62618 2004-09-02 06:06 0000 app-arch/lha: multiple vulnerabilities 2004-09-08 13:37:03 0000 1 1 1 Unclassified Gentoo Linux Security unspecified All All RESOLVED FIXED http://rhn.redhat.com/errata/RHSA-2004-323.html B2 [glsa] P2 normal --- 1 vorlon@gentoo.org security@gentoo.org usata@gentoo.org vorlon@gentoo.org 2004-09-02 06:06:14 0000 Secunia Advisory at http://secunia.com/advisories/12435/ RH advisory: An updated lha package fixes security vulnerability Advisory: RHSA-2004:323-09 Last updated on: 2004-09-01 [...] CVEs (cve.mitre.org): CAN-2004-0694 CAN-2004-0745 CAN-2004-0769 CAN-2004-0771 Details: An updated lha package that fixes a buffer overflow is now available. LHA is an archiving and compression utility for LHarc format archives. Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0769 to this issue. Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user could trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0771 and CAN-2004-0694 to these issues. Thomas Biege discovered a shell meta character command execution vulnerability in all versions of lha up to and including 1.14. An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0745 to this issue. Users of lha should update to this updated package which contains backported patches and is not vulnerable to these issues. vorlon@gentoo.org 2004-09-02 06:09:43 0000 Forgot this section of the RH adv: References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771 http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153 http://lw.ftw.zamosc.pl/lha-exploit.txt vorlon@gentoo.org 2004-09-02 06:39:31 0000 ok... didn't notice it was an errata by RedHat and it seems to have been dealt with quite a while ago *** This bug has been marked as a duplicate of 51285 *** vorlon@gentoo.org 2004-09-05 05:03:29 0000 It doesn't appear to be a total duplicate. There are new OSVDB entries and the CAN numbers look kinda new. And Red Hat is patching