe7rUQJzbIOQlIuz B6aZSurtsPjr7ke3SAGCCMfzNbjvPCOnsIRQNmuK/3X4LNRGDf2ie6lqWqZyh5qInngTg9GS9VGI +xsvRbu4xxKXsbXzzTLKRnWeBocCikXyknywoVbRtoeJ9enbpot2UdfmswPlwKkVJEmwtkngv4By NZlDL4ZmXzTDvqy8JJBYXtBSVXUULm+KILn6Iz+0SOTFh3qVsI2pXqNx+88MU+00A6sckzi4+G56 pjXUsB7uSqe6bEmiZvB66yjIx03kITvdDqCdlV4Hz7WK4CucIhF+Ejr1JD7Ha9S5lzV42ff4qsiX T87GPfA6I6eTH60auOPxYvWLbGs6EEJTx8r9YofFdMbDeEAuwN+6H/PnNokfuXuLpwB353DkY7gN eR4cyBqOT2uQZEj+Qru2woRsIqj6hGJ8GGwtjCjlIFM7dscMiLu3H/pgwNRGNSayrax739bLp8Fn LTYTtEQ0ywSTKERX/Cc+jWITDF4GiuVG69N9J1lNJv8S46SIXips4ePPOOOcSMSIvIcXSRX5X+dz CmyrKnbLb7Rv6ZxJh4vuhgnRGKJMN6oVJVyJgqwl0JAnENCgnC7S9cUJH7otQC0DbxdlO4OrVLPa VOPubkhn9w7KkRqGsiG0mAMadqNnAzrfhihTU7zv2JybI3KfakkQKg1b7glKZzO07Y7ZcH8sf0NN QzdG6eZ5+K5CPd5bK6FE+D0uT2uPds+FL5D7d0NJVLds2kBefYCzXPlliHvHm4XF5eerw8KxmhJY q4hZg93F/jU1wf90KY61685uJDFGRpavQBuNHD4yM2Gys76CUrj8DmfLHcPHRqLxGrw87QwWUOWn kSnakg0F3YvePY5Iq4Tcv3IO8GPli6KlnjuMYTnIGtP9sc83n5Ml62bwfyZMPF94/9w3UFbyxtAx ya6qCRteNRMCG88NZEQec/XAN8wY2gumJkAAIOTsksRkV4+Lq3AMkOeKXLjzPlZthhDRTUsBfkOa Uv0aEPqehbNkoITeC8E9jFER06USl98cMdisBy6aMqbW0FAWTxOWlDueot83qKCew/JWEbpuP2Ja tqcoZXWKmepqNps0Kpg1GfALlovJYHz2HhK+X3G4xi5hDwRE07aOYSPWnlFrReegY40PRyxCfJ2W vShOzFdpgpJkv2a5FMjxLjZwqv/zNXQa8aEEIEFapBjJOPchFgvQ6mlB2DBRbh/dHlkf4d2sZA2P zlF59QNNiXPEwTCxyoGybRKiFEfJEjpkYOyCd2iiv1NkwDuOcXlMeqRF4XWmqSvcRWWy7juRl1OI wOzcrbpeRbsR6F0wxo5hFqNm/kUhaas11q9goZErw+02ZesSwkBgeWZQ45ttU/7Osndmfgdqa69Y 94SS7k9N4vRnwGBE9qSzbK2KxjH7VlGJnEu4wSrPml/46tOXJ0jGDN2ASjDwu5bmpbOMLvGvWd61 vG/YlVDXSR81o4YVUkVHV/7CZP0/Mldogl7AR0z8ZKVA1iYHiDdAN9fFTi3rn9MPWKFKqrJ/eXuC KsqaH4hnTR0XXUt69QIuwbI7Krn6PL5x44Igi85Zwfm7FKwVi5XzkI79OuUhHs4HPkdFggL0JCic DAg8hdeKKjw9JGpj7jryE0cTNVUNNsv1Oh+Ci53Yj1kNzQ/nc2Oy0F2DzcOBH1QLpICKypN3Kzru mJhKJvCQWGBGztfHanclLa9A7WN9300d7ULFdBhIR8+Af7VdpH3G9dcg0AljLQdw+LMXAOb/pd9P GklZG4E6Gx0+81MiM7AWxxaBZHV5cKE+Pztlghx4ofoPLLWAII2N1J5bU9AMd5RtwNOUjaBO+5DZ V5tXTlDv/rQ36OialCsQ933Zd6Eu3/jnU+rkikbQB98xqPmRr6KWe67pVE7Dn4OaKRYf 99551 2006-10-13 09:42 0000 lha-1.14i_p20050924.ebuild lha-1.14i_p20050924.