232172 CVE-2008-2935 2008-07-18 09:36 0000 dev-libs/libxslt >= 1.1.8 <= 1.1.24 heap overflow (CVE-2008-2935) 2008-08-07 12:59:16 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://ocert.org/advisories/ocert-2008-009.html A2 [glsa] P2 major --- 1 vorlon@gentoo.org security@gentoo.org arm@gentoo.org gnome@gentoo.org infra-bugs@gentoo.org m68k@gentoo.org s390@gentoo.org sh@gentoo.org vorlon@gentoo.org 2008-07-18 09:36:40 0000 ** Please note that this issue is confidential at the moment and no information should be disclosed until it is made public ** oCERT reports the following, crediting Chris Evans from the Google Security Team Description: The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. An arbitrary length string, passed as an argument in the XSL input, is incorrectly copied over a padding variable which is previously allocated with a fixed size of 128bit (RC4_KEY_LENGTH). Aside from the heap overflow other bugs affect the code, the length of the plaintext string argument is used for computing the key length rather than the actual key and the zero-padding of the key is incorrectly computed. A simple XML file with excessively long input can be crafted for triggering the heap overflow. Affected version: libxslt >= 1.18, <= 1.1.24 -------- adding eva and dang for the gnome herd, solar for infra as they might be interested in this vorlon@gentoo.org 2008-07-18 09:38:23 0000 Created an attachment (id=160702) patch for CVE-2008-2935 vorlon@gentoo.org 2008-07-18 12:39:32 0000 (In reply to comment #0) > libxslt >= 1.18, <= 1.1.24 this should be >= 1.1.8, <= 1.1.24 dang/eva could you prepare an ebuild with the patch and attach it here, so arch security liaisons can test it dang@gentoo.org 2008-07-18 12:42:27 0000 Created an attachment (id=160719) Ebuild applying patch The patch looks correct; that said, there have to have been a lot of circumstances when it just didn't work before. That made me curious. As far as the sources on my box and google knows, nothing uses those functions at all. Maybe they're used indirectly in some way I can't find? Anyway, I'm attaching an ebuild that applies that patch (renamed to ${P}-exslt_crypt.patch) so it can be tested. vorlon@gentoo.org 2008-07-18 13:15:25 0000 Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : yoswink amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : opfer ---- dang, probably used