quite a bit more than the ebuild does at the moment, if I am not mistaken again. vorlon@gentoo.org 2004-09-05 05:07:07 0000 Created an attachment (id=38971) Red Hat patch 4 Attaching RH patches in reverse order, newest first. vorlon@gentoo.org 2004-09-05 05:07:58 0000 Created an attachment (id=38972) RH patch 3 vorlon@gentoo.org 2004-09-05 05:09:08 0000 Created an attachment (id=38973) RH patch 2 vorlon@gentoo.org 2004-09-05 05:12:11 0000 Created an attachment (id=38975) RH patch RH Patch1: lha-114i-sec.patch not attached, because it's identical to Gentoo's lha-114i.diff koon@gentoo.org 2004-09-05 08:37:03 0000 usata, you fixed it last time, could you have a look ? We may have patched only part of the issues. usata@gentoo.org 2004-09-07 06:23:50 0000 Yes, it looks another vulnerability. I added the patches to lha and released it as lha-114i-r4. Also I added =app-arch/lha-114i-r2 and =app-arch/lha-114i-r3 to p.mask. koon@gentoo.org 2004-09-07 08:50:37 0000 Thanks usata, this is ready for yet another GLSA... jaervosz@gentoo.org 2004-09-08 13:37:03 0000 GLSA 200409-13 38971 2004-09-05 05:07 0000 Red Hat patch 4 rhel3-lha.patch text/plain ZGlmZiAtdXJOcCBsaGEtMTE0aS5vcmlnL3NyYy9saGFfbWFjcm8uaCBsaGEtMTE0aS9zcmMvbGhh X21hY3JvLmgKLS0tIGxoYS0xMTRpLm9yaWcvc3JjL2xoYV9tYWNyby5oCTIwMDQtMDgtMDMgMTU6 NTM6NTYuMDAwMDAwMDAwIC0wNTAwCisrKyBsaGEtMTE0aS9zcmMvbGhhX21hY3JvLmgJMjAwNC0w OC0wMyAxNTo1NDowNS4wMDAwMDAwMDAgLTA1MDAKQEAgLTUzLDcgKzUzLDcgQEAKICNkZWZpbmUg U0VFS19TRVQJCTAKICNkZWZpbmUgU0VFS19DVVIJCTEKICNkZWZpbmUgU0VFS19FTkQJCTIKLSNl bmRpZgkvKiBTRUVLX1NFVAorI2VuZGlmCS8qIFNFRUtfU0VUICovCiAKIAogLyogbm9uLWludGVn cmFsIGZ1bmN0aW9ucyAqLwpkaWZmIC11ck5wIGxoYS0xMTRpLm9yaWcvc3JjL2xoYXJjLmMgbGhh LTExNGkvc3JjL2xoYXJjLmMKLS0tIGxoYS0xMTRpLm9yaWcvc3JjL2xoYXJjLmMJMjAwNC0wOC0w MyAxNTo1Mzo1Ni4wMDAwMDAwMDAgLTA1MDAKKysrIGxoYS0xMTRpL3NyYy9saGFyYy5jCTIwMDQt MDgtMDMgMTU6NTQ6MDUuMDAwMDAwMDAwIC0wNTAwCkBAIC04MzAsOSArODMwLDEwIEBAIGZpbmRf