208710 CVE-2008-0564 2008-02-03 09:50 0000 net-mail/mailman < 2.1.9-r3 XSS issues (CVE-2008-0564) 2008-02-23 18:15:11 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html B4 [noglsa] P2 minor --- 1 dertobi123@gentoo.org security@gentoo.org hanno@gentoo.org net-mail@gentoo.org dertobi123@gentoo.org 2008-02-03 09:50:13 0000 Quoting the announcement [1]: "I am happy to announce the second beta release of Mailman 2.1.10. For technical reasons, there was no 'b2' release. This is a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.10 also adds support for two new language translations, Hebrew and Slovak and a few new features. [...] ~ Security ~ - The 2.1.9 fixes for CVE-2006-3636 have been enhanced. In particular, ~ many potential cross-site scripting attacks have are now detected in ~ editing templates and updating the list's info attribute via the web ~ admin interface. Thanks again to Moritz Naumann for assistance with ~ this." Note that while speaking of 2.1.10b1 in the initial announcement the new released version is 2.1.10b3 according to [2]. [1] http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html [2] http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html smithj@gentoo.org 2008-02-05 08:52:17 0000 CVE-2008-0564 has been allocated for these issues. smithj@gentoo.org 2008-02-05 08:54:00 0000 Created an attachment (id=142699) mailman-2.1.9-fix-XSS.patch Oh, also, if $MAINTAINER doesn't want to update to a beta release (I wouldn't), I'm attaching a patch which was given to me by upstream to fix the issue. hanno@gentoo.org 2008-02-05 11:24:16 0000 Added -r3. Archs, please go ahead. Note that this introduces the "reworked" mailman-ebuild, which installs into fhs-compliant locations and can be configured much better. cla@gentoo.org 2008-02-05 13:12:26 0000 * An example Mailman configuration file for Apache has been installed into: * /50_mailman.conf There's missing ${APACHE_MODULES_CONFDIR} variable (missing eclass?) x86 stable rbu@gentoo.org 2008-02-05 13:14:38 0000 Arches, please test and mark stable: =net-mail/mailman-2.1.9-r3 Target keywords : "amd64 ppc release sparc x86" rbu@gentoo.org 2008-02-05 13:15:06 0000 sorry, removing x86 again. hanno@gentoo.org 2008-02-06 11:48:26 0000 amd64 done armin76@gentoo.org 2008-02-07 13:51:36 0000 sparc stable dertobi123@gentoo.org 2008-02-07 18:30:44 0000 ppc stable plus re-adding amd64. hanno@gentoo.org 2008-02-08 