From nobody@FreeBSD.org Sat Sep 11 19:43:14 2010 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C7021065672 for ; Sat, 11 Sep 2010 19:43:14 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 3B96F8FC1B for ; Sat, 11 Sep 2010 19:43:14 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8BJhElc068936 for ; Sat, 11 Sep 2010 19:43:14 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o8BJhEPk068935; Sat, 11 Sep 2010 19:43:14 GMT (envelope-from nobody) Message-Id: <201009111943.o8BJhEPk068935@www.freebsd.org> Date: Sat, 11 Sep 2010 19:43:14 GMT From: Grzegorz Blach To: freebsd-gnats-submit@FreeBSD.org Subject: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 X-Send-Pr-Version: www-3.1 X-GNATS-Notify: jhein@symmetricom.com >Number: 150493 >Category: ports >Synopsis: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: stephen >State: closed >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Sep 11 19:50:03 UTC 2010 >Closed-Date: Fri Oct 21 16:25:31 UTC 2011 >Last-Modified: Fri Oct 21 16:25:31 UTC 2011 >Originator: Grzegorz Blach >Release: 8.1-RELEASE amd64 >Organization: >Environment: FreeBSD silver.nine 8.1-RELEASE FreeBSD 8.1-RELEASE #13 r210273: Tue Jul 20 04:46:24 CEST 2010 root@silver.nine:/usr/obj/usr/src/sys/SILVER amd64 >Description: Due to maintainer reset for security/openssh-portable port on 23 August I prepared patch with upgrade this port from 5.2p1 to 5.6p1. Since patch is 385kb I put it on http://files.roorback.net/openssh-portable.diff.txt I also can be new maintainer of this port. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-ports-bugs->des Responsible-Changed-By: edwin Responsible-Changed-When: Sat Sep 11 19:50:08 UTC 2010 Responsible-Changed-Why: des@ wants his PRs (via the GNATS Auto Assign Tool) http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 Responsible-Changed-From-To: des->freebsd-ports-bugs Responsible-Changed-By: des Responsible-Changed-When: Sun Sep 12 16:21:25 UTC 2010 Responsible-Changed-Why: not mine http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 Responsible-Changed-From-To: freebsd-ports-bugs->des Responsible-Changed-By: edwin Responsible-Changed-When: Tue Sep 14 18:54:34 UTC 2010 Responsible-Changed-Why: des@ wants his PRs (via the GNATS Auto Assign Tool) http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 Responsible-Changed-From-To: des->freebsd-ports-bugs Responsible-Changed-By: des Responsible-Changed-When: Tue Sep 14 20:47:47 UTC 2010 Responsible-Changed-Why: I am not the maintainer of the security/openssh-portable port http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 From: John Hein To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 10:35:30 -0600 --PCGpoR0gWV Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit I have come up with a patchset independently. If Grzegorz Blach wants to maintain this port, that's okay with me. But this new patchset here addresses a few missing details in Grzegorz's original submission. Or I'm willing to maintain, too (I'll defer to Grzegorz if he would like to do it). Either way, we should get this port updated since it is quite out of date. This patch set included here: - removes more old opensc related patches. - does not remove patches pulled from des@ changes in src/crypto/openssh that are still valid. - points to upstream hpn patch instead of including a local copy - does not remove GSSAPI, LPK or FILECONTROL options, but does mark them BROKEN for now - upstream for each seems still active, so the port here can just be updated when upstream catches up. We can also patch the patches ourselves for 5.6 (or maintained a tweaked local copy), but I prefer to update the port to 5.6p1 first and then separately commit those updates. It makes following the history of changes in CVS much easier. - remove PATCH_DIST_STRIP - it's unecessary and portlint hates it - I think the post-patch version.h changes in the original patchset in this PR are wrong. The upstream patches (for hpn and filecontrol) have changes for version.h that seem to work fine unchanged, even applied together. Also the HAVE_LPK part that adds SSH_HPN seems wrong. I have two patchsets. The second just refreshes old files/patch-* even though they apply cleanly against 5.6p1 - it could be considered optional. I'll send the second set separately. Here is the 'Description' that I was going to submit as a PR until I found this PR... ======================= security/openssh-portable has not been update in a long time (currently 5.2p1 which is 1.5+ years old). There are significant nice feature updates and fixes in 5.6p1. Attached are two patchsets. Then main one is enough to get the port updated and working. But see comments at the top of the patchset. The second patchset just refreshes the remaining patches that still apply cleaning to 5.6p1 files. It's probably a good idea to apply it when committing to the port, but it's not strictly necessary. And I would commit them separately just for the sake of clarity in the commit logs. Actually, I'll send the second patchset in a separate submission to avoid confusing PR patch detection tools. ======================= Attached is the first patchset including a decent description of the changes at the top of the patch... --PCGpoR0gWV Content-Type: text/plain; name="patches-5.6p1" Content-Description: patches to update security/openssh-portable from its current 5.2p1 to 5.6p1 Content-Disposition: inline; filename="patches-5.6p1" Content-Transfer-Encoding: quoted-printable Port change details: ------------------------------- Update openssh-portable from 5.2p1 to 5.6p1. [1] Refresh local patches that don't apply cleanly. This is mostly just mechanical due to code motion. But the ChallengeResponseAuthentication description in sshd=5Fconfig.5 has been updated upstream to include a reference to PAM (which was in the local patch in a slightly different form). The base patch for this includes 'See also UsePAM', which I included. However, that may not be necessary given the upstream context now (base is at 5.4). The latest GSSAPI key exchange patch is for 5.3. It does not apply to 5.6, although it is very close to applying. Mark BROKEN until updated officially upstream. The latest LPK patch is for 5.4. It does not apply to 5.6, although it is very close to applying. Mark BROKEN until updated officially upstream. Also remove local patches which tried to resolve conflicts between HPN and LPK. They can be reworked when upstream gets up to date with 5.6 The latest sftpfilecontrol patch is for 5.4. It does not apply to 5.6, although it is very close to applying. Mark BROKEN until updated officially upstream. Ssh.bin is gone (old smartcard code obsoleted by PKCS#11 support). Remove OPENSC* options and associated patch files. ------------------------------- [1] Features summary from 2010-08-23 announcement at http://lists.mindrot.org/pipermail/openssh-unix-announce/2010-August/00= 0100.html ------------------------------- Changes since OpenSSH 5.5 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Features: * Added a ControlPersist option to ssh=5Fconfig(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. * Hostbased authentication may now use certificate host keys. CA keys must be specified in a known=5Fhosts file using the @cert-authority marker as described in sshd(8). * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at= LogLevel=3Dverbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. Note that, for such an attack to be successful, the user must have disabled StrictHostKeyChecking (enabled by default) or an attacker must have access to a trusted host key for the destination server. * Expand %h to the hostname in ssh=5Fconfig Hostname options. While th= is sounds useless, it is actually handy for working with unqualified hostnames: =20 Host *.* Hostname %h Host * Hostname %h.example.org =20 * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8= keys in addition to RFC4716 (SSH.COM) encodings via a new -m option=20= (bz#1749) * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication= and will send them after authentication has successfully completed. These messages may be viewed in ssh(1) at LogLevel=3Ddebug or higher= =2E * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user: LPORT=3D`ssh -S muxsocket -R0:localhost:25 -O forward somehost` * sshd(8) now supports indirection in matching of principal names listed in certificates. By default, if a certificate has an embedded principals list then the username on the server must match one of the names in the list for it to be accepted for authentication. sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the= username when authorizing a certificate trusted via the sshd=5Fconfig(5) TrustedCAKeys option. Similarly, authentication using a CA trusted in ~/.ssh/authorized=5Fkeys now accepts a principals=3D"name1[,name2,...]" to specify a list of permitted name= s. =20 If either option is absent, the current behaviour of requiring the username to appear in principals continues to apply. These options are useful for role accounts, disjoint account namespaces and "user at realm"-style naming policies in certificates. =20 * Additional sshd=5Fconfig(5) options are now valid inside Match block= s: AuthorizedKeysFile AuthorizedPrincipalsFile HostbasedUsesNameFromPacketOnly PermitTunnel * Revised the format of certificate keys. The new format, identified a= s ssh-{dss,rsa}-cert-v01 at openssh.com includes the following changes= : =20 - Adding a serial number field. This may be specified by the CA at= the time of certificate signing. - Moving the nonce field to the beginning of the certificate where= it can better protect against chosen-prefix attacks on the signature hash (currently infeasible against the SHA1 hash used)= =20 - Renaming the "constraints" field to "critical options" =20 - Addng a new non-critical "extensions" field. The "permit-*" options are now extensions, rather than critical options to permit non-OpenSSH implementation of this key format to degrade gracefully when encountering keys with options they do not recognize. =20 The older format is still supported for authentication and may still= be used when signing certificates (use "ssh-keygen -t v00 ..."). The v00 format, introduced in OpenSSH 5.4, will be supported for at least one year from this release, after which it will be deprecated and removed. =20 BugFixes: * The PKCS#11 code now retries a lookup for a private key if there is no matching key with CKA=5FSIGN attribute enabled; this fixes fixes MuscleCard support (bz#1736) =20 * Unbreak strdelim() skipping past quoted strings (bz#1757). For example, the following directive was not parsed correctly: AllowUsers "blah blah" blah * sftp(1): fix swapped args in upload=5Fdir=5Finternal(), breaking recursive upload depth checks and causing verbose printing of transfers to always be turned on (bz#1797) * Fix a longstanding problem where if you suspend scp(1) at the password/passphrase prompt the terminal mode is not restored. * Fix a PKCS#11 crash on some smartcards by validating the length returned for C=5FGetAttributValue (bz#1773) * sftp(1): fix ls in working directories that contain globbing characters in their pathnames (bz#1655) * Print warning for missing home directory when ChrootDirectory=3Dnone= (bz#1564) * sftp(1): fix a memory leak in do=5Frealpath() error path (bz#1771) * ssk-keygen(1): Standardise error messages when attempting to open private key files to include "progname: filename: error reason" (bz#1783) * Replace verbose and overflow-prone Linebuf code with read=5Fkeyfile=5Fline() (bz#1565) * Include the user name on "subsystem request for ..." log messages * ssh(1) and sshd(8): remove hardcoded limit of 100 permitopen clauses= and port forwards per direction (bz#1327) * sshd(8): ignore stderr output from subsystems to avoid hangs if a subsystem or shell initialisation writes to stderr (bz#1750) * Skip the initial check for access with an empty password when PermitEmptyPasswords=3Dno (bz#1638) * sshd(8): fix logspam when key options (from=3D"..." especially) deny= non-matching keys (bz#1765) * ssh-keygen(1): display a more helpful error message when $HOME is inaccessible while trying to create .ssh directory (bz#1740) * ssh(1): fix hang when terminating a mux slave using ~. (bz#1758) * ssh-keygen(1): refuse to generate keys longer than OPENSSL=5F[RD]SA=5FMAX=5FMODULUS=5FBITS, since we would refuse to us= e them anyway (bz#1516) * Suppress spurious tty warning when using -O and stdin is not a tty (bz#1746) * Kill channel when pty allocation requests fail. Fixed stuck client if the server refuses pty allocation (bz#1698) Portable OpenSSH Bugfixes: * sshd(8): increase the maximum username length for login recording to 512 characters (bz#1579) * Initialize the values to be returned from PAM to sane values in case the PAM method doesn't write to them. (bz#1795)=20 * Let configure find OpenSSL libraries in a lib64 subdirectory. (bz#1756) ------------------------------- Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/Makefile,v retrieving revision 1.149 diff -u -p -r1.149 Makefile --- Makefile=0931 Aug 2010 02:46:43 -0000=091.149 +++ Makefile=0923 Sep 2010 15:38:15 -0000 @@ -6,8 +6,8 @@ # =20 PORTNAME=3D=09openssh -DISTVERSION=3D=095.2p1 -PORTREVISION=3D=092 +DISTVERSION=3D=095.6p1 +PORTREVISION=3D=090 PORTEPOCH=3D=091 CATEGORIES=3D=09security ipv6 .if defined(OPENSSH=5FSNAPSHOT) @@ -61,8 +61,6 @@ OPTIONS=3D=09PAM=09=09"Enable pam(3) support"=09=09=09= =09=09GSSAPI=09=09"Enable GSSAPI support (req: KERBEROS)"=09=09off \ =09=09KERB=5FGSSAPI=09"Enable Kerberos/GSSAPI patch (req: GSSAPI)"=09o= ff \ =09=09OPENSSH=5FCHROOT=09"Enable CHROOT support"=09=09=09=09off \ -=09=09OPENSC=09=09"Enable OpenSC smartcard support"=09=09off \ -=09=09OPENSCPINPATCH=09"Enable OpenSC PIN patch"=09=09=09off \ =09=09HPN=09=09"Enable HPN-SSH patch"=09=09=09=09off \ =09=09LPK=09=09"Enable LDAP Public Key (LPK) patch"=09=09off \ =09=09X509=09=09"Enable x509 certificate patch"=09=09=09off \ @@ -75,8 +73,8 @@ OPTIONS=3D=09PAM=09=09"Enable pam(3) support"=09=09=09= BROKEN=3D=09=09does not build .endif =20 -.if defined(WITH=5FX509) && ( defined(WITH=5FHPN) || defined(WITH=5FLP= K)) -BROKEN=3D=09=09X509 patch incompatible with HPN and LPK patches +.if defined(WITH=5FX509) && defined(WITH=5FHPN) +BROKEN=3D=09=09X509 patches and HPN patches do not apply cleanly toget= her .endif =20 .if defined(WITH=5FX509) && defined(WITH=5FKERB=5FGSSAPI) @@ -110,7 +108,9 @@ CONFIGURE=5FARGS+=3D=09--with-audit=3Dbsm .if !defined(WITHOUT=5FKERBEROS) .if defined(KRB5=5FHOME) && exists(${KRB5=5FHOME}) || defined(WITH=5FG= SSAPI) .if defined(WITH=5FKERB=5FGSSAPI) -PATCH=5FDIST=5FSTRIP=3D=09-p0 +# Latest GSSAPI patch is against 5.3 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN=3D=09=09=09upstream GSSAPI key exchange patch is not up to date= for OpenSSH 5.6p1 PATCH=5FSITES+=3D=09=09http://www.sxw.org.uk/computing/patches/ PATCHFILES+=3D=09=09openssh-5.2p1-gsskex-all-20090726.patch .endif @@ -145,48 +145,30 @@ CONFIGURE=5FARGS+=3D=09--with-ssl-dir=3D${OPENSS CFLAGS+=3D=09=09-DCHROOT .endif =20 -.if defined(WITH=5FOPENSC) -LIB=5FDEPENDS+=3D=09=09opensc.2:${PORTSDIR}/security/opensc -CONFIGURE=5FARGS+=3D=09--with-opensc=3D${LOCALBASE} -.endif - -# See http://bugzilla.mindrot.org/show=5Fbug.cgi=3Fid=3D608 -.if defined(WITH=5FOPENSCPINPATCH) -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/scardpin.patch -.endif - .if defined(WITH=5FHPN) -EXTRA=5FPATCHES+=3D=09${FILESDIR}/openssh-5.2p1-hpn13v6.diff +PATCH=5FSITES+=3D=09=09http://www.psc.edu/networking/projects/hpn-ssh/= +PATCHFILES+=3D=09=09openssh-5.6p1-hpn13v10.diff .endif =20 -# See http://dev.inversepath.com/trac/openssh-lpk +# See http://code.google.com/p/openssh-lpk/wiki/Main +# and svn repo described here: +# http://code.google.com/p/openssh-lpk/source/checkout .if defined(WITH=5FLPK) -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10.= patch +# Latest LPK patch is against 5.4p1 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN=3D=09=09=09latest upstream LDAP public key patch is not up to d= ate for OpenSSH 5.6p1 +EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/contrib-openssh-lpk-5.4p1-0.3.13.= patch USE=5FOPENLDAP=3D=09=09yes -CPPFLAGS+=3D=09=09"-I${LOCALBASE}/include -DWITH=5FLDAP=5FPUBKEY" +CPPFLAGS+=3D=09=09-I${LOCALBASE}/include CONFIGURE=5FARGS+=3D=09--with-libs=3D'-lldap' --with-ldflags=3D'-L${LO= CALBASE}/lib' \ -=09=09=09--with-cppflags=3D'-I${LOCALBASE}/include -DWITH=5FLDAP=5FPUB= KEY' -.endif - -# resolve some patches incompatibility between LPK and HPN patches - -.if defined(WITH=5FHPN) && defined(WITH=5FLPK) -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/lpk+hpn-servconf.c.patch -.elif defined(WITH=5FHPN) && !defined(WITH=5FLPK) -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/openssh-5.2p1-hpn13v6-servconf.c.= diff -.elif defined(WITH=5FLPK) && !defined(WITH=5FHPN) -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10-= servconf.c.patch -.endif - -.if defined(WITH=5FLPK) && ${ARCH} =3D=3D "amd64" -EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/contrib-openssh-5.1=5Fp1-lpk-64bi= t.patch +=09=09=09--with-cppflags=3D'${CPPFLAGS}' --with=5Fldap=3Dyes .endif =20 # See http://www.roumenpetrov.info/openssh/ .if defined(WITH=5FX509) PATCH=5FDIST=5FSTRIP=3D=09-p1 -PATCH=5FSITES+=3D=09=09http://www.roumenpetrov.info/openssh/x509-6.2/ -PATCHFILES+=3D=09=09openssh-5.2p1+x509-6.2.diff.gz +PATCH=5FSITES+=3D=09=09http://www.roumenpetrov.info/openssh/x509-6.2.3= / +PATCHFILES+=3D=09=09openssh-5.6p1+x509-6.2.3.diff.gz PLIST=5FSUB+=3D=09=09X509=3D"" .else PLIST=5FSUB+=3D=09=09X509=3D"@comment " @@ -194,6 +176,9 @@ PLIST=5FSUB+=3D=09=09X509=3D"@comment " =20 # See http://sftpfilecontrol.sourceforge.net/ .if defined(WITH=5FFILECONTROL) +# Latest sftpfilecontrol patch is against 5.4p1 which does not apply +# cleanly against 5.6p1, but it's close. +BROKEN=3D=09=09=09latest upstream sftp file control public key patch i= s not up to date for OpenSSH 5.6p1 EXTRA=5FPATCHES+=3D=09=09${FILESDIR}/openssh-${DISTVERSION}.sftpfileco= ntrol-v1.3.patch .endif =20 Index: distinfo =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/distinfo,v retrieving revision 1.51 diff -u -p -r1.51 distinfo --- distinfo=0918 Sep 2009 14:05:52 -0000=091.51 +++ distinfo=0923 Sep 2010 15:14:09 -0000 @@ -1,9 +1,9 @@ -MD5 (openssh-5.2p1.tar.gz) =3D ada79c7328a8551bdf55c95e631e7dad -SHA256 (openssh-5.2p1.tar.gz) =3D 4023710c37d0b3d79e6299cb79b6de2a31db= 7d581fe59e775a5351784034ecae -SIZE (openssh-5.2p1.tar.gz) =3D 1016612 -MD5 (openssh-5.2p1+x509-6.2.diff.gz) =3D 8dbbfb743226864f6bb49b56e7777= 6d9 -SHA256 (openssh-5.2p1+x509-6.2.diff.gz) =3D 72cfb1e232b6ae0a9df6e8539a= 9f6b53db7c0a2141cf2e4dd65b407748fa9f34 -SIZE (openssh-5.2p1+x509-6.2.diff.gz) =3D 153010 -MD5 (openssh-5.2p1-gsskex-all-20090726.patch) =3D e5c116b4bc3f4b816206= e8403dd08af7 -SHA256 (openssh-5.2p1-gsskex-all-20090726.patch) =3D 6eb297d6fa74be332= 3c5e4f53df5b6e1f4edf6bf394e3e707c075846886e18e7 -SIZE (openssh-5.2p1-gsskex-all-20090726.patch) =3D 90959 +MD5 (openssh-5.6p1.tar.gz) =3D e6ee52e47c768bf0ec42a232b5d18fb0 +SHA256 (openssh-5.6p1.tar.gz) =3D 538af53b2b8162c21a293bb004ae2bdb141a= bd250f61b4cea55244749f3c6c2b +SIZE (openssh-5.6p1.tar.gz) =3D 1117952 +MD5 (openssh-5.6p1+x509-6.2.3.diff.gz) =3D a4be654ef64279e9deab6bd68d6= dce66 +SHA256 (openssh-5.6p1+x509-6.2.3.diff.gz) =3D 90977eded2ae5e71bc3b84aa= d8597442074742d78d471087d020e58dd58342ad +SIZE (openssh-5.6p1+x509-6.2.3.diff.gz) =3D 168109 +MD5 (openssh-5.6p1-hpn13v10.diff.gz) =3D d8bf6387791699f09bfb5e9c732db= 9d2 +SHA256 (openssh-5.6p1-hpn13v10.diff.gz) =3D 6a9ee815e8ffcc9068c3dce4ad= 4f2898fc0db6b768a3152280aceb8c06c8b450 +SIZE (openssh-5.6p1-hpn13v10.diff.gz) =3D 22988 Index: pkg-plist =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/pkg-plist,v= retrieving revision 1.17 diff -u -p -r1.17 pkg-plist --- pkg-plist=0916 Dec 2009 16:43:21 -0000=091.17 +++ pkg-plist=0930 Aug 2010 15:10:37 -0000 @@ -21,7 +21,6 @@ etc/ssh/sshd=5Fconfig-dist %%NOTBASE%%%%X509%%@dirrmtry etc/ssh/ca %%NOTBASE%%@dirrmtry etc/ssh sbin/sshd -share/Ssh.bin libexec/sftp-server libexec/ssh-keysign @exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi Index: files/patch-session.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch= -session.c,v retrieving revision 1.25 diff -u -p -r1.25 patch-session.c --- files/patch-session.c=0924 Mar 2009 17:26:18 -0000=091.25 +++ files/patch-session.c=0925 Aug 2010 23:31:57 -0000 @@ -1,6 +1,6 @@ ---- session.c.orig=092008-11-07 09:06:00.463747629 +0800 -+++ session.c=092008-11-07 23:35:15.063890103 +0800 -@@ -884,6 +884,24 @@ +--- session.c.orig=092010-06-25 18:00:15.000000000 -0600 ++++ session.c=092010-08-25 17:31:35.000000000 -0600 +@@ -893,6 +893,24 @@ { =09FILE *f; =09char buf[256]; @@ -25,9 +25,9 @@ =20 =09if (options.print=5Fmotd) { #ifdef HAVE=5FLOGIN=5FCAP -@@ -1113,6 +1131,9 @@ +@@ -1122,6 +1140,9 @@ =09struct passwd *pw =3D s->pw; - #ifndef HAVE=5FLOGIN=5FCAP + #if !defined (HAVE=5FLOGIN=5FCAP) && !defined (HAVE=5FCYGWIN) =09char *path =3D NULL; +#else +=09extern char **environ; @@ -35,7 +35,7 @@ #endif =20 =09/* Initialize the environment. */ -@@ -1134,6 +1155,9 @@ +@@ -1143,6 +1164,9 @@ =09} #endif =20 @@ -45,7 +45,7 @@ #ifdef GSSAPI =09/* Allow any GSSAPI methods that we've used to alter =09 * the childs environment as they see fit -@@ -1153,11 +1177,22 @@ +@@ -1162,11 +1186,22 @@ =09=09child=5Fset=5Fenv(&env, &envsize, "LOGIN", pw->pw=5Fname); #endif =09=09child=5Fset=5Fenv(&env, &envsize, "HOME", pw->pw=5Fdir); @@ -72,7 +72,7 @@ #else /* HAVE=5FLOGIN=5FCAP */ # ifndef HAVE=5FCYGWIN =09=09/* -@@ -1178,15 +1213,9 @@ +@@ -1187,15 +1222,9 @@ # endif /* HAVE=5FCYGWIN */ #endif /* HAVE=5FLOGIN=5FCAP */ =20 @@ -88,7 +88,7 @@ =20 =09/* Set custom environment options from RSA authentication. */ =09if (!options.use=5Flogin) { -@@ -1452,6 +1481,9 @@ +@@ -1467,6 +1496,9 @@ void do=5Fsetusercontext(struct passwd *pw) { @@ -98,7 +98,7 @@ =09char *chroot=5Fpath, *tmp; =20 #ifdef WITH=5FSELINUX -@@ -1477,8 +1509,25 @@ +@@ -1487,8 +1519,25 @@ =09=09=09do=5Fpam=5Fsetcred(use=5Fprivsep); =09=09} # endif /* USE=5FPAM */ @@ -125,7 +125,7 @@ =09=09=09perror("unable to set user context"); =09=09=09exit(1); =09=09} -@@ -1736,6 +1785,10 @@ +@@ -1761,6 +1810,10 @@ =09 */ =09environ =3D env; =20 @@ -136,13 +136,13 @@ #if defined(KRB5) && defined(USE=5FAFS) =09/* =09 * At this point, we check to see if AFS is active and if we have -@@ -1765,9 +1818,6 @@ +@@ -1790,9 +1843,6 @@ =09/* Change current directory to the user's home directory. */ =09if (chdir(pw->pw=5Fdir) < 0) { =09=09/* Suppress missing homedir warning for chroot case */ -#ifdef HAVE=5FLOGIN=5FCAP -=09=09r =3D login=5Fgetcapbool(lc, "requirehome", 0); -#endif - =09=09if (r || options.chroot=5Fdirectory =3D=3D NULL) + =09=09if (r || options.chroot=5Fdirectory =3D=3D NULL || + =09=09 strcasecmp(options.chroot=5Fdirectory, "none") =3D=3D 0) =09=09=09fprintf(stderr, "Could not chdir to home " - =09=09=09 "directory %s: %s\n", pw->pw=5Fdir, Index: files/patch-ssh.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch= -ssh.c,v retrieving revision 1.1 diff -u -p -r1.1 patch-ssh.c --- files/patch-ssh.c=091 Oct 2006 02:15:00 -0000=091.1 +++ files/patch-ssh.c=0925 Aug 2010 23:58:01 -0000 @@ -1,10 +1,13 @@ ---- ssh.c.orig=09Sat Sep 2 02:32:40 2006 -+++ ssh.c=09Sat Sep 30 10:38:05 2006 -@@ -639,6 +640,23 @@ +$FreeBSD$ + +Make the same change to use the canonical hostname as the base FreeBSD= ssh. + +--- ssh.c.orig=092010-08-16 09:59:31.000000000 -0600 ++++ ssh.c=092010-08-25 17:55:01.000000000 -0600 +@@ -699,6 +699,23 @@ + =09=09 "h", host, (char *)NULL); + =09} =20 - =09if (options.hostname !=3D NULL) - =09=09host =3D options.hostname; -+ +=09/* Find canonic host name. */ +=09if (strchr(host, '.') =3D=3D 0) { +=09=09struct addrinfo hints; @@ -21,6 +24,7 @@ +=09=09=09freeaddrinfo(ai); +=09=09} +=09} ++ + =09if (options.local=5Fcommand !=3D NULL) { + =09=09char thishost[NI=5FMAXHOST]; =20 - =09/* force lowercase for hostkey matching */ - =09if (options.host=5Fkey=5Falias !=3D NULL) { Index: files/patch-sshd=5Fconfig.5 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch= -sshd=5Fconfig.5,v retrieving revision 1.1 diff -u -p -r1.1 patch-sshd=5Fconfig.5 --- files/patch-sshd=5Fconfig.5=091 Oct 2006 02:15:00 -0000=091.1 +++ files/patch-sshd=5Fconfig.5=0931 Aug 2010 11:28:35 -0000 @@ -1,26 +1,17 @@ ---- sshd=5Fconfig.5.orig=09Tue Aug 29 22:06:34 2006 -+++ sshd=5Fconfig.5=09Sat Sep 30 10:39:07 2006 -@@ -169,9 +170,16 @@ - By default, no banner is displayed. +--- sshd=5Fconfig.5.orig=092010-07-01 21:37:17.000000000 -0600 ++++ sshd=5Fconfig.5=092010-08-31 05:27:27.000000000 -0600 +@@ -223,7 +223,9 @@ .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed. --All authentication styles from --.Xr login.conf 5 --are supported. -+Specifically, in -+.Fx , -+this controls the use of PAM (see -+.Xr pam 3 ) -+for authentication. -+Note that this affects the effectiveness of the -+.Cm PasswordAuthentication -+and -+.Cm PermitRootLogin -+variables. + Specifies whether challenge-response authentication is allowed (e.g. = via + PAM or though authentication styles supported in +-.Xr login.conf 5 ) ++.Xr login.conf 5 ) . ++See also ++.Cm UsePAM . The default is .Dq yes . - .It Cm Ciphers -@@ -554,7 +560,22 @@ + .It Cm ChrootDirectory +@@ -714,7 +716,22 @@ .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is @@ -43,7 +34,7 @@ .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. -@@ -597,7 +618,14 @@ +@@ -757,7 +774,14 @@ or .Dq no . The default is @@ -59,9 +50,9 @@ .Pp If this option is set to .Dq without-password , -@@ -704,7 +732,9 @@ - .Dq yes . - Note that this option applies to protocol version 2 only. +@@ -869,7 +893,9 @@ + Note that if this file is not readable, then public key authenticatio= n will + be refused for all users. .It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together +Specifies whether rhosts or @@ -70,7 +61,7 @@ with successful RSA host authentication is allowed. The default is .Dq no . -@@ -814,7 +844,7 @@ +@@ -1009,7 +1035,7 @@ .Xr sshd 8 as a non-root user. The default is @@ -79,7 +70,7 @@ .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 -@@ -839,7 +874,7 @@ +@@ -1034,7 +1060,7 @@ or .Dq no . The default is Index: files/contrib-openssh-5.1=5Fp1-lpk-64bit.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/contrib-openssh-5.1=5Fp1-lpk-64bit.patch diff -N files/contrib-openssh-5.1=5Fp1-lpk-64bit.patch --- files/contrib-openssh-5.1=5Fp1-lpk-64bit.patch=0921 Jun 2009 20:36:= 15 -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,44 +0,0 @@ -diff -Nuar --exclude '*.rej' servconf.c.orig servconf.c ---- servconf.c.orig=092008-08-23 15:02:47.000000000 -0700 -+++ servconf.c=092008-08-23 15:04:21.000000000 -0700 -@@ -701,6 +701,7 @@ - =09int cmdline =3D 0, *intptr, value, n; - =09SyslogFacility *log=5Ffacility=5Fptr; - =09LogLevel *log=5Flevel=5Fptr; -+ =09unsigned long lvalue, *longptr; - =09ServerOpCodes opcode; - =09u=5Fshort port; - =09u=5Fint i, flags =3D 0; -@@ -715,6 +716,7 @@ - =09if (!arg || !*arg || *arg =3D=3D '#') - =09=09return 0; - =09intptr =3D NULL; -+=09longptr =3D NULL; - =09charptr =3D NULL; - =09opcode =3D parse=5Ftoken(arg, filename, linenum, &flags); -=20 -@@ -1449,11 +1451,20 @@ - =09=09=09*intptr =3D value; - =09=09break; - =09case sBindTimeout: --=09=09intptr =3D (int *) &options->lpk.b=5Ftimeout.tv=5Fsec; --=09=09goto parse=5Fint; -+=09=09longptr =3D (unsigned long *) &options->lpk.b=5Ftimeout.tv=5Fse= c; -+parse=5Fulong: -+=09=09arg =3D strdelim(&cp); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: missing integer value.", -+=09=09=09 filename, linenum); -+=09=09lvalue =3D atol(arg); -+=09=09if (*activep && *longptr =3D=3D -1) -+=09=09=09*longptr =3D lvalue; -+=09=09break; -+ - =09case sSearchTimeout: --=09=09intptr =3D (int *) &options->lpk.s=5Ftimeout.tv=5Fsec; --=09=09goto parse=5Fint; -+=09=09longptr =3D (unsigned long *) &options->lpk.s=5Ftimeout.tv=5Fse= c; -+=09=09goto parse=5Fulong; - =09=09break; - =09case sLdapConf: - =09=09arg =3D cp; Index: files/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch diff -N files/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch --- files/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch=0921 Jun 20= 09 20:36:15 -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,213 +0,0 @@ ---- servconf.c.orig=092009-05-26 15:13:32.000000000 +0400 -+++ servconf.c=092009-05-26 15:24:39.000000000 +0400 -@@ -42,6 +42,10 @@ - #include "channels.h" - #include "groupaccess.h" -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+#include "ldapauth.h" -+#endif -+ - static void add=5Flisten=5Faddr(ServerOptions *, char *, int); - static void add=5Fone=5Flisten=5Faddr(ServerOptions *, char *, int); -=20 -@@ -128,6 +132,24 @@ - =09options->adm=5Fforced=5Fcommand =3D NULL; - =09options->chroot=5Fdirectory =3D NULL; - =09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D -1; -+#ifdef WITH=5FLDAP=5FPUBKEY -+ =09/* XXX dirty */ -+ =09options->lpk.ld =3D NULL; -+ =09options->lpk.on =3D -1; -+ =09options->lpk.servers =3D NULL; -+ =09options->lpk.u=5Fbasedn =3D NULL; -+ =09options->lpk.g=5Fbasedn =3D NULL; -+ =09options->lpk.binddn =3D NULL; -+ =09options->lpk.bindpw =3D NULL; -+ =09options->lpk.sgroup =3D NULL; -+ =09options->lpk.filter =3D NULL; -+ =09options->lpk.fgroup =3D NULL; -+ =09options->lpk.l=5Fconf =3D NULL; -+ =09options->lpk.tls =3D -1; -+ =09options->lpk.b=5Ftimeout.tv=5Fsec =3D -1; -+ =09options->lpk.s=5Ftimeout.tv=5Fsec =3D -1; -+ =09options->lpk.flags =3D FLAG=5FEMPTY; -+#endif - } -=20 - void -@@ -265,6 +287,32 @@ - =09=09options->permit=5Ftun =3D SSH=5FTUNMODE=5FNO; - =09if (options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D=3D -= 1) - =09=09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D 0; -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09if (options->lpk.on =3D=3D -1) -+=09 options->lpk.on =3D =5FDEFAULT=5FLPK=5FON; -+=09if (options->lpk.servers =3D=3D NULL) -+=09 options->lpk.servers =3D =5FDEFAULT=5FLPK=5FSERVERS; -+=09if (options->lpk.u=5Fbasedn =3D=3D NULL) -+=09 options->lpk.u=5Fbasedn =3D =5FDEFAULT=5FLPK=5FUDN; -+=09if (options->lpk.g=5Fbasedn =3D=3D NULL) -+=09 options->lpk.g=5Fbasedn =3D =5FDEFAULT=5FLPK=5FGDN; -+=09if (options->lpk.binddn =3D=3D NULL) -+=09 options->lpk.binddn =3D =5FDEFAULT=5FLPK=5FBINDDN; -+=09if (options->lpk.bindpw =3D=3D NULL) -+=09 options->lpk.bindpw =3D =5FDEFAULT=5FLPK=5FBINDPW; -+=09if (options->lpk.sgroup =3D=3D NULL) -+=09 options->lpk.sgroup =3D =5FDEFAULT=5FLPK=5FSGROUP; -+=09if (options->lpk.filter =3D=3D NULL) -+=09 options->lpk.filter =3D =5FDEFAULT=5FLPK=5FFILTER; -+=09if (options->lpk.tls =3D=3D -1) -+=09 options->lpk.tls =3D =5FDEFAULT=5FLPK=5FTLS; -+=09if (options->lpk.b=5Ftimeout.tv=5Fsec =3D=3D -1) -+=09 options->lpk.b=5Ftimeout.tv=5Fsec =3D =5FDEFAULT=5FLPK=5FBTIME= OUT; -+=09if (options->lpk.s=5Ftimeout.tv=5Fsec =3D=3D -1) -+=09 options->lpk.s=5Ftimeout.tv=5Fsec =3D =5FDEFAULT=5FLPK=5FSTIME= OUT; -+=09if (options->lpk.l=5Fconf =3D=3D NULL) -+=09 options->lpk.l=5Fconf =3D =5FDEFAULT=5FLPK=5FLDP; -+#endif -=20 - =09/* Turn privilege separation on by default */ - =09if (use=5Fprivsep =3D=3D -1) -@@ -311,6 +359,12 @@ - =09sUsePrivilegeSeparation, sAllowAgentForwarding, - =09sZeroKnowledgePasswordAuthentication, - =09sDeprecated, sUnsupported -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09,sLdapPublickey, sLdapServers, sLdapUserDN -+=09,sLdapGroupDN, sBindDN, sBindPw, sMyGroup -+=09,sLdapFilter, sForceTLS, sBindTimeout -+=09,sSearchTimeout, sLdapConf -+#endif - } ServerOpCodes; -=20 - #define SSHCFG=5FGLOBAL=090x01=09/* allowed in main section of sshd=5F= config */ -@@ -421,6 +475,20 @@ - =09{ "clientalivecountmax", sClientAliveCountMax, SSHCFG=5FGLOBAL }, - =09{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG=5FGLOBAL }, - =09{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG=5FGLOBAL }, -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09{ =5FDEFAULT=5FLPK=5FTOKEN, sLdapPublickey, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FSRV=5FTOKEN, sLdapServers, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FUSR=5FTOKEN, sLdapUserDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FGRP=5FTOKEN, sLdapGroupDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBDN=5FTOKEN, sBindDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBPW=5FTOKEN, sBindPw, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FMYG=5FTOKEN, sMyGroup, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FFIL=5FTOKEN, sLdapFilter, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FTLS=5FTOKEN, sForceTLS, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBTI=5FTOKEN, sBindTimeout, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FSTI=5FTOKEN, sSearchTimeout, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FLDP=5FTOKEN, sLdapConf, SSHCFG=5FGLOBAL }, -+#endif - =09{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG=5FGLOB= AL }, - =09{ "acceptenv", sAcceptEnv, SSHCFG=5FGLOBAL }, - =09{ "permittunnel", sPermitTunnel, SSHCFG=5FGLOBAL }, -@@ -1311,6 +1379,107 @@ - =09=09while (arg) - =09=09 arg =3D strdelim(&cp); - =09=09break; -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09case sLdapPublickey: -+=09=09intptr =3D &options->lpk.on; -+=09=09goto parse=5Fflag; -+=09case sLdapServers: -+=09=09/* arg =3D strdelim(&cp); */ -+=09=09p =3D line; -+=09=09while(*p++); -+=09=09arg =3D p; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09if ((options->lpk.servers =3D ldap=5Fparse=5Fservers(arg)) =3D=3D= NULL) -+=09=09 fatal("%s line %d: error in ldap servers", filename, linenu= m); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapUserDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.u=5Fbasedn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapGroupDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.g=5Fbasedn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sBindDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing binddn",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.binddn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sBindPw: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing bindpw",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.bindpw =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sMyGroup: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing groupname",filename, linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.sgroup =3D xstrdup(arg); -+=09=09if (options->lpk.sgroup) -+=09=09 options->lpk.fgroup =3D ldap=5Fparse=5Fgroups(options->lpk.= sgroup); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapFilter: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing filter",filename, linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.filter =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sForceTLS: -+=09=09intptr =3D &options->lpk.tls; -+=09=09arg =3D strdelim(&cp); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: missing yes/no argument.", -+=09=09=09 filename, linenum); -+=09=09value =3D 0;=09/* silence compiler */ -+=09=09if (strcmp(arg, "yes") =3D=3D 0) -+=09=09=09value =3D 1; -+=09=09else if (strcmp(arg, "no") =3D=3D 0) -+=09=09=09value =3D 0; -+=09=09else if (strcmp(arg, "try") =3D=3D 0) -+=09=09=09value =3D -1; -+=09=09else -+=09=09=09fatal("%s line %d: Bad yes/no argument: %s", -+=09=09=09=09filename, linenum, arg); -+=09=09if (*intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+=09case sBindTimeout: -+=09=09intptr =3D (int *) &options->lpk.b=5Ftimeout.tv=5Fsec; -+=09=09goto parse=5Fint; -+=09case sSearchTimeout: -+=09=09intptr =3D (int *) &options->lpk.s=5Ftimeout.tv=5Fsec; -+=09=09goto parse=5Fint; -+=09=09break; -+=09case sLdapConf: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing LpkLdapConf", filename, linenum)= ; -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.l=5Fconf =3D xstrdup(arg); -+=09=09memset(arg, 0, strlen(arg)); -+=09=09break; -+#endif -=20 - =09default: - =09=09fatal("%s line %d: Missing handler for opcode %s (%d)", Index: files/contrib-openssh-lpk-5.1p1-0.3.10.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/contrib-openssh-lpk-5.1p1-0.3.10.patch diff -N files/contrib-openssh-lpk-5.1p1-0.3.10.patch --- files/contrib-openssh-lpk-5.1p1-0.3.10.patch=0921 Jun 2009 20:36:15= -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,1682 +0,0 @@ -This is a forward-port of the OpenSSH LPK support patch. - -It adds support for storing OpenSSH public keys in LDAP. It also suppo= rts -grouping of machines in the LDAP data to limit users to specific machi= nes. - -The latest homepage for the LPK project is: -http://code.google.com/p/openssh-lpk/ - -The 0.3.10 version of the patch includes a fix for 64-bit platforms, a= s -discovered by Gentoo, where the bind timeout and search timeout values= were not -being parsed correctly: http://bugs.gentoo.org/210110 - -Forward-ported-from: openssh-lpk-5.1p1-0.3.9.patch -Signed-off-by: Robin H. Johnson - -diff -Nuar --exclude '*.orig' --exclude '*.rej' auth2-pubkey.c auth2-p= ubkey.c ---- auth2-pubkey.c=092008-07-03 19:54:25.000000000 -0700 -+++ auth2-pubkey.c=092008-08-23 15:02:47.000000000 -0700 -@@ -55,6 +55,10 @@ - #include "monitor=5Fwrap.h" - #include "misc.h" -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+#include "ldapauth.h" -+#endif -+ - /* import */ - extern ServerOptions options; - extern u=5Fchar *session=5Fid2; -@@ -187,10 +191,79 @@ - =09u=5Flong linenum =3D 0; - =09Key *found; - =09char *fp; -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09ldap=5Fkey=5Ft * k; -+=09unsigned int i =3D 0; -+#endif -=20 - =09/* Temporarily use the user's uid. */ - =09temporarily=5Fuse=5Fuid(pw); -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+ =09found=5Fkey =3D 0; -+ =09/* allocate a new key type */ -+ =09found =3D key=5Fnew(key->type); -+=20 -+ =09/* first check if the options is enabled, then try.. */ -+=09if (options.lpk.on) { -+=09 debug("[LDAP] trying LDAP first uid=3D%s",pw->pw=5Fname); -+=09 if (ldap=5Fismember(&options.lpk, pw->pw=5Fname) > 0) { -+=09=09if ((k =3D ldap=5Fgetuserkey(&options.lpk, pw->pw=5Fname)) !=3D= NULL) { -+=09=09 /* Skip leading whitespace, empty and comment lines. */ -+=09=09 for (i =3D 0 ; i < k->num ; i++) { -+=09=09=09/* dont forget if multiple keys to reset options */ -+=09=09=09char *cp, *options =3D NULL; -+ -+=09=09=09for (cp =3D (char *)k->keys[i]->bv=5Fval; *cp =3D=3D ' ' || = *cp =3D=3D '\t'; cp++) -+=09=09=09 ; -+=09=09=09if (!*cp || *cp =3D=3D '\n' || *cp =3D=3D '#') -+=09=09=09 continue; -+ -+=09=09=09if (key=5Fread(found, &cp) !=3D 1) { -+=09=09=09 /* no key=3F check if there are options for this key */= -+=09=09=09 int quoted =3D 0; -+=09=09=09 debug2("[LDAP] user=5Fkey=5Fallowed: check options: '%s'= ", cp); -+=09=09=09 options =3D cp; -+=09=09=09 for (; *cp && (quoted || (*cp !=3D ' ' && *cp !=3D '\t')= ); cp++) { -+=09=09=09=09if (*cp =3D=3D '\\' && cp[1] =3D=3D '"') -+=09=09=09=09 cp++;=09/* Skip both */ -+=09=09=09=09else if (*cp =3D=3D '"') -+=09=09=09=09 quoted =3D !quoted; -+=09=09=09 } -+=09=09=09 /* Skip remaining whitespace. */ -+=09=09=09 for (; *cp =3D=3D ' ' || *cp =3D=3D '\t'; cp++) -+=09=09=09=09; -+=09=09=09 if (key=5Fread(found, &cp) !