ZmlsZXMobmFtZSwgdl9maWxlYywgdl9maWxldikKIAlESVJFTlRSWSAgICAgICAqZHA7CiAJc3Ry dWN0IHN0YXQgICAgIHRtcF9zdGJ1ZiwgYXJjX3N0YnVmLCBmaWxfc3RidWY7CiAKLQlzdHJjcHko bmV3bmFtZSwgbmFtZSk7CisJc3RybmNweShuZXduYW1lLCBuYW1lLCBzaXplb2YobmV3bmFtZSkp OworCW5ld25hbWVbc2l6ZW9mKG5ld25hbWUpLTFdID0gMDsKIAlsZW4gPSBzdHJsZW4obmFtZSk7 Ci0JaWYgKGxlbiA+IDAgJiYgbmV3bmFtZVtsZW4gLSAxXSAhPSAnLycpCisJaWYgKGxlbiA+IDAg JiYgbmV3bmFtZVtsZW4gLSAxXSAhPSAnLycgJiYgbGVuIDwgKHNpemVvZihuZXduYW1lKS0xKSkK IAkJbmV3bmFtZVtsZW4rK10gPSAnLyc7CiAKIAlkaXJwID0gb3BlbmRpcihuYW1lKTsKQEAgLTg0 Niw2ICs4NDcsMTEgQEAgZmluZF9maWxlcyhuYW1lLCB2X2ZpbGVjLCB2X2ZpbGV2KQogCiAJZm9y IChkcCA9IHJlYWRkaXIoZGlycCk7IGRwICE9IE5VTEw7IGRwID0gcmVhZGRpcihkaXJwKSkgewog CQluID0gTkFNTEVOKGRwKTsKKwkJaWYgKGxlbiA+PSAoc2l6ZW9mKG5ld25hbWUpLTEpIHx8CisJ CQkJKGxlbituKSA+PSAoc2l6ZW9mKG5ld25hbWUpLTEpIHx8CisJCQkJCSBuICA8PSAwICAgICAg ICAgICAgICAgICAgIHx8CisJCQkJKGxlbituKSA8PSAwKQorCQkJYnJlYWs7CiAJCXN0cm5jcHko bmV3bmFtZSArIGxlbiwgZHAtPmRfbmFtZSwgbik7CiAJCW5ld25hbWVbbGVuICsgbl0gPSAnXDAn OwogCQlpZiAoR0VUU1RBVChuZXduYW1lLCAmZmlsX3N0YnVmKSA8IDApCkBAIC05MDMsNyArOTA5 LDggQEAgYnVpbGRfdGVtcG9yYXJ5X25hbWUoKQogCQlzdHJjcHkodGVtcG9yYXJ5X25hbWUsIFRN UF9GSUxFTkFNRV9URU1QTEFURSk7CiAJfQogCWVsc2UgewotCQlzcHJpbnRmKHRlbXBvcmFyeV9u YW1lLCAiJXMvbGhYWFhYWFgiLCBleHRyYWN0X2RpcmVjdG9yeSk7CisJCXNucHJpbnRmKHRlbXBv cmFyeV9uYW1lLCBzaXplb2YodGVtcG9yYXJ5X25hbWUpLAorCQkJIiVzL2xoWFhYWFhYIiwgZXh0 cmFjdF9kaXJlY3RvcnkpOwogCX0KICNpZmRlZiBNS1NURU1QCiAJbWtzdGVtcCh0ZW1wb3Jhcnlf bmFtZSk7CkBAIC05MTMsMTAgKzkyMCwxNiBAQCBidWlsZF90ZW1wb3JhcnlfbmFtZSgpCiAjZWxz ZQogCWNoYXIgICAgICAgICAgICpwLCAqczsKIAotCXN0cmNweSh0ZW1wb3JhcnlfbmFtZSwgYXJj aGl2ZV9uYW1lKTsKKwlzdHJuY3B5KHRlbXBvcmFyeV9uYW1lLCBhcmNoaXZlX25hbWUsIHNpemVv Zih0ZW1wb3JhcnlfbmFtZSkpOworCXRlbXBvcmFyeV9uYW1lW3NpemVvZih0ZW1wb3JhcnlfbmFt ZSktMV0gPSAwOwogCWZvciAocCA9IHRlbXBvcmFyeV9uYW1lLCBzID0gKGNoYXIgKikgMDsgKnA7 IHArKykKIAkJaWYgKCpwID09ICcvJykKIAkJCXMgPSBwOworCisJaWYoIHNpemVvZih0ZW1wb3Jh