170477 2007-03-11 20:10 0000 app-accessibility/festival: privilege elevation with current default setup 2007-07-25 21:39:45 0000 1 1 1 Unclassified Gentoo Security Default Configs unspecified All Linux RESOLVED FIXED B1 [glsa] Falco P2 major --- 1 shirow@project7.ru security@gentoo.org accessibility@gentoo.org brebs@sent.com ia64@gentoo.org philantrop@gentoo.org solar@gentoo.org sound@gentoo.org williamh@gentoo.org shirow@project7.ru 2007-03-11 20:10:03 0000 Festival as it is currently set up by portage when installed runs under the root user. If a festival daemon setup is used, the default server password is nil, i.e. absent. When the daemon is running, anyone who can connect to the festival daemon at the normal TCP port can issue the '(system "<whatever>")' command, which will execute with root privileges. The default configuration denies connection from anywhere but localhost, but local users can connect and execute commands from root regardless. Reproducible: Always Steps to Reproduce: Using the festival_client.pl provided in /usr/share/doc/festival-*/ connect to your localhost festival daemon with a non root user, and enter the command (system "whoami > /tmp/amiroot") then exit the client and cat /tmp/amiroot There's several approaches to fixing this, but giving the daemon it's own user account seems the best approach. falco@gentoo.org 2007-03-12 15:25:04 0000 thanks for your report. CCing maintainer vorlon@gentoo.org 2007-03-16 16:05:48 0000 adding herds please comment/fix, since jeeves has not seen williamh for 20days jaervosz@gentoo.org 2007-03-25 07:03:44 0000 Herds please advise and provide an updated ebuild as necessary. jaervosz@gentoo.org 2007-03-30 20:25:43 0000 Herds please advise. falco@gentoo.org 2007-04-09 19:04:42 0000 Herds/Maintainer please advise jaervosz@gentoo.org 2007-05-02 11:57:54 0000 Herds please advise. jaervosz@gentoo.org 2007-05-20 07:25:55 0000 Herds please advise. dercorny@gentoo.org 2007-06-04 18:41:21 0000 hurry up or mask solar@gentoo.org 2007-06-05 06:20:58 0000 Created an attachment (id=121219) festival-bug-170477.diff How about something like this? Run it as it's own user and set it's shell to /bin/false. solar@here $ echo '(system "whoami > /tmp/amiroot")' | busybox nc localhost 1314 LP nil ft_StUfF_keyOK solar@here $ cat /tmp/amiroot festival I don't know if the 'system' command can/should/could be disabled all together or if there is a better alternative but this meets the initial posters suggestion. shirow@project7.ru 2007-06-05 07:58:45 0000 (In reply to comment #9) > I don't know if the 'system' command can/should/could be disabled all together > or if there is a better alternative but this meets the initial > posters suggestion. It shouldn't be disabled altogether because festival extensively uses it internally (for example, it is required to use mbrola voices). Also, I think I've seen several code examples which involve using it from the client to play the speech festival generates, so you probably can't