From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id +F+8NnQCNGD6TAAA0tVLHw (envelope-from ) for ; Mon, 22 Feb 2021 19:13:56 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id AD9/MnQCNGCjQgAAbx9fmQ (envelope-from ) for ; Mon, 22 Feb 2021 19:13:56 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3B99B2D2E0 for ; Mon, 22 Feb 2021 20:13:56 +0100 (CET) Received: from localhost ([::1]:39800 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lEGeZ-0006tA-9Z for larch@yhetil.org; Mon, 22 Feb 2021 14:13:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49724) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lEGe7-0006pH-ED for guix-devel@gnu.org; Mon, 22 Feb 2021 14:13:27 -0500 Received: from baptiste.telenet-ops.be ([2a02:1800:120:4::f00:13]:35126) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lEGdw-0006Yh-VS for guix-devel@gnu.org; Mon, 22 Feb 2021 14:13:27 -0500 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id YKDC240030mfAB401KDCF8; Mon, 22 Feb 2021 20:13:12 +0100 Message-ID: <4fbfe8a30a0516bc90dd854575fa585c54ac28ce.camel@telenet.be> Subject: Re: TOCTTOU race From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Mon, 22 Feb 2021 20:13:05 +0100 In-Reply-To: <87r1l8eb4a.fsf@gnu.org> References: <87k0rrls0z.fsf@gnu.org> <08F0CD76-DDCF-4CFA-AE8D-5FB165A62B25@lepiller.eu> <87o8h2ehy7.fsf@gnu.org> <69968b3a01d872cabdf55a94b6c82d5057e010c9.camel@telenet.be> <87v9b66dm1.fsf@gnu.org> <56adb5efa894304c27beba99b07e2f8cfd8ee7cb.camel@telenet.be> <87zh0gzy52.fsf@gnu.org> <53c60ce40d68cfc93a9ea2c4a8f865026e12c889.camel@telenet.be> <87h7m9p8hd.fsf@gnu.org> <87r1l8eb4a.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-CthIEhbcf948ump8VOsz" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1614021192; bh=w4qb4iWpuPkesrNPhLfCeU1nM15dgwYBhnLRV4xcmvw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=UDgA6EIK6U6JNY3CUSXqIzIvs+nLvG6FyNF8JCz/4SFmqLmEerp8+A1hqtHQqIlaU qRvl/xh9OP5m5wn9F8+KTvEoaB15p9Vz7K8ef8+ekzUR7+aAfd9AvCcyc5LnFcDzg4 lije9Ux8wQAbE4UrTApkP7hJ0tQ5U9ZVYowSSDcOnDI0iNrRdSpcEnyPu2qMf86QSi UZvUx9ZDt6kMJElf6zs/wsf+AEGHQo7Mo71BBwDFhz8Jbnn1wMEE0lyVL3ZRkWWHVk YXMfSJlmS9RwDRkyFjMQes8CrVB7jS0jX3Y0FX78emA1t5EGrgU0gYBENv4c1E9Nk3 B65XZ/9fFkK4Q== Received-SPF: pass client-ip=2a02:1800:120:4::f00:13; envelope-from=maximedevos@telenet.be; helo=baptiste.