cnlfbmFtZSkgLSAoKHNpemVfdCkgKHMtdGVtcG9yYXJ5X25hbWUpKSAtIDEKKwkJPD0gc3RybGVu KCJsaFhYWFhYWCIpKQorCQkJZXhpdCgtMSk7CisKIAlzdHJjcHkoKHMgPyBzICsgMSA6IHRlbXBv cmFyeV9uYW1lKSwgImxoWFhYWFhYIik7CiAjaWZkZWYgTUtTVEVNUAogCW1rc3RlbXAodGVtcG9y YXJ5X25hbWUpOwpAQCAtMTA1Miw3ICsxMDY1LDggQEAgb3Blbl9vbGRfYXJjaGl2ZSgpCiAKIAlp ZiAob3Blbl9vbGRfYXJjaGl2ZV8xKGFyY2hpdmVfbmFtZSwgJmZwKSkKIAkJcmV0dXJuIGZwOwot CXNwcmludGYoZXhwYW5kZWRfYXJjaGl2ZV9uYW1lLCAiJXMubHpoIiwgYXJjaGl2ZV9uYW1lKTsK KwlzbnByaW50ZihleHBhbmRlZF9hcmNoaXZlX25hbWUsIHNpemVvZihleHBhbmRlZF9hcmNoaXZl X25hbWUpLAorCQkiJXMubHpoIiwgYXJjaGl2ZV9uYW1lKTsKIAlpZiAob3Blbl9vbGRfYXJjaGl2 ZV8xKGV4cGFuZGVkX2FyY2hpdmVfbmFtZSwgJmZwKSkgewogCQlhcmNoaXZlX25hbWUgPSBleHBh bmRlZF9hcmNoaXZlX25hbWU7CiAJCXJldHVybiBmcDsKQEAgLTEwNjEsNyArMTA3NSw4IEBAIG9w ZW5fb2xkX2FyY2hpdmUoKQogCSAqIGlmICggKGVycm5vJjB4ZmZmZikhPUVfUE5ORiApIHsgYXJj aGl2ZV9uYW1lID0KIAkgKiBleHBhbmRlZF9hcmNoaXZlX25hbWU7IHJldHVybiBOVUxMOyB9CiAJ ICovCi0Jc3ByaW50ZihleHBhbmRlZF9hcmNoaXZlX25hbWUsICIlcy5senMiLCBhcmNoaXZlX25h bWUpOworCXNucHJpbnRmKGV4cGFuZGVkX2FyY2hpdmVfbmFtZSwgc2l6ZW9mKGV4cGFuZGVkX2Fy Y2hpdmVfbmFtZSksCisJCSIlcy5senMiLCBhcmNoaXZlX25hbWUpOwogCWlmIChvcGVuX29sZF9h cmNoaXZlXzEoZXhwYW5kZWRfYXJjaGl2ZV9uYW1lLCAmZnApKSB7CiAJCWFyY2hpdmVfbmFtZSA9 IGV4cGFuZGVkX2FyY2hpdmVfbmFtZTsKIAkJcmV0dXJuIGZwOwpkaWZmIC11ck5wIGxoYS0xMTRp Lm9yaWcvc3JjL2xoZXh0LmMgbGhhLTExNGkvc3JjL2xoZXh0LmMKLS0tIGxoYS0xMTRpLm9yaWcv c3JjL2xoZXh0LmMJMjAwNC0wOC0wMyAxNTo1Mzo1Ni4wMDAwMDAwMDAgLTA1MDAKKysrIGxoYS0x MTRpL3NyYy9saGV4dC5jCTIwMDQtMDgtMDMgMTU6NTU6NDAuMDAwMDAwMDAwIC0wNTAwCkBAIC04 Miw3ICs4Miw4IEBAIG1ha2VfcGFyZW50X3BhdGgobmFtZSkKIAlyZWdpc3RlciBjaGFyICAqcDsK IAogCS8qIG1ha2UgcGFyZW50IGRpcmVjdG9yeSBuYW1lIGludG8gUEFUSCBmb3IgcmVjdXJzaXZl IGNhbGwgKi8KLQlzdHJjcHkocGF0aCwgbmFtZSk7CisJbWVtc2V0KHBhdGgsIDAsIHNpemVvZihw YXRoKSk7CisJc3RybmNweShwYXRoLCBuYW1lLCBzaXplb2YocGF0aCktMSk7CiAJZm9yIChwID0g cGF0aCArIHN0cmxlbihwYXRoKTsgcCA+IHBhdGg7IHAtLSkKIAkJaWYgKHBbLTFdID09ICcvJykg