prevent the client from using it without breaking stuff. But it definitely doesn't have to be root. :) Adding the festival user to the audio group in the ebuild would be a good idea, by the way. ssuominen@gentoo.org 2007-06-05 11:04:55 0000 (In reply to comment #9) > Created an attachment (id=121219) [edit] > festival-bug-170477.diff > > How about something like this? Run it as it's own user and set it's shell to > /bin/false. It still doesn't stop one for wgetting, building, running shellcode which opens backdoor to experiment with local exploits to gain root privileges.. shirow@project7.ru 2007-06-05 11:57:45 0000 > It still doesn't stop one for wgetting, building, running shellcode which opens > backdoor to experiment with local exploits to gain root privileges.. Considering that connections are only allowed from localhost in the default configuration, you have to be a local user already to do that, or am I missing something? solar@gentoo.org 2007-06-05 15:27:16 0000 (In reply to comment #10) > Adding the festival user to the audio group in the ebuild would be a good idea, > by the way. Can you please attach an updated diff. cvs -d :pserver:anonymous@anoncvs.gentoo.org:/var/cvsroot \ co gentoo-x86/app-accessibility/festival ... cvs diff -u > foo.diff shirow@project7.ru 2007-06-05 21:43:32 0000 > Can you please attach an updated diff. If I knew enough portage, I'd post a diff with that instead of just a bug report in the first place. :) shirow@project7.ru 2007-06-05 21:55:38 0000 Oh, almost forgot, just noticed this. The server.scm configuration file that comes with the ebuild actually contains: ; Server access list (hosts) (set! server_access_list '("[^.]+" "127.0.0.1" "localhost.*" "192.168.*")) If 192.168.* is allowed, and you can (system "<whatever>") from a different machine, the argument about using festival to try local exploits still stands. Maybe adding a warning to set a server password if you plan to connect to festival remotely is also in order. solar@gentoo.org 2007-06-06 02:23:52 0000 (In reply to comment #15) > Oh, almost forgot, just noticed this. The server.scm configuration file that > comes with the ebuild actually contains: > > ; Server access list (hosts) > (set! server_access_list '("[^.]+" "127.0.0.1" "localhost.*" "192.168.*")) > Question: Would that regexp currently allow remote exec of the "system" command with a domain such as localhost.is.a.myth.gentoo.org ? solar@gentoo.org 2007-06-06 02:53:50 0000 Created an attachment (id=121309) festival-bug-170477.diff falco@gentoo.org 2007-06-07 22:22:26 0000 That patch sounds good to me despite it is only a poor workaround. Sound herd: someone wants to commit it into the tree or can we commit it ourselves? williamh@gentoo.org 2007-06-07 23:53:15 0000 I am looking at commiting this tonight or tomorrow. Thanks. williamh@gentoo.org 2007-06-08 02:05:11 0000 I have found one issue with this patch so far. The festival server can create a log, and by default that goes to /var/log/festival.log. That