186219 2007-07-22 12:38 0000 www-servers/apache Multiple issues (CVE-2006-{5752}, CVE-2007-{1862,1863,3304,3847,4465}) 2008-01-10 08:59:03 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://httpd.apache.org/security/vulnerabilities_22.html A3 [glsa] P2 normal --- 187185 1 jaervosz@gentoo.org security@gentoo.org apache-bugs@gentoo.org hanno@gentoo.org lars@chaotika.org mips@gentoo.org jaervosz@gentoo.org 2007-07-22 12:38:15 0000 Not sure we're affected by these ones either. CVE-2006-5752 Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. CVE-2007-1863 Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. rajiv@gentoo.org 2007-09-05 04:11:42 0000 moderate: mod_status cross-site scripting CVE-2006-5752 Affects: 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35 Fixed in Apache httpd 2.0.61-dev patched in apache-2.2.4-r12 or earlier moderate: mod_cache proxy DoS CVE-2007-1863 Affects: 2.2.4, 2.2.3, 2.2.2, 2.2.0 Fixed in Apache httpd 2.2.6-dev patched in apache-2.2.4-r12 or earlier didn't check the 2.0.x branch. however apache-2.2.4-r12 need a patch for moderate: mod_proxy crash CVE-2007-3847 A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. http://httpd.apache.org/security/vulnerabilities_22.html py@gentoo.org 2007-09-07 14:58:39 0000 there's also bug 191603, and I have to admit I'm a bit lost with all this issues and versions. Apache, please advise on what needs to be done to fix this, and maybe close the other bug if it's not necessary. hollow@gentoo.org 2007-09-07 21:47:56 0000 all CVEs have been backported to 2.0.59-r5/2.2.4-r12, except 2007-3847 is missing in 2.2.4-r12, but fixed with 2.2.6, which is now in cvs, see also #187258 py@gentoo.org 2007-09-08 11:37:16 0000 *** Bug 191603 has been marked as a duplicate of this bug. *** py@gentoo.org 2007-09-08 11:45:07 0000 ok thanks for the info. So in the end, how do you want to proceed with stabilization? In any case seems that we'll have to call arches for 2.2.6 as a fix is missing with 2.2.4-r12, but should we call all arches for 2.0.61 or just the ones that don't have 2.0.59-r5? please advise. hollow@gentoo.org 2007-09-08 15:29:52 0000 2.0.59-r5 is ok, but 2.2.6 should be stabilized asap for CVE-2007-3847 py@gentoo.org 2007-09-08 15:39:15 0000 ok. Arches, please test and mark stable net-www/apache-2.0.59-r5 and net-www/apache-2.2.6. Target keywordsare "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" beandog@gentoo.org 2007-09-08 17:56:53 0000 (In reply to comment #7) > ok. > Arches, please test and mark stable > net-www/apache-2.0.59-r5 