ewogCQkJKi0tcCA9ICdcMCc7CkBAIC0yMTIsOSArMjEzLDExIEBAIGV4dHJhY3Rfb25lKGFmcCwg aGRyKQogCX0KIAogCWlmIChleHRyYWN0X2RpcmVjdG9yeSkKLQkJc3ByaW50ZihuYW1lLCAiJXMv JXMiLCBleHRyYWN0X2RpcmVjdG9yeSwgcSk7Ci0JZWxzZQotCQlzdHJjcHkobmFtZSwgcSk7CisJ CXNucHJpbnRmKG5hbWUsIHNpemVvZihuYW1lKSwgIiVzLyVzIiwgZXh0cmFjdF9kaXJlY3Rvcnks IHEpOworCWVsc2UgeworCQlzdHJuY3B5KG5hbWUsIHEsIHNpemVvZihuYW1lKSk7CisJCW5hbWVb c2l6ZW9mKG5hbWUpIC0gMV0gPSAnXDAnOworCX0KIAogCiAJLyogTFpIRElSU19NRVRIT0Tvv73v v73vv73vv73vv73Epdilw6Xvv73vv73vv73vv73vv73vv73vv73vv73Dpe+/ve+/ve+/ve+/ve+/ vSAqLwpAQCAtMzM1LDcgKzMzOCw4IEBAIGV4dHJhY3Rfb25lKGFmcCwgaGRyKQogCQkJaWYgKCho ZHItPnVuaXhfbW9kZSAmIFVOSVhfRklMRV9UWVBFTUFTSykgPT0gVU5JWF9GSUxFX1NZTUxJTksp IHsKIAkJCQljaGFyICAgICAgICAgICAgYnVmWzI1Nl0sICpiYjEsICpiYjI7CiAJCQkJaW50ICAg ICAgICAgICAgIGxfY29kZTsKLQkJCQlzdHJjcHkoYnVmLCBuYW1lKTsKKwkJCQlzdHJuY3B5KGJ1 ZiwgbmFtZSwgc2l6ZW9mKGJ1ZikpOworCQkJCWJ1ZltzaXplb2YoYnVmKS0xXSA9IDA7CiAJCQkJ YmIxID0gc3RydG9rKGJ1ZiwgInwiKTsKIAkJCQliYjIgPSBzdHJ0b2soTlVMTCwgInwiKTsKIApA QCAtMzY1LDkgKzM2OSwxMCBAQCBleHRyYWN0X29uZShhZnAsIGhkcikKIAkJCQlpZiAocXVpZXQg IT0gVFJVRSkgewogCQkJCQlwcmludGYoIlN5bWJvbGljIExpbmsgJXMgLT4gJXNcbiIsIGJiMSwg YmIyKTsKIAkJCQl9Ci0JCQkJc3RyY3B5KG5hbWUsIGJiMSk7CS8qIFN5bWJvbGljJ3MgbmFtZSBz ZXQgKi8KKwkJCQlzdHJuY3B5KG5hbWUsIGJiMSwgMjU1KTsJLyogU3ltYm9saWMncyBuYW1lIHNl dCAqLworCQkJCW5hbWVbMjU1XSA9IDA7CiAjZWxzZQotCQkJCXNwcmludGYoYnVmLCAiJXMgLT4g JXMiLCBiYjEsIGJiMik7CisJCQkJc3ByaW50ZihidWYsIHNpemVvZihidWYpLCAiJXMgLT4gJXMi LCBiYjEsIGJiMik7CiAJCQkJd2FybmluZygiQ2FuJ3QgbWFrZSBTeW1ib2xpYyBMaW5rIiwgYnVm KTsKIAkJCQlyZXR1cm47CiAjZW5kaWYKZGlmZiAtdXJOcCBsaGEtMTE0aS5vcmlnL3NyYy9saGxp c3QuYyBsaGEtMTE0aS9zcmMvbGhsaXN0LmMKLS0tIGxoYS0xMTRpLm9yaWcvc3JjL2xobGlzdC5j CTIwMDQtMDgtMDMgMTU6NTM6NTYuMDAwMDAwMDAwIC0wNTAwCisrKyBsaGEtMTE0aS9zcmMvbGhs aXN0LmMJMjAwNC0wOC0wMyAxNTo1NDowNS4wMDAwMDAwMDAgLTA1MDAKQEAgLTI1MCw3ICsyNTAs OCBAQCBsaXN0X29uZShoZHIpCiAJCQlwcmludGYoIiAlcyIsIGhkci0+bmFtZSk7CiAJCWVsc2Ug