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -3.27 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=UDgA6EIK; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 3B99B2D2E0 X-Spam-Score: -3.27 X-Migadu-Scanner: scn0.migadu.com X-TUID: i9KqR8AypaA2 --=-CthIEhbcf948ump8VOsz Content-Type: multipart/mixed; boundary="=-gggVz3cKfSnGomexW+Xp" --=-gggVz3cKfSnGomexW+Xp Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Mon, 2021-02-22 at 09:54 +0100, Ludovic Court=C3=A8s wrote: > [...] > > Subject: [PATCH] services: prevent following symlinks during activation > ^ > Nitpick: we usually capitalize here and in the commit log. Fixed! Also added a period at the end. > Perhaps add a couple of lines explaining that this fixes a potential > security issue, with a link to this thread. Done. But since .... > > Currently, there's a TOCTTOU race. This can be addressed > > once guile has bindings for fstatat, openat and friends. ... I only claim it's a partial fix at best in the commit message. > I=E2=80=99d move that comment next to the =E2=80=98mkdir-p/perms=E2=80=99= definition. I copied it there, but left it (reworded slightly) in the commit message, to avoid giving a false impression the potential security issue is really fixed. > > * guix/build/service-utils.scm: new module > > with new procedure 'mkdir-p/perms'. >=20 > I think you can remove these lines. I removed the =E2=80=98Makefile.am=E2=80=99 and =E2=80=98guix/build/service= -utils.scm=E2=80=99 lines which aren't relevant anymore, but kept the other lines. Is all addressed now? (Aside from the TOCTTOU.) Maxime. --=-gggVz3cKfSnGomexW+Xp Content-Disposition: attachment; filename*0=0001-services-Prevent-following-symlinks-during-activatio.pat; filename*1=ch Content-Type: text/x-patch; name="0001-services-Prevent-following-symlinks-during-activatio.patch"; charset="UTF-8" Content-Transfer-Encoding: base64 RnJvbSAzOTUyMDhlMWU4ZTFhYjZkZDNlYjU3MzliMjcyNmYwNmE0OWUwMDQxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNYXhpbWUgRGV2b3MgPG1heGltZWRldm9zQHRlbGVuZXQuYmU+ CkRhdGU6IFN1biwgMTQgRmViIDIwMjEgMTI6NTc6MzIgKzAxMDAKU3ViamVjdDogW1BBVENIXSBz ZXJ2aWNlczogUHJldmVudCBmb2xsb3dpbmcgc3ltbGlua3MgZHVyaW5nIGFjdGl2YXRpb24uCgpU aGlzIGFkZHJlc3NlcyBhIHBvdGVudGlhbCBzZWN1cml0eSBpc3N1ZSwgd2hlcmUgYSBjb21wcm9t aXNlZApzZXJ2aWNlIGNvdWxkIHRyaWNrIHRoZSBhY3RpdmF0aW9uIGNvZGUgaW4gY2hhbmdpbmcg dGhlIHBlcm1pc3Npb25zLApvd25lciBhbmQgZ3JvdXAgb2YgYXJiaXRyYXJ5IGZpbGVzLiAgSG93 ZXZlciwgdGhpcyBwYXRjaCBpcwpjdXJyZW50bHkgb25seSBhIHBhcnRpYWwgZml4LCBkdWUgdG8g YSBUT0NUVE9VICh0aW1lLW9mLWNoZWNrIHRvCnRpbWUtb2YtdXNlKSByYWNlLCB3aGljaCBjYW4g YmUgZml4ZWQgb25jZSBndWlsZSBoYXMgYmluZGluZ3MKdG8gb3BlbmF0IGFuZCBmcmllbmRzLgoK Rml4ZXM6IDxodHRwczovL2xpc3RzLmdudS5vcmcvYXJjaGl2ZS9odG1sL2d1aXgtZGV2ZWwvMjAy MS0wMS9tc2cwMDM4OC5odG1sPgoKKiBnbnUvYnVpbGQvYWN0aXZhdGlvbi5zY206IG5ldyBwcm9j ZWR1cmUgJ21rZGlyLXAvcGVybXMnLgoqIGdudS9zZXJ2aWNlcy9hdXRoZW50aWNhdGlvbi5zY20K ICAoJW5zbGNkLWFjdGl2YXRpb24sIG5zbGNkLXNlcnZpY2UtdHlwZSk6IHVzZSBuZXcgcHJvY2Vk