indirectly by including the relevant extension (http://exslt.org/howto.html) rbu@gentoo.org 2008-07-18 15:31:09 0000 Created an attachment (id=160731) libxslt-1.1.24-r1.tar.gz If it helps anyone, here's the overlay incorporating all files. rbu@gentoo.org 2008-07-18 15:31:48 0000 Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : yoswink amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : opfer jer@gentoo.org 2008-07-18 16:52:00 0000 HPPA is OK. fmccor@gentoo.org 2008-07-18 17:40:33 0000 libxslt-1.1.24-r1 looks good on sparc (tests run OK). armin76@gentoo.org 2008-07-18 18:45:53 0000 Looks good on alpha/ia64/x86 corsair@gentoo.org 2008-07-19 06:34:37 0000 looks good on ppc64 welp@gentoo.org 2008-07-22 23:50:02 0000 Looks good on amd64 too :D dertobi123@gentoo.org 2008-07-30 16:41:16 0000 a bit late, but looks also good on ppc rbu@gentoo.org 2008-07-30 17:03:32 0000 GNOME team, this will go public tomorrow at 15:00 UTC (17:00 CEST), please commit after that with the stable keywords gathered in this bug. eva@gentoo.org 2008-07-31 20:48:40 0000 ebuild commited. rbu@gentoo.org 2008-07-31 23:37:42 0000 Arches, please test and mark stable: =dev-libs/libxslt-1.1.24-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Already stabled : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Missing keywords: "arm m68k s390 sh" keytoaster@gentoo.org 2008-08-07 12:59:16 0000 GLSA 200808-06 160702 2008-07-18 09:38 0000 patch for CVE-2008-2935 exslt_crypt.patch text/plain SW5kZXg6IGxpYmV4c2x0L2NyeXB0by5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGxpYmV4c2x0L2NyeXB0by5j CShyZXZpc2lvbiAxNDc5KQorKysgbGliZXhzbHQvY3J5cHRvLmMJKHdvcmtpbmcgY29weSkKQEAg LTU5NSwxMSArNTk1LDEzIEBAIGV4c2x0Q3J5cHRvUmM0RW5jcnlwdEZ1bmN0aW9uICh4bWxYUGF0 aFAKICAgICBpbnQgc3RyX2xlbiA9IDAsIGJpbl9sZW4gPSAwLCBoZXhfbGVuID0gMDsKICAgICB4 bWxDaGFyICprZXkgPSBOVUxMLCAqc3RyID0gTlVMTCwgKnBhZGtleSA9IE5VTEw7CiAgICAgeG1s Q2hhciAqYmluID0gTlVMTCwgKmhleCA9IE5VTEw7CisgICAgeHNsdFRyYW5zZm9ybUNvbnRleHRQ dHIgdGN0eHQgPSBOVUxMOwogCi0gICAgaWYgKChuYXJncyA8IDEpIHx8IChuYXJncyA+IDMpKSB7 CisgICAgaWYgKG5hcmdzICE9IDIpIHsKIAl4bWxYUGF0aFNldEFyaXR5RXJyb3IgKGN0eHQpOwog CXJldHVybjsKICAgICB9CisgICAgdGN0eHQgPSB4c2x0WFBhdGhHZXRUcmFuc2Zvcm1Db250ZXh0 KGN0eHQpOwogCiAgICAgc3RyID0geG1sWFBhdGhQb3BTdHJpbmcgKGN0eHQpOwogICAgIHN0cl9s ZW4gPSB4bWxVVEY4U3RybGVuIChzdHIpOwpAQCAtNjExLDcgKzYxMyw3IEBAIGV4c2x0Q3J5cHRv