ewogCQkJY2hhciAgICAgICAgICAgIGJ1ZlsyNTZdLCAqYjEsICpiMjsKLQkJCXN0cmNweShidWYs IGhkci0+bmFtZSk7CisJCQlzdHJuY3B5KGJ1ZiwgaGRyLT5uYW1lLCBzaXplb2YoYnVmKSk7CisJ CQlidWZbc2l6ZW9mKGJ1ZiktMV0gPSAwOwogCQkJYjEgPSBzdHJ0b2soYnVmLCAifCIpOwogCQkJ YjIgPSBzdHJ0b2soTlVMTCwgInwiKTsKIAkJCXByaW50ZigiICVzIC0+ICVzIiwgYjEsIGIyKTsK ZGlmZiAtdXJOcCBsaGEtMTE0aS5vcmlnL3NyYy91dGlsLmMgbGhhLTExNGkvc3JjL3V0aWwuYwot LS0gbGhhLTExNGkub3JpZy9zcmMvdXRpbC5jCTIwMDQtMDgtMDMgMTU6NTM6NTYuMDAwMDAwMDAw IC0wNTAwCisrKyBsaGEtMTE0aS9zcmMvdXRpbC5jCTIwMDQtMDgtMDMgMTU6NTQ6MDUuMDAwMDAw MDAwIC0wNTAwCkBAIC0yNzYsMjEgKzI3NiwyNyBAQCBybWRpcihwYXRoKQogCWNoYXIgICAgICAg ICAgICpwYXRoOwogewogCWludCAgICAgICAgICAgICBzdGF0LCBydG4gPSAwOwotCWNoYXIgICAg ICAgICAgICpjbWRuYW1lOwotCWlmICgoY21kbmFtZSA9IChjaGFyICopIG1hbGxvYyhzdHJsZW4o Uk1ESVJQQVRIKSArIDEgKyBzdHJsZW4ocGF0aCkgKyAxKSkKLQkgICAgPT0gMCkKKwlwaWRfdCAg ICAgICAgICAgY2hpbGQ7CisKKworCS8qIFhYWCB0aG9tYXM6IHNoZWxsIG1ldGEgY2hhcnMgaW4g cGF0aCBjb3VsZCBleGVjIGNvbW1hbmRzICovCisJLyogdGhlcmVmb3JlIHdlIHNob3VsZCBhdm9p ZCB1c2luZyBzeXN0ZW0oKSAqLworCWlmICgoY2hpbGQgPSBmb3JrKCkpIDwgMCkKKwkJcmV0dXJu ICgtMSk7ICAgIC8qIGZvcmsgZXJyb3IgKi8KKwllbHNlIGlmIChjaGlsZCkgeyAgICAgICAvKiBw YXJlbnQgcHJvY2VzcyAqLworCQl3aGlsZSAoY2hpbGQgIT0gd2FpdCgmc3RhdCkpICAgIC8qIGln bm9yZSBzaWduYWxzICovCisJCQljb250aW51ZTsKKwl9CisJZWxzZSB7ICAgICAgICAgICAgICAg ICAgLyogY2hpbGQgcHJvY2VzcyAqLworCQlleGVjbChSTURJUlBBVEgsICJybWRpciIsIHBhdGgs IChjaGFyICopIDApOworCQkvKiBuZXZlciBjb21lIGhlcmUgZXhjZXB0IGV4ZWNsIGlzIGVycm9y ICovCiAJCXJldHVybiAoLTEpOwotCXN0cmNweShjbWRuYW1lLCBSTURJUlBBVEgpOwotCSooY21k bmFtZSArIHN0cmxlbihSTURJUlBBVEgpKSA9ICcgJzsKLQlzdHJjcHkoY21kbmFtZSArIHN0cmxl bihSTURJUlBBVEgpICsgMSwgcGF0aCk7Ci0JaWYgKChzdGF0ID0gc3lzdGVtKGNtZG5hbWUpKSA8 IDApCi0JCXJ0biA9IC0xOwkvKiBmb3JrIG9yIGV4ZWMgZXJyb3IgKi8KLQllbHNlIGlmIChzdGF0 KSB7CS8qIFJNRElSIGNvbW1hbmQgZXJyb3IgKi8KLQkJZXJybm8gPSBFSU87Ci0JCXJ0biA9IC0x OwogCX0KLQlmcmVlKGNtZG5hbWUpOwotCXJldHVybiAocnRuKTsKKwlpZiAoc3RhdCAhPSAwKSB7 