dXJlLgoqIGdudS9zZXJ2aWNlcy9jdXBzLnNjbSAoJWN1cHMtYWN0aXZhdGlvbik6IGxpa2V3aXNl LgoqIGdudS9zZXJ2aWNlcy9kYnVzLnNjbSAoZGJ1cy1hY3RpdmF0aW9uKTogbGlrZXdpc2UuCiog Z251L3NlcnZpY2VzL2Rucy5zY20gKGtub3QtYWN0aXZhdGlvbik6IGxpa2V3aXNlLgotLS0KIGdu dS9idWlsZC9hY3RpdmF0aW9uLnNjbSAgICAgICAgfCA1MyArKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrLS0KIGdudS9zZXJ2aWNlcy9hdXRoZW50aWNhdGlvbi5zY20gfCAyMiArKysrKysr Ky0tLS0tLQogZ251L3NlcnZpY2VzL2N1cHMuc2NtICAgICAgICAgICB8IDEyICsrKystLS0tCiBn bnUvc2VydmljZXMvZGJ1cy5zY20gICAgICAgICAgIHwgMzcgKysrKysrKysrKysrLS0tLS0tLS0t LS0KIGdudS9zZXJ2aWNlcy9kbnMuc2NtICAgICAgICAgICAgfCAyMSArKysrKysrLS0tLS0tCiA1 IGZpbGVzIGNoYW5nZWQsIDk4IGluc2VydGlvbnMoKyksIDQ3IGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL2dudS9idWlsZC9hY3RpdmF0aW9uLnNjbSBiL2dudS9idWlsZC9hY3RpdmF0aW9uLnNj bQppbmRleCBiNDU4YWVlNGFlLi42Y2I2Zjg4MTliIDEwMDY0NAotLS0gYS9nbnUvYnVpbGQvYWN0 aXZhdGlvbi5zY20KKysrIGIvZ251L2J1aWxkL2FjdGl2YXRpb24uc2NtCkBAIC0xLDYgKzEsMTEg QEAKIDs7OyBHTlUgR3VpeCAtLS0gRnVuY3Rpb25hbCBwYWNrYWdlIG1hbmFnZW1lbnQgZm9yIEdO VQotOzs7IENvcHlyaWdodCDCqSAyMDEzLCAyMDE0LCAyMDE1LCAyMDE2LCAyMDE3LCAyMDE4LCAy MDE5LCAyMDIwLCAyMDIxIEx1ZG92aWMgQ291cnTDqHMgPGx1ZG9AZ251Lm9yZz4KLTs7OyBDb3B5 cmlnaHQgwqkgMjAxNSBNYXJrIEggV2VhdmVyIDxtaHdAbmV0cmlzLm9yZz4KKzs7OyBDb3B5cmln aHQgwqkgMjAxMiwgMjAxMywgMjAxNCwgMjAxNSwgMjAxNiwgMjAxNywgMjAxOCwgMjAxOSwgMjAy MCwgMjAyMSBMdWRvdmljIENvdXJ0w6hzIDxsdWRvQGdudS5vcmc+Cis7OzsgQ29weXJpZ2h0IMKp IDIwMTMgTmlraXRhIEthcmV0bmlrb3YgPG5pa2l0YUBrYXJldG5pa292Lm9yZz4KKzs7OyBDb3B5 cmlnaHQgwqkgMjAxMyBBbmRyZWFzIEVuZ2UgPGFuZHJlYXNAZW5nZS5mcj4KKzs7OyBDb3B5cmln aHQgwqkgMjAxNSwgMjAxOCBNYXJrIEggV2VhdmVyIDxtaHdAbmV0cmlzLm9yZz4KKzs7OyBDb3B5 cmlnaHQgwqkgMjAxOCBBcnVuIElzYWFjIDxhcnVuaXNhYWNAc3lzdGVtcmVib290Lm5ldD4KKzs7 OyBDb3B5cmlnaHQgwqkgMjAxOCwgMjAxOSBSaWNhcmRvIFd1cm11cyA8cmVrYWRvQGVsZXBobHku bmV0PgorOzs7IENvcHlyaWdodCDCqSAyMDIxIE1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVs ZW5ldC5iZT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBHdWl4LgogOzs7CkBA IC0zNyw3ICs0Miw4IEBACiAgICAgICAgICAgICBhY3RpdmF0ZS1tb2Rwcm9iZQogICAgICAgICAg ICAgYWN0aXZhdGUtZmlybXdhcmUKICAgICAgICAgICAgIGFjdGl2YXRlLXB0cmFjZS1hdHRhY2gK LSAgICAgICAgICAgIGFjdGl2YXRlLWN1cnJlbnQtc3lzdGVtKSkKKyAgICAgICAgICAgIGFjdGl2 YXRlLWN1cnJlbnQtc3lzdGVtCisgICAgICAgICAgICBta2Rpci1wL3Blcm1zKSkKIAogOzs7IENv bW1lbnRhcnk6CiA7OzsKQEAgLTU1LDYgKzYxLDQ3IEBACiAoZGVmaW5lIChkb3Qtb3ItZG90LWRv dD8gZmlsZSkKICAgKG1lbWJlciBmaWxlICcoIi4iICIuLiIpKSkKIAorOzsgQmFzZWQgdXBvbiBt a2Rpci1wIGZyb20gKGd1aXggYnVpbGQgdXRpbHMpCisoZGVmaW5lICh2ZXJpZnktbm90LXN5bWJv bGljIGRpcikKKyAgIlZlcmlmeSBESVIgb3IgaXRzIGFuY2VzdG9ycyBhcmVuJ3Qgc3ltYm9saWMg bGlua3MuIgorICAoZGVmaW5lIGFic29sdXRlPworICAgIChzdHJpbmctcHJlZml4PyAiLyIgZGly