UmM0RW5jcnlwdEZ1bmN0aW9uICh4bWxYUGF0aFAKICAgICB9CiAKICAgICBrZXkgPSB4bWxYUGF0 aFBvcFN0cmluZyAoY3R4dCk7Ci0gICAga2V5X2xlbiA9IHhtbFVURjhTdHJsZW4gKHN0cik7Cisg ICAga2V5X2xlbiA9IHhtbFVURjhTdHJsZW4gKGtleSk7CiAKICAgICBpZiAoa2V5X2xlbiA9PSAw KSB7CiAJeG1sWFBhdGhSZXR1cm5FbXB0eVN0cmluZyAoY3R4dCk7CkBAIC02MjAsMTUgKzYyMiwz MyBAQCBleHNsdENyeXB0b1JjNEVuY3J5cHRGdW5jdGlvbiAoeG1sWFBhdGhQCiAJcmV0dXJuOwog ICAgIH0KIAotICAgIHBhZGtleSA9IHhtbE1hbGxvY0F0b21pYyAoUkM0X0tFWV9MRU5HVEgpOwor ICAgIHBhZGtleSA9IHhtbE1hbGxvY0F0b21pYyAoUkM0X0tFWV9MRU5HVEggKyAxKTsKKyAgICBp ZiAocGFka2V5ID09IE5VTEwpIHsKKwl4c2x0VHJhbnNmb3JtRXJyb3IodGN0eHQsIE5VTEwsIHRj dHh0LT5pbnN0LAorCSAgICAiZXhzbHRDcnlwdG9SYzRFbmNyeXB0RnVuY3Rpb246IEZhaWxlZCB0 byBhbGxvY2F0ZSBwYWRrZXlcbiIpOworCXRjdHh0LT5zdGF0ZSA9IFhTTFRfU1RBVEVfU1RPUFBF RDsKKwl4bWxYUGF0aFJldHVybkVtcHR5U3RyaW5nIChjdHh0KTsKKwlnb3RvIGRvbmU7CisgICAg fQorICAgIG1lbXNldChwYWRrZXksIDAsIFJDNF9LRVlfTEVOR1RIICsgMSk7CisKICAgICBrZXlf c2l6ZSA9IHhtbFVURjhTdHJzaXplIChrZXksIGtleV9sZW4pOworICAgIGlmICgoa2V5X3NpemUg PiBSQzRfS0VZX0xFTkdUSCkgfHwgKGtleV9zaXplIDwgMCkpIHsKKwl4c2x0VHJhbnNmb3JtRXJy b3IodGN0eHQsIE5VTEwsIHRjdHh0LT5pbnN0LAorCSAgICAiZXhzbHRDcnlwdG9SYzRFbmNyeXB0 RnVuY3Rpb246IGtleSBzaXplIHRvbyBsb25nIG9yIGtleSBicm9rZW5cbiIpOworCXRjdHh0LT5z dGF0ZSA9IFhTTFRfU1RBVEVfU1RPUFBFRDsKKwl4bWxYUGF0aFJldHVybkVtcHR5U3RyaW5nIChj dHh0KTsKKwlnb3RvIGRvbmU7CisgICAgfQogICAgIG1lbWNweSAocGFka2V5LCBrZXksIGtleV9z aXplKTsKLSAgICBtZW1zZXQgKHBhZGtleSArIGtleV9zaXplLCAnXDAnLCBzaXplb2YgKHBhZGtl eSkpOwogCiAvKiBlbmNyeXB0IGl0ICovCiAgICAgYmluX2xlbiA9IHN0cl9sZW47CiAgICAgYmlu ID0geG1sU3RyZHVwIChzdHIpOwogICAgIGlmIChiaW4gPT0gTlVMTCkgeworCXhzbHRUcmFuc2Zv cm1FcnJvcih0Y3R4dCwgTlVMTCwgdGN0eHQtPmluc3QsCisJICAgICJleHNsdENyeXB0b1JjNEVu Y3J5cHRGdW5jdGlvbjogRmFpbGVkIHRvIGFsbG9jYXRlIHN0cmluZ1xuIik7CisJdGN0eHQtPnN0 YXRlID0gWFNMVF9TVEFURV9TVE9QUEVEOwogCXhtbFhQYXRoUmV0dXJuRW1wdHlTdHJpbmcgKGN0 eHQpOwogCWdvdG8gZG9uZTsKICAgICB9CkBAIC02MzgsNiArNjU4LDkgQEAgZXhzbHRDcnlwdG9S YzRFbmNyeXB0RnVuY3Rpb24gKHhtbFhQYXRoUAogICAgIGhleF9sZW4gPSBzdHJfbGVuICogMiAr IDE7CiAgICAgaGV4ID0geG1sTWFsbG9jQXRvbWljIChoZXhfbGVuKTsKICAgICBpZiAoaGV4ID09 IE5VTEwpIHsKKwl4c2x0VHJhbnNmb3JtRXJyb3IodGN0eHQsIE5VTEwsIHRjdHh0LT5pbnN0LAor CSAgICAiZXhzbHRDcnlwdG9SYzRFbmNyeXB0RnVuY3Rpb246IEZhaWxlZCB0byBhbGxvY2F0ZSBy ZXN1bHRcbiIpOworCXRjdHh0LT5zdGF0ZSA9IFhTTFRfU1RBVEVfU1RPUFBFRDsKIAl4bWxYUGF0 aFJldHVybkVtcHR5U3RyaW5nIChjdHh0KTsKIAlnb3RvIGRvbmU7CiAgICAgfQpAQCAtNjcwLDEx