does not work if festival is running as a user other than root since /var/log is read-only to any other user. Any suggestions? solar@gentoo.org 2007-06-08 03:13:00 0000 (In reply to comment #20) > I have found one issue with this patch so far. The festival server can create > a log, and by default that goes to /var/log/festival.log. That does not work > if festival is running as a user other than root since /var/log is read-only to > any other user. Any suggestions? Things like apache, clamav, lighttpd, mysql, snort and squid all use a subdir in /var/log/ that is owned by that user. So you want /var/log/festival/festival.log brebs@sent.com 2007-06-08 13:00:36 0000 Created an attachment (id=121494) festival-1.95_beta-r3.ebuild Fixes /var/log/festival/ and enewuser. Big cleanup. Not using a diff because it would be larger than the file. brebs@sent.com 2007-06-08 13:02:08 0000 Created an attachment (id=121496) festival.rc Runs as "festival" user. brebs@sent.com 2007-06-08 13:02:38 0000 Created an attachment (id=121497) server.scm Sets logfile location. williamh@gentoo.org 2007-06-09 03:10:12 0000 The fix for this has been committed to the tree. I'm not sure whether I can close this or if I should wait for the security team to check it. Please advise. jaervosz@gentoo.org 2007-06-09 03:58:45 0000 Thx William, now it's time for arches. Arches please test and mark stable. Target keywords are: festival-1.95_beta-r4.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" maekke@gentoo.org 2007-06-09 10:55:32 0000 app-accessibility/festival-1.95_beta-r4 USE="X asterisk -esd -mbrola" 1. emerges on x86 2. passes collision test 3. app-accessibility/gnome-speech-0.4.11 emerges with it 4. works Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.20.12 i686) ================================================================= System uname: 2.6.20.12 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System release 1.12.9 Timestamp of tree: Sat, 09 Jun 2007 09:00:01 +0000 dev-java/java-config: 1.3.7, 2.0.32 dev-lang/python: 2.3.5-r3, 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa apache2 asf avahi berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss encode evo fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde kdeenablefinal kerberos ldap libg++ mad midi mikmod mmx mono mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads tiff truetype truetype-fonts type1-fonts unicode vcd vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY dertobi123@gentoo.org 2007-06-09 14:22:32 0000 ppc stable jer@gentoo.org 2007-06-09 14:34:40 0000 Stable for HPPA. corsair@gentoo.org 2007-06-09 14:55:43 0000 ppc64 stable grknight2k@bluebottle.com 2007-06-09 16:33:31 0000 Testing festival-1.95_beta-r4 1. Emerges fine 2. Passes collision 3. Works fine 4. no security hole with test case $ emerge --info Portage 2.1.2.7 (default-linux/alpha/2007.0, gcc-4.1.2, glibc-2.5-r2, 2.6.21-gentoo-r1 alpha) ================================================================= System