KSkKKworICAoZGVmaW5lIG5vdC1zbGFzaAorICAgIChjaGFyLXNldC1jb21wbGVtZW50IChjaGFy LXNldCAjXC8pKSkKKworICAoZGVmaW5lICh2ZXJpZnktY29tcG9uZW50IGZpbGUpCisgICAgKHVu bGVzcyAoZXE/ICdkaXJlY3RvcnkgKHN0YXQ6dHlwZSAobHN0YXQgZmlsZSkpKQorICAgICAgKGVy cm9yICJmaWxlIG5hbWUgY29tcG9uZW50IGlzIG5vdCBhIGRpcmVjdG9yeSIgZGlyKSkpCisKKyAg KGxldCBsb29wICgoY29tcG9uZW50cyAoc3RyaW5nLXRva2VuaXplIGRpciBub3Qtc2xhc2gpKQor ICAgICAgICAgICAgIChyb290ICAgICAgIChpZiBhYnNvbHV0ZT8KKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIiIKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIi4iKSkpCisgICAg KG1hdGNoIGNvbXBvbmVudHMKKyAgICAgICgoaGVhZCB0YWlsIC4uLikKKyAgICAgICAobGV0ICgo ZmlsZSAoc3RyaW5nLWFwcGVuZCByb290ICIvIiBoZWFkKSkpCisgICAgICAgICAoY2F0Y2ggJ3N5 c3RlbS1lcnJvcgorICAgICAgICAgICAobGFtYmRhICgpCisgICAgICAgICAgICAgKHZlcmlmeS1j b21wb25lbnQgZmlsZSkKKyAgICAgICAgICAgICAobG9vcCB0YWlsIGZpbGUpKQorICAgICAgICAg ICAobGFtYmRhIGFyZ3MKKyAgICAgICAgICAgICAoaWYgKD0gRU5PRU5UIChzeXN0ZW0tZXJyb3It ZXJybm8gYXJncykpCisgICAgICAgICAgICAgICAgICN0CisgICAgICAgICAgICAgICAgIChhcHBs eSB0aHJvdyBhcmdzKSkpKSkpCisgICAgICAoKCkgI3QpKSkpCisKKzs7IFRPRE86IHRoZSBUT0NU VE9VIHJhY2UgY2FuIGJlIGFkZHJlc3NlZCBvbmNlIGd1aWxlIGhhcyBiaW5kaW5ncworOzsgZm9y IGZzdGF0YXQsIG9wZW5hdCBhbmQgZnJpZW5kcy4KKyhkZWZpbmUgKG1rZGlyLXAvcGVybXMgZGly ZWN0b3J5IG93bmVyIGJpdHMpCisgICJDcmVhdGUgdGhlIGRpcmVjdG9yeSBESVJFQ1RPUlkgYW5k IGFsbCBpdHMgYW5jZXN0b3JzLgorVmVyaWZ5IG5vIGNvbXBvbmVudCBvZiBESVJFQ1RPUlkgaXMg YSBzeW1ib2xpYyBsaW5rLgorV2FybmluZzogdGhpcyBpcyBjdXJyZW50bHkgc3VzcGVjdCB0byBh IFRPQ1RUT1UgcmFjZSEiCisgICh2ZXJpZnktbm90LXN5bWJvbGljIGRpcmVjdG9yeSkKKyAgKG1r ZGlyLXAgZGlyZWN0b3J5KQorICAoY2hvd24gZGlyZWN0b3J5IChwYXNzd2Q6dWlkIG93bmVyKSAo cGFzc3dkOmdpZCBvd25lcikpCisgIChjaG1vZCBkaXJlY3RvcnkgYml0cykpCisKIChkZWZpbmUq IChjb3B5LWFjY291bnQtc2tlbGV0b25zIGhvbWUKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICM6a2V5CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoZGlyZWN0b3J5 ICVza2VsZXRvbi1kaXJlY3RvcnkpCmRpZmYgLS1naXQgYS9nbnUvc2VydmljZXMvYXV0aGVudGlj YXRpb24uc2NtIGIvZ251L3NlcnZpY2VzL2F1dGhlbnRpY2F0aW9uLnNjbQppbmRleCA3Mzk2OWE1 YTZkLi5kN2VmYzQ4Y2QwIDEwMDY0NAotLS0gYS9nbnUvc2VydmljZXMvYXV0aGVudGljYXRpb24u c2NtCisrKyBiL2dudS9zZXJ2aWNlcy9hdXRoZW50aWNhdGlvbi5zY20KQEAgLTEsNiArMSw3IEBA CiA7OzsgR05VIEd1aXggLS0tIEZ1bmN0aW9uYWwgcGFja2FnZSBtYW5hZ2VtZW50IGZvciBHTlUK IDs7OyBDb3B5cmlnaHQgwqkgMjAxOCBEYW5ueSBNaWxvc2F2bGpldmljIDxkYW5ueW1Ac2NyYXRj aHBvc3Qub3JnPgogOzs7IENvcHlyaWdodCDCqSAyMDE4LCAyMDE5IFJpY2FyZG8gV3VybXVzIDxy ZWthZG9AZWxlcGhseS5uZXQ+Cis7OzsgQ29weXJpZ2h0IMKpIDIwMjEgTWF4aW1lIERldm9zIDxt YXhpbWVkZXZvc0B0ZWxlbmV0LmJlPgogOzs7CiA7OzsgVGhpcyBmaWxlIGlzIHBhcnQgb2YgR05V