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA2IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2FwcC1hcmNoL2xoYS9saGEtMTE0aS1yNS5lYnVp bGQsdiAxLjMgMjAwNi8xMC8wNyAxOToyMDoyNyBmbGFtZWV5ZXMgRXhwICQKCmluaGVyaXQgZXV0 aWxzCgpNWV9QPSIke1AvX3AvLWFjfSIKREVTQ1JJUFRJT049IlV0aWxpdHkgZm9yIGNyZWF0aW5n IGFuZCBvcGVuaW5nIGx6aCBhcmNoaXZlcyIKSE9NRVBBR0U9Imh0dHA6Ly9saGEuc291cmNlZm9y Z2UuanAvIgpTUkNfVVJJPSJtaXJyb3I6Ly9zb3VyY2Vmb3JnZS5qcC9saGEvMTY2NTAvJHtNWV9Q fS50YXIuZ3oiCgpMSUNFTlNFPSJsaGEiClNMT1Q9IjAiCktFWVdPUkRTPSJ+YWxwaGEgfmFtZDY0 IH5hcm0gfmhwcGEgfmlhNjQgfm02OGsgfnBwYyB+cHBjLW1hY29zIH5wcGM2NCB+czM5MCB+c2gg fnNwYXJjIH54ODYgfng4Ni1mYnNkIgpJVVNFPSIiCgpERVBFTkQ9IiIKClM9IiR7V09SS0RJUn0v JHtNWV9QfSIKCnNyY191bnBhY2soKSB7Cgl1bnBhY2sgJHtBfQoKCWNkICIke1N9IgoJZXBhdGNo ICIke0ZJTEVTRElSfSIvJHtQfS1DVkUtMjAwNi00MzM0LTgucGF0Y2gKfQoKc3JjX2luc3RhbGwo KSB7CgllbWFrZSBERVNURElSPSIke0R9IiBcCgkJbWFuZGlyPS91c3Ivc2hhcmUvbWFuL2phIFwK CQlpbnN0YWxsIHx8IGRpZQoKCWRvZG9jIDAwcmVhZG1lLmF1dG9jb25mIENoYW5nZUxvZyBIYWNr aW5nX29mX0xIYQp9Cg== 99552 2006-10-13 09:42 0000 files/lha-1.14i_p20050924-CVE-2006-4334-8.patch lha-1.14i_p20050924-CVE-2006-4334-8.patch text/plain SW5kZXg6IHNyYy9odWYuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvY3Zzcm9vdC9saGEvbGhhL3Ny Yy9odWYuYyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4xMwpkaWZmIC11IC11IC1yMS4xMyBodWYu YwotLS0gc3JjL2h1Zi5jCTIxIE1hciAyMDAzIDE1OjM0OjUyIC0wMDAwCTEuMTMKKysrIHNyYy9o dWYuYwk4IE9jdCAyMDA2IDIwOjE2OjQyIC0wMDAwCkBAIC0zMzgsNyArMzM4LDcgQEAKICAgICB9 CiAgICAgZWxzZSB7CiAgICAgICAgIGkgPSAwOwotICAgICAgICB3aGlsZSAoaSA8IG4pIHsKKyAg ICAgICAgd2hpbGUgKGkgPCBNSU4obiwgTlBUKSkgewogICAgICAgICAgICAgYyA9IHBlZWtiaXRz KDMpOwogICAgICAgICAgICAgaWYgKGMgIT0gNykKICAgICAgICAgICAgICAgICBmaWxsYnVmKDMp OwpAQCAtMzU0LDcgKzM1NCw3IEBACiAgICAgICAgICAgICBwdF9sZW5baSsrXSA9IGM7CiAgICAg ICAgICAgICBpZiAoaSA9PSBpX3NwZWNpYWwpIHsKICAgICAgICAgICAgICAgICBjID0gZ2V0Yml0 cygyKTsKLSAgICAgICAgICAgICAgICB3aGlsZSAoLS1jID49IDApCisgICAgICAgICAgICAgICAg d2hpbGUgKC0tYyA+PSAwICYmIGkgPCBOUFQpCiAgICAgICAgICAgICAgICAgICAgIHB0X2xlbltp KytdID0gMDsKICAgICAgICAgICAgIH0KICAgICAgICAgfQpAQCAtMzc5LDcgKzM3OSw3IEBACiAg ICAgICAgICAgICBjX3RhYmxlW2ldID0gYzsKICAgICB9IGVsc2UgewogICAgICAgICBpID0gMDsK LSAgICAgICAgd2hpbGUgKGkgPCBuKSB7CisgICAgICAgIHdoaWxlIChpIDwgTUlOKG4sTkMpKSB7 