13:14:33 0000 Seems I've stabilized amd64 in my local cvs tree without committing... Now done. Security, please go ahead with glsa. jaervosz@gentoo.org 2008-02-10 14:50:39 0000 This one is ready for GLSA vote. I tend to vote NO. py@gentoo.org 2008-02-10 15:36:44 0000 voting NO, and I close even if we don't have 2 full NO votes since it's XSS. feel free to reopen if you disagree. hanno@gentoo.org 2008-02-12 20:56:12 0000 Erh? Yes, it's an XSS and thus it can be used to steal accounts, which is a major issue. Why shouldn't this cause a GLSA?? Vote YES (if my opinion as the package maintainer counts) and volunteer to write the glsa if neccessary. rbu@gentoo.org 2008-02-12 21:00:59 0000 Is it a persistent or non-persistent XSS? Non-persistent issues usually do not get GLSA'd. pva@gentoo.org 2008-02-23 18:15:11 0000 Fixed in release snapshot. 142699 2008-02-05 08:54 0000 mailman-2.1.9-fix-XSS.patch mailman-2.1.9-fix-XSS.patch text/plain PT09IG1vZGlmaWVkIGZpbGUgJ01haWxtYW4vQ2dpL2VkaXRodG1sLnB5JwotLS0gTWFpbG1hbi9D Z2kvZWRpdGh0bWwucHkJMjAwNi0wOC0zMCAxNDo1NDoyMiArMDAwMAorKysgTWFpbG1hbi9DZ2kv ZWRpdGh0bWwucHkJMjAwNy0xMi0wNCAxOTo1MjoxOCArMDAwMApAQCAtMSw0ICsxLDQgQEAKLSMg Q29weXJpZ2h0IChDKSAxOTk4LTIwMDYgYnkgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwg SW5jLgorIyBDb3B5cmlnaHQgKEMpIDE5OTgtMjAwNyBieSB0aGUgRnJlZSBTb2Z0d2FyZSBGb3Vu ZGF0aW9uLCBJbmMuCiAjCiAjIFRoaXMgcHJvZ3JhbSBpcyBmcmVlIHNvZnR3YXJlOyB5b3UgY2Fu IHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IKICMgbW9kaWZ5IGl0IHVuZGVyIHRoZSB0ZXJtcyBvZiB0 aGUgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UKQEAgLTE1OSw3ICsxNTksMjAgQEAKICAgICAg ICAgZG9jLkFkZEl0ZW0oJzxocj4nKQogICAgICAgICByZXR1cm4KICAgICBjb2RlID0gY2dpX2lu Zm9bJ2h0bWxfY29kZSddLnZhbHVlCi0gICAgY29kZSA9IHJlLnN1YihyJzwoWy9dP3NjcmlwdC4q Pyk+JywgcicmbHQ7XDEmZ3Q7JywgY29kZSkKKyAgICBpZiBVdGlscy5zdXNwaWNpb3VzSFRNTChj b2RlKToKKyAgICAgICAgZG9jLkFkZEl0ZW0oSGVhZGVyKDMsCisgICAgICAgICAgIF8oIiIiVGhl IHBhZ2UgeW91IHNhdmVkIGNvbnRhaW5zIHN1c3BpY2lvdXMgSFRNTCB0aGF0IGNvdWxkCitwb3Rl bnRpYWxseSBleHBvc2UgeW91ciB1c2VycyB0byBjcm9zcy1zaXRlIHNjcmlwdGluZyBhdHRhY2tz LiAgVGhpcyBjaGFuZ2UKK2hhcyB0aGVyZWZvcmUgYmVlbiByZWplY3RlZC4gIElmIHlvdSBzdGls bCB3YW50IHRvIG1ha2UgdGhlc2UgY2hhbmdlcywgeW91CittdXN0IGhhdmUgc2hlbGwgYWNjZXNz IHRvIHlvdXIgTWFpbG1hbiBzZXJ2ZXIuCisgICAgICAgICAgICAgIiIiKSkpCisgICAgICAgIGRv Yy5BZGRJdGVtKF8oJ1NlZSAnKSkKKyAgICAgICAgZG9jLkFkZEl0ZW0oTGluaygKKydodHRwOi8v