IEd1aXguCiA7OzsKQEAgLTMxLDYgKzMyLDcgQEAKICAgIzp1c2UtbW9kdWxlIChndWl4IGdleHAp CiAgICM6dXNlLW1vZHVsZSAoZ3VpeCByZWNvcmRzKQogICAjOnVzZS1tb2R1bGUgKGd1aXggcGFj a2FnZXMpCisgICM6dXNlLW1vZHVsZSAoZ3VpeCBtb2R1bGVzKQogICAjOnVzZS1tb2R1bGUgKGlj ZS05IG1hdGNoKQogICAjOnVzZS1tb2R1bGUgKHNyZmkgc3JmaS0xKQogICAjOnVzZS1tb2R1bGUg KHNyZmkgc3JmaS0yNikKQEAgLTUyMSw2ICs1MjMsMTYgQEAgcGFzc3dvcmQuIikKIChkZWZpbmUg KHBhbS1sZGFwLXBhbS1zZXJ2aWNlcyBjb25maWcpCiAgIChsaXN0IChwYW0tbGRhcC1wYW0tc2Vy dmljZSBjb25maWcpKSkKIAorKGRlZmluZSAlbnNsY2QtYWN0aXZhdGlvbgorICAod2l0aC1pbXBv cnRlZC1tb2R1bGVzIChzb3VyY2UtbW9kdWxlLWNsb3N1cmUgJygoZ251IGJ1aWxkIGFjdGl2YXRp b24pKSkKKyAgICAjfihiZWdpbgorICAgICAgICAodXNlLW1vZHVsZXMgKGdudSBidWlsZCBhY3Rp dmF0aW9uKSkKKyAgICAgICAgKGxldCAoKHJ1bmRpciAiL3Zhci9ydW4vbnNsY2QiKQorICAgICAg ICAgICAgICAodXNlciAoZ2V0cHduYW0gIm5zbGNkIikpKQorICAgICAgICAgIChta2Rpci1wL3Bl cm1zIHJ1bmRpciB1c2VyICNvNzU1KQorICAgICAgICAgICh3aGVuIChmaWxlLWV4aXN0cz8gIi9l dGMvbnNsY2QuY29uZiIpCisgICAgICAgICAgICAoY2htb2QgIi9ldGMvbnNsY2QuY29uZiIgI280 MDApKSkpKSkKKwogKGRlZmluZSBuc2xjZC1zZXJ2aWNlLXR5cGUKICAgKHNlcnZpY2UtdHlwZQog ICAgKG5hbWUgJ25zbGNkKQpAQCAtNTMxLDE1ICs1NDMsNyBAQCBwYXNzd29yZC4iKQogICAgICAg ICAgIChzZXJ2aWNlLWV4dGVuc2lvbiBldGMtc2VydmljZS10eXBlCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIG5zbGNkLWV0Yy1zZXJ2aWNlKQogICAgICAgICAgIChzZXJ2aWNlLWV4dGVu c2lvbiBhY3RpdmF0aW9uLXNlcnZpY2UtdHlwZQotICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAoY29uc3QgI34oYmVnaW4KLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAodXNlLW1vZHVsZXMgKGd1aXggYnVpbGQgdXRpbHMpKQotICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIChsZXQgKChydW5kaXIgIi92YXIvcnVuL25zbGNkIikKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodXNlciAoZ2V0cHduYW0g Im5zbGNkIikpKQotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKG1r ZGlyLXAgcnVuZGlyKQotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg KGNob3duIHJ1bmRpciAocGFzc3dkOnVpZCB1c2VyKSAocGFzc3dkOmdpZCB1c2VyKSkKLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChjaG1vZCBydW5kaXIgI283NTUp Ci0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAod2hlbiAoZmlsZS1l eGlzdHM/ICIvZXRjL25zbGNkLmNvbmYiKQotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAoY2htb2QgIi9ldGMvbnNsY2QuY29uZiIgI280MDApKSkpKSkKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKGNvbnN0ICVuc2xjZC1hY3RpdmF0aW9uKSkKICAgICAg ICAgICAoc2VydmljZS1leHRlbnNpb24gcGFtLXJvb3Qtc2VydmljZS10eXBlCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHBhbS1sZGFwLXBhbS1zZXJ2aWNlcykKICAgICAgICAgICAoc2Vy dmljZS1leHRlbnNpb24gbnNjZC1zZXJ2aWNlLXR5cGUKZGlmZiAtLWdpdCBhL2dudS9zZXJ2aWNl cy9jdXBzLnNjbSBiL2dudS9zZXJ2aWNlcy9jdXBzLnNjbQppbmRleCAxN2VkMDRlNThiLi4yMGUz