=3D 1) { -+=09=09=09=09debug2("[LDAP] user=5Fkey=5Fallowed: advance: '%s'", cp);= -+=09=09=09=09/* still no key=3F advance to next line*/ -+=09=09=09=09continue; -+=09=09=09 } -+=09=09=09} -+ -+=09=09=09if (key=5Fequal(found, key) && -+=09=09=09=09auth=5Fparse=5Foptions(pw, options, file, linenum) =3D=3D= 1) { -+=09=09=09 found=5Fkey =3D 1; -+=09=09=09 debug("[LDAP] matching key found"); -+=09=09=09 fp =3D key=5Ffingerprint(found, SSH=5FFP=5FMD5, SSH=5FFP= =5FHEX); -+=09=09=09 verbose("[LDAP] Found matching %s key: %s", key=5Ftype(f= ound), fp); -+ -+=09=09=09 /* restoring memory */ -+=09=09=09 ldap=5Fkeys=5Ffree(k); -+=09=09=09 xfree(fp); -+=09=09=09 restore=5Fuid(); -+=09=09=09 key=5Ffree(found); -+=09=09=09 return found=5Fkey; -+=09=09=09 break; -+=09=09=09} -+=09=09 }/* end of LDAP for() */ -+=09=09} else { -+=09=09 logit("[LDAP] no keys found for '%s'!", pw->pw=5Fname); -+=09=09} -+=09 } else { -+=09=09logit("[LDAP] '%s' is not in '%s'", pw->pw=5Fname, options.lpk.= sgroup); -+=09 } -+=09} -+#endif - =09debug("trying public key file %s", file); - =09f =3D auth=5Fopenkeyfile(file, pw, options.strict=5Fmodes); -=20 -diff -Nuar --exclude '*.orig' --exclude '*.rej' auth-rsa.c auth-rsa.c ---- auth-rsa.c=092008-07-02 05:37:30.000000000 -0700 -+++ auth-rsa.c=092008-08-23 15:02:47.000000000 -0700 -@@ -174,10 +174,96 @@ - =09FILE *f; - =09u=5Flong linenum =3D 0; - =09Key *key; -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09ldap=5Fkey=5Ft * k; -+=09unsigned int i =3D 0; -+#endif -=20 - =09/* Temporarily use the user's uid. */ - =09temporarily=5Fuse=5Fuid(pw); -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09/* here is the job */ -+=09key =3D key=5Fnew(KEY=5FRSA1); -+ -+=09if (options.lpk.on) { -+=09 debug("[LDAP] trying LDAP first uid=3D%s", pw->pw=5Fname); -+=09 if ( ldap=5Fismember(&options.lpk, pw->pw=5Fname) > 0) { -+=09=09if ( (k =3D ldap=5Fgetuserkey(&options.lpk, pw->pw=5Fname)) !=3D= NULL) { -+=09=09 for (i =3D 0 ; i < k->num ; i++) { -+=09=09=09char *cp, *options =3D NULL; -+ -+=09=09=09for (cp =3D k->keys[i]->bv=5Fval; *cp =3D=3D ' ' || *cp =3D=3D= '\t'; cp++) -+=09=09=09 ; -+=09=09=09if (!*cp || *cp =3D=3D '\n' || *cp =3D=3D '#') -+=09=09=09 continue; -+ -+=09=09=09/* -+=09=09=09* Check if there are options for this key, and if so, -+=09=09=09* save their starting address and skip the option part -+=09=09=09* for now. If there are no options, set the starting -+=09=09=09* address to NULL. -+=09=09=09 */ -+=09=09=09if (*cp < '0' || *cp > '9') { -+=09=09=09 int quoted =3D 0; -+=09=09=09 options =3D cp; -+=09=09=09 for (; *cp && (quoted || (*cp !=3D ' ' && *cp !=3D '\t')= ); cp++) { -+=09=09=09=09if (*cp =3D=3D '\\' && cp[1] =3D=3D '"') -+=09=09=09=09 cp++;=09/* Skip both */ -+=09=09=09=09else if (*cp =3D=3D '"') -+=09=09=09=09 quoted =3D !quoted; -+=09=09=09 } -+=09=09=09} else -+=09=09=09 options =3D NULL; -+ -+=09=09=09/* Parse the key from the line. */ -+=09=09=09if (hostfile=5Fread=5Fkey(&cp, &bits, key) =3D=3D 0) { -+=09=09=09 debug("[LDAP] line %d: non ssh1 key syntax", i); -+=09=09=09 continue; -+=09=09=09} -+=09=09=09/* cp now points to the comment part. */ -+ -+=09=09=09/* Check if the we have found the desired key (identified by= its modulus). */ -+=09=09=09if (BN=5Fcmp(key->rsa->n, client=5Fn) !=3D 0) -+=09=09=09 continue; -+ -+=09=09=09/* check the real bits */ -+=09=09=09if (bits !=3D (unsigned int)BN=5Fnum=5Fbits(key->rsa->n)) -+=09=09=09 logit("[LDAP] Warning: ldap, line %lu: keysize mismatch:= " -+=09=09=09=09 "actual %d vs. announced %d.", (unsigned long)i, BN=5F= num=5Fbits(key->rsa->n), bits); -+ -+=09=09=09/* We have found the desired key. */ -+=09=09=09/* -+=09=09=09* If our options do not allow this key to be used, -+=09=09=09* do not send challenge. -+=09=09=09 */ -+=09=09=09if (!auth=5Fparse=5Foptions(pw, options, "[LDAP]", (unsigned= long) i)) -+=09=09=09 continue; -+ -+=09=09=09/* break out, this key is allowed */ -+=09=09=09allowed =3D 1; -+ -+=09=09=09/* add the return stuff etc... */ -+=09=09=09/* Restore the privileged uid. */ -+=09=09=09restore=5Fuid(); -+ -+=09=09=09/* return key if allowed */ -+=09=09=09if (allowed && rkey !=3D NULL) -+=09=09=09 *rkey =3D key; -+=09=09=09else -+=09=09=09 key=5Ffree(key); -+ -+=09=09=09ldap=5Fkeys=5Ffree(k); -+=09=09=09return (allowed); -+=09=09 } -+=09=09} else { -+=09=09 logit("[LDAP] no keys found for '%s'!", pw->pw=5Fname); -+=09=09} -+=09 } else { -+=09=09logit("[LDAP] '%s' is not in '%s'", pw->pw=5Fname, options.lpk.= sgroup); -+=09 } -+=09} -+#endif - =09/* The authorized keys. */ - =09file =3D authorized=5Fkeys=5Ffile(pw); - =09debug("trying public RSA key file %s", file); -diff -Nuar --exclude '*.orig' --exclude '*.rej' config.h.in config.h.i= n ---- config.h.in=092008-07-21 01:30:49.000000000 -0700 -+++ config.h.in=092008-08-23 15:02:47.000000000 -0700 -@@ -560,6 +560,9 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE=5FLINUX=5FIF=5FTUN=5FH -=20 -+/* Define if you want LDAP support */ -+#undef WITH=5FLDAP=5FPUBKEY -+ - /* Define if your libraries define login() */ - #undef HAVE=5FLOGIN -=20 -diff -Nuar --exclude '*.orig' --exclude '*.rej' configure configure ---- configure=092008-07-21 01:30:50.000000000 -0700 -+++ configure=092008-08-23 15:02:47.000000000 -0700 -@@ -1340,6 +1340,7 @@ - --with-tcp-wrappers[=3DPATH] Enable tcpwrappers support (optionally= in PATH) - --with-libedit[=3DPATH] Enable libedit support for sftp - --with-audit=3Dmodule Enable EXPERIMENTAL audit support (module= s=3Ddebug,bsm) -+ --with-ldap[=3DPATH] Enable LDAP pubkey support (optionally in= PATH) - --with-ssl-dir=3DPATH Specify path to OpenSSL installation - --without-openssl-header-check Disable OpenSSL version consistency = check - --with-ssl-engine Enable OpenSSL (hardware) ENGINE support -@@ -12568,6 +12569,85 @@ - fi -=20 -=20 -+# Check whether user wants LDAP support -+LDAP=5FMSG=3D"no" -+ -+# Check whether --with-ldap was given. -+if test "${with=5Fldap+set}" =3D set; then -+ withval=3D$with=5Fldap; -+=09=09if test "x$withval" !=3D "xno" ; then -+ -+=09=09=09if test "x$withval" !=3D "xyes" ; then -+=09=09=09=09CPPFLAGS=3D"$CPPFLAGS -I${withval}/include" -+=09=09=09=09LDFLAGS=3D"$LDFLAGS -L${withval}/lib" -+=09=09=09fi -+ -+ -+cat >>confdefs.h <<\=5FACEOF -+#define WITH=5FLDAP=5FPUBKEY 1 -+=5FACEOF -+ -+=09=09=09LIBS=3D"-lldap $LIBS" -+=09=09=09LDAP=5FMSG=3D"yes" -+ -+=09=09=09{ echo "$as=5Fme:$LINENO: checking for LDAP support" >&5 -+echo $ECHO=5FN "checking for LDAP support... $ECHO=5FC" >&6; } -+=09=09=09cat >conftest.$ac=5Fext <<=5FACEOF -+/* confdefs.h. */ -+=5FACEOF -+cat confdefs.h >>conftest.$ac=5Fext -+cat >>conftest.$ac=5Fext <<=5FACEOF -+/* end confdefs.h. */ -+#include -+=09=09=09=09 #include -+int -+main () -+{ -+(void)ldap=5Finit(0, 0); -+ ; -+ return 0; -+} -+=5FACEOF -+rm -f conftest.$ac=5Fobjext -+if { (ac=5Ftry=3D"$ac=5Fcompile" -+case "(($ac=5Ftry" in -+ *\"* | *\`* | *\\*) ac=5Ftry=5Fecho=3D\$ac=5Ftry;; -+ *) ac=5Ftry=5Fecho=3D$ac=5Ftry;; -+esac -+eval "echo \"\$as=5Fme:$LINENO: $ac=5Ftry=5Fecho\"") >&5 -+ (eval "$ac=5Fcompile") 2>conftest.er1 -+ ac=5Fstatus=3D$=3F -+ grep -v '^ *+' conftest.er1 >conftest.err -+ rm -f conftest.er1 -+ cat conftest.err >&5 -+ echo "$as=5Fme:$LINENO: \$=3F =3D $ac=5Fstatus" >&5 -+ (exit $ac=5Fstatus); } && { -+=09 test -z "$ac=5Fc=5Fwerror=5Fflag" || -+=09 test ! -s conftest.err -+ } && test -s conftest.$ac=5Fobjext; then -+ { echo "$as=5Fme:$LINENO: result: yes" >&5 -+echo "${ECHO=5FT}yes" >&6; } -+else -+ echo "$as=5Fme: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac=5Fext >&5 -+ -+ -+=09=09=09=09 { echo "$as=5Fme:$LINENO: result: no" >&5 -+echo "${ECHO=5FT}no" >&6; } -+=09=09=09=09=09{ { echo "$as=5Fme:$LINENO: error: ** Incomplete or mi= ssing ldap libraries **" >&5 -+echo "$as=5Fme: error: ** Incomplete or missing ldap libraries **" >&= 2;} -+ { (exit 1); exit 1; }; } -+ -+ -+fi -+ -+rm -f core conftest.err conftest.$ac=5Fobjext conftest.$ac=5Fext -+=09=09fi -+ -+ -+fi -+ -+ -=20 -=20 -=20 -@@ -30135,6 +30215,7 @@ - echo " Smartcard support: $SCARD=5FMSG" - echo " S/KEY support: $SKEY=5FMSG" - echo " TCP Wrappers support: $TCPW=5FMSG" -+echo " LDAP support: $LDAP=5FMSG" - echo " MD5 password support: $MD5=5FMSG" - echo " libedit support: $LIBEDIT=5FMSG" - echo " Solaris process contract support: $SPC=5FMSG" -diff -Nuar --exclude '*.orig' --exclude '*.rej' configure.ac configure= .ac ---- configure.ac=092008-07-09 04:07:19.000000000 -0700 -+++ configure.ac=092008-08-23 15:02:47.000000000 -0700 -@@ -1299,6 +1299,37 @@ - =09esac ] - ) -=20 -+# Check whether user wants LDAP support -+LDAP=5FMSG=3D"no" -+AC=5FARG=5FWITH(ldap, -+=09[ --with-ldap[[=3DPATH]] Enable LDAP pubkey support (optiona= lly in PATH)], -+=09[ -+=09=09if test "x$withval" !=3D "xno" ; then -+ -+=09=09=09if test "x$withval" !=3D "xyes" ; then -+=09=09=09=09CPPFLAGS=3D"$CPPFLAGS -I${withval}/include" -+=09=09=09=09LDFLAGS=3D"$LDFLAGS -L${withval}/lib" -+=09=09=09fi -+ -+=09=09=09AC=5FDEFINE([WITH=5FLDAP=5FPUBKEY], 1, [Enable LDAP pubkey s= upport]) -+=09=09=09LIBS=3D"-lldap $LIBS" -+=09=09=09LDAP=5FMSG=3D"yes" -+=09 -+=09=09=09AC=5FMSG=5FCHECKING([for LDAP support]) -+=09=09=09AC=5FTRY=5FCOMPILE( -+=09=09=09=09[#include -+=09=09=09=09 #include ], -+=09=09=09=09[(void)ldap=5Finit(0, 0);], -+=09=09=09=09[AC=5FMSG=5FRESULT(yes)], -+=09=09=09=09[ -+=09=09=09=09 AC=5FMSG=5FRESULT(no)=20 -+=09=09=09=09=09AC=5FMSG=5FERROR([** Incomplete or missing ldap librar= ies **]) -+=09=09=09=09] -+ =09) -+=09=09fi -+=09] -+) -+ - dnl Checks for library functions. Please keep in alphabetical orde= r - AC=5FCHECK=5FFUNCS( \ - =09arc4random \ -@@ -4137,6 +4168,7 @@ - echo " Smartcard support: $SCARD=5FMSG" - echo " S/KEY support: $SKEY=5FMSG" - echo " TCP Wrappers support: $TCPW=5FMSG" -+echo " LDAP support: $LDAP=5FMSG" - echo " MD5 password support: $MD5=5FMSG" - echo " libedit support: $LIBEDIT=5FMSG" - echo " Solaris process contract support: $SPC=5FMSG" -diff -Nuar --exclude '*.orig' --exclude '*.rej' ldapauth.c ldapauth.c ---- ldapauth.c=091969-12-31 16:00:00.000000000 -0800 -+++ ldapauth.c=092008-08-23 15:02:47.000000000 -0700 -@@ -0,0 +1,575 @@ -+/*=20 -+ * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau E= xp $ -+ */ -+ -+/* -+ * -+ * Copyright (c) 2005, Eric AUGE -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without= modification, are permitted provided that the following conditions are= met: -+ * -+ * Redistributions of source code must retain the above copyright not= ice, this list of conditions and the following disclaimer. -+ * Redistributions in binary form must reproduce the above copyright = notice, this list of conditions and the following disclaimer in the doc= umentation and/or other materials provided with the distribution. -+ * Neither the name of the phear.org nor the names of its contributor= s may be used to endorse or promote products derived from this software= without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTOR= S "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,=20 -+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND = FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.=20 -+ * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FO= R ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,=20 -+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREME= NT OF SUBSTITUTE GOODS OR SERVICES;=20 -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER C= AUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI= LITY,=20 -+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT= OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUC= H DAMAGE. -+ * -+ * -+ */ -+ -+#include "includes.h" -+ -+#ifdef WITH=5FLDAP=5FPUBKEY -+ -+#include -+#include -+#include -+#include -+ -+#include "ldapauth.h" -+#include "log.h" -+ -+static char *attrs[] =3D { -+ PUBKEYATTR, -+ NULL -+}; -+ -+/* filter building infos */ -+#define FILTER=5FGROUP=5FPREFIX "(&(objectclass=3DposixGroup)" -+#define FILTER=5FOR=5FPREFIX "(|" -+#define FILTER=5FOR=5FSUFFIX ")" -+#define FILTER=5FCN=5FPREFIX "(cn=3D" -+#define FILTER=5FCN=5FSUFFIX ")" -+#define FILTER=5FUID=5FFORMAT "(memberUid=3D%s)" -+#define FILTER=5FGROUP=5FSUFFIX ")" -+#define FILTER=5FGROUP=5FSIZE(group) (size=5Ft) (strlen(group)+(ldap=5F= count=5Fgroup(group)*5)+52) -+ -+/* just filter building stuff */ -+#define REQUEST=5FGROUP=5FSIZE(filter, uid) (size=5Ft) (strlen(filter= )+strlen(uid)+1) -+#define REQUEST=5FGROUP(buffer, prefilter, pwname) \ -+ buffer =3D (char *) calloc(REQUEST=5FGROUP=5FSIZE(prefilter, pwna= me), sizeof(char)); \ -+ if (!buffer) { \ -+ perror("calloc()"); \ -+ return FAILURE; \ -+ } \ -+ snprintf(buffer, REQUEST=5FGROUP=5FSIZE(prefilter,pwname), prefil= ter, pwname) -+/* -+XXX OLD group building macros -+#define REQUEST=5FGROUP=5FSIZE(grp, uid) (size=5Ft) (strlen(grp)+strl= en(uid)+46) -+#define REQUEST=5FGROUP(buffer,pwname,grp) \ -+ buffer =3D (char *) calloc(REQUEST=5FGROUP=5FSIZE(grp, pwname), s= izeof(char)); \ -+ if (!buffer) { \ -+ perror("calloc()"); \ -+ return FAILURE; \ -+ } \ -+ snprintf(buffer,REQUEST=5FGROUP=5FSIZE(grp,pwname),"(&(objectclas= s=3DposixGroup)(cn=3D%s)(memberUid=3D%s))",grp,pwname) -+ */ -+ -+/* -+XXX stock upstream version without extra filter support -+#define REQUEST=5FUSER=5FSIZE(uid) (size=5Ft) (strlen(uid)+64) -+#define REQUEST=5FUSER(buffer, pwname) \ -+ buffer =3D (char *) calloc(REQUEST=5FUSER=5FSIZE(pwname), sizeof(= char)); \ -+ if (!buffer) { \ -+ perror("calloc()"); \ -+ return NULL; \ -+ } \ -+ snprintf(buffer,REQUEST=5FUSER=5FSIZE(pwname),"(&(objectclass=3Dp= osixAccount)(objectclass=3DldapPublicKey)(uid=3D%s))",pwname) -+ */ -+ -+#define REQUEST=5FUSER=5FSIZE(uid, filter) (size=5Ft) (strlen(uid)+64= +(filter !=3D NULL =3F strlen(filter) : 0)) -+#define REQUEST=5FUSER(buffer, pwname, customfilter) \ -+ buffer =3D (char *) calloc(REQUEST=5FUSER=5FSIZE(pwname, customfi= lter), sizeof(char)); \ -+ if (!buffer) { \ -+ perror("calloc()"); \ -+ return NULL; \ -+ } \ -+ snprintf(buffer, REQUEST=5FUSER=5FSIZE(pwname, customfilter), \ -+ =09"(&(objectclass=3DposixAccount)(objectclass=3DldapPublicKey)(u= id=3D%s)%s)", \ -+=09pwname, (customfilter !=3D NULL =3F customfilter : "")) -+ -+/* some portable and working tokenizer, lame though */ -+static int tokenize(char ** o, size=5Ft size, char * input) { -+ unsigned int i =3D 0, num; -+ const char * charset =3D " \t"; -+ char * ptr =3D input; -+ -+ /* leading white spaces are ignored */ -+ num =3D strspn(ptr, charset); -+ ptr +=3D num; -+ -+ while ((num =3D strcspn(ptr, charset))) { -+ if (i < size-1) { -+ o[i++] =3D ptr; -+ ptr +=3D num; -+ if (*ptr) -+ *ptr++ =3D '\0'; -+ } -+ } -+ o[i] =3D NULL; -+ return SUCCESS; -+} -+ -+void ldap=5Fclose(ldap=5Fopt=5Ft * ldap) { -+ -+ if (!ldap) -+ return; -+ -+ if ( ldap=5Funbind=5Fext(ldap->ld, NULL, NULL) < 0) -+=09ldap=5Fperror(ldap->ld, "ldap=5Funbind()"); -+ -+ ldap->ld =3D NULL; -+ FLAG=5FSET=5FDISCONNECTED(ldap->flags); -+ -+ return; -+} -+ -+/* init && bind */ -+int ldap=5Fconnect(ldap=5Fopt=5Ft * ldap) { -+ int version =3D LDAP=5FVERSION3; -+ -+ if (!ldap->servers) -+ return FAILURE; -+ -+ /* Connection Init and setup */ -+ ldap->ld =3D ldap=5Finit(ldap->servers, LDAP=5FPORT); -+ if (!ldap->ld) { -+ ldap=5Fperror(ldap->ld, "ldap=5Finit()"); -+ return FAILURE; -+ } -+ -+ if ( ldap=5Fset=5Foption(ldap->ld, LDAP=5FOPT=5FPROTOCOL=5FVERSIO= N, &version) !=3D LDAP=5FOPT=5FSUCCESS) { -+ ldap=5Fperror(ldap->ld, "ldap=5Fset=5Foption(LDAP=5FOPT=5FPRO= TOCOL=5FVERSION)"); -+ return FAILURE; -+ } -+ -+ /* Timeouts setup */ -+ if (ldap=5Fset=5Foption(ldap->ld, LDAP=5FOPT=5FNETWORK=5FTIMEOUT,= &ldap->b=5Ftimeout) !=3D LDAP=5FSUCCESS) { -+ ldap=5Fperror(ldap->ld, "ldap=5Fset=5Foption(LDAP=5FOPT=5FNET= WORK=5FTIMEOUT)"); -+ } -+ if (ldap=5Fset=5Foption(ldap->ld, LDAP=5FOPT=5FTIMEOUT, &ldap->s=5F= timeout) !=3D LDAP=5FSUCCESS) { -+ ldap=5Fperror(ldap->ld, "ldap=5Fset=5Foption(LDAP=5FOPT=5FTIM= EOUT)"); -+ } -+ -+ /* TLS support */ -+ if ( (ldap->tls =3D=3D -1) || (ldap->tls =3D=3D 1) ) { -+ if (ldap=5Fstart=5Ftls=5Fs(ldap->ld, NULL, NULL ) !=3D LDAP=5F= SUCCESS) { -+ /* failed then reinit the initial connect */ -+ ldap=5Fperror(ldap->ld, "ldap=5Fconnect: (TLS) ldap=5Fsta= rt=5Ftls()"); -+ if (ldap->tls =3D=3D 1) -+ return FAILURE; -+ -+ ldap->ld =3D ldap=5Finit(ldap->servers, LDAP=5FPORT); -+ if (!ldap->ld) {=20 -+ ldap=5Fperror(ldap->ld, "ldap=5Finit()"); -+ return FAILURE; -+ } -+ -+ if ( ldap=5Fset=5Foption(ldap->ld, LDAP=5FOPT=5FPROTOCOL=5F= VERSION, &version) !=3D LDAP=5FOPT=5FSUCCESS) { -+ ldap=5Fperror(ldap->ld, "ldap=5Fset=5Foption()"); -+ return FAILURE; -+ } -+ } -+ } -+ -+ -+ if ( ldap=5Fsimple=5Fbind=5Fs(ldap->ld, ldap->binddn, ldap->bindp= w) !=3D LDAP=5FSUCCESS) { -+ ldap=5Fperror(ldap->ld, "ldap=5Fsimple=5Fbind=5Fs()"); -+ return FAILURE; -+ } -+ -+ /* says it is connected */ -+ FLAG=5FSET=5FCONNECTED(ldap->flags); -+ -+ return SUCCESS; -+} -+ -+/* must free allocated ressource */ -+static char * ldap=5Fbuild=5Fhost(char *host, int port) { -+ unsigned int size =3D strlen(host)+11; -+ char * h =3D (char *) calloc (size, sizeof(char)); -+ int rc; -+ if (!h) -+ return NULL; -+ -+ rc =3D snprintf(h, size, "%s:%d ", host, port); -+ if (rc =3D=3D -1) -+ return NULL; -+ return h; -+} -+ -+static int ldap=5Fcount=5Fgroup(const char * input) { -+ const char * charset =3D " \t"; -+ const char * ptr =3D input; -+ unsigned int count =3D 0; -+ unsigned int num; -+ -+ num =3D strspn(ptr, charset); -+ ptr +=3D num; -+ -+ while ((num =3D strcspn(ptr, charset))) { -+ count++; -+ ptr +=3D num; -+ ptr++; -+ } -+ -+ return count; -+} -+ -+/* format filter */ -+char * ldap=5Fparse=5Fgroups(const char * groups) { -+ unsigned int buffer=5Fsize =3D FILTER=5FGROUP=5FSIZE(groups); -+ char * buffer =3D (char *) calloc(buffer=5Fsize, sizeof(char)); -+ char * g =3D NULL; -+ char * garray[32]; -+ unsigned int i =3D 0; -+ -+ if ((!groups)||(!buffer)) -+ return NULL; -+ -+ g =3D strdup(groups); -+ if (!g) { -+ free(buffer); -+ return NULL; -+ } -+ -+ /* first separate into n tokens */ -+ if ( tokenize(garray, sizeof(garray)/sizeof(*garray), g) < 0) { -+ free(g); -+ free(buffer); -+ return NULL; -+ } -+ -+ /* build the final filter format */ -+ strlcat(buffer, FILTER=5FGROUP=5FPREFIX, buffer=5Fsize); -+ strlcat(buffer, FILTER=5FOR=5FPREFIX, buffer=5Fsize); -+ i =3D 0; -+ while (garray[i]) { -+ strlcat(buffer, FILTER=5FCN=5FPREFIX, buffer=5Fsize); -+ strlcat(buffer, garray[i], buffer=5Fsize); -+ strlcat(buffer, FILTER=5FCN=5FSUFFIX, buffer=5Fsize); -+ i++; -+ } -+ strlcat(buffer, FILTER=5FOR=5FSUFFIX, buffer=5Fsize); -+ strlcat(buffer, FILTER=5FUID=5FFORMAT, buffer=5Fsize); -+ strlcat(buffer, FILTER=5FGROUP=5FSUFFIX, buffer=5Fsize); -+ -+ free(g); -+ return buffer; -+} -+ -+/* a bit dirty but leak free */ -+char * ldap=5Fparse=5Fservers(const char * servers) { -+ char * s =3D NULL; -+ char * tmp =3D NULL, *urls[32]; -+ unsigned int num =3D 0 , i =3D 0 , asize =3D 0; -+ LDAPURLDesc *urld[32]; -+ -+ if (!servers) -+ return NULL; -+ -+ /* local copy of the arg */ -+ s =3D strdup(servers); -+ if (!s) -+ return NULL; -+ -+ /* first separate into URL tokens */ -+ if ( tokenize(urls, sizeof(urls)/sizeof(*urls), s) < 0) -+ return NULL; -+ -+ i =3D 0; -+ while (urls[i]) { -+ if (! ldap=5Fis=5Fldap=5Furl(urls[i]) || -+ (ldap=5Furl=5Fparse(urls[i], &urld[i]) !=3D 0)) { -+ return NULL; -+ } -+ i++; -+ } -+ -+ /* now free(s) */ -+ free (s); -+ -+ /* how much memory do we need */ -+ num =3D i; -+ for (i =3D 0 ; i < num ; i++) -+ asize +=3D strlen(urld[i]->lud=5Fhost)+11; -+ -+ /* alloc */ -+ s =3D (char *) calloc( asize+1 , sizeof(char)); -+ if (!s) { -+ for (i =3D 0 ; i < num ; i++) -+ ldap=5Ffree=5Furldesc(urld[i]); -+ return NULL; -+ } -+ -+ /* then build the final host string */ -+ for (i =3D 0 ; i < num ; i++) { -+ /* built host part */ -+ tmp =3D ldap=5Fbuild=5Fhost(urld[i]->lud=5Fhost, urld[i]->lud= =5Fport); -+ strncat(s, tmp, strlen(tmp)); -+ ldap=5Ffree=5Furldesc(urld[i]); -+ free(tmp); -+ } -+ -+ return s; -+} -+ -+void ldap=5Foptions=5Fprint(ldap=5Fopt=5Ft * ldap) { -+ debug("ldap options:"); -+ debug("servers: %s", ldap->servers); -+ if (ldap->u=5Fbasedn) -+ debug("user basedn: %s", ldap->u=5Fbasedn); -+ if (ldap->g=5Fbasedn) -+ debug("group basedn: %s", ldap->g=5Fbasedn); -+ if (ldap->binddn) -+ debug("binddn: %s", ldap->binddn); -+ if (ldap->bindpw) -+ debug("bindpw: %s", ldap->bindpw); -+ if (ldap->sgroup) -+ debug("group: %s", ldap->sgroup); -+ if (ldap->filter) -+ debug("filter: %s", ldap->filter); -+} -+ -+void ldap=5Foptions=5Ffree(ldap=5Fopt=5Ft * l) { -+ if (!l) -+ return; -+ if (l->servers) -+ free(l->servers); -+ if (l->u=5Fbasedn) -+ free(l->u=5Fbasedn); -+ if (l->g=5Fbasedn) -+ free(l->g=5Fbasedn); -+ if (l->binddn) -+ free(l->binddn); -+ if (l->bindpw) -+ free(l->bindpw); -+ if (l->sgroup) -+ free(l->sgroup); -+ if (l->fgroup) -+ free(l->fgroup); -+ if (l->filter) -+ free(l->filter); -+ if (l->l=5Fconf) -+ free(l->l=5Fconf); -+ free(l); -+} -+ -+/* free keys */ -+void ldap=5Fkeys=5Ffree(ldap=5Fkey=5Ft * k) { -+ ldap=5Fvalue=5Ffree=5Flen(k->keys); -+ free(k); -+ return; -+} -+ -+ldap=5Fkey=5Ft * ldap=5Fgetuserkey(ldap=5Fopt=5Ft *l, const char * us= er) { -+ ldap=5Fkey=5Ft * k =3D (ldap=5Fkey=5Ft *) calloc (1, sizeof(ldap=5F= key=5Ft)); -+ LDAPMessage *res, *e; -+ char * filter; -+ int i; -+ -+ if ((!k) || (!l)) -+ return NULL; -+ -+ /* Am i still connected =3F RETRY n times */ -+ /* XXX TODO: setup some conf value for retrying */ -+ if (!(l->flags & FLAG=5FCONNECTED)) -+ for (i =3D 0 ; i < 2 ; i++) -+ if (ldap=5Fconnect(l) =3D=3D 0) -+ break; -+ -+ /* quick check for attempts to be evil */ -+ if ((strchr(user, '(') !=3D NULL) || (strchr(user, ')') !=3D NULL= ) || -+ (strchr(user, '*') !=3D NULL) || (strchr(user, '\\') !=3D NUL= L)) -+ return NULL; -+ -+ /* build filter for LDAP request */ -+ REQUEST=5FUSER(filter, user, l->filter); -+ -+ if ( ldap=5Fsearch=5Fst( l->ld, -+ l->u=5Fbasedn, -+ LDAP=5FSCOPE=5FSUBTREE, -+ filter, -+ attrs, 0, &l->s=5Ftimeout, &res ) !=3D LDAP=5FSUCCESS) { -+ =20 -+ ldap=5Fperror(l->ld, "ldap=5Fsearch=5Fst()"); -+ -+ free(filter); -+ free(k); -+ -+ /* XXX error on search, timeout etc.. close ask for reconnect= */ -+ ldap=5Fclose(l); -+ -+ return NULL; -+ }=20 -+ -+ /* free */ -+ free(filter); -+ -+ /* check if any results */ -+ i =3D ldap=5Fcount=5Fentries(l->ld,res); -+ if (i <=3D 0) { -+ ldap=5Fmsgfree(res); -+ free(k); -+ return NULL; -+ } -+ -+ if (i > 1) -+ debug("[LDAP] duplicate entries, using the FIRST entry return= ed"); -+ -+ e =3D ldap=5Ffirst=5Fentry(l->ld, res); -+ k->keys =3D ldap=5Fget=5Fvalues=5Flen(l->ld, e, PUBKEYATTR); -+ k->num =3D ldap=5Fcount=5Fvalues=5Flen(k->keys); -+ -+ ldap=5Fmsgfree(res); -+ return k; -+} -+ -+ -+/* -1 if trouble -+ 0 if user is NOT member of current server group -+ 1 if user IS MEMBER of current server group=20 -+ */ -+int ldap=5Fismember(ldap=5Fopt=5Ft * l, const char * user) { -+ LDAPMessage *res; -+ char * filter; -+ int i; -+ -+ if ((!l->sgroup) || !(l->g=5Fbasedn)) -+ return 1; -+ -+ /* Am i still connected =3F RETRY n times */ -+ /* XXX TODO: setup some conf value for retrying */ -+ if (!(l->flags & FLAG=5FCONNECTED))=20 -+ for (i =3D 0 ; i < 2 ; i++) -+ if (ldap=5Fconnect(l) =3D=3D 0) -+ break; -+ -+ /* quick check for attempts to be evil */ -+ if ((strchr(user, '(') !=3D NULL) || (strchr(user, ')') !=3D NULL= ) || -+ (strchr(user, '*') !=3D NULL) || (strchr(user, '\\') !=3D NUL= L)) -+ return FAILURE; -+ -+ /* build filter for LDAP request */ -+ REQUEST=5FGROUP(filter, l->fgroup, user); -+ -+ if (ldap=5Fsearch=5Fst( l->ld,=20 -+ l->g=5Fbasedn, -+ LDAP=5FSCOPE=5FSUBTREE, -+ filter, -+ NULL, 0, &l->s=5Ftimeout, &res) !=3D LDAP=5FSUCCESS) { -+ =20 -+ ldap=5Fperror(l->ld, "ldap=5Fsearch=5Fst()"); -+ -+ free(filter); -+ -+ /* XXX error on search, timeout etc.. close ask for reconnect= */ -+ ldap=5Fclose(l); -+ -+ return FAILURE; -+ } -+ -+ free(filter); -+ -+ /* check if any results */ -+ if (ldap=5Fcount=5Fentries(l->ld, res) > 0) { -+ ldap=5Fmsgfree(res); -+ return 1; -+ } -+ -+ ldap=5Fmsgfree(res); -+ return 0; -+} -+ -+/* -+ * ldap.conf simple parser -+ * XXX TODO: sanity checks -+ * must either -+ * - free the previous ldap=5Fopt=5Fbefore replacing entries -+ * - free each necessary previously parsed elements -+ * ret: -+ * -1 on FAILURE, 0 on SUCCESS -+ */ -+int ldap=5Fparse=5Flconf(ldap=5Fopt=5Ft * l) { -+ FILE * lcd; /* ldap.conf descriptor */ -+ char buf[BUFSIZ]; -+ char * s =3D NULL, * k =3D NULL, * v =3D NULL; -+ int li, len; -+ -+ lcd =3D fopen (l->l=5Fconf, "r"); -+ if (lcd =3D=3D NULL) { -+ /* debug("Cannot open %s", l->l=5Fconf); */ -+ perror("ldap=5Fparse=5Flconf()"); -+ return FAILURE; -+ } -+ =20 -+ while (fgets (buf, sizeof (buf), lcd) !=3D NULL) { -+ -+ if (*buf =3D=3D '\n' || *buf =3D=3D '#') -+ continue; -+ -+ k =3D buf; -+ v =3D k; -+ while (*v !=3D '\0' && *v !=3D ' ' && *v !=3D '\t') -+ v++; -+ -+ if (*v =3D=3D '\0') -+ continue; -+ -+ *(v++) =3D '\0'; -+ -+ while (*v =3D=3D ' ' || *v =3D=3D '\t') -+ v++; -+ -+ li =3D strlen (v) - 1; -+ while (v[li] =3D=3D ' ' || v[li] =3D=3D '\t' || v[li] =3D=3D = '\n') -+ --li; -+ v[li + 1] =3D '\0'; -+ -+ if (!strcasecmp (k, "uri")) { -+ if ((l->servers =3D ldap=5Fparse=5Fservers(v)) =3D=3D NUL= L) { -+ fatal("error in ldap servers"); -+ return FAILURE; -+ } -+ -+ } -+ else if (!strcasecmp (k, "base")) {=20 -+ s =3D strchr (v, '=3F'); -+ if (s !=3D NULL) { -+ len =3D s - v; -+ l->u=5Fbasedn =3D malloc (len + 1); -+ strncpy (l->u=5Fbasedn, v, len); -+ l->u=5Fbasedn[len] =3D '\0'; -+ } else { -+ l->u=5Fbasedn =3D strdup (v); -+ } -+ } -+ else if (!strcasecmp (k, "binddn")) { -+ l->binddn =3D strdup (v); -+ } -+ else if (!strcasecmp (k, "bindpw")) { -+ l->bindpw =3D strdup (v); -+ } -+ else if (!strcasecmp (k, "timelimit")) { -+ l->s=5Ftimeout.tv=5Fsec =3D atoi (v); -+ } -+ else if (!strcasecmp (k, "bind=5Ftimelimit")) { -+ l->b=5Ftimeout.tv=5Fsec =3D atoi (v); -+ } -+ else if (!strcasecmp (k, "ssl")) { -+ if (!strcasecmp (v, "start=5Ftls")) -+ l->tls =3D 1; -+ } -+ } -+ -+ fclose (lcd); -+ return SUCCESS; -+} -+ -+#endif /* WITH=5FLDAP=5FPUBKEY */ -diff -Nuar --exclude '*.orig' --exclude '*.rej' ldapauth.h ldapauth.h ---- ldapauth.h=091969-12-31 16:00:00.000000000 -0800 -+++ ldapauth.h=092008-08-23 15:02:47.000000000 -0700 -@@ -0,0 +1,124 @@ -+/* -+ * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau E= xp $=20 -+ */ -+ -+/* -+ * -+ * Copyright (c) 2005, Eric AUGE -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without= modification, are permitted provided that the following conditions are= met: -+ * -+ * Redistributions of source code must retain the above copyright not= ice, this list of conditions and the following disclaimer. -+ * Redistributions in binary form must reproduce the above copyright = notice, this list of conditions and the following disclaimer in the doc= umentation and/or other materials provided with the distribution. -+ * Neither the name of the phear.org nor the names of its contributor= s may be used to endorse or promote products derived from this software= without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTOR= S "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,=20 -+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND = FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.=20 -+ * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FO= R ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,=20 -+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREME= NT OF SUBSTITUTE GOODS OR SERVICES;=20 -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER C= AUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI= LITY,=20 -+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT= OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUC= H DAMAGE. -+ * -+ * -+ */ -+ -+#ifndef LDAPAUTH=5FH -+#define LDAPAUTH=5FH -+ -+#define LDAP=5FDEPRECATED 1 -+ -+#include -+#include -+#include -+#include -+ -+/* tokens in use for config */ -+#define =5FDEFAULT=5FLPK=5FTOKEN "UseLPK" -+#define =5FDEFAULT=5FSRV=5FTOKEN "LpkServers" -+#define =5FDEFAULT=5FUSR=5FTOKEN "LpkUserDN" -+#define =5FDEFAULT=5FGRP=5FTOKEN "LpkGroupDN" -+#define =5FDEFAULT=5FBDN=5FTOKEN "LpkBindDN" -+#define =5FDEFAULT=5FBPW=5FTOKEN "LpkBindPw" -+#define =5FDEFAULT=5FMYG=5FTOKEN "LpkServerGroup" -+#define =5FDEFAULT=5FFIL=5FTOKEN "LpkFilter" -+#define =5FDEFAULT=5FTLS=5FTOKEN "LpkForceTLS" -+#define =5FDEFAULT=5FBTI=5FTOKEN "LpkBindTimelimit" -+#define =5FDEFAULT=5FSTI=5FTOKEN "LpkSearchTimelimit" -+#define =5FDEFAULT=5FLDP=5FTOKEN "LpkLdapConf" -+ -+/* default options */ -+#define =5FDEFAULT=5FLPK=5FON 0 -+#define =5FDEFAULT=5FLPK=5FSERVERS NULL -+#define =5FDEFAULT=5FLPK=5FUDN NULL -+#define =5FDEFAULT=5FLPK=5FGDN NULL -+#define =5FDEFAULT=5FLPK=5FBINDDN NULL -+#define =5FDEFAULT=5FLPK=5FBINDPW NULL -+#define =5FDEFAULT=5FLPK=5FSGROUP NULL -+#define =5FDEFAULT=5FLPK=5FFILTER NULL -+#define =5FDEFAULT=5FLPK=5FTLS -1 -+#define =5FDEFAULT=5FLPK=5FBTIMEOUT 10 -+#define =5FDEFAULT=5FLPK=5FSTIMEOUT 10 -+#define =5FDEFAULT=5FLPK=5FLDP NULL -+ -+/* flags */ -+#define FLAG=5FEMPTY=09 0x00000000 -+#define FLAG=5FCONNECTED=09 0x00000001 -+ -+/* flag macros */ -+#define FLAG=5FSET=5FEMPTY(x)=09=09x&=3D(FLAG=5FEMPTY) -+#define FLAG=5FSET=5FCONNECTED(x)=09=09x|=3D(FLAG=5FCONNECTED) -+#define FLAG=5FSET=5FDISCONNECTED(x)=09x&=3D~(FLAG=5FCONNECTED) -+ -+/* defines */ -+#define FAILURE -1 -+#define SUCCESS 0 -+#define PUBKEYATTR "sshPublicKey" -+ -+/*=20 -+ * -+ * defined files path=20 -+ * (should be relocated to pathnames.h, -+ * if one day it's included within the tree)=20 -+ * -+ */ -+#define =5FPATH=5FLDAP=5FCONFIG=5FFILE "/etc/ldap.conf" -+ -+/* structures */ -+typedef struct ldap=5Foptions { -+ int on;=09=09=09/* Use it or NOT */ -+ LDAP * ld;=09=09=09/* LDAP file desc */ -+ char * servers;=09=09/* parsed servers for ldaplib failover handl= ing */ -+ char * u=5Fbasedn;=09=09/* user basedn */ -+ char * g=5Fbasedn;=09=09/* group basedn */ -+ char * binddn;=09=09/* binddn */ -+ char * bindpw;=09=09/* bind password */ -+ char * sgroup;=09=09/* server group */ -+ char * fgroup;=09=09/* group filter */ -+ char * filter;=09=09/* additional filter */ -+ char * l=5Fconf;=09=09/* use ldap.conf */ -+ int tls;=09=09=09/* TLS only */ -+ struct timeval b=5Ftimeout; /* bind timeout */ -+ struct timeval s=5Ftimeout; /* search timeout */ -+ unsigned int flags;=09=09/* misc flags (reconnection, future use=3F= ) */ -+} ldap=5Fopt=5Ft; -+ -+typedef struct ldap=5Fkeys { -+ struct berval ** keys;=09/* the public keys retrieved */ -+ unsigned int num;=09=09/* number of keys */ -+} ldap=5Fkey=5Ft; -+ -+ -+/* function headers */ -+void ldap=5Fclose(ldap=5Fopt=5Ft *); -+int ldap=5Fconnect(ldap=5Fopt=5Ft *); -+char * ldap=5Fparse=5Fgroups(const char *); -+char * ldap=5Fparse=5Fservers(const char *); -+void ldap=5Foptions=5Fprint(ldap=5Fopt=5Ft *); -+void ldap=5Foptions=5Ffree(ldap=5Fopt=5Ft *); -+void ldap=5Fkeys=5Ffree(ldap=5Fkey=5Ft *); -+int ldap=5Fparse=5Flconf(ldap=5Fopt=5Ft *); -+ldap=5Fkey=5Ft * ldap=5Fgetuserkey(ldap=5Fopt=5Ft *, const char *); -+int ldap=5Fismember(ldap=5Fopt=5Ft *, const char *); -+ -+#endif -diff -Nuar --exclude '*.orig' --exclude '*.rej' lpk-user-example.txt l= pk-user-example.txt ---- lpk-user-example.txt=091969-12-31 16:00:00.000000000 -0800 -+++ lpk-user-example.txt=092008-08-23 15:02:47.000000000 -0700 -@@ -0,0 +1,117 @@ -+ -+Post to ML -> User Made Quick Install Doc. -+Contribution from John Lane -+ -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++ -+ -+OpenSSH LDAP keystore Patch -+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D -+ -+NOTE: these notes are a transcript of a specific installation -+ they work for me, your specifics may be different! -+ from John Lane March 17th 2005 john@lane.uk.net -+ -+This is a patch to OpenSSH 4.0p1 to allow it to obtain users' public = keys -+from their LDAP record as an alternative to ~/.ssh/authorized=5Fkeys.= -+ -+(Assuming here that necessary build stuff is in $BUILD) -+ -+cd $BUILD/openssh-4.0p1 -+patch -Np1 -i $BUILD/openssh-lpk-4.0p1-0.3.patch -+mkdir -p /var/empty && -+./configure --prefix=3D/usr --sysconfdir=3D/etc/ssh \ -+ --libexecdir=3D/usr/sbin --with-md5-passwords --with-pam \ -+ --with-libs=3D"-lldap" --with-cppflags=3D"-DWITH=5FLDAP=5FPUBKEY"= -+Now do. -+make && -+make install -+ -+Add the following config to /etc/ssh/ssh=5Fconfig -+UseLPK yes -+LpkServers ldap://myhost.mydomain.com -+LpkUserDN ou=3DPeople,dc=3Dmydomain,dc=3Dcom -+ -+We need to tell sshd about the SSL keys during boot, as root's -+environment does not exist at that time. Edit /etc/rc.d/init.d/sshd. -+Change the startup code from this: -+ echo "Starting SSH Server..." -+ loadproc /usr/sbin/sshd -+ ;; -+to this: -+ echo "Starting SSH Server..." -+ LDAPRC=3D"/root/.ldaprc" loadproc /usr/sbin/sshd -+ ;; -+ -+Re-start the sshd daemon: -+/etc/rc.d/init.d/sshd restart -+ -+Install the additional LDAP schema -+cp $BUILD/openssh-lpk-0.2.schema /etc/openldap/schema/openssh.schema= -+ -+Now add the openSSH LDAP schema to /etc/openldap/slapd.conf: -+Add the following to the end of the existing block of schema includes= -+include /etc/openldap/schema/openssh.schema -+ -+Re-start the LDAP server: -+/etc/rc.d/init.d/slapd restart -+ -+To add one or more public keys to a user, eg "testuser" : -+ldapsearch -x -W -Z -LLL -b "uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain= ,dc=3Dcom" -D -+"uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3Dcom" > /tmp/testuser -+ -+append the following to this /tmp/testuser file -+objectclass: ldapPublicKey -+sshPublicKey: ssh-rsa -+AAAAB3NzaC1yc2EAAAABJQAAAIB3dsrwqXqD7E4zYYrxwdDKBUQxKMioXy9pxFVai64kA= PxjU9KS -+qIo7QfkjslfsjflksjfldfkjsldfjLX/5zkzRmT28I5piGzunPv17S89z8XwSsuAoR1t8= 6t+5dlI -+7eZE/gVbn2UQkQq7+kdDTS2yXV6VnC52N/kKLG3ciBkBAw=3D=3D General Purpose = RSA Key -+ -+Then do a modify: -+ldapmodify -x -D "uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3Dcom" = -W -f -+/tmp/testuser -Z -+Enter LDAP Password: -+modifying entry "uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3Dcom" -+And check the modify is ok: -+ldapsearch -x -W -Z -b "uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3D= com" -D -+"uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3Dcom" -+Enter LDAP Password: -+# extended LDIF -+# -+# LDAPv3 -+# base with scope= sub -+# filter: (objectclass=3D*) -+# requesting: ALL -+# -+ -+# testuser, People, mydomain.com -+dn: uid=3Dtestuser,ou=3DPeople,dc=3Dmydomain,dc=3Dcom -+uid: testuser -+cn: testuser -+objectClass: account -+objectClass: posixAccount -+objectClass: top -+objectClass: shadowAccount -+objectClass: ldapPublicKey -+shadowLastChange: 12757 -+shadowMax: 99999 -+shadowWarning: 7 -+loginShell: /bin/bash -+uidNumber: 9999 -+gidNumber: 501 -+homeDirectory: /home/testuser -+userPassword:: e1NTSEF9UDgwV1hnM1VjUDRJK0k1YnFiL1d4ZUJObXlZZ3Z3UTU=3D= -+sshPublicKey: ssh-rsa -+AAAAB3NzaC1yc2EAAAABJQAAAIB3dsrwqXqD7E4zYYrxwdDKBUQxKMioXy9pxFVai64kA= PxjU9KSqIo7QfkjslfsjflksjfldfkjsldfjLX/5zkzRmT28I5piGzunPv17S89z -+8XwSsuAoR1t86t+5dlI7eZE/gVbn2UQkQq7+kdDTS2yXV6VnC52N/kKLG3ciBkBAw=3D=3D= General Purpose RSA Key -+ -+# search result -+search: 3 -+result: 0 Success -+ -+# numResponses: 2 -+# numEntries: 1 -+ -+Now start a ssh session to user "testuser" from usual ssh client (e.g= =2E -+puTTY). Login should succeed. -+ -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++ -diff -Nuar --exclude '*.orig' --exclude '*.rej' Makefile.in Makefile.i= n ---- Makefile.in=092008-07-08 07:21:12.000000000 -0700 -+++ Makefile.in=092008-08-23 15:02:47.000000000 -0700 -@@ -86,7 +86,7 @@ - =09auth-krb5.o \ - =09auth2-gss.o gss-serv.o gss-serv-krb5.o \ - =09loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ --=09audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o -+=09audit.o audit-bsm.o platform.o ldapauth.o sftp-server.o sftp-commo= n.o -=20 - MANPAGES=09=3D moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out s= sh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.ou= t sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd=5Fconfig.5.ou= t ssh=5Fconfig.5.out - MANPAGES=5FIN=09=3D moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1= ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-= keysign.8 sshd=5Fconfig.5 ssh=5Fconfig.5 -diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-lpk=5Fopenldap= .schema openssh-lpk=5Fopenldap.schema ---- openssh-lpk=5Fopenldap.schema=091969-12-31 16:00:00.000000000 -080= 0 -+++ openssh-lpk=5Fopenldap.schema=092008-08-23 15:02:47.000000000 -070= 0 -@@ -0,0 +1,19 @@ -+# -+# LDAP Public Key Patch schema for use with openssh-ldappubkey -+# Author: Eric AUGE -+#=20 -+# Based on the proposal of : Mark Ruijter -+# -+ -+ -+# octetString SYNTAX -+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'=20= -+=09DESC 'MANDATORY: OpenSSH Public key'=20 -+=09EQUALITY octetStringMatch -+=09SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -+ -+# printableString SYNTAX yes|no -+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP = top AUXILIARY -+=09DESC 'MANDATORY: OpenSSH LPK objectclass' -+=09MUST ( sshPublicKey $ uid )=20 -+=09) -diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-lpk=5Fsun.sche= ma openssh-lpk=5Fsun.schema ---- openssh-lpk=5Fsun.schema=091969-12-31 16:00:00.000000000 -0800 -+++ openssh-lpk=5Fsun.schema=092008-08-23 15:02:47.000000000 -0700 -@@ -0,0 +1,21 @@ -+# -+# LDAP Public Key Patch schema for use with openssh-ldappubkey -+# Author: Eric AUGE -+#=20 -+# Schema for Sun Directory Server. -+# Based on the original schema, modified by Stefan Fischer. -+# -+ -+dn: cn=3Dschema -+ -+# octetString SYNTAX -+attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'=20= -+=09DESC 'MANDATORY: OpenSSH Public key'=20 -+=09EQUALITY octetStringMatch -+=09SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -+ -+# printableString SYNTAX yes|no -+objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' S= UP top AUXILIARY -+=09DESC 'MANDATORY: OpenSSH LPK objectclass' -+=09MUST ( sshPublicKey $ uid )=20 -+=09) -diff -Nuar --exclude '*.orig' --exclude '*.rej' README.lpk README.lpk ---- README.lpk=091969-12-31 16:00:00.000000000 -0800 -+++ README.lpk=092008-08-23 15:02:47.000000000 -0700 -@@ -0,0 +1,267 @@ -+OpenSSH LDAP PUBLIC KEY PATCH=20 -+Copyright (c) 2003 Eric AUGE (eau@phear.org) -+All rights reserved. -+ -+Redistribution and use in source and binary forms, with or without -+modification, are permitted provided that the following conditions -+are met: -+1. Redistributions of source code must retain the above copyright -+ notice, this list of conditions and the following disclaimer. -+2. Redistributions in binary form must reproduce the above copyright -+ notice, this list of conditions and the following disclaimer in th= e -+ documentation and/or other materials provided with the distributio= n. -+3. The name of the author may not be used to endorse or promote produ= cts -+ derived from this software without specific prior written permissi= on. -+ -+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRAN= TIES -+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIME= D. -+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, = BUT -+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF = USE, -+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY= -+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE= OF -+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ -+purposes of this patch: -+ -+This patch would help to have authentication centralization policy -+using ssh public key authentication. -+This patch could be an alternative to other "secure" authentication s= ystem -+working in a similar way (Kerberos, SecurID, etc...), except the fact= =20 -+that it's based on OpenSSH and its public key abilities. -+ -+>> FYI: << -+'uid': means unix accounts existing on the current server -+'lpkServerGroup:' mean server group configured on the current server = ('lpkServerGroup' in sshd=5Fconfig) -+ -+example schema: -+ -+ -+ server1 (uid: eau,rival,toto) (lpkS= erverGroup: unix) -+ =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F / -+ / \ --- - server3 (uid: eau, titi) (lpkServe= rGroup: unix) -+ | LDAP Server | \ -+=09 | eau ,rival | server2 (uid: rival, eau) (lpkServerGrou= p: unix) -+=09 | titi ,toto | -+=09 | userx,.... | server5 (uid: eau) (lpkServerGroup:= mail) -+ \=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F/ \ / -+=09 ----- - server4 (uid: eau, rival) (no grou= p configured) -+=09=09=09 \ -+=09=09=09=09 etc... -+ -+- WHAT WE NEED : -+ -+ * configured LDAP server somewhere on the network (i.e. OpenLDAP) -+ * patched sshd (with this patch ;) -+ * LDAP user(/group) entry (look at users.ldif (& groups.ldif)): -+ User entry: -+=09- attached to the 'ldapPublicKey' objectclass -+=09- attached to the 'posixAccount' objectclass -+=09- with a filled 'sshPublicKey' attribute=20 -+=09Example: -+=09=09dn: uid=3Deau,ou=3Dusers,dc=3Dcuckoos,dc=3Dnet -+=09=09objectclass: top -+=09=09objectclass: person -+=09=09objectclass: organizationalPerson -+=09=09objectclass: posixAccount -+=09=09objectclass: ldapPublicKey -+=09=09description: Eric AUGE Account -+=09=09userPassword: blah -+=09=09cn: Eric AUGE -+=09=09sn: Eric AUGE -+=09=09uid: eau -+=09=09uidNumber: 1034 -+=09=09gidNumber: 1 -+=09=09homeDirectory: /export/home/eau -+=09=09sshPublicKey: ssh-dss AAAAB3... -+=09=09sshPublicKey: ssh-dss AAAAM5... -+ -+=09Group entry: -+=09- attached to the 'posixGroup' objectclass -+=09- with a 'cn' groupname attribute -+=09- with multiple 'memberUid' attributes filled with usernames allow= ed in this group -+=09Example: -+=09=09# few members -+=09=09dn: cn=3Dunix,ou=3Dgroups,dc=3Dcuckoos,dc=3Dnet -+=09=09objectclass: top -+=09=09objectclass: posixGroup -+=09=09description: Unix based servers group -+=09=09cn: unix -+=09=09gidNumber: 1002 -+=09=09memberUid: eau -+=09=09memberUid: user1 -+=09=09memberUid: user2 -+ -+ -+- HOW IT WORKS : -+ -+ * without patch -+ If a user wants to authenticate to log in a server the sshd, will f= irst look for authentication method allowed (RSAauth,kerberos,etc..) -+ and if RSAauth and tickets based auth fails, it will fallback to st= andard password authentication (if enabled). -+ -+ * with the patch -+ If a user want to authenticate to log in a server, the sshd will fi= rst look for auth method including LDAP pubkey, if the ldappubkey optio= ns is enabled. -+ It will do an ldapsearch to get the public key directly from the LD= AP instead of reading it from the server filesystem.