and net-www/apache-2.2.6. > Target keywordsare "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 > ~x86-fbsd" > That's www-servers/apache-2.0.59-r5 and www-servers/apache-2.2.6 jer@gentoo.org 2007-09-08 18:59:41 0000 Don't forget to mark app-admin/apache-tools-2.2.6 stable as well. All stable for HPPA. hollow@gentoo.org 2007-09-08 20:07:41 0000 *** Bug 187258 has been marked as a duplicate of this bug. *** maekke@gentoo.org 2007-09-09 12:44:07 0000 x86 stable jmbsvicetto@gentoo.org 2007-09-09 13:43:23 0000 apache-2.0.59-r5, apache-2.2.6 and apache-tools-2.2.6 all emerged fine here on my sparc64. Got the following notice for apache-2.0.59-r5: dodoc: etc/apache2/*-std.conf does not exist and the following notices for apache-2.2.6: install: cannot stat `/var/tmp/portage/www-servers/apache-2.2.6/work/gentoo-apache-2.2.6/scripts/apache2logserverstatus': No such file or directory install: cannot stat `/var/tmp/portage/www-servers/apache-2.2.6/work/gentoo-apache-2.2.6/scripts/apache2splitlogfile': No such file or directory Tested with: www-servers/apache-2.0.59-r5 (apache2 mpm-prefork ssl) www-servers/apache-2.0.59-r5 (apache2 mpm-worker ssl) www-servers/apache-2.0.59-r5 (apache2 mpm-leader static-modules threads) app-admin/apache-tools-2.2.6 www-servers/apache-2.2.6 (mpm-prefork ssl) app-admin/apache-tools-2.2.6 (ssl) www-servers/apache-2.2.6 (mpm-worker ssl) app-admin/apache-tools-2.2.6 (ssl) www-servers/apache-2.2.6 (static-modules threads) jmbsvicetto@gentoo.org 2007-09-09 13:45:45 0000 Created an attachment (id=130411) sparc64 emerge --info armin76@gentoo.org 2007-09-09 15:11:22 0000 alpha/ia64 stable corsair@gentoo.org 2007-09-09 16:16:06 0000 ppc64 stable togge.gentoo@gmail.com 2007-09-09 18:02:55 0000 --- amd64 --- www-servers/apache-2.2.6 - USE: -debug -doc -ldap -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -mpm-worker -no-suexec -selinux ssl -static-modules threads app-admin/apache-tools-2.2.6 - USE: ssl 1: emerges 2: passes collision-protect, (multilib-)strict, test 3: works (*) basic static web pages, php support tested * app-admin/apache-tools-2.2.6 - log_server_status gives Can't locate sys/socket.ph in @INC (did you run h2ph?) (@INC contains: /etc/perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux /usr/lib64/perl5/vendor_perl/5.8.8 /usr/lib64/perl5/vendor_perl /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux /usr/lib64/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl /usr/lib64/perl5/5.8.8/x86_64-linux /usr/lib64/perl5/5.8.8 /usr/local/lib/site_perl .) at /usr/sbin/log_server_status line 28. Portage 2.1.2.12 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r6 x86_64) ================================================================= System uname: 2.6.22-gentoo-r6 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Gentoo Base System release 1.12.9 Timestamp of tree: Unknown ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -ggdb -march=athlon64 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/gentoo-release /etc/init.d /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -ggdb -march=athlon64 -pipe" DISTDIR="/tmp/portage" FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms splitdebug strict test" GENTOO_MIRRORS="http://ds.thn.htu.se/linux/gentoo http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mirror.switch.ch/mirror/gentoo/ http://trumpetti.atm.tut.fi/gentoo/" LANG="en_US.utf-8" LINGUAS="en sv" MAKEOPTS="-j3" PKGDIR="/tmp/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/private" SYNC="rsync://dx/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi aiglx alsa amd64 apache2 arts asf avi bash-completion berkdb bitmap-fonts branding browserplugin cairo ccache cdr cli cpudetection cracklib crypt cscope css cups cvs dbus divx divx4linux dlloader dri dvd dvdr dvdread eds emboss encode esd evo fam ffmpeg firefox flac foomaticdb fortran freetype gdbm geoip gif gimp gmedia gnokii gnome gpm gstreamer gtk hal http iconv ieee1394 imap imlib ipv6 isdnlog java javascript jfs jpeg kde kdeenablefinal kdehiddenvisibility kdepim kerberos logitech-mouse mad madwifi maildir midi mikmod mmx mmx2 mmxext mono mozbranding moznopango mozsvg mp3 mpeg mplayer msn mudflap mysql ncurses nls nptl nptlonly nsplugin ntfs nvidia obex ogg oggvorbis opengl openmp oss pam pcre pdf pdflib perl png pppd python qt qt3 qt3support qt4 quicktime readline realmedia reflection reiserfs samba scanner sdl session spell spl sse sse2 ssl subversion svg symlink tcpd test tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb v4l v4l2 vim-syntax vim-with-x visualization vorbis wifi wmf wmp wxwindows xcomposite xface xfs xine xinerama xml xorg xosd xpm xprint xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en sv" USERLAND="GNU" VIDEO_CARDS="nv nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS dertobi123@gentoo.org 2007-09-10 18:13:30 0000 ppc stable wolf31o2@gentoo.org 2007-09-11 20:22:01 0000 amd64 done... now to upgrade all my web servers... :P jmbsvicetto@gentoo.org 2007-09-13 01:47:59 0000 Created an attachment (id=130782) sparc64-emerge-info emerge --info after updating