OTE3YjkzIDEwMDY0NAotLS0gYS9nbnUvc2VydmljZXMvY3Vwcy5zY20KKysrIGIvZ251L3NlcnZp Y2VzL2N1cHMuc2NtCkBAIC00LDYgKzQsNyBAQAogOzs7IENvcHlyaWdodCDCqSAyMDE4IFJpY2Fy ZG8gV3VybXVzIDxyZWthZG9AZWxlcGhseS5uZXQ+CiA7OzsgQ29weXJpZ2h0IMKpIDIwMTkgQWxl eCBHcmlmZmluIDxhQGFqZ3JmLmNvbT4KIDs7OyBDb3B5cmlnaHQgwqkgMjAxOSBUb2JpYXMgR2Vl cmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj4KKzs7OyBDb3B5cmlnaHQgwqkgMjAyMSBNYXhpbWUg RGV2b3MgPG1heGltZWRldm9zQHRlbGVuZXQuYmU+CiA7OzsKIDs7OyBUaGlzIGZpbGUgaXMgcGFy dCBvZiBHTlUgR3VpeC4KIDs7OwpAQCAtMzEsNiArMzIsNyBAQAogICAjOnVzZS1tb2R1bGUgKGd1 aXggcGFja2FnZXMpCiAgICM6dXNlLW1vZHVsZSAoZ3VpeCByZWNvcmRzKQogICAjOnVzZS1tb2R1 bGUgKGd1aXggZ2V4cCkKKyAgIzp1c2UtbW9kdWxlIChndWl4IG1vZHVsZXMpCiAgICM6dXNlLW1v ZHVsZSAoaWNlLTkgbWF0Y2gpCiAgICM6dXNlLW1vZHVsZSAoKHNyZmkgc3JmaS0xKSAjOnNlbGVj dCAoYXBwZW5kLW1hcCBmaW5kKSkKICAgIzpleHBvcnQgKGN1cHMtc2VydmljZS10eXBlCkBAIC04 NzEsMTMgKzg3MywxMSBAQCBJUFAgc3BlY2lmaWNhdGlvbnMuIikKIAogKGRlZmluZSAlY3Vwcy1h Y3RpdmF0aW9uCiAgIDs7IEFjdGl2YXRpb24gZ2V4cC4KLSAgKHdpdGgtaW1wb3J0ZWQtbW9kdWxl cyAnKChndWl4IGJ1aWxkIHV0aWxzKSkKKyAgKHdpdGgtaW1wb3J0ZWQtbW9kdWxlcyAoc291cmNl LW1vZHVsZS1jbG9zdXJlICcoKGdudSBidWlsZCBhY3RpdmF0aW9uKQorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoZ3VpeCBidWlsZCB1dGlscykpKQog ICAgICN+KGJlZ2luCi0gICAgICAgICh1c2UtbW9kdWxlcyAoZ3VpeCBidWlsZCB1dGlscykpCi0g ICAgICAgIChkZWZpbmUgKG1rZGlyLXAvcGVybXMgZGlyZWN0b3J5IG93bmVyIHBlcm1zKQotICAg ICAgICAgIChta2Rpci1wIGRpcmVjdG9yeSkKLSAgICAgICAgICAoY2hvd24gZGlyZWN0b3J5IChw YXNzd2Q6dWlkIG93bmVyKSAocGFzc3dkOmdpZCBvd25lcikpCi0gICAgICAgICAgKGNobW9kIGRp cmVjdG9yeSBwZXJtcykpCisgICAgICAgICh1c2UtbW9kdWxlcyAoZ251IGJ1aWxkIGFjdGl2YXRp b24pCisgICAgICAgICAgICAgICAgICAgICAoZ3VpeCBidWlsZCB1dGlscykpCiAgICAgICAgIChk ZWZpbmUgKGJ1aWxkLXN1YmplY3QgcGFyYW1ldGVycykKICAgICAgICAgICAoc3RyaW5nLWNvbmNh dGVuYXRlCiAgICAgICAgICAgIChtYXAgKGxhbWJkYSAocGFpcikKZGlmZiAtLWdpdCBhL2dudS9z ZXJ2aWNlcy9kYnVzLnNjbSBiL2dudS9zZXJ2aWNlcy9kYnVzLnNjbQppbmRleCBlMDE1ZDNmNjhk Li5hZjFhMWU0YzNhIDEwMDY0NAotLS0gYS9nbnUvc2VydmljZXMvZGJ1cy5zY20KKysrIGIvZ251 L3NlcnZpY2VzL2RidXMuc2NtCkBAIC0xLDYgKzEsNyBAQAogOzs7IEdOVSBHdWl4IC0tLSBGdW5j dGlvbmFsIHBhY2thZ2UgbWFuYWdlbWVudCBmb3IgR05VCiA7OzsgQ29weXJpZ2h0IMKpIDIwMTMs IDIwMTQsIDIwMTUsIDIwMTYsIDIwMTcsIDIwMTksIDIwMjAgTHVkb3ZpYyBDb3VydMOocyA8bHVk b0BnbnUub3JnPgogOzs7IENvcHlyaWdodCDCqSAyMDE1IFNvdSBCdW5uYnUgPGl5enNvbmdAZ21h aWwuY29tPgorOzs7IENvcHlyaWdodCDCqSAyMDIxIE1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NA dGVsZW5ldC5iZT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBHdWl4LgogOzs7 CkBAIC0yOCw2ICsyOSw3IEBACiAgICM6dXNlLW1vZHVsZSAoZ3VpeCBnZXhwKQogICAjOnVzZS1t b2R1bGUgKChndWl4IHBhY2thZ2VzKSAjOnNlbGVjdCAocGFja2FnZS1uYW1lKSkKICAgIzp1c2Ut