=20 -+ (usually in $HOME/.ssh/authorized=5Fkeys) -+ -+ If groups are enabled, it will also check if the user that wants to= login is in the group of the server he is trying to log into. -+ If it fails, it falls back on RSA auth files ($HOME/.ssh/authorized= =5Fkeys), etc.. and finally to standard password authentication (if ena= bled). -+ -+ 7 tokens are added to sshd=5Fconfig : -+ # here is the new patched ldap related tokens -+ # entries in your LDAP must be posixAccount & strongAuthenticationU= ser & posixGroup -+ UseLPK yes=09=09=09=09=09=09=09=09# look the pub key into LDAP -+ LpkServers ldap://10.31.32.5/ ldap://10.31.32.4 ldap://10.31.32.3=09= # which LDAP server for users =3F (URL format) -+ LpkUserDN ou=3Dusers,dc=3Dfoobar,dc=3Dnet=09=09=09=09=09# which ba= se DN for users =3F -+ LpkGroupDN ou=3Dgroups,dc=3Dfoobar,dc=3Dnet=09=09=09=09=09# which b= ase DN for groups =3F=20 -+ LpkBindDN cn=3Dmanager,dc=3Dfoobar,dc=3Dnet=09=09=09=09=09# which b= ind DN =3F -+ LpkBindPw asecret=09=09=09=09=09=09=09# bind DN credidentials -+ LpkServerGroup agroupname=09=09=09=09=09=09# the group the server i= s part of -+ -+ Right now i'm using anonymous binding to get public keys, because g= etting public keys of someone doesn't impersonate him=B8 but there is s= ome -+ flaws you have to take care of. -+ -+- HOW TO INSERT A USER/KEY INTO AN LDAP ENTRY -+ -+ * my way (there is plenty :) -+ - create ldif file (i.e. users.ldif) -+ - cat ~/.ssh/id=5Fdsa.pub OR cat ~/.ssh/id=5Frsa.pub OR cat ~/.ssh/= identity.pub -+ - my way in 4 steps : -+ Example: -+ -+ # you add this to the user entry in the LDIF file : -+ [...] -+ objectclass: posixAccount -+ objectclass: ldapPublicKey -+ [...] -+ sshPubliKey: ssh-dss AAAABDh12DDUR2... -+ [...] -+ -+ # insert your entry and you're done :) -+ ldapadd -D balblabla -w bleh < file.ldif=20 -+ =20 -+ all standard options can be present in the 'sshPublicKey' attribute= =2E -+ -+- WHY : -+ -+ Simply because, i was looking for a way to centralize all sysadmins= authentication, easily, without completely using LDAP=20 -+ as authentication method (like pam=5Fldap etc..). =20 -+ =20 -+ After looking into Kerberos, SecurID, and other centralized secure = authentications systems, the use of RSA and LDAP to get=20 -+ public key for authentication allows us to control who has access t= o which server (the user needs an account and to be in 'strongAuthentic= ationUser' -+ objectclass within LDAP and part of the group the SSH server is in)= .=20 -+ -+ Passwords update are no longer a nightmare for a server farm (key p= air passphrase is stored on each user's box and private key is locally = encrypted using his passphrase=20 -+ so each user can change it as much as he wants).=20 -+ -+ Blocking a user account can be done directly from the LDAP (if sshd= is using RSAAuth + ldap only). -+ -+- RULES : =20 -+ Entry in the LDAP server must respect 'posixAccount' and 'ldapPubli= cKey' which are defined in core.schema.=20 -+ and the additionnal lpk.schema. -+ -+ This patch could allow a smooth transition between standard auth (/= etc/passwd) and complete LDAP based authentication=20 -+ (pamldap, nss=5Fldap, etc..). -+ -+ This can be an alternative to other (old=3F/expensive=3F) authentic= ation methods (Kerberos/SecurID/..). -+ =20 -+ Referring to schema at the beginning of this file if user 'eau' is = only in group 'unix' -+ 'eau' would ONLY access 'server1', 'server2', 'server3' AND 'server= 4' BUT NOT 'server5'. -+ If you then modify the LDAP 'mail' group entry to add 'memberUid: e= au' THEN user 'eau' would be able -+ to log in 'server5' (i hope you got the idea, my english is bad :).= -+ -+ Each server's sshd is patched and configured to ask the public key = and the group infos in the LDAP -+ server. -+ When you want to allow a new user to have access to the server parc= , you just add him an account on=20 -+ your servers, you add his public key into his entry on the LDAP ser= ver, it's done.=20 -+ -+ Because sshds are looking public keys into the LDAP directly instea= d of a file ($HOME/.ssh/authorized=5Fkeys). -+ -+ When the user needs to change his passphrase he can do it directly = from his workstation by changing=20 -+ his own key set lock passphrase, and all servers are automatically = aware. -+=20 -+ With a CAREFUL LDAP server configuration you could allow a user to = add/delete/modify his own entry himself -+ so he can add/modify/delete himself his public key when needed. -+ -+=AD FLAWS : -+ LDAP must be well configured, getting the public key of some user i= s not a problem, but if anonymous LDAP=20 -+ allow write to users dn, somebody could replace someuser's public k= ey by its own and impersonate some=20 -+ of your users in all your server farm be VERY CAREFUL. -+ =20 -+ MITM attack when sshd is requesting the public key, could lead to a= compromise of your servers allowing login=20 -+ as the impersonnated user. -+ -+ If LDAP server is down then, fallback on passwd auth. -+ =20 -+ the ldap code part has not been well audited yet. -+ -+- LDAP USER ENTRY EXAMPLES (LDIF Format, look in users.ldif) -+ --- CUT HERE --- -+ dn: uid=3Djdoe,ou=3Dusers,dc=3Dfoobar,dc=3Dnet -+ objectclass: top -+ objectclass: person -+ objectclass: organizationalPerson -+ objectclass: posixAccount -+ objectclass: ldapPublicKey -+ description: My account -+ cn: John Doe -+ sn: John Doe -+ uid: jdoe -+ uidNumber: 100 -+ gidNumber: 100 -+ homeDirectory: /home/jdoe -+ sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAOvL8pREUg9wSy/8+hQJ54Y= F3AXkB0OZrXB.... -+ [...] -+ --- CUT HERE --- -+ -+- LDAP GROUP ENTRY EXAMPLES (LDIF Format, look in groups.ldif) -+ --- CUT HERE --- -+ dn: cn=3Dunix,ou=3Dgroups,dc=3Dcuckoos,dc=3Dnet -+ objectclass: top -+ objectclass: posixGroup -+ description: Unix based servers group -+ cn: unix -+ gidNumber: 1002 -+ memberUid: jdoe -+ memberUid: user1 -+ memberUid: user2 -+ [...] -+ --- CUT HERE --- -+ -+>> FYI: <<=20 -+Multiple 'sshPublicKey' in a user entry are allowed, as well as multi= ple 'memberUid' attributes in a group entry -+ -+- COMPILING: -+ 1. Apply the patch -+ 2. ./configure --with-your-options --with-ldap=3D/prefix/to/ldap=5F= libs=5Fand=5Fincludes -+ 3. make -+ 4. it's done. -+ -+- BLA : -+ I hope this could help, and i hope to be clear enough,, or give ide= as. questions/comments/improvements are welcome. -+ =20 -+- TODO : -+ Redesign differently. -+ -+- DOCS/LINK : -+ http://pacsec.jp/core05/psj05-barisani-en.pdf -+ http://fritz.potsdam.edu/projects/openssh-lpk/ -+ http://fritz.potsdam.edu/projects/sshgate/ -+ http://dev.inversepath.com/trac/openssh-lpk -+ http://lam.sf.net/ ( http://lam.sourceforge.net/documentation/suppo= rtedSchemas.htm ) -+ -+- CONTRIBUTORS/IDEAS/GREETS : -+ - Falk Siemonsmeier. -+ - Jacob Rief. -+ - Michael Durchgraf. -+ - frederic peters. -+ - Finlay dobbie. -+ - Stefan Fisher. -+ - Robin H. Johnson. -+ - Adrian Bridgett. -+ -+- CONTACT : -+ - Eric AUGE -+ - Andrea Barisani - -diff -Nuar --exclude '*.orig' --exclude '*.rej' servconf.h servconf.h ---- servconf.h=092008-06-10 06:01:51.000000000 -0700 -+++ servconf.h=092008-08-23 15:02:47.000000000 -0700 -@@ -16,6 +16,10 @@ - #ifndef SERVCONF=5FH - #define SERVCONF=5FH -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+#include "ldapauth.h" -+#endif -+ - #define MAX=5FPORTS=09=09256=09/* Max # ports. */ -=20 - #define MAX=5FALLOW=5FUSERS=09=09256=09/* Max # users on allow list. = */ -@@ -145,6 +149,9 @@ - =09int=09use=5Fpam;=09=09/* Enable auth via PAM */ -=20 - =09int=09permit=5Ftun; -+#ifdef WITH=5FLDAP=5FPUBKEY -+ ldap=5Fopt=5Ft lpk; -+#endif -=20 - =09int=09num=5Fpermitted=5Fopens; -=20 -diff -Nuar --exclude '*.orig' --exclude '*.rej' sshd.c sshd.c ---- sshd.c=092008-07-11 00:36:49.000000000 -0700 -+++ sshd.c=092008-08-23 15:02:47.000000000 -0700 -@@ -127,6 +127,10 @@ - int deny=5Fseverity; - #endif /* LIBWRAP */ -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+#include "ldapauth.h" -+#endif -+ - #ifndef O=5FNOCTTY - #define O=5FNOCTTY=090 - #endif -@@ -1484,6 +1488,16 @@ - =09=09exit(1); - =09} -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+ /* ldap=5Foptions=5Fprint(&options.lpk); */ -+ /* XXX initialize/check ldap connection and set *LD */ -+ if (options.lpk.on) { -+ if (options.lpk.l=5Fconf && (ldap=5Fparse=5Flconf(&options.lp= k) < 0) ) -+ error("[LDAP] could not parse %s", options.lpk.l=5Fconf);= -+ if (ldap=5Fconnect(&options.lpk) < 0) -+ error("[LDAP] could not initialize ldap connection"); -+ } -+#endif - =09debug("sshd version %.100s", SSH=5FRELEASE); -=20 - =09/* Store privilege separation user for later use if required. */ -diff -Nuar --exclude '*.orig' --exclude '*.rej' sshd=5Fconfig sshd=5Fc= onfig ---- sshd=5Fconfig=092008-07-02 05:35:43.000000000 -0700 -+++ sshd=5Fconfig=092008-08-23 15:02:47.000000000 -0700 -@@ -109,6 +109,21 @@ - # no default banner path - #Banner none -=20 -+# here are the new patched ldap related tokens -+# entries in your LDAP must have posixAccount & ldapPublicKey objectc= lass -+#UseLPK yes -+#LpkLdapConf /etc/ldap.conf -+#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -+#LpkUserDN ou=3Dusers,dc=3Dphear,dc=3Dorg -+#LpkGroupDN ou=3Dgroups,dc=3Dphear,dc=3Dorg -+#LpkBindDN cn=3DManager,dc=3Dphear,dc=3Dorg -+#LpkBindPw secret -+#LpkServerGroup mail -+#LpkFilter (hostAccess=3Dmaster.phear.org) -+#LpkForceTLS no -+#LpkSearchTimelimit 3 -+#LpkBindTimelimit 3 -+ - # override default of no subsystems - Subsystem=09sftp=09/usr/libexec/sftp-server -=20 -diff -Nuar --exclude '*.orig' --exclude '*.rej' sshd=5Fconfig.5 sshd=5F= config.5 ---- sshd=5Fconfig.5=092008-07-02 05:35:43.000000000 -0700 -+++ sshd=5Fconfig.5=092008-08-23 15:02:47.000000000 -0700 -@@ -1003,6 +1003,62 @@ - program. - The default is - .Pa /usr/X11R6/bin/xauth . -+.It Cm UseLPK -+Specifies whether LDAP public key retrieval must be used or not. It a= llow -+an easy centralisation of public keys within an LDAP directory. The a= rgument must be -+.Dq yes -+or -+.Dq no . -+.It Cm LpkLdapConf -+Specifies whether LDAP Public keys should parse the specified ldap.co= nf file -+instead of sshd=5Fconfig Tokens. The argument must be a valid path to= an ldap.conf -+file like -+.Pa /etc/ldap.conf -+.It Cm LpkServers -+Specifies LDAP one or more [:space:] separated server's url the follo= wing form may be used: -+.Pp -+LpkServers ldaps://127.0.0.1 ldap://127.0.0.2 ldap://127.0.0.3 -+.It Cm LpkUserDN -+Specifies the LDAP user DN. -+.Pp -+LpkUserDN ou=3Dusers,dc=3Dphear,dc=3Dorg -+.It Cm LpkGroupDN -+Specifies the LDAP groups DN. -+.Pp -+LpkGroupDN ou=3Dgroups,dc=3Dphear,dc=3Dorg -+.It Cm LpkBindDN -+Specifies the LDAP bind DN to use if necessary. -+.Pp -+LpkBindDN cn=3DManager,dc=3Dphear,dc=3Dorg -+.It Cm LpkBindPw -+Specifies the LDAP bind credential.=20 -+.Pp -+LpkBindPw secret -+.It Cm LpkServerGroup -+Specifies one or more [:space:] separated group the server is part of= .=20 -+.Pp -+LpkServerGroup unix mail prod -+.It Cm LpkFilter -+Specifies an additional LDAP filter to use for finding SSH keys -+.Pp -+LpkFilter (hostAccess=3Dmaster.phear.org) -+.It Cm LpkForceTLS -+Specifies if the LDAP server connection must be tried, forced or not = used. The argument must be=20 -+.Dq yes -+or -+.Dq no -+or -+.Dq try . -+.It Cm LpkSearchTimelimit -+Sepcifies the search time limit before the search is considered over.= value is -+in seconds. -+.Pp -+LpkSearchTimelimit 3 -+.It Cm LpkBindTimelimit -+Sepcifies the bind time limit before the connection is considered dea= d. value is -+in seconds. -+.Pp -+LpkBindTimelimit 3 - .El - .Sh TIME FORMATS - .Xr sshd 8 Index: files/lpk+hpn-servconf.c.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/lpk+hpn-servconf.c.patch diff -N files/lpk+hpn-servconf.c.patch --- files/lpk+hpn-servconf.c.patch=0921 Jun 2009 20:36:15 -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,307 +0,0 @@ ---- servconf.c.orig=092009-05-26 15:13:32.000000000 +0400 -+++ servconf.c=092009-05-26 18:09:30.000000000 +0400 -@@ -42,6 +42,10 @@ - #include "channels.h" - #include "groupaccess.h" -=20 -+#ifdef WITH=5FLDAP=5FPUBKEY -+#include "ldapauth.h" -+#endif -+ - static void add=5Flisten=5Faddr(ServerOptions *, char *, int); - static void add=5Fone=5Flisten=5Faddr(ServerOptions *, char *, int); -=20 -@@ -128,11 +132,38 @@ - =09options->adm=5Fforced=5Fcommand =3D NULL; - =09options->chroot=5Fdirectory =3D NULL; - =09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D -1; -+=09options->none=5Fenabled =3D -1; -+=09options->tcp=5Frcv=5Fbuf=5Fpoll =3D -1; -+=09options->hpn=5Fdisabled =3D -1; -+=09options->hpn=5Fbuffer=5Fsize =3D -1; -+#ifdef WITH=5FLDAP=5FPUBKEY -+ =09/* XXX dirty */ -+ =09options->lpk.ld =3D NULL; -+ =09options->lpk.on =3D -1; -+ =09options->lpk.servers =3D NULL; -+ =09options->lpk.u=5Fbasedn =3D NULL; -+ =09options->lpk.g=5Fbasedn =3D NULL; -+ =09options->lpk.binddn =3D NULL; -+ =09options->lpk.bindpw =3D NULL; -+ =09options->lpk.sgroup =3D NULL; -+ =09options->lpk.filter =3D NULL; -+ =09options->lpk.fgroup =3D NULL; -+ =09options->lpk.l=5Fconf =3D NULL; -+ =09options->lpk.tls =3D -1; -+ =09options->lpk.b=5Ftimeout.tv=5Fsec =3D -1; -+ =09options->lpk.s=5Ftimeout.tv=5Fsec =3D -1; -+ =09options->lpk.flags =3D FLAG=5FEMPTY; -+#endif - } -=20 - void - fill=5Fdefault=5Fserver=5Foptions(ServerOptions *options) - { -+=09/* needed for hpn socket tests */ -+=09int sock; -+=09int socksize; -+=09int socksizelen =3D sizeof(int); -+ - =09/* Portable-specific options */ - =09if (options->use=5Fpam =3D=3D -1) - =09=09options->use=5Fpam =3D 1; -@@ -265,6 +296,68 @@ - =09=09options->permit=5Ftun =3D SSH=5FTUNMODE=5FNO; - =09if (options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D=3D -= 1) - =09=09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D 0; -+=09if (options->hpn=5Fdisabled =3D=3D -1)=20 -+=09=09options->hpn=5Fdisabled =3D 0; -+ -+=09if (options->hpn=5Fbuffer=5Fsize =3D=3D -1) { -+=09=09/* option not explicitly set. Now we have to figure out */ -+=09=09/* what value to use */ -+=09=09if (options->hpn=5Fdisabled =3D=3D 1) { -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D CHAN=5FSES=5FWINDOW=5FDEFAU= LT; -+=09=09} else { -+=09=09=09/* get the current RCV size and set it to that */ -+=09=09=09/*create a socket but don't connect it */ -+=09=09=09/* we use that the get the rcv socket size */ -+=09=09=09sock =3D socket(AF=5FINET, SOCK=5FSTREAM, 0); -+=09=09=09getsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF,=20 -+=09=09=09=09 &socksize, &socksizelen); -+=09=09=09close(sock); -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D socksize; -+=09=09=09debug ("HPN Buffer Size: %d", options->hpn=5Fbuffer=5Fsize);= -+=09=09=09 -+=09=09}=20 -+=09} else { -+=09=09/* we have to do this incase the user sets both values in a con= tradictory */ -+=09=09/* manner. hpn=5Fdisabled overrrides hpn=5Fbuffer=5Fsize*/ -+=09=09if (options->hpn=5Fdisabled <=3D 0) { -+=09=09=09if (options->hpn=5Fbuffer=5Fsize =3D=3D 0) -+=09=09=09=09options->hpn=5Fbuffer=5Fsize =3D 1; -+=09=09=09/* limit the maximum buffer to 64MB */ -+=09=09=09if (options->hpn=5Fbuffer=5Fsize > 64*1024) { -+=09=09=09=09options->hpn=5Fbuffer=5Fsize =3D 64*1024*1024; -+=09=09=09} else { -+=09=09=09=09options->hpn=5Fbuffer=5Fsize *=3D 1024; -+=09=09=09} -+=09=09} else -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D CHAN=5FTCP=5FWINDOW=5FDEFAU= LT; -+=09} -+ -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09if (options->lpk.on =3D=3D -1) -+=09 options->lpk.on =3D =5FDEFAULT=5FLPK=5FON; -+=09if (options->lpk.servers =3D=3D NULL) -+=09 options->lpk.servers =3D =5FDEFAULT=5FLPK=5FSERVERS; -+=09if (options->lpk.u=5Fbasedn =3D=3D NULL) -+=09 options->lpk.u=5Fbasedn =3D =5FDEFAULT=5FLPK=5FUDN; -+=09if (options->lpk.g=5Fbasedn =3D=3D NULL) -+=09 options->lpk.g=5Fbasedn =3D =5FDEFAULT=5FLPK=5FGDN; -+=09if (options->lpk.binddn =3D=3D NULL) -+=09 options->lpk.binddn =3D =5FDEFAULT=5FLPK=5FBINDDN; -+=09if (options->lpk.bindpw =3D=3D NULL) -+=09 options->lpk.bindpw =3D =5FDEFAULT=5FLPK=5FBINDPW; -+=09if (options->lpk.sgroup =3D=3D NULL) -+=09 options->lpk.sgroup =3D =5FDEFAULT=5FLPK=5FSGROUP; -+=09if (options->lpk.filter =3D=3D NULL) -+=09 options->lpk.filter =3D =5FDEFAULT=5FLPK=5FFILTER; -+=09if (options->lpk.tls =3D=3D -1) -+=09 options->lpk.tls =3D =5FDEFAULT=5FLPK=5FTLS; -+=09if (options->lpk.b=5Ftimeout.tv=5Fsec =3D=3D -1) -+=09 options->lpk.b=5Ftimeout.tv=5Fsec =3D =5FDEFAULT=5FLPK=5FBTIME= OUT; -+=09if (options->lpk.s=5Ftimeout.tv=5Fsec =3D=3D -1) -+=09 options->lpk.s=5Ftimeout.tv=5Fsec =3D =5FDEFAULT=5FLPK=5FSTIME= OUT; -+=09if (options->lpk.l=5Fconf =3D=3D NULL) -+=09 options->lpk.l=5Fconf =3D =5FDEFAULT=5FLPK=5FLDP; -+#endif -=20 - =09/* Turn privilege separation on by default */ - =09if (use=5Fprivsep =3D=3D -1) -@@ -310,7 +403,14 @@ - =09sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - =09sUsePrivilegeSeparation, sAllowAgentForwarding, - =09sZeroKnowledgePasswordAuthentication, -+=09sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, - =09sDeprecated, sUnsupported -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09,sLdapPublickey, sLdapServers, sLdapUserDN -+=09,sLdapGroupDN, sBindDN, sBindPw, sMyGroup -+=09,sLdapFilter, sForceTLS, sBindTimeout -+=09,sSearchTimeout, sLdapConf -+#endif - } ServerOpCodes; -=20 - #define SSHCFG=5FGLOBAL=090x01=09/* allowed in main section of sshd=5F= config */ -@@ -421,6 +521,20 @@ - =09{ "clientalivecountmax", sClientAliveCountMax, SSHCFG=5FGLOBAL }, - =09{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG=5FGLOBAL }, - =09{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG=5FGLOBAL }, -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09{ =5FDEFAULT=5FLPK=5FTOKEN, sLdapPublickey, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FSRV=5FTOKEN, sLdapServers, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FUSR=5FTOKEN, sLdapUserDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FGRP=5FTOKEN, sLdapGroupDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBDN=5FTOKEN, sBindDN, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBPW=5FTOKEN, sBindPw, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FMYG=5FTOKEN, sMyGroup, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FFIL=5FTOKEN, sLdapFilter, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FTLS=5FTOKEN, sForceTLS, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FBTI=5FTOKEN, sBindTimeout, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FSTI=5FTOKEN, sSearchTimeout, SSHCFG=5FGLOBAL }, -+=09{ =5FDEFAULT=5FLDP=5FTOKEN, sLdapConf, SSHCFG=5FGLOBAL }, -+#endif - =09{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG=5FGLOB= AL }, - =09{ "acceptenv", sAcceptEnv, SSHCFG=5FGLOBAL }, - =09{ "permittunnel", sPermitTunnel, SSHCFG=5FGLOBAL }, -@@ -428,6 +542,10 @@ - =09{ "permitopen", sPermitOpen, SSHCFG=5FALL }, - =09{ "forcecommand", sForceCommand, SSHCFG=5FALL }, - =09{ "chrootdirectory", sChrootDirectory, SSHCFG=5FALL }, -+=09{ "noneenabled", sNoneEnabled }, -+=09{ "hpndisabled", sHPNDisabled }, -+=09{ "hpnbuffersize", sHPNBufferSize }, -+=09{ "tcprcvbufpoll", sTcpRcvBufPoll }, - =09{ NULL, sBadOption, 0 } - }; -=20 -@@ -454,6 +572,7 @@ -=20 - =09for (i =3D 0; keywords[i].name; i++) - =09=09if (strcasecmp(cp, keywords[i].name) =3D=3D 0) { -+=09=09 debug ("Config token is %s", keywords[i].name); - =09=09=09*flags =3D keywords[i].flags; - =09=09=09return keywords[i].opcode; - =09=09} -@@ -851,6 +970,22 @@ - =09=09=09*intptr =3D value; - =09=09break; -=20 -+=09case sNoneEnabled: -+=09=09intptr =3D &options->none=5Fenabled; -+=09=09goto parse=5Fflag; -+ -+=09case sTcpRcvBufPoll: -+=09=09intptr =3D &options->tcp=5Frcv=5Fbuf=5Fpoll; -+=09=09goto parse=5Fflag; -+ -+=09case sHPNDisabled: -+=09=09intptr =3D &options->hpn=5Fdisabled; -+=09=09goto parse=5Fflag; -+ -+=09case sHPNBufferSize: -+=09=09intptr =3D &options->hpn=5Fbuffer=5Fsize; -+=09=09goto parse=5Fint; -+ - =09case sIgnoreUserKnownHosts: - =09=09intptr =3D &options->ignore=5Fuser=5Fknown=5Fhosts; - =09=09goto parse=5Fflag; -@@ -1311,6 +1446,107 @@ - =09=09while (arg) - =09=09 arg =3D strdelim(&cp); - =09=09break; -+#ifdef WITH=5FLDAP=5FPUBKEY -+=09case sLdapPublickey: -+=09=09intptr =3D &options->lpk.on; -+=09=09goto parse=5Fflag; -+=09case sLdapServers: -+=09=09/* arg =3D strdelim(&cp); */ -+=09=09p =3D line; -+=09=09while(*p++); -+=09=09arg =3D p; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09if ((options->lpk.servers =3D ldap=5Fparse=5Fservers(arg)) =3D=3D= NULL) -+=09=09 fatal("%s line %d: error in ldap servers", filename, linenu= m); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapUserDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.u=5Fbasedn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapGroupDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing ldap server",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.g=5Fbasedn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sBindDN: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing binddn",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.binddn =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sBindPw: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing bindpw",filename,linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.bindpw =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sMyGroup: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing groupname",filename, linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.sgroup =3D xstrdup(arg); -+=09=09if (options->lpk.sgroup) -+=09=09 options->lpk.fgroup =3D ldap=5Fparse=5Fgroups(options->lpk.= sgroup); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sLdapFilter: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing filter",filename, linenum); -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.filter =3D xstrdup(arg); -+=09=09memset(arg,0,strlen(arg)); -+=09=09break; -+=09case sForceTLS: -+=09=09intptr =3D &options->lpk.tls; -+=09=09arg =3D strdelim(&cp); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: missing yes/no argument.", -+=09=09=09 filename, linenum); -+=09=09value =3D 0;=09/* silence compiler */ -+=09=09if (strcmp(arg, "yes") =3D=3D 0) -+=09=09=09value =3D 1; -+=09=09else if (strcmp(arg, "no") =3D=3D 0) -+=09=09=09value =3D 0; -+=09=09else if (strcmp(arg, "try") =3D=3D 0) -+=09=09=09value =3D -1; -+=09=09else -+=09=09=09fatal("%s line %d: Bad yes/no argument: %s", -+=09=09=09=09filename, linenum, arg); -+=09=09if (*intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+=09case sBindTimeout: -+=09=09intptr =3D (int *) &options->lpk.b=5Ftimeout.tv=5Fsec; -+=09=09goto parse=5Fint; -+=09case sSearchTimeout: -+=09=09intptr =3D (int *) &options->lpk.s=5Ftimeout.tv=5Fsec; -+=09=09goto parse=5Fint; -+=09=09break; -+=09case sLdapConf: -+=09=09arg =3D cp; -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09 fatal("%s line %d: missing LpkLdapConf", filename, linenum)= ; -+=09=09arg[strlen(arg)] =3D '\0'; -+=09=09options->lpk.l=5Fconf =3D xstrdup(arg); -+=09=09memset(arg, 0, strlen(arg)); -+=09=09break; -+#endif -=20 - =09default: - =09=09fatal("%s line %d: Missing handler for opcode %s (%d)", Index: files/openssh-5.2p1-hpn13v6-servconf.c.diff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/openssh-5.2p1-hpn13v6-servconf.c.diff diff -N files/openssh-5.2p1-hpn13v6-servconf.c.diff --- files/openssh-5.2p1-hpn13v6-servconf.c.diff=0921 Jun 2009 20:36:15 = -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,117 +0,0 @@ -diff -NupwB servconf.c servconf.c ---- servconf.c=092009-01-28 00:31:23.000000000 -0500 -+++ servconf.c=092009-05-14 12:36:10.000000000 -0400 -@@ -128,11 +128,20 @@ initialize=5Fserver=5Foptions(ServerOptions=20 - =09options->adm=5Fforced=5Fcommand =3D NULL; - =09options->chroot=5Fdirectory =3D NULL; - =09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D -1; -+=09options->none=5Fenabled =3D -1; -+=09options->tcp=5Frcv=5Fbuf=5Fpoll =3D -1; -+=09options->hpn=5Fdisabled =3D -1; -+=09options->hpn=5Fbuffer=5Fsize =3D -1; - } -=20 - void - fill=5Fdefault=5Fserver=5Foptions(ServerOptions *options) - { -+=09/* needed for hpn socket tests */ -+=09int sock; -+=09int socksize; -+=09int socksizelen =3D sizeof(int); -+ - =09/* Portable-specific options */ - =09if (options->use=5Fpam =3D=3D -1) - =09=09options->use=5Fpam =3D 0; -@@ -262,6 +271,42 @@ fill=5Fdefault=5Fserver=5Foptions(ServerOption - =09if (options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D=3D -= 1) - =09=09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D 0; -=20 -+=09if (options->hpn=5Fdisabled =3D=3D -1)=20 -+=09=09options->hpn=5Fdisabled =3D 0; -+ -+=09if (options->hpn=5Fbuffer=5Fsize =3D=3D -1) { -+=09=09/* option not explicitly set. Now we have to figure out */ -+=09=09/* what value to use */ -+=09=09if (options->hpn=5Fdisabled =3D=3D 1) { -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D CHAN=5FSES=5FWINDOW=5FDEFAU= LT; -+=09=09} else { -+=09=09=09/* get the current RCV size and set it to that */ -+=09=09=09/*create a socket but don't connect it */ -+=09=09=09/* we use that the get the rcv socket size */ -+=09=09=09sock =3D socket(AF=5FINET, SOCK=5FSTREAM, 0); -+=09=09=09getsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF,=20 -+=09=09=09=09 &socksize, &socksizelen); -+=09=09=09close(sock); -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D socksize; -+=09=09=09debug ("HPN Buffer Size: %d", options->hpn=5Fbuffer=5Fsize);= -+=09=09=09 -+=09=09}=20 -+=09} else { -+=09=09/* we have to do this incase the user sets both values in a con= tradictory */ -+=09=09/* manner. hpn=5Fdisabled overrrides hpn=5Fbuffer=5Fsize*/ -+=09=09if (options->hpn=5Fdisabled <=3D 0) { -+=09=09=09if (options->hpn=5Fbuffer=5Fsize =3D=3D 0) -+=09=09=09=09options->hpn=5Fbuffer=5Fsize =3D 1; -+=09=09=09/* limit the maximum buffer to 64MB */ -+=09=09=09if (options->hpn=5Fbuffer=5Fsize > 64*1024) { -+=09=09=09=09options->hpn=5Fbuffer=5Fsize =3D 64*1024*1024; -+=09=09=09} else { -+=09=09=09=09options->hpn=5Fbuffer=5Fsize *=3D 1024; -+=09=09=09} -+=09=09} else -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D CHAN=5FTCP=5FWINDOW=5FDEFAU= LT; -+=09} -+ - =09/* Turn privilege separation on by default */ - =09if (use=5Fprivsep =3D=3D -1) - =09=09use=5Fprivsep =3D 1; -@@ -306,6 +351,7 @@ typedef enum { - =09sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - =09sUsePrivilegeSeparation, sAllowAgentForwarding, - =09sZeroKnowledgePasswordAuthentication, -+=09sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, - =09sDeprecated, sUnsupported - } ServerOpCodes; -=20 -@@ -424,6 +470,10 @@ static struct { - =09{ "permitopen", sPermitOpen, SSHCFG=5FALL }, - =09{ "forcecommand", sForceCommand, SSHCFG=5FALL }, - =09{ "chrootdirectory", sChrootDirectory, SSHCFG=5FALL }, -+=09{ "noneenabled", sNoneEnabled }, -+=09{ "hpndisabled", sHPNDisabled }, -+=09{ "hpnbuffersize", sHPNBufferSize }, -+=09{ "tcprcvbufpoll", sTcpRcvBufPoll }, - =09{ NULL, sBadOption, 0 } - }; -=20 -@@ -450,6 +500,7 @@ parse=5Ftoken(const char *cp, const char * -=20 - =09for (i =3D 0; keywords[i].name; i++) - =09=09if (strcasecmp(cp, keywords[i].name) =3D=3D 0) { -+=09=09 debug ("Config token is %s", keywords[i].name); - =09=09=09*flags =3D keywords[i].flags; - =09=09=09return keywords[i].opcode; - =09=09} -@@ -847,6 +898,22 @@ process=5Fserver=5Fconfig=5Fline(ServerOptions - =09=09=09*intptr =3D value; - =09=09break; -=20 -+=09case sNoneEnabled: -+=09=09intptr =3D &options->none=5Fenabled; -+=09=09goto parse=5Fflag; -+ -+=09case sTcpRcvBufPoll: -+=09=09intptr =3D &options->tcp=5Frcv=5Fbuf=5Fpoll; -+=09=09goto parse=5Fflag; -+ -+=09case sHPNDisabled: -+=09=09intptr =3D &options->hpn=5Fdisabled; -+=09=09goto parse=5Fflag; -+ -+=09case sHPNBufferSize: -+=09=09intptr =3D &options->hpn=5Fbuffer=5Fsize; -+=09=09goto parse=5Fint; -+ - =09case sIgnoreUserKnownHosts: - =09=09intptr =3D &options->ignore=5Fuser=5Fknown=5Fhosts; - =09=09goto parse=5Fflag; Index: files/openssh-5.2p1-hpn13v6.diff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/openssh-5.2p1-hpn13v6.diff diff -N files/openssh-5.2p1-hpn13v6.diff --- files/openssh-5.2p1-hpn13v6.diff=0921 Jun 2009 20:36:15 -0000=091.1= +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,3576 +0,0 @@ -diff -NupwB auth2.c auth2.c ---- auth2.c=092008-11-05 00:20:46.000000000 -0500 -+++ auth2.c=092009-05-14 12:36:10.000000000 -0400 -@@ -49,6 +49,7 @@ - #include "dispatch.h" - #include "pathnames.h" - #include "buffer.h" -+#include "canohost.h" -=20 - #ifdef GSSAPI - #include "ssh-gss.h" -@@ -75,6 +76,9 @@ extern Authmethod method=5Fgssapi; - extern Authmethod method=5Fjpake; - #endif -=20 -+static int log=5Fflag =3D 0; -+ -+ - Authmethod *authmethods[] =3D { - =09&method=5Fnone, - =09&method=5Fpubkey, -@@ -225,6 +229,11 @@ input=5Fuserauth=5Frequest(int type, u=5Fint32 - =09service =3D packet=5Fget=5Fstring(NULL); - =09method =3D packet=5Fget=5Fstring(NULL); - =09debug("userauth-request for user %s service %s method %s", user, s= ervice, method); -+=09if (!log=5Fflag) { -+=09=09logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",=20 -+=09=09 get=5Fremote=5Fipaddr(), get=5Fremote=5Fport(), user); -+=09=09log=5Fflag =3D 1; -+=09} - =09debug("attempt %d failures %d", authctxt->attempt, authctxt->failu= res); -=20 - =09if ((style =3D strchr(user, ':')) !=3D NULL) -diff -NupwB buffer.c buffer.c ---- buffer.c=092006-08-04 22:39:39.000000000 -0400 -+++ buffer.c=092009-05-14 12:36:10.000000000 -0400 -@@ -127,7 +127,7 @@ restart: -=20 - =09/* Increase the size of the buffer and retry. */ - =09newlen =3D roundup(buffer->alloc + len, BUFFER=5FALLOCSZ); --=09if (newlen > BUFFER=5FMAX=5FLEN) -+=09if (newlen > BUFFER=5FMAX=5FLEN=5FHPN) - =09=09fatal("buffer=5Fappend=5Fspace: alloc %u not supported", - =09=09 newlen); - =09buffer->buf =3D xrealloc(buffer->buf, 1, newlen); -diff -NupwB buffer.h buffer.h ---- buffer.h=092008-05-19 00:59:37.000000000 -0400 -+++ buffer.h=092009-05-14 12:36:10.000000000 -0400 -@@ -16,6 +16,9 @@ - #ifndef BUFFER=5FH - #define BUFFER=5FH -=20 -+/* move the following to a more appropriate place and name */ -+#define BUFFER=5FMAX=5FLEN=5FHPN 0x4000000 /* 64MB */ -+ - typedef struct { - =09u=5Fchar=09*buf;=09=09/* Buffer for data. */ - =09u=5Fint=09 alloc;=09=09/* Number of bytes allocated for data. */ -diff -NupwB channels.c channels.c ---- channels.c=092009-02-14 00:28:21.000000000 -0500 -+++ channels.c=092009-05-14 12:36:10.000000000 -0400 -@@ -169,8 +169,14 @@ static void port=5Fopen=5Fhelper(Channel *c, - static int connect=5Fnext(struct channel=5Fconnect *); - static void channel=5Fconnect=5Fctx=5Ffree(struct channel=5Fconnect *= ); -=20 -+ -+static int hpn=5Fdisabled =3D 0; -+static int hpn=5Fbuffer=5Fsize =3D 2 * 1024 * 1024; -+ - /* -- channel core */ -=20 -+ -+ - Channel * - channel=5Fby=5Fid(int id) - { -@@ -308,6 +314,7 @@ channel=5Fnew(char *ctype, int type, int r - =09c->local=5Fwindow=5Fmax =3D window; - =09c->local=5Fconsumed =3D 0; - =09c->local=5Fmaxpacket =3D maxpack; -+=09c->dynamic=5Fwindow =3D 0; - =09c->remote=5Fid =3D -1; - =09c->remote=5Fname =3D xstrdup(remote=5Fname); - =09c->remote=5Fwindow =3D 0; -@@ -798,11 +805,35 @@ channel=5Fpre=5Fopen=5F13(Channel *c, fd=5Fset *= - =09=09FD=5FSET(c->sock, writeset); - } -=20 -+int channel=5Ftcpwinsz () { -+ u=5Fint32=5Ft tcpwinsz =3D 0; -+ socklen=5Ft optsz =3D sizeof(tcpwinsz); -+=09int ret =3D -1; -+ -+=09/* if we aren't on a socket return 128KB*/ -+=09if(!packet=5Fconnection=5Fis=5Fon=5Fsocket())=20 -+=09 return(128*1024); -+=09ret =3D getsockopt(packet=5Fget=5Fconnection=5Fin(), -+=09=09=09 SOL=5FSOCKET, SO=5FRCVBUF, &tcpwinsz, &optsz); -+=09/* return no more than 64MB */ -+=09if ((ret =3D=3D 0) && tcpwinsz > BUFFER=5FMAX=5FLEN=5FHPN) -+=09 tcpwinsz =3D BUFFER=5FMAX=5FLEN=5FHPN; -+=09debug2("tcpwinsz: %d for connection: %d", tcpwinsz,=20 -+=09 packet=5Fget=5Fconnection=5Fin()); -+=09return(tcpwinsz); -+} -+ - static void - channel=5Fpre=5Fopen(Channel *c, fd=5Fset *readset, fd=5Fset *writese= t) - { - =09u=5Fint limit =3D compat20 =3F c->remote=5Fwindow : packet=5Fget=5F= maxsize(); -=20 -+ /* check buffer limits */ -+=09if ((!c->tcpwinsz) || (c->dynamic=5Fwindow > 0)) -+ =09 c->tcpwinsz =3D channel=5Ftcpwinsz(); -+=09 -+=09limit =3D MIN(limit, 2 * c->tcpwinsz); -+=09 - =09if (c->istate =3D=3D CHAN=5FINPUT=5FOPEN && - =09 limit > 0 && - =09 buffer=5Flen(&c->input) < limit && -@@ -1759,14 +1790,21 @@ channel=5Fcheck=5Fwindow(Channel *c) - =09 c->local=5Fmaxpacket*3) || - =09 c->local=5Fwindow < c->local=5Fwindow=5Fmax/2) && - =09 c->local=5Fconsumed > 0) { -+=09=09u=5Fint addition =3D 0; -+=09=09/* adjust max window size if we are in a dynamic environment */= -+=09=09if (c->dynamic=5Fwindow && (c->tcpwinsz > c->local=5Fwindow=5Fm= ax)) { -+=09=09=09/* grow the window somewhat aggressively to maintain pressur= e */ -+=09=09=09addition =3D 1.5*(c->tcpwinsz - c->local=5Fwindow=5Fmax); -+=09=09=09c->local=5Fwindow=5Fmax +=3D addition; -+=09=09} - =09=09packet=5Fstart(SSH2=5FMSG=5FCHANNEL=5FWINDOW=5FADJUST); - =09=09packet=5Fput=5Fint(c->remote=5Fid); --=09=09packet=5Fput=5Fint(c->local=5Fconsumed); -+=09=09packet=5Fput=5Fint(c->local=5Fconsumed + addition); - =09=09packet=5Fsend(); - =09=09debug2("channel %d: window %d sent adjust %d", - =09=09 c->self, c->local=5Fwindow, - =09=09 c->local=5Fconsumed); --=09=09c->local=5Fwindow +=3D c->local=5Fconsumed; -+=09=09c->local=5Fwindow +=3D c->local=5Fconsumed + addition; - =09=09c->local=5Fconsumed =3D 0; - =09} - =09return 1; -@@ -1969,11 +2007,12 @@ channel=5Fafter=5Fselect(fd=5Fset *readset, fd= -=20 -=20 - /* If there is data to send to the connection, enqueue some of it now= . */ --void -+int - channel=5Foutput=5Fpoll(void) - { - =09Channel *c; - =09u=5Fint i, len; -+=09int packet=5Flength =3D 0; -=20 - =09for (i =3D 0; i < channels=5Falloc; i++) { - =09=09c =3D channels[i]; -@@ -2013,7 +2052,7 @@ channel=5Foutput=5Fpoll(void) - =09=09=09=09=09packet=5Fstart(SSH2=5FMSG=5FCHANNEL=5FDATA); - =09=09=09=09=09packet=5Fput=5Fint(c->remote=5Fid); - =09=09=09=09=09packet=5Fput=5Fstring(data, dlen); --=09=09=09=09=09packet=5Fsend(); -+=09=09=09=09=09packet=5Flength =3D packet=5Fsend(); - =09=09=09=09=09c->remote=5Fwindow -=3D dlen + 4; - =09=09=09=09=09xfree(data); - =09=09=09=09} -@@ -2043,7 +2082,7 @@ channel=5Foutput=5Fpoll(void) - =09=09=09=09 SSH2=5FMSG=5FCHANNEL=5FDATA : SSH=5FMSG=5FCHANNEL=5FD= ATA); - =09=09=09=09packet=5Fput=5Fint(c->remote=5Fid); - =09=09=09=09packet=5Fput=5Fstring(buffer=5Fptr(&c->input), len); --=09=09=09=09packet=5Fsend(); -+=09=09=09=09packet=5Flength =3D packet=5Fsend(); - =09=09=09=09buffer=5Fconsume(&c->input, len); - =09=09=09=09c->remote=5Fwindow -=3D len; - =09=09=09} -@@ -2078,12 +2117,13 @@ channel=5Foutput=5Fpoll(void) - =09=09=09packet=5Fput=5Fint(c->remote=5Fid); - =09=09=09packet=5Fput=5Fint(SSH2=5FEXTENDED=5FDATA=5FSTDERR); - =09=09=09packet=5Fput=5Fstring(buffer=5Fptr(&c->extended), len); --=09=09=09packet=5Fsend(); -+=09=09=09packet=5Flength =3D packet=5Fsend(); - =09=09=09buffer=5Fconsume(&c->extended, len); - =09=09=09c->remote=5Fwindow -=3D len; - =09=09=09debug2("channel %d: sent ext data %d", c->self, len); - =09=09} - =09} -+=09return (packet=5Flength); - } -=20 -=20 -@@ -2459,6 +2499,15 @@ channel=5Fset=5Faf(int af) - =09IPv4or6 =3D af; - } -=20 -+ -+void=20 -+channel=5Fset=5Fhpn(int external=5Fhpn=5Fdisabled, int external=5Fhpn= =5Fbuffer=5Fsize) -+{ -+ =09hpn=5Fdisabled =3D external=5Fhpn=5Fdisabled; -+=09hpn=5Fbuffer=5Fsize =3D external=5Fhpn=5Fbuffer=5Fsize; -+=09debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn=5Fdisabled, hpn= =5Fbuffer=5Fsize); -+} -+ - static int - channel=5Fsetup=5Ffwd=5Flistener(int type, const char *listen=5Faddr,= - u=5Fshort listen=5Fport, int *allocated=5Flisten=5Fport, -@@ -2610,9 +2659,15 @@ channel=5Fsetup=5Ffwd=5Flistener(int type, con - =09=09} -=20 - =09=09/* Allocate a channel number for the socket. */ -+=09=09/* explicitly test for hpn disabled option. if true use smaller= window size */ -+=09=09if (hpn=5Fdisabled) - =09=09c =3D channel=5Fnew("port listener", type, sock, sock, -1, - =09=09 CHAN=5FTCP=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FPACKET=5FDEFAUL= T, - =09=09 0, "port listener", 1); -+ =09=09else -+ =09=09=09c =3D channel=5Fnew("port listener", type, sock, sock, -1, -+ =09=09 =09 hpn=5Fbuffer=5Fsize, CHAN=5FTCP=5FPACKET=5FDEFAULT, -+ =09=09 =09 0, "port listener", 1);=20 - =09=09c->path =3D xstrdup(host); - =09=09c->host=5Fport =3D port=5Fto=5Fconnect; - =09=09c->listening=5Fport =3D listen=5Fport; -@@ -3151,10 +3206,17 @@ x11=5Fcreate=5Fdisplay=5Finet(int x11=5Fdispla= y=5F - =09*chanids =3D xcalloc(num=5Fsocks + 1, sizeof(**chanids)); - =09for (n =3D 0; n < num=5Fsocks; n++) { - =09=09sock =3D socks[n]; -+=09=09/* Is this really necassary=3F */ -+=09=09if (hpn=5Fdisabled)=20 - =09=09nc =3D channel=5Fnew("x11 listener", - =09=09 SSH=5FCHANNEL=5FX11=5FLISTENER, sock, sock, -1, - =09=09 CHAN=5FX11=5FWINDOW=5FDEFAULT, CHAN=5FX11=5FPACKET=5FDEFAUL= T, - =09=09 0, "X11 inet listener", 1); -+=09=09else=20 -+=09=09=09nc =3D channel=5Fnew("x11 listener", -+=09=09=09 SSH=5FCHANNEL=5FX11=5FLISTENER, sock, sock, -1, -+=09=09=09 hpn=5Fbuffer=5Fsize, CHAN=5FX11=5FPACKET=5FDEFAULT, -+=09=09=09 0, "X11 inet listener", 1); - =09=09nc->single=5Fconnection =3D single=5Fconnection; - =09=09(*chanids)[n] =3D nc->self; - =09} -diff -NupwB channels.h channels.h ---- channels.h=092009-02-14 00:28:21.000000000 -0500 -+++ channels.h=092009-05-14 12:36:10.000000000 -0400 -@@ -115,8 +115,10 @@ struct Channel { - =09u=5Fint=09local=5Fwindow=5Fmax; - =09u=5Fint=09local=5Fconsumed; - =09u=5Fint=09local=5Fmaxpacket; -+=09int=09dynamic=5Fwindow; - =09int extended=5Fusage; - =09int=09single=5Fconnection; -+=09u=5Fint =09tcpwinsz;=09 -=20 - =09char *ctype;=09=09/* type */ -=20 -@@ -146,9 +148,11 @@ struct Channel { -=20 - /* default window/packet sizes for tcp/x11-fwd-channel */ - #define CHAN=5FSES=5FPACKET=5FDEFAULT=09(32*1024) --#define CHAN=5FSES=5FWINDOW=5FDEFAULT=09(64*CHAN=5FSES=5FPACKET=5FDEF= AULT) -+#define CHAN=5FSES=5FWINDOW=5FDEFAULT=09(4*CHAN=5FSES=5FPACKET=5FDEFA= ULT) -+ - #define CHAN=5FTCP=5FPACKET=5FDEFAULT=09(32*1024) --#define CHAN=5FTCP=5FWINDOW=5FDEFAULT=09(64*CHAN=5FTCP=5FPACKET=5FDEF= AULT) -+#define CHAN=5FTCP=5FWINDOW=5FDEFAULT=09(4*CHAN=5FTCP=5FPACKET=5FDEFA= ULT) -+ - #define CHAN=5FX11=5FPACKET=5FDEFAULT=09(16*1024) - #define CHAN=5FX11=5FWINDOW=5FDEFAULT=09(4*CHAN=5FX11=5FPACKET=5FDEFA= ULT) -=20 -@@ -221,7 +225,7 @@ void=09 channel=5Finput=5Fstatus=5Fconfirm(int,=20= -=20 - void=09 channel=5Fprepare=5Fselect(fd=5Fset **, fd=5Fset **, int *, u= =5Fint*, int); - void channel=5Fafter=5Fselect(fd=5Fset *, fd=5Fset *); --void channel=5Foutput=5Fpoll(void); -+int channel=5Foutput=5Fpoll(void); -=20 - int channel=5Fnot=5Fvery=5Fmuch=5Fbuffered=5Fdata(void); - void channel=5Fclose=5Fall(void); -@@ -277,4 +281,7 @@ void=09 chan=5Frcvd=5Fieof(Channel *); - void=09 chan=5Fwrite=5Ffailed(Channel *); - void=09 chan=5Fobuf=5Fempty(Channel *); -=20 -+/* hpn handler */ -+void channel=5Fset=5Fhpn(int, int); -+ - #endif -diff -NupwB cipher.c cipher.c ---- cipher.c=092009-01-28 00:38:41.000000000 -0500 -+++ cipher.c=092009-05-14 12:36:10.000000000 -0400 -@@ -55,6 +55,7 @@ extern const EVP=5FCIPHER *evp=5Fssh1=5Fbf(voi - extern const EVP=5FCIPHER *evp=5Fssh1=5F3des(void); - extern void ssh1=5F3des=5Fiv(EVP=5FCIPHER=5FCTX *, int, u=5Fchar *, i= nt); - extern const EVP=5FCIPHER *evp=5Faes=5F128=5Fctr(void); -+extern const EVP=5FCIPHER *evp=5Faes=5Fctr=5Fmt(void); - extern void ssh=5Faes=5Fctr=5Fiv(EVP=5FCIPHER=5FCTX *, int, u=5Fchar = *, u=5Fint); -=20 - struct Cipher { -@@ -82,9 +83,9 @@ struct Cipher { - =09{ "aes256-cbc",=09=09SSH=5FCIPHER=5FSSH2, 16, 32, 0, 1, EVP=5Faes=5F= 256=5Fcbc }, - =09{ "rijndael-cbc@lysator.liu.se", - =09=09=09=09SSH=5FCIPHER=5FSSH2, 16, 32, 0, 1, EVP=5Faes=5F256=5Fcbc = }, --=09{ "aes128-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 16, 0, 0, evp=5Faes=5F= 128=5Fctr }, --=09{ "aes192-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 24, 0, 0, evp=5Faes=5F= 128=5Fctr }, --=09{ "aes256-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 32, 0, 0, evp=5Faes=5F= 128=5Fctr }, -+=09{ "aes128-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 16, 0, 0, evp=5Faes=5F= ctr=5Fmt }, -+=09{ "aes192-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 24, 0, 0, evp=5Faes=5F= ctr=5Fmt }, -+=09{ "aes256-ctr",=09=09SSH=5FCIPHER=5FSSH2, 16, 32, 0, 0, evp=5Faes=5F= ctr=5Fmt }, - #ifdef USE=5FCIPHER=5FACSS - =09{ "acss@openssh.org",=09SSH=5FCIPHER=5FSSH2, 16, 5, 0, 0, EVP=5Fac= ss }, - #endif -@@ -163,7 +164,8 @@ ciphers=5Fvalid(const char *names) - =09for ((p =3D strsep(&cp, CIPHER=5FSEP)); p && *p !