system to gcc-4.1.2 jmbsvicetto@gentoo.org 2007-09-13 01:50:11 0000 Tested apache with the above use flags again after updating to gcc-4.1.2 got the same results. py@gentoo.org 2007-09-15 17:55:23 0000 2.2.6 also fixes an XSS in mod_autoindex.c: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 armin76@gentoo.org 2007-09-25 14:31:22 0000 sparc stable, thanks Jorge Manuel. This is ready to go py@gentoo.org 2007-09-25 14:34:27 0000 A3 => no vote here :p glsa request filed. rbu@gentoo.org 2007-09-29 00:10:10 0000 Correcting CVE in title. py@gentoo.org 2007-11-07 19:45:00 0000 finally closing with GLSA 200711-06,sorry for the delay :/ 130411 2007-09-09 13:45 0000 sparc64 emerge --info sparc64-emerge-info text/plain UG9ydGFnZSAyLjEuMi4xMiAoZGVmYXVsdC1saW51eC9zcGFyYy9zcGFyYzY0LzIwMDcuMCwgZ2Nj LTMuNC42LCBnbGliYy0yLjUtcjQsIDIuNi4xNy1nZW50b28tcjggc3BhcmM2NCkKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K U3lzdGVtIHVuYW1lOiAyLjYuMTctZ2VudG9vLXI4IHNwYXJjNjQgc3VuNHUKR2VudG9vIEJhc2Ug U3lzdGVtIHJlbGVhc2UgMS4xMi45ClRpbWVzdGFtcCBvZiB0cmVlOiBTYXQsIDA4IFNlcCAyMDA3 IDIxOjUwOjAxICswMDAwCmFwcC1zaGVsbHMvYmFzaDogICAgIDMuMl9wMTcKZGV2LWxhbmcvcHl0 aG9uOiAgICAgMi40LjQtcjQKZGV2LXB5dGhvbi9weWNyeXB0bzogMi4wLjEtcjYKc3lzLWFwcHMv YmFzZWxheW91dDogMS4xMi45LXIyCnN5cy1hcHBzL3NhbmRib3g6ICAgIDEuMi4xNwpzeXMtZGV2 ZWwvYXV0b2NvbmY6ICAyLjEzLCAyLjYxLXIxCnN5cy1kZXZlbC9hdXRvbWFrZTogIDEuNF9wNiwg MS41LCAxLjYuMywgMS43LjktcjEsIDEuOC41LXIzLCAxLjkuNi1yMiwgMS4xMApzeXMtZGV2ZWwv YmludXRpbHM6ICAyLjE3CnN5cy1kZXZlbC9nY2MtY29uZmlnOiAxLjMuMTYKc3lzLWRldmVsL2xp YnRvb2w6ICAgMS41LjI0CnZpcnR1YWwvb3MtaGVhZGVyczogIDIuNi4yMQpBQ0NFUFRfS0VZV09S RFM9InNwYXJjIgpDQlVJTEQ9InNwYXJjLXVua25vd24tbGludXgtZ251IgpDRkxBR1M9Ii1PMiAt bWNwdT11bHRyYXNwYXJjMyAtcGlwZSIKQ0hPU1Q9InNwYXJjLXVua25vd24tbGludXgtZ251IgpD T05GSUdfUFJPVEVDVD0iL2V0YyAvdmFyL2JpbmQiCkNPTkZJR19QUk9URUNUX01BU0s9Ii9ldGMv ZW52LmQgL2V0Yy9nY29uZiAvZXRjL3BocC9hcGFjaGUyLXBocDUvZXh0LWFjdGl2ZS8gL2V0Yy9w aHAvY2dpLXBocDUvZXh0LWFjdGl2ZS8gL2V0Yy9waHAvY2xpLXBocDUvZXh0LWFjdGl2ZS8gL2V0 Yy9yZXZkZXAtcmVidWlsZCAvZXRjL3Rlcm1pbmZvIgpDWFhGTEFHUz0iLU8yIC1tY3B1PXVsdHJh c3BhcmMzIC1waXBlIgpESVNURElSPSIvdXNyL3BvcnRhZ2UvZGlzdGZpbGVzIgpGRUFUVVJFUz0i ZGlzdGxvY2tzIG1ldGFkYXRhLXRyYW5zZmVyIHBhcmFsbGVsLWZldGNoIHNhbmRib3ggc2ZwZXJt cyBzdHJpY3QiCkdFTlRPT19NSVJST1JTPSJodHRwOi8vZnRwLmJlbG5ldC5iZS9taXJyb3IvcnN5 bmMuZ2VudG9vLm9yZy9nZW50b28vIGZ0cDovL2Z0cC5nZW50b28tcHQub3JnL3B1Yi9nZW50b28g ZnRwOi8vbWlycm9yczEubmV0dmlzYW8ucHQvZ2VudG9vLyBodHRwOi8vdHJ1bXBldHRpLnR1dC5h dG0uZmkvZ2VudG9vIgpNQUtFT1BUUz0iLWoyIgpQS0dESVI9Ii91c3IvcG9ydGFnZS9wYWNrYWdl