CiAgICAgICAgICAgICBjID0gcHRfdGFibGVbcGVla2JpdHMoOCldOwogICAgICAgICAgICAgaWYg KGMgPj0gTlQpIHsKICAgICAgICAgICAgICAgICB1bnNpZ25lZCBzaG9ydCAgbWFzayA9IDEgPDwg KDE2IC0gOSk7CkBAIC0zODksNyArMzg5LDcgQEAKICAgICAgICAgICAgICAgICAgICAgZWxzZQog ICAgICAgICAgICAgICAgICAgICAgICAgYyA9IGxlZnRbY107CiAgICAgICAgICAgICAgICAgICAg IG1hc2sgPj49IDE7Ci0gICAgICAgICAgICAgICAgfSB3aGlsZSAoYyA+PSBOVCk7CisgICAgICAg ICAgICAgICAgfSB3aGlsZSAoYyA+PSBOVCAmJiAobWFzayB8fCBjICE9IGxlZnRbY10pKTsKICAg ICAgICAgICAgIH0KICAgICAgICAgICAgIGZpbGxidWYocHRfbGVuW2NdKTsKICAgICAgICAgICAg IGlmIChjIDw9IDIpIHsKQEAgLTQzNyw3ICs0MzcsNyBAQAogICAgICAgICAgICAgZWxzZQogICAg ICAgICAgICAgICAgIGogPSBsZWZ0W2pdOwogICAgICAgICAgICAgbWFzayA+Pj0gMTsKLSAgICAg ICAgfSB3aGlsZSAoaiA+PSBOQyk7CisgICAgICAgIH0gd2hpbGUgKGogPj0gTkMgJiYgKG1hc2sg fHwgaiAhPSBsZWZ0W2pdKSk7CiAgICAgICAgIGZpbGxidWYoY19sZW5bal0gLSAxMik7CiAgICAg fQogICAgIHJldHVybiBqOwpAQCAtNDYyLDcgKzQ2Miw3IEBACiAgICAgICAgICAgICBlbHNlCiAg ICAgICAgICAgICAgICAgaiA9IGxlZnRbal07CiAgICAgICAgICAgICBtYXNrID4+PSAxOwotICAg ICAgICB9IHdoaWxlIChqID49IG5wKTsKKyAgICAgICAgfSB3aGlsZSAoaiA+PSBucCAmJiAobWFz ayB8fCBqICE9IGxlZnRbal0pKTsKICAgICAgICAgZmlsbGJ1ZihwdF9sZW5bal0gLSA4KTsKICAg ICB9CiAgICAgaWYgKGogIT0gMCkKSW5kZXg6IHNyYy9saGFfbWFjcm8uaAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJD UyBmaWxlOiAvY3Zzcm9vdC9saGEvbGhhL3NyYy9saGFfbWFjcm8uaCx2CnJldHJpZXZpbmcgcmV2 aXNpb24gMS41MApkaWZmIC11IC11IC1yMS41MCBsaGFfbWFjcm8uaAotLS0gc3JjL2xoYV9tYWNy by5oCTggT2N0IDIwMDYgMTQ6MjA6MTQgLTAwMDAJMS41MAorKysgc3JjL2xoYV9tYWNyby5oCTgg T2N0IDIwMDYgMjA6MTY6NDIgLTAwMDAKQEAgLTE5NCw2ICsxOTQsOCBAQAogLyogSW5kaXZpZHVh bCBtYWNybyBkZWZpbmUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICovCiAvKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KIAorI2RlZmluZSBNSU4oYSxiKSAoKGEp IDw9IChiKSA/IChhKSA6IChiKSkKKwogLyogYml0aW8uYyAqLwogI2RlZmluZSBwZWVrYml0cyhu KSAgICAgKGJpdGJ1ZiA+PiAoc2l6ZW9mKGJpdGJ1ZikqOCAtIChuKSkpCiAKSW5kZXg6IHNyYy9t YWtldGJsLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2c3Jvb3QvbGhhL2xoYS9zcmMvbWFrZXRi bC5jLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjYKZGlmZiAtdSAtdSAtcjEuNiBtYWtldGJsLmMK LS0tIHNyYy9tYWtldGJsLmMJMTYgTm92IDIwMDIgMTk6MDM6MjMgLTAwMDAJMS42CisrKyBzcmMv