=3D '\0'; - =09 (p =3D strsep(&cp, CIPHER=5FSEP))) { - =09=09c =3D cipher=5Fby=5Fname(p); --=09=09if (c =3D=3D NULL || c->number !=3D SSH=5FCIPHER=5FSSH2) { -+=09=09if (c =3D=3D NULL || (c->number !=3D SSH=5FCIPHER=5FSSH2 &&=20 -+c->number !=3D SSH=5FCIPHER=5FNONE)) { - =09=09=09debug("bad cipher %s [%s]", p, names); - =09=09=09xfree(cipher=5Flist); - =09=09=09return 0; -@@ -337,6 +339,7 @@ cipher=5Fget=5Fkeyiv(CipherContext *cc, u=5Fch - =09int evplen; -=20 - =09switch (c->number) { -+=09case SSH=5FCIPHER=5FNONE: - =09case SSH=5FCIPHER=5FSSH2: - =09case SSH=5FCIPHER=5FDES: - =09case SSH=5FCIPHER=5FBLOWFISH: -@@ -371,6 +374,7 @@ cipher=5Fset=5Fkeyiv(CipherContext *cc, u=5Fch - =09int evplen =3D 0; -=20 - =09switch (c->number) { -+=09case SSH=5FCIPHER=5FNONE: - =09case SSH=5FCIPHER=5FSSH2: - =09case SSH=5FCIPHER=5FDES: - =09case SSH=5FCIPHER=5FBLOWFISH: -diff -NupwB cipher-ctr-mt.c cipher-ctr-mt.c ---- cipher-ctr-mt.c=091969-12-31 19:00:00.000000000 -0500 -+++ cipher-ctr-mt.c=092009-05-14 12:36:10.000000000 -0400 -@@ -0,0 +1,473 @@ -+/* -+ * OpenSSH Multi-threaded AES-CTR Cipher -+ * -+ * Author: Benjamin Bennett -+ * Copyright (c) 2008 Pittsburgh Supercomputing Center. All rights re= served. -+ * -+ * Based on original OpenSSH AES-CTR cipher. Small portions remain un= changed, -+ * Copyright (c) 2003 Markus Friedl -+ * -+ * Permission to use, copy, modify, and distribute this software for = any -+ * purpose with or without fee is hereby granted, provided that the a= bove -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARR= ANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABL= E FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAM= AGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN= AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING O= UT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+#include "includes.h" -+ -+#include -+ -+#include -+#include -+ -+#include -+ -+#include "xmalloc.h" -+#include "log.h" -+ -+/* compatibility with old or broken OpenSSL versions */ -+#include "openbsd-compat/openssl-compat.h" -+ -+#ifndef USE=5FBUILTIN=5FRIJNDAEL -+#include -+#endif -+ -+#include -+ -+/*-------------------- TUNABLES --------------------*/ -+/* Number of pregen threads to use */ -+#define CIPHER=5FTHREADS=092 -+ -+/* Number of keystream queues */ -+#define NUMKQ=09=09(CIPHER=5FTHREADS + 2) -+ -+/* Length of a keystream queue */ -+#define KQLEN=09=094096 -+ -+/* Processor cacheline length */ -+#define CACHELINE=5FLEN=0964 -+ -+/* Collect thread stats and print at cancellation when in debug mode = */ -+/* #define CIPHER=5FTHREAD=5FSTATS */ -+ -+/* Use single-byte XOR instead of 8-byte XOR */ -+/* #define CIPHER=5FBYTE=5FXOR */ -+/*-------------------- END TUNABLES --------------------*/ -+ -+ -+const EVP=5FCIPHER *evp=5Faes=5Fctr=5Fmt(void); -+ -+#ifdef CIPHER=5FTHREAD=5FSTATS -+/* -+ * Struct to collect thread stats -+ */ -+struct thread=5Fstats { -+=09u=5Fint=09fills; -+=09u=5Fint=09skips; -+=09u=5Fint=09waits; -+=09u=5Fint=09drains; -+}; -+ -+/* -+ * Debug print the thread stats -+ * Use with pthread=5Fcleanup=5Fpush for displaying at thread cancell= ation -+ */ -+static void -+thread=5Floop=5Fstats(void *x) -+{ -+=09struct thread=5Fstats *s =3D x; -+ -+=09debug("tid %lu - %u fills, %u skips, %u waits", pthread=5Fself(), -+=09=09=09s->fills, s->skips, s->waits); -+} -+ -+ #define STATS=5FSTRUCT(s)=09struct thread=5Fstats s -+ #define STATS=5FINIT(s)=09=09{ memset(&s, 0, sizeof(s)); } -+ #define STATS=5FFILL(s)=09=09{ s.fills++; } -+ #define STATS=5FSKIP(s)=09=09{ s.skips++; } -+ #define STATS=5FWAIT(s)=09=09{ s.waits++; } -+ #define STATS=5FDRAIN(s)=09=09{ s.drains++; } -+#else -+ #define STATS=5FSTRUCT(s) -+ #define STATS=5FINIT(s) -+ #define STATS=5FFILL(s) -+ #define STATS=5FSKIP(s) -+ #define STATS=5FWAIT(s) -+ #define STATS=5FDRAIN(s) -+#endif -+ -+/* Keystream Queue state */ -+enum { -+=09KQINIT, -+=09KQEMPTY, -+=09KQFILLING, -+=09KQFULL, -+=09KQDRAINING -+}; -+ -+/* Keystream Queue struct */ -+struct kq { -+=09u=5Fchar=09=09keys[KQLEN][AES=5FBLOCK=5FSIZE]; -+=09u=5Fchar=09=09ctr[AES=5FBLOCK=5FSIZE]; -+=09u=5Fchar=09=09pad0[CACHELINE=5FLEN]; -+=09volatile int=09qstate; -+=09pthread=5Fmutex=5Ft=09lock; -+=09pthread=5Fcond=5Ft=09cond; -+=09u=5Fchar=09=09pad1[CACHELINE=5FLEN]; -+}; -+ -+/* Context struct */ -+struct ssh=5Faes=5Fctr=5Fctx -+{ -+=09struct kq=09q[NUMKQ]; -+=09AES=5FKEY=09=09aes=5Fctx; -+=09STATS=5FSTRUCT(stats); -+=09u=5Fchar=09=09aes=5Fcounter[AES=5FBLOCK=5FSIZE]; -+=09pthread=5Ft=09tid[CIPHER=5FTHREADS]; -+=09int=09=09state; -+=09int=09=09qidx; -+=09int=09=09ridx; -+}; -+ -+/* -+ * increment counter 'ctr', -+ * the counter is of size 'len' bytes and stored in network-byte-orde= r. -+ * (LSB at ctr[len-1], MSB at ctr[0]) -+ */ -+static void -+ssh=5Fctr=5Finc(u=5Fchar *ctr, u=5Fint len) -+{ -+=09int i; -+ -+=09for (i =3D len - 1; i >=3D 0; i--) -+=09=09if (++ctr[i])=09/* continue on overflow */ -+=09=09=09return; -+} -+ -+/* -+ * Add num to counter 'ctr' -+ */ -+static void -+ssh=5Fctr=5Fadd(u=5Fchar *ctr, uint32=5Ft num, u=5Fint len) -+{ -+=09int i; -+=09uint16=5Ft n; -+ -+=09for (n =3D 0, i =3D len - 1; i >=3D 0 && (num || n); i--) { -+=09=09n =3D ctr[i] + (num & 0xff) + n; -+=09=09num >>=3D 8; -+=09=09ctr[i] =3D n & 0xff; -+=09=09n >>=3D 8; -+=09} -+} -+ -+/* -+ * Threads may be cancelled in a pthread=5Fcond=5Fwait, we must free = the mutex -+ */ -+static void -+thread=5Floop=5Fcleanup(void *x) -+{ -+=09pthread=5Fmutex=5Funlock((pthread=5Fmutex=5Ft *)x); -+} -+ -+/* -+ * The life of a pregen thread: -+ * Find empty keystream queues and fill them using their counter. -+ * When done, update counter for the next fill. -+ */ -+static void * -+thread=5Floop(void *x) -+{ -+=09AES=5FKEY key; -+=09STATS=5FSTRUCT(stats); -+=09struct ssh=5Faes=5Fctr=5Fctx *c =3D x; -+=09struct kq *q; -+=09int i; -+=09int qidx; -+ -+=09/* Threads stats on cancellation */ -+=09STATS=5FINIT(stats); -+#ifdef CIPHER=5FTHREAD=5FSTATS -+=09pthread=5Fcleanup=5Fpush(thread=5Floop=5Fstats, &stats); -+#endif -+ -+=09/* Thread local copy of AES key */ -+=09memcpy(&key, &c->aes=5Fctx, sizeof(key)); -+ -+=09/* -+=09 * Handle the special case of startup, one thread must fill -+ =09 * the first KQ then mark it as draining. Lock held throughout. -+ =09 */ -+=09if (pthread=5Fequal(pthread=5Fself(), c->tid[0])) { -+=09=09q =3D &c->q[0]; -+=09=09pthread=5Fmutex=5Flock(&q->lock); -+=09=09if (q->qstate =3D=3D KQINIT) { -+=09=09=09for (i =3D 0; i < KQLEN; i++) { -+=09=09=09=09AES=5Fencrypt(q->ctr, q->keys[i], &key); -+=09=09=09=09ssh=5Fctr=5Finc(q->ctr, AES=5FBLOCK=5FSIZE); -+=09=09=09} -+=09=09=09ssh=5Fctr=5Fadd(q->ctr, KQLEN * (NUMKQ - 1), AES=5FBLOCK=5FS= IZE); -+=09=09=09q->qstate =3D KQDRAINING; -+=09=09=09STATS=5FFILL(stats); -+=09=09=09pthread=5Fcond=5Fbroadcast(&q->cond); -+=09=09} -+=09=09pthread=5Fmutex=5Funlock(&q->lock); -+=09} -+=09else=20 -+=09=09STATS=5FSKIP(stats); -+ -+=09/* -+ =09 * Normal case is to find empty queues and fill them, skipping ov= er -+ =09 * queues already filled by other threads and stopping to wait fo= r -+ =09 * a draining queue to become empty. -+ =09 * -+ =09 * Multiple threads may be waiting on a draining queue and awoken= -+ =09 * when empty. The first thread to wake will mark it as filling,= -+ =09 * others will move on to fill, skip, or wait on the next queue. -+ =09 */ -+=09for (qidx =3D 1;; qidx =3D (qidx + 1) % NUMKQ) { -+=09=09/* Check if I was cancelled, also checked in cond=5Fwait */ -+=09=09pthread=5Ftestcancel(); -+ -+=09=09/* Lock queue and block if its draining */ -+=09=09q =3D &c->q[qidx]; -+=09=09pthread=5Fmutex=5Flock(&q->lock); -+=09=09pthread=5Fcleanup=5Fpush(thread=5Floop=5Fcleanup, &q->lock); -+=09=09while (q->qstate =3D=3D KQDRAINING || q->qstate =3D=3D KQINIT) = { -+=09=09=09STATS=5FWAIT(stats); -+=09=09=09pthread=5Fcond=5Fwait(&q->cond, &q->lock); -+=09=09} -+=09=09pthread=5Fcleanup=5Fpop(0); -+ -+=09=09/* If filling or full, somebody else got it, skip */ -+=09=09if (q->qstate !=3D KQEMPTY) { -+=09=09=09pthread=5Fmutex=5Funlock(&q->lock); -+=09=09=09STATS=5FSKIP(stats); -+=09=09=09continue; -+=09=09} -+ -+=09=09/* -+ =09=09 * Empty, let's fill it. -+ =09=09 * Queue lock is relinquished while we do this so others -+ =09=09 * can see that it's being filled. -+ =09=09 */ -+=09=09q->qstate =3D KQFILLING; -+=09=09pthread=5Fmutex=5Funlock(&q->lock); -+=09=09for (i =3D 0; i < KQLEN; i++) { -+=09=09=09AES=5Fencrypt(q->ctr, q->keys[i], &key); -+=09=09=09ssh=5Fctr=5Finc(q->ctr, AES=5FBLOCK=5FSIZE); -+=09=09} -+ -+=09=09/* Re-lock, mark full and signal consumer */ -+=09=09pthread=5Fmutex=5Flock(&q->lock); -+=09=09ssh=5Fctr=5Fadd(q->ctr, KQLEN * (NUMKQ - 1), AES=5FBLOCK=5FSIZE= ); -+=09=09q->qstate =3D KQFULL; -+=09=09STATS=5FFILL(stats); -+=09=09pthread=5Fcond=5Fsignal(&q->cond); -+=09=09pthread=5Fmutex=5Funlock(&q->lock); -+=09} -+ -+#ifdef CIPHER=5FTHREAD=5FSTATS -+=09/* Stats */ -+=09pthread=5Fcleanup=5Fpop(1); -+#endif -+ -+=09return NULL; -+} -+ -+static int -+ssh=5Faes=5Fctr(EVP=5FCIPHER=5FCTX *ctx, u=5Fchar *dest, const u=5Fch= ar *src, -+ u=5Fint len) -+{ -+=09struct ssh=5Faes=5Fctr=5Fctx *c; -+=09struct kq *q, *oldq; -+=09int ridx; -+=09u=5Fchar *buf; -+ -+=09if (len =3D=3D 0) -+=09=09return (1); -+=09if ((c =3D EVP=5FCIPHER=5FCTX=5Fget=5Fapp=5Fdata(ctx)) =3D=3D NULL= ) -+=09=09return (0); -+ -+=09q =3D &c->q[c->qidx]; -+=09ridx =3D c->ridx; -+ -+=09/* src already padded to block multiple */ -+=09while (len > 0) { -+=09=09buf =3D q->keys[ridx]; -+ -+#ifdef CIPHER=5FBYTE=5FXOR -+=09=09dest[0] =3D src[0] ^ buf[0]; -+=09=09dest[1] =3D src[1] ^ buf[1]; -+=09=09dest[2] =3D src[2] ^ buf[2]; -+=09=09dest[3] =3D src[3] ^ buf[3]; -+=09=09dest[4] =3D src[4] ^ buf[4]; -+=09=09dest[5] =3D src[5] ^ buf[5]; -+=09=09dest[6] =3D src[6] ^ buf[6]; -+=09=09dest[7] =3D src[7] ^ buf[7]; -+=09=09dest[8] =3D src[8] ^ buf[8]; -+=09=09dest[9] =3D src[9] ^ buf[9]; -+=09=09dest[10] =3D src[10] ^ buf[10]; -+=09=09dest[11] =3D src[11] ^ buf[11]; -+=09=09dest[12] =3D src[12] ^ buf[12]; -+=09=09dest[13] =3D src[13] ^ buf[13]; -+=09=09dest[14] =3D src[14] ^ buf[14]; -+=09=09dest[15] =3D src[15] ^ buf[15]; -+#else -+=09=09*(uint64=5Ft *)dest =3D *(uint64=5Ft *)src ^ *(uint64=5Ft *)buf= ; -+=09=09*(uint64=5Ft *)(dest + 8) =3D *(uint64=5Ft *)(src + 8) ^ -+=09=09=09=09=09=09*(uint64=5Ft *)(buf + 8); -+#endif -+ -+=09=09dest +=3D 16; -+=09=09src +=3D 16; -+=09=09len -=3D 16; -+=09=09ssh=5Fctr=5Finc(ctx->iv, AES=5FBLOCK=5FSIZE); -+ -+=09=09/* Increment read index, switch queues on rollover */ -+=09=09if ((ridx =3D (ridx + 1) % KQLEN) =3D=3D 0) { -+=09=09=09oldq =3D q; -+ -+=09=09=09/* Mark next queue draining, may need to wait */ -+=09=09=09c->qidx =3D (c->qidx + 1) % NUMKQ; -+=09=09=09q =3D &c->q[c->qidx]; -+=09=09=09pthread=5Fmutex=5Flock(&q->lock); -+=09=09=09while (q->qstate !=3D KQFULL) { -+=09=09=09=09STATS=5FWAIT(c->stats); -+=09=09=09=09pthread=5Fcond=5Fwait(&q->cond, &q->lock); -+=09=09=09} -+=09=09=09q->qstate =3D KQDRAINING; -+=09=09=09pthread=5Fmutex=5Funlock(&q->lock); -+ -+=09=09=09/* Mark consumed queue empty and signal producers */ -+=09=09=09pthread=5Fmutex=5Flock(&oldq->lock); -+=09=09=09oldq->qstate =3D KQEMPTY; -+=09=09=09STATS=5FDRAIN(c->stats); -+=09=09=09pthread=5Fcond=5Fbroadcast(&oldq->cond); -+=09=09=09pthread=5Fmutex=5Funlock(&oldq->lock); -+=09=09} -+=09} -+=09c->ridx =3D ridx; -+=09return (1); -+} -+ -+#define HAVE=5FNONE 0 -+#define HAVE=5FKEY 1 -+#define HAVE=5FIV 2 -+static int -+ssh=5Faes=5Fctr=5Finit(EVP=5FCIPHER=5FCTX *ctx, const u=5Fchar *key, = const u=5Fchar *iv, -+ int enc) -+{ -+=09struct ssh=5Faes=5Fctr=5Fctx *c; -+=09int i; -+ -+=09if ((c =3D EVP=5FCIPHER=5FCTX=5Fget=5Fapp=5Fdata(ctx)) =3D=3D NULL= ) { -+=09=09c =3D xmalloc(sizeof(*c)); -+ -+=09=09c->state =3D HAVE=5FNONE; -+=09=09for (i =3D 0; i < NUMKQ; i++) { -+=09=09=09pthread=5Fmutex=5Finit(&c->q[i].lock, NULL); -+=09=09=09pthread=5Fcond=5Finit(&c->q[i].cond, NULL); -+=09=09} -+ -+=09=09STATS=5FINIT(c->stats); -+=09=09 -+=09=09EVP=5FCIPHER=5FCTX=5Fset=5Fapp=5Fdata(ctx, c); -+=09} -+ -+=09if (c->state =3D=3D (HAVE=5FKEY | HAVE=5FIV)) { -+=09=09/* Cancel pregen threads */ -+=09=09for (i =3D 0; i < CIPHER=5FTHREADS; i++) -+=09=09=09pthread=5Fcancel(c->tid[i]); -+=09=09for (i =3D 0; i < CIPHER=5FTHREADS; i++) -+=09=09=09pthread=5Fjoin(c->tid[i], NULL); -+=09=09/* Start over getting key & iv */ -+=09=09c->state =3D HAVE=5FNONE; -+=09} -+ -+=09if (key !=3D NULL) { -+=09=09AES=5Fset=5Fencrypt=5Fkey(key, EVP=5FCIPHER=5FCTX=5Fkey=5Flengt= h(ctx) * 8, -+=09=09 &c->aes=5Fctx); -+=09=09c->state |=3D HAVE=5FKEY; -+=09} -+ -+=09if (iv !=3D NULL) { -+=09=09memcpy(ctx->iv, iv, AES=5FBLOCK=5FSIZE); -+=09=09c->state |=3D HAVE=5FIV; -+=09} -+ -+=09if (c->state =3D=3D (HAVE=5FKEY | HAVE=5FIV)) { -+=09=09/* Clear queues */ -+=09=09memcpy(c->q[0].ctr, ctx->iv, AES=5FBLOCK=5FSIZE); -+=09=09c->q[0].qstate =3D KQINIT; -+=09=09for (i =3D 1; i < NUMKQ; i++) { -+=09=09=09memcpy(c->q[i].ctr, ctx->iv, AES=5FBLOCK=5FSIZE); -+=09=09=09ssh=5Fctr=5Fadd(c->q[i].ctr, i * KQLEN, AES=5FBLOCK=5FSIZE);= -+=09=09=09c->q[i].qstate =3D KQEMPTY; -+=09=09} -+=09=09c->qidx =3D 0; -+=09=09c->ridx =3D 0; -+ -+=09=09/* Start threads */ -+=09=09for (i =3D 0; i < CIPHER=5FTHREADS; i++) { -+=09=09=09pthread=5Fcreate(&c->tid[i], NULL, thread=5Floop, c); -+=09=09} -+=09=09pthread=5Fmutex=5Flock(&c->q[0].lock); -+=09=09while (c->q[0].qstate !=3D KQDRAINING) -+=09=09=09pthread=5Fcond=5Fwait(&c->q[0].cond, &c->q[0].lock); -+=09=09pthread=5Fmutex=5Funlock(&c->q[0].lock); -+=09=09 -+=09} -+=09return (1); -+} -+ -+static int -+ssh=5Faes=5Fctr=5Fcleanup(EVP=5FCIPHER=5FCTX *ctx) -+{ -+=09struct ssh=5Faes=5Fctr=5Fctx *c; -+=09int i; -+ -+=09if ((c =3D EVP=5FCIPHER=5FCTX=5Fget=5Fapp=5Fdata(ctx)) !=3D NULL) = { -+#ifdef CIPHER=5FTHREAD=5FSTATS -+=09=09debug("main thread: %u drains, %u waits", c->stats.drains, -+=09=09=09=09c->stats.waits); -+#endif -+=09=09/* Cancel pregen threads */ -+=09=09for (i =3D 0; i < CIPHER=5FTHREADS; i++) -+=09=09=09pthread=5Fcancel(c->tid[i]); -+=09=09for (i =3D 0; i < CIPHER=5FTHREADS; i++) -+=09=09=09pthread=5Fjoin(c->tid[i], NULL); -+ -+=09=09memset(c, 0, sizeof(*c)); -+=09=09xfree(c); -+=09=09EVP=5FCIPHER=5FCTX=5Fset=5Fapp=5Fdata(ctx, NULL); -+=09} -+=09return (1); -+} -+ -+/* */ -+const EVP=5FCIPHER * -+evp=5Faes=5Fctr=5Fmt(void) -+{ -+=09static EVP=5FCIPHER aes=5Fctr; -+ -+=09memset(&aes=5Fctr, 0, sizeof(EVP=5FCIPHER)); -+=09aes=5Fctr.nid =3D NID=5Fundef; -+=09aes=5Fctr.block=5Fsize =3D AES=5FBLOCK=5FSIZE; -+=09aes=5Fctr.iv=5Flen =3D AES=5FBLOCK=5FSIZE; -+=09aes=5Fctr.key=5Flen =3D 16; -+=09aes=5Fctr.init =3D ssh=5Faes=5Fctr=5Finit; -+=09aes=5Fctr.cleanup =3D ssh=5Faes=5Fctr=5Fcleanup; -+=09aes=5Fctr.do=5Fcipher =3D ssh=5Faes=5Fctr; -+#ifndef SSH=5FOLD=5FEVP -+=09aes=5Fctr.flags =3D EVP=5FCIPH=5FCBC=5FMODE | EVP=5FCIPH=5FVARIABL= E=5FLENGTH | -+=09 EVP=5FCIPH=5FALWAYS=5FCALL=5FINIT | EVP=5FCIPH=5FCUSTOM=5FIV; -+#endif -+=09return (&aes=5Fctr); -+} -diff -NupwB clientloop.c clientloop.c ---- clientloop.c=092009-02-14 00:28:21.000000000 -0500 -+++ clientloop.c=092009-05-14 12:36:10.000000000 -0400 -@@ -1688,9 +1688,15 @@ client=5Frequest=5Fx11(const char *request=5Ft - =09sock =3D x11=5Fconnect=5Fdisplay(); - =09if (sock < 0) - =09=09return NULL; -+=09/* again is this really necessary for X11=3F */ -+=09if (options.hpn=5Fdisabled)=20 - =09c =3D channel=5Fnew("x11", - =09 SSH=5FCHANNEL=5FX11=5FOPEN, sock, sock, -1, - =09 CHAN=5FTCP=5FWINDOW=5FDEFAULT, CHAN=5FX11=5FPACKET=5FDEFAULT, = 0, "x11", 1); -+=09else=20 -+=09=09c =3D channel=5Fnew("x11", -+=09=09 SSH=5FCHANNEL=5FX11=5FOPEN, sock, sock, -1, -+=09=09 options.hpn=5Fbuffer=5Fsize, CHAN=5FX11=5FPACKET=5FDEFAULT,= 0, "x11", 1); - =09c->force=5Fdrain =3D 1; - =09return c; - } -@@ -1710,9 +1716,15 @@ client=5Frequest=5Fagent(const char *request - =09sock =3D ssh=5Fget=5Fauthentication=5Fsocket(); - =09if (sock < 0) - =09=09return NULL; -+=09if (options.hpn=5Fdisabled)=20 - =09c =3D channel=5Fnew("authentication agent connection", - =09 SSH=5FCHANNEL=5FOPEN, sock, sock, -1, --=09 CHAN=5FX11=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FPACKET=5FDEFAULT, = 0, -+=09=09 CHAN=5FX11=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FWINDOW=5FDEFAUL= T, 0, -+=09=09 "authentication agent connection", 1); -+ else -+=09c =3D channel=5Fnew("authentication agent connection", -+=09 SSH=5FCHANNEL=5FOPEN, sock, sock, -1, -+ options.hpn=5Fbuffer=5Fsize, options.hpn=5Fbuffer=5F= size, 0, - =09 "authentication agent connection", 1); - =09c->force=5Fdrain =3D 1; - =09return c; -@@ -1740,10 +1752,18 @@ client=5Frequest=5Ftun=5Ffwd(int tun=5Fmode, i= nt - =09=09return -1; - =09} -=20 -+=09if(options.hpn=5Fdisabled) -+=09c =3D channel=5Fnew("tun", SSH=5FCHANNEL=5FOPENING, fd, fd, -1, -+=09=09=09=09CHAN=5FTCP=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FPACKET=5FDEFA= ULT, -+=09=09=09=090, "tun", 1); -+=09else - =09c =3D channel=5Fnew("tun", SSH=5FCHANNEL=5FOPENING, fd, fd, -1, --=09 CHAN=5FTCP=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FPACKET=5FDEFAULT, = 0, "tun", 1); -+=09=09=09=09options.hpn=5Fbuffer=5Fsize, CHAN=5FTCP=5FPACKET=5FDEFAUL= T, -+=09=09=09=090, "tun", 1); - =09c->datagram =3D 1; -=20 -+ -+ - #if defined(SSH=5FTUN=5FFILTER) - =09if (options.tun=5Fopen =3D=3D SSH=5FTUNMODE=5FPOINTOPOINT) - =09=09channel=5Fregister=5Ffilter(c->self, sys=5Ftun=5Finfilter, -diff -NupwB compat.c compat.c ---- compat.c=092008-11-03 03:20:14.000000000 -0500 -+++ compat.c=092009-05-14 12:36:10.000000000 -0400 -@@ -170,6 +170,15 @@ compat=5Fdatafellows(const char *version) - =09=09 strlen(check[i].pat), 0) =3D=3D 1) { - =09=09=09debug("match: %s pat %s", version, check[i].pat); - =09=09=09datafellows =3D check[i].bugs; -+=09=09=09/* Check to see if the remote side is OpenSSH and not HPN */= -+=09=09=09if(strstr(version,"OpenSSH") !=3D NULL) -+=09=09=09{ -+=09=09=09=09if (strstr(version,"hpn") =3D=3D NULL) -+=09=09=09=09{ -+=09=09=09=09=09datafellows |=3D SSH=5FBUG=5FLARGEWINDOW; -+=09=09=09=09=09debug("Remote is NON-HPN aware"); -+=09=09=09=09} -+=09=09=09} - =09=09=09return; - =09=09} - =09} -diff -NupwB compat.h compat.h ---- compat.h=092008-11-03 03:20:14.000000000 -0500 -+++ compat.h=092009-05-14 12:36:10.000000000 -0400 -@@ -58,6 +58,7 @@ - #define SSH=5FOLD=5FFORWARD=5FADDR=090x01000000 - #define SSH=5FBUG=5FRFWD=5FADDR=090x02000000 - #define SSH=5FNEW=5FOPENSSH=09=090x04000000 -+#define SSH=5FBUG=5FLARGEWINDOW 0x08000000 -=20 - void enable=5Fcompat13(void); - void enable=5Fcompat20(void); -Common subdirectories: contrib and contrib -diff -NupwB HPN-README HPN-README ---- HPN-README=091969-12-31 19:00:00.000000000 -0500 -+++ HPN-README=092009-05-14 12:36:10.000000000 -0400 -@@ -0,0 +1,128 @@ -+Notes: -+ -+MULTI-THREADED CIPHER: -+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This= will allow ssh installations -+on hosts with multiple cores to use more than one processing core dur= ing encryption.=20 -+Tests have show significant throughput performance increases when usi= ng MTR-AES-CTR up=20 -+to and including a full gigabit per second on quad core systems. It s= hould be possible to=20 -+achieve full line rate on dual core systems but OS and data managemen= t overhead makes this -+more difficult to achieve. The cipher stream from MTR-AES-CTR is enti= rely compatible with single=20 -+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backwa= rd compatible. Optimal=20 -+performance requires the MTR-AES-CTR mode be enabled on both ends of = the connection.=20 -+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same w= ay with the same -+nomenclature.=20 -+Use examples: =09ssh -caes128-ctr you@host.com -+=09=09scp -oCipher=3Daes256-ctr file you@host.com:~/file -+ -+NONE CIPHER: -+To use the NONE option you must have the NoneEnabled switch set on th= e server and -+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the c= lient. The NONE -+feature works with ALL ssh subsystems (as far as we can tell) *AS LON= G AS* a tty is not=20 -+spawned. If a user uses the -T switch to prevent a tty being created = the NONE cipher will -+be disabled.=20 -+ -+The performance increase will only be as good as the network and TCP = stack tuning -+on the reciever side of the connection allows. As a rule of thumb a u= ser will need=20 -+at least 10Mb/s connection with a 100ms RTT to see a doubling of perf= ormance. The -+HPN-SSH home page describes this in greater detail.=20 -+ -+http://www.psc.edu/networking/projects/hpn-ssh -+ -+BUFFER SIZES: -+ -+If HPN is disabled the receive buffer size will be set to the=20 -+OpenSSH default of 64K. -+ -+If an HPN system connects to a nonHPN system the receive buffer will -+be set to the HPNBufferSize value. The default is 2MB but user adjust= able. -+ -+If an HPN to HPN connection is established a number of different thin= gs might -+happen based on the user options and conditions.=20 -+ -+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf N= OT Set=20 -+HPN Buffer Size =3D up to 64MB=20 -+This is the default state. The HPN buffer size will grow to a maximum= of 64MB=20 -+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB = is=20 -+geared towards 10GigE transcontinental connections.=20 -+ -+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf = NOT Set -+HPN Buffer Size =3D TCP receive buffer value.=20 -+Users on non-autotuning systesm should disable TCPRcvBufPoll in the=20= -+ssh=5Fcofig and sshd=5Fconfig -+ -+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT = Set -+HPN Buffer Size =3D minmum of TCP receive buffer and HPNBufferSize.=20= -+This would be the system defined TCP receive buffer (RWIN). -+ -+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET -+HPN Buffer Size =3D minmum of TCPRcvBuf and HPNBufferSize.=20 -+Generally there is no need to set both. -+ -+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT S= et -+HPN Buffer Size =3D grows to HPNBufferSize -+The buffer will grow up to the maximum size specified here.=20 -+ -+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET -+HPN Buffer Size =3D minmum of TCPRcvBuf and HPNBufferSize.=20 -+Generally there is no need to set both of these, especially on autotu= ning=20 -+systems. However, if the users wishes to override the autotuning this= would be=20 -+one way to do it. -+ -+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf S= ET -+HPN Buffer Size =3D TCPRcvBuf.=20 -+This will override autotuning and set the TCP recieve buffer to the u= ser defined=20 -+value. -+ -+ -+HPN Specific Configuration options -+ -+TcpRcvBuf=3D[int]KB client -+ set the TCP socket receive buffer to n Kilobytes. It can be set= up to the=20 -+maximum socket size allowed by the system. This is useful in situatio= ns where=20 -+the tcp receive window is set low but the maximum buffer size is set=20= -+higher (as is typical). This works on a per TCP connection basis. You= can also=20 -+use this to artifically limit the transfer rate of the connection. In= these=20 -+cases the throughput will be no more than n/RTT. The minimum buffer s= ize is 1KB.=20 -+Default is the current system wide tcp receive buffer size. -+ -+TcpRcvBufPoll=3D[yes/no] client/server -+ enable of disable the polling of the tcp receive buffer through= the life=20 -+of the connection. You would want to make sure that this option is en= abled=20 -+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS = Vista)=20 -+default is yes. -+ -+NoneEnabled=3D[yes/no] client/server -+ enable or disable the use of the None cipher. Care must always = be used=20 -+when enabling this as it will allow users to send data in the clear. = However,=20 -+it is important to note that authentication information remains encry= pted=20 -+even if this option is enabled. Set to no by default. -+ -+NoneSwitch=3D[yes/no] client -+ Switch the encryption cipher being used to the None cipher after= -+authentication takes place. NoneEnabled must be enabled on both the c= lient -+and server side of the connection. When the connection switches to th= e NONE -+cipher a warning is sent to STDERR. The connection attempt will fail = with an -+error if a client requests a NoneSwitch from the server that does not= explicitly -+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in -+interactive (shell) sessions and it will fail silently. Set to no by = default. -+ -+HPNDisabled=3D[yes/no] client/server -+ In some situations, such as transfers on a local area network, t= he impact=20 -+of the HPN code produces a net decrease in performance. In these case= s it is=20 -+helpful to disable the HPN functionality. By default HPNDisabled is s= et to no.=20 -+ -+HPNBufferSize=3D[int]KB client/server -+ This is the default buffer size the HPN functionality uses when = interacting -+with nonHPN SSH installations. Conceptually this is similar to the Tc= pRcvBuf -+option as applied to the internal SSH flow control. This value can ra= nge from=20 -+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cau= se performance -+problems depending on the length of the network path. The default siz= e of this buffer -+is 2MB. -+ -+ -+Credits: This patch was conceived, designed, and led by Chris Rapier = (rapier@psc.edu) -+ The majority of the actual coding for versions up to HPN12v1= was performed -+ by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR= cipher was=20 -+=09 implemented by Ben Bennet (ben@psc.edu). This work was financed, = in part, -+ by Cisco System, Inc., the National Library of Medicine,=20 -+=09 and the National Science Foundation.=20 -diff -NupwB kex.c kex.c ---- kex.c=092008-11-03 03:19:12.000000000 -0500 -+++ kex.c=092009-05-14 12:36:10.000000000 -0400 -@@ -48,6 +48,7 @@ - #include "match.h" - #include "dispatch.h" - #include "monitor.h" -+#include "canohost.h" -=20 - #define KEX=5FCOOKIE=5FLEN=0916 -=20 -@@ -64,7 +65,8 @@ static void kex=5Fkexinit=5Ffinish(Kex *); - static void kex=5Fchoose=5Fconf(Kex *); -=20 - /* put algorithm proposal into buffer */ --static void -+/* used in sshconnect.c as well as kex.c */ -+void - kex=5Fprop2buf(Buffer *b, char *proposal[PROPOSAL=5FMAX]) - { - =09u=5Fint i; -@@ -376,6 +378,13 @@ kex=5Fchoose=5Fconf(Kex *kex) - =09int nenc, nmac, ncomp; - =09u=5Fint mode, ctos, need; - =09int first=5Fkex=5Ffollows, type; -+=09int log=5Fflag =3D 0; -+ -+=09int auth=5Fflag; -+ -+=09auth=5Fflag =3D packet=5Fauthentication=5Fstate(); -+ -+=09debug ("AUTH STATE IS %d", auth=5Fflag); -=20 - =09my =3D kex=5Fbuf2prop(&kex->my, NULL); - =09peer =3D kex=5Fbuf2prop(&kex->peer, &first=5Fkex=5Ffollows); -@@ -400,11 +409,34 @@ kex=5Fchoose=5Fconf(Kex *kex) - =09=09choose=5Fenc (&newkeys->enc, cprop[nenc], sprop[nenc]); - =09=09choose=5Fmac (&newkeys->mac, cprop[nmac], sprop[nmac]); - =09=09choose=5Fcomp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); -+=09=09debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); -+=09=09if (strcmp(newkeys->enc.name, "none") =3D=3D 0) { -+=09=09=09=09debug("Requesting NONE. Authflag is %d", auth=5Fflag);=09= =09=09 -+=09=09=09if (auth=5Fflag =3D=3D 1) { -+=09=09=09=09debug("None requested post authentication."); -+=09=09=09} else { -+=09=09=09=09fatal("Pre-authentication none cipher requests are not al= lowed."); -+=09=09=09} -+=09=09}=20 - =09=09debug("kex: %s %s %s %s", - =09=09 ctos =3F "client->server" : "server->client", - =09=09 newkeys->enc.name, - =09=09 newkeys->mac.name, - =09=09 newkeys->comp.name); -+=09=09/* client starts withctos =3D 0 && log flag =3D 0 and no log*/ -+=09=09/* 2nd client pass ctos=3D1 and flag =3D 1 so no log*/ -+=09=09/* server starts with ctos =3D1 && log=5Fflag =3D 0 so log */ -+=09=09/* 2nd sever pass ctos =3D 1 && log flag =3D 1 so no log*/ -+=09=09/* -cjr*/ -+=09=09if (ctos && !log=5Fflag) { -+=09=09=09logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;= Comp: %s", -+=09=09=09 get=5Fremote=5Fipaddr(), -+=09=09=09 get=5Fremote=5Fport(), -+=09=09=09 newkeys->enc.name, -+=09=09=09 newkeys->mac.name, -+=09=09=09 newkeys->comp.name); -+=09=09} -+=09=09log=5Fflag =3D 1; - =09} - =09choose=5Fkex(kex, cprop[PROPOSAL=5FKEX=5FALGS], sprop[PROPOSAL=5FK= EX=5FALGS]); - =09choose=5Fhostkeyalg(kex, cprop[PROPOSAL=5FSERVER=5FHOST=5FKEY=5FAL= GS], -diff -NupwB kex.h kex.h ---- kex.h=092007-06-11 00:01:42.000000000 -0400 -+++ kex.h=092009-05-14 12:36:10.000000000 -0400 -@@ -127,6 +127,8 @@ struct Kex { - =09void=09(*kex[KEX=5FMAX])(Kex *); - }; -=20 -+void kex=5Fprop2buf(Buffer *, char *proposal[PROPOSAL=5FMAX]); -+ - Kex=09*kex=5Fsetup(char *[PROPOSAL=5FMAX]); - void=09 kex=5Ffinish(Kex *); -=20 -diff -NupwB Makefile.in Makefile.in ---- Makefile.in=092008-11-05 00:20:46.000000000 -0500 -+++ Makefile.in=092009-05-14 12:36:10.000000000 -0400 -@@ -43,7 +43,7 @@ CC=3D@CC@ - LD=3D@LD@ - CFLAGS=3D@CFLAGS@ - CPPFLAGS=3D-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ --LIBS=3D@LIBS@ -+LIBS=3D@LIBS@ -lpthread - SSHDLIBS=3D@SSHDLIBS@ - LIBEDIT=3D@LIBEDIT@ - AR=3D@AR@ -@@ -64,7 +64,7 @@ TARGETS=3Dssh$(EXEEXT) sshd$(EXEEXT) ssh-a -=20 - LIBSSH=5FOBJS=3Dacss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o = \ - =09canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ --=09cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ -+=09cipher-bf1.o cipher-ctr.o cipher-ctr-mt.o cipher-3des1.o cleanup.o= \ - =09compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ - =09log.o match.o md-sha256.o moduli.o nchan.o packet.o \ - =09readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ -diff -NupwB myproposal.h myproposal.h ---- myproposal.h=092009-01-28 00:33:31.000000000 -0500 -+++ myproposal.h=092009-05-14 12:36:10.000000000 -0400 -@@ -47,6 +47,8 @@ - =09"arcfour256,arcfour128," \ - =09"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ - =09"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -+#define KEX=5FENCRYPT=5FINCLUDE=5FNONE KEX=5FDEFAULT=5FENCRYPT \ -+=09",none" - #define=09KEX=5FDEFAULT=5FMAC \ - =09"hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ - =09"hmac-ripemd160@openssh.com," \ -Common subdirectories: openbsd-compat and openbsd-compat -diff -NupwB packet.c packet.c ---- packet.c=092009-02-14 00:35:01.000000000 -0500 -+++ packet.c=092009-05-14 12:36:10.000000000 -0400 -@@ -775,7 +775,7 @@ packet=5Fenable=5Fdelayed=5Fcompress(void) - /* - * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) - */ --static void -+static int - packet=5Fsend2=5Fwrapped(void) - { - =09u=5Fchar type, *cp, *macbuf =3D NULL; -@@ -888,11 +888,13 @@ packet=5Fsend2=5Fwrapped(void) - =09=09set=5Fnewkeys(MODE=5FOUT); - =09else if (type =3D=3D SSH2=5FMSG=5FUSERAUTH=5FSUCCESS && server=5Fs= ide) - =09=09packet=5Fenable=5Fdelayed=5Fcompress(); -+=09return(packet=5Flength); - } -=20 --static void -+static int - packet=5Fsend2(void) - { -+ static int packet=5Flength =3D 0; - =09static int rekeying =3D 0; - =09struct packet *p; - =09u=5Fchar type, *cp; -@@ -910,7 +912,7 @@ packet=5Fsend2(void) - =09=09=09memcpy(&p->payload, &outgoing=5Fpacket, sizeof(Buffer)); - =09=09=09buffer=5Finit(&outgoing=5Fpacket); - =09=09=09TAILQ=5FINSERT=5FTAIL(&outgoing, p, next); --=09=09=09return; -+=09=09=09return(sizeof(Buffer)); - =09=09} - =09} -=20 -@@ -918,7 +920,7 @@ packet=5Fsend2(void) - =09if (type =3D=3D SSH2=5FMSG=5FKEXINIT) - =09=09rekeying =3D 1; -=20 --=09packet=5Fsend2=5Fwrapped(); -+=09packet=5Flength =3D packet=5Fsend2=5Fwrapped(); -=20 - =09/* after a NEWKEYS message we can send the complete queue */ - =09if (type =3D=3D SSH2=5FMSG=5FNEWKEYS) { -@@ -931,19 +933,22 @@ packet=5Fsend2(void) - =09=09=09 sizeof(Buffer)); - =09=09=09TAILQ=5FREMOVE(&outgoing, p, next); - =09=09=09xfree(p); --=09=09=09packet=5Fsend2=5Fwrapped(); -+=09=09=09packet=5Flength +=3D packet=5Fsend2=5Fwrapped(); - =09=09} - =09} -+=09return(packet=5Flength); - } -=20 --void -+int - packet=5Fsend(void) - { -+ int packet=5Flen =3D 0; - =09if (compat20) --=09=09packet=5Fsend2(); -+=09=09packet=5Flen =3D packet=5Fsend2(); - =09else - =09=09packet=5Fsend1(); - =09DBG(debug("packet=5Fsend done")); -+=09return(packet=5Flen); - } -=20 - /* -@@ -1544,23 +1549,25 @@ packet=5Fdisconnect(const char *fmt,...) -=20 - /* Checks if there is any buffered output, and tries to write some of= the output. */ -=20 --void -+int - packet=5Fwrite=5Fpoll(void) - { --=09int len =3D buffer=5Flen(&output); -+=09int len =3D 0; -+=09len =3D buffer=5Flen(&output); -=20 - =09if (len > 0) { - =09=09len =3D write(connection=5Fout, buffer=5Fptr(&output), len); - =09=09if (len =3D=3D -1) { - =09=09=09if (errno =3D=3D EINTR || errno =3D=3D EAGAIN || - =09=09=09 errno =3D=3D EWOULDBLOCK) --=09=09=09=09return; -+=09=09=09=09return (0); - =09=09=09fatal("Write failed: %.100s", strerror(errno)); - =09=09} - =09=09if (len =3D=3D 0) - =09=09=09fatal("Write connection closed"); - =09=09buffer=5Fconsume(&output, len); - =09} -+=09return(len); - } -=20 -=20 -@@ -1569,16 +1576,17 @@ packet=5Fwrite=5Fpoll(void) - * written. - */ -=20 --void -+int - packet=5Fwrite=5Fwait(void) - { - =09fd=5Fset *setp; - =09int ret, ms=5Fremain; - =09struct timeval start, timeout, *timeoutp =3D NULL; -+=09u=5Fint bytes=5Fsent =3D 0; -=20 - =09setp =3D (fd=5Fset *)xcalloc(howmany(connection=5Fout + 1, NFDBITS= ), - =09 sizeof(fd=5Fmask)); --=09packet=5Fwrite=5Fpoll(); -+=09bytes=5Fsent +=3D packet=5Fwrite=5Fpoll(); - =09while (packet=5Fhave=5Fdata=5Fto=5Fwrite()) { - =09=09memset(setp, 0, howmany(connection=5Fout + 1, NFDBITS) * - =09=09 sizeof(fd=5Fmask)); -@@ -1612,7 +1620,7 @@ packet=5Fwrite=5Fwait(void) - =09=09=09 "waiting to write", get=5Fremote=5Fipaddr()); - =09=09=09cleanup=5Fexit(255); - =09=09} --=09=09packet=5Fwrite=5Fpoll(); -+=09=09bytes=5Fsent +=3D packet=5Fwrite=5Fpoll(); - =09} - =09xfree(setp); - } -@@ -1736,12 +1744,24 @@ packet=5Fsend=5Fignore(int nbytes) - =09} - } -=20 -+int rekey=5Frequested =3D 0; -+void -+packet=5Frequest=5Frekeying(void) -+{ -+=09rekey=5Frequested =3D 1; -+} -+ - #define MAX=5FPACKETS=09(1U<<31) - int - packet=5Fneed=5Frekeying(void) - { - =09if (datafellows & SSH=5FBUG=5FNOREKEY) - =09=09return 0; -+=09if (rekey=5Frequested =3D=3D 1) -+=09{ -+=09=09rekey=5Frequested =3D 0; -+=09=09return 1; -+=09} - =09return - =09 (p=5Fsend.packets > MAX=5FPACKETS) || - =09 (p=5Fread.packets > MAX=5FPACKETS) || -@@ -1766,3 +1786,9 @@ packet=5Fset=5Fauthenticated(void) - { - =09after=5Fauthentication =3D 1; - } -+ -+int -+packet=5Fauthentication=5Fstate(void) -+{ -+=09return(after=5Fauthentication); -+} -diff -NupwB packet.h packet.h ---- packet.h=092008-07-11 03:36:48.000000000 -0400 -+++ packet.h=092009-05-14 12:36:10.000000000 -0400 -@@ -20,6 +20,9 @@ -=20 - #include -=20 -+void -+packet=5Frequest=5Frekeying(void); -+ - void packet=5Fset=5Fconnection(int, int); - void packet=5Fset=5Ftimeout(int, int); - void packet=5Fset=5Fnonblocking(void); -@@ -35,6 +38,7 @@ void packet=5Fset=5Finteractive(int); - int packet=5Fis=5Finteractive(void); - void packet=5Fset=5Fserver(void); - void packet=5Fset=5Fauthenticated(void); -+int=09 packet=5Fauthentication=5Fstate(void); -=20 - void packet=5Fstart(u=5Fchar); - void packet=5Fput=5Fchar(int ch); -@@ -44,7 +48,7 @@ void packet=5Fput=5Fbignum2(BIGNUM * val - void packet=5Fput=5Fstring(const void *buf, u=5Fint len); - void packet=5Fput=5Fcstring(const char *str); - void packet=5Fput=5Fraw(const void *buf, u=5Fint len); --void packet=5Fsend(void); -+int packet=5Fsend(void); -=20 - int packet=5Fread(void); - void packet=5Fread=5Fexpect(int type); -@@ -73,8 +77,8 @@ void=09 packet=5Fset=5Fstate(int, u=5Fint32=5Ft, u - int=09 packet=5Fget=5Fssh1=5Fcipher(void); - void=09 packet=5Fset=5Fiv(int, u=5Fchar *); -=20 --void packet=5Fwrite=5Fpoll(void); --void packet=5Fwrite=5Fwait(void); -+int packet=5Fwrite=5Fpoll(void); -+int packet=5Fwrite=5Fwait(void); - int packet=5Fhave=5Fdata=5Fto=5Fwrite(void); - int packet=5Fnot=5Fvery=5Fmuch=5Fdata=5Fto=5Fwrite(void); -=20 -diff -NupwB progressmeter.c progressmeter.c ---- progressmeter.c=092006-08-04 22:39:40.000000000 -0400 -+++ progressmeter.c=092009-05-14 12:36:10.000000000 -0400 -@@ -68,6 +68,8 @@ static time=5Ft last=5Fupdate;=09/* last progr - static char *file;=09=09/* name of the file being transferred */ - static off=5Ft end=5Fpos;=09=09/* ending position of transfer */ - static off=5Ft cur=5Fpos;=09=09/* transfer position as of last refres= h */ -+static off=5Ft last=5Fpos; -+static off=5Ft max=5Fdelta=5Fpos =3D 0; - static volatile off=5Ft *counter;=09/* progress counter */ - static long stalled;=09=09/* how long we have been stalled */ - static int bytes=5Fper=5Fsecond;=09/* current speed in bytes per seco= nd */ -@@ -128,12 +130,17 @@ refresh=5Fprogress=5Fmeter(void) - =09int hours, minutes, seconds; - =09int i, len; - =09int file=5Flen; -+=09off=5Ft delta=5Fpos; -=20 - =09transferred =3D *counter - cur=5Fpos; - =09cur=5Fpos =3D *counter; - =09now =3D time(NULL); - =09bytes=5Fleft =3D end=5Fpos - cur=5Fpos; -=20 -+=09delta=5Fpos =3D cur=5Fpos - last=5Fpos; -+=09if (delta=5Fpos > max=5Fdelta=5Fpos)=20 -+=09=09max=5Fdelta=5Fpos =3D delta=5Fpos; -+ - =09if (bytes=5Fleft > 0) - =09=09elapsed =3D now - last=5Fupdate; - =09else { -@@ -158,7 +165,7 @@ refresh=5Fprogress=5Fmeter(void) -=20 - =09/* filename */ - =09buf[0] =3D '\0'; --=09file=5Flen =3D win=5Fsize - 35; -+=09file=5Flen =3D win=5Fsize - 45; - =09if (file=5Flen > 0) { - =09=09len =3D snprintf(buf, file=5Flen + 1, "\r%s", file); - =09=09if (len < 0) -@@ -175,7 +182,8 @@ refresh=5Fprogress=5Fmeter(void) - =09=09percent =3D ((float)cur=5Fpos / end=5Fpos) * 100; - =09else - =09=09percent =3D 100; --=09snprintf(buf + strlen(buf), win=5Fsize - strlen(buf), -+ -+=09snprintf(buf + strlen(buf), win=5Fsize - strlen(buf-8), - =09 " %3d%% ", percent); -=20 - =09/* amount transferred */ -@@ -188,6 +196,15 @@ refresh=5Fprogress=5Fmeter(void) - =09 (off=5Ft)bytes=5Fper=5Fsecond); - =09strlcat(buf, "/s ", win=5Fsize); -=20 -+=09/* instantaneous rate */ -+=09if (bytes=5Fleft > 0) -+=09=09format=5Frate(buf + strlen(buf), win=5Fsize - strlen(buf), -+=09=09=09 delta=5Fpos); -+=09else -+=09=09format=5Frate(buf + strlen(buf), win=5Fsize - strlen(buf), -+=09=09=09 max=5Fdelta=5Fpos); -+=09strlcat(buf, "/s ", win=5Fsize); -+ - =09/* ETA */ - =09if (!transferred) - =09=09stalled +=3D elapsed; -@@ -224,6 +241,7 @@ refresh=5Fprogress=5Fmeter(void) -=20 - =09atomicio(vwrite, STDOUT=5FFILENO, buf, win=5Fsize - 1); - =09last=5Fupdate =3D now; -+=09last=5Fpos =3D cur=5Fpos; - } -=20 - /*ARGSUSED*/ -diff -NupwB readconf.c readconf.c ---- readconf.c=092009-02-14 00:28:21.000000000 -0500 -+++ readconf.c=092009-05-14 12:36:10.000000000 -0400 -@@ -131,6 +131,8 @@ typedef enum { - =09oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, - =09oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - =09oVisualHostKey, oZeroKnowledgePasswordAuthentication, -+=09oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisable= d, -+=09oHPNBufferSize, - =09oDeprecated, oUnsupported - } OpCodes; -=20 -@@ -234,6 +236,12 @@ static struct { - #else - =09{ "zeroknowledgepasswordauthentication", oUnsupported }, - #endif -+=09{ "noneenabled", oNoneEnabled }, -+=09{ "tcprcvbufpoll", oTcpRcvBufPoll }, -+=09{ "tcprcvbuf", oTcpRcvBuf }, -+=09{ "noneswitch", oNoneSwitch }, -+=09{ "hpndisabled", oHPNDisabled }, -+=09{ "hpnbuffersize", oHPNBufferSize }, -=20 - =09{ NULL, oBadOption } - }; -@@ -465,6 +473,37 @@ parse=5Fflag: - =09=09intptr =3D &options->check=5Fhost=5Fip; - =09=09goto parse=5Fflag; -=20 -+=09case oNoneEnabled: -+=09=09intptr =3D &options->none=5Fenabled; -+=09=09goto parse=5Fflag; -+=20 -+=09/* we check to see if the command comes from the */ -+=09/* command line or not. If it does then enable it */ -+=09/* otherwise fail. NONE should never be a default configuration */= -+=09case oNoneSwitch: -+=09=09if(strcmp(filename,"command-line")=3D=3D0) -+=09=09{=09=09 -+=09=09 intptr =3D &options->none=5Fswitch; -+=09=09 goto parse=5Fflag; -+=09=09} else { -+=09=09 error("NoneSwitch is found in %.200s.