d3d3LnB5dGhvbi5vcmcvY2dpLWJpbi9mYXF3LW1tLnB5P3JlcT1zaG93JmZpbGU9ZmFxMDQuMDQ4 Lmh0cCcsCisgICAgICAgICAgICAgICAgXygnRkFRIDQuNDguJykpKQorICAgICAgICBkb2MuQWRk SXRlbShIZWFkZXIoMyxfKCJQYWdlIFVuY2hhbmdlZC4iKSkpCisgICAgICAgIGRvYy5BZGRJdGVt KCc8aHI+JykKKyAgICAgICAgcmV0dXJuCiAgICAgbGFuZ2RpciA9IG9zLnBhdGguam9pbihtbGlz dC5mdWxscGF0aCgpLCBtbGlzdC5wcmVmZXJyZWRfbGFuZ3VhZ2UpCiAgICAgIyBNYWtlIHN1cmUg dGhlIGRpcmVjdG9yeSBleGlzdHMKICAgICBvbWFzayA9IG9zLnVtYXNrKDApCgo9PT0gbW9kaWZp ZWQgZmlsZSAnTWFpbG1hbi9HdWkvR2VuZXJhbC5weScKLS0tIE1haWxtYW4vR3VpL0dlbmVyYWwu cHkJMjAwNi0wOC0zMCAxNDo1NDoyMiArMDAwMAorKysgTWFpbG1hbi9HdWkvR2VuZXJhbC5weQky MDA3LTEyLTA0IDE5OjUyOjE4ICswMDAwCkBAIC0xLDQgKzEsNCBAQAotIyBDb3B5cmlnaHQgKEMp IDIwMDEtMjAwNiBieSB0aGUgRnJlZSBTb2Z0d2FyZSBGb3VuZGF0aW9uLCBJbmMuCisjIENvcHly aWdodCAoQykgMjAwMS0yMDA3IGJ5IHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4K ICMKICMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRl IGl0IGFuZC9vcgogIyBtb2RpZnkgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJh bCBQdWJsaWMgTGljZW5zZQpAQCAtNDM2LDE3ICs0NDIsMjEgQEAKICAgICAgICAgICAgICMgQ29u dmVydCBhbnkgaHRtbCBlbnRpdGllcyB0byBVbmljb2RlCiAgICAgICAgICAgICBtbGlzdC5zdWJq ZWN0X3ByZWZpeCA9IFV0aWxzLmNhbm9uc3RyKAogICAgICAgICAgICAgICAgIHZhbCwgbWxpc3Qu cHJlZmVycmVkX2xhbmd1YWdlKQorICAgICAgICBlbGlmIHByb3BlcnR5ID09ICdpbmZvJzoKKyAg ICAgICAgICAgIGlmIHZhbCA8PiBtbGlzdC5pbmZvOgorICAgICAgICAgICAgICAgIGlmIFV0aWxz LnN1c3BpY2lvdXNIVE1MKHZhbCk6CisgICAgICAgICAgICAgICAgICAgIGRvYy5hZGRFcnJvcihf KCIiIlRoZSA8Yj5pbmZvPC9iPiBhdHRyaWJ1dGUgeW91IHNhdmVkCitjb250YWlucyBzdXNwaWNp b3VzIEhUTUwgdGhhdCBjb3VsZCBwb3RlbnRpYWxseSBleHBvc2UgeW91ciB1c2VycyB0byBjcm9z cy1zaXRlCitzY3JpcHRpbmcgYXR0YWNrcy4gIFRoaXMgY2hhbmdlIGhhcyB0aGVyZWZvcmUgYmVl biByZWplY3RlZC4gIElmIHlvdSBzdGlsbCB3YW50Cit0byBtYWtlIHRoZXNlIGNoYW5nZXMsIHlv dSBtdXN0IGhhdmUgc2hlbGwgYWNjZXNzIHRvIHlvdXIgTWFpbG1hbiBzZXJ2ZXIuCitUaGlzIGNo YW5nZSBjYW4gYmUgbWFkZSB3aXRoIGJpbi93aXRobGlzdCBvciB3aXRoIGJpbi9jb25maWdfbGlz dCBieSBzZXR0aW5nCittbGlzdC5pbmZvLgorICAgICAgICAgICAgICAgICAgICAgICAgIiIiKSkK KyAgICAgICAgICAgICAgICBlbHNlOgorICAgICAgICAgICAgICAgICAgICBtbGlzdC5pbmZvID0g dmFsCiAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICBHVUlCYXNlLl9zZXRWYWx1ZShzZWxmLCBt bGlzdCwgcHJvcGVydHksIHZhbCwgZG9jKQogCi0gICAgZGVmIF9lc2NhcGUoc2VsZiwgcHJvcGVy dHksIHZhbHVlKToKLSAgICAgICAgIyBUaGUgJ2luZm8nIHByb3BlcnR5IGFsbG93cyBIVE1MLCBi dXQgbGV0J3Mgc2FuaXRpemUgaXQgdG8gYXZvaWQgWFNTCi0gICAgICAgICMgZXhwbG9pdHMuICBF