bW9kdWxlIChndWl4IHJlY29yZHMpCisgICM6dXNlLW1vZHVsZSAoZ3VpeCBtb2R1bGVzKQogICAj OnVzZS1tb2R1bGUgKHNyZmkgc3JmaS0xKQogICAjOnVzZS1tb2R1bGUgKGljZS05IG1hdGNoKQog ICAjOmV4cG9ydCAoZGJ1cy1jb25maWd1cmF0aW9uCkBAIC0xNjEsMjQgKzE2MywyMyBAQCBpbmNs dWRlcyB0aGUgQGNvZGV7ZXRjL2RidXMtMS9zeXN0ZW0uZH0gZGlyZWN0b3JpZXMgb2YgZWFjaCBw YWNrYWdlIGxpc3RlZCBpbgogCiAoZGVmaW5lIChkYnVzLWFjdGl2YXRpb24gY29uZmlnKQogICAi UmV0dXJuIGFuIGFjdGl2YXRpb24gZ2V4cCBmb3IgRC1CdXMgdXNpbmcgQHZhcntjb25maWd9LiIK LSAgI34oYmVnaW4KLSAgICAgICh1c2UtbW9kdWxlcyAoZ3VpeCBidWlsZCB1dGlscykpCi0KLSAg ICAgIChta2Rpci1wICIvdmFyL3J1bi9kYnVzIikKLQotICAgICAgKGxldCAoKHVzZXIgKGdldHB3 bmFtICJtZXNzYWdlYnVzIikpKQotICAgICAgICAoY2hvd24gIi92YXIvcnVuL2RidXMiCi0gICAg ICAgICAgICAgICAocGFzc3dkOnVpZCB1c2VyKSAocGFzc3dkOmdpZCB1c2VyKSkKLQotICAgICAg ICA7OyBUaGlzIGRpcmVjdG9yeSBjb250YWlucyB0aGUgZGFlbW9uJ3Mgc29ja2V0IHNvIGl0IG11 c3QgYmUKLSAgICAgICAgOzsgd29ybGQtcmVhZGFibGUuCi0gICAgICAgIChjaG1vZCAiL3Zhci9y dW4vZGJ1cyIgI283NTUpKQotCi0gICAgICAodW5sZXNzIChmaWxlLWV4aXN0cz8gIi9ldGMvbWFj aGluZS1pZCIpCi0gICAgICAgIChmb3JtYXQgI3QgImNyZWF0aW5nIC9ldGMvbWFjaGluZS1pZC4u Ln4lIikKLSAgICAgICAgKGludm9rZSAoc3RyaW5nLWFwcGVuZCAjJChkYnVzLWNvbmZpZ3VyYXRp b24tZGJ1cyBjb25maWcpCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIi9iaW4vZGJ1 cy11dWlkZ2VuIikKLSAgICAgICAgICAgICAgICAiLS1lbnN1cmU9L2V0Yy9tYWNoaW5lLWlkIikp KSkKKyAgKHdpdGgtaW1wb3J0ZWQtbW9kdWxlcyAoc291cmNlLW1vZHVsZS1jbG9zdXJlCisgICAg ICAgICAgICAgICAgICAgICAgICAgICcoKGdudSBidWlsZCBhY3RpdmF0aW9uKQorICAgICAgICAg ICAgICAgICAgICAgICAgICAgIChndWl4IGJ1aWxkIHV0aWxzKSkpCisgICAgI34oYmVnaW4KKyAg ICAgICAgKHVzZS1tb2R1bGVzIChnbnUgYnVpbGQgYWN0aXZhdGlvbikKKyAgICAgICAgICAgICAg ICAgICAgIChndWl4IGJ1aWxkIHV0aWxzKSkKKworICAgICAgICAobGV0ICgodXNlciAoZ2V0cHdu YW0gIm1lc3NhZ2VidXMiKSkpCisgICAgICAgICAgOzsgVGhpcyBkaXJlY3RvcnkgY29udGFpbnMg dGhlIGRhZW1vbidzIHNvY2tldCBzbyBpdCBtdXN0IGJlCisgICAgICAgICAgOzsgd29ybGQtcmVh ZGFibGUuCisgICAgICAgICAgKG1rZGlyLXAvcGVybXMgIi92YXIvcnVuL2RidXMiIHVzZXIgI283 NTUpKQorCisgICAgICAgICh1bmxlc3MgKGZpbGUtZXhpc3RzPyAiL2V0Yy9tYWNoaW5lLWlkIikK KyAgICAgICAgICAoZm9ybWF0ICN0ICJjcmVhdGluZyAvZXRjL21hY2hpbmUtaWQuLi5+JSIpCisg ICAgICAgICAgKGludm9rZSAoc3RyaW5nLWFwcGVuZCAjJChkYnVzLWNvbmZpZ3VyYXRpb24tZGJ1 cyBjb25maWcpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiL2Jpbi9kYnVzLXV1 aWRnZW4iKQorICAgICAgICAgICAgICAgICAgIi0tZW5zdXJlPS9ldGMvbWFjaGluZS1pZCIpKSkp KQogCiAoZGVmaW5lIGRidXMtc2hlcGhlcmQtc2VydmljZQogICAobWF0Y2gtbGFtYmRhCmRpZmYg LS1naXQgYS9nbnUvc2VydmljZXMvZG5zLnNjbSBiL2dudS9zZXJ2aWNlcy9kbnMuc2NtCmluZGV4 IGQ0YWVmZTYyODUuLjU1MjExY2IwOGYgMTAwNjQ0Ci0tLSBhL2dudS9zZXJ2aWNlcy9kbnMuc2Nt CisrKyBiL2dudS9zZXJ2aWNlcy9kbnMuc2NtCkBAIC0yLDYgKzIsNyBAQAogOzs7IENvcHlyaWdo dCDCqSAyMDE3IEp1bGllbiBMZXBpbGxlciA8anVsaWVuQGxlcGlsbGVyLmV1PgogOzs7IENvcHly