\nYou may only use thi= s configuration option from the command line", filename); -+=09=09 error("Continuing..."); -+=09=09 debug("NoneSwitch directive found in %.200s.", filename); -+=09=09 return 0; -+=09 } -+ -+=09case oHPNDisabled: -+=09=09intptr =3D &options->hpn=5Fdisabled; -+=09=09goto parse=5Fflag; -+ -+=09case oHPNBufferSize: -+=09=09intptr =3D &options->hpn=5Fbuffer=5Fsize; -+=09=09goto parse=5Fint; -+ -+=09case oTcpRcvBufPoll: -+=09=09intptr =3D &options->tcp=5Frcv=5Fbuf=5Fpoll; -+=09=09goto parse=5Fflag; -+ - =09case oVerifyHostKeyDNS: - =09=09intptr =3D &options->verify=5Fhost=5Fkey=5Fdns; - =09=09goto parse=5Fyesnoask; -@@ -643,6 +682,10 @@ parse=5Fint: - =09=09intptr =3D &options->connection=5Fattempts; - =09=09goto parse=5Fint; -=20 -+=09case oTcpRcvBuf: -+=09=09intptr =3D &options->tcp=5Frcv=5Fbuf; -+=09=09goto parse=5Fint; -+ - =09case oCipher: - =09=09intptr =3D &options->cipher; - =09=09arg =3D strdelim(&s); -@@ -1065,6 +1108,12 @@ initialize=5Foptions(Options * options) - =09options->permit=5Flocal=5Fcommand =3D -1; - =09options->visual=5Fhost=5Fkey =3D -1; - =09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D -1; -+=09options->none=5Fswitch =3D -1; -+=09options->none=5Fenabled =3D -1; -+=09options->hpn=5Fdisabled =3D -1; -+=09options->hpn=5Fbuffer=5Fsize =3D -1; -+=09options->tcp=5Frcv=5Fbuf=5Fpoll =3D -1; -+=09options->tcp=5Frcv=5Fbuf =3D -1; - } -=20 - /* -@@ -1187,6 +1236,29 @@ fill=5Fdefault=5Foptions(Options * options) - =09=09options->server=5Falive=5Finterval =3D 0; - =09if (options->server=5Falive=5Fcount=5Fmax =3D=3D -1) - =09=09options->server=5Falive=5Fcount=5Fmax =3D 3; -+=09if (options->none=5Fswitch =3D=3D -1) -+=09 options->none=5Fswitch =3D 0; -+=09if (options->hpn=5Fdisabled =3D=3D -1) -+=09 options->hpn=5Fdisabled =3D 0; -+=09if (options->hpn=5Fbuffer=5Fsize > -1) -+=09{ -+=09 /* if a user tries to set the size to 0 set it to 1KB */ -+=09=09if (options->hpn=5Fbuffer=5Fsize =3D=3D 0) -+=09=09options->hpn=5Fbuffer=5Fsize =3D 1024; -+=09=09/*limit the buffer to 64MB*/ -+=09=09if (options->hpn=5Fbuffer=5Fsize > 65536) -+=09=09{ -+=09=09=09options->hpn=5Fbuffer=5Fsize =3D 65536*1024; -+=09=09=09debug("User requested buffer larger than 64MB. Request rever= ted to 64MB"); -+=09=09} -+=09=09debug("hpn=5Fbuffer=5Fsize set to %d", options->hpn=5Fbuffer=5F= size); -+=09} -+=09if (options->tcp=5Frcv=5Fbuf =3D=3D 0) -+=09=09options->tcp=5Frcv=5Fbuf =3D 1; -+=09if (options->tcp=5Frcv=5Fbuf > -1)=20 -+=09=09options->tcp=5Frcv=5Fbuf *=3D1024; -+=09if (options->tcp=5Frcv=5Fbuf=5Fpoll =3D=3D -1) -+=09=09options->tcp=5Frcv=5Fbuf=5Fpoll =3D 1; - =09if (options->control=5Fmaster =3D=3D -1) - =09=09options->control=5Fmaster =3D 0; - =09if (options->hash=5Fknown=5Fhosts =3D=3D -1) -diff -NupwB readconf.c.orig readconf.c.orig ---- readconf.c.orig=091969-12-31 19:00:00.000000000 -0500 -+++ readconf.c.orig=092009-02-14 00:28:21.000000000 -0500 -@@ -0,0 +1,1310 @@ -+/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */ -+/* -+ * Author: Tatu Ylonen -+ * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -+ * All rights reserved -+ * Functions for reading the configuration files. -+ * -+ * As far as I am concerned, the code I have written for this softwar= e -+ * can be used freely for any purpose. Any derived versions of this -+ * software must be clearly marked as such, and if the derived work i= s -+ * incompatible with the protocol description in the RFC file, it mus= t be -+ * called by a name other than "ssh" or "Secure Shell". -+ */ -+ -+#include "includes.h" -+ -+#include -+#include -+#include -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "xmalloc.h" -+#include "ssh.h" -+#include "compat.h" -+#include "cipher.h" -+#include "pathnames.h" -+#include "log.h" -+#include "key.h" -+#include "readconf.h" -+#include "match.h" -+#include "misc.h" -+#include "buffer.h" -+#include "kex.h" -+#include "mac.h" -+ -+/* Format of the configuration file: -+ -+ # Configuration data is parsed as follows: -+ # 1. command line options -+ # 2. user-specific file -+ # 3. system-wide file -+ # Any configuration value is only changed the first time it is set= =2E -+ # Thus, host-specific definitions should be at the beginning of th= e -+ # configuration file, and defaults at the end. -+ -+ # Host-specific declarations. These may override anything above. = A single -+ # host may match multiple declarations; these are processed in the= order -+ # that they are given in. -+ -+ Host *.ngs.fi ngs.fi -+ User foo -+ -+ Host fake.com -+ HostName another.host.name.real.org -+ User blaah -+ Port 34289 -+ ForwardX11 no -+ ForwardAgent no -+ -+ Host books.com -+ RemoteForward 9999 shadows.cs.hut.fi:9999 -+ Cipher 3des -+ -+ Host fascist.blob.com -+ Port 23123 -+ User tylonen -+ PasswordAuthentication no -+ -+ Host puukko.hut.fi -+ User t35124p -+ ProxyCommand ssh-proxy %h %p -+ -+ Host *.fr -+ PublicKeyAuthentication no -+ -+ Host *.su -+ Cipher none -+ PasswordAuthentication no -+ -+ Host vpn.fake.com -+ Tunnel yes -+ TunnelDevice 3 -+ -+ # Defaults for various options -+ Host * -+ ForwardAgent no -+ ForwardX11 no -+ PasswordAuthentication yes -+ RSAAuthentication yes -+ RhostsRSAAuthentication yes -+ StrictHostKeyChecking yes -+ TcpKeepAlive no -+ IdentityFile ~/.ssh/identity -+ Port 22 -+ EscapeChar ~ -+ -+*/ -+ -+/* Keyword tokens. */ -+ -+typedef enum { -+=09oBadOption, -+=09oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, -+=09oExitOnForwardFailure, -+=09oPasswordAuthentication, oRSAAuthentication, -+=09oChallengeResponseAuthentication, oXAuthLocation, -+=09oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalFo= rward, -+=09oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand= , -+=09oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, -+=09oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, -+=09oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, -+=09oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, -+=09oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthenticatio= n, -+=09oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAli= as, -+=09oDynamicForward, oPreferredAuthentications, oHostbasedAuthenticati= on, -+=09oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, -+=09oClearAllForwardings, oNoHostAuthenticationForLocalhost, -+=09oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout= , -+=09oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+=09oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, -+=09oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, -+=09oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, -+=09oVisualHostKey, oZeroKnowledgePasswordAuthentication, -+=09oDeprecated, oUnsupported -+} OpCodes; -+ -+/* Textual representations of the tokens. */ -+ -+static struct { -+=09const char *name; -+=09OpCodes opcode; -+} keywords[] =3D { -+=09{ "forwardagent", oForwardAgent }, -+=09{ "forwardx11", oForwardX11 }, -+=09{ "forwardx11trusted", oForwardX11Trusted }, -+=09{ "exitonforwardfailure", oExitOnForwardFailure }, -+=09{ "xauthlocation", oXAuthLocation }, -+=09{ "gatewayports", oGatewayPorts }, -+=09{ "useprivilegedport", oUsePrivilegedPort }, -+=09{ "rhostsauthentication", oDeprecated }, -+=09{ "passwordauthentication", oPasswordAuthentication }, -+=09{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },= -+=09{ "kbdinteractivedevices", oKbdInteractiveDevices }, -+=09{ "rsaauthentication", oRSAAuthentication }, -+=09{ "pubkeyauthentication", oPubkeyAuthentication }, -+=09{ "dsaauthentication", oPubkeyAuthentication },=09=09 /* alias = */ -+=09{ "rhostsrsaauthentication", oRhostsRSAAuthentication }, -+=09{ "hostbasedauthentication", oHostbasedAuthentication }, -+=09{ "challengeresponseauthentication", oChallengeResponseAuthenticat= ion }, -+=09{ "skeyauthentication", oChallengeResponseAuthentication }, /* ali= as */ -+=09{ "tisauthentication", oChallengeResponseAuthentication }, /* ali= as */ -+=09{ "kerberosauthentication", oUnsupported }, -+=09{ "kerberostgtpassing", oUnsupported }, -+=09{ "afstokenpassing", oUnsupported }, -+#if defined(GSSAPI) -+=09{ "gssapiauthentication", oGssAuthentication }, -+=09{ "gssapidelegatecredentials", oGssDelegateCreds }, -+#else -+=09{ "gssapiauthentication", oUnsupported }, -+=09{ "gssapidelegatecredentials", oUnsupported }, -+#endif -+=09{ "fallbacktorsh", oDeprecated }, -+=09{ "usersh", oDeprecated }, -+=09{ "identityfile", oIdentityFile }, -+=09{ "identityfile2", oIdentityFile },=09=09=09/* obsolete */ -+=09{ "identitiesonly", oIdentitiesOnly }, -+=09{ "hostname", oHostName }, -+=09{ "hostkeyalias", oHostKeyAlias }, -+=09{ "proxycommand", oProxyCommand }, -+=09{ "port", oPort }, -+=09{ "cipher", oCipher }, -+=09{ "ciphers", oCiphers }, -+=09{ "macs", oMacs }, -+=09{ "protocol", oProtocol }, -+=09{ "remoteforward", oRemoteForward }, -+=09{ "localforward", oLocalForward }, -+=09{ "user", oUser }, -+=09{ "host", oHost }, -+=09{ "escapechar", oEscapeChar }, -+=09{ "globalknownhostsfile", oGlobalKnownHostsFile }, -+=09{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },=09/* obsolete= */ -+=09{ "userknownhostsfile", oUserKnownHostsFile }, -+=09{ "userknownhostsfile2", oUserKnownHostsFile2 },=09/* obsolete */ -+=09{ "connectionattempts", oConnectionAttempts }, -+=09{ "batchmode", oBatchMode }, -+=09{ "checkhostip", oCheckHostIP }, -+=09{ "stricthostkeychecking", oStrictHostKeyChecking }, -+=09{ "compression", oCompression }, -+=09{ "compressionlevel", oCompressionLevel }, -+=09{ "tcpkeepalive", oTCPKeepAlive }, -+=09{ "keepalive", oTCPKeepAlive },=09=09=09=09/* obsolete */ -+=09{ "numberofpasswordprompts", oNumberOfPasswordPrompts }, -+=09{ "loglevel", oLogLevel }, -+=09{ "dynamicforward", oDynamicForward }, -+=09{ "preferredauthentications", oPreferredAuthentications }, -+=09{ "hostkeyalgorithms", oHostKeyAlgorithms }, -+=09{ "bindaddress", oBindAddress }, -+#ifdef SMARTCARD -+=09{ "smartcarddevice", oSmartcardDevice }, -+#else -+=09{ "smartcarddevice", oUnsupported }, -+#endif -+=09{ "clearallforwardings", oClearAllForwardings }, -+=09{ "enablesshkeysign", oEnableSSHKeysign }, -+=09{ "verifyhostkeydns", oVerifyHostKeyDNS }, -+=09{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLoca= lhost }, -+=09{ "rekeylimit", oRekeyLimit }, -+=09{ "connecttimeout", oConnectTimeout }, -+=09{ "addressfamily", oAddressFamily }, -+=09{ "serveraliveinterval", oServerAliveInterval }, -+=09{ "serveralivecountmax", oServerAliveCountMax }, -+=09{ "sendenv", oSendEnv }, -+=09{ "controlpath", oControlPath }, -+=09{ "controlmaster", oControlMaster }, -+=09{ "hashknownhosts", oHashKnownHosts }, -+=09{ "tunnel", oTunnel }, -+=09{ "tunneldevice", oTunnelDevice }, -+=09{ "localcommand", oLocalCommand }, -+=09{ "permitlocalcommand", oPermitLocalCommand }, -+=09{ "visualhostkey", oVisualHostKey }, -+#ifdef JPAKE -+=09{ "zeroknowledgepasswordauthentication", -+=09 oZeroKnowledgePasswordAuthentication }, -+#else -+=09{ "zeroknowledgepasswordauthentication", oUnsupported }, -+#endif -+ -+=09{ NULL, oBadOption } -+}; -+ -+/* -+ * Adds a local TCP/IP port forward to options. Never returns if the= re is an -+ * error. -+ */ -+ -+void -+add=5Flocal=5Fforward(Options *options, const Forward *newfwd) -+{ -+=09Forward *fwd; -+#ifndef NO=5FIPPORT=5FRESERVED=5FCONCEPT -+=09extern uid=5Ft original=5Freal=5Fuid; -+=09if (newfwd->listen=5Fport < IPPORT=5FRESERVED && original=5Freal=5F= uid !=3D 0) -+=09=09fatal("Privileged ports can only be forwarded by root."); -+#endif -+=09if (options->num=5Flocal=5Fforwards >=3D SSH=5FMAX=5FFORWARDS=5FPE= R=5FDIRECTION) -+=09=09fatal("Too many local forwards (max %d).", SSH=5FMAX=5FFORWARDS= =5FPER=5FDIRECTION); -+=09fwd =3D &options->local=5Fforwards[options->num=5Flocal=5Fforwards= ++]; -+ -+=09fwd->listen=5Fhost =3D newfwd->listen=5Fhost; -+=09fwd->listen=5Fport =3D newfwd->listen=5Fport; -+=09fwd->connect=5Fhost =3D newfwd->connect=5Fhost; -+=09fwd->connect=5Fport =3D newfwd->connect=5Fport; -+} -+ -+/* -+ * Adds a remote TCP/IP port forward to options. Never returns if th= ere is -+ * an error. -+ */ -+ -+void -+add=5Fremote=5Fforward(Options *options, const Forward *newfwd) -+{ -+=09Forward *fwd; -+=09if (options->num=5Fremote=5Fforwards >=3D SSH=5FMAX=5FFORWARDS=5FP= ER=5FDIRECTION) -+=09=09fatal("Too many remote forwards (max %d).", -+=09=09 SSH=5FMAX=5FFORWARDS=5FPER=5FDIRECTION); -+=09fwd =3D &options->remote=5Fforwards[options->num=5Fremote=5Fforwar= ds++]; -+ -+=09fwd->listen=5Fhost =3D newfwd->listen=5Fhost; -+=09fwd->listen=5Fport =3D newfwd->listen=5Fport; -+=09fwd->connect=5Fhost =3D newfwd->connect=5Fhost; -+=09fwd->connect=5Fport =3D newfwd->connect=5Fport; -+} -+ -+static void -+clear=5Fforwardings(Options *options) -+{ -+=09int i; -+ -+=09for (i =3D 0; i < options->num=5Flocal=5Fforwards; i++) { -+=09=09if (options->local=5Fforwards[i].listen=5Fhost !=3D NULL) -+=09=09=09xfree(options->local=5Fforwards[i].listen=5Fhost); -+=09=09xfree(options->local=5Fforwards[i].connect=5Fhost); -+=09} -+=09options->num=5Flocal=5Fforwards =3D 0; -+=09for (i =3D 0; i < options->num=5Fremote=5Fforwards; i++) { -+=09=09if (options->remote=5Fforwards[i].listen=5Fhost !=3D NULL) -+=09=09=09xfree(options->remote=5Fforwards[i].listen=5Fhost); -+=09=09xfree(options->remote=5Fforwards[i].connect=5Fhost); -+=09} -+=09options->num=5Fremote=5Fforwards =3D 0; -+=09options->tun=5Fopen =3D SSH=5FTUNMODE=5FNO; -+} -+ -+/* -+ * Returns the number of the token pointed to by cp or oBadOption. -+ */ -+ -+static OpCodes -+parse=5Ftoken(const char *cp, const char *filename, int linenum) -+{ -+=09u=5Fint i; -+ -+=09for (i =3D 0; keywords[i].name; i++) -+=09=09if (strcasecmp(cp, keywords[i].name) =3D=3D 0) -+=09=09=09return keywords[i].opcode; -+ -+=09error("%s: line %d: Bad configuration option: %s", -+=09 filename, linenum, cp); -+=09return oBadOption; -+} -+ -+/* -+ * Processes a single option line as used in the configuration files.= This -+ * only sets those values that have not already been set. -+ */ -+#define WHITESPACE " \t\r\n" -+ -+int -+process=5Fconfig=5Fline(Options *options, const char *host, -+=09=09 char *line, const char *filename, int linenum, -+=09=09 int *activep) -+{ -+=09char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[25= 6]; -+=09int opcode, *intptr, value, value2, scale; -+=09LogLevel *log=5Flevel=5Fptr; -+=09long long orig, val64; -+=09size=5Ft len; -+=09Forward fwd; -+ -+=09/* Strip trailing whitespace */ -+=09for (len =3D strlen(line) - 1; len > 0; len--) { -+=09=09if (strchr(WHITESPACE, line[len]) =3D=3D NULL) -+=09=09=09break; -+=09=09line[len] =3D '\0'; -+=09} -+ -+=09s =3D line; -+=09/* Get the keyword. (Each line is supposed to begin with a keyword= ). */ -+=09if ((keyword =3D strdelim(&s)) =3D=3D NULL) -+=09=09return 0; -+=09/* Ignore leading whitespace. */ -+=09if (*keyword =3D=3D '\0') -+=09=09keyword =3D strdelim(&s); -+=09if (keyword =3D=3D NULL || !*keyword || *keyword =3D=3D '\n' || *k= eyword =3D=3D '#') -+=09=09return 0; -+ -+=09opcode =3D parse=5Ftoken(keyword, filename, linenum); -+ -+=09switch (opcode) { -+=09case oBadOption: -+=09=09/* don't panic, but count bad options */ -+=09=09return -1; -+=09=09/* NOTREACHED */ -+=09case oConnectTimeout: -+=09=09intptr =3D &options->connection=5Ftimeout; -+parse=5Ftime: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: missing time value.", -+=09=09=09 filename, linenum); -+=09=09if ((value =3D convtime(arg)) =3D=3D -1) -+=09=09=09fatal("%s line %d: invalid time value.", -+=09=09=09 filename, linenum); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oForwardAgent: -+=09=09intptr =3D &options->forward=5Fagent; -+parse=5Fflag: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing yes/no argument.", filename, = linenum); -+=09=09value =3D 0;=09/* To avoid compiler warning... */ -+=09=09if (strcmp(arg, "yes") =3D=3D 0 || strcmp(arg, "true") =3D=3D 0= ) -+=09=09=09value =3D 1; -+=09=09else if (strcmp(arg, "no") =3D=3D 0 || strcmp(arg, "false") =3D= =3D 0) -+=09=09=09value =3D 0; -+=09=09else -+=09=09=09fatal("%.200s line %d: Bad yes/no argument.", filename, line= num); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oForwardX11: -+=09=09intptr =3D &options->forward=5Fx11; -+=09=09goto parse=5Fflag; -+ -+=09case oForwardX11Trusted: -+=09=09intptr =3D &options->forward=5Fx11=5Ftrusted; -+=09=09goto parse=5Fflag; -+ -+=09case oGatewayPorts: -+=09=09intptr =3D &options->gateway=5Fports; -+=09=09goto parse=5Fflag; -+ -+=09case oExitOnForwardFailure: -+=09=09intptr =3D &options->exit=5Fon=5Fforward=5Ffailure; -+=09=09goto parse=5Fflag; -+ -+=09case oUsePrivilegedPort: -+=09=09intptr =3D &options->use=5Fprivileged=5Fport; -+=09=09goto parse=5Fflag; -+ -+=09case oPasswordAuthentication: -+=09=09intptr =3D &options->password=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oZeroKnowledgePasswordAuthentication: -+=09=09intptr =3D &options->zero=5Fknowledge=5Fpassword=5Fauthenticati= on; -+=09=09goto parse=5Fflag; -+ -+=09case oKbdInteractiveAuthentication: -+=09=09intptr =3D &options->kbd=5Finteractive=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oKbdInteractiveDevices: -+=09=09charptr =3D &options->kbd=5Finteractive=5Fdevices; -+=09=09goto parse=5Fstring; -+ -+=09case oPubkeyAuthentication: -+=09=09intptr =3D &options->pubkey=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oRSAAuthentication: -+=09=09intptr =3D &options->rsa=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oRhostsRSAAuthentication: -+=09=09intptr =3D &options->rhosts=5Frsa=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oHostbasedAuthentication: -+=09=09intptr =3D &options->hostbased=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oChallengeResponseAuthentication: -+=09=09intptr =3D &options->challenge=5Fresponse=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oGssAuthentication: -+=09=09intptr =3D &options->gss=5Fauthentication; -+=09=09goto parse=5Fflag; -+ -+=09case oGssDelegateCreds: -+=09=09intptr =3D &options->gss=5Fdeleg=5Fcreds; -+=09=09goto parse=5Fflag; -+ -+=09case oBatchMode: -+=09=09intptr =3D &options->batch=5Fmode; -+=09=09goto parse=5Fflag; -+ -+=09case oCheckHostIP: -+=09=09intptr =3D &options->check=5Fhost=5Fip; -+=09=09goto parse=5Fflag; -+ -+=09case oVerifyHostKeyDNS: -+=09=09intptr =3D &options->verify=5Fhost=5Fkey=5Fdns; -+=09=09goto parse=5Fyesnoask; -+ -+=09case oStrictHostKeyChecking: -+=09=09intptr =3D &options->strict=5Fhost=5Fkey=5Fchecking; -+parse=5Fyesnoask: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing yes/no/ask argument.", -+=09=09=09 filename, linenum); -+=09=09value =3D 0;=09/* To avoid compiler warning... */ -+=09=09if (strcmp(arg, "yes") =3D=3D 0 || strcmp(arg, "true") =3D=3D 0= ) -+=09=09=09value =3D 1; -+=09=09else if (strcmp(arg, "no") =3D=3D 0 || strcmp(arg, "false") =3D= =3D 0) -+=09=09=09value =3D 0; -+=09=09else if (strcmp(arg, "ask") =3D=3D 0) -+=09=09=09value =3D 2; -+=09=09else -+=09=09=09fatal("%.200s line %d: Bad yes/no/ask argument.", filename, = linenum); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oCompression: -+=09=09intptr =3D &options->compression; -+=09=09goto parse=5Fflag; -+ -+=09case oTCPKeepAlive: -+=09=09intptr =3D &options->tcp=5Fkeep=5Falive; -+=09=09goto parse=5Fflag; -+ -+=09case oNoHostAuthenticationForLocalhost: -+=09=09intptr =3D &options->no=5Fhost=5Fauthentication=5Ffor=5Flocalho= st; -+=09=09goto parse=5Fflag; -+ -+=09case oNumberOfPasswordPrompts: -+=09=09intptr =3D &options->number=5Fof=5Fpassword=5Fprompts; -+=09=09goto parse=5Fint; -+ -+=09case oCompressionLevel: -+=09=09intptr =3D &options->compression=5Flevel; -+=09=09goto parse=5Fint; -+ -+=09case oRekeyLimit: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (arg[0] < '0' || arg[0] > '9') -+=09=09=09fatal("%.200s line %d: Bad number.", filename, linenum); -+=09=09orig =3D val64 =3D strtoll(arg, &endofnumber, 10); -+=09=09if (arg =3D=3D endofnumber) -+=09=09=09fatal("%.200s line %d: Bad number.", filename, linenum); -+=09=09switch (toupper(*endofnumber)) { -+=09=09case '\0': -+=09=09=09scale =3D 1; -+=09=09=09break; -+=09=09case 'K': -+=09=09=09scale =3D 1<<10; -+=09=09=09break; -+=09=09case 'M': -+=09=09=09scale =3D 1<<20; -+=09=09=09break; -+=09=09case 'G': -+=09=09=09scale =3D 1<<30; -+=09=09=09break; -+=09=09default: -+=09=09=09fatal("%.200s line %d: Invalid RekeyLimit suffix", -+=09=09=09 filename, linenum); -+=09=09} -+=09=09val64 *=3D scale; -+=09=09/* detect integer wrap and too-large limits */ -+=09=09if ((val64 / scale) !=3D orig || val64 > UINT=5FMAX) -+=09=09=09fatal("%.200s line %d: RekeyLimit too large", -+=09=09=09 filename, linenum); -+=09=09if (val64 < 16) -+=09=09=09fatal("%.200s line %d: RekeyLimit too small", -+=09=09=09 filename, linenum); -+=09=09if (*activep && options->rekey=5Flimit =3D=3D -1) -+=09=09=09options->rekey=5Flimit =3D (u=5Fint32=5Ft)val64; -+=09=09break; -+ -+=09case oIdentityFile: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (*activep) { -+=09=09=09intptr =3D &options->num=5Fidentity=5Ffiles; -+=09=09=09if (*intptr >=3D SSH=5FMAX=5FIDENTITY=5FFILES) -+=09=09=09=09fatal("%.200s line %d: Too many identity files specified = (max %d).", -+=09=09=09=09 filename, linenum, SSH=5FMAX=5FIDENTITY=5FFILES); -+=09=09=09charptr =3D &options->identity=5Ffiles[*intptr]; -+=09=09=09*charptr =3D xstrdup(arg); -+=09=09=09*intptr =3D *intptr + 1; -+=09=09} -+=09=09break; -+ -+=09case oXAuthLocation: -+=09=09charptr=3D&options->xauth=5Flocation; -+=09=09goto parse=5Fstring; -+ -+=09case oUser: -+=09=09charptr =3D &options->user; -+parse=5Fstring: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (*activep && *charptr =3D=3D NULL) -+=09=09=09*charptr =3D xstrdup(arg); -+=09=09break; -+ -+=09case oGlobalKnownHostsFile: -+=09=09charptr =3D &options->system=5Fhostfile; -+=09=09goto parse=5Fstring; -+ -+=09case oUserKnownHostsFile: -+=09=09charptr =3D &options->user=5Fhostfile; -+=09=09goto parse=5Fstring; -+ -+=09case oGlobalKnownHostsFile2: -+=09=09charptr =3D &options->system=5Fhostfile2; -+=09=09goto parse=5Fstring; -+ -+=09case oUserKnownHostsFile2: -+=09=09charptr =3D &options->user=5Fhostfile2; -+=09=09goto parse=5Fstring; -+ -+=09case oHostName: -+=09=09charptr =3D &options->hostname; -+=09=09goto parse=5Fstring; -+ -+=09case oHostKeyAlias: -+=09=09charptr =3D &options->host=5Fkey=5Falias; -+=09=09goto parse=5Fstring; -+ -+=09case oPreferredAuthentications: -+=09=09charptr =3D &options->preferred=5Fauthentications; -+=09=09goto parse=5Fstring; -+ -+=09case oBindAddress: -+=09=09charptr =3D &options->bind=5Faddress; -+=09=09goto parse=5Fstring; -+ -+=09case oSmartcardDevice: -+=09=09charptr =3D &options->smartcard=5Fdevice; -+=09=09goto parse=5Fstring; -+ -+=09case oProxyCommand: -+=09=09charptr =3D &options->proxy=5Fcommand; -+parse=5Fcommand: -+=09=09if (s =3D=3D NULL) -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09len =3D strspn(s, WHITESPACE "=3D"); -+=09=09if (*activep && *charptr =3D=3D NULL) -+=09=09=09*charptr =3D xstrdup(s + len); -+=09=09return 0; -+ -+=09case oPort: -+=09=09intptr =3D &options->port; -+parse=5Fint: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (arg[0] < '0' || arg[0] > '9') -+=09=09=09fatal("%.200s line %d: Bad number.", filename, linenum); -+ -+=09=09/* Octal, decimal, or hex format=3F */ -+=09=09value =3D strtol(arg, &endofnumber, 0); -+=09=09if (arg =3D=3D endofnumber) -+=09=09=09fatal("%.200s line %d: Bad number.", filename, linenum); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oConnectionAttempts: -+=09=09intptr =3D &options->connection=5Fattempts; -+=09=09goto parse=5Fint; -+ -+=09case oCipher: -+=09=09intptr =3D &options->cipher; -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09value =3D cipher=5Fnumber(arg); -+=09=09if (value =3D=3D -1) -+=09=09=09fatal("%.200s line %d: Bad cipher '%s'.", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oCiphers: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (!ciphers=5Fvalid(arg)) -+=09=09=09fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && options->ciphers =3D=3D NULL) -+=09=09=09options->ciphers =3D xstrdup(arg); -+=09=09break; -+ -+=09case oMacs: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (!mac=5Fvalid(arg)) -+=09=09=09fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && options->macs =3D=3D NULL) -+=09=09=09options->macs =3D xstrdup(arg); -+=09=09break; -+ -+=09case oHostKeyAlgorithms: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (!key=5Fnames=5Fvalid2(arg)) -+=09=09=09fatal("%.200s line %d: Bad protocol 2 host key algorithms '%= s'.", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && options->hostkeyalgorithms =3D=3D NULL) -+=09=09=09options->hostkeyalgorithms =3D xstrdup(arg); -+=09=09break; -+ -+=09case oProtocol: -+=09=09intptr =3D &options->protocol; -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09value =3D proto=5Fspec(arg); -+=09=09if (value =3D=3D SSH=5FPROTO=5FUNKNOWN) -+=09=09=09fatal("%.200s line %d: Bad protocol spec '%s'.", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && *intptr =3D=3D SSH=5FPROTO=5FUNKNOWN) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oLogLevel: -+=09=09log=5Flevel=5Fptr =3D &options->log=5Flevel; -+=09=09arg =3D strdelim(&s); -+=09=09value =3D log=5Flevel=5Fnumber(arg); -+=09=09if (value =3D=3D SYSLOG=5FLEVEL=5FNOT=5FSET) -+=09=09=09fatal("%.200s line %d: unsupported log level '%s'", -+=09=09=09 filename, linenum, arg =3F arg : ""); -+=09=09if (*activep && *log=5Flevel=5Fptr =3D=3D SYSLOG=5FLEVEL=5FNOT=5F= SET) -+=09=09=09*log=5Flevel=5Fptr =3D (LogLevel) value; -+=09=09break; -+ -+=09case oLocalForward: -+=09case oRemoteForward: -+=09case oDynamicForward: -+=09=09arg =3D strdelim(&s); -+=09=09if (arg =3D=3D NULL || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing port argument.", -+=09=09=09 filename, linenum); -+ -+=09=09if (opcode =3D=3D oLocalForward || -+=09=09 opcode =3D=3D oRemoteForward) { -+=09=09=09arg2 =3D strdelim(&s); -+=09=09=09if (arg2 =3D=3D NULL || *arg2 =3D=3D '\0') -+=09=09=09=09fatal("%.200s line %d: Missing target argument.", -+=09=09=09=09 filename, linenum); -+ -+=09=09=09/* construct a string for parse=5Fforward */ -+=09=09=09snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); -+=09=09} else if (opcode =3D=3D oDynamicForward) { -+=09=09=09strlcpy(fwdarg, arg, sizeof(fwdarg)); -+=09=09} -+ -+=09=09if (parse=5Fforward(&fwd, fwdarg, -+=09=09 opcode =3D=3D oDynamicForward =3F 1 : 0, -+=09=09 opcode =3D=3D oRemoteForward =3F 1 : 0) =3D=3D 0) -+=09=09=09fatal("%.200s line %d: Bad forwarding specification.", -+=09=09=09 filename, linenum); -+ -+=09=09if (*activep) { -+=09=09=09if (opcode =3D=3D oLocalForward || -+=09=09=09 opcode =3D=3D oDynamicForward) -+=09=09=09=09add=5Flocal=5Fforward(options, &fwd); -+=09=09=09else if (opcode =3D=3D oRemoteForward) -+=09=09=09=09add=5Fremote=5Fforward(options, &fwd); -+=09=09} -+=09=09break; -+ -+=09case oClearAllForwardings: -+=09=09intptr =3D &options->clear=5Fforwardings; -+=09=09goto parse=5Fflag; -+ -+=09case oHost: -+=09=09*activep =3D 0; -+=09=09while ((arg =3D strdelim(&s)) !=3D NULL && *arg !=3D '\0') -+=09=09=09if (match=5Fpattern(host, arg)) { -+=09=09=09=09debug("Applying options for %.100s", arg); -+=09=09=09=09*activep =3D 1; -+=09=09=09=09break; -+=09=09=09} -+=09=09/* Avoid garbage check below, as strdelim is done. */ -+=09=09return 0; -+ -+=09case oEscapeChar: -+=09=09intptr =3D &options->escape=5Fchar; -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09if (arg[0] =3D=3D '^' && arg[2] =3D=3D 0 && -+=09=09 (u=5Fchar) arg[1] >=3D 64 && (u=5Fchar) arg[1] < 128) -+=09=09=09value =3D (u=5Fchar) arg[1] & 31; -+=09=09else if (strlen(arg) =3D=3D 1) -+=09=09=09value =3D (u=5Fchar) arg[0]; -+=09=09else if (strcmp(arg, "none") =3D=3D 0) -+=09=09=09value =3D SSH=5FESCAPECHAR=5FNONE; -+=09=09else { -+=09=09=09fatal("%.200s line %d: Bad escape character.", -+=09=09=09 filename, linenum); -+=09=09=09/* NOTREACHED */ -+=09=09=09value =3D 0;=09/* Avoid compiler warning. */ -+=09=09} -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oAddressFamily: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: missing address family.", -+=09=09=09 filename, linenum); -+=09=09intptr =3D &options->address=5Ffamily; -+=09=09if (strcasecmp(arg, "inet") =3D=3D 0) -+=09=09=09value =3D AF=5FINET; -+=09=09else if (strcasecmp(arg, "inet6") =3D=3D 0) -+=09=09=09value =3D AF=5FINET6; -+=09=09else if (strcasecmp(arg, "any") =3D=3D 0) -+=09=09=09value =3D AF=5FUNSPEC; -+=09=09else -+=09=09=09fatal("Unsupported AddressFamily \"%s\"", arg); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oEnableSSHKeysign: -+=09=09intptr =3D &options->enable=5Fssh=5Fkeysign; -+=09=09goto parse=5Fflag; -+ -+=09case oIdentitiesOnly: -+=09=09intptr =3D &options->identities=5Fonly; -+=09=09goto parse=5Fflag; -+ -+=09case oServerAliveInterval: -+=09=09intptr =3D &options->server=5Falive=5Finterval; -+=09=09goto parse=5Ftime; -+ -+=09case oServerAliveCountMax: -+=09=09intptr =3D &options->server=5Falive=5Fcount=5Fmax; -+=09=09goto parse=5Fint; -+ -+=09case oSendEnv: -+=09=09while ((arg =3D strdelim(&s)) !=3D NULL && *arg !=3D '\0') { -+=09=09=09if (strchr(arg, '=3D') !=3D NULL) -+=09=09=09=09fatal("%s line %d: Invalid environment name.", -+=09=09=09=09 filename, linenum); -+=09=09=09if (!*activep) -+=09=09=09=09continue; -+=09=09=09if (options->num=5Fsend=5Fenv >=3D MAX=5FSEND=5FENV) -+=09=09=09=09fatal("%s line %d: too many send env.", -+=09=09=09=09 filename, linenum); -+=09=09=09options->send=5Fenv[options->num=5Fsend=5Fenv++] =3D -+=09=09=09 xstrdup(arg); -+=09=09} -+=09=09break; -+ -+=09case oControlPath: -+=09=09charptr =3D &options->control=5Fpath; -+=09=09goto parse=5Fstring; -+ -+=09case oControlMaster: -+=09=09intptr =3D &options->control=5Fmaster; -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing ControlMaster argument.", -+=09=09=09 filename, linenum); -+=09=09value =3D 0;=09/* To avoid compiler warning... */ -+=09=09if (strcmp(arg, "yes") =3D=3D 0 || strcmp(arg, "true") =3D=3D 0= ) -+=09=09=09value =3D SSHCTL=5FMASTER=5FYES; -+=09=09else if (strcmp(arg, "no") =3D=3D 0 || strcmp(arg, "false") =3D= =3D 0) -+=09=09=09value =3D SSHCTL=5FMASTER=5FNO; -+=09=09else if (strcmp(arg, "auto") =3D=3D 0) -+=09=09=09value =3D SSHCTL=5FMASTER=5FAUTO; -+=09=09else if (strcmp(arg, "ask") =3D=3D 0) -+=09=09=09value =3D SSHCTL=5FMASTER=5FASK; -+=09=09else if (strcmp(arg, "autoask") =3D=3D 0) -+=09=09=09value =3D SSHCTL=5FMASTER=5FAUTO=5FASK; -+=09=09else -+=09=09=09fatal("%.200s line %d: Bad ControlMaster argument.", -+=09=09=09 filename, linenum); -+=09=09if (*activep && *intptr =3D=3D -1) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oHashKnownHosts: -+=09=09intptr =3D &options->hash=5Fknown=5Fhosts; -+=09=09goto parse=5Fflag; -+ -+=09case oTunnel: -+=09=09intptr =3D &options->tun=5Fopen; -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%s line %d: Missing yes/point-to-point/" -+=09=09=09 "ethernet/no argument.", filename, linenum); -+=09=09value =3D 0;=09/* silence compiler */ -+=09=09if (strcasecmp(arg, "ethernet") =3D=3D 0) -+=09=09=09value =3D SSH=5FTUNMODE=5FETHERNET; -+=09=09else if (strcasecmp(arg, "point-to-point") =3D=3D 0) -+=09=09=09value =3D SSH=5FTUNMODE=5FPOINTOPOINT; -+=09=09else if (strcasecmp(arg, "yes") =3D=3D 0) -+=09=09=09value =3D SSH=5FTUNMODE=5FDEFAULT; -+=09=09else if (strcasecmp(arg, "no") =3D=3D 0) -+=09=09=09value =3D SSH=5FTUNMODE=5FNO; -+=09=09else -+=09=09=09fatal("%s line %d: Bad yes/point-to-point/ethernet/" -+=09=09=09 "no argument: %s", filename, linenum, arg); -+=09=09if (*activep) -+=09=09=09*intptr =3D value; -+=09=09break; -+ -+=09case oTunnelDevice: -+=09=09arg =3D strdelim(&s); -+=09=09if (!arg || *arg =3D=3D '\0') -+=09=09=09fatal("%.200s line %d: Missing argument.", filename, linenum= ); -+=09=09value =3D a2tun(arg, &value2); -+=09=09if (value =3D=3D SSH=5FTUNID=5FERR) -+=09=09=09fatal("%.200s line %d: Bad tun device.", filename, linenum);= -+=09=09if (*activep) { -+=09=09=09options->tun=5Flocal =3D value; -+=09=09=09options->tun=5Fremote =3D value2; -+=09=09} -+=09=09break; -+ -+=09case oLocalCommand: -+=09=09charptr =3D &options->local=5Fcommand; -+=09=09goto parse=5Fcommand; -+ -+=09case oPermitLocalCommand: -+=09=09intptr =3D &options->permit=5Flocal=5Fcommand; -+=09=09goto parse=5Fflag; -+ -+=09case oVisualHostKey: -+=09=09intptr =3D &options->visual=5Fhost=5Fkey; -+=09=09goto parse=5Fflag; -+ -+=09case oDeprecated: -+=09=09debug("%s line %d: Deprecated option \"%s\"", -+=09=09 filename, linenum, keyword); -+=09=09return 0; -+ -+=09case oUnsupported: -+=09=09error("%s line %d: Unsupported option \"%s\"", -+=09=09 filename, linenum, keyword); -+=09=09return 0; -+ -+=09default: -+=09=09fatal("process=5Fconfig=5Fline: Unimplemented opcode %d", opcod= e); -+=09} -+ -+=09/* Check that there is no garbage at end of line. */ -+=09if ((arg =3D strdelim(&s)) !=3D NULL && *arg !=3D '\0') { -+=09=09fatal("%.200s line %d: garbage at end of line; \"%.200s\".", -+=09=09 filename, linenum, arg); -+=09} -+=09return 0; -+} -+ -+ -+/* -+ * Reads the config file and modifies the options accordingly. Optio= ns -+ * should already be initialized before this call. This never return= s if -+ * there is an error. If the file does not exist, this returns 0. -+ */ -+ -+int -+read=5Fconfig=5Ffile(const char *filename, const char *host, Options = *options, -+ int checkperm) -+{ -+=09FILE *f; -+=09char line[1024]; -+=09int active, linenum; -+=09int bad=5Foptions =3D 0; -+ -+=09if ((f =3D fopen(filename, "r")) =3D=3D NULL) -+=09=09return 0; -+ -+=09if (checkperm) { -+=09=09struct stat sb; -+ -+=09=09if (fstat(fileno(f), &sb) =3D=3D -1) -+=09=09=09fatal("fstat %s: %s", filename, strerror(errno)); -+=09=09if (((sb.st=5Fuid !=3D 0 && sb.st=5Fuid !=3D getuid()) || -+=09=09 (sb.st=5Fmode & 022) !=3D 0)) -+=09=09=09fatal("Bad owner or permissions on %s", filename); -+=09} -+ -+=09debug("Reading configuration data %.200s", filename); -+ -+=09/* -+=09 * Mark that we are now processing the options. This flag is turn= ed -+=09 * on/off by Host specifications. -+=09 */ -+=09active =3D 1; -+=09linenum =3D 0; -+=09while (fgets(line, sizeof(line), f)) { -+=09=09/* Update line number counter. */ -+=09=09linenum++; -+=09=09if (process=5Fconfig=5Fline(options, host, line, filename, line= num, &active) !