bWFrZXRibC5jCTggT2N0IDIwMDYgMjA6MTY6NDIgLTAwMDAKQEAgLTMyLDggKzMyLDE0IEBACiAg ICAgfQogCiAgICAgLyogY291bnQgKi8KLSAgICBmb3IgKGkgPSAwOyBpIDwgbmNoYXI7IGkrKykK LSAgICAgICAgY291bnRbYml0bGVuW2ldXSsrOworICAgIGZvciAoaSA9IDA7IGkgPCBuY2hhcjsg aSsrKSB7CisgICAgICAgIGlmIChiaXRsZW5baV0gPiAxNikgeworICAgICAgICAgICAgZXJyb3Io IkJhZCB0YWJsZSAoY2FzZSBhKSIpOworICAgICAgICAgICAgZXhpdCgxKTsKKyAgICAgICAgfQor ICAgICAgICBlbHNlCisgICAgICAgICAgICBjb3VudFtiaXRsZW5baV1dKys7CisgICAgfQogCiAg ICAgLyogY2FsY3VsYXRlIGZpcnN0IGNvZGUgKi8KICAgICB0b3RhbCA9IDA7CkBAIC00MSw4ICs0 NywxMCBAQAogICAgICAgICBzdGFydFtpXSA9IHRvdGFsOwogICAgICAgICB0b3RhbCArPSB3ZWln aHRbaV0gKiBjb3VudFtpXTsKICAgICB9Ci0gICAgaWYgKCh0b3RhbCAmIDB4ZmZmZikgIT0gMCkK KyAgICBpZiAoKHRvdGFsICYgMHhmZmZmKSAhPSAwIHx8IHRhYmxlYml0cyA+IDE2KSB7IC8qIDE2 IGZvciB3ZWlnaHQgYmVsb3cgKi8KICAgICAgICAgZXJyb3IoIm1ha2VfdGFibGUoKTogQmFkIHRh YmxlICg1KSIpOworICAgICAgICBleGl0KDEpOworICAgIH0KIAogICAgIC8qIHNoaWZ0IGRhdGEg Zm9yIG1ha2UgdGFibGUuICovCiAgICAgbSA9IDE2IC0gdGFibGViaXRzOwpAQCAtNTMsNyArNjEs NyBAQAogCiAgICAgLyogaW5pdGlhbGl6ZSAqLwogICAgIGogPSBzdGFydFt0YWJsZWJpdHMgKyAx XSA+PiBtOwotICAgIGsgPSAxIDw8IHRhYmxlYml0czsKKyAgICBrID0gTUlOKDEgPDwgdGFibGVi aXRzLCA0MDk2KTsKICAgICBpZiAoaiAhPSAwKQogICAgICAgICBmb3IgKGkgPSBqOyBpIDwgazsg aSsrKQogICAgICAgICAgICAgdGFibGVbaV0gPSAwOwpAQCAtNjYsMTIgKzc0LDE4IEBACiAgICAg ICAgIGwgPSBzdGFydFtrXSArIHdlaWdodFtrXTsKICAgICAgICAgaWYgKGsgPD0gdGFibGViaXRz KSB7CiAgICAgICAgICAgICAvKiBjb2RlIGluIHRhYmxlICovCisgICAgICAgICAgICBsID0gTUlO KGwsIDQwOTYpOwogICAgICAgICAgICAgZm9yIChpID0gc3RhcnRba107IGkgPCBsOyBpKyspCiAg ICAgICAgICAgICAgICAgdGFibGVbaV0gPSBqOwogICAgICAgICB9CiAgICAgICAgIGVsc2Ugewog ICAgICAgICAgICAgLyogY29kZSBub3QgaW4gdGFibGUgKi8KLSAgICAgICAgICAgIHAgPSAmdGFi bGVbKGkgPSBzdGFydFtrXSkgPj4gbV07CisgICAgICAgICAgICBpID0gc3RhcnRba107CisgICAg ICAgICAgICBpZiAoKGkgPj4gbSkgPiA0MDk2KSB7CisgICAgICAgICAgICAgICAgZXJyb3IoIkJh ZCB0YWJsZSIpOworICAgICAgICAgICAgICAgIGV4aXQoMSk7CisgICAgICAgICAgICB9CisgICAg ICAgICAgICBwID0gJnRhYmxlW2kgPj4gbV07CiAgICAgICAgICAgICBpIDw8PSB0YWJsZWJpdHM7 CiAgICAgICAgICAgICBuID0gayAtIHRhYmxlYml0czsKICAgICAgICAgICAgIC8qIG1ha2UgdHJl ZSAobiBsZW5ndGgpICov