ICs2OTMsMTMgQEAgZXhzbHRDcnlwdG9SYzREZWNyeXB0RnVuY3Rpb24gKHhtbFhQYXRoUAogICAg IGludCBzdHJfbGVuID0gMCwgYmluX2xlbiA9IDAsIHJldF9sZW4gPSAwOwogICAgIHhtbENoYXIg KmtleSA9IE5VTEwsICpzdHIgPSBOVUxMLCAqcGFka2V5ID0gTlVMTCwgKmJpbiA9CiAJTlVMTCwg KnJldCA9IE5VTEw7CisgICAgeHNsdFRyYW5zZm9ybUNvbnRleHRQdHIgdGN0eHQgPSBOVUxMOwog Ci0gICAgaWYgKChuYXJncyA8IDEpIHx8IChuYXJncyA+IDMpKSB7CisgICAgaWYgKG5hcmdzICE9 IDIpIHsKIAl4bWxYUGF0aFNldEFyaXR5RXJyb3IgKGN0eHQpOwogCXJldHVybjsKICAgICB9Cisg ICAgdGN0eHQgPSB4c2x0WFBhdGhHZXRUcmFuc2Zvcm1Db250ZXh0KGN0eHQpOwogCiAgICAgc3Ry ID0geG1sWFBhdGhQb3BTdHJpbmcgKGN0eHQpOwogICAgIHN0cl9sZW4gPSB4bWxVVEY4U3RybGVu IChzdHIpOwpAQCAtNjg2LDcgKzcxMSw3IEBAIGV4c2x0Q3J5cHRvUmM0RGVjcnlwdEZ1bmN0aW9u ICh4bWxYUGF0aFAKICAgICB9CiAKICAgICBrZXkgPSB4bWxYUGF0aFBvcFN0cmluZyAoY3R4dCk7 Ci0gICAga2V5X2xlbiA9IHhtbFVURjhTdHJsZW4gKHN0cik7CisgICAga2V5X2xlbiA9IHhtbFVU RjhTdHJsZW4gKGtleSk7CiAKICAgICBpZiAoa2V5X2xlbiA9PSAwKSB7CiAJeG1sWFBhdGhSZXR1 cm5FbXB0eVN0cmluZyAoY3R4dCk7CkBAIC02OTUsMjIgKzcyMCw1MSBAQCBleHNsdENyeXB0b1Jj NERlY3J5cHRGdW5jdGlvbiAoeG1sWFBhdGhQCiAJcmV0dXJuOwogICAgIH0KIAotICAgIHBhZGtl eSA9IHhtbE1hbGxvY0F0b21pYyAoUkM0X0tFWV9MRU5HVEgpOworICAgIHBhZGtleSA9IHhtbE1h bGxvY0F0b21pYyAoUkM0X0tFWV9MRU5HVEggKyAxKTsKKyAgICBpZiAocGFka2V5ID09IE5VTEwp IHsKKwl4c2x0VHJhbnNmb3JtRXJyb3IodGN0eHQsIE5VTEwsIHRjdHh0LT5pbnN0LAorCSAgICAi ZXhzbHRDcnlwdG9SYzRFbmNyeXB0RnVuY3Rpb246IEZhaWxlZCB0byBhbGxvY2F0ZSBwYWRrZXlc biIpOworCXRjdHh0LT5zdGF0ZSA9IFhTTFRfU1RBVEVfU1RPUFBFRDsKKwl4bWxYUGF0aFJldHVy bkVtcHR5U3RyaW5nIChjdHh0KTsKKwlnb3RvIGRvbmU7CisgICAgfQorICAgIG1lbXNldChwYWRr ZXksIDAsIFJDNF9LRVlfTEVOR1RIICsgMSk7CiAgICAga2V5X3NpemUgPSB4bWxVVEY4U3Ryc2l6 ZSAoa2V5LCBrZXlfbGVuKTsKKyAgICBpZiAoKGtleV9zaXplID4gUkM0X0tFWV9MRU5HVEgpIHx8 IChrZXlfc2l6ZSA8IDApKSB7CisJeHNsdFRyYW5zZm9ybUVycm9yKHRjdHh0LCBOVUxMLCB0Y3R4 dC0+aW5zdCwKKwkgICAgImV4c2x0Q3J5cHRvUmM0RW5jcnlwdEZ1bmN0aW9uOiBrZXkgc2l6ZSB0 b28gbG9uZyBvciBrZXkgYnJva2VuXG4iKTsKKwl0Y3R4dC0+c3RhdGUgPSBYU0xUX1NUQVRFX1NU T1BQRUQ7CisJeG1sWFBhdGhSZXR1cm5FbXB0eVN0cmluZyAoY3R4dCk7CisJZ290byBkb25lOwor ICAgIH0KICAgICBtZW1jcHkgKHBhZGtleSwga2V5LCBrZXlfc2l6ZSk7Ci0gICAgbWVtc2V0IChw YWRrZXkgKyBrZXlfc2l6ZSwgJ1wwJywgc2l6ZW9mIChwYWRrZXkpKTsKIAogLyogZGVjb2RlIGhl eCB0byBiaW5hcnkgKi8KICAgICBiaW5fbGVuID0gc3RyX2xlbjsKICAgICBiaW4gPSB4bWxNYWxs b2NBdG9taWMgKGJpbl9sZW4pOworICAgIGlmIChiaW4gPT0gTlVMTCkgeworCXhzbHRUcmFuc2Zv cm1FcnJvcih0Y3R4dCwgTlVMTCwgdGN0eHQtPmluc3QsCisJICAgICJleHNsdENyeXB0b1JjNEVu