=3D 0) -+=09=09=09bad=5Foptions++; -+=09} -+=09fclose(f); -+=09if (bad=5Foptions > 0) -+=09=09fatal("%s: terminating, %d bad configuration options", -+=09=09 filename, bad=5Foptions); -+=09return 1; -+} -+ -+/* -+ * Initializes options to special values that indicate that they have= not yet -+ * been set. Read=5Fconfig=5Ffile will only set options with this va= lue. Options -+ * are processed in the following order: command line, user config fi= le, -+ * system config file. Last, fill=5Fdefault=5Foptions is called. -+ */ -+ -+void -+initialize=5Foptions(Options * options) -+{ -+=09memset(options, 'X', sizeof(*options)); -+=09options->forward=5Fagent =3D -1; -+=09options->forward=5Fx11 =3D -1; -+=09options->forward=5Fx11=5Ftrusted =3D -1; -+=09options->exit=5Fon=5Fforward=5Ffailure =3D -1; -+=09options->xauth=5Flocation =3D NULL; -+=09options->gateway=5Fports =3D -1; -+=09options->use=5Fprivileged=5Fport =3D -1; -+=09options->rsa=5Fauthentication =3D -1; -+=09options->pubkey=5Fauthentication =3D -1; -+=09options->challenge=5Fresponse=5Fauthentication =3D -1; -+=09options->gss=5Fauthentication =3D -1; -+=09options->gss=5Fdeleg=5Fcreds =3D -1; -+=09options->password=5Fauthentication =3D -1; -+=09options->kbd=5Finteractive=5Fauthentication =3D -1; -+=09options->kbd=5Finteractive=5Fdevices =3D NULL; -+=09options->rhosts=5Frsa=5Fauthentication =3D -1; -+=09options->hostbased=5Fauthentication =3D -1; -+=09options->batch=5Fmode =3D -1; -+=09options->check=5Fhost=5Fip =3D -1; -+=09options->strict=5Fhost=5Fkey=5Fchecking =3D -1; -+=09options->compression =3D -1; -+=09options->tcp=5Fkeep=5Falive =3D -1; -+=09options->compression=5Flevel =3D -1; -+=09options->port =3D -1; -+=09options->address=5Ffamily =3D -1; -+=09options->connection=5Fattempts =3D -1; -+=09options->connection=5Ftimeout =3D -1; -+=09options->number=5Fof=5Fpassword=5Fprompts =3D -1; -+=09options->cipher =3D -1; -+=09options->ciphers =3D NULL; -+=09options->macs =3D NULL; -+=09options->hostkeyalgorithms =3D NULL; -+=09options->protocol =3D SSH=5FPROTO=5FUNKNOWN; -+=09options->num=5Fidentity=5Ffiles =3D 0; -+=09options->hostname =3D NULL; -+=09options->host=5Fkey=5Falias =3D NULL; -+=09options->proxy=5Fcommand =3D NULL; -+=09options->user =3D NULL; -+=09options->escape=5Fchar =3D -1; -+=09options->system=5Fhostfile =3D NULL; -+=09options->user=5Fhostfile =3D NULL; -+=09options->system=5Fhostfile2 =3D NULL; -+=09options->user=5Fhostfile2 =3D NULL; -+=09options->num=5Flocal=5Fforwards =3D 0; -+=09options->num=5Fremote=5Fforwards =3D 0; -+=09options->clear=5Fforwardings =3D -1; -+=09options->log=5Flevel =3D SYSLOG=5FLEVEL=5FNOT=5FSET; -+=09options->preferred=5Fauthentications =3D NULL; -+=09options->bind=5Faddress =3D NULL; -+=09options->smartcard=5Fdevice =3D NULL; -+=09options->enable=5Fssh=5Fkeysign =3D - 1; -+=09options->no=5Fhost=5Fauthentication=5Ffor=5Flocalhost =3D - 1; -+=09options->identities=5Fonly =3D - 1; -+=09options->rekey=5Flimit =3D - 1; -+=09options->verify=5Fhost=5Fkey=5Fdns =3D -1; -+=09options->server=5Falive=5Finterval =3D -1; -+=09options->server=5Falive=5Fcount=5Fmax =3D -1; -+=09options->num=5Fsend=5Fenv =3D 0; -+=09options->control=5Fpath =3D NULL; -+=09options->control=5Fmaster =3D -1; -+=09options->hash=5Fknown=5Fhosts =3D -1; -+=09options->tun=5Fopen =3D -1; -+=09options->tun=5Flocal =3D -1; -+=09options->tun=5Fremote =3D -1; -+=09options->local=5Fcommand =3D NULL; -+=09options->permit=5Flocal=5Fcommand =3D -1; -+=09options->visual=5Fhost=5Fkey =3D -1; -+=09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D -1; -+} -+ -+/* -+ * Called after processing other sources of option data, this fills t= hose -+ * options for which no value has been specified with their default v= alues. -+ */ -+ -+void -+fill=5Fdefault=5Foptions(Options * options) -+{ -+=09int len; -+ -+=09if (options->forward=5Fagent =3D=3D -1) -+=09=09options->forward=5Fagent =3D 0; -+=09if (options->forward=5Fx11 =3D=3D -1) -+=09=09options->forward=5Fx11 =3D 0; -+=09if (options->forward=5Fx11=5Ftrusted =3D=3D -1) -+=09=09options->forward=5Fx11=5Ftrusted =3D 0; -+=09if (options->exit=5Fon=5Fforward=5Ffailure =3D=3D -1) -+=09=09options->exit=5Fon=5Fforward=5Ffailure =3D 0; -+=09if (options->xauth=5Flocation =3D=3D NULL) -+=09=09options->xauth=5Flocation =3D =5FPATH=5FXAUTH; -+=09if (options->gateway=5Fports =3D=3D -1) -+=09=09options->gateway=5Fports =3D 0; -+=09if (options->use=5Fprivileged=5Fport =3D=3D -1) -+=09=09options->use=5Fprivileged=5Fport =3D 0; -+=09if (options->rsa=5Fauthentication =3D=3D -1) -+=09=09options->rsa=5Fauthentication =3D 1; -+=09if (options->pubkey=5Fauthentication =3D=3D -1) -+=09=09options->pubkey=5Fauthentication =3D 1; -+=09if (options->challenge=5Fresponse=5Fauthentication =3D=3D -1) -+=09=09options->challenge=5Fresponse=5Fauthentication =3D 1; -+=09if (options->gss=5Fauthentication =3D=3D -1) -+=09=09options->gss=5Fauthentication =3D 0; -+=09if (options->gss=5Fdeleg=5Fcreds =3D=3D -1) -+=09=09options->gss=5Fdeleg=5Fcreds =3D 0; -+=09if (options->password=5Fauthentication =3D=3D -1) -+=09=09options->password=5Fauthentication =3D 1; -+=09if (options->kbd=5Finteractive=5Fauthentication =3D=3D -1) -+=09=09options->kbd=5Finteractive=5Fauthentication =3D 1; -+=09if (options->rhosts=5Frsa=5Fauthentication =3D=3D -1) -+=09=09options->rhosts=5Frsa=5Fauthentication =3D 0; -+=09if (options->hostbased=5Fauthentication =3D=3D -1) -+=09=09options->hostbased=5Fauthentication =3D 0; -+=09if (options->batch=5Fmode =3D=3D -1) -+=09=09options->batch=5Fmode =3D 0; -+=09if (options->check=5Fhost=5Fip =3D=3D -1) -+=09=09options->check=5Fhost=5Fip =3D 1; -+=09if (options->strict=5Fhost=5Fkey=5Fchecking =3D=3D -1) -+=09=09options->strict=5Fhost=5Fkey=5Fchecking =3D 2;=09/* 2 is defaul= t */ -+=09if (options->compression =3D=3D -1) -+=09=09options->compression =3D 0; -+=09if (options->tcp=5Fkeep=5Falive =3D=3D -1) -+=09=09options->tcp=5Fkeep=5Falive =3D 1; -+=09if (options->compression=5Flevel =3D=3D -1) -+=09=09options->compression=5Flevel =3D 6; -+=09if (options->port =3D=3D -1) -+=09=09options->port =3D 0;=09/* Filled in ssh=5Fconnect. */ -+=09if (options->address=5Ffamily =3D=3D -1) -+=09=09options->address=5Ffamily =3D AF=5FUNSPEC; -+=09if (options->connection=5Fattempts =3D=3D -1) -+=09=09options->connection=5Fattempts =3D 1; -+=09if (options->number=5Fof=5Fpassword=5Fprompts =3D=3D -1) -+=09=09options->number=5Fof=5Fpassword=5Fprompts =3D 3; -+=09/* Selected in ssh=5Flogin(). */ -+=09if (options->cipher =3D=3D -1) -+=09=09options->cipher =3D SSH=5FCIPHER=5FNOT=5FSET; -+=09/* options->ciphers, default set in myproposals.h */ -+=09/* options->macs, default set in myproposals.h */ -+=09/* options->hostkeyalgorithms, default set in myproposals.h */ -+=09if (options->protocol =3D=3D SSH=5FPROTO=5FUNKNOWN) -+=09=09options->protocol =3D SSH=5FPROTO=5F1|SSH=5FPROTO=5F2; -+=09if (options->num=5Fidentity=5Ffiles =3D=3D 0) { -+=09=09if (options->protocol & SSH=5FPROTO=5F1) { -+=09=09=09len =3D 2 + strlen(=5FPATH=5FSSH=5FCLIENT=5FIDENTITY) + 1; -+=09=09=09options->identity=5Ffiles[options->num=5Fidentity=5Ffiles] =3D= -+=09=09=09 xmalloc(len); -+=09=09=09snprintf(options->identity=5Ffiles[options->num=5Fidentity=5F= files++], -+=09=09=09 len, "~/%.100s", =5FPATH=5FSSH=5FCLIENT=5FIDENTITY); -+=09=09} -+=09=09if (options->protocol & SSH=5FPROTO=5F2) { -+=09=09=09len =3D 2 + strlen(=5FPATH=5FSSH=5FCLIENT=5FID=5FRSA) + 1; -+=09=09=09options->identity=5Ffiles[options->num=5Fidentity=5Ffiles] =3D= -+=09=09=09 xmalloc(len); -+=09=09=09snprintf(options->identity=5Ffiles[options->num=5Fidentity=5F= files++], -+=09=09=09 len, "~/%.100s", =5FPATH=5FSSH=5FCLIENT=5FID=5FRSA); -+ -+=09=09=09len =3D 2 + strlen(=5FPATH=5FSSH=5FCLIENT=5FID=5FDSA) + 1; -+=09=09=09options->identity=5Ffiles[options->num=5Fidentity=5Ffiles] =3D= -+=09=09=09 xmalloc(len); -+=09=09=09snprintf(options->identity=5Ffiles[options->num=5Fidentity=5F= files++], -+=09=09=09 len, "~/%.100s", =5FPATH=5FSSH=5FCLIENT=5FID=5FDSA); -+=09=09} -+=09} -+=09if (options->escape=5Fchar =3D=3D -1) -+=09=09options->escape=5Fchar =3D '~'; -+=09if (options->system=5Fhostfile =3D=3D NULL) -+=09=09options->system=5Fhostfile =3D =5FPATH=5FSSH=5FSYSTEM=5FHOSTFIL= E; -+=09if (options->user=5Fhostfile =3D=3D NULL) -+=09=09options->user=5Fhostfile =3D =5FPATH=5FSSH=5FUSER=5FHOSTFILE; -+=09if (options->system=5Fhostfile2 =3D=3D NULL) -+=09=09options->system=5Fhostfile2 =3D =5FPATH=5FSSH=5FSYSTEM=5FHOSTFI= LE2; -+=09if (options->user=5Fhostfile2 =3D=3D NULL) -+=09=09options->user=5Fhostfile2 =3D =5FPATH=5FSSH=5FUSER=5FHOSTFILE2;= -+=09if (options->log=5Flevel =3D=3D SYSLOG=5FLEVEL=5FNOT=5FSET) -+=09=09options->log=5Flevel =3D SYSLOG=5FLEVEL=5FINFO; -+=09if (options->clear=5Fforwardings =3D=3D 1) -+=09=09clear=5Fforwardings(options); -+=09if (options->no=5Fhost=5Fauthentication=5Ffor=5Flocalhost =3D=3D -= 1) -+=09=09options->no=5Fhost=5Fauthentication=5Ffor=5Flocalhost =3D 0; -+=09if (options->identities=5Fonly =3D=3D -1) -+=09=09options->identities=5Fonly =3D 0; -+=09if (options->enable=5Fssh=5Fkeysign =3D=3D -1) -+=09=09options->enable=5Fssh=5Fkeysign =3D 0; -+=09if (options->rekey=5Flimit =3D=3D -1) -+=09=09options->rekey=5Flimit =3D 0; -+=09if (options->verify=5Fhost=5Fkey=5Fdns =3D=3D -1) -+=09=09options->verify=5Fhost=5Fkey=5Fdns =3D 0; -+=09if (options->server=5Falive=5Finterval =3D=3D -1) -+=09=09options->server=5Falive=5Finterval =3D 0; -+=09if (options->server=5Falive=5Fcount=5Fmax =3D=3D -1) -+=09=09options->server=5Falive=5Fcount=5Fmax =3D 3; -+=09if (options->control=5Fmaster =3D=3D -1) -+=09=09options->control=5Fmaster =3D 0; -+=09if (options->hash=5Fknown=5Fhosts =3D=3D -1) -+=09=09options->hash=5Fknown=5Fhosts =3D 0; -+=09if (options->tun=5Fopen =3D=3D -1) -+=09=09options->tun=5Fopen =3D SSH=5FTUNMODE=5FNO; -+=09if (options->tun=5Flocal =3D=3D -1) -+=09=09options->tun=5Flocal =3D SSH=5FTUNID=5FANY; -+=09if (options->tun=5Fremote =3D=3D -1) -+=09=09options->tun=5Fremote =3D SSH=5FTUNID=5FANY; -+=09if (options->permit=5Flocal=5Fcommand =3D=3D -1) -+=09=09options->permit=5Flocal=5Fcommand =3D 0; -+=09if (options->visual=5Fhost=5Fkey =3D=3D -1) -+=09=09options->visual=5Fhost=5Fkey =3D 0; -+=09if (options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D=3D -= 1) -+=09=09options->zero=5Fknowledge=5Fpassword=5Fauthentication =3D 0; -+=09/* options->local=5Fcommand should not be set by default */ -+=09/* options->proxy=5Fcommand should not be set by default */ -+=09/* options->user will be set in the main program if appropriate */= -+=09/* options->hostname will be set in the main program if appropriat= e */ -+=09/* options->host=5Fkey=5Falias should not be set by default */ -+=09/* options->preferred=5Fauthentications will be set in ssh */ -+} -+ -+/* -+ * parse=5Fforward -+ * parses a string containing a port forwarding specification of the = form: -+ * dynamicfwd =3D=3D 0 -+ *=09[listenhost:]listenport:connecthost:connectport -+ * dynamicfwd =3D=3D 1 -+ *=09[listenhost:]listenport -+ * returns number of arguments parsed or zero on error -+ */ -+int -+parse=5Fforward(Forward *fwd, const char *fwdspec, int dynamicfwd, in= t remotefwd) -+{ -+=09int i; -+=09char *p, *cp, *fwdarg[4]; -+ -+=09memset(fwd, '\0', sizeof(*fwd)); -+ -+=09cp =3D p =3D xstrdup(fwdspec); -+ -+=09/* skip leading spaces */ -+=09while (isspace(*cp)) -+=09=09cp++; -+ -+=09for (i =3D 0; i < 4; ++i) -+=09=09if ((fwdarg[i] =3D hpdelim(&cp)) =3D=3D NULL) -+=09=09=09break; -+ -+=09/* Check for trailing garbage */ -+=09if (cp !=3D NULL) -+=09=09i =3D 0;=09/* failure */ -+ -+=09switch (i) { -+=09case 1: -+=09=09fwd->listen=5Fhost =3D NULL; -+=09=09fwd->listen=5Fport =3D a2port(fwdarg[0]); -+=09=09fwd->connect=5Fhost =3D xstrdup("socks"); -+=09=09break; -+ -+=09case 2: -+=09=09fwd->listen=5Fhost =3D xstrdup(cleanhostname(fwdarg[0])); -+=09=09fwd->listen=5Fport =3D a2port(fwdarg[1]); -+=09=09fwd->connect=5Fhost =3D xstrdup("socks"); -+=09=09break; -+ -+=09case 3: -+=09=09fwd->listen=5Fhost =3D NULL; -+=09=09fwd->listen=5Fport =3D a2port(fwdarg[0]); -+=09=09fwd->connect=5Fhost =3D xstrdup(cleanhostname(fwdarg[1])); -+=09=09fwd->connect=5Fport =3D a2port(fwdarg[2]); -+=09=09break; -+ -+=09case 4: -+=09=09fwd->listen=5Fhost =3D xstrdup(cleanhostname(fwdarg[0])); -+=09=09fwd->listen=5Fport =3D a2port(fwdarg[1]); -+=09=09fwd->connect=5Fhost =3D xstrdup(cleanhostname(fwdarg[2])); -+=09=09fwd->connect=5Fport =3D a2port(fwdarg[3]); -+=09=09break; -+=09default: -+=09=09i =3D 0; /* failure */ -+=09} -+ -+=09xfree(p); -+ -+=09if (dynamicfwd) { -+=09=09if (!(i =3D=3D 1 || i =3D=3D 2)) -+=09=09=09goto fail=5Ffree; -+=09} else { -+=09=09if (!(i =3D=3D 3 || i =3D=3D 4)) -+=09=09=09goto fail=5Ffree; -+=09=09if (fwd->connect=5Fport <=3D 0) -+=09=09=09goto fail=5Ffree; -+=09} -+ -+=09if (fwd->listen=5Fport < 0 || (!remotefwd && fwd->listen=5Fport =3D= =3D 0)) -+=09=09goto fail=5Ffree; -+ -+=09if (fwd->connect=5Fhost !=3D NULL && -+=09 strlen(fwd->connect=5Fhost) >=3D NI=5FMAXHOST) -+=09=09goto fail=5Ffree; -+=09if (fwd->listen=5Fhost !=3D NULL && -+=09 strlen(fwd->listen=5Fhost) >=3D NI=5FMAXHOST) -+=09=09goto fail=5Ffree; -+ -+ -+=09return (i); -+ -+ fail=5Ffree: -+=09if (fwd->connect=5Fhost !=3D NULL) { -+=09=09xfree(fwd->connect=5Fhost); -+=09=09fwd->connect=5Fhost =3D NULL; -+=09} -+=09if (fwd->listen=5Fhost !=3D NULL) { -+=09=09xfree(fwd->listen=5Fhost); -+=09=09fwd->listen=5Fhost =3D NULL; -+=09} -+=09return (0); -+} -diff -NupwB readconf.h readconf.h ---- readconf.h=092009-02-14 00:28:21.000000000 -0500 -+++ readconf.h=092009-05-14 12:36:10.000000000 -0400 -@@ -57,6 +57,11 @@ typedef struct { - =09int compression=5Flevel;=09/* Compression level 1 (fast) to 9 - =09=09=09=09=09 * (best). */ - =09int tcp=5Fkeep=5Falive;=09/* Set SO=5FKEEPALIVE. */ -+ int tcp=5Frcv=5Fbuf; /* user switch to set tcp recv buffe= r */ -+=09int=09tcp=5Frcv=5Fbuf=5Fpoll; /* Option to poll recv buf every win= dow transfer */ -+=09int =09hpn=5Fdisabled; =09 /* Switch to disable HPN buffer managem= ent */ -+=09int=09hpn=5Fbuffer=5Fsize; /* User definable size for HPN buffer w= indow */ -+ - =09LogLevel log=5Flevel;=09/* Level for logging. */ -=20 - =09int port;=09=09/* Port to connect. */ -@@ -102,6 +107,8 @@ typedef struct { -=20 - =09int=09enable=5Fssh=5Fkeysign; - =09int64=5Ft rekey=5Flimit; -+=09int none=5Fswitch; /* Use none cipher */ -+=09int none=5Fenabled; /* Allow none to be used */ - =09int=09no=5Fhost=5Fauthentication=5Ffor=5Flocalhost; - =09int=09identities=5Fonly; - =09int=09server=5Falive=5Finterval; -diff -NupwB readconf.h.orig readconf.h.orig ---- readconf.h.orig=091969-12-31 19:00:00.000000000 -0500 -+++ readconf.h.orig=092009-02-14 00:28:21.000000000 -0500 -@@ -0,0 +1,145 @@ -+/* $OpenBSD: readconf.h,v 1.78 2009/02/12 03:00:56 djm Exp $ */ -+ -+/* -+ * Author: Tatu Ylonen -+ * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -+ * All rights reserved -+ * Functions for reading the configuration file. -+ * -+ * As far as I am concerned, the code I have written for this softwar= e -+ * can be used freely for any purpose. Any derived versions of this -+ * software must be clearly marked as such, and if the derived work i= s -+ * incompatible with the protocol description in the RFC file, it mus= t be -+ * called by a name other than "ssh" or "Secure Shell". -+ */ -+ -+#ifndef READCONF=5FH -+#define READCONF=5FH -+ -+/* Data structure for representing a forwarding request. */ -+ -+typedef struct { -+=09char=09 *listen=5Fhost;=09=09/* Host (address) to listen on. */ -+=09int=09 listen=5Fport;=09=09/* Port to forward. */ -+=09char=09 *connect=5Fhost;=09=09/* Host to connect. */ -+=09int=09 connect=5Fport;=09=09/* Port to connect on connect=5Fhost.= */ -+} Forward; -+/* Data structure for representing option data. */ -+ -+#define MAX=5FSEND=5FENV=09256 -+ -+typedef struct { -+=09int forward=5Fagent;=09/* Forward authentication agent. */ -+=09int forward=5Fx11;=09/* Forward X11 display. */ -+=09int forward=5Fx11=5Ftrusted;=09/* Trust Forward X11 display. *= / -+=09int exit=5Fon=5Fforward=5Ffailure;=09/* Exit if bind(2) fails = for -L/-R */ -+=09char *xauth=5Flocation;=09/* Location for xauth program */ -+=09int gateway=5Fports;=09/* Allow remote connects to forwarded p= orts. */ -+=09int use=5Fprivileged=5Fport;=09/* Don't use privileged port if= false. */ -+=09int rhosts=5Frsa=5Fauthentication;=09/* Try rhosts with RSA -+=09=09=09=09=09=09 * authentication. */ -+=09int rsa=5Fauthentication;=09/* Try RSA authentication. */ -+=09int pubkey=5Fauthentication;=09/* Try ssh2 pubkey authenticati= on. */ -+=09int hostbased=5Fauthentication;=09/* ssh2's rhosts=5Frsa */ -+=09int challenge=5Fresponse=5Fauthentication; -+=09=09=09=09=09/* Try S/Key or TIS, authentication. */ -+=09int gss=5Fauthentication;=09/* Try GSS authentication */ -+=09int gss=5Fdeleg=5Fcreds;=09/* Delegate GSS credentials */ -+=09int password=5Fauthentication;=09/* Try password -+=09=09=09=09=09=09 * authentication. */ -+=09int kbd=5Finteractive=5Fauthentication; /* Try keyboard-intera= ctive auth. */ -+=09char=09*kbd=5Finteractive=5Fdevices; /* Keyboard-interactive auth = devices. */ -+=09int zero=5Fknowledge=5Fpassword=5Fauthentication;=09/* Try jpa= ke */ -+=09int batch=5Fmode;=09/* Batch mode: do not ask for passwords. *= / -+=09int check=5Fhost=5Fip;=09/* Also keep track of keys for IP add= ress */ -+=09int strict=5Fhost=5Fkey=5Fchecking;=09/* Strict host key check= ing. */ -+=09int compression;=09/* Compress packets in both directions. */ -+=09int compression=5Flevel;=09/* Compression level 1 (fast) to 9 -+=09=09=09=09=09 * (best). */ -+=09int tcp=5Fkeep=5Falive;=09/* Set SO=5FKEEPALIVE. */ -+=09LogLevel log=5Flevel;=09/* Level for logging. */ -+ -+=09int port;=09=09/* Port to connect. */ -+=09int address=5Ffamily; -+=09int connection=5Fattempts;=09/* Max attempts (seconds) before -+=09=09=09=09=09 * giving up */ -+=09int connection=5Ftimeout;=09/* Max time (seconds) before -+=09=09=09=09=09 * aborting connection attempt */ -+=09int number=5Fof=5Fpassword=5Fprompts;=09/* Max number of passw= ord -+=09=09=09=09=09=09 * prompts. */ -+=09int cipher;=09=09/* Cipher to use. */ -+=09char *ciphers;=09/* SSH2 ciphers in order of preference. */ -+=09char *macs;=09=09/* SSH2 macs in order of preference. */ -+=09char *hostkeyalgorithms;=09/* SSH2 server key types in order of = preference. */ -+=09int=09protocol;=09/* Protocol in order of preference. */ -+=09char *hostname;=09/* Real host to connect. */ -+=09char *host=5Fkey=5Falias;=09/* hostname alias for .ssh/known=5Fh= osts */ -+=09char *proxy=5Fcommand;=09/* Proxy command for connecting the hos= t. */ -+=09char *user;=09=09/* User to log in as. */ -+=09int escape=5Fchar;=09/* Escape character; -2 =3D none */ -+ -+=09char *system=5Fhostfile;/* Path for /etc/ssh/ssh=5Fknown=5Fhosts= . */ -+=09char *user=5Fhostfile;=09/* Path for $HOME/.ssh/known=5Fhosts. *= / -+=09char *system=5Fhostfile2; -+=09char *user=5Fhostfile2; -+=09char *preferred=5Fauthentications; -+=09char *bind=5Faddress;=09/* local socket address for connection t= o sshd */ -+=09char *smartcard=5Fdevice; /* Smartcard reader device */ -+=09int=09verify=5Fhost=5Fkey=5Fdns;=09/* Verify host key using DNS */= -+ -+=09int num=5Fidentity=5Ffiles;=09/* Number of files for RSA/DSA i= dentities. */ -+=09char *identity=5Ffiles[SSH=5FMAX=5FIDENTITY=5FFILES]; -+=09Key *identity=5Fkeys[SSH=5FMAX=5FIDENTITY=5FFILES]; -+ -+=09/* Local TCP/IP forward requests. */ -+=09int num=5Flocal=5Fforwards; -+=09Forward local=5Fforwards[SSH=5FMAX=5FFORWARDS=5FPER=5FDIRECTION]; -+ -+=09/* Remote TCP/IP forward requests. */ -+=09int num=5Fremote=5Fforwards; -+=09Forward remote=5Fforwards[SSH=5FMAX=5FFORWARDS=5FPER=5FDIRECTION];= -+=09int=09clear=5Fforwardings; -+ -+=09int=09enable=5Fssh=5Fkeysign; -+=09int64=5Ft rekey=5Flimit; -+=09int=09no=5Fhost=5Fauthentication=5Ffor=5Flocalhost; -+=09int=09identities=5Fonly; -+=09int=09server=5Falive=5Finterval; -+=09int=09server=5Falive=5Fcount=5Fmax; -+ -+=09int num=5Fsend=5Fenv; -+=09char *send=5Fenv[MAX=5FSEND=5FENV]; -+ -+=09char=09*control=5Fpath; -+=09int=09control=5Fmaster; -+ -+=09int=09hash=5Fknown=5Fhosts; -+ -+=09int=09tun=5Fopen;=09/* tun(4) */ -+=09int tun=5Flocal;=09/* force tun device (optional) */ -+=09int tun=5Fremote;=09/* force tun device (optional) */ -+ -+=09char=09*local=5Fcommand; -+=09int=09permit=5Flocal=5Fcommand; -+=09int=09visual=5Fhost=5Fkey; -+ -+} Options; -+ -+#define SSHCTL=5FMASTER=5FNO=090 -+#define SSHCTL=5FMASTER=5FYES=091 -+#define SSHCTL=5FMASTER=5FAUTO=092 -+#define SSHCTL=5FMASTER=5FASK=093 -+#define SSHCTL=5FMASTER=5FAUTO=5FASK=094 -+ -+void initialize=5Foptions(Options *); -+void fill=5Fdefault=5Foptions(Options *); -+int=09 read=5Fconfig=5Ffile(const char *, const char *, Options *, in= t); -+int=09 parse=5Fforward(Forward *, const char *, int, int); -+ -+int -+process=5Fconfig=5Fline(Options *, const char *, char *, const char *= , int, int *); -+ -+void=09 add=5Flocal=5Fforward(Options *, const Forward *); -+void=09 add=5Fremote=5Fforward(Options *, const Forward *); -+ -+#endif=09=09=09=09/* READCONF=5FH */ -Common subdirectories: regress and regress -Common subdirectories: scard and scard -diff -NupwB scp.c scp.c ---- scp.c=092008-11-03 03:23:45.000000000 -0500 -+++ scp.c=092009-05-14 12:36:10.000000000 -0400 -@@ -632,7 +632,7 @@ source(int argc, char **argv) - =09off=5Ft i, statbytes; - =09size=5Ft amt; - =09int fd =3D -1, haderr, indx; --=09char *last, *name, buf[2048], encname[MAXPATHLEN]; -+=09char *last, *name, buf[16384], encname[MAXPATHLEN]; - =09int len; -=20 - =09for (indx =3D 0; indx < argc; ++indx) { -@@ -868,7 +868,7 @@ sink(int argc, char **argv) - =09mode=5Ft mode, omode, mask; - =09off=5Ft size, statbytes; - =09int setimes, targisdir, wrerrno =3D 0; --=09char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; -+=09char ch, *cp, *np, *targ, *why, *vect[1], buf[16384]; - =09struct timeval tv[2]; -=20 - #define=09atime=09tv[0] -diff -NupwB servconf.h servconf.h ---- servconf.h=092009-01-28 00:31:23.000000000 -0500 -+++ servconf.h=092009-05-14 12:36:10.000000000 -0400 -@@ -145,6 +145,10 @@ typedef struct { - =09char *adm=5Fforced=5Fcommand; -=20 - =09int=09use=5Fpam;=09=09/* Enable auth via PAM */ -+ int none=5Fenabled; /* enable NONE cipher switc= h */ -+ int tcp=5Frcv=5Fbuf=5Fpoll; /* poll tcp rcv window = in autotuning kernels*/ -+=09int=09hpn=5Fdisabled;=09=09/* disable hpn functionality. false by = default */ -+=09int=09hpn=5Fbuffer=5Fsize;=09/* set the hpn buffer size - default = 3MB */ -=20 - =09int=09permit=5Ftun; -=20 -diff -NupwB serverloop.c serverloop.c ---- serverloop.c=092009-02-14 00:33:09.000000000 -0500 -+++ serverloop.c=092009-05-14 12:36:10.000000000 -0400 -@@ -93,10 +93,10 @@ static int fdin;=09=09/* Descriptor for stdi - static int fdout;=09=09/* Descriptor for stdout (for reading); - =09=09=09=09 May be same number as fdin. */ - static int fderr;=09=09/* Descriptor for stderr. May be -1. */ --static long stdin=5Fbytes =3D 0;=09/* Number of bytes written to stdi= n. */ --static long stdout=5Fbytes =3D 0;=09/* Number of stdout bytes sent to= client. */ --static long stderr=5Fbytes =3D 0;=09/* Number of stderr bytes sent to= client. */ --static long fdout=5Fbytes =3D 0;=09/* Number of stdout bytes read fro= m program. */ -+static u=5Flong stdin=5Fbytes =3D 0;=09/* Number of bytes written to = stdin. */ -+static u=5Flong stdout=5Fbytes =3D 0;=09/* Number of stdout bytes sen= t to client. */ -+static u=5Flong stderr=5Fbytes =3D 0;=09/* Number of stderr bytes sen= t to client. */ -+static u=5Flong fdout=5Fbytes =3D 0;=09/* Number of stdout bytes read= from program. */ - static int stdin=5Feof =3D 0;=09/* EOF message received from client. = */ - static int fdout=5Feof =3D 0;=09/* EOF encountered reading from fdout= . */ - static int fderr=5Feof =3D 0;=09/* EOF encountered readung from fderr= . */ -@@ -121,6 +121,20 @@ static volatile sig=5Fatomic=5Ft received=5Fsi - static void server=5Finit=5Fdispatch(void); -=20 - /* -+ * Returns current time in seconds from Jan 1, 1970 with the maximum -+ * available resolution. -+ */ -+ -+static double -+get=5Fcurrent=5Ftime(void) -+{ -+=09struct timeval tv; -+=09gettimeofday(&tv, NULL); -+=09return (double) tv.tv=5Fsec + (double) tv.tv=5Fusec / 1000000.0; -+} -+ -+ -+/* - * we write to this pipe if a SIGCHLD is caught in order to avoid - * the race between select() and child=5Fterminated - */ -@@ -410,6 +424,7 @@ process=5Finput(fd=5Fset *readset) - =09=09} else { - =09=09=09/* Buffer any received data. */ - =09=09=09packet=5Fprocess=5Fincoming(buf, len); -+=09=09=09fdout=5Fbytes +=3D len; - =09=09} - =09} - =09if (compat20) -@@ -432,6 +447,7 @@ process=5Finput(fd=5Fset *readset) - =09=09} else { - =09=09=09buffer=5Fappend(&stdout=5Fbuffer, buf, len); - =09=09=09fdout=5Fbytes +=3D len; -+=09=09=09debug ("FD out now: %ld", fdout=5Fbytes); - =09=09} - =09} - =09/* Read and buffer any available stderr data from the program. */ -@@ -499,7 +515,7 @@ process=5Foutput(fd=5Fset *writeset) - =09} - =09/* Send any buffered packet data to the client. */ - =09if (FD=5FISSET(connection=5Fout, writeset)) --=09=09packet=5Fwrite=5Fpoll(); -+=09=09stdin=5Fbytes +=3D packet=5Fwrite=5Fpoll(); - } -=20 - /* -@@ -816,8 +832,10 @@ server=5Floop2(Authctxt *authctxt) - { - =09fd=5Fset *readset =3D NULL, *writeset =3D NULL; - =09int rekeying =3D 0, max=5Ffd, nalloc =3D 0; -+=09double start=5Ftime, total=5Ftime; -=20 - =09debug("Entering interactive session for SSH2."); -+=09start=5Ftime =3D get=5Fcurrent=5Ftime(); -=20 - =09mysignal(SIGCHLD, sigchld=5Fhandler); - =09child=5Fterminated =3D 0; -@@ -879,6 +897,11 @@ server=5Floop2(Authctxt *authctxt) -=20 - =09/* free remaining sessions, e.g. remove wtmp entries */ - =09session=5Fdestroy=5Fall(NULL); -+=09total=5Ftime =3D get=5Fcurrent=5Ftime() - start=5Ftime; -+=09logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %l= u;Duration: %.1f;tPut=5Fin: %.1f;tPut=5Fout: %.1f", -+=09 get=5Fremote=5Fipaddr(), get=5Fremote=5Fport(), -+=09 stdin=5Fbytes, fdout=5Fbytes, total=5Ftime, stdin=5Fbytes / = total=5Ftime,=20 -+=09 fdout=5Fbytes / total=5Ftime); - } -=20 - static void -@@ -994,8 +1017,12 @@ server=5Frequest=5Ftun(void) - =09sock =3D tun=5Fopen(tun, mode); - =09if (sock < 0) - =09=09goto done; -+=09if (options.hpn=5Fdisabled) - =09c =3D channel=5Fnew("tun", SSH=5FCHANNEL=5FOPEN, sock, sock, -1, - =09 CHAN=5FTCP=5FWINDOW=5FDEFAULT, CHAN=5FTCP=5FPACKET=5FDEFAULT, = 0, "tun", 1); -+=09else -+=09=09c =3D channel=5Fnew("tun", SSH=5FCHANNEL=5FOPEN, sock, sock, -1= , -+=09=09 options.hpn=5Fbuffer=5Fsize, CHAN=5FTCP=5FPACKET=5FDEFAULT,= 0, "tun", 1); - =09c->datagram =3D 1; - #if defined(SSH=5FTUN=5FFILTER) - =09if (mode =3D=3D SSH=5FTUNMODE=5FPOINTOPOINT) -@@ -1031,6 +1058,8 @@ server=5Frequest=5Fsession(void) - =09c =3D channel=5Fnew("session", SSH=5FCHANNEL=5FLARVAL, - =09 -1, -1, -1, /*window size*/0, CHAN=5FSES=5FPACKET=5FDEFAULT, - =09 0, "server-session", 1); -+=09if ((options.tcp=5Frcv=5Fbuf=5Fpoll) && (!options.hpn=5Fdisabled))= -+=09=09c->dynamic=5Fwindow =3D 1; - =09if (session=5Fopen(the=5Fauthctxt, c->self) !=3D 1) { - =09=09debug("session open failed, free channel %d", c->self); - =09=09channel=5Ffree(c); -diff -NupwB session.c session.c ---- session.c=092009-01-28 00:29:49.000000000 -0500 -+++ session.c=092009-05-14 12:36:10.000000000 -0400 -@@ -230,6 +230,7 @@ auth=5Finput=5Frequest=5Fforwarding(struct pas - =09} -=20 - =09/* Allocate a channel for the authentication agent socket. */ -+=09/* this shouldn't matter if its hpn or not - cjr */ - =09nc =3D channel=5Fnew("auth socket", - =09 SSH=5FCHANNEL=5FAUTH=5FSOCKET, sock, sock, -1, - =09 CHAN=5FX11=5FWINDOW=5FDEFAULT, CHAN=5FX11=5FPACKET=5FDEFAULT, -@@ -2301,10 +2302,16 @@ session=5Fset=5Ffds(Session *s, int fdin, in - =09 */ - =09if (s->chanid =3D=3D -1) - =09=09fatal("no channel for session %d", s->self); -+=09if (options.hpn=5Fdisabled) - =09channel=5Fset=5Ffds(s->chanid, - =09 fdout, fdin, fderr, - =09 fderr =3D=3D -1 =3F CHAN=5FEXTENDED=5FIGNORE : CHAN=5FEXTENDED= =5FREAD, - =09 1, is=5Ftty, CHAN=5FSES=5FWINDOW=5FDEFAULT); -+=09else=20 -+=09=09channel=5Fset=5Ffds(s->chanid, -+=09=09 fdout, fdin, fderr, -+=09 fderr =3D=3D -1 =3F CHAN=5FEXTENDED=5FIGNORE : CHAN=5F= EXTENDED=5FREAD, -+=09=09 1, is=5Ftty, options.hpn=5Fbuffer=5Fsize); - } -=20 - /* -diff -NupwB sftp.1 sftp.1 ---- sftp.1=092009-01-28 00:14:09.000000000 -0500 -+++ sftp.1=092009-05-14 12:36:10.000000000 -0400 -@@ -203,7 +203,8 @@ This option may be useful in debugging t - Specify how many requests may be outstanding at any one time. - Increasing this may slightly improve file transfer speed - but will increase memory usage. --The default is 64 outstanding requests. -+The default is 256 outstanding requests providing for 8MB=20 -+of outstanding data with a 32KB buffer. - .It Fl S Ar program - Name of the - .Ar program -diff -NupwB sftp.c sftp.c ---- sftp.c=092009-02-14 00:26:19.000000000 -0500 -+++ sftp.c=092009-05-14 12:36:10.000000000 -0400 -@@ -75,7 +75,7 @@ int batchmode =3D 0; - size=5Ft copy=5Fbuffer=5Flen =3D 32768; -=20 - /* Number of concurrent outstanding requests */ --size=5Ft num=5Frequests =3D 64; -+size=5Ft num=5Frequests =3D 256; -=20 - /* PID of ssh transport process */ - static pid=5Ft sshpid =3D -1; -diff -NupwB ssh.c ssh.c ---- ssh.c=092009-02-14 00:28:21.000000000 -0500 -+++ ssh.c=092009-05-14 12:36:10.000000000 -0400 -@@ -492,9 +492,6 @@ main(int ac, char **av) - =09=09=09no=5Fshell=5Fflag =3D 1; - =09=09=09no=5Ftty=5Fflag =3D 1; - =09=09=09break; --=09=09case 'T': --=09=09=09no=5Ftty=5Fflag =3D 1; --=09=09=09break; - =09=09case 'o': - =09=09=09dummy =3D 1; - =09=09=09line =3D xstrdup(optarg); -@@ -503,6 +500,13 @@ main(int ac, char **av) - =09=09=09=09exit(255); - =09=09=09xfree(line); - =09=09=09break; -+=09=09case 'T': -+=09=09=09no=5Ftty=5Fflag =3D 1; -+=09=09=09/* ensure that the user doesn't try to backdoor a */ -+=09=09=09/* null cipher switch on an interactive session */ -+=09=09=09/* so explicitly disable it no matter what */ -+=09=09=09options.none=5Fswitch=3D0; -+=09=09=09break; - =09=09case 's': - =09=09=09subsystem=5Fflag =3D 1; - =09=09=09break; -@@ -1142,6 +1146,9 @@ ssh=5Fsession2=5Fopen(void) - { - =09Channel *c; - =09int window, packetmax, in, out, err; -+=09int sock; -+=09int socksize; -+=09int socksizelen =3D sizeof(int); -=20 - =09if (stdin=5Fnull=5Fflag) { - =09=09in =3D open(=5FPATH=5FDEVNULL, O=5FRDONLY); -@@ -1162,9 +1169,75 @@ ssh=5Fsession2=5Fopen(void) - =09if (!isatty(err)) - =09=09set=5Fnonblock(err); -=20 --=09window =3D CHAN=5FSES=5FWINDOW=5FDEFAULT; -+=09/* we need to check to see if what they want to do about buffer */= -+=09/* sizes here. In a hpn to nonhpn connection we want to limit */ -+=09/* the window size to something reasonable in case the far side */= -+=09/* has the large window bug. In hpn to hpn connection we want to *= / -+=09/* use the max window size but allow the user to override it */ -+=09/* lastly if they disabled hpn then use the ssh std window size */= -+ -+=09/* so why don't we just do a getsockopt() here and set the */ -+=09/* ssh window to that=3F In the case of a autotuning receive */ -+=09/* window the window would get stuck at the initial buffer */ -+=09/* size generally less than 96k. Therefore we need to set the */ -+=09/* maximum ssh window size to the maximum hpn buffer size */ -+=09/* unless the user has specifically set the tcprcvbufpoll */ -+=09/* to no. In which case we *can* just set the window to the */ -+=09/* minimum of the hpn buffer size and tcp receive buffer size */ -+=09 -+=09if (tty=5Fflag) -+=09=09options.hpn=5Fbuffer=5Fsize =3D CHAN=5FSES=5FWINDOW=5FDEFAULT; -+=09else -+=09=09options.hpn=5Fbuffer=5Fsize =3D 2*1024*1024; -+ -+=09if (datafellows & SSH=5FBUG=5FLARGEWINDOW)=20 -+=09{ -+=09=09debug("HPN to Non-HPN Connection"); -+=09}=20 -+=09else=20 -+=09{ -+=09=09if (options.tcp=5Frcv=5Fbuf=5Fpoll <=3D 0)=20 -+=09=09{ -+=09=09=09sock =3D socket(AF=5FINET, SOCK=5FSTREAM, 0); -+=09=09=09getsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF,=20 -+=09=09=09=09 &socksize, &socksizelen); -+=09=09=09close(sock); -+=09=09=09debug("socksize %d", socksize); -+=09=09=09options.hpn=5Fbuffer=5Fsize =3D socksize; -+=09=09=09debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn=5Fbu= ffer=5Fsize); -+=09=09}=20 -+=09=09else -+=09=09{ -+=09=09=09if (options.tcp=5Frcv=5Fbuf > 0)=20 -+=09=09=09{ -+=09=09=09=09/*create a socket but don't connect it */ -+=09=09=09=09/* we use that the get the rcv socket size */ -+=09=09=09=09sock =3D socket(AF=5FINET, SOCK=5FSTREAM, 0); -+=09=09=09=09/* if they are using the tcp=5Frcv=5Fbuf option */ -+=09=09=09=09/* attempt to set the buffer size to that */ -+=09=09=09=09if (options.tcp=5Frcv=5Fbuf)=20 -+=09=09=09=09=09setsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF, (void *)&o= ptions.tcp=5Frcv=5Fbuf,=20 -+=09=09=09=09=09=09 sizeof(options.tcp=5Frcv=5Fbuf)); -+=09=09=09=09getsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF,=20 -+=09=09=09=09=09 &socksize, &socksizelen); -+=09=09=09=09close(sock); -+=09=09=09=09debug("socksize %d", socksize); -+=09=09=09=09options.hpn=5Fbuffer=5Fsize =3D socksize; -+=09=09=09=09debug ("HPNBufferSize set to user TCPRcvBuf: %d", options= .hpn=5Fbuffer=5Fsize); -+=09=09=09} -+ =09=09} -+=09=09 -+=09} -+ -+=09debug("Final hpn=5Fbuffer=5Fsize =3D %d", options.hpn=5Fbuffer=5Fs= ize); -+ -+=09window =3D options.hpn=5Fbuffer=5Fsize; -+ -+=09channel=5Fset=5Fhpn(options.hpn=5Fdisabled, options.hpn=5Fbuffer=5F= size); -+ - =09packetmax =3D CHAN=5FSES=5FPACKET=5FDEFAULT; - =09if (tty=5Fflag) { -+=09=09window =3D 4*CHAN=5FSES=5FPACKET=5FDEFAULT; - =09=09window >>=3D 1; - =09=09packetmax >>=3D 1; - =09} -@@ -1172,7 +1245,10 @@ ssh=5Fsession2=5Fopen(void) - =09 "session", SSH=5FCHANNEL=5FOPENING, in, out, err, - =09 window, packetmax, CHAN=5FEXTENDED=5FWRITE, - =09 "client-session", /*nonblock*/0); -- -+=09if ((options.tcp=5Frcv=5Fbuf=5Fpoll > 0) && (!options.hpn=5Fdisabl= ed)) { -+=09=09c->dynamic=5Fwindow =3D 1; -+=09=09debug ("Enabled Dynamic Window Scaling\n"); -+=09} - =09debug3("ssh=5Fsession2=5Fopen: channel=5Fnew: %d", c->self); -=20 - =09channel=5Fsend=5Fopen(c->self); -diff -NupwB sshconnect2.c sshconnect2.c ---- sshconnect2.c=092008-11-05 00:20:47.000000000 -0500 -+++ sshconnect2.c=092009-05-14 12:36:10.000000000 -0400 -@@ -78,6 +78,12 @@ - extern char *client=5Fversion=5Fstring; - extern char *server=5Fversion=5Fstring; - extern Options options; -+extern Kex *xxx=5Fkex; -+ -+/* tty=5Fflag is set in ssh.c. use this in ssh=5Fuserauth2 */ -+/* if it is set then prevent the switch to the null cipher */ -+ -+extern int tty=5Fflag; -=20 - /* - * SSH2 key exchange -@@ -350,6 +356,28 @@ ssh=5Fuserauth2(const char *local=5Fuser, co - =09pubkey=5Fcleanup(&authctxt); - =09dispatch=5Frange(SSH2=5FMSG=5FUSERAUTH=5FMIN, SSH2=5FMSG=5FUSERAUT= H=5FMAX, NULL); -=20 -+=09/* if the user wants to use the none cipher do it */ -+=09/* post authentication and only if the right conditions are met */= -+=09/* both of the NONE commands must be true and there must be no */ -+=09/* tty allocated */ -+=09if ((options.none=5Fswitch =3D=3D 1) && (options.none=5Fenabled =3D= =3D 1))=20 -+=09{ -+=09=09if (!tty=5Fflag) /* no null on tty sessions */ -+=09=09{ -+=09=09=09debug("Requesting none rekeying..."); -+=09=09=09myproposal[PROPOSAL=5FENC=5FALGS=5FSTOC] =3D "none"; -+=09=09=09myproposal[PROPOSAL=5FENC=5FALGS=5FCTOS] =3D "none"; -+=09=09=09kex=5Fprop2buf(&xxx=5Fkex->my,myproposal); -+=09=09=09packet=5Frequest=5Frekeying(); -+=09=09=09fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); -+=09=09} -+=09=09else -+=09=09{ -+=09=09=09/* requested NONE cipher when in a tty */ -+=09=09=09debug("Cannot switch to NONE cipher with tty allocated"); -+=09=09=09fprintf(stderr, "NONE cipher switch disabled when a TTY is a= llocated\n"); -+=09=09} -+=09} - =09debug("Authentication succeeded (%s).", authctxt.method->name); - } -=20 -diff -NupwB sshconnect.c sshconnect.c ---- sshconnect.c=092009-02-01 06:19:54.000000000 -0500 -+++ sshconnect.c=092009-05-14 12:36:10.000000000 -0400 -@@ -165,6 +165,31 @@ ssh=5Fproxy=5Fconnect(const char *host, u=5Fsh - } -=20 - /* -+ * Set TCP receive buffer if requested. -+ * Note: tuning needs to happen after the socket is -+ * created but before the connection happens -+ * so winscale is negotiated properly -cjr -+ */ -+static void -+ssh=5Fset=5Fsocket=5Frecvbuf(int sock) -+{ -+=09void *buf =3D (void *)&options.tcp=5Frcv=5Fbuf; -+=09int sz =3D sizeof(options.tcp=5Frcv=5Fbuf); -+=09int socksize; -+=09int socksizelen =3D sizeof(int); -+ -+=09debug("setsockopt Attempting to set SO=5FRCVBUF to %d", options.tc= p=5Frcv=5Fbuf); -+=09if (setsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF, buf, sz) >=3D 0) {= -+=09 getsockopt(sock, SOL=5FSOCKET, SO=5FRCVBUF, &socksize, &socksize= len); -+=09 debug("setsockopt SO=5FRCVBUF: %.100s %d", strerror(errno), sock= size); -+=09} -+=09else -+=09=09error("Couldn't set socket receive buffer to %d: %.100s", -+=09=09 options.tcp=5Frcv=5Fbuf, strerror(errno)); -+} -+ -+ -+/* - * Creates a (possibly privileged) socket for use as the ssh connecti= on. - */ - static int -@@ -187,12 +212,18 @@ ssh=5Fcreate=5Fsocket(int privileged, struct - =09=09=09 strerror(errno)); - =09=09else - =09=09=09debug("Allocated local port %d.", p); -+ -+=09=09if (options.tcp=5Frcv=5Fbuf > 0) -+=09=09=09ssh=5Fset=5Fsocket=5Frecvbuf(sock);=09=09 - =09=09return sock; - =09} - =09sock =3D socket(ai->ai=5Ffamily, ai->ai=5Fsocktype, ai->ai=5Fproto= col); - =09if (sock < 0) - =09=09error("socket: %.100s", strerror(errno)); -=20 -+=09if (options.tcp=5Frcv=5Fbuf > 0) -+=09=09ssh=5Fset=5Fsocket=5Frecvbuf(sock); -+=09 - =09/* Bind the socket to an alternative local IP address */ - =09if (options.bind=5Faddress =3D=3D NULL) - =09=09return sock; -@@ -536,7 +567,7 @@ ssh=5Fexchange=5Fidentification(int timeout=5F - =09snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", - =09 compat20 =3F PROTOCOL=5FMAJOR=5F2 : PROTOCOL=5FMAJOR=5F1, - =09 compat20 =3F PROTOCOL=5FMINOR=5F2 : minor1, --=09 SSH=5FVERSION, compat20 =3F "\r\n" : "\n"); -+=09 SSH=5FRELEASE, compat20 =3F "\r\n" : "\n"); - =09if (atomicio(vwrite, connection=5Fout, buf, strlen(buf)) !=3D strl= en(buf)) - =09=09fatal("write: %.100s", strerror(errno)); - =09client=5Fversion=5Fstring =3D xstrdup(buf); -diff -NupwB sshd.c sshd.c ---- sshd.c=092009-01-28 00:31:23.000000000 -0500 -+++ sshd.c=092009-05-14 12:36:10.000000000 -0400 -@@ -136,6 +136,9 @@ int deny=5Fseverity; - #define REEXEC=5FCONFIG=5FPASS=5FFD=09=09(STDERR=5FFILENO + 3) - #define REEXEC=5FMIN=5FFREE=5FFD=09=09(STDERR=5FFILENO + 4) -=20 -+int myflag =3D 0; -+ -+ - extern char *=5F=5Fprogname; -=20 - /* Server configuration options. */ -@@ -415,7 +418,7 @@ sshd=5Fexchange=5Fidentification(int sock=5Fin - =09=09minor =3D PROTOCOL=5FMINOR=5F1; - =09} - =09snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, --=09 SSH=5FVERSION, newline); -+=09 SSH=5FRELEASE, newline); - =09server=5Fversion=5Fstring =3D xstrdup(buf); -=20 - =09/* Send our protocol version identification. */ -@@ -466,6 +469,9 @@ sshd=5Fexchange=5Fidentification(int sock=5Fin - =09} - =09debug("Client protocol version %d.%d; client software version %.10= 0s", - =09 remote=5Fmajor, remote=5Fminor, remote=5Fversion); -+=09logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Cl= ient: %.100s", -+=09 get=5Fremote=5Fipaddr(), get=5Fremote=5Fport(), -+=09 remote=5Fmajor, remote=5Fminor, remote=5Fversion); -=20 - =09compat=5Fdatafellows(remote=5Fversion); -=20 -@@ -944,6 +950,8 @@ server=5Flisten(void) - =09int ret, listen=5Fsock, on =3D 1; - =09struct addrinfo *ai; - =09char ntop[NI=5FMAXHOST], strport[NI=5FMAXSERV]; -+=09int socksize; -+=09int socksizelen =3D sizeof(int); -=20 - =09for (ai =3D options.listen=5Faddrs; ai; ai =3D ai->ai=5Fnext) { - =09=09if (ai->ai=5Ffamily !=3D AF=5FINET && ai->ai=5Ffamily !=3D AF=5F= INET6) -@@ -990,6 +998,11 @@ server=5Flisten(void) -=20 - =09=09debug("Bind to port %s on %s.", strport, ntop); -=20 -+=09=09getsockopt(listen=5Fsock, SOL=5FSOCKET, SO=5FRCVBUF,=20 -+=09=09=09=09 &socksize, &socksizelen); -+=09=09debug("Server TCP RWIN socket size: %d", socksize); -+=09=09debug("HPN Buffer Size: %d", options.hpn=5Fbuffer=5Fsize); -+ - =09=09/* Bind the socket to the desired port. */ - =09=09if (bind(listen=5Fsock, ai->ai=5Faddr, ai->ai=5Faddrlen) < 0) {= - =09=09=09error("Bind to port %s on %s failed: %.200s.", -@@ -1817,6 +1830,9 @@ main(int ac, char **av) - =09/* Log the connection. */ - =09verbose("Connection from %.500s port %d", remote=5Fip, remote=5Fpo= rt); -=20 -+=09/* set the HPN options for the child */ -+=09channel=5Fset=5Fhpn(options.hpn=5Fdisabled, options.hpn=5Fbuffer=5F= size); -+ - =09/* - =09 * We don't want to listen forever unless the other side - =09 * successfully authenticates itself. So we set up an alarm which= is -@@ -2171,9 +2187,15 @@ do=5Fssh2=5Fkex(void) - { - =09Kex *kex; -=20 -+=09myflag++; -+=09debug ("MYFLAG IS %d", myflag); - =09if (options.ciphers !