dmVyeXRoaW5nIGVsc2Ugc2hvdWxkIGJlIGZ1bGx5IGVzY2FwZWQuCi0gICAgICAgIGlmIHByb3Bl cnR5IDw+ICdpbmZvJzoKLSAgICAgICAgICAgIHJldHVybiBHVUlCYXNlLl9lc2NhcGUoc2VsZiwg cHJvcGVydHksIHZhbHVlKQotICAgICAgICAjIFNhbml0aXplIDxzY3JpcHQ+IGFuZCA8L3Njcmlw dD4gdGFncyBidXQgbm90aGluZyBlbHNlLiAgTm90IHRoZSBiZXN0Ci0gICAgICAgICMgc29sdXRp b24sIGJ1dCBleHBlZGllbnQuCi0gICAgICAgIHJldHVybiByZS5zdWIocicoP2kpPChbL10/c2Ny aXB0Lio/KT4nLCByJyZsdDtcMSZndDsnLCB2YWx1ZSkKIAogICAgIGRlZiBfcG9zdFZhbGlkYXRl KHNlbGYsIG1saXN0LCBkb2MpOgogICAgICAgICBpZiBub3QgbWxpc3QucmVwbHlfdG9fYWRkcmVz cy5zdHJpcCgpIGFuZCBcCgo9PT0gbW9kaWZpZWQgZmlsZSAnTWFpbG1hbi9HdWkvR1VJQmFzZS5w eScKLS0tIE1haWxtYW4vR3VpL0dVSUJhc2UucHkJMjAwNS0wOC0yNyAwMTo0MDoxNyArMDAwMAor KysgTWFpbG1hbi9HdWkvR1VJQmFzZS5weQkyMDA3LTExLTE4IDIwOjAxOjI2ICswMDAwCkBAIC0x LDQgKzEsNCBAQAotIyBDb3B5cmlnaHQgKEMpIDIwMDItMjAwNCBieSB0aGUgRnJlZSBTb2Z0d2Fy ZSBGb3VuZGF0aW9uLCBJbmMuCisjIENvcHlyaWdodCAoQykgMjAwMi0yMDA3IGJ5IHRoZSBGcmVl IFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KICMKICMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29m dHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vcgogIyBtb2RpZnkgaXQgdW5kZXIg dGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQpAQCAtMTIsNyArMTIs OCBAQAogIwogIyBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgR2Vu ZXJhbCBQdWJsaWMgTGljZW5zZQogIyBhbG9uZyB3aXRoIHRoaXMgcHJvZ3JhbTsgaWYgbm90LCB3 cml0ZSB0byB0aGUgRnJlZSBTb2Z0d2FyZQotIyBGb3VuZGF0aW9uLCBJbmMuLCA1MSBGcmFua2xp biBTdHJlZXQsIEZpZnRoIEZsb29yLCBCb3N0b24sIE1BIDAyMTEwLTEzMDEsIFVTQS4KKyMgRm91 bmRhdGlvbiwgSW5jLiwgNTEgRnJhbmtsaW4gU3RyZWV0LCBGaWZ0aCBGbG9vciwgQm9zdG9uLCBN QSAwMjExMC0xMzAxLAorIyBVU0EuCiAKICIiIkJhc2UgY2xhc3MgZm9yIGFsbCB3ZWIgR1VJIGNv bXBvbmVudHMuIiIiCiAKQEAgLTEyMiwxMCArMTI3LDYgQEAKICAgICAgICAgIyBWYWxpZGF0ZSBh bGwgdGhlIGF0dHJpYnV0ZXMgZm9yIHRoaXMgY2F0ZWdvcnkKICAgICAgICAgcGFzcwogCi0gICAg ZGVmIF9lc2NhcGUoc2VsZiwgcHJvcGVydHksIHZhbHVlKToKLSAgICAgICAgdmFsdWUgPSB2YWx1 ZS5yZXBsYWNlKCc8JywgJyZsdDsnKQotICAgICAgICByZXR1cm4gdmFsdWUKLQogICAgIGRlZiBo YW5kbGVGb3JtKHNlbGYsIG1saXN0LCBjYXRlZ29yeSwgc3ViY2F0LCBjZ2lkYXRhLCBkb2MpOgog ICAgICAgICBmb3IgaXRlbSBpbiBzZWxmLkdldENvbmZpZ0luZm8obWxpc3QsIGNhdGVnb3J5LCBz dWJjYXQpOgogICAgICAgICAgICAgIyBTa2lwIGRlc2NyaXB0aW9ucyBhbmQgbGVnYWN5IG5vbi1h dHRyaWJ1dGVzCkBAIC0xNDQsMTAgKzE0NSw5IEBACiAgICAgICAgICAgICBlbGlmIG5vdCBjZ2lk YXRhLmhhc19rZXkocHJvcGVydHkpOgogICAgICAgICAgICAgICAgIGNvbnRpbnVlCiAgICAgICAg ICAgICBlbGlmIGlzaW5zdGFuY2UoY2dpZGF0YVtwcm9wZXJ0eV0sIExpc3RUeXBlKToKLSAgICAg