CisJCWVycm5vID0gRUlPOyAgICAvKiBjYW5ub3QgZ2V0IGVycm9yIG51bS4gKi8KKwkJcmV0dXJu ICgtMSk7CisJfQorCXJldHVybiAoMCk7CiB9CiAKIC8qIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwo= 38972 2004-09-05 05:07 0000 RH patch 3 lha-dir_length_bounds_check.patch text/plain LS0tIHNyYy9oZWFkZXIuYwkyMDAyLTA3LTE5IDE3OjIzOjU4LjAwMDAwMDAwMCArMDkwMAorKysg c3JjL2hlYWRlci5jCTIwMDQtMDYtMTYgMDk6NDk6MjMuMDAwMDAwMDAwICswOTAwCkBAIC02NDgs OCArNjQ4LDE3IEBACiAJfQogCiAJaWYgKGRpcl9sZW5ndGgpIHsKKwkJaWYgKChkaXJfbGVuZ3Ro ICsgbmFtZV9sZW5ndGgpID4gc2l6ZW9mKGRpcm5hbWUpKSB7CisJCQlmcHJpbnRmKHN0ZGVyciwg Ikluc3VmZmljaWVudCBidWZmZXIgc2l6ZVxuIik7CisJCQlleGl0KDExMik7CisJCX0KIAkJc3Ry Y2F0KGRpcm5hbWUsIGhkci0+bmFtZSk7Ci0JCXN0cmNweShoZHItPm5hbWUsIGRpcm5hbWUpOwor CisJCWlmICgoZGlyX2xlbmd0aCArIG5hbWVfbGVuZ3RoKSA+IHNpemVvZihoZHItPm5hbWUpKSB7 CisJCQlmcHJpbnRmKHN0ZGVyciwgIkluc3VmZmljaWVudCBidWZmZXIgc2l6ZVxuIik7CisJCQll eGl0KDExMik7CisJCX0KKwkJc3RybmNweShoZHItPm5hbWUsIGRpcm5hbWUsIHNpemVvZihoZHIt Pm5hbWUpKTsKIAkJbmFtZV9sZW5ndGggKz0gZGlyX2xlbmd0aDsKIAl9Cg== 38973 2004-09-05 05:09 0000 RH patch 2 lha-114i-malloc.patch text/plain LS0tIGxoYS0xMTRpL3NyYy9saGEuaC5vcmlnCTIwMDQtMDUtMTkgMTk6MjQ6MTkuMDAwMDAwMDAw IC0wNDAwCisrKyBsaGEtMTE0aS9zcmMvbGhhLmgJMjAwNC0wNS0xOSAxOToyMzoxOS4wMDAwMDAw MDAgLTA0MDAKQEAgLTE2LDYgKzE2LDcgQEAKICNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KICNpbmNs dWRlIDxzeXMvZmlsZS5oPgogI2luY2x1ZGUgPHN5cy9zdGF0Lmg+CisjaW5jbHVkZSA8bWFsbG9j Lmg+CiAKICNpbmNsdWRlIDxzaWduYWwuaD4KIAo= 38975 2004-09-05 05:12 0000 RH patch lha-114i-symlink.patch text/plain LS0tIGxoYS0xMTRpL3NyYy9saGV4dC5jLnN5bWxpbmsJMjAwMC0xMC0wNCAxMDo1NzozOC4wMDAw MDAwMDAgLTA0MDAKKysrIGxoYS0xMTRpL3NyYy9saGV4dC5jCTIwMDMtMDUtMTkgMjI6NTU6NTcu MDAwMDAwMDAwIC0wNDAwCkBAIC0zNTEsNiArMzUxLDcgQEAgZXh0cmFjdF9vbmUoYWZwLCBoZHIp CiAJCQkJfQogCiAJCQkJdW5saW5rKGJiMSk7CisJCQkJbWFrZV9wYXJlbnRfcGF0aChiYjEpOwog CQkJCWxfY29kZSA9IHN5bWxpbmsoYmIyLCBiYjEpOwogCQkJCWlmIChsX2NvZGUgPCAwKSB7CiAJ CQkJCWlmIChxdWlldCAhPSBUUlVFKQo=