aWdodCDCqSAyMDE4IE9sZWcgUHlraGFsb3YgPGdvLndpZ3VzdEBnbWFpbC5jb20+CiA7OzsgQ29w eXJpZ2h0IMKpIDIwMjAgUGllcnJlIExhbmdsb2lzIDxwaWVycmUubGFuZ2xvaXNAZ214LmNvbT4K Kzs7OyBDb3B5cmlnaHQgwqkgMjAyMSBNYXhpbWUgRGV2b3MgPG1heGltZWRldm9zQHRlbGVuZXQu YmU+CiA7OzsKIDs7OyBUaGlzIGZpbGUgaXMgcGFydCBvZiBHTlUgR3VpeC4KIDs7OwpAQCAtMjgs NiArMjksNyBAQAogICAjOnVzZS1tb2R1bGUgKGd1aXggcGFja2FnZXMpCiAgICM6dXNlLW1vZHVs ZSAoZ3VpeCByZWNvcmRzKQogICAjOnVzZS1tb2R1bGUgKGd1aXggZ2V4cCkKKyAgIzp1c2UtbW9k dWxlIChndWl4IG1vZHVsZXMpCiAgICM6dXNlLW1vZHVsZSAoc3JmaSBzcmZpLTEpCiAgICM6dXNl LW1vZHVsZSAoc3JmaSBzcmZpLTI2KQogICAjOnVzZS1tb2R1bGUgKHNyZmkgc3JmaS0zNCkKQEAg LTYwNywxNyArNjA5LDE0IEBACiAgICAgICAgICAgKHNoZWxsIChmaWxlLWFwcGVuZCBzaGFkb3cg Ii9zYmluL25vbG9naW4iKSkpKSkKIAogKGRlZmluZSAoa25vdC1hY3RpdmF0aW9uIGNvbmZpZykK LSAgI34oYmVnaW4KLSAgICAgICh1c2UtbW9kdWxlcyAoZ3VpeCBidWlsZCB1dGlscykpCi0gICAg ICAoZGVmaW5lIChta2Rpci1wL3Blcm1zIGRpcmVjdG9yeSBvd25lciBwZXJtcykKLSAgICAgICAg KG1rZGlyLXAgZGlyZWN0b3J5KQotICAgICAgICAoY2hvd24gZGlyZWN0b3J5IChwYXNzd2Q6dWlk IG93bmVyKSAocGFzc3dkOmdpZCBvd25lcikpCi0gICAgICAgIChjaG1vZCBkaXJlY3RvcnkgcGVy bXMpKQotICAgICAgKG1rZGlyLXAvcGVybXMgIyQoa25vdC1jb25maWd1cmF0aW9uLXJ1bi1kaXJl Y3RvcnkgY29uZmlnKQotICAgICAgICAgICAgICAgICAgICAgKGdldHB3bmFtICJrbm90IikgI283 NTUpCi0gICAgICAobWtkaXItcC9wZXJtcyAiL3Zhci9saWIva25vdCIgKGdldHB3bmFtICJrbm90 IikgI283NTUpCi0gICAgICAobWtkaXItcC9wZXJtcyAiL3Zhci9saWIva25vdC9rZXlzIiAoZ2V0 cHduYW0gImtub3QiKSAjbzc1NSkKLSAgICAgIChta2Rpci1wL3Blcm1zICIvdmFyL2xpYi9rbm90 L2tleXMva2V5cyIgKGdldHB3bmFtICJrbm90IikgI283NTUpKSkKKyAgKHdpdGgtaW1wb3J0ZWQt bW9kdWxlcyAoc291cmNlLW1vZHVsZS1jbG9zdXJlICcoKGdudSBidWlsZCBhY3RpdmF0aW9uKSkp CisgICAgI34oYmVnaW4KKyAgICAgICAgKHVzZS1tb2R1bGVzIChnbnUgYnVpbGQgYWN0aXZhdGlv bikpCisgICAgICAgIChta2Rpci1wL3Blcm1zICMkKGtub3QtY29uZmlndXJhdGlvbi1ydW4tZGly ZWN0b3J5IGNvbmZpZykKKyAgICAgICAgICAgICAgICAgICAgICAgKGdldHB3bmFtICJrbm90Iikg I283NTUpCisgICAgICAgIChta2Rpci1wL3Blcm1zICIvdmFyL2xpYi9rbm90IiAoZ2V0cHduYW0g Imtub3QiKSAjbzc1NSkKKyAgICAgICAgKG1rZGlyLXAvcGVybXMgIi92YXIvbGliL2tub3Qva2V5 cyIgKGdldHB3bmFtICJrbm90IikgI283NTUpCisgICAgICAgIChta2Rpci1wL3Blcm1zICIvdmFy L2xpYi9rbm90L2tleXMva2V5cyIgKGdldHB3bmFtICJrbm90IikgI283NTUpKSkpCiAKIChkZWZp bmUgKGtub3Qtc2hlcGhlcmQtc2VydmljZSBjb25maWcpCiAgIChsZXQqICgoY29uZmlnLWZpbGUg KGtub3QtY29uZmlnLWZpbGUgY29uZmlnKSkKLS0gCjIuMzAuMAoK --=-gggVz3cKfSnGomexW+Xp-- --=-CthIEhbcf948ump8VOsz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYDQCQRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7utEAP9QuNyosivFgsXA8YTeky3hyhbD Tr93qj9T6FJmSZP/VwEA/NF/cGhllT7a3XwjkiX9irnETAT3dgu3gzEGUJhhigo= =LO8s -----END PGP SIGNATURE----- --=-CthIEhbcf948ump8VOsz--