ICAgICAgICAgICB2YWwgPSBbc2VsZi5fZXNjYXBlKHByb3BlcnR5LCB4LnZhbHVlKQotICAgICAg ICAgICAgICAgICAgICAgICBmb3IgeCBpbiBjZ2lkYXRhW3Byb3BlcnR5XV0KKyAgICAgICAgICAg ICAgICB2YWwgPSBbeC52YWx1ZSBmb3IgeCBpbiBjZ2lkYXRhW3Byb3BlcnR5XV0KICAgICAgICAg ICAgIGVsc2U6Ci0gICAgICAgICAgICAgICAgdmFsID0gc2VsZi5fZXNjYXBlKHByb3BlcnR5LCBj Z2lkYXRhW3Byb3BlcnR5XS52YWx1ZSkKKyAgICAgICAgICAgICAgICB2YWwgPSBjZ2lkYXRhW3By b3BlcnR5XS52YWx1ZQogICAgICAgICAgICAgIyBDb2VyY2UgdGhlIHZhbHVlIHRvIHRoZSBleHBl Y3RlZCB0eXBlLCByYWlzaW5nIGV4Y2VwdGlvbnMgaWYgdGhlCiAgICAgICAgICAgICAjIHZhbHVl IGlzIGludmFsaWQuCiAgICAgICAgICAgICB0cnk6Cgo9PT0gbW9kaWZpZWQgZmlsZSAnTWFpbG1h bi9VdGlscy5weScKLS0tIE1haWxtYW4vVXRpbHMucHkJMjAwNy0xMS0yNSAwODowNDozMCArMDAw MAorKysgTWFpbG1hbi9VdGlscy5weQkyMDA3LTEyLTA0IDE5OjUyOjE4ICswMDAwCkBAIC04NzYs MyArODc2LDE1NCBAQAogICAgIGV4Y2VwdCAoTG9va3VwRXJyb3IsIFVuaWNvZGVFcnJvciwgVmFs dWVFcnJvciwgSGVhZGVyUGFyc2VFcnJvcik6CiAgICAgICAgICMgcG9zc2libHkgY2hhcnNldCBw cm9ibGVtLiByZXR1cm4gd2l0aCB1bmRlY29kZWQgc3RyaW5nIGluIG9uZSBsaW5lLgogICAgICAg ICByZXR1cm4gRU1QVFlTVFJJTkcuam9pbihzLnNwbGl0bGluZXMoKSkKKworCisjIFBhdHRlcm5z IGFuZCBmdW5jdGlvbnMgdG8gZmxhZyBwb3NzaWJsZSBYU1MgYXR0YWNrcyBpbiBIVE1MLgorIyBU aGlzIGxpc3QgaXMgY29tcGlsZWQgZnJvbSBpbmZvcm1hdGlvbiBhdCBodHRwOi8vaGEuY2tlcnMu b3JnL3hzcy5odG1sLAorIyBodHRwOi8vd3d3LnF1aXJrc21vZGUub3JnL2pzL2V2ZW50c19jb21w aW5mby5odG1sLAorIyBodHRwOi8vd3d3Lmh0bWxyZWYuY29tL3JlZmVyZW5jZS9hcHBhL2V2ZW50 czEuaHRtLAorIyBodHRwOi8vbHhyLm1vemlsbGEub3JnL21vemlsbGEvc291cmNlL2NvbnRlbnQv ZXZlbnRzL3NyYy9uc0RPTUV2ZW50LmNwcCM1OSwKKyMgaHR0cDovL3d3dy53My5vcmcvVFIvRE9N LUxldmVsLTItRXZlbnRzL2V2ZW50cy5odG1sIGFuZAorIyBodHRwOi8vd3d3Lnh1bHBsYW5ldC5j b20vcmVmZXJlbmNlcy9lbGVtcmVmL3JlZl9FdmVudEhhbmRsZXJzLmh0bWwKKyMgTWFueSB0aGFu a3MgYXJlIGR1ZSB0byBNb3JpdHogTmF1bWFubiBmb3IgaGlzIGFzc2lzdGFuY2Ugd2l0aCB0aGlz LgorX2JhZHdvcmRzID0gWworICAgICc8aT9mcmFtZScsCisgICAgJzxsaW5rJywKKyAgICAnPG1l dGEnLAorICAgICc8c2NyaXB0JywKKyAgICByJyg/Ol58XFcpaig/OmF2YSk/c2NyaXB0KD86XFd8 JCknLAorICAgIHInKD86XnxcVyl2YnMoPzpjcmlwdCk/KD86XFd8JCknLAorICAgIHInKD86Xnxc Vylkb21hY3RpdmF0ZSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpZG9tYXR0cm1vZGlmaWVkKD86 XFd8JCknLAorICAgIHInKD86XnxcVylkb21jaGFyYWN0ZXJkYXRhbW9kaWZpZWQoPzpcV3wkKScs CisgICAgcicoPzpefFxXKWRvbWZvY3VzKD86aW58b3V0KSg/OlxXfCQpJywKKyAgICByJyg/Ol58 XFcpZG9tbWVudWl0ZW0oPzppbik/YWN0aXZlKD86XFd8JCknLAorICAgIHInKD86XnxcVylkb21t b3VzZXNjcm9sbCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpZG9tbm9kZWluc2VydGVkKD86aW50 