Y3J5cHRGdW5jdGlvbjogRmFpbGVkIHRvIGFsbG9jYXRlIHN0cmluZ1xuIik7CisJdGN0eHQtPnN0 YXRlID0gWFNMVF9TVEFURV9TVE9QUEVEOworCXhtbFhQYXRoUmV0dXJuRW1wdHlTdHJpbmcgKGN0 eHQpOworCWdvdG8gZG9uZTsKKyAgICB9CiAgICAgcmV0X2xlbiA9IGV4c2x0Q3J5cHRvSGV4MkJp biAoc3RyLCBzdHJfbGVuLCBiaW4sIGJpbl9sZW4pOwogCiAvKiBkZWNyeXB0IHRoZSBiaW5hcnkg YmxvYiAqLwogICAgIHJldCA9IHhtbE1hbGxvY0F0b21pYyAocmV0X2xlbik7CisgICAgaWYgKHJl dCA9PSBOVUxMKSB7CisJeHNsdFRyYW5zZm9ybUVycm9yKHRjdHh0LCBOVUxMLCB0Y3R4dC0+aW5z dCwKKwkgICAgImV4c2x0Q3J5cHRvUmM0RW5jcnlwdEZ1bmN0aW9uOiBGYWlsZWQgdG8gYWxsb2Nh dGUgcmVzdWx0XG4iKTsKKwl0Y3R4dC0+c3RhdGUgPSBYU0xUX1NUQVRFX1NUT1BQRUQ7CisJeG1s WFBhdGhSZXR1cm5FbXB0eVN0cmluZyAoY3R4dCk7CisJZ290byBkb25lOworICAgIH0KICAgICBQ TEFURk9STV9SQzRfREVDUllQVCAoY3R4dCwgcGFka2V5LCBiaW4sIHJldF9sZW4sIHJldCwgcmV0 X2xlbik7CiAKICAgICB4bWxYUGF0aFJldHVyblN0cmluZyAoY3R4dCwgcmV0KTsKIAorZG9uZToK ICAgICBpZiAoa2V5ICE9IE5VTEwpCiAJeG1sRnJlZSAoa2V5KTsKICAgICBpZiAoc3RyICE9IE5V TEwpCg== 160719 2008-07-18 12:42 0000 Ebuild applying patch libxslt-1.1.24-r1.ebuild text/plain IyBDb3B5cmlnaHQgMTk5OS0yMDA4IEdlbnRvbyBGb3VuZGF0aW9uCiMgRGlzdHJpYnV0ZWQgdW5k ZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2MgojICRIZWFk ZXI6IC92YXIvY3Zzcm9vdC9nZW50b28teDg2L2Rldi1saWJzL2xpYnhzbHQvbGlieHNsdC0xLjEu MjQuZWJ1aWxkLHYgMS4xMCAyMDA4LzA1LzIzIDIwOjU3OjMzIG1hZWtrZSBFeHAgJAoKaW5oZXJp dCBsaWJ0b29sIGV1dGlscyBweXRob24gYXV0b3Rvb2xzCgpERVNDUklQVElPTj0iWFNMVCBsaWJy YXJpZXMgYW5kIHRvb2xzIgpIT01FUEFHRT0iaHR0cDovL3d3dy54bWxzb2Z0Lm9yZy8iCgpMSUNF TlNFPSJNSVQiClNMT1Q9IjAiCktFWVdPUkRTPSJhbHBoYSBhbWQ2NCB+YXJtIGhwcGEgaWE2NCB+ bTY4ayB+bWlwcyBwcGMgcHBjNjQgfnMzOTAgfnNoIHNwYXJjIH5zcGFyYy1mYnNkIHg4NiB+eDg2 LWZic2QiCklVU0U9ImNyeXB0IGRlYnVnIGV4YW1wbGVzIHB5dGhvbiIKCkRFUEVORD0iPj1kZXYt bGlicy9saWJ4bWwyLTIuNi4yNwoJY3J5cHQ/ICAoID49ZGV2LWxpYnMvbGliZ2NyeXB0LTEuMS45 MiApCglweXRob24/ICggZGV2LWxhbmcvcHl0aG9uICkiCgpTUkNfVVJJPSJmdHA6Ly94bWxzb2Z0 Lm9yZy8ke1BOfS8ke1B9LnRhci5neiIKCnNyY191bnBhY2soKSB7Cgl1bnBhY2sgJHtBfQoJY2Qg IiR7U30iCgoJIyB3ZSBzdGlsbCByZXF1aXJlIHRoZSAxLjEuOCBwYXRjaCBmb3IgdGhlIC5tNCBm aWxlLCB0byBhZGQKCSMgdGhlIENYWEZMQUdTIGRlZmluZXMgPG9iekBnZW50b28ub3JnPgoJZXBh dGNoICIke0ZJTEVTRElSfS9saWJ4c2x0Lm00LSR7UE59LTEuMS44LnBhdGNoIgoKCSMgZml4IHBh cmFsbGVsIGluc3RhbGwsIGJ1ZyAjMjEyNzg0LgoJZXBhdGNoICIke0ZJTEVTRElSfS8ke1BOfS0x LjEuMjMtcGFyYWxsZWwtaW5zdGFsbC5wYXRjaCIKCgkjIFBhdGNoIE1ha2VmaWxlIHRvIGZpeCBi dWcgIzk5MzgyIHNvIHRoYXQgaHRtbCBnZXRzIGluc3RhbGxlZCBpbiAke1BGfQoJc2VkIC1pIC1l