cyIKUE9SVEFHRV9SU1lOQ19PUFRTPSItLXJlY3Vyc2l2ZSAtLWxpbmtzIC0tc2FmZS1saW5rcyAt LXBlcm1zIC0tdGltZXMgLS1jb21wcmVzcyAtLWZvcmNlIC0td2hvbGUtZmlsZSAtLWRlbGV0ZSAt LWRlbGV0ZS1hZnRlciAtLXN0YXRzIC0tdGltZW91dD0xODAgLS1leGNsdWRlPS9kaXN0ZmlsZXMg LS1leGNsdWRlPS9sb2NhbCAtLWV4Y2x1ZGU9L3BhY2thZ2VzIC0tZmlsdGVyPUhfKiovZmlsZXMv ZGlnZXN0LSoiClBPUlRBR0VfVE1QRElSPSIvdmFyL3RtcCIKUE9SVERJUj0iL3Vzci9wb3J0YWdl IgpQT1JURElSX09WRVJMQVk9Ii91c3IvbG9jYWwvcG9ydGFnZSIKU1lOQz0icnN5bmM6Ly9hdGw2 NC5hY29yZXMucHQvZ2VudG9vLXBvcnRhZ2UiClVTRT0iYml0bWFwLWZvbnRzIGNsaSBjcmFja2xp YiBjcnlwdCBjdXBzIGRyaSBmb3J0cmFuIGdkYm0gZ3BtIGljb252IGlzZG5sb2cgbWlkaSBtdWRm bGFwIG5scyBucHRsIG5wdGxvbmx5IG9wZW5tcCBwYW0gcGNyZSBwcGRzIHBwcGQgcmVmbGVjdGlv biBzZXNzaW9uIHNwYXJjIHNwbCB0Y3BkIHRydWV0eXBlLWZvbnRzIHR5cGUxLWZvbnRzIHVuaWNv ZGUgdmhvc3RzIHhvcmciIEFMU0FfUENNX1BMVUdJTlM9ImFkcGNtIGFsYXcgYXN5bSBjb3B5IGRt aXggZHNoYXJlIGRzbm9vcCBlbXB0eSBleHRwbHVnIGZpbGUgaG9va3MgaWVjOTU4IGlvcGx1ZyBs YWRzcGEgbGZsb2F0IGxpbmVhciBtZXRlciBtdWxhdyBtdWx0aSBudWxsIHBsdWcgcmF0ZSByb3V0 ZSBzaGFyZSBzaG0gc29mdHZvbCIgRUxJQkM9ImdsaWJjIiBJTlBVVF9ERVZJQ0VTPSJrZXlib2Fy ZCBtb3VzZSBldmRldiIgS0VSTkVMPSJsaW51eCIgTENEX0RFVklDRVM9ImJheXJhZCBjZm9udHog Y2ZvbnR6NjMzIGdsayBoZDQ0NzgwIGxiMjE2IGxjZG0wMDEgbXR4b3JiIG5jdXJzZXMgdGV4dCIg VVNFUkxBTkQ9IkdOVSIgVklERU9fQ0FSRFM9ImR1bW15IGZiZGV2IGdsaW50IG1hY2g2NCBtZ2Eg cjEyOCByYWRlb24gc3VuYncyIHN1bmNnMTQgc3VuY2czIHN1bmNnNiBzdW5mZmIgc3VubGVvIHRk ZnggdjRsIHZvb2RvbyIKVW5zZXQ6ICBDVEFSR0VULCBFTUVSR0VfREVGQVVMVF9PUFRTLCBJTlNU QUxMX01BU0ssIExBTkcsIExDX0FMTCwgTERGTEFHUywgTElOR1VBUywgUE9SVEFHRV9DT01QUkVT UywgUE9SVEFHRV9DT01QUkVTU19GTEFHUywgUE9SVEFHRV9SU1lOQ19FWFRSQV9PUFRTCgo= 130782 2007-09-13 01:47 0000 sparc64-emerge-info sparc64-emerge-info text/plain UG9ydGFnZSAyLjEuMi4xMiAoZGVmYXVsdC1saW51eC9zcGFyYy9zcGFyYzY0LzIwMDcuMCwgZ2Nj LTQuMS4yLCBnbGliYy0yLjUtcjQsIDIuNi4xNy1nZW50b28tcjggc3BhcmM2NCkKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K U3lzdGVtIHVuYW1lOiAyLjYuMTctZ2VudG9vLXI4IHNwYXJjNjQgc3VuNHUKR2VudG9vIEJhc2Ug U3lzdGVtIHJlbGVhc2UgMS4xMi45ClRpbWVzdGFtcCBvZiB0cmVlOiBUdWUsIDExIFNlcCAyMDA3 IDAxOjUwOjAxICswMDAwCmFwcC1zaGVsbHMvYmFzaDogICAgIDMuMl9wMTcKZGV2LWxhbmcvcHl0 aG9uOiAgICAgMi40LjQtcjQKZGV2LXB5dGhvbi9weWNyeXB0bzogMi4wLjEtcjYKc3lzLWFwcHMv YmFzZWxheW91dDogMS4xMi45LXIyCnN5cy1hcHBzL3NhbmRib3g6ICAgIDEuMi4xNwpzeXMtZGV2 ZWwvYXV0b2NvbmY6ICAyLjEzLCAyLjYxLXIxCnN5cy1kZXZlbC9hdXRvbWFrZTogIDEuNF9wNiwg MS41LCAxLjYuMywgMS43LjktcjEsIDEuOC41LXIzLCAxLjkuNi1yMiwgMS4xMApzeXMtZGV2ZWwv YmludXRpbHM6ICAyLjE3CnN5cy1kZXZlbC9nY2MtY29uZmlnOiAxLjMuMTYKc3lzLWRldmVsL2xp YnRvb2w6ICAgMS41LjI0CnZpcnR1YWwvb3MtaGVhZGVyczogIDIuNi4yMQpBQ0NFUFRfS0VZV09S