b2RvY3VtZW50KT8oPzpcV3wkKScsCisgICAgcicoPzpefFxXKWRvbW5vZGVyZW1vdmVkKD86ZnJv bWRvY3VtZW50KT8oPzpcV3wkKScsCisgICAgcicoPzpefFxXKWRvbXN1YnRyZWVtb2RpZmllZCg/ OlxXfCQpJywKKyAgICByJyg/Ol58XFcpZnNjb21tYW5kKD86XFd8JCknLAorICAgIHInKD86Xnxc VylvbmFib3J0KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbig/OmRlKT9hY3RpdmF0ZSg/OlxX fCQpJywKKyAgICByJyg/Ol58XFcpb24oPzphZnRlcnxiZWZvcmUpcHJpbnQoPzpcV3wkKScsCisg ICAgcicoPzpefFxXKW9uKD86YWZ0ZXJ8YmVmb3JlKXVwZGF0ZSg/OlxXfCQpJywKKyAgICByJyg/ Ol58XFcpb25iZWZvcmUoPzooPzpkZSk/YWN0aXZhdGV8Y29weXxjdXR8ZWRpdGZvY3VzfHBhc3Rl KSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25iZWZvcmV1bmxvYWQoPzpcV3wkKScsCisgICAg cicoPzpefFxXKW9uYmVnaW4oPzpcV3wkKScsCisgICAgcicoPzpefFxXKW9uYmx1cig/OlxXfCQp JywKKyAgICByJyg/Ol58XFcpb25ib3VuY2UoPzpcV3wkKScsCisgICAgcicoPzpefFxXKW9uYnJv YWRjYXN0KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbig/OmNlbGwpP2NoYW5nZSg/OlxXfCQp JywKKyAgICByJyg/Ol58XFcpb25jaGVja2JveHN0YXRlY2hhbmdlKD86XFd8JCknLAorICAgIHIn KD86XnxcVylvbig/OmRibCk/Y2xpY2soPzpcV3wkKScsCisgICAgcicoPzpefFxXKW9uY2xvc2Uo PzpcV3wkKScsCisgICAgcicoPzpefFxXKW9uY29tbWFuZCg/OnVwZGF0ZSk/KD86XFd8JCknLAor ICAgIHInKD86XnxcVylvbmNvbXBvc2l0aW9uKD86ZW5kfHN0YXJ0KSg/OlxXfCQpJywKKyAgICBy Jyg/Ol58XFcpb25jb250ZXh0bWVudSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25jb250cm9s c2VsZWN0KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmNvcHkoPzpcV3wkKScsCisgICAgcico PzpefFxXKW9uY3V0KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmRhdGFhdmFpbGFibGUoPzpc V3wkKScsCisgICAgcicoPzpefFxXKW9uZGF0YXNldCg/OmNoYW5nZWR8Y29tcGxldGUpKD86XFd8 JCknLAorICAgIHInKD86XnxcVylvbmRyYWcoPzpkcm9wfGVuZHxlbnRlcnxleGl0fGdlc3R1cmV8 bGVhdmV8b3Zlcik/KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmRyYWdzdGFydCg/OlxXfCQp JywKKyAgICByJyg/Ol58XFcpb25kcm9wKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmVuZCg/ OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25lcnJvcig/OnVwZGF0ZSk/KD86XFd8JCknLAorICAg IHInKD86XnxcVylvbmZpbHRlcmNoYW5nZSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25maW5p c2goPzpcV3wkKScsCisgICAgcicoPzpefFxXKW9uZm9jdXMoPzppbnxvdXQpPyg/OlxXfCQpJywK KyAgICByJyg/Ol58XFcpb25oZWxwKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmlucHV0KD86 XFd8JCknLAorICAgIHInKD86XnxcVylvbmtleSg/OnVwfGRvd258cHJlc3MpKD86XFd8JCknLAor ICAgIHInKD86XnxcVylvbmxheW91dGNvbXBsZXRlKD86XFd8JCknLAorICAgIHInKD86XnxcVylv big/OnVuKT9sb2FkKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbmxvc2VjYXB0dXJlKD86XFd8 