=3D NULL) { - =09=09myproposal[PROPOSAL=5FENC=5FALGS=5FCTOS] =3D - =09=09myproposal[PROPOSAL=5FENC=5FALGS=5FSTOC] =3D options.ciphers; -+=09} else if (options.none=5Fenabled =3D=3D 1) { -+=09=09debug ("WARNING: None cipher enabled"); -+=09=09myproposal[PROPOSAL=5FENC=5FALGS=5FCTOS] =3D -+=09=09myproposal[PROPOSAL=5FENC=5FALGS=5FSTOC] =3D KEX=5FENCRYPT=5FIN= CLUDE=5FNONE; - =09} - =09myproposal[PROPOSAL=5FENC=5FALGS=5FCTOS] =3D - =09 compat=5Fcipher=5Fproposal(myproposal[PROPOSAL=5FENC=5FALGS=5F= CTOS]); -diff -NupwB sshd=5Fconfig sshd=5Fconfig ---- sshd=5Fconfig=092008-07-02 08:35:43.000000000 -0400 -+++ sshd=5Fconfig=092009-05-14 12:36:10.000000000 -0400 -@@ -112,6 +112,20 @@ Protocol 2 - # override default of no subsystems - Subsystem=09sftp=09/usr/libexec/sftp-server -=20 -+# the following are HPN related configuration options -+# tcp receive buffer polling. disable in non autotuning kernels -+#TcpRcvBufPoll yes -+=20 -+# allow the use of the none cipher -+#NoneEnabled no -+ -+# disable hpn performance boosts.=20 -+#HPNDisabled no -+ -+# buffer size for hpn to non-hpn connections -+#HPNBufferSize 2048 -+ -+ - # Example of overriding settings on a per-user basis - #Match User anoncvs - #=09X11Forwarding no -diff -NupwB version.h version.h ---- version.h=092009-02-22 19:09:26.000000000 -0500 -+++ version.h=092009-05-14 12:42:05.000000000 -0400 -@@ -3,4 +3,5 @@ - #define SSH=5FVERSION=09"OpenSSH=5F5.2" -=20 - #define SSH=5FPORTABLE=09"p1" --#define SSH=5FRELEASE=09SSH=5FVERSION SSH=5FPORTABLE -+#define SSH=5FHPN "-hpn13v6" -+#define SSH=5FRELEASE=09SSH=5FVERSION SSH=5FPORTABLE SSH=5FHPN Index: files/openssh-5.2p1.sftpfilecontrol-v1.3.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/openssh-5.2p1.sftpfilecontrol-v1.3.patch diff -N files/openssh-5.2p1.sftpfilecontrol-v1.3.patch --- files/openssh-5.2p1.sftpfilecontrol-v1.3.patch=0931 Aug 2010 02:46:= 44 -0000=091.1 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,488 +0,0 @@ -Sftpfilecontrol Patch v1.3 -A patch to provide control over umask, chmod, chown, and chgrp in the = sftp-server that comes with openssh. -This patch is derived from the sftplogging patch. - -Original patch by Michael Martinez -Copyright (c) 2002 - 2009, Michael Martinez -All rights reserved. - -Redistribution and use in source and binary forms, with or without mod= ification, are permitted provided that the -following conditions are met: - -- Redistributions of source code must retain the above copyright notic= e, this list of conditions and the following disclaimer. -- Redistributions in binary form must reproduce the above copyright no= tice, this list of conditions and the following disclaimer in the docum= entation and/or other materials provided with the distribution. -- Neither the name of Michael Martinez nor the names of its contributo= rs may be used to endorse or promote products derived from this softwar= e without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "A= S IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILI= TY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE L= IABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMIT= ED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) = HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING N= EGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF= SUCH DAMAGE. - -Patch source using: patch -p0 < /path/to/patch -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D -Only in .: Makefile -Common subdirectories: gautom4te-2.53.cache and autom4te-2.53.cache -Common subdirectories: gcontrib and contrib -Common subdirectories: gopenbsd-compat and openbsd-compat -Common subdirectories: gregress and regress -Common subdirectories: gscard and scard -diff -u gversion.h version.h ---- gversion.h Mon Feb 23 17:24:15 2004 -+++ version.h=09Tues Apr 5 09:43:35 2005 -@@ -5,2 +5,2 @@ --#define SSH=5FPORTABLE=09"p1" -+#define SSH=5FPORTABLE=09"p1+sftpfilecontrol-v1.3" - #define SSH=5FRELEASE=09SSH=5FVERSION SSH=5FPORTABLE -diff -u gservconf.c servconf.c ---- gservconf.c=09Thu Sep 5 00:35:15 2002 -+++ servconf.c=09Wed Jan 29 09:43:35 2003 -@@ -119,4 +119,10 @@ - =09options->authorized=5Fkeys=5Ffile =3D NULL; - =09options->authorized=5Fkeys=5Ffile2 =3D NULL; -+ -+ =09memset(options->sftp=5Fumask, 0, SFTP=5FUMASK=5FLENGTH); -+ -+=09options->sftp=5Fpermit=5Fchmod =3D SFTP=5FPERMIT=5FNOT=5FSET; -+=09options->sftp=5Fpermit=5Fchown =3D SFTP=5FPERMIT=5FNOT=5FSET; -+ - =09options->num=5Faccept=5Fenv =3D 0; - =09options->permit=5Ftun =3D -1; -@@ -108,6 +108,6 @@ - void - fill=5Fdefault=5Fserver=5Foptions(ServerOptions *options) - { --=09/* Portable-specific options */ -+/* Portable-specific options */ -=09if (options->use=5Fpam =3D=3D -1) -=09=09options->use=5Fpam =3D 1; -@@ -225,6 +225,16 @@ - =09if (options->authorized=5Fkeys=5Ffile =3D=3D NULL) - =09=09options->authorized=5Fkeys=5Ffile =3D =5FPATH=5FSSH=5FUSER=5FPE= RMITTED=5FKEYS; -=20 -+=09/* Don't set sftp-server umask */ -+=09if (!options->sftp=5Fumask) -+=09=09memset(options->sftp=5Fumask, 0, SFTP=5FUMASK=5FLENGTH); -+ -+=09/* allow sftp client to issue chmod, chown / chgrp commands */ -+=09if (options->sftp=5Fpermit=5Fchmod =3D=3D SFTP=5FPERMIT=5FNOT=5FSE= T) -+=09=09options->sftp=5Fpermit=5Fchmod =3D SFTP=5FPERMIT=5FYES; -+=09if (options->sftp=5Fpermit=5Fchown =3D=3D SFTP=5FPERMIT=5FNOT=5FSE= T) -+=09=09options->sftp=5Fpermit=5Fchown =3D SFTP=5FPERMIT=5FYES; -+ - =09/* Turn privilege separation on by default */ - =09if (use=5Fprivsep =3D=3D -1) - =09=09use=5Fprivsep =3D 1; -@@ -264,4 +264,6 @@ -=09sMatch, sPermitOpen, sForceCommand, sChrootDirectory, -=09sUsePrivilegeSeparation, sAllowAgentForwarding, -+=09sSftpUmask, -+=09sSftpPermitChown, sSftpPermitChmod, -=09sDeprecated, sUnsupported - } ServerOpCodes; -@@ -431,3 +431,6 @@ - =09{ "acceptenv", sAcceptEnv, SSHCFG=5FGLOBAL }, -+=09{ "sftpumask", sSftpUmask}, -+=09{ "sftppermitchmod", sSftpPermitChmod}, -+=09{ "sftppermitchown", sSftpPermitChown}, - =09{ "permittunnel", sPermitTunnel, SSHCFG=5FGLOBAL }, - =09{ "match", sMatch, SSHCFG=5FALL }, -@@ -640,8 +640,10 @@ - =09char *cp, **charptr, *arg, *p; - =09int cmdline =3D 0, *intptr, value, n; -=09SyslogFacility *log=5Ffacility=5Fptr; -=09LogLevel *log=5Flevel=5Fptr; -+=09unsigned int umaskvalue =3D 0; -+=09char *umaskptr; -=09ServerOpCodes opcode; -=09int port; -=09u=5Fint i, flags =3D 0; -=09size=5Ft len; -@@ -1149,6 +1149,32 @@ - =09case sBanner: - =09=09charptr =3D &options->banner; - =09=09goto parse=5Ffilename; - -+ -+ case sSftpUmask: -+ arg =3D strdelim(&cp); -+=09=09umaskptr =3D arg; -+ while (*arg && *arg >=3D '0' && *arg <=3D '9') -+ umaskvalue =3D umaskvalue * 8 + *arg++ - '0'; -+ if (*arg || umaskvalue > 0777) -+ fatal("%s line %d: bad value for umask", -+=09=09=09 filename, linenum); -+=09=09else { -+=09=09=09while (*umaskptr && *umaskptr =3D=3D '0') -+=09=09=09=09=09*umaskptr++; -+=09=09=09strncpy(options->sftp=5Fumask, umaskptr, -+=09=09=09=09SFTP=5FUMASK=5FLENGTH); -+=09=09} -+ -+ break; -+ -+ case sSftpPermitChmod: -+ intptr =3D &options->sftp=5Fpermit=5Fchmod; -+ goto parse=5Fflag; -+ -+ case sSftpPermitChown: -+ intptr =3D &options->sftp=5Fpermit=5Fchown; -+ goto parse=5Fflag; -+ - =09/* - =09 * These options can contain %X options expanded at -@@ -1290,6 +1290,7 @@ - =09if ((arg =3D strdelim(&cp)) !=3D NULL && *arg !=3D '\0') - =09=09fatal("%s line %d: garbage at end of line; \"%.200s\".", - =09=09 filename, linenum, arg); -+ - =09return 0; - } -=20 -diff -u gservconf.h servconf.h ---- gservconf.h=09Wed Jul 31 21:28:39 2002 -+++ servconf.h=09Wed Jan 29 09:41:06 2003 -@@ -35,4 +35,11 @@ - #define PERMIT=5FNO=5FPASSWD=092 - #define PERMIT=5FYES=09=093 -=20 -+/* sftp-server umask control */ -+#define SFTP=5FUMASK=5FLENGTH=095 -+ -+/* sftp-server client priviledge */ -+#define SFTP=5FPERMIT=5FNOT=5FSET=09-1 -+#define SFTP=5FPERMIT=5FNO=09=090 -+#define SFTP=5FPERMIT=5FYES=09=091 - #define DEFAULT=5FAUTH=5FFAIL=5FMAX=096=09/* Default for MaxAuthTries= */ -@@ -145,2 +145,5 @@ -=09int=09use=5Fpam;=09=09/* Enable auth via PAM */ -+=09char=09sftp=5Fumask[SFTP=5FUMASK=5FLENGTH];=09=09/* Sftp Umask */ -+=09int=09sftp=5Fpermit=5Fchmod; -+=09int=09sftp=5Fpermit=5Fchown; -=09int=09permit=5Ftun; -diff -u gsession.c session.c ---- gsession.c=09Wed Sep 25 20:38:50 2002 -+++ session.c=09Wed Jan 29 09:44:18 2003 -@@ -111,6 +111,8 @@ - login=5Fcap=5Ft *lc; - #endif -=20 -+static char *sftpumask; -+ - /* Name and directory of socket for authentication agent forwarding. = */ - static char *auth=5Fsock=5Fname =3D NULL; - static char *auth=5Fsock=5Fdir =3D NULL; -@@ -957,6 +966,7 @@ - =09env =3D xmalloc(envsize * sizeof(char *)); - =09env[0] =3D NULL; -=20 -+ - #ifdef HAVE=5FCYGWIN - =09/* - =09 * The Windows environment contains some setting which are -@@ -1083,6 +1093,43 @@ - =09if (auth=5Fsock=5Fname !=3D NULL) - =09=09child=5Fset=5Fenv(&env, &envsize, SSH=5FAUTHSOCKET=5FENV=5FNAME= , - =09=09 auth=5Fsock=5Fname); -+ -+=09/* SFTP=5FUMASK */ -+ -+=09if (options.sftp=5Fumask[0] =3D=3D '\0') -+=09=09child=5Fset=5Fenv(&env, &envsize, "SFTP=5FUMASK",=20 -+=09=09=09"" ); -+=09else { -+=09=09if (!(sftpumask =3D calloc(SFTP=5FUMASK=5FLENGTH,1))) { -+ -+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask= control \ -+will be turned off."); -+ -+=09=09child=5Fset=5Fenv(&env, &envsize, "SFTP=5FUMASK",=20 -+=09=09=09"" ); -+=09=09} else { -+=09=09=09strncpy(sftpumask, options.sftp=5Fumask, -+=09=09=09=09SFTP=5FUMASK=5FLENGTH); -+=09=09=09child=5Fset=5Fenv(&env, &envsize, "SFTP=5FUMASK",=20 -+=09=09=09=09sftpumask ); -+=09=09} -+=09} -+ -+ /* SFTP=5FPERMIT=5FCHMOD */ -+ if (options.sftp=5Fpermit=5Fchmod =3D=3D -1 ) -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= MOD", "-1"); -+ else if (options.sftp=5Fpermit=5Fchmod =3D=3D 0) -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= MOD", "0"); -+ else -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= MOD", "1"); -+ -+ /* SFTP=5FPERMIT=5FCHOWN */ -+ if (options.sftp=5Fpermit=5Fchown =3D=3D -1 ) -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= OWN", "-1"); -+ else if (options.sftp=5Fpermit=5Fchown =3D=3D 0) -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= OWN", "0"); -+ else -+ child=5Fset=5Fenv(&env, &envsize, "SFTP=5FPERMIT=5FCH= OWN", "1"); -=20 - =09/* read $HOME/.ssh/environment. */ - =09if (options.permit=5Fuser=5Fenv && !options.use=5Flogin) { -diff -u gsftp-server.8 sftp-server.8 ---- gsftp-server.8=09Mon Jun 25 00:45:35 2001 -+++ sftp-server.8=09Wed Jan 29 10:11:28 2003 -@@ -51,3 +51,12 @@ - See - .Xr sshd=5Fconfig 5 -+for more information.=20 -+The administrator may exert control over the file and directory -+permission and ownership, with -+.Cm SftpUmask , -+.Cm SftpPermitChmod , -+and -+.Cm SftpPermitChown -+. See -+.Xr sshd=5Fconfig 5 - for more information. -@@ -75,8 +75,9 @@=20 - .Sh SEE ALSO - .Xr sftp 1 , - .Xr ssh 1 , - .Xr sshd=5Fconfig 5 , --.Xr sshd 8 -+.Xr sshd 8, -+.Xr sshd=5Fconfig 5 - .Rs - .%A T. Ylonen - .%A S. Lehtinen -diff -u gsshd.c sshd.c ---- gsshd.c Wed Sep 11 19:54:27 2002 -+++ sshd.c Mon Nov 10 11:26:45 2003 -@@ -379,4 +379,3 @@ -=09} --=09snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, --=09 SSH=5FVERSION, newline); -+=09snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH=5F= RELEASE); -=09server=5Fversion=5Fstring =3D xstrdup(buf); -diff -u gsftp-server.c sftp-server.c ---- gsftp-server.c Wed Sep 11 19:54:27 2002 -+++ sftp-server.c Mon Nov 10 11:26:45 2003 -@@ -51,3 +51,9 @@ - #define get=5Fstring(lenp) =09=09buffer=5Fget=5Fstring(&iqueue, lenp)= ; -=20 -+/* SFTP=5FUMASK */ -+static mode=5Ft setumask =3D 0; -+ -+static int permit=5Fchmod =3D 1; -+static int permit=5Fchown =3D 1; -+ - /* Our verbosity */ -@@ -500,5 +500,12 @@ - =09flags =3D flags=5Ffrom=5Fportable(pflags); - =09mode =3D (a->flags & SSH2=5FFILEXFER=5FATTR=5FPERMISSIONS) =3F a->= perm : 0666; -+ -+=09if (setumask !=3D 0) { -+=09=09logit("setting file creation mode to 0666 and umask to %o", set= umask); -+=09=09mode =3D 0666; -+=09=09umask(setumask); -+=09} -+ - =09logit("open \"%s\" flags %s mode 0%o", - =09 name, string=5Ffrom=5Fportable(pflags), mode); - =09fd =3D open(name, flags, mode); -@@ -512,6 +512,7 @@ - =09=09=09status =3D SSH2=5FFX=5FOK; - =09=09} - =09} -+=09logit("open %s", name); - =09if (status !=3D SSH2=5FFX=5FOK) - =09=09send=5Fstatus(id, status); - =09xfree(name); -@@ -703,6 +703,8 @@ -=09name =3D get=5Fstring(NULL); -=09a =3D get=5Fattrib(); -=09debug("request %u: setstat name \"%s\"", id, name); -+=20 -=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FSIZE) { -+logit("process=5Fsetstat: truncate"); -=09=09logit("set \"%s\" size %llu", -=09=09 name, (unsigned long long)a->size); -@@ -708,9 +708,15 @@ -=09=09=09status =3D errno=5Fto=5Fportable(errno); -=09} -=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FPERMISSIONS) { --=09=09logit("set \"%s\" mode %04o", name, a->perm); --=09=09ret =3D chmod(name, a->perm & 07777); --=09=09if (ret =3D=3D -1) --=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09if (permit=5Fchmod =3D=3D 1) { -+=09=09=09ret =3D chmod(name, a->perm & 0777); -+=09=09=09if (ret =3D=3D -1) -+=09=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09=09else -+=09=09=09=09logit("chmod'ed %s", name); -+=09=09} else { -+=09=09=09status =3D SSH2=5FFX=5FPERMISSION=5FDENIED; -+=09=09=09logit("chmod %s: operation prohibited by sftp-server configu= ration.", name); -+=09=09} -=09} -=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FACMODTIME) { -@@ -727,7 +727,12 @@ -=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FUIDGID) { --=09=09logit("set \"%s\" owner %lu group %lu", name, --=09=09 (u=5Flong)a->uid, (u=5Flong)a->gid); --=09=09ret =3D chown(name, a->uid, a->gid); --=09=09if (ret =3D=3D -1) --=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09if (permit=5Fchown =3D=3D 1) { -+=09=09=09ret =3D chown(name, a->uid, a->gid); -+=09=09=09if (ret =3D=3D -1) -+=09=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09=09else -+=09=09=09=09logit("chown'ed %s.", name); -+=09=09} else { -+=09=09=09status =3D SSH2=5FFX=5FPERMISSION=5FDENIED; -+=09=09=09logit("chown %s: operation prohibited by sftp-server configu= ration.", name); -+=09=09} -=09} -@@ -752,5 +752,6 @@ -=09=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FPERMISSIONS) { -=09=09=09logit("set \"%s\" mode %04o", name, a->perm); -+=09=09=09if (permit=5Fchmod =3D=3D 1) { - #ifdef HAVE=5FFCHMOD -=09=09=09ret =3D fchmod(fd, a->perm & 0777); - #else -@@ -757,8 +757,14 @@ -=09=09=09ret =3D chmod(name, a->perm & 0777); - #endif -=09=09=09if (ret =3D=3D -1) -=09=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09=09else -+=09=09=09=09logit("chmod: succeeded."); -+=09=09 } else { /* permit=5Fchmod */ -+ status =3D SSH2=5FFX=5FPERMISSION=5FDENIED; -+=09=09=09logit("chmod: operation prohibited by sftp-server configurat= ion."); -+=09=09 } /* permit=5Fchmod */ -=09=09} -=09=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FACMODTIME) { -=09=09=09char buf[64]; -=09=09=09time=5Ft t =3D a->mtime; -@@ -777,14 +777,21 @@ -=09=09if (a->flags & SSH2=5FFILEXFER=5FATTR=5FUIDGID) { -=09=09=09logit("set \"%s\" owner %lu group %lu", name, -=09=09=09 (u=5Flong)a->uid, (u=5Flong)a->gid); -+=09=09=09if (permit=5Fchown =3D=3D 1) { - #ifdef HAVE=5FFCHOWN -=09=09=09ret =3D fchown(fd, a->uid, a->gid); - #else -=09=09=09ret =3D chown(name, a->uid, a->gid); - #endif -=09=09=09if (ret =3D=3D -1) -=09=09=09=09status =3D errno=5Fto=5Fportable(errno); -+=09=09=09else -+=09=09=09=09logit("chown: succeeded"); -+=09=09 } else { /* permit=5Fchown */ -+=09=09=09status =3D SSH2=5FFX=5FPERMISSION=5FDENIED; -+=09=09=09logit("chown: operation prohibited by sftp-server configurat= ion."); -+=09=09 } /* permit=5Fchown */ -=09=09} -=09} -=09send=5Fstatus(id, status); - } -@@ -916,6 +916,13 @@ -=09a =3D get=5Fattrib(); -=09mode =3D (a->flags & SSH2=5FFILEXFER=5FATTR=5FPERMISSIONS) =3F -=09 a->perm & 07777 : 0777; -+ -+ if (setumask !=3D 0) { -+ logit("setting directory creation mode to 0777 and um= ask to %o.", setumask); -+ mode =3D 0777; -+ umask(setumask); -+ } -+ -=09debug3("request %u: mkdir", id); -=09logit("mkdir name \"%s\" mode 0%o", name, mode); -=09ret =3D mkdir(name, mode); -@@ -1210,4 +1210,6 @@ -=09fd=5Fset *rset, *wset; -=09int in, out, max, ch, skipargs =3D 0, log=5Fstderr =3D 0; -+=09unsigned int val =3D 0; -+=09char *umask=5Fenv; -=09ssize=5Ft len, olen, set=5Fsize; -=09SyslogFacility log=5Ffacility =3D SYSLOG=5FFACILITY=5FAUTH; -@@ -1271,4 +1271,33 @@ -=09handle=5Finit(); - -+=09/* Umask control */ -+ -+=09umask=5Fenv =3D getenv("SFTP=5FUMASK"); -+=09if ( umask=5Fenv && *umask=5Fenv !=3D NULL ) -+=09{ -+=09=09while (*umask=5Fenv && *umask=5Fenv >=3D '0' && *umask=5Fenv <=3D= '9') -+=09=09=09val =3D val * 8 + *umask=5Fenv++ - '0'; -+ -+=09=09if (*umask=5Fenv || val > 0777 || val =3D=3D 0) { -+=09=09=09logit("bad value %o for SFTP=5FUMASK, turning umask control = off.", val); -+=09=09=09setumask =3D 0; -+=09=09} else { -+=09=09=09logit("umask control is on."); -+=09=09=09setumask =3D val; -+=09=09}; -+=09} else setumask =3D 0; -+ -+ -+=09/* Sensitive client commands */ -+=09 -+ if ( (getenv("SFTP=5FPERMIT=5FCHMOD") !=3D NULL) && (atoi(get= env("SFTP=5FPERMIT=5FCHMOD")) !=3D 1) ) { -+=09=09permit=5Fchmod =3D 0; -+ logit("client is not permitted to chmod."); -+=09}; -+ if ( (getenv("SFTP=5FPERMIT=5FCHOWN") !=3D NULL) && (atoi(get= env("SFTP=5FPERMIT=5FCHOWN")) !=3D 1) ) { -+=09=09permit=5Fchown =3D 0; -+ logit("client is not permitted to chown."); -+=09}; -+=09 -=09in =3D dup(STDIN=5FFILENO); -=09out =3D dup(STDOUT=5FFILENO); -Only in : ssh=5Fprng=5Fcmds -diff -u gsshd=5Fconfig sshd=5Fconfig ---- gsshd=5Fconfig=09Thu Sep 26 23:21:58 2002 -+++ sshd=5Fconfig=09Wed Jan 29 10:08:39 2003 -@@ -91,5 +91,11 @@ - # override default of no subsystems - Subsystem=09sftp=09/usr/libexec/sftp-server - -+# sftp-server umask control -+#SftpUmask -+ -+#SftpPermitChmod yes -+#SftpPermitChown yes -+ - # Example of overriding settings on a per-user basis - #Match User anoncvs -diff -u gsshd=5Fconfig.5 sshd=5Fconfig.5 ---- gsshd=5Fconfig.5=09Wed Sep 18 21:51:22 2002 -+++ sshd=5Fconfig.5=09Wed Jan 29 10:10:03 2003 -@@ -558,5 +562,21 @@ - .It Cm ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 server= key. - The minimum value is 512, and the default is 1024. -+.It Cm SftpPermitChmod -+Specifies whether the sftp-server allows the sftp client to execute c= hmod=20 -+commands on the server. The default is yes. -+.It Cm SftpPermitChown -+Specifies whether the sftp-server allows the sftp client to execute c= hown -+or chgrp commands on the server. Turning this value on means that the= client -+is allowed to execute both chown and chgrp commands. Turning it off m= eans that -+the client is prohibited from executing either chown or chgrp. -+ The default is yes. -+.It Cm SftpUmask -+Specifies an optional umask for=20 -+.Nm sftp-server -+subsystem transactions. If a umask is given, this umask will override= all system,=20 -+environment or sftp client permission modes. If -+no umask or an invalid umask is given, file creation mode defaults to= the permission -+mode specified by the sftp client. The default is for no umask. - .It Cm StrictModes - Specifies whether -/* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */ - -#define SSH=5FVERSION "OpenSSH=5F5.2p1" Index: files/scardpin.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/scardpin.patch diff -N files/scardpin.patch --- files/scardpin.patch=0930 Aug 2007 15:40:39 -0000=091.2 +++ /dev/null=091 Jan 1970 00:00:00 -0000 @@ -1,134 +0,0 @@ -# -# https://bugzilla.mindrot.org/show=5Fbug.cgi=3Fid=3D608 -# -Index: scard-opensc.c -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -RCS file: /cvs/openssh/scard-opensc.c,v -retrieving revision 1.12 -diff -u -r1.12 scard-opensc.c ---- scard-opensc.c=0925 Aug 2003 00:58:26 -0000=091.12 -+++ scard-opensc.c=0927 Aug 2003 11:42:02 -0000 -@@ -38,6 +38,8 @@ - #include "readpass.h" - #include "scard.h" -=20 -+int ask=5Ffor=5Fpin=3D0; -+ - #if OPENSSL=5FVERSION=5FNUMBER < 0x00907000L && defined(CRYPTO=5FLOCK= =5FENGINE) - #define USE=5FENGINE - #define RSA=5Fget=5Fdefault=5Fmethod RSA=5Fget=5Fdefault=5Fopenssl=5F= method -@@ -119,6 +121,7 @@ - =09struct sc=5Fpkcs15=5Fprkey=5Finfo *key; - =09struct sc=5Fpkcs15=5Fobject *pin=5Fobj; - =09struct sc=5Fpkcs15=5Fpin=5Finfo *pin; -+=09char *passphrase =3D NULL; -=20 - =09priv =3D (struct sc=5Fpriv=5Fdata *) RSA=5Fget=5Fapp=5Fdata(rsa); - =09if (priv =3D=3D NULL) -@@ -156,24 +159,47 @@ - =09=09goto err; - =09} - =09pin =3D pin=5Fobj->data; -+ -+=09if (sc=5Fpin) -+=09=09passphrase =3D sc=5Fpin; -+=09else if (ask=5Ffor=5Fpin) { -+=09=09/* we need a pin but don't have one =3D> ask for the pin */ -+=09=09char prompt[64]; -+ -+=09=09snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", -+=09=09=09key=5Fobj->label =3F key=5Fobj->label : "smartcard key"); -+=09=09passphrase =3D read=5Fpassphrase(prompt, 0); -+=09=09if (!passphrase || !strcmp(passphrase, "")) -+=09=09=09goto err; -+=09} else=20 -+=09=09/* no pin =3D> error */ -+=09=09goto err; -+ - =09r =3D sc=5Flock(card); - =09if (r) { - =09=09error("Unable to lock smartcard: %s", sc=5Fstrerror(r)); - =09=09goto err; - =09} --=09if (sc=5Fpin !=3D NULL) { --=09=09r =3D sc=5Fpkcs15=5Fverify=5Fpin(p15card, pin, sc=5Fpin, --=09=09=09=09=09 strlen(sc=5Fpin)); --=09=09if (r) { --=09=09=09sc=5Funlock(card); --=09=09=09error("PIN code verification failed: %s", --=09=09=09 sc=5Fstrerror(r)); --=09=09=09goto err; --=09=09} -+=09r =3D sc=5Fpkcs15=5Fverify=5Fpin(p15card, pin, passphrase, -+=09=09=09=09 strlen(passphrase)); -+=09if (r) { -+=09=09sc=5Funlock(card); -+=09=09error("PIN code verification failed: %s", -+=09=09 sc=5Fstrerror(r)); -+=09=09goto err; - =09} -+ - =09*key=5Fobj=5Fout =3D key=5Fobj; -+=09if (!sc=5Fpin) { -+=09=09memset(passphrase, 0, strlen(passphrase)); -+=09=09xfree(passphrase); -+=09} - =09return 0; - err: -+=09if (!sc=5Fpin && passphrase) { -+=09=09memset(passphrase, 0, strlen(passphrase)); -+=09=09xfree(passphrase); -+=09} - =09sc=5Fclose(); - =09return -1; - } -Index: scard.c -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -RCS file: /cvs/openssh/scard.c,v -retrieving revision 1.27 -diff -u -r1.27 scard.c ---- scard.c=0918 Jun 2003 10:28:40 -0000=091.27 -+++ scard.c=0927 Aug 2003 11:42:02 -0000 -@@ -35,6 +35,9 @@ - #include "readpass.h" - #include "scard.h" -=20 -+/* currently unused */ -+int ask=5Ffor=5Fpin =3D 0; -+ - #if OPENSSL=5FVERSION=5FNUMBER < 0x00907000L - #define USE=5FENGINE - #define RSA=5Fget=5Fdefault=5Fmethod RSA=5Fget=5Fdefault=5Fopenssl=5F= method -Index: scard.h -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -RCS file: /cvs/openssh/scard.h,v -retrieving revision 1.10 -diff -u -r1.10 scard.h ---- scard.h=0918 Jun 2003 10:28:40 -0000=091.10 -+++ scard.h=0927 Aug 2003 11:42:02 -0000 -@@ -33,6 +33,8 @@ - #define SCARD=5FERROR=5FNOCARD=09-2 - #define SCARD=5FERROR=5FAPPLET=09-3 -=20 -+extern int ask=5Ffor=5Fpin; -+ - Key=09**sc=5Fget=5Fkeys(const char *, const char *); - void=09 sc=5Fclose(void); - int=09 sc=5Fput=5Fkey(Key *, const char *); -Index: ssh.c -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -RCS file: /cvs/openssh/ssh.c,v -retrieving revision 1.180 -diff -u -r1.180 ssh.c ---- ssh.c=0921 Aug 2003 23:34:41 -0000=091.180 -+++ ssh.c=0927 Aug 2003 11:42:02 -0000 -@@ -1155,6 +1155,9 @@ - #ifdef SMARTCARD - =09Key **keys; -=20 -+=09if (!options.batch=5Fmode) -+=09=09ask=5Ffor=5Fpin =3D 1; -+ - =09if (options.smartcard=5Fdevice !=3D NULL && - =09 options.num=5Fidentity=5Ffiles < SSH=5FMAX=5FIDENTITY=5FFILES = && - =09 (keys =3D sc=5Fget=5Fkeys(options.smartcard=5Fdevice, NULL)) != =3D NULL ) { --PCGpoR0gWV-- From: John Hein To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 11:29:23 -0600 --gbAT/ME/2i Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit As I mentioned in the last submission, here is a second patchset that just refreshes patches (diff hunk line numbers and dates) that otherwise apply cleanly. It can be considered optional. --gbAT/ME/2i Content-Type: text/plain; name="p-refresh-patches" Content-Description: just refresh patches that otherwise apply cleanly Content-Disposition: inline; filename="p-refresh-patches" Content-Transfer-Encoding: 7bit These patch updates do not change the end result at all. The orignal patch files still apply cleanly to 5.6p1 files. The updates below are just refreshed (update line numbers and date header) against the 5.6p1 files. Index: files/gss-serv.c.patch =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/gss-serv.c.patch,v retrieving revision 1.2 diff -u -p -r1.2 gss-serv.c.patch --- files/gss-serv.c.patch 7 Feb 2006 20:07:54 -0000 1.2 +++ files/gss-serv.c.patch 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- gss-serv.c.orig Sat Nov 5 02:07:05 2005 -+++ gss-serv.c Thu Feb 2 22:45:37 2006 -@@ -134,6 +134,16 @@ +--- gss-serv.c.orig 2008-05-18 23:05:07.000000000 -0600 ++++ gss-serv.c 2010-09-14 16:14:12.000000000 -0600 +@@ -192,6 +192,16 @@ OM_uint32 offset; OM_uint32 oidl; Index: files/patch-Makefile.in =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-Makefile.in,v retrieving revision 1.5 diff -u -p -r1.5 patch-Makefile.in --- files/patch-Makefile.in 7 Feb 2006 20:07:54 -0000 1.5 +++ files/patch-Makefile.in 14 Sep 2010 22:29:54 -0000 @@ -1,8 +1,8 @@ ---- Makefile.in.orig Fri Feb 25 18:12:38 2005 -+++ Makefile.in Sat Mar 19 19:53:44 2005 -@@ -230,7 +230,7 @@ +--- Makefile.in.orig 2010-05-12 00:51:39.000000000 -0600 ++++ Makefile.in 2010-09-14 16:14:12.000000000 -0600 +@@ -238,7 +238,7 @@ + $(AUTORECONF) -rm -rf autom4te.cache - (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf Index: files/patch-auth.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-auth.c,v retrieving revision 1.8 diff -u -p -r1.8 patch-auth.c --- files/patch-auth.c 1 Oct 2006 02:15:00 -0000 1.8 +++ files/patch-auth.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- auth.c.orig Wed Sep 6 21:36:43 2006 -+++ auth.c Sat Sep 30 10:38:04 2006 -@@ -500,7 +501,7 @@ +--- auth.c.orig 2010-08-12 11:33:01.000000000 -0600 ++++ auth.c 2010-09-14 16:14:12.000000000 -0600 +@@ -594,7 +594,7 @@ if (!allowed_user(pw)) return (NULL); #ifdef HAVE_LOGIN_CAP Index: files/patch-auth1.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-auth1.c,v retrieving revision 1.7 diff -u -p -r1.7 patch-auth1.c --- files/patch-auth1.c 1 Oct 2006 02:15:00 -0000 1.7 +++ files/patch-auth1.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- auth1.c.orig Fri Sep 1 02:38:36 2006 -+++ auth1.c Sat Sep 30 18:47:57 2006 -@@ -39,6 +39,7 @@ +--- auth1.c.orig 2010-06-25 18:01:33.000000000 -0600 ++++ auth1.c 2010-09-14 16:14:12.000000000 -0600 +@@ -40,6 +40,7 @@ #endif #include "monitor_wrap.h" #include "buffer.h" @@ -8,7 +8,7 @@ /* import */ extern ServerOptions options; -@@ -238,6 +239,13 @@ +@@ -239,6 +240,13 @@ char info[1024]; int prev = 0, type = 0; const struct AuthMethod1 *meth; @@ -22,11 +22,10 @@ debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "invalid user ", authctxt->user); -@@ -288,6 +296,26 @@ - "type %d", type); +@@ -292,6 +300,26 @@ goto skip; } -+ + +#ifdef HAVE_LOGIN_CAP + if (authctxt->pw != NULL) { + lc = login_getpwclass(authctxt->pw); @@ -46,6 +45,7 @@ + lc = NULL; + } +#endif /* HAVE_LOGIN_CAP */ - ++ if (!*(meth->enabled)) { verbose("%s authentication disabled.", meth->name); + goto skip; Index: files/patch-auth2.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-auth2.c,v retrieving revision 1.7 diff -u -p -r1.7 patch-auth2.c --- files/patch-auth2.c 19 Apr 2008 13:46:24 -0000 1.7 +++ files/patch-auth2.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- auth2.c.orig 2008-04-07 22:16:43.000000000 -0300 -+++ auth2.c 2008-04-07 22:20:03.000000000 -0300 -@@ -41,6 +41,7 @@ +--- auth2.c.orig 2009-06-22 00:11:07.000000000 -0600 ++++ auth2.c 2010-09-14 16:14:12.000000000 -0600 +@@ -46,6 +46,7 @@ #include "key.h" #include "hostfile.h" #include "auth.h" @@ -8,7 +8,7 @@ #include "dispatch.h" #include "pathnames.h" #include "buffer.h" -@@ -146,6 +147,13 @@ +@@ -217,6 +218,13 @@ Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -22,7 +22,7 @@ if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); -@@ -194,6 +202,27 @@ +@@ -261,6 +269,27 @@ "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } @@ -49,4 +49,4 @@ + /* reset state */ auth2_challenge_stop(authctxt); - + #ifdef JPAKE Index: files/patch-loginrec.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-loginrec.c,v retrieving revision 1.6 diff -u -p -r1.6 patch-loginrec.c --- files/patch-loginrec.c 1 Oct 2006 02:15:00 -0000 1.6 +++ files/patch-loginrec.c 14 Sep 2010 22:29:54 -0000 @@ -1,16 +1,16 @@ ---- loginrec.c.orig Tue Feb 15 12:19:28 2005 -+++ loginrec.c Sat Mar 19 20:55:59 2005 -@@ -164,6 +164,9 @@ - #ifdef HAVE_LIBUTIL_H - # include +--- loginrec.c.orig 2010-04-09 02:13:27.000000000 -0600 ++++ loginrec.c 2010-09-14 16:14:12.000000000 -0600 +@@ -179,6 +179,9 @@ + #ifdef HAVE_UTIL_H + # include #endif +#ifdef __FreeBSD__ +#include +#endif - RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $"); - -@@ -670,8 +673,13 @@ + #ifdef HAVE_LIBUTIL_H + # include +@@ -693,8 +696,13 @@ strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username)); # ifdef HAVE_HOST_IN_UTMP Index: files/patch-readconf.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-readconf.c,v retrieving revision 1.1 diff -u -p -r1.1 patch-readconf.c --- files/patch-readconf.c 1 Oct 2006 02:15:00 -0000 1.1 +++ files/patch-readconf.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- readconf.c.orig Fri Sep 1 02:38:37 2006 -+++ readconf.c Sat Sep 30 10:38:05 2006 -@@ -1112,7 +1122,7 @@ +--- readconf.c.orig 2010-08-03 00:04:46.000000000 -0600 ++++ readconf.c 2010-09-14 16:14:12.000000000 -0600 +@@ -1169,7 +1169,7 @@ if (options->batch_mode == -1) options->batch_mode = 0; if (options->check_host_ip == -1) Index: files/patch-servconf.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-servconf.c,v retrieving revision 1.1 diff -u -p -r1.1 patch-servconf.c --- files/patch-servconf.c 1 Oct 2006 02:15:00 -0000 1.1 +++ files/patch-servconf.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- servconf.c.orig Fri Aug 18 11:23:15 2006 -+++ servconf.c Sat Sep 30 21:54:26 2006 -@@ -129,7 +129,7 @@ +--- servconf.c.orig 2010-06-25 17:38:45.000000000 -0600 ++++ servconf.c 2010-09-14 16:14:12.000000000 -0600 +@@ -139,7 +139,7 @@ { /* Portable-specific options */ if (options->use_pam == -1) @@ -9,7 +9,7 @@ /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) -@@ -159,7 +159,7 @@ +@@ -170,7 +170,7 @@ if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) @@ -18,7 +18,7 @@ if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) -@@ -169,7 +169,7 @@ +@@ -180,7 +180,7 @@ if (options->print_lastlog == -1) options->print_lastlog = 1; if (options->x11_forwarding == -1) @@ -27,7 +27,7 @@ if (options->x11_display_offset == -1) options->x11_display_offset = 10; if (options->x11_use_localhost == -1) -@@ -207,7 +207,11 @@ +@@ -218,7 +218,11 @@ if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->password_authentication == -1) Index: files/patch-ssh-agent.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-ssh-agent.c,v retrieving revision 1.3 diff -u -p -r1.3 patch-ssh-agent.c --- files/patch-ssh-agent.c 1 Oct 2006 02:15:00 -0000 1.3 +++ files/patch-ssh-agent.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- ssh-agent.c.orig Fri Sep 1 02:38:37 2006 -+++ ssh-agent.c Sat Sep 30 18:30:32 2006 -@@ -1036,6 +1036,7 @@ +--- ssh-agent.c.orig 2010-04-15 23:56:22.000000000 -0600 ++++ ssh-agent.c 2010-09-14 16:14:13.000000000 -0600 +@@ -1086,6 +1086,7 @@ /* drop */ setegid(getgid()); setgid(getgid()); Index: files/patch-ssh_config =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-ssh_config,v retrieving revision 1.1 diff -u -p -r1.1 patch-ssh_config --- files/patch-ssh_config 1 Oct 2006 02:15:00 -0000 1.1 +++ files/patch-ssh_config 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- ssh_config.orig Tue Jun 13 00:01:10 2006 -+++ ssh_config Sat Sep 30 10:39:07 2006 -@@ -27,7 +28,7 @@ +--- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700 ++++ ssh_config 2010-09-14 16:14:13.000000000 -0600 +@@ -27,7 +27,7 @@ # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no Index: files/patch-ssh_config.5 =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-ssh_config.5,v retrieving revision 1.1 diff -u -p -r1.1 patch-ssh_config.5 --- files/patch-ssh_config.5 1 Oct 2006 02:15:00 -0000 1.1 +++ files/patch-ssh_config.5 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- ssh_config.5.orig Fri Aug 4 22:34:51 2006 -+++ ssh_config.5 Sat Sep 30 10:39:07 2006 -@@ -165,7 +166,7 @@ +--- ssh_config.5.orig 2010-08-04 21:03:13.000000000 -0600 ++++ ssh_config.5 2010-09-14 16:14:13.000000000 -0600 +@@ -164,7 +164,7 @@ .Dq no , the check will not be executed. The default is Index: files/patch-sshd.8 =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-sshd.8,v retrieving revision 1.1 diff -u -p -r1.1 patch-sshd.8 --- files/patch-sshd.8 1 Oct 2006 02:15:00 -0000 1.1 +++ files/patch-sshd.8 14 Sep 2010 22:29:54 -0000 @@ -1,15 +1,15 @@ ---- sshd.8.orig Tue Aug 29 22:07:01 2006 -+++ sshd.8 Sat Sep 30 20:05:16 2006 -@@ -65,7 +65,7 @@ +--- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600 ++++ sshd.8 2010-09-14 16:14:14.000000000 -0600 +@@ -70,7 +70,7 @@ .Nm listens for connections from clients. It is normally started at boot from -.Pa /etc/rc . -+.Pa %%PREFIX%%/etc/rc.d/%%RC_SCRIPT_NAME%% . ++.Pa /usr/local/etc/rc.d/openssh . It forks a new daemon for each incoming connection. The forked daemons handle -@@ -342,8 +342,9 @@ +@@ -384,8 +384,9 @@ If the login is on a tty, records login time. .It Checks @@ -21,7 +21,7 @@ (unless root). .It Changes to run with normal user privileges. -@@ -365,7 +366,8 @@ +@@ -407,7 +408,8 @@ exists, runs it; else if .Pa /etc/ssh/sshrc exists, runs Index: files/patch-sshd.c =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-sshd.c,v retrieving revision 1.3 diff -u -p -r1.3 patch-sshd.c --- files/patch-sshd.c 10 Nov 2006 13:11:49 -0000 1.3 +++ files/patch-sshd.c 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- sshd.c.patch Sun Sep 17 01:04:46 2006 -+++ sshd.c Sat Sep 30 10:38:05 2006 -@@ -80,6 +81,13 @@ +--- sshd.c.orig 2010-04-15 23:56:22.000000000 -0600 ++++ sshd.c 2010-09-14 16:14:13.000000000 -0600 +@@ -83,6 +83,13 @@ #include #endif @@ -14,11 +14,10 @@ #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" -@@ -1697,6 +1705,29 @@ - signal(SIGQUIT, SIG_DFL); +@@ -1864,6 +1871,29 @@ signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); -+ + +#ifdef __FreeBSD__ + /* + * Initialize the resolver. This may not happen automatically @@ -41,6 +40,7 @@ + } +#endif +#endif - ++ /* * Register our connection. This turns encryption off because we do + * not have a key. Index: files/patch-sshd_config =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/files/patch-sshd_config,v retrieving revision 1.6 diff -u -p -r1.6 patch-sshd_config --- files/patch-sshd_config 24 Mar 2009 17:26:18 -0000 1.6 +++ files/patch-sshd_config 14 Sep 2010 22:29:54 -0000 @@ -1,6 +1,6 @@ ---- sshd_config.orig 2008-07-02 20:35:43.000000000 +0800 -+++ sshd_config 2008-11-07 23:40:56.957018978 +0800 -@@ -38,7 +38,7 @@ +--- sshd_config.orig 2009-10-11 04:51:09.000000000 -0600 ++++ sshd_config 2010-09-14 16:14:13.000000000 -0600 +@@ -36,7 +36,7 @@ # Authentication: #LoginGraceTime 2m @@ -9,7 +9,7 @@ #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 -@@ -57,11 +57,11 @@ +@@ -55,11 +55,11 @@ # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -24,7 +24,7 @@ #ChallengeResponseAuthentication yes # Kerberos options -@@ -74,7 +74,7 @@ +@@ -72,7 +72,7 @@ #GSSAPIAuthentication no #GSSAPICleanupCredentials yes @@ -33,7 +33,7 @@ # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -@@ -83,12 +83,12 @@ +@@ -81,12 +81,12 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. --gbAT/ME/2i-- From: Grzegorz Blach To: John Hein Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 20:00:03 +0200 On Thu, 23 Sep 2010 10:35:30 -0600, John Hein wrote: > I have come up with a patchset independently. > > If Grzegorz Blach wants to maintain this port, that's okay > with me. But this new patchset here addresses a few missing > details in Grzegorz's original submission. Or I'm willing > to maintain, too (I'll defer to Grzegorz if he would like to > do it). Either way, we should get this port updated since > it is quite out of date. > > This patch set included here: > - removes more old opensc related patches. > > - does not remove patches pulled from des@ changes in > src/crypto/openssh that are still valid. > > - points to upstream hpn patch instead of including a local copy > > - does not remove GSSAPI, LPK or FILECONTROL options, but does > mark them BROKEN for now - upstream for each seems still active, > so the port here can just be updated when upstream catches up. > > We can also patch the patches ourselves for 5.6 (or maintained a > tweaked local copy), but I prefer to update the port to 5.6p1 first > and then separately commit those updates. It makes following the > history of changes in CVS much easier. > > - remove PATCH_DIST_STRIP - it's unecessary and portlint hates it > > - I think the post-patch version.h changes in the original patchset > in this PR are wrong. The upstream patches (for hpn and filecontrol) > have changes for version.h that seem to work fine unchanged, > even applied together. Also the HAVE_LPK part that > adds SSH_HPN seems wrong. > > > I have two patchsets. The second just refreshes old files/patch-* > even though they apply cleanly against 5.6p1 - it could be considered > optional. I'll send the second set separately. > > Here is the 'Description' that I was going to submit as a PR > until I found this PR... > > ======================= > security/openssh-portable has not been update in a long time > (currently 5.2p1 which is 1.5+ years old). There are significant > nice feature updates and fixes in 5.6p1. > > Attached are two patchsets. Then main one is enough to get > the port updated and working. But see comments at the top > of the patchset. > > The second patchset just refreshes the remaining patches that still > apply cleaning to 5.6p1 files. It's probably a good idea to apply > it when committing to the port, but it's not strictly necessary. > And I would commit them separately just for the sake of clarity > in the commit logs. > > Actually, I'll send the second patchset in a separate submission > to avoid confusing PR patch detection tools. > ======================= > > Attached is the first patchset including a decent description of > the changes at the top of the patch... Thanks for your patches, I'll review its at the weekend, but now I thing, that GSSAPI option should be explicit removed, not marked as broken. On http://www.sxw.org.uk/computing/patches/openssh.html is noticed: "OpenSSH now contains support out of the box for GSSAPI user authentication using the 'gssapi-with-mic' mechanism". From: John Hein To: Grzegorz Blach Cc: , ports@freebsd.org Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 13:47:19 -0600 Grzegorz Blach wrote at 20:00 +0200 on Sep 23, 2010: > Thanks for your patches, I'll review its at the weekend, > but now I thing, that GSSAPI option should be explicit removed, > not marked as broken. On > http://www.sxw.org.uk/computing/patches/openssh.html > is noticed: "OpenSSH now contains support out of the box for > GSSAPI user authentication using the 'gssapi-with-mic' mechanism". I emailed the gssapi patch maintainer. From his reply [1], it turns out the "now" is not really "now" anymore. It's "now" as of perhaps 5 years ago. 3.5 doesn't have the GSSAPIAuthentication stuff, but 4.3 does, so it was added somewhere in between (I didn't bisect any further). The second paragraph on the web page ("Larger sites...") cites why the patch is still useful. I let Simon know that his latest patch set... http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch ... does not apply cleanly to 5.6p1. He may refresh that patch (it's only slightly broken), so I think it will be useful to just mark it BROKEN for now. We can always remove it later. We can even deprecate the option, but right now bsd.ports.mk doesn't really support deprecating individual options so just adding some text to that effect to the BROKEN string may be the best option I am aware of. I CC'd ports@ - maybe someone there knows of some precedent in this area. Unfortunately, there's really no way of knowing how many people will be disappointed if the GSSAPI option disappears. [1] ================================= From: Simon Wilkinson To: John Hein Subject: Re: gssapi patches for openssh Date: Thu, 23 Sep 2010 19:37:06 +0100 Message-Id: <92C531E6-D12C-4180-BDA3-C0757FF39636@sxw.org.uk> On 23 Sep 2010, at 19:27, John Hein wrote: > For the freebsd port of openssh-portable (about to be updated to > openssh 5.6p1), I am trying to determine whether to remove > the GSSAPI patch option or perhaps to refresh it for 5.6p1. > > A couple questions: > > - The "now" above refers to which version of OpenSSH? > ("OpenSSH now contains..."). The now is OpenSSH for about the last 5 years. OpenSSH includes GSSAPI user authentication, but not GSSAPI key exchange. User authentication is useful until you have more than 5 or so machines on your site, beyond that, virtually every large organisation that I'm aware of with Kerberos deployed is using OpenSSH with GSSAPI key exchange. > - It sounds like there may be some benefit to using > the key exchange part of the patch. Do you think > someone should try to determine which parts could > still be useful on 5.6p1 or should we just remove > the GSSAPI option altogether? The patch as given on my website is all applicable to 5.6p1. In addition to supporting key exchange it also supports cascading credentials upon renewal, which is useful if you have a chain of many ssh connections from your desktop machine. Cheers, Simon. ================================= From: John Hein To: Grzegorz Blach , Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 26 Sep 2010 13:43:12 -0600 --xx55/XzeMR Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit Here's an update to the Makefile patch that moves PATCH_DIST_STRIP rather than removing it. I mis-read the portlint whine and overriding the default -p0 is needed for the dist patches. As it turns out just using no -p arg at all works for all the openssh dist patches. Updated Makefile patch attached... --xx55/XzeMR Content-Type: text/plain; name="p2" Content-Description: latest Makefile with dist patch fixes Content-Disposition: inline; filename="p2" Content-Transfer-Encoding: 7bit Index: Makefile =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/Makefile,v retrieving revision 1.149 diff -u -p -r1.149 Makefile --- Makefile 31 Aug 2010 02:46:43 -0000 1.149 +++ Makefile 26 Sep 2010 19:38:46 -0000 @@ -6,8 +6,8 @@ # PORTNAME= openssh -DISTVERSION= 5.2p1 -PORTREVISION= 2 +DISTVERSION= 5.6p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security ipv6 .if defined(OPENSSH_SNAPSHOT) @@ -18,6 +18,7 @@ MASTER_SITE_SUBDIR= OpenSSH/portable .endif PKGNAMESUFFIX= ${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX} DISTNAME= # empty +PATCH_DIST_STRIP= MAINTAINER= ports@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH @@ -61,8 +62,6 @@ OPTIONS= PAM "Enable pam(3) support" GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \ KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \ OPENSSH_CHROOT "Enable CHROOT support" off \ - OPENSC "Enable OpenSC smartcard support" off \ - OPENSCPINPATCH "Enable OpenSC PIN patch" off \ HPN "Enable HPN-SSH patch" off \ LPK "Enable LDAP Public Key (LPK) patch" off \ X509 "Enable x509 certificate patch" off \ @@ -75,8 +74,8 @@ OPTIONS= PAM "Enable pam(3) support" BROKEN= does not build .endif -.if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK)) -BROKEN= X509 patch incompatible with HPN and LPK patches +.if defined(WITH_X509) && defined(WITH_HPN) +BROKEN= X509 patches and HPN patches do not apply cleanly together .endif .if defined(WITH_X509) && defined(WITH_KERB_GSSAPI) @@ -110,7 +109,9 @@ CONFIGURE_ARGS+= --with-audit=bsm .if !defined(WITHOUT_KERBEROS) .