ICJzOmxpYnhzbHQtXCQoVkVSU0lPTik6JHtQRn06IiBkb2MvTWFrZWZpbGUuYW0KCgkjIEZpeCBi cm9rZW4gPHB5dGhvbi0yLjUgc2l0ZS1wYWNrYWdlcyBkZXRlY3Rpb24KCSMgc2VlIGJ1ZyAjODY3 NTYgYW5kIGJ1ZyAjMjE4NjQzCglweXRob25fdmVyc2lvbgoJc2VkIC1pICJzOl5cKEFDX1NVQlNU KFBZVEhPTl9TSVRFX1BBQ0tBR0VTKVwpOlBZVEhPTl9TSVRFX1BBQ0tBR0VTPVwiL3Vzci8kKGdl dF9saWJkaXIpL3B5dGhvbiR7UFlWRVJ9L3NpdGUtcGFja2FnZXNcIlxuXDE6IiBjb25maWd1cmUu aW4KCgkjIEZpeCBicm9rZW4gcmM0IGVuY3J5cHQuICBidWcgIzIzMjE3MgoJZXBhdGNoICIke0ZJ TEVTRElSfS8ke1B9LWV4c2x0X2NyeXB0LnBhdGNoIgoKCWVhdXRvcmVjb25mCgllcHVudF9jeHgK CWVsaWJ0b29saXplCn0KCnNyY19jb21waWxlKCkgewoJIyBBbHdheXMgcGFzcyAtLXdpdGgtZGVi dWdnZXIuIEl0IGlzIHJlcXVpcmVkIGJ5IHRoaXJkIHBhcnRpZXMgKHNlZQoJIyBlLmcuIGJ1ZyAj OTgzNDUpCglsb2NhbCBteWNvbmY9Ii0td2l0aC1kZWJ1Z2dlciBcCgkJJCh1c2Vfd2l0aCBweXRo b24pICAgICAgIFwKCQkkKHVzZV93aXRoIGNyeXB0IGNyeXB0bykgXAoJCSQodXNlX3dpdGggZGVi dWcpICAgICAgICBcCgkJJCh1c2Vfd2l0aCBkZWJ1ZyBtZW0tZGVidWcpIgoKCWVjb25mICR7bXlj b25mfSB8fCBkaWUgImNvbmZpZ3VyZSBmYWlsZWQiCgoJZW1ha2UgfHwgZGllICJDb21waWxhdGlv biBmYWlsZWQiCn0KCnNyY19pbnN0YWxsKCkgewoJZW1ha2UgREVTVERJUj0iJHtEfSIgaW5zdGFs bCB8fCBkaWUgIkluc3RhbGxhdGlvbiBmYWlsZWQiCgoJZG9kb2MgQVVUSE9SUyBDaGFuZ2VMb2cg Q29weXJpZ2h0IEZFQVRVUkVTIE5FV1MgUkVBRE1FIFRPRE8KCglpZiAhIHVzZSBleGFtcGxlczsg dGhlbgoJCXJtIC1yZiAiJHtEfS91c3Ivc2hhcmUvZG9jLyR7UE59LXB5dGhvbi0ke1BWfS9leGFt cGxlcyIKCWZpCn0K 160731 2008-07-18 15:31 0000 libxslt-1.1.24-r1.tar.gz libxslt-1.1.24-r1.tar.gz application/octet-stream H4sIAJC3gEgAA+07+1fbONb9NfkrtCnnmwTykOSHbFq6w0Boc0qBQ2C3PcN8+WRbJp4mdtZ2gEyX /dv3Sn6QhEfp1xk6PRMd8EO6urov3XslOZ64aI0CJ+nA5SoZpZ1nv3/BUJhhyDthBp6/F+UZIVjH RNMMTX+GCdWhChl/AC23yjRJeYzQs9iZPgj3ufbvtHjL+n/Hw8AXSfo7jiEVbOr6ffqnGp3Tvw71 RMem9gzh35GGe8tfXP/bp+9RrvoWaZM2xS0+9ky9PeGpO0SEMIyO3+0SEyPh24YhBHdcxmzmaY5p m5hg0+NM2BZ3MLc0zfV11H+zTRDFumd4jFjM8TTmCaoDnO0SQgnhGhOW4XN49SU0NUzEdN81TOJq tmsamFFddwyXW55LYTzD4p5rCM3CngtWYjLNxQDgMJ1qBraFQ43qLU601oTHfDQSo1YQgpZHo5wp Q2cFT47BdcuGC9CmC4vDwKZODGbbluswrhlUd3xdtzKefI/p2NYt7hLKic403wIGbVvohq07HBNu gRwcr+DJZLbnUN+0NJ9x2wfpMGxZLtdcnVmmMHSdAbRu6oCWGJrghHqa5miGgy3CbO02T3pLyJeB G88mac6ObmOz4Md3PEdwDQuXEgs7GrZBI4z4NiE29zC1mM8tR+Q6wsQilsYM29E1wjl3BHAnXO4B Fg17voVNonmeVfDjUeKYMIzl6Y6HDWHblGHH8TnXTapZIDcuGBWmZdoudw1iOw4hpqF5BrZ87Hnz /LTHemueNauwOGrTghvQNgxpM4uDbDFllu75JsM+dW1LMzxOKfN16hba8UGwhu9bugPuwxSuLmky mdDA9jTGNGy48KAX3GCPG7bvmK5jYMcHmYFemQ2OyvNtrNk6w4y7mAkTaxrjgBsLQ7Mtk1lE2AJ7 1d1e/2RJPW1wJu3z35CmmZptkoIRnQjGKBFCeIxSVzc0gi3GPKwbOqWOzrijUZtpGSMOOEEKE4Y7 