JCknLAorICAgIHInKD86XnxcVylvbm1lZGlhKD86Y29tcGxldGV8ZXJyb3IpKD86XFd8JCknLAor ICAgIHInKD86XnxcVylvbm1vdXNlKD86ZG93bnxlbnRlcnxsZWF2ZXxtb3ZlfG91dHxvdmVyfHVw fHdoZWVsKSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25tb3ZlKD86ZW5kfHN0YXJ0KT8oPzpc V3wkKScsCisgICAgcicoPzpefFxXKW9uKD86b2ZmfG9uKWxpbmUoPzpcV3wkKScsCisgICAgcico PzpefFxXKW9ub3V0b2ZzeW5jKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbm92ZXJmbG93KD86 Y2hhbmdlZCk/KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbnBhZ2UoPzpoaWRlfHNob3cpKD86 XFd8JCknLAorICAgIHInKD86XnxcVylvbnBhaW50KD86XFd8JCknLAorICAgIHInKD86XnxcVylv bnBhc3RlKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbnBhdXNlKD86XFd8JCknLAorICAgIHIn KD86XnxcVylvbnBvcHVwKD86aGlkZGVufGhpZGluZ3xzaG93aW5nfHNob3duKSg/OlxXfCQpJywK KyAgICByJyg/Ol58XFcpb25wcm9ncmVzcyg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25wcm9w ZXJ0eWNoYW5nZSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25yYWRpb3N0YXRlY2hhbmdlKD86 XFd8JCknLAorICAgIHInKD86XnxcVylvbnJlYWR5c3RhdGVjaGFuZ2UoPzpcV3wkKScsCisgICAg cicoPzpefFxXKW9ucmVwZWF0KD86XFd8JCknLAorICAgIHInKD86XnxcVylvbnJlc2V0KD86XFd8 JCknLAorICAgIHInKD86XnxcVylvbnJlc2l6ZSg/OmVuZHxzdGFydCk/KD86XFd8JCknLAorICAg IHInKD86XnxcVylvbnJlc3VtZSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25yZXZlcnNlKD86 XFd8JCknLAorICAgIHInKD86XnxcVylvbnJvdyg/OmRlbGV0ZXxlbnRlcnxleGl0fGluc2VydGVk KSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25yb3dzKD86ZGVsZXRlfGVudGVyfGluc2VydGVk KSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25zY3JvbGwoPzpcV3wkKScsCisgICAgcicoPzpe fFxXKW9uc2Vlayg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25zZWxlY3QoPzpzdGFydCk/KD86 XFd8JCknLAorICAgIHInKD86XnxcVylvbnNlbGVjdGlvbmNoYW5nZSg/OlxXfCQpJywKKyAgICBy Jyg/Ol58XFcpb25zdGFydCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25zdG9wKD86XFd8JCkn LAorICAgIHInKD86XnxcVylvbnN1Ym1pdCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb25zeW5j KD86ZnJvbXx0bylwcmVmZXJlbmNlKD86XFd8JCknLAorICAgIHInKD86XnxcVylvbnN5bmNyZXN0 b3JlZCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb250ZXh0KD86XFd8JCknLAorICAgIHInKD86 XnxcVylvbnRpbWVlcnJvcig/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb250cmFja2NoYW5nZSg/ OlxXfCQpJywKKyAgICByJyg/Ol58XFcpb251bmRlcmZsb3coPzpcV3wkKScsCisgICAgcicoPzpe fFxXKW9udXJsZmxpcCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpc2Vla3NlZ21lbnR0aW1lKD86 