uname: 2.6.21-gentoo-r1 alpha EV56 Gentoo Base System release 1.12.9 Timestamp of tree: Sat, 09 Jun 2007 14:20:01 +0000 distcc 2.18.3 alpha-unknown-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17.50.0.16 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="alpha" AUTOCLEAN="yes" CBUILD="alpha-unknown-linux-gnu" CFLAGS="-mieee -pipe -O2 -mcpu=ev56" CHOST="alpha-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-mieee -pipe -O2 -mcpu=ev56" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/overlay" SYNC="rsync://eldest/gentoo-portage" USE="X acl alpha alsa berkdb bitmap-fonts bzip2 cli cracklib crypt cups curl dri fortran gdbm gpm iconv ipv6 isdnlog ldap libg++ logrotate midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl postfix pppd python readline reflection session spl sqlite ssl startup-notification tcpd test truetype-fonts type1-fonts unicode xorg zlib" ALSA_CARDS="au8810" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="vga s3virge nv cirrus" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS yoswink@gentoo.org 2007-06-09 16:46:35 0000 stable on alpha. Brian++ philantrop@gentoo.org 2007-06-09 19:21:45 0000 Marked stable on amd64. armin76@gentoo.org 2007-06-10 13:22:08 0000 x86 stable, thanks Markus. gustavoz@gentoo.org 2007-06-11 14:10:58 0000 sparc stable. py@gentoo.org 2007-07-14 19:17:20 0000 ia64 is there something wrong with stabilization? armin76@gentoo.org 2007-07-14 19:19:01 0000 ia64 is not security supported :) Plus i can't test it py@gentoo.org 2007-07-15 10:33:45 0000 err, indeed :) falco@gentoo.org 2007-07-25 21:39:45 0000 it's GLSA 200707-10, thanks 121219 2007-06-05 06:20 0000 festival-bug-170477.diff festival-bug-170477.diff text/plain PyBmZXN0aXZhbC0xLjk1X2JldGEtcjQuZWJ1aWxkCkluZGV4OiBmZXN0aXZhbC0xLjk1X2JldGEt cjMuZWJ1aWxkCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2Fw cC1hY2Nlc3NpYmlsaXR5L2Zlc3RpdmFsL2Zlc3RpdmFsLTEuOTVfYmV0YS1yMy5lYnVpbGQsdgpy ZXRyaWV2aW5nIHJldmlzaW9uIDEuMgpkaWZmIC11IC1iIC1CIC1yMS4yIGZlc3RpdmFsLTEuOTVf YmV0YS1yMy5lYnVpbGQKLS0tIGZlc3RpdmFsLTEuOTVfYmV0YS1yMy5lYnVpbGQJMjggQXByIDIw MDcgMTc6MTg6MzkgLTAwMDAJMS4yCisrKyBmZXN0aXZhbC0xLjk1X2JldGEtcjMuZWJ1aWxkCTUg SnVuIDIwMDcgMDY6MDQ6MjAgLTAwMDAKQEAgLTQ0LDYgKzQ0LDEwIEBACiAKIFM9JHtXT1JLRElS fQogCitwa2dfc2V0dXAoKSB7CisgICAgICAgIGVuZXd1c2VyIGZlc3RpdmFsIC0xIC9iaW4vZmFs c2UKK30KKwogc3JjX3VucGFjaygpIHsKIAl1bnBhY2sgJHtBfQogCkluZGV4OiBmaWxlcy9mZXN0 aXZhbC5yYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvdmFyL2N2c3Jvb3QvZ2VudG9vLXg4Ni9hcHAt YWNjZXNzaWJpbGl0eS9mZXN0aXZhbC9maWxlcy9mZXN0aXZhbC5yYyx2CnJldHJpZXZpbmcgcmV2 aXNpb24gMS4yCmRpZmYgLXUgLWIgLUIgLXIxLjIgZmVzdGl2YWwucmMKLS0tIGZpbGVzL2Zlc3Rp dmFsLnJjCTE0IEp1bCAyMDA0IDIxOjA2OjExIC0wMDAwCTEuMgorKysgZmlsZXMvZmVzdGl2YWwu cmMJNSBKdW4gMjAwNyAwNjowNDoyMCAtMDAwMApAQCAtMTEsNyArMTEsNyBAQAogc3RhcnQoKSB7 CiAJZWJlZ2luICJTdGFydGluZyBmZXN0aXZhbCIKIAlzdGFydC1zdG9wLWRhZW1vbiAtLXN0YXJ0 IC0tcXVpZXQgLS1iYWNrZ3JvdW5kIC0tbWFrZS1waWRmaWxlIC0tcGlkZmlsZSAvdmFyL3J1bi9m