vm8YugGdTN/khoF123WE45omyN8o1eJil4DidAuGscGQfWp7YKeu6Vsexx5xCPfBu2rCAXnYrkVd Zlmez02ubERUuz+d9vZ3ly0tJm3hTIORB3MZlzPGchmhgMrSPEfqyjawD5NaUMMBWn0HuOTUEkbO ii8MYpkc5O5rMGOZISyXYsfmFqgKbJ+5GlgnLVgBtbrcoZprcscGzYFOAKevayAE26QC/BEBrRGX crBNz8RYk/7H1DA1wD686rf2p99buRX//WAkkt83C/yy/E/Gf01n5ir/e4pyj/4/F3S+aAyV/2F8 j/4J0Q2a659SSsxnmBLKyCr/e4rSCz1xtSldv9JxR+k4arvVra8v1VardRtzpR6LiyAJohBBCmU3 qhsbG3dBXUbxxyA8R240mTWqP/6IWoZtNAlBG+quIahSfXZUl2NX74aq9940dFOJvn41Hr0/4unw qIpkCcIUJWk8GIkQbSHcRE4Q3rwMxVXx8iKDh+47QzCO9Y9iBtUHp/v7TbQOGG5eJty7aVzuBuhv IAF9CbahwID0k5iHiR/F450oTMVVegS4Uze9Sm8wVluKdB/V6yGPzxP0EpEG+ve/Uf76CmmNBvqU 4ZRgWfXfthCV1ahSCKEv0u04SGfdOI5iVJejNAB/JRbpNA5z2q8zPAUNkkbV+bW4RWuJIeuZiaWU eDTpp7FUXwmWA+UyBsDTkz0LgOR7HRoARirZJKTJ0AYknnD7YhVfF+RkWrmfnFYO9BA5Gw/CQMMN 91LwJSRY0KLoj5WIu+NJOlsiQ3FMcZMYwDKlTe0LzXpZe7m5lGYJoO9g4RO522k0DlxUP97RB2+7 Hwb73YPXJ28KJh8LjzbA+F7c2FrRL7NWZYaVBbtWxlZX5tTMZ4J6ab2SS7ImgEtUtQcZ3kR7HIKS h9IIKdp4KnKKz8KaJKeS4wRXDk1b6H1//2TQP9k+6cL18OiouyuBPq+Njcp5BIN4UShyJvP5MBbj RKQ5u03pLe6WS2l7gyT4TSzYjKqoq+65ocwLsl72ebWEOpvrZfNLsK0/TM5Sl2qUNIrQKALJgKeQ lU4cfRThE0gb5dJ2JzNUirsUmqStmLuZSkoT3CgBmuiHM/xDUzESlTbayOZqZx2JjGsUpGi9kw14 EwdyB/WirM90CJR700nhF8oZr9qf3vYTJccv0MZjPBGa10buTZR30qymCc7JsJr2l/vjm6BauP51 ROVseVG23+V18m7zslaQTy/rWCTTUfpUsmZYJTimrd2Z4OyKr0lwIFR8ZYLTzHMaYCB/BZyrrOYx WY1lyqyGqeTmi/X6XWY1kKRTmOoMshuDfBnPq6zmz5TVrHKaP31O4wk38oSKpjA6+Ggezx6f3SzO jRx8XpPfS57zVRq6CY9zlL4RV/SnIPOdzUJ+Kq6WwXVeCSqxTIeiUIEzipxSD1msvCXvfNx5eSvI 7yDX+Sp5H+1vn+wdHr8bSN+w2905/nB0kvVqomKWKDnnAlIP5dtNkFokYX50BawAN+TwmwtBTeYS SsBZRNuLhSijXwEmo38J9q136v6Y8vD+7z2HdF84xufO/3WiPyPygM8kJqH0GaYAvjr/f5KSb9Hm yq5QjPUWNlqEIWxsUvgz2+UhDdoAzeBivzbvklmE8PKurEVNhM1N6K3d7qp2cWnTQhtwJRiywmyy 5SUBh/RD0jmr//wzbtm//LJ+1mjf+9I50zo//F85WVORpKh2tSZC7ozEQFInq2rgumpXM5HU0Avp mcNiQO4OEn4hBjt7+9uv+1u1teyhlvmoufb370uI/LG2jGO/95Nsl7eybQkvWlMOdGmQeeSLqHOU qpN8RgV2LxypCzqILhEI3v2ouIeYk3/kADLMtYOCBCVT3w/cQITpaIZCcdlWOiDZop7oWC1HqtIn /9JsojBSgtsCeTV/Fu4wQmvAY4hqbhwlCXKj8SQYgX99gXiSTMcw1OHbdrutoNzaL41SmyX3i2Iu GZ/nfFnSpQwKIcyLuWj0g2p2VewYGTsmydnJixglYt7AFEe19fV1tBNNRx6wm6J4GpbyUjY0iaPz mI+bmXBlMLkczoDJ2jymR2n3YQ3PMZgpuNT1Asj2zuDkGBLn3sHb+s9V9DwI3dEUcr2XhcNW83D4 KhMEY0oQ1pIgFniH/Dcd8hTNoikaglzROLoATcLIkgLIMUNXyN2xS57c2FQb9UJlZSMO8ypGLk8g KwUUtbsHGfMZIAhTmWAIL8iyIhVH3Cj0g3OUuHEwSTcLyR0e7PVe19CcCT1oRZXKI03oYSsq7Ch7 +Na++FuUx5z/3vch1WPH+Ez8JxiCPSGQCJhU0xjUy1NgvIr/T1Hm4n+mbNqRB6+dpbrJLB1GYecd /yikgbT5GM3nAbmd3NFVu7Or9FU6bdpoQ12lp6rAEgSt1ZPY9YK4kSNpw5J5uS51RxB8ZMurMg2Z zORqIDfOlsdT3pJrmtFmtVVZq48/5i2AJWkAwt1u/2S3d9xYq2fESezgU1qPBUWVH3sHsBba3wc+ xkga9xwp9/X6DCm7hzv9gXz8LCU3kEBIHZaEsLpygXuUNTUg0zmDJnBqXoRuU3oj0LU12fFO1IBD rplgiL+kW/zLlMf4/4VPgv8fY3xu/QcF1n+maWjY1JjxDFpNY/X9z5MUL/B91GqJK5VVtvw4Gm91 htFYdDwennfaWZqWdCRc7KLWdIJa8fRg6ZvxdhQH54WnLzyhuwR0q716K/jcg0iuLVkLE0j0EWab BtnUrbm1JSxYF5el9w2Y47Fa1EYEwwJ1cY3awnq+RmVqYbTB8vVRgVctjrYnk9Gsn85gmgyFSOtH s0PnV+GmaL1YbNzUTGaR8+sAnOyLu1tkXjVO8kZIjGH54aoDufWspTwwy47LIJ0uT/OC7PZrsW14 V5vcSJNo1B7yLRJCPr5decFHU1mbiUGu0jWQg7zrXyaIitxAO5rtBm462JErqfo8y43sKEmOnVGd Q/aB0EXAFzmYRCdBX2XHUK1KpRRRfUFyjZst1rrqIU8x1LHzuuxVQfeXbHu9niFqqM3LypwE5VCL CJd6zHV4kKw5nIq/SnbqlPW72fdFGbGTGJTr12sPyH4TRdMURb48QYji/AAp7340G/QOdo67e6CN wYGM6WVTdsy2WH8teShPhiRJ6mToFsm/5ufIlcrlEEJGqesDeYg6r8Em+p8A/qW1wU3ZV2OOu3kh pePJi1W68aTlVvy/70cAXzHGw9//Yo1RVnz/S+AC8d+kjK3i/1OU52gnmswg6A5TRGzbbkGItNBr Ecrj0r1oGsJiKojC6nO0G8jzOGeaCg9BtYjVlk4qYnBaUbYD+frgVHYVMR+ho6kzCly0H7giTAS6 oIBi7Y3g0HETdS543HEvkjiK0s65Gqx1ZZmdz1hjborNCwTvWP4sxepgo0M1eNw02KamoTEXHz8K 1L2aoLVqNQiHIg5SGbZgiBES0zQYJSjLCxCfppGsTqpVWAHtHPeOTnqHB1s1tQ0GXWIeByJBPJTH ZABWq745fNc92n7d3aoN03Sy2elcXl62wa8nkZ9C6nLeqVWr+72d7kEfQN71TmrV/v7hyVYN16pv ux/+eXi829+q8dFkyJFKqdF/eDxGw8mEo4DL17FpfYRrMAEiJ678l7WJZmO4DlECLtWFJ3lr+U7i IZAa+g9c1Fut2juVI2fnkB5I6xyJKz6eQJjIma5JXo+6B7tbtVdbC+Iej2iLts02ZdWKQvB3hOpo EehcNSht2BQ1qpUM6d8BUIHJlDEXbgNG6h/vDE6Pe1s1XwlrXlBrn44OruX1Ov/JFIDDsnQwDScc cgUZICrZM1r7tH0NJHmotvapfw1wlefoUp4OB6MRhLB/TYNYKPNTJ1Qo+xmZH2X22R7rSC5pmuqk 0/NkZ1lf7BQC3X4QgnheRs5vP2amKAl8Va2IDBOMutfb7/ZhVXw9fy6mOJg/Fcso84MrVGyXFTsS TSQ18Vz+rMHS23djvkF3735bNsCR6ltsp0i25JBqANvWLIqSKNvfHabjEToX6dwurtok+HS0B/KU Zy2tALUEqiWbxTQ7W6v/o3vch1nQ2FRwmzW5tzC/eaNo2JMjqu8n0MtM32A6BmRDqWhJnfFzkKgn UqEOm2WPRIiMRstkhqnmVC4Ty9S1wpAGFyJOVI+cPKDtf8/q2zuD/ulP/ZP60YeTN4cHg37vpDs4 2t55C1Ox3zhrbN5Vv3VW60yTuLNWP5dHxoGjtjyycYC3D8DodWeB4rPaWXhGgOVsi3oai3YQLvMb u3rxCWkb5TxolDB6r1qvb/98RmpSSPcTCzmW7DoNAeLqCh5zZwWZVvU6mxTZuYvIZsVztD265DOY 0DxJYOl2GaTDlprr5yJuo5469smnBQh5BsYQxJ60yVR6szpoQiIR7fN2bjWWphswl9WOGRrPJEVb tSXE6KxaqazVp4kYyPrcmzTyxHmpMfM/2U85GsuNCmPR8c5GmcVmAzeUoCRBYLYZZdfy2yEvALMt tYR89S2Dgh2DpZYQO0puKoCVMLlI8ymRiTTrle+CbYH+dq9rxaQpkfWy90Vs1YoXyT207VMwwOM+ 2hmCCxT70flcWN3rbp+cHnf76KD7zz467m7vvuuik8PdQ+gNif/fEHBfuun8kLJSgbjQin2kiFF2 nECKDKtymI2Zq8jnHbz847pTdK9VK34APH7rtGJVVmVVVmVVVmVVVmVVVmVVVmVV/mTlv5Qu96IA UAAA