XFd8JCknLAorICAgIHInKD86XnxcVylzdmdhYm9ydCg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcp c3ZnZXJyb3IoPzpcV3wkKScsCisgICAgcicoPzpefFxXKXN2Z2xvYWQoPzpcV3wkKScsCisgICAg cicoPzpefFxXKXN2Z3Jlc2l6ZSg/OlxXfCQpJywKKyAgICByJyg/Ol58XFcpc3Znc2Nyb2xsKD86 XFd8JCknLAorICAgIHInKD86XnxcVylzdmd1bmxvYWQoPzpcV3wkKScsCisgICAgcicoPzpefFxX KXN2Z3pvb20oPzpcV3wkKScsCisgICAgXQorCisKKyMgVGhpcyBpcyB0aGUgYWN0dWFsIHJlIHRv IGxvb2sgZm9yIHRoZSBhYm92ZSBwYXR0ZXJucworX2JhZGh0bWwgPSByZS5jb21waWxlKCd8Jy5q b2luKF9iYWR3b3JkcyksIHJlLklHTk9SRUNBU0UpCisjIFRoaXMgaXMgdXNlZCB0byBmaWx0ZXIg bm9uLXByaW50YWJsZSB1cy1hc2NpaSBjaGFyYWN0ZXJzLCBzb21lIG9mIHdoaWNoCisjIGNhbiBi ZSB1c2VkIHRvIGJyZWFrIHdvcmRzIHRvIGF2b2lkIHJlY29nbml0aW9uLgorX2ZpbHRlcmNoYXJz ID0gcmUuY29tcGlsZSgnW1wwMDAtXDAxMVwwMTNcMDE0XDAxNi1cMDM3XDE3Ny1cMjM3XScpCisj IFRoaXMgaXMgdXNlZCB0byByZWNvZ25pemUgJyYjJyBhbmQgJyV4eCcgc3RyaW5ncyBmb3IgX3Ry YW5zbGF0ZSB3aGljaAorIyB0cmFuc2xhdGVzIHRoZW0gdG8gY2hhcmFjdGVycworX2VuY29kZWRj aGFycyA9IHJlLmNvbXBpbGUoJygmI1swLTldKzs/KXwoJiN4WzAtOWEtZl0rOz8pfCglWzAtOWEt Zl17Mn0pJywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlLklHTk9SRUNBU0UpCisKKwor ZGVmIF90cmFuc2xhdGUobW8pOgorICAgICIiIlRyYW5zbGF0ZSAmIy4uLiBhbmQgJXh4IGVuY29k aW5ncyBpbnRvIHRoZSBlbmNvZGVkIGNoYXJhY3Rlci4iIiIKKyAgICBtYXRjaCA9IG1vLmdyb3Vw KCkubG93ZXIoKS5zdHJpcCgnJiM7JykKKyAgICB0cnk6CisgICAgICAgIGlmIG1hdGNoLnN0YXJ0 c3dpdGgoJ3gnKSBvciBtYXRjaC5zdGFydHN3aXRoKCclJyk6CisgICAgICAgICAgICB2YWwgPSBp bnQobWF0Y2hbMTpdLCAxNikKKyAgICAgICAgZWxzZToKKyAgICAgICAgICAgIHZhbCA9IGludCht YXRjaCwgMTApCisgICAgZXhjZXB0IFZhbHVlRXJyb3I6CisgICAgICAgIHJldHVybiAnJworICAg IGlmIHZhbCA8IDI1NjoKKyAgICAgICAgcmV0dXJuIGNocih2YWwpCisgICAgZWxzZToKKyAgICAg ICAgcmV0dXJuICcnCisKKworZGVmIHN1c3BpY2lvdXNIVE1MKGh0bWwpOgorICAgICIiIkNoZWNr IEhUTUwgc3RyaW5nIGZvciB2YXJpb3VzIHRhZ3MsIHNjcmlwdCBsYW5ndWFnZSBuYW1lcyBhbmQK KyAgICAnb254eHgnIGFjdGlvbnMgdGhhdCBjYW4gYmUgdXNlZCBpbiBYU1MgYXR0YWNrcy4KKyAg ICBDdXJyZW50bHksIHRoaXMgYSB2ZXJ5IHNpbXBsZSBtaW5kZWQgdGVzdC4gIEl0IGp1c3QgbG9v a3MgZm9yCisgICAgcGF0dGVybnMgd2l0aG91dCBhbmFseXppbmcgY29udGV4dC4gIFRodXMsIGl0 IHBvdGVudGlhbGx5IGZsYWdzIGxvdHMKKyAgICBvZiBiZW5pZ24gc3R1ZmYuCisgICAgUmV0dXJu cyBUcnVlIGlmIGFueXRoaW5nIHN1c3BpY2lvdXMgZm91bmQsIEZhbHNlIG90aGVyd2lzZS4KKyAg ICAiIiIKKworICAgIGlmIF9iYWRodG1sLnNlYXJjaChfZmlsdGVyY2hhcnMuc3ViKAorICAgICAg ICAgICAgICAgICAgICAgICAnJywgX2VuY29kZWRjaGFycy5zdWIoX3RyYW5zbGF0ZSwgaHRtbCkp KToKKyAgICAgICAgcmV0dXJuIFRydWUKKyAgICBlbHNlOgorICAgICAgICByZXR1cm4gRmFsc2UK Cg==