ZXN0aXZhbC5waWQgXAotCQktLWV4ZWMgL3Vzci9iaW4vZmVzdGl2YWwgLS0gLS1zZXJ2ZXIgLWIg L2V0Yy9mZXN0aXZhbC9zZXJ2ZXIuc2NtCisJCS0tY2h1aWQgZmVzdGl2YWwgLS1leGVjIC91c3Iv YmluL2Zlc3RpdmFsIC0tIC0tc2VydmVyIC1iIC9ldGMvZmVzdGl2YWwvc2VydmVyLnNjbQogCWVl bmQgJD8KIH0KIAo= 121309 2007-06-06 02:53 0000 festival-bug-170477.diff festival-bug-170477.diff text/plain ZGlmZiAtdSAtYiAtQiAtcjEuMiBmZXN0aXZhbC0xLjk1X2JldGEtcjMuZWJ1aWxkCi0tLSBmZXN0 aXZhbC0xLjk1X2JldGEtcjMuZWJ1aWxkCTI4IEFwciAyMDA3IDE3OjE4OjM5IC0wMDAwCTEuMgor KysgZmVzdGl2YWwtMS45NV9iZXRhLXIzLmVidWlsZAk2IEp1biAyMDA3IDAyOjQ4OjMzIC0wMDAw CkBAIC00NCw2ICs0NCwxMCBAQAogCiBTPSR7V09SS0RJUn0KIAorcGtnX3NldHVwKCkgeworCWVu ZXd1c2VyIGZlc3RpdmFsIC0xIC9iaW4vZmFsc2UgLTEgYXVkaW8KK30KKwogc3JjX3VucGFjaygp IHsKIAl1bnBhY2sgJHtBfQogCkluZGV4OiBmaWxlcy9mZXN0aXZhbC5yYwo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJD UyBmaWxlOiAvdmFyL2N2c3Jvb3QvZ2VudG9vLXg4Ni9hcHAtYWNjZXNzaWJpbGl0eS9mZXN0aXZh bC9maWxlcy9mZXN0aXZhbC5yYyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4yCmRpZmYgLXUgLWIg LUIgLXIxLjIgZmVzdGl2YWwucmMKLS0tIGZpbGVzL2Zlc3RpdmFsLnJjCTE0IEp1bCAyMDA0IDIx OjA2OjExIC0wMDAwCTEuMgorKysgZmlsZXMvZmVzdGl2YWwucmMJNiBKdW4gMjAwNyAwMjo0ODoz MyAtMDAwMApAQCAtMTEsNyArMTEsNyBAQAogc3RhcnQoKSB7CiAJZWJlZ2luICJTdGFydGluZyBm ZXN0aXZhbCIKIAlzdGFydC1zdG9wLWRhZW1vbiAtLXN0YXJ0IC0tcXVpZXQgLS1iYWNrZ3JvdW5k IC0tbWFrZS1waWRmaWxlIC0tcGlkZmlsZSAvdmFyL3J1bi9mZXN0aXZhbC5waWQgXAotCQktLWV4 ZWMgL3Vzci9iaW4vZmVzdGl2YWwgLS0gLS1zZXJ2ZXIgLWIgL2V0Yy9mZXN0aXZhbC9zZXJ2ZXIu c2NtCisJCS0tY2h1aWQgZmVzdGl2YWwgLS1leGVjIC91c3IvYmluL2Zlc3RpdmFsIC0tIC0tc2Vy dmVyIC1iIC9ldGMvZmVzdGl2YWwvc2VydmVyLnNjbQogCWVlbmQgJD8KIH0KIApJbmRleDogZmls ZXMvc2VydmVyLnNjbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvdmFyL2N2c3Jvb3QvZ2VudG9vLXg4 Ni9hcHAtYWNjZXNzaWJpbGl0eS9mZXN0aXZhbC9maWxlcy9zZXJ2ZXIuc2NtLHYKcmV0cmlldmlu ZyByZXZpc2lvbiAxLjQKZGlmZiAtdSAtYiAtQiAtcjEuNCBzZXJ2ZXIuc2NtCi0tLSBmaWxlcy9z ZXJ2ZXIuc2NtCTQgTm92IDIwMDYgMjA6NTU6MDYgLTAwMDAJMS40CisrKyBmaWxlcy9zZXJ2ZXIu c2NtCTYgSnVuIDIwMDcgMDI6NDg6MzMgLTAwMDAKQEAgLTExLDcgKzExLDkgQEAKIChzZXQhIHNl cnZlcl9wYXNzd2QgbmlsKQogCiA7IFNlcnZlciBhY2Nlc3MgbGlzdCAoaG9zdHMpCi0oc2V0ISBz ZXJ2ZXJfYWNjZXNzX2xpc3QgJygiW14uXSsiICIxMjcuMC4wLjEiICJsb2NhbGhvc3QuKiIgIjE5 Mi4xNjguKiIpKQorOyAoc2V0ISBzZXJ2ZXJfYWNjZXNzX2xpc3QgJygiW14uXSsiICIxMjcuMC4w LjEiICJsb2NhbGhvc3QuKiIgIjE5Mi4xNjguKiIpKQorKHNldCEgc2VydmVyX2FjY2Vzc19saXN0 ICcoIlteLl0rIiAiMTI3LjAuMC4xIiAibG9jYWxob3N0IiApKQorCiAKIDsgU2VydmVyIGRlbnkg bGlzdCAoaG9zdHMpCiAoc2V0ISBzZXJ2ZXJfZGVueV9saXN0IG5pbCkK 121494 2007-06-08 13:00 0000 festival-1.95_beta-r3.ebuild festival-1.95_beta-r3.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA3IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6ICQKCmluaGVyaXQgZXV0aWxzIHRvb2xjaGFpbi1mdW5jcwoKTVlfUD0ke1BOfS0xLjk1LWJl dGEKU0lURT0iaHR0cDovL3d3dy5jc3RyLmVkLmFjLnVrL2Rvd25sb2Fkcy8ke1BOfS8ke1BWL19i ZXRhLy99IgoKREVTQ1JJUFRJT049IkZlc3RpdmFsIFRleHQgdG8gU3BlZWNoIGVuZ2luZSIKSE9N RVBBR0U9Imh0dHA6Ly93d3cuY3N0ci5lZC5hYy51ay8iClNSQ19VUkk9IiR7U0lURX0vJHtNWV9Q fS50YXIuZ3oKCSR7U0lURX0vc3BlZWNoX3Rvb2xzLTEuMi45NS1iZXRhLnRhci5negoJJHtTSVRF