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI) .if defined(WITH_KERB_GSSAPI) -PATCH_DIST_STRIP= -p0 +# Latest GSSAPI patch is against 5.3 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= upstream GSSAPI key exchange patch is not up to date for OpenSSH 5.6p1 PATCH_SITES+= http://www.sxw.org.uk/computing/patches/ PATCHFILES+= openssh-5.2p1-gsskex-all-20090726.patch .endif @@ -145,48 +146,29 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSS CFLAGS+= -DCHROOT .endif -.if defined(WITH_OPENSC) -LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc -CONFIGURE_ARGS+= --with-opensc=${LOCALBASE} -.endif - -# See http://bugzilla.mindrot.org/show_bug.cgi?id=608 -.if defined(WITH_OPENSCPINPATCH) -EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch -.endif - .if defined(WITH_HPN) -EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6.diff +PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/ +PATCHFILES+= openssh-5.6p1-hpn13v10.diff.gz .endif -# See http://dev.inversepath.com/trac/openssh-lpk +# See http://code.google.com/p/openssh-lpk/wiki/Main +# and svn repo described here: +# http://code.google.com/p/openssh-lpk/source/checkout .if defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10.patch +# Latest LPK patch is against 5.4p1 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= latest upstream LDAP public key patch is not up to date for OpenSSH 5.6p1 +EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.4p1-0.3.13.patch USE_OPENLDAP= yes -CPPFLAGS+= "-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY" +CPPFLAGS+= -I${LOCALBASE}/include CONFIGURE_ARGS+= --with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \ - --with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY' -.endif - -# resolve some patches incompatibility between LPK and HPN patches - -.if defined(WITH_HPN) && defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/lpk+hpn-servconf.c.patch -.elif defined(WITH_HPN) && !defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6-servconf.c.diff -.elif defined(WITH_LPK) && !defined(WITH_HPN) -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch -.endif - -.if defined(WITH_LPK) && ${ARCH} == "amd64" -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-5.1_p1-lpk-64bit.patch + --with-cppflags='${CPPFLAGS}' --with_ldap=yes .endif # See http://www.roumenpetrov.info/openssh/ .if defined(WITH_X509) -PATCH_DIST_STRIP= -p1 -PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2/ -PATCHFILES+= openssh-5.2p1+x509-6.2.diff.gz +PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2.3/ +PATCHFILES+= openssh-5.6p1+x509-6.2.3.diff.gz PLIST_SUB+= X509="" .else PLIST_SUB+= X509="@comment " @@ -194,6 +176,9 @@ PLIST_SUB+= X509="@comment " # See http://sftpfilecontrol.sourceforge.net/ .if defined(WITH_FILECONTROL) +# Latest sftpfilecontrol patch is against 5.4p1 which does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.6p1 EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch .endif --xx55/XzeMR-- From: Michael Stellar To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 7 Oct 2010 05:10:10 +0700 --0016e65bc1aa7f84450491fa0a3c Content-Type: text/plain; charset=ISO-8859-1 Is there any new follow up on these?, the port really need a new maintainer. --0016e65bc1aa7f84450491fa0a3c Content-Type: text/html; charset=ISO-8859-1 Is there any new follow up on these?, the port really need a new maintainer.
--0016e65bc1aa7f84450491fa0a3c-- From: Grzegorz Blach To: John Hein Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Mon, 11 Oct 2010 13:48:48 +0200 Sorry for delay, I reviewed your patches and openssh is working well, but for broken options I suggest to append ' (broken)' keyword to option label, to tell user don't use this right now. Like: GSSAPI "Enable GSSAPI support (req: KERBEROS) (broken)" off \ LPK "Enable LDAP Public Key (LPK) patch (broken)" off \ FILECONTROL "Enable file control patch (broken)" off \ And I think you know better openssh code, so You should be new maintainer of this port. From: "Chris" To: , Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sat, 6 Nov 2010 19:14:45 -0000 well my last followup hasnt appeared but here is a new followup. I applied the patches from John Hein, and now no .rej files when using -l with patch (ignore whitespaces) . However the port doesnt compile because one of the patches has a failed hunk. session.c 1 out of 9 hunks failed--saving rejects to session.c.rej => Patch patch-session.c failed to apply cleanly. => Patch(es) patch-Makefile.in patch-auth.c patch-auth1.c patch-auth2.c patch-loginrec.c patch-readconf.c patch-servconf.c applied cleanly. *** Error code 1 Stop in /usr/ports/security/openssh-portable. *** Error code 1 # less session.c.rej *************** *** 1791,1799 **** /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { /* Suppress missing homedir warning for chroot case */ - #ifdef HAVE_LOGIN_CAP - r = login_getcapbool(lc, "requirehome", 0); - #endif if (r || options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0) fprintf(stderr, "Could not chdir to home " --- 1844,1849 ---- /* Change current directory to the user's home directory. */ if (chdir(pw->pw_dir) < 0) { /* Suppress missing homedir warning for chroot case */ if (r || options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0) fprintf(stderr, "Could not chdir to home " Regards Chris From: "Chris" To: , Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sat, 6 Nov 2010 18:54:11 -0000 Guys, can I ask if you have tested your work and especially your patches? Every patch on this page submitted on this page has errors. Some are failed hunks and others appear to patch cleanly but then I get a folder full of ,rej files. I am assuming this is why noone has commited anything to the port yet. Perhaps I am patching wrong? if so what is the correct syntax to use, thanks. From: =?UTF-8?B?SG9zdGluZyAtIGludGVyZmFTeXMgc8Ogcmw=?= To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sat, 06 Nov 2010 20:30:15 +0000 OpenSSH won't compile after applying these patches. files/patch-session.c can't be applied From: Grzegorz Blach To: Chris Cc: bug-followup@FreeBSD.org Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 07 Nov 2010 14:54:59 +0100 Maybe is something wrong with pr system, currently available patches are wrongly decoded by my browser (Firefox 4 beta). I put working copy on: http://files.roorback.net/openssh-portable/patch-1,3.diff http://files.roorback.net/openssh-portable/patch-2.diff where patch-1,3.diff is combined patch-1.diff and patch-3.diff, which is mandatory and patch-2.diff is unchanged and optional. From: "Chris" To: "'Grzegorz Blach'" Cc: Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 7 Nov 2010 14:16:15 -0000 Grzegorz thank you, now it patches without -l and now session.c is fixed = as well. unfortenatly the compile still fails, not sure if naything to do with = the patch tho. "gss-serv-krb5.o: In function `ssh_gssapi_krb5_storecreds': gss-serv-krb5.c:(.text+0x11b): undefined reference to = `gss_krb5_copy_ccache'" Regards Chris -----Original Message----- From: Grzegorz Blach [mailto:magik@roorback.net]=20 Sent: 07 November 2010 13:55 To: Chris Cc: bug-followup@FreeBSD.org Subject: Re: ports/150493: Update for: security/openssh-portable port = from 5.2p1 to 5.6p1 Maybe is something wrong with pr system, currently available patches are wrongly decoded by my browser (Firefox 4 beta). I put working copy on: http://files.roorback.net/openssh-portable/patch-1,3.diff http://files.roorback.net/openssh-portable/patch-2.diff where patch-1,3.diff is combined patch-1.diff and patch-3.diff, which is mandatory and patch-2.diff is unchanged and optional. =20 __________ Information from ESET NOD32 Antivirus, version of virus = signature database 5597 (20101106) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com =20 From: "Chris" To: "'Grzegorz Blach'" Cc: Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 7 Nov 2010 14:27:31 -0000 Ok the port compiles fine with kerberos off (Default on). -----Original Message----- From: Grzegorz Blach [mailto:magik@roorback.net]=20 Sent: 07 November 2010 13:55 To: Chris Cc: bug-followup@FreeBSD.org Subject: Re: ports/150493: Update for: security/openssh-portable port = from 5.2p1 to 5.6p1 Maybe is something wrong with pr system, currently available patches are wrongly decoded by my browser (Firefox 4 beta). I put working copy on: http://files.roorback.net/openssh-portable/patch-1,3.diff http://files.roorback.net/openssh-portable/patch-2.diff where patch-1,3.diff is combined patch-1.diff and patch-3.diff, which is mandatory and patch-2.diff is unchanged and optional. =20 __________ Information from ESET NOD32 Antivirus, version of virus = signature database 5597 (20101106) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com =20 From: Grzegorz Blach To: Chris Cc: bug-followup@FreeBSD.org Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 07 Nov 2010 20:48:31 +0100 To build SSH with kerberos I have this line in /etc/make.conf: WITH_OPENSSL_PORT=yes From: "Chris" To: "'Grzegorz Blach'" Cc: Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 7 Nov 2010 21:19:25 -0000 I also have the same line, I still get the compile error. Am running 8.1 release amd64. Chris From: Grzegorz Blach To: Chris Cc: bug-followup@FreeBSD.org Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Mon, 08 Nov 2010 00:27:44 +0100 I'm also using FreeBSD 8.1 on amd64 and I must manually install security/krb5 port before building openssh-portable with kerberos. From: "Chris" To: "'Grzegorz Blach'" Cc: Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Mon, 8 Nov 2010 03:01:57 -0000 ok then I suggest 2 changes :) 1 - add security/krb5 as a dependency if kerberos is enabled and FreeBSD = is version 8 or above. 2 - disable kerberos by default because security/krb5 pulls in some very = large dependencies. Thanks Chris From: Grzegorz Blach To: Chris Cc: bug-followup@FreeBSD.org Subject: RE: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Tue, 16 Nov 2010 23:13:46 +0100 On Mon, 2010-11-08 at 00:27 +0100, Grzegorz Blach wrote: > I'm also using FreeBSD 8.1 on amd64 and I must manually install > security/krb5 port before building openssh-portable with kerberos. > I updated http://files.roorback.net/openssh-portable/patch-1,c3.diff with five steps: 1) added ' (broken)' to temporary broken options 2) KERBEROS default is off 3) if KERBEROS is on depends on security/krb5 4) conditional depends on security/heimdal is removed, since this don't work (on my machine at least) 5) removed GSSAPI option as useless, but I still keep KERB_GSSAPI patch option. From: "Chris" To: , Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 18 Nov 2010 01:44:19 -0000 Your new patch has another error I think. it renames the port. Upgrading 'openssh-portable-5.2.p1_2,1' to 'openssh-gssapi-5.6.p1,1' (security/openssh-portable) Regards Chris From: Oleg Gawriloff To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Tue, 21 Dec 2010 11:10:35 +0200 This is a cryptographically signed message in MIME format. --------------ms090102050303070003080207 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Why LPK patchset is marked as broken? It works perfectly on Gentoo with 5.6p1. --=20 Signed, Oleg Gawriloff. --------------ms090102050303070003080207 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITbDCC BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3 MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6 qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95 m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy 6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9 sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t 5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIGljCCBX6gAwIBAgIDAb7OMA0GCSqGSIb3DQEB BQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTAxMDIyMDcwNjU0 WhcNMTExMDIzMDQ0MjE0WjCBjzEgMB4GA1UEDRMXMjc5NzY1LW9JYUoyZzVWbFlOMkIxMHYx HjAcBgNVBAoTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEpMCcGA1UEAxMgU3RhcnRDb20gRnJl ZSBDZXJ0aWZpY2F0ZSBNZW1iZXIxIDAeBgkqhkiG9w0BCQEWEWJhcnpvZ0B0ZWxlY29tLmJ5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNuuLPvrhyATcaXqYPmx3ZnDuFut 5stBO/WRcGXglYk1RDr5LUeY40HLNOHEVRmQlZ0kAmm8K3W3pwICQZ93LDMEsi5IUWpd2azw QaIvzkA3fXRk+aVUYWbFAm8rcHbbEzYmDEfegs+oocriK5AQEpMs7HjbRwHj+nb2Fk1aiaRP vxThAILKqjAXGcr2K1qRsWV7Kf4bp36EhAzOTf8mazbsOXEqagkIfnwFDqEd0bJ2XhJMnwBt SXOnulSRuYFfQ/kP3IQd7vZZimikcx9z2LJB4lDr/422Lh/G4cMteqHKZhAVUCDGP0E6uzEj kFRUkGb4AIbcUp5QpYD/FQxgdwIDAQABo4IC+jCCAvYwCQYDVR0TBAIwADALBgNVHQ8EBAMC BLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSV0VEMqvSMGFoV 4sk6rIxeUbJnQzAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAcBgNVHREEFTAT gRFiYXJ6b2dAdGVsZWNvbS5ieTCCAUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGBtTcBAgIw ggEgMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQG CCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMIG3 BggrBgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExpYWJpbGl0 eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vd3d3LnN0 YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93d3cuc3Rh cnRzc2wuY29tL2NydHUxLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29t L2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9v Y3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0 cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMG A1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEA n+1siaVAwT+f6HNr6rws73QegfthCYrLPy3Ep7nEqM5NCWLNfRh+lhmF8TsvCyPqnIzRMcPZ zFTJ3OverwgP/+tW5X2TtRRtl9gZRfo1uKCB4faRtAHMm1gogjm/SmzuHtH7dFd+dA8+pRbW inpAd3+jjw1zmMoBfq4PoQMK8W8UIRgCUFWrjvBgvNxNrFHw/+wVyirC6Bqu4IWkR3ccrWva VC2MJ3zBKf5rcELYFGubVr1qt4Fc2BS2AI2wD+F/YXgxqzzgjj9I8MYj56qpdEcPT89XHZxO Dg4zl1OLjKDeIa5VIcKCDsqvbV/unbrvLocpNY6vq5pxoS46D//JGjCCBpYwggV+oAMCAQIC AwG+zjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2 BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB MB4XDTEwMTAyMjA3MDY1NFoXDTExMTAyMzA0NDIxNFowgY8xIDAeBgNVBA0TFzI3OTc2NS1v SWFKMmc1VmxZTjJCMTB2MR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxKTAnBgNV BAMTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFi YXJ6b2dAdGVsZWNvbS5ieTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjbriz7 64cgE3Gl6mD5sd2Zw7hbrebLQTv1kXBl4JWJNUQ6+S1HmONByzThxFUZkJWdJAJpvCt1t6cC AkGfdywzBLIuSFFqXdms8EGiL85AN310ZPmlVGFmxQJvK3B22xM2JgxH3oLPqKHK4iuQEBKT LOx420cB4/p29hZNWomkT78U4QCCyqowFxnK9itakbFleyn+G6d+hIQMzk3/Jms27DlxKmoJ CH58BQ6hHdGydl4STJ8AbUlzp7pUkbmBX0P5D9yEHe72WYpopHMfc9iyQeJQ6/+Nti4fxuHD LXqhymYQFVAgxj9BOrsxI5BUVJBm+ACG3FKeUKWA/xUMYHcCAwEAAaOCAvowggL2MAkGA1Ud EwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNV HQ4EFgQUldFRDKr0jBhaFeLJOqyMXlGyZ0MwHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO 8tS4UYIwHAYDVR0RBBUwE4ERYmFyem9nQHRlbGVjb20uYnkwggFCBgNVHSAEggE5MIIBNTCC ATEGCysGAQQBgbU3AQICMIIBIDAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5j b20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50 ZXJtZWRpYXRlLnBkZjCBtwYIKwYBBQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGR TGltaXRlZCBMaWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUg YXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBjBgNVHR8EXDBaMCugKaAn hiVodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMCugKaAnhiVodHRwOi8v Y3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsG AQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQvY2Ew QgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEu Y2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ KoZIhvcNAQEFBQADggEBAJ/tbImlQME/n+hza+q8LO90HoH7YQmKyz8txKe5xKjOTQlizX0Y fpYZhfE7Lwsj6pyM0THD2cxUydzr3q8ID//rVuV9k7UUbZfYGUX6NbiggeH2kbQBzJtYKII5 v0ps7h7R+3RXfnQPPqUW1op6QHd/o48Nc5jKAX6uD6EDCvFvFCEYAlBVq47wYLzcTaxR8P/s FcoqwugaruCFpEd3HK1r2lQtjCd8wSn+a3BC2BRrm1a9areBXNgUtgCNsA/hf2F4Mas84I4/ SPDGI+eqqXRHD0/PVx2cTg4OM5dTi4yg3iGuVSHCgg7Kr21f7p267y6HKTWOr6uacaEuOg// yRoxggPQMIIDzAIBATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0 ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV BAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMB vs4wCQYFKw4DAhoFAKCCAhAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTAxMjIxMDkxMDM1WjAjBgkqhkiG9w0BCQQxFgQUS5xPtu1kDRNy+36HXRBjJ18T eeAwXwYJKoZIhvcNAQkPMVIwUDALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcN AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEE AYI3EAQxgZcwgZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9T dGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDAb7OMIGn BgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2 BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB AgMBvs4wDQYJKoZIhvcNAQEBBQAEggEAfgHMsmsmTXusmVd2eUJjx1avOCdNYldo+cSyXSQ+ tbYTNLJKxOqThvpiiLQyMWphMqbQS2mbHbbDXo6R0NQHjUwgmFTzcIAEgO8rYgnzPOmi3VFN TrymO9DmLO2Mc37bGkyMxj7+JfDgDkeTyDgJNF1DMUU1LPXiwF9UUH8U0l6eaHFZvl08i5od Xz0DKKatJ9XpUqin1aX4+tHQx5ygCp2EGCV1Brc+oL+S7W/3vl0OSJv+SppM/8P4kcnAs8ae MQQV8piPb2eNzNeXkBeObmqZjX97v5qp1H6wZyC2JIW/u63S30aYaPyV9D232F1oQf/yTUA8 LGbMY4ppCJ6hNwAAAAAAAA== --------------ms090102050303070003080207-- From: Oleg Gawriloff To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Wed, 09 Mar 2011 18:37:54 +0200 This is a multi-part message in MIME format. --------------090100050300010803050402 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Is there any news? Because sftp is also broken in 5.2pl1. [gawriloff@martin /usr/ports]$ sftp gawriloff@falcon-cl4 Connecting to falcon-cl4... Password: sftp> ls -l Bus error: 10 5.3pl1 is working perfectly. Patch attached. -- Signed, Oleg Gawriloff. --------------090100050300010803050402 Content-Type: text/plain; name="openssh-5.3pl1.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="openssh-5.3pl1.diff" ZGlmZiAtTnJ1IC9ob21lL2dhd3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9NYWtlZmls ZSAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1wb3J0YWJsZS9NYWtlZmlsZQ0KLS0tIC9ob21l L2dhd3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9NYWtlZmlsZQkyMDEwLTExLTIyIDAx OjQ4OjQ5LjAwMDAwMDAwMCArMDIwMA0KKysrIC9ob21lL2dhd3JpbG9mZi9vcGVuc3NoLXBv cnRhYmxlL01ha2VmaWxlCTIwMTAtMTItMjEgMTE6MzA6MzYuMDAwMDAwMDAwICswMjAwDQpA QCAtNiw3ICs2LDcgQEANCiAjDQogDQogUE9SVE5BTUU9CW9wZW5zc2gNCi1ESVNUVkVSU0lP Tj0JNS4ycDENCitESVNUVkVSU0lPTj0JNS4zcDENCiBQT1JUUkVWSVNJT049CTMNCiBQT1JU RVBPQ0g9CTENCiBDQVRFR09SSUVTPQlzZWN1cml0eSBpcHY2DQpAQCAtMTYxLDcgKzE2MSw3 IEBADQogDQogIyBTZWUgaHR0cDovL2Rldi5pbnZlcnNlcGF0aC5jb20vdHJhYy9vcGVuc3No LWxwaw0KIC5pZiBkZWZpbmVkKFdJVEhfTFBLKQ0KLUVYVFJBX1BBVENIRVMrPQkJJHtGSUxF U0RJUn0vY29udHJpYi1vcGVuc3NoLWxway01LjFwMS0wLjMuMTAucGF0Y2gNCitFWFRSQV9Q QVRDSEVTKz0JCSR7RklMRVNESVJ9L2NvbnRyaWItb3BlbnNzaC1scGstNS4zcDEtMC4zLjEw LnBhdGNoDQogVVNFX09QRU5MREFQPQkJeWVzDQogQ1BQRkxBR1MrPQkJIi1JJHtMT0NBTEJB U0V9L2luY2x1ZGUgLURXSVRIX0xEQVBfUFVCS0VZIg0KIENPTkZJR1VSRV9BUkdTKz0JLS13 aXRoLWxpYnM9Jy1sbGRhcCcgLS13aXRoLWxkZmxhZ3M9Jy1MJHtMT0NBTEJBU0V9L2xpYicg XA0KQEAgLTE3NCwxMiArMTc0LDYgQEANCiBFWFRSQV9QQVRDSEVTKz0JCSR7RklMRVNESVJ9 L2xwaytocG4tc2VydmNvbmYuYy5wYXRjaA0KIC5lbGlmIGRlZmluZWQoV0lUSF9IUE4pICYm ICFkZWZpbmVkKFdJVEhfTFBLKQ0KIEVYVFJBX1BBVENIRVMrPQkJJHtGSUxFU0RJUn0vb3Bl bnNzaC01LjJwMS1ocG4xM3Y2LXNlcnZjb25mLmMuZGlmZg0KLS5lbGlmIGRlZmluZWQoV0lU SF9MUEspICYmICFkZWZpbmVkKFdJVEhfSFBOKQ0KLUVYVFJBX1BBVENIRVMrPQkJJHtGSUxF U0RJUn0vY29udHJpYi1vcGVuc3NoLWxway01LjFwMS0wLjMuMTAtc2VydmNvbmYuYy5wYXRj aA0KLS5lbmRpZg0KLQ0KLS5pZiBkZWZpbmVkKFdJVEhfTFBLKSAmJiAke0FSQ0h9ID09ICJh bWQ2NCINCi1FWFRSQV9QQVRDSEVTKz0JCSR7RklMRVNESVJ9L2NvbnRyaWItb3BlbnNzaC01 LjFfcDEtbHBrLTY0Yml0LnBhdGNoDQogLmVuZGlmDQogDQogIyBTZWUgaHR0cDovL3d3dy5y b3VtZW5wZXRyb3YuaW5mby9vcGVuc3NoLw0KZGlmZiAtTnJ1IC9ob21lL2dhd3JpbG9mZi9s cGsvb3BlbnNzaC1wb3J0YWJsZS9kaXN0aW5mbyAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1w b3J0YWJsZS9kaXN0aW5mbw0KLS0tIC9ob21lL2dhd3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0 YWJsZS9kaXN0aW5mbwkyMDA5LTA5LTE4IDE3OjA1OjUyLjAwMDAwMDAwMCArMDMwMA0KKysr IC9ob21lL2dhd3JpbG9mZi9vcGVuc3NoLXBvcnRhYmxlL2Rpc3RpbmZvCTIwMTAtMTItMjEg MTE6MTY6MTcuMDAwMDAwMDAwICswMjAwDQpAQCAtMSw2ICsxLDYgQEANCi1NRDUgKG9wZW5z c2gtNS4ycDEudGFyLmd6KSA9IGFkYTc5YzczMjhhODU1MWJkZjU1Yzk1ZTYzMWU3ZGFkDQot U0hBMjU2IChvcGVuc3NoLTUuMnAxLnRhci5neikgPSA0MDIzNzEwYzM3ZDBiM2Q3OWU2Mjk5 Y2I3OWI2ZGUyYTMxZGI3ZDU4MWZlNTllNzc1YTUzNTE3ODQwMzRlY2FlDQotU0laRSAob3Bl bnNzaC01LjJwMS50YXIuZ3opID0gMTAxNjYxMg0KK01ENSAob3BlbnNzaC01LjNwMS50YXIu Z3opID0gMTM1NjNkYmY2MWYzNmNhOWExZTQyNTQyNjAxMzEwNDENCitTSEEyNTYgKG9wZW5z c2gtNS4zcDEudGFyLmd6KSA9IGQwYzkxNzQ2Mjg5Njk3NDQ4MGIxNDQ1NGE4ZTFjYjhiODA5 MjkxZjY3ZTViOTc3OWM5YjRkYzQxNTZjNWVmMTINCitTSVpFIChvcGVuc3NoLTUuM3AxLnRh ci5neikgPSAxMDI3MTMwDQogTUQ1IChvcGVuc3NoLTUuMnAxK3g1MDktNi4yLmRpZmYuZ3op ID0gOGRiYmZiNzQzMjI2ODY0ZjZiYjQ5YjU2ZTc3Nzc2ZDkNCiBTSEEyNTYgKG9wZW5zc2gt NS4ycDEreDUwOS02LjIuZGlmZi5neikgPSA3MmNmYjFlMjMyYjZhZTBhOWRmNmU4NTM5YTlm NmI1M2RiN2MwYTIxNDFjZjJlNGRkNjViNDA3NzQ4ZmE5ZjM0DQogU0laRSAob3BlbnNzaC01 LjJwMSt4NTA5LTYuMi5kaWZmLmd6KSA9IDE1MzAxMA0KZGlmZiAtTnJ1IC9ob21lL2dhd3Jp bG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9jb250cmliLW9wZW5zc2gtNS4xX3Ax LWxway02NGJpdC5wYXRjaCAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1wb3J0YWJsZS9maWxl cy9jb250cmliLW9wZW5zc2gtNS4xX3AxLWxway02NGJpdC5wYXRjaA0KLS0tIC9ob21lL2dh d3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9jb250cmliLW9wZW5zc2gtNS4x X3AxLWxway02NGJpdC5wYXRjaAkyMDA5LTA2LTIxIDIzOjM2OjE1LjAwMDAwMDAwMCArMDMw MA0KKysrIC9ob21lL2dhd3JpbG9mZi9vcGVuc3NoLXBvcnRhYmxlL2ZpbGVzL2NvbnRyaWIt b3BlbnNzaC01LjFfcDEtbHBrLTY0Yml0LnBhdGNoCTE5NzAtMDEtMDEgMDM6MDA6MDAuMDAw MDAwMDAwICswMzAwDQpAQCAtMSw0NCArMCwwIEBADQotZGlmZiAtTnVhciAtLWV4Y2x1ZGUg JyoucmVqJyBzZXJ2Y29uZi5jLm9yaWcgc2VydmNvbmYuYw0KLS0tLSBzZXJ2Y29uZi5jLm9y aWcJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCi0rKysgc2VydmNvbmYu YwkyMDA4LTA4LTIzIDE1OjA0OjIxLjAwMDAwMDAwMCAtMDcwMA0KLUBAIC03MDEsNiArNzAx LDcgQEANCi0gCWludCBjbWRsaW5lID0gMCwgKmludHB0ciwgdmFsdWUsIG47DQotIAlTeXNs b2dGYWNpbGl0eSAqbG9nX2ZhY2lsaXR5X3B0cjsNCi0gCUxvZ0xldmVsICpsb2dfbGV2ZWxf cHRyOw0KLSsgCXVuc2lnbmVkIGxvbmcgbHZhbHVlLCAqbG9uZ3B0cjsNCi0gCVNlcnZlck9w Q29kZXMgb3Bjb2RlOw0KLSAJdV9zaG9ydCBwb3J0Ow0KLSAJdV9pbnQgaSwgZmxhZ3MgPSAw Ow0KLUBAIC03MTUsNiArNzE2LDcgQEANCi0gCWlmICghYXJnIHx8ICEqYXJnIHx8ICphcmcg PT0gJyMnKQ0KLSAJCXJldHVybiAwOw0KLSAJaW50cHRyID0gTlVMTDsNCi0rCWxvbmdwdHIg PSBOVUxMOw0KLSAJY2hhcnB0ciA9IE5VTEw7DQotIAlvcGNvZGUgPSBwYXJzZV90b2tlbihh cmcsIGZpbGVuYW1lLCBsaW5lbnVtLCAmZmxhZ3MpOw0KLSANCi1AQCAtMTQ0OSwxMSArMTQ1 MSwyMCBAQA0KLSAJCQkqaW50cHRyID0gdmFsdWU7DQotIAkJYnJlYWs7DQotIAljYXNlIHNC aW5kVGltZW91dDoNCi0tCQlpbnRwdHIgPSAoaW50ICopICZvcHRpb25zLT5scGsuYl90aW1l b3V0LnR2X3NlYzsNCi0tCQlnb3RvIHBhcnNlX2ludDsNCi0rCQlsb25ncHRyID0gKHVuc2ln bmVkIGxvbmcgKikgJm9wdGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjOw0KLStwYXJzZV91 bG9uZzoNCi0rCQlhcmcgPSBzdHJkZWxpbSgmY3ApOw0KLSsJCWlmICghYXJnIHx8ICphcmcg PT0gJ1wwJykNCi0rCQkJZmF0YWwoIiVzIGxpbmUgJWQ6IG1pc3NpbmcgaW50ZWdlciB2YWx1 ZS4iLA0KLSsJCQkgICAgZmlsZW5hbWUsIGxpbmVudW0pOw0KLSsJCWx2YWx1ZSA9IGF0b2wo YXJnKTsNCi0rCQlpZiAoKmFjdGl2ZXAgJiYgKmxvbmdwdHIgPT0gLTEpDQotKwkJCSpsb25n cHRyID0gbHZhbHVlOw0KLSsJCWJyZWFrOw0KLSsNCi0gCWNhc2Ugc1NlYXJjaFRpbWVvdXQ6 DQotLQkJaW50cHRyID0gKGludCAqKSAmb3B0aW9ucy0+bHBrLnNfdGltZW91dC50dl9zZWM7 DQotLQkJZ290byBwYXJzZV9pbnQ7DQotKwkJbG9uZ3B0ciA9ICh1bnNpZ25lZCBsb25nICop ICZvcHRpb25zLT5scGsuc190aW1lb3V0LnR2X3NlYzsNCi0rCQlnb3RvIHBhcnNlX3Vsb25n Ow0KLSAJCWJyZWFrOw0KLSAJY2FzZSBzTGRhcENvbmY6DQotIAkJYXJnID0gY3A7DQpkaWZm IC1OcnUgL2hvbWUvZ2F3cmlsb2ZmL2xway9vcGVuc3NoLXBvcnRhYmxlL2ZpbGVzL2NvbnRy aWItb3BlbnNzaC1scGstNS4xcDEtMC4zLjEwLXNlcnZjb25mLmMucGF0Y2ggL2hvbWUvZ2F3 cmlsb2ZmL29wZW5zc2gtcG9ydGFibGUvZmlsZXMvY29udHJpYi1vcGVuc3NoLWxway01LjFw MS0wLjMuMTAtc2VydmNvbmYuYy5wYXRjaA0KLS0tIC9ob21lL2dhd3JpbG9mZi9scGsvb3Bl bnNzaC1wb3J0YWJsZS9maWxlcy9jb250cmliLW9wZW5zc2gtbHBrLTUuMXAxLTAuMy4xMC1z ZXJ2Y29uZi5jLnBhdGNoCTIwMDktMDYtMjEgMjM6MzY6MTUuMDAwMDAwMDAwICswMzAwDQor KysgL2hvbWUvZ2F3cmlsb2ZmL29wZW5zc2gtcG9ydGFibGUvZmlsZXMvY29udHJpYi1vcGVu c3NoLWxway01LjFwMS0wLjMuMTAtc2VydmNvbmYuYy5wYXRjaAkxOTcwLTAxLTAxIDAzOjAw OjAwLjAwMDAwMDAwMCArMDMwMA0KQEAgLTEsMjEzICswLDAgQEANCi0tLS0gc2VydmNvbmYu Yy5vcmlnCTIwMDktMDUtMjYgMTU6MTM6MzIuMDAwMDAwMDAwICswNDAwDQotKysrIHNlcnZj b25mLmMJMjAwOS0wNS0yNiAxNToyNDozOS4wMDAwMDAwMDAgKzA0MDANCi1AQCAtNDIsNiAr NDIsMTAgQEANCi0gI2luY2x1ZGUgImNoYW5uZWxzLmgiDQotICNpbmNsdWRlICJncm91cGFj Y2Vzcy5oIg0KLSANCi0rI2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCi0rI2luY2x1ZGUgImxk YXBhdXRoLmgiDQotKyNlbmRpZg0KLSsNCi0gc3RhdGljIHZvaWQgYWRkX2xpc3Rlbl9hZGRy KFNlcnZlck9wdGlvbnMgKiwgY2hhciAqLCBpbnQpOw0KLSBzdGF0aWMgdm9pZCBhZGRfb25l X2xpc3Rlbl9hZGRyKFNlcnZlck9wdGlvbnMgKiwgY2hhciAqLCBpbnQpOw0KLSANCi1AQCAt MTI4LDYgKzEzMiwyNCBAQA0KLSAJb3B0aW9ucy0+YWRtX2ZvcmNlZF9jb21tYW5kID0gTlVM TDsNCi0gCW9wdGlvbnMtPmNocm9vdF9kaXJlY3RvcnkgPSBOVUxMOw0KLSAJb3B0aW9ucy0+ emVyb19rbm93bGVkZ2VfcGFzc3dvcmRfYXV0aGVudGljYXRpb24gPSAtMTsNCi0rI2lmZGVm IFdJVEhfTERBUF9QVUJLRVkNCi0rIAkvKiBYWFggZGlydHkgKi8NCi0rIAlvcHRpb25zLT5s cGsubGQgPSBOVUxMOw0KLSsgCW9wdGlvbnMtPmxway5vbiA9IC0xOw0KLSsgCW9wdGlvbnMt Pmxway5zZXJ2ZXJzID0gTlVMTDsNCi0rIAlvcHRpb25zLT5scGsudV9iYXNlZG4gPSBOVUxM Ow0KLSsgCW9wdGlvbnMtPmxway5nX2Jhc2VkbiA9IE5VTEw7DQotKyAJb3B0aW9ucy0+bHBr LmJpbmRkbiA9IE5VTEw7DQotKyAJb3B0aW9ucy0+bHBrLmJpbmRwdyA9IE5VTEw7DQotKyAJ b3B0aW9ucy0+bHBrLnNncm91cCA9IE5VTEw7DQotKyAJb3B0aW9ucy0+bHBrLmZpbHRlciA9 IE5VTEw7DQotKyAJb3B0aW9ucy0+bHBrLmZncm91cCA9IE5VTEw7DQotKyAJb3B0aW9ucy0+ bHBrLmxfY29uZiA9IE5VTEw7DQotKyAJb3B0aW9ucy0+bHBrLnRscyA9IC0xOw0KLSsgCW9w dGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjID0gLTE7DQotKyAJb3B0aW9ucy0+bHBrLnNf dGltZW91dC50dl9zZWMgPSAtMTsNCi0rIAlvcHRpb25zLT5scGsuZmxhZ3MgPSBGTEFHX0VN UFRZOw0KLSsjZW5kaWYNCi0gfQ0KLSANCi0gdm9pZA0KLUBAIC0yNjUsNiArMjg3LDMyIEBA DQotIAkJb3B0aW9ucy0+cGVybWl0X3R1biA9IFNTSF9UVU5NT0RFX05POw0KLSAJaWYgKG9w dGlvbnMtPnplcm9fa25vd2xlZGdlX3Bhc3N3b3JkX2F1dGhlbnRpY2F0aW9uID09IC0xKQ0K LSAJCW9wdGlvbnMtPnplcm9fa25vd2xlZGdlX3Bhc3N3b3JkX2F1dGhlbnRpY2F0aW9uID0g MDsNCi0rI2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCi0rCWlmIChvcHRpb25zLT5scGsub24g PT0gLTEpDQotKwkgICAgb3B0aW9ucy0+bHBrLm9uID0gX0RFRkFVTFRfTFBLX09OOw0KLSsJ aWYgKG9wdGlvbnMtPmxway5zZXJ2ZXJzID09IE5VTEwpDQotKwkgICAgb3B0aW9ucy0+bHBr LnNlcnZlcnMgPSBfREVGQVVMVF9MUEtfU0VSVkVSUzsNCi0rCWlmIChvcHRpb25zLT5scGsu dV9iYXNlZG4gPT0gTlVMTCkNCi0rCSAgICBvcHRpb25zLT5scGsudV9iYXNlZG4gPSBfREVG QVVMVF9MUEtfVUROOw0KLSsJaWYgKG9wdGlvbnMtPmxway5nX2Jhc2VkbiA9PSBOVUxMKQ0K LSsJICAgIG9wdGlvbnMtPmxway5nX2Jhc2VkbiA9IF9ERUZBVUxUX0xQS19HRE47DQotKwlp ZiAob3B0aW9ucy0+bHBrLmJpbmRkbiA9PSBOVUxMKQ0KLSsJICAgIG9wdGlvbnMtPmxway5i aW5kZG4gPSBfREVGQVVMVF9MUEtfQklOREROOw0KLSsJaWYgKG9wdGlvbnMtPmxway5iaW5k cHcgPT0gTlVMTCkNCi0rCSAgICBvcHRpb25zLT5scGsuYmluZHB3ID0gX0RFRkFVTFRfTFBL X0JJTkRQVzsNCi0rCWlmIChvcHRpb25zLT5scGsuc2dyb3VwID09IE5VTEwpDQotKwkgICAg b3B0aW9ucy0+bHBrLnNncm91cCA9IF9ERUZBVUxUX0xQS19TR1JPVVA7DQotKwlpZiAob3B0 aW9ucy0+bHBrLmZpbHRlciA9PSBOVUxMKQ0KLSsJICAgIG9wdGlvbnMtPmxway5maWx0ZXIg PSBfREVGQVVMVF9MUEtfRklMVEVSOw0KLSsJaWYgKG9wdGlvbnMtPmxway50bHMgPT0gLTEp DQotKwkgICAgb3B0aW9ucy0+bHBrLnRscyA9IF9ERUZBVUxUX0xQS19UTFM7DQotKwlpZiAo b3B0aW9ucy0+bHBrLmJfdGltZW91dC50dl9zZWMgPT0gLTEpDQotKwkgICAgb3B0aW9ucy0+ bHBrLmJfdGltZW91dC50dl9zZWMgPSBfREVGQVVMVF9MUEtfQlRJTUVPVVQ7DQotKwlpZiAo b3B0aW9ucy0+bHBrLnNfdGltZW91dC50dl9zZWMgPT0gLTEpDQotKwkgICAgb3B0aW9ucy0+ bHBrLnNfdGltZW91dC50dl9zZWMgPSBfREVGQVVMVF9MUEtfU1RJTUVPVVQ7DQotKwlpZiAo b3B0aW9ucy0+bHBrLmxfY29uZiA9PSBOVUxMKQ0KLSsJICAgIG9wdGlvbnMtPmxway5sX2Nv bmYgPSBfREVGQVVMVF9MUEtfTERQOw0KLSsjZW5kaWYNCi0gDQotIAkvKiBUdXJuIHByaXZp bGVnZSBzZXBhcmF0aW9uIG9uIGJ5IGRlZmF1bHQgKi8NCi0gCWlmICh1c2VfcHJpdnNlcCA9 PSAtMSkNCi1AQCAtMzExLDYgKzM1OSwxMiBAQA0KLSAJc1VzZVByaXZpbGVnZVNlcGFyYXRp b24sIHNBbGxvd0FnZW50Rm9yd2FyZGluZywNCi0gCXNaZXJvS25vd2xlZGdlUGFzc3dvcmRB dXRoZW50aWNhdGlvbiwNCi0gCXNEZXByZWNhdGVkLCBzVW5zdXBwb3J0ZWQNCi0rI2lmZGVm IFdJVEhfTERBUF9QVUJLRVkNCi0rCSxzTGRhcFB1YmxpY2tleSwgc0xkYXBTZXJ2ZXJzLCBz TGRhcFVzZXJETg0KLSsJLHNMZGFwR3JvdXBETiwgc0JpbmRETiwgc0JpbmRQdywgc015R3Jv dXANCi0rCSxzTGRhcEZpbHRlciwgc0ZvcmNlVExTLCBzQmluZFRpbWVvdXQNCi0rCSxzU2Vh cmNoVGltZW91dCwgc0xkYXBDb25mDQotKyNlbmRpZg0KLSB9IFNlcnZlck9wQ29kZXM7DQot IA0KLSAjZGVmaW5lIFNTSENGR19HTE9CQUwJMHgwMQkvKiBhbGxvd2VkIGluIG1haW4gc2Vj dGlvbiBvZiBzc2hkX2NvbmZpZyAqLw0KLUBAIC00MjEsNiArNDc1LDIwIEBADQotIAl7ICJj bGllbnRhbGl2ZWNvdW50bWF4Iiwgc0NsaWVudEFsaXZlQ291bnRNYXgsIFNTSENGR19HTE9C QUwgfSwNCi0gCXsgImF1dGhvcml6ZWRrZXlzZmlsZSIsIHNBdXRob3JpemVkS2V5c0ZpbGUs IFNTSENGR19HTE9CQUwgfSwNCi0gCXsgImF1dGhvcml6ZWRrZXlzZmlsZTIiLCBzQXV0aG9y aXplZEtleXNGaWxlMiwgU1NIQ0ZHX0dMT0JBTCB9LA0KLSsjaWZkZWYgV0lUSF9MREFQX1BV QktFWQ0KLSsJeyBfREVGQVVMVF9MUEtfVE9LRU4sIHNMZGFwUHVibGlja2V5LCBTU0hDRkdf R0xPQkFMIH0sDQotKwl7IF9ERUZBVUxUX1NSVl9UT0tFTiwgc0xkYXBTZXJ2ZXJzLCBTU0hD RkdfR0xPQkFMIH0sDQotKwl7IF9ERUZBVUxUX1VTUl9UT0tFTiwgc0xkYXBVc2VyRE4sIFNT SENGR19HTE9CQUwgfSwNCi0rCXsgX0RFRkFVTFRfR1JQX1RPS0VOLCBzTGRhcEdyb3VwRE4s IFNTSENGR19HTE9CQUwgfSwNCi0rCXsgX0RFRkFVTFRfQkROX1RPS0VOLCBzQmluZEROLCBT U0hDRkdfR0xPQkFMIH0sDQotKwl7IF9ERUZBVUxUX0JQV19UT0tFTiwgc0JpbmRQdywgU1NI Q0ZHX0dMT0JBTCB9LA0KLSsJeyBfREVGQVVMVF9NWUdfVE9LRU4sIHNNeUdyb3VwLCBTU0hD RkdfR0xPQkFMIH0sDQotKwl7IF9ERUZBVUxUX0ZJTF9UT0tFTiwgc0xkYXBGaWx0ZXIsIFNT SENGR19HTE9CQUwgfSwNCi0rCXsgX0RFRkFVTFRfVExTX1RPS0VOLCBzRm9yY2VUTFMsIFNT SENGR19HTE9CQUwgfSwNCi0rCXsgX0RFRkFVTFRfQlRJX1RPS0VOLCBzQmluZFRpbWVvdXQs IFNTSENGR19HTE9CQUwgfSwNCi0rCXsgX0RFRkFVTFRfU1RJX1RPS0VOLCBzU2VhcmNoVGlt ZW91dCwgU1NIQ0ZHX0dMT0JBTCB9LA0KLSsJeyBfREVGQVVMVF9MRFBfVE9LRU4sIHNMZGFw Q29uZiwgU1NIQ0ZHX0dMT0JBTCB9LA0KLSsjZW5kaWYNCi0gCXsgInVzZXByaXZpbGVnZXNl cGFyYXRpb24iLCBzVXNlUHJpdmlsZWdlU2VwYXJhdGlvbiwgU1NIQ0ZHX0dMT0JBTCB9LA0K LSAJeyAiYWNjZXB0ZW52Iiwgc0FjY2VwdEVudiwgU1NIQ0ZHX0dMT0JBTCB9LA0KLSAJeyAi cGVybWl0dHVubmVsIiwgc1Blcm1pdFR1bm5lbCwgU1NIQ0ZHX0dMT0JBTCB9LA0KLUBAIC0x MzExLDYgKzEzNzksMTA3IEBADQotIAkJd2hpbGUgKGFyZykNCi0gCQkgICAgYXJnID0gc3Ry ZGVsaW0oJmNwKTsNCi0gCQlicmVhazsNCi0rI2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCi0r CWNhc2Ugc0xkYXBQdWJsaWNrZXk6DQotKwkJaW50cHRyID0gJm9wdGlvbnMtPmxway5vbjsN Ci0rCQlnb3RvIHBhcnNlX2ZsYWc7DQotKwljYXNlIHNMZGFwU2VydmVyczoNCi0rCQkvKiBh cmcgPSBzdHJkZWxpbSgmY3ApOyAqLw0KLSsJCXAgPSBsaW5lOw0KLSsJCXdoaWxlKCpwKysp Ow0KLSsJCWFyZyA9IHA7DQotKwkJaWYgKCFhcmcgfHwgKmFyZyA9PSAnXDAnKQ0KLSsJCSAg ICBmYXRhbCgiJXMgbGluZSAlZDogbWlzc2luZyBsZGFwIHNlcnZlciIsZmlsZW5hbWUsbGlu ZW51bSk7DQotKwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQotKwkJaWYgKChvcHRpb25z LT5scGsuc2VydmVycyA9IGxkYXBfcGFyc2Vfc2VydmVycyhhcmcpKSA9PSBOVUxMKQ0KLSsJ CSAgICBmYXRhbCgiJXMgbGluZSAlZDogZXJyb3IgaW4gbGRhcCBzZXJ2ZXJzIiwgZmlsZW5h bWUsIGxpbmVudW0pOw0KLSsJCW1lbXNldChhcmcsMCxzdHJsZW4oYXJnKSk7DQotKwkJYnJl YWs7DQotKwljYXNlIHNMZGFwVXNlckROOg0KLSsJCWFyZyA9IGNwOw0KLSsJCWlmICghYXJn IHx8ICphcmcgPT0gJ1wwJykNCi0rCQkgICAgZmF0YWwoIiVzIGxpbmUgJWQ6IG1pc3Npbmcg bGRhcCBzZXJ2ZXIiLGZpbGVuYW1lLGxpbmVudW0pOw0KLSsJCWFyZ1tzdHJsZW4oYXJnKV0g PSAnXDAnOw0KLSsJCW9wdGlvbnMtPmxway51X2Jhc2VkbiA9IHhzdHJkdXAoYXJnKTsNCi0r CQltZW1zZXQoYXJnLDAsc3RybGVuKGFyZykpOw0KLSsJCWJyZWFrOw0KLSsJY2FzZSBzTGRh cEdyb3VwRE46DQotKwkJYXJnID0gY3A7DQotKwkJaWYgKCFhcmcgfHwgKmFyZyA9PSAnXDAn KQ0KLSsJCSAgICBmYXRhbCgiJXMgbGluZSAlZDogbWlzc2luZyBsZGFwIHNlcnZlciIsZmls ZW5hbWUsbGluZW51bSk7DQotKwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQotKwkJb3B0 aW9ucy0+bHBrLmdfYmFzZWRuID0geHN0cmR1cChhcmcpOw0KLSsJCW1lbXNldChhcmcsMCxz dHJsZW4oYXJnKSk7DQotKwkJYnJlYWs7DQotKwljYXNlIHNCaW5kRE46DQotKwkJYXJnID0g Y3A7DQotKwkJaWYgKCFhcmcgfHwgKmFyZyA9PSAnXDAnKQ0KLSsJCSAgICBmYXRhbCgiJXMg bGluZSAlZDogbWlzc2luZyBiaW5kZG4iLGZpbGVuYW1lLGxpbmVudW0pOw0KLSsJCWFyZ1tz dHJsZW4oYXJnKV0gPSAnXDAnOw0KLSsJCW9wdGlvbnMtPmxway5iaW5kZG4gPSB4c3RyZHVw KGFyZyk7DQotKwkJbWVtc2V0KGFyZywwLHN0cmxlbihhcmcpKTsNCi0rCQlicmVhazsNCi0r CWNhc2Ugc0JpbmRQdzoNCi0rCQlhcmcgPSBjcDsNCi0rCQlpZiAoIWFyZyB8fCAqYXJnID09 ICdcMCcpDQotKwkJICAgIGZhdGFsKCIlcyBsaW5lICVkOiBtaXNzaW5nIGJpbmRwdyIsZmls ZW5hbWUsbGluZW51bSk7DQotKwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQotKwkJb3B0 aW9ucy0+bHBrLmJpbmRwdyA9IHhzdHJkdXAoYXJnKTsNCi0rCQltZW1zZXQoYXJnLDAsc3Ry bGVuKGFyZykpOw0KLSsJCWJyZWFrOw0KLSsJY2FzZSBzTXlHcm91cDoNCi0rCQlhcmcgPSBj cDsNCi0rCQlpZiAoIWFyZyB8fCAqYXJnID09ICdcMCcpDQotKwkJICAgIGZhdGFsKCIlcyBs aW5lICVkOiBtaXNzaW5nIGdyb3VwbmFtZSIsZmlsZW5hbWUsIGxpbmVudW0pOw0KLSsJCWFy Z1tzdHJsZW4oYXJnKV0gPSAnXDAnOw0KLSsJCW9wdGlvbnMtPmxway5zZ3JvdXAgPSB4c3Ry ZHVwKGFyZyk7DQotKwkJaWYgKG9wdGlvbnMtPmxway5zZ3JvdXApDQotKwkJICAgIG9wdGlv bnMtPmxway5mZ3JvdXAgPSBsZGFwX3BhcnNlX2dyb3VwcyhvcHRpb25zLT5scGsuc2dyb3Vw KTsNCi0rCQltZW1zZXQoYXJnLDAsc3RybGVuKGFyZykpOw0KLSsJCWJyZWFrOw0KLSsJY2Fz ZSBzTGRhcEZpbHRlcjoNCi0rCQlhcmcgPSBjcDsNCi0rCQlpZiAoIWFyZyB8fCAqYXJnID09 ICdcMCcpDQotKwkJICAgIGZhdGFsKCIlcyBsaW5lICVkOiBtaXNzaW5nIGZpbHRlciIsZmls ZW5hbWUsIGxpbmVudW0pOw0KLSsJCWFyZ1tzdHJsZW4oYXJnKV0gPSAnXDAnOw0KLSsJCW9w dGlvbnMtPmxway5maWx0ZXIgPSB4c3RyZHVwKGFyZyk7DQotKwkJbWVtc2V0KGFyZywwLHN0 cmxlbihhcmcpKTsNCi0rCQlicmVhazsNCi0rCWNhc2Ugc0ZvcmNlVExTOg0KLSsJCWludHB0 ciA9ICZvcHRpb25zLT5scGsudGxzOw0KLSsJCWFyZyA9IHN0cmRlbGltKCZjcCk7DQotKwkJ aWYgKCFhcmcgfHwgKmFyZyA9PSAnXDAnKQ0KLSsJCQlmYXRhbCgiJXMgbGluZSAlZDogbWlz c2luZyB5ZXMvbm8gYXJndW1lbnQuIiwNCi0rCQkJICAgIGZpbGVuYW1lLCBsaW5lbnVtKTsN Ci0rCQl2YWx1ZSA9IDA7CS8qIHNpbGVuY2UgY29tcGlsZXIgKi8NCi0rCQlpZiAoc3RyY21w KGFyZywgInllcyIpID09IDApDQotKwkJCXZhbHVlID0gMTsNCi0rCQllbHNlIGlmIChzdHJj bXAoYXJnLCAibm8iKSA9PSAwKQ0KLSsJCQl2YWx1ZSA9IDA7DQotKwkJZWxzZSBpZiAoc3Ry Y21wKGFyZywgInRyeSIpID09IDApDQotKwkJCXZhbHVlID0gLTE7DQotKwkJZWxzZQ0KLSsJ CQlmYXRhbCgiJXMgbGluZSAlZDogQmFkIHllcy9ubyBhcmd1bWVudDogJXMiLA0KLSsJCQkJ ZmlsZW5hbWUsIGxpbmVudW0sIGFyZyk7DQotKwkJaWYgKCppbnRwdHIgPT0gLTEpDQotKwkJ CSppbnRwdHIgPSB2YWx1ZTsNCi0rCQlicmVhazsNCi0rCWNhc2Ugc0JpbmRUaW1lb3V0Og0K LSsJCWludHB0ciA9IChpbnQgKikgJm9wdGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjOw0K LSsJCWdvdG8gcGFyc2VfaW50Ow0KLSsJY2FzZSBzU2VhcmNoVGltZW91dDoNCi0rCQlpbnRw dHIgPSAoaW50ICopICZvcHRpb25zLT5scGsuc190aW1lb3V0LnR2X3NlYzsNCi0rCQlnb3Rv IHBhcnNlX2ludDsNCi0rCQlicmVhazsNCi0rCWNhc2Ugc0xkYXBDb25mOg0KLSsJCWFyZyA9 IGNwOw0KLSsJCWlmICghYXJnIHx8ICphcmcgPT0gJ1wwJykNCi0rCQkgICAgZmF0YWwoIiVz IGxpbmUgJWQ6IG1pc3NpbmcgTHBrTGRhcENvbmYiLCBmaWxlbmFtZSwgbGluZW51bSk7DQot KwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQotKwkJb3B0aW9ucy0+bHBrLmxfY29uZiA9 IHhzdHJkdXAoYXJnKTsNCi0rCQltZW1zZXQoYXJnLCAwLCBzdHJsZW4oYXJnKSk7DQotKwkJ YnJlYWs7DQotKyNlbmRpZg0KLSANCi0gCWRlZmF1bHQ6DQotIAkJZmF0YWwoIiVzIGxpbmUg JWQ6IE1pc3NpbmcgaGFuZGxlciBmb3Igb3Bjb2RlICVzICglZCkiLA0KZGlmZiAtTnJ1IC9o b21lL2dhd3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9jb250cmliLW9wZW5z c2gtbHBrLTUuMXAxLTAuMy4xMC5wYXRjaCAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1wb3J0 YWJsZS9maWxlcy9jb250cmliLW9wZW5zc2gtbHBrLTUuMXAxLTAuMy4xMC5wYXRjaA0KLS0t IC9ob21lL2dhd3JpbG9mZi9scGsvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9jb250cmliLW9w ZW5zc2gtbHBrLTUuMXAxLTAuMy4xMC5wYXRjaAkyMDA5LTA2LTIxIDIzOjM2OjE1LjAwMDAw MDAwMCArMDMwMA0KKysrIC9ob21lL2dhd3JpbG9mZi9vcGVuc3NoLXBvcnRhYmxlL2ZpbGVz L2NvbnRyaWItb3BlbnNzaC1scGstNS4xcDEtMC4zLjEwLnBhdGNoCTE5NzAtMDEtMDEgMDM6 MDA6MDAuMDAwMDAwMDAwICswMzAwDQpAQCAtMSwxNjgyICswLDAgQEANCi1UaGlzIGlzIGEg Zm9yd2FyZC1wb3J0IG9mIHRoZSBPcGVuU1NIIExQSyBzdXBwb3J0IHBhdGNoLg0KLQ0KLUl0 IGFkZHMgc3VwcG9ydCBmb3Igc3RvcmluZyBPcGVuU1NIIHB1YmxpYyBrZXlzIGluIExEQVAu IEl0IGFsc28gc3VwcG9ydHMNCi1ncm91cGluZyBvZiBtYWNoaW5lcyBpbiB0aGUgTERBUCBk YXRhIHRvIGxpbWl0IHVzZXJzIHRvIHNwZWNpZmljIG1hY2hpbmVzLg0KLQ0KLVRoZSBsYXRl c3QgaG9tZXBhZ2UgZm9yIHRoZSBMUEsgcHJvamVjdCBpczoNCi1odHRwOi8vY29kZS5nb29n bGUuY29tL3Avb3BlbnNzaC1scGsvDQotDQotVGhlIDAuMy4xMCB2ZXJzaW9uIG9mIHRoZSBw YXRjaCBpbmNsdWRlcyBhIGZpeCBmb3IgNjQtYml0IHBsYXRmb3JtcywgYXMNCi1kaXNjb3Zl cmVkIGJ5IEdlbnRvbywgd2hlcmUgdGhlIGJpbmQgdGltZW91dCBhbmQgc2VhcmNoIHRpbWVv dXQgdmFsdWVzIHdlcmUgbm90DQotYmVpbmcgcGFyc2VkIGNvcnJlY3RseTogaHR0cDovL2J1 Z3MuZ2VudG9vLm9yZy8yMTAxMTANCi0NCi1Gb3J3YXJkLXBvcnRlZC1mcm9tOiBvcGVuc3No LWxway01LjFwMS0wLjMuOS5wYXRjaA0KLVNpZ25lZC1vZmYtYnk