RFM9InNwYXJjIgpDQlVJTEQ9InNwYXJjLXVua25vd24tbGludXgtZ251IgpDRkxBR1M9Ii1PMiAt bWNwdT11bHRyYXNwYXJjMyAtcGlwZSIKQ0hPU1Q9InNwYXJjLXVua25vd24tbGludXgtZ251IgpD T05GSUdfUFJPVEVDVD0iL2V0YyAvdmFyL2JpbmQiCkNPTkZJR19QUk9URUNUX01BU0s9Ii9ldGMv ZW52LmQgL2V0Yy9nY29uZiAvZXRjL3BocC9hcGFjaGUyLXBocDUvZXh0LWFjdGl2ZS8gL2V0Yy9w aHAvY2dpLXBocDUvZXh0LWFjdGl2ZS8gL2V0Yy9waHAvY2xpLXBocDUvZXh0LWFjdGl2ZS8gL2V0 Yy9yZXZkZXAtcmVidWlsZCAvZXRjL3Rlcm1pbmZvIgpDWFhGTEFHUz0iLU8yIC1tY3B1PXVsdHJh c3BhcmMzIC1waXBlIgpESVNURElSPSIvdXNyL3BvcnRhZ2UvZGlzdGZpbGVzIgpGRUFUVVJFUz0i ZGlzdGxvY2tzIG1ldGFkYXRhLXRyYW5zZmVyIHBhcmFsbGVsLWZldGNoIHNhbmRib3ggc2ZwZXJt cyBzdHJpY3QgdGVzdCIKR0VOVE9PX01JUlJPUlM9Imh0dHA6Ly9mdHAuYmVsbmV0LmJlL21pcnJv ci9yc3luYy5nZW50b28ub3JnL2dlbnRvby8gZnRwOi8vZnRwLmdlbnRvby1wdC5vcmcvcHViL2dl bnRvbyBmdHA6Ly9taXJyb3JzMS5uZXR2aXNhby5wdC9nZW50b28vIGh0dHA6Ly90cnVtcGV0dGku dHV0LmF0bS5maS9nZW50b28iCk1BS0VPUFRTPSItajIiClBLR0RJUj0iL3Vzci9wb3J0YWdlL3Bh Y2thZ2VzIgpQT1JUQUdFX1JTWU5DX09QVFM9Ii0tcmVjdXJzaXZlIC0tbGlua3MgLS1zYWZlLWxp bmtzIC0tcGVybXMgLS10aW1lcyAtLWNvbXByZXNzIC0tZm9yY2UgLS13aG9sZS1maWxlIC0tZGVs ZXRlIC0tZGVsZXRlLWFmdGVyIC0tc3RhdHMgLS10aW1lb3V0PTE4MCAtLWV4Y2x1ZGU9L2Rpc3Rm aWxlcyAtLWV4Y2x1ZGU9L2xvY2FsIC0tZXhjbHVkZT0vcGFja2FnZXMgLS1maWx0ZXI9SF8qKi9m aWxlcy9kaWdlc3QtKiIKUE9SVEFHRV9UTVBESVI9Ii92YXIvdG1wIgpQT1JURElSPSIvdXNyL3Bv cnRhZ2UiClBPUlRESVJfT1ZFUkxBWT0iL3Vzci9sb2NhbC9wb3J0YWdlIgpTWU5DPSJyc3luYzov L2F0bDY0LmFjb3Jlcy5wdC9nZW50b28tcG9ydGFnZSIKVVNFPSJiaXRtYXAtZm9udHMgY2xpIGNy YWNrbGliIGNyeXB0IGN1cHMgZHJpIGZvcnRyYW4gZ2RibSBncG0gaWNvbnYgaXNkbmxvZyBtaWRp IG11ZGZsYXAgbmxzIG5wdGwgbnB0bG9ubHkgb3Blbm1wIHBhbSBwY3JlIHBwZHMgcHBwZCByZWZs ZWN0aW9uIHNlc3Npb24gc3BhcmMgc3BsIHRjcGQgdGVzdCB0cnVldHlwZS1mb250cyB0eXBlMS1m b250cyB1bmljb2RlIHZob3N0cyB4b3JnIiBBTFNBX1BDTV9QTFVHSU5TPSJhZHBjbSBhbGF3IGFz eW0gY29weSBkbWl4IGRzaGFyZSBkc25vb3AgZW1wdHkgZXh0cGx1ZyBmaWxlIGhvb2tzIGllYzk1 OCBpb3BsdWcgbGFkc3BhIGxmbG9hdCBsaW5lYXIgbWV0ZXIgbXVsYXcgbXVsdGkgbnVsbCBwbHVn IHJhdGUgcm91dGUgc2hhcmUgc2htIHNvZnR2b2wiIEVMSUJDPSJnbGliYyIgSU5QVVRfREVWSUNF Uz0ia2V5Ym9hcmQgbW91c2UgZXZkZXYiIEtFUk5FTD0ibGludXgiIExDRF9ERVZJQ0VTPSJiYXly YWQgY2ZvbnR6IGNmb250ejYzMyBnbGsgaGQ0NDc4MCBsYjIxNiBsY2RtMDAxIG10eG9yYiBuY3Vy c2VzIHRleHQiIFVTRVJMQU5EPSJHTlUiIFZJREVPX0NBUkRTPSJkdW1teSBmYmRldiBnbGludCBt YWNoNjQgbWdhIHIxMjggcmFkZW9uIHN1bmJ3MiBzdW5jZzE0IHN1bmNnMyBzdW5jZzYgc3VuZmZi IHN1bmxlbyB0ZGZ4IHY0bCB2b29kb28iClVuc2V0OiAgQ1RBUkdFVCwgRU1FUkdFX0RFRkFVTFRf T1BUUywgSU5TVEFMTF9NQVNLLCBMQU5HLCBMQ19BTEwsIExERkxBR1MsIExJTkdVQVMsIFBPUlRB R0VfQ09NUFJFU1MsIFBPUlRBR0VfQ09NUFJFU1NfRkxBR1MsIFBPUlRBR0VfUlNZTkNfRVhUUkFf T1BUUwoK