fS9mZXN0bGV4X1BPU0xFWC50YXIuZ3oKCSR7U0lURX0vZmVzdGxleF9DTVUudGFyLmd6Cgkke1NJ VEV9L2Zlc3RsZXhfT0FMRC50YXIuZ3oKCSR7U0lURX0vZmVzdHZveF9yYWJscGMxNmsudGFyLmd6 Cgkke1NJVEV9L2Zlc3R2b3hfZG9uLnRhci5negoJJHtTSVRFfS9mZXN0dm94X2thbGxwYzE2ay50 YXIuZ3oKCSR7U0lURX0vZmVzdHZveF9rZWRscGMxNmsudGFyLmd6Cgkke1NJVEV9L2Zlc3R2b3hf Y211X3VzX2JkbF9hcmN0aWNfaHRzLnRhci5negoJJHtTSVRFfS9mZXN0dm94X2NtdV91c19zbHRf YXJjdGljX2h0cy50YXIuZ3oKCSR7U0lURX0vZmVzdHZveF9jbXVfdXNfam1rX2FyY3RpY19odHMu dGFyLmd6Cgkke1NJVEV9L2Zlc3R2b3hfY211X3VzX2F3Yl9hcmN0aWNfaHRzLnRhci5negoJbGlu Z3Vhc19lcz8gKCAke1NJVEV9L2Zlc3R2b3hfZWxscGMxMWsudGFyLmd6ICkKCW1icm9sYT8gKAoJ CSR7U0lURX0vZmVzdHZveF9lbjEudGFyLmd6CgkJJHtTSVRFfS9mZXN0dm94X3VzMS50YXIuZ3oK CQkke1NJVEV9L2Zlc3R2b3hfdXMyLnRhci5negoJCSR7U0lURX0vZmVzdHZveF91czMudGFyLmd6 ICkiCgpMSUNFTlNFPSJGRVNUSVZBTCBCU0QgYXMtaXMiClNMT1Q9IjAiCktFWVdPUkRTPSJ+YWxw aGEgfmFtZDY0IH5ocHBhIH5pYTY0IH5wcGMgfnBwYzY0IH5zcGFyYyB+eDg2IgpJVVNFPSJhc3Rl cmlzayBlc2QgbGluZ3Vhc19lcyBtYnJvbGEgWCIKClJERVBFTkQ9InN5cy1saWJzL25jdXJzZXMK CWVzZD8gKCBtZWRpYS1zb3VuZC9lc291bmQgKQoJbWJyb2xhPyAoID49YXBwLWFjY2Vzc2liaWxp dHkvbWJyb2xhLTMuMC4xaC1yMiApIgoKREVQRU5EPSIke1JERVBFTkR9CglYPyAoCgkJeDExLWxp YnMvbGliWDExCgkJeDExLWxpYnMvbGliWHQgKSIKClM9JHtXT1JLRElSfQoKcGtnX3NldHVwKCkg ewoJZW5ld3VzZXIgJHtQTn0gLTEgLTEgLTEgYXVkaW8KfQoKc3JjX3VucGFjaygpIHsKCXVucGFj ayAke0F9CgoJdXNlIGFzdGVyaXNrICYmIGVwYXRjaCAiJHtGSUxFU0RJUn0vJHtQfS1hc3Rlcmlz ay5wYXRjaCIKCglpZiB1c2UgZXNkIDsgdGhlbgoJCXNlZCAtaSBcCgkJCS1lICdzLyMgXChJTkNM VURFX01PRFVMRVMgKz0gRVNEX0FVRElPXCkvXDEvJyBcCgkJCXNwZWVjaF90b29scy9jb25maWcv Y29uZmlnLmluIHx8IGRpZSAic2VkIGNvbmZpZy5pbiIKCWZpCgoJaWYgISB1c2UgWCA7IHRoZW4K CQlzZWQgLWkgXAoJCQktZSAncy8tbFgxMSAtbFh0Ly8nIFwKCQkJc3BlZWNoX3Rvb2xzL2NvbmZp Zy9tb2R1bGVzL2VzZF9hdWRpby5tYWsgXAoJCQl8fCBkaWUgInNlZCBlc2RfYXVkaW8ubWFrIgoJ ZmkKCgkjIHRlc3RzdWl0ZSBzdGlsbCBmYWlscyB0byBidWlsZCB1bmRlciBnY2MtMy4yCgkjIHNl ZCAtaSAnL15CVUlMRF9ESVJTID0vcy90ZXN0c3VpdGUvLycgJHtTfS9NYWtlZmlsZSB8fCBkaWUK CglzZWQgLWkgXAoJCS1lICIvXmNvbnN0IGNoYXIgXCpmZXN0aXZhbF9saWJkaXIvczpGVExJQkRJ UjpcIi91c3Ivc2hhcmUvZmVzdGl2YWxcIjoiIFwKCQlmZXN0aXZhbC9zcmMvYXJjaC9mZXN0aXZh bC9mZXN0aXZhbC5jYyB8fCBkaWUgInNlZCBmZXN0aXZhbC5jYyIKCglzZWQgLWkgXAoJCS1lICcv Xk1PRFVMRV9MSUJTL3MvLWx0ZXJtY2FwLy1sbmN1cnNlcy8nIFwKCQlmZXN0aXZhbC9jb25maWcv bW9kdWxlcy9lZGl0bGluZS5tYWsgfHwgZGllICJzZWQgZWRpdGxpbmUubWFrIgoKCSMgRml4IGhh cmRjb2RlZCBwYXRoIGZvciBleGFtcGxlcyB0aGF0IHdpbGwgYmUgZmluYWxseSBpbnN0YWxsZWQg aW4KCSMgL3Vzci8kKGdldF9saWJkaXIpL2Zlc3RpdmFsL2V4YW1wbGVzCglzZWQgLWkgXAoJCS1l ICJzOlwuXC4vZXhhbXBsZXMvOi91c3Ivc2hhcmUvZG9jLyR7UEZ9L2V4YW1wbGVzLzoiIFwKCQlm ZXN0aXZhbC9saWIvZmVzdGl2YWwuc2NtIHx8IGRpZSAic2VkIGZlc3RpdmFsLnNjbSIKCgkjIGdj YyA0LjEgY29tcGF0aWJpbGl0eSBwYXRjaGVzCgllcGF0Y2ggIiR7RklMRVNESVJ9LyR7UH0tZ2Nj NDEucGF0Y2giCgllcGF0Y2ggIiR7RklMRVNESVJ9LyR7UH0tZ2NjNDEtYW1kNjQucGF0Y2giCgll cGF0Y2ggIiR7RklMRVNESVJ9LyR7UH0tZ2NjNDEtYW1kNjQtaW50LXBvaW50ZXIucGF0Y2giCgoJ ZXBhdGNoICIke0ZJTEVTRElSfS8ke1B9LWluaXQtc2NtLnBhdGNoIgp9CgpzcmNfY29tcGlsZSgp IHsKCWNkICIke1N9Ii9zcGVlY2hfdG9vbHMKCWVjb25mIHx8IGRpZSAiZWNvbmYgc3BlZWNoX3Rv b2xzIgoJZW1ha2UgLWoxIFwKCQlPUFRJTUlTRV9DWFhGTEFHUz0iJHtDWFhGTEFHU30iIFwKCQlP UFRJTUlTRV9DQ0ZMQUdTPSIke0NGTEFHU30iIFwKCQlDQz0iJCh0Yy1nZXRDQykiIFwKCQlDWFg9 IiQodGMtZ2V0Q1hYKSIgXAoJCXx8IGRpZSAiZW1ha2Ugc3BlZWNoX3Rvb2xzIgoKCWNkICIke1N9 Ii9mZXN0aXZhbAoJZWNvbmYgfHwgZGllICJlY29uZiBmZXN0aXZhbCIKCWVtYWtlIC1qMSBcCgkJ UFJPSkVDVF9MSUJERVBTPSIiIFwKCQlSRVFVSVJFRF9MSUJERVBTPSIiIFwKCQlMT0NBTF9MSUJE RVBTPSIiIFwKCQlPUFRJTUlTRV9DWFhGTEFHUz0iJHtDWFhGTEFHU30iIFwKCQlPUFRJTUlTRV9D Q0ZMQUdTPSIke0NGTEFHU30iIFwKCQlDQz0iJCh0Yy1nZXRDQykiIFwKCQlDWFg9IiQodGMtZ2V0 Q1hYKSIgXAoJCXx8IGRpZSAiZW1ha2UgZmVzdGl2YWwiCn0KCnNyY19pbnN0YWxsKCkgewoJIyBJ bnN0YWxsIHRoZSBiaW5hcmllcwoJZG9iaW4gZmVzdGl2YWwvc3JjL21haW4vZmVzdGl2YWwgfHwg ZGllCglkb2JpbiBmZXN0aXZhbC9saWIvZXRjLypMaW51eCovYXVkc3AgfHwgZGllCglkb2xpYi5h IGZlc3RpdmFsL3NyYy9saWIvbGliRmVzdGl2YWwuYSB8fCBkaWUKCgkjIEluc3RhbGwgdGhlIG1h aW4gbGlicmFyaWVzCglpbnNpbnRvIC91c3Ivc2hhcmUvZmVzdGl2YWwKCWRvaW5zIC1yIGZlc3Rp dmFsL2xpYi8qIHx8IGRpZQoKCSMgSW5zdGFsbCB0aGUgZXhhbXBsZXMKCWluc2ludG8gIi91c3Iv c2hhcmUvZG9jLyR7UEZ9L2V4YW1wbGVzIgoJZG9pbnMgLXIgZmVzdGl2YWwvZXhhbXBsZXMvKiB8 fCBkaWUKCgkjIE5lZWQgdG8gZml4IHNheXRpbWUsIGV0Yy4gdG8gbG9vayBmb3IgZmVzdGl2YWwg aW4gdGhlIGNvcnJlY3Qgc3BvdAoJbG9jYWwgZXggZXhub2V4dAoJZm9yIGV4IGluICIke0R9L3Vz ci9zaGFyZS9kb2MvJHtQRn0vZXhhbXBsZXMiLyouc2ggOyBkbwoJCWV4bm9leHQ9JHtleCUlLnNo fQoJCWNobW9kIGEreCAiJHtleG5vZXh0fSIgfHwgZGllICJjaG1vZCIKCQlkb3NlZCAiczoke1N9 L2Zlc3RpdmFsL2Jpbi9mZXN0aXZhbDovdXNyL2Jpbi9mZXN0aXZhbDoiIFwKCQkJIiR7ZXhub2V4 dCMjJER9IgoJZG9uZQoKCSMgSW5zdGFsbCB0aGUgaGVhZGVyIGZpbGVzCglpbnNpbnRvIC91c3Iv aW5jbHVkZS9mZXN0aXZhbAoJZG9pbnMgZmVzdGl2YWwvc3JjL2luY2x1ZGUvKi5oIHx8IGRpZQoK CSMgSW5zdGFsbCB0aGUgZGljdHMKCWluc2ludG8gL3Vzci9zaGFyZS9mZXN0aXZhbC9kaWN0cwoJ ZG9pbnMgLXIgZmVzdGl2YWwvbGliL2RpY3RzLyogfHwgZGllCgoJIyBJbnN0YWxscyBhbGwgZXhp c3Rpbmcgdm9pY2VzLCBubyBtYXR0ZXIgd2hhdCBsYW5ndWFnZQoJaW5zaW50byAvdXNyL3NoYXJl L2Zlc3RpdmFsL3ZvaWNlcwoJZG9pbnMgLXIgZmVzdGl2YWwvbGliL3ZvaWNlcy8qIHx8IGRpZQoK CWluc2ludG8gL2V0Yy9mZXN0aXZhbAoJIyBTYW1wbGUgc2VydmVyLnNjbSBjb25maWd1cmF0aW9u IGZvciB0aGUgc2VydmVyCglkb2lucyAiJHtGSUxFU0RJUn0iL3NlcnZlci5zY20gfHwgZGllCglk b2lucyBmZXN0aXZhbC9saWIvc2l0ZSogfHwgZGllCgoJIyBJbnN0YWxsIHRoZSBpbml0IHNjcmlw dAoJbmV3aW5pdGQgIiR7RklMRVNESVJ9Ii9mZXN0aXZhbC5yYyBmZXN0aXZhbAoKCXVzZSBtYnJv bGEgJiYgbWJyb2xhX3ZvaWNlcwoKCSMgSW5zdGFsbCB0aGUgZG9jcwoJZG9kb2MgZmVzdGl2YWwv e0FDS05PV0xFREdNRU5UUyxORVdTLFJFQURNRX0KCWRvbWFuIGZlc3RpdmFsL2RvYy97ZmVzdGl2 YWwuMSxmZXN0aXZhbF9jbGllbnQuMX0KCgkjIExvZyBmaWxlLiBNaWdodCBhcyB3ZWxsIHVzZSAi YXVkaW8iIGZvciB0aGUgZ3JvdXAuCglkaXJvcHRzIC1tIDA3NTAgLW8gJHtQTn0gLWcgYXVkaW8K CWtlZXBkaXIgL3Zhci9sb2cvJHtQTn0KfQoKcGtnX3Bvc3RpbnN0KCkgewoJZWxvZyAiVXNlZnVs IGV4YW1wbGVzIGluY2x1ZGUgc2F5dGltZSwgdGV4dDJ3YXZlLiBGb3IgZXhhbXBsZSwgdHJ5OiIK CWVsb2cgIiAgIC91c3Ivc2hhcmUvZG9jLyR7UEZ9L2V4YW1wbGVzL3NheXRpbWUiCgllbG9nCgll bG9nICJPciBmb3Igc29tZXRoaW5nIG1vcmUgZnVuOiIKCWVsb2cgJyAgIGVjaG8gIkdlbnRvbyBj YW4gc3BlYWsiIHwgZmVzdGl2YWwgLS10dHMnCgllbG9nCgllbG9nICJUbyBlbmFibGUgdGhlIGZl c3RpdmFsIHNlcnZlciBhdCBzdGFydHVwLCBydW4iCgllbG9nICIgICByYy11cGRhdGUgYWRkIGZl c3RpdmFsIGRlZmF1bHQiCgllbG9nCgllbG9nICJZb3UgbXVzdCBzZXQgdXAgdGhlIHNlcnZlcidz IHBvcnQsIGFjY2VzcyBsaXN0LCBldGMuIGluIHRoaXMgZmlsZToiCgllbG9nICIgICAvZXRjL2Zl c3RpdmFsL3NlcnZlci5zY20iCgllbG9nCgllbG9nICJUaGlzIHZlcnNpb24gYWxzbyBhbGxvd3Mg Y29uZmlndXJhdGlvbiBvZiBzaXRlLXNwZWNpZmljIgoJZWxvZyAiaW5pdGlhbGl6YXRpb24gaW4g L2V0Yy9mZXN0aXZhbC9zaXRlaW5pdC5zY20iCgllbG9nICJhbmQgdmFyaWFibGVzIGluICAvZXRj L2Zlc3RpdmFsL3NpdGV2YXJzLnNjbSIKCWVjaG8KfQoKbWJyb2xhX3ZvaWNlcygpIHsKCSMgRml4 IG1icm9sYSBkYXRhYmFzZXM6IGNyZWF0ZSBzeW1ib2xpYyBsaW5rcyBmcm9tIGZlc3RpdmFsIHZv aWNlcwoJIyBkaXJlY3RvcmllcyB0byBNQlJPTEEgaW5zdGFsbCBkaXJzLgoKCSMgVGhpcyBpcyBp biBjYXNlIHRoZXJlIGlzIG5vIG1icm9sYSB2b2ljZSBmb3IgYSBwYXJ0aWN1bGFyIGxhbmd1YWdl LgoJbG9jYWwgc2hvcHRzPSQoc2hvcHQgLXAgbnVsbGdsb2IpCglzaG9wdCAtcyBudWxsZ2xvYgoK CSMgVGhpcyBhc3N1bWVzIGFsbCBtYnJvbGEgdm9pY2VzIGFyZSBuYW1lZCBhZnRlciB0aGUgdm9p Y2VzIGRlZmluZWQKCSMgaW4gTUJST0xBLCBpLmUuIGlmIE1CUk9MQSBjb250YWlucyBhIHZvaWNl IGZyMSwgdGhlbiB0aGUgRmVzdGl2YWwKCSMgY291bnRlcnBhcnQgc2hvdWxkIGJlIG5hbWVkIGZy MV9tYnJvbGEuCglsb2NhbCBsYW5ndWFnZSBtdm9pY2Ugdm9pY2UgZGF0YWJhc2UKCWZvciBsYW5n dWFnZSBpbiAiJHtTfSIvZmVzdGl2YWwvbGliL3ZvaWNlcy8qOyBkbwoJCWZvciBtdm9pY2UgaW4g IiR7bGFuZ3VhZ2V9Ii8qX21icm9sYTsgZG8KCQkJdm9pY2U9JHttdm9pY2UjIyovfQoJCQlkYXRh YmFzZT0ke3ZvaWNlJSVfbWJyb2xhfQoJCQlkb3N5bSAiL29wdC9tYnJvbGEvJHtkYXRhYmFzZX0i IFwKCQkJCSIvdXNyL3NoYXJlL2Zlc3RpdmFsL3ZvaWNlcy8ke2xhbmd1YWdlIyMqL30vJHt2b2lj ZX0vJHtkYXRhYmFzZX0iCgkJZG9uZQoJZG9uZQoKCSMgUmVzdG9yZSBzaG9wdHMKCSR7c2hvcHRz fQp9Cg== 121496 2007-06-08 13:02 0000 festival.rc festival.rc text/plain IyEvc2Jpbi9ydW5zY3JpcHQKIyBDb3B5cmlnaHQgMTk5OS0yMDA3IEdlbnRvbyBGb3VuZGF0aW9u CiMgRGlzdHJpYnV0ZWQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMg TGljZW5zZSB2MgojICRIZWFkZXI6ICQKCmRlcGVuZCgpIHsKCW5lZWQgbmV0Cgl1c2UgYWxzYXNv dW5kIGVzb3VuZAp9CgpzdGFydCgpIHsKCWViZWdpbiAiU3RhcnRpbmcgZmVzdGl2YWwiCglzdGFy dC1zdG9wLWRhZW1vbiAtLXN0YXJ0IC0tcXVpZXQgLS1iYWNrZ3JvdW5kIC0tbWFrZS1waWRmaWxl IFwKCQktLXBpZGZpbGUgL3Zhci9ydW4vZmVzdGl2YWwucGlkIFwKCQktLWNodWlkIGZlc3RpdmFs IFwKCQktLWV4ZWMgL3Vzci9iaW4vZmVzdGl2YWwgLS0gLS1zZXJ2ZXIgLWIgL2V0Yy9mZXN0aXZh bC9zZXJ2ZXIuc2NtCgllZW5kICQ/Cn0KCnN0b3AoKSB7CgllYmVnaW4gIlN0b3BwaW5nIGZlc3Rp dmFsIgoJc3RhcnQtc3RvcC1kYWVtb24gLS1zdG9wIC0tcXVpZXQgLS1waWRmaWxlIC92YXIvcnVu L2Zlc3RpdmFsLnBpZAoJZWVuZCAkPwp9Cg== 121497 2007-06-08 13:02 0000 server.scm server.scm text/plain OyBNYXhpbXVtIG51bWJlciBvZiBjbGllbnRzIG9uIHRoZSBzZXJ2ZXIKKHNldCEgc2VydmVyX21h eF9jbGllbnRzIDEwKQoKOyBTZXJ2ZXIgcG9ydAooc2V0ISBzZXJ2ZXJfcG9ydCAxMzE0KQoKOyBM b2cgZmlsZSBsb2NhdGlvbgooc2V0ISBzZXJ2ZXJfbG9nX2ZpbGUgIi92YXIvbG9nL2Zlc3RpdmFs L2Zlc3RpdmFsLmxvZyIpCgo7IFNldCB0aGUgc2VydmVyIHBhc3N3b3JkCihzZXQhIHNlcnZlcl9w YXNzd2QgbmlsKQoKOyBTZXJ2ZXIgYWNjZXNzIGxpc3QgKGhvc3RzKQo7IEV4YW1wbGU6CjsgKHNl dCEgc2VydmVyX2FjY2Vzc19saXN0ICcoIlteLl0rIiAiMTI3LjAuMC4xIiAibG9jYWxob3N0Lioi ICIxOTIuMTY4LioiKSkKOyBTZWN1cmUgZGVmYXVsdDoKKHNldCEgc2VydmVyX2FjY2Vzc19saXN0 ICcoIlteLl0rIiAiMTI3LjAuMC4xIiAibG9jYWxob3N0IikpCgo7IFNlcnZlciBkZW55IGxpc3Qg KGhvc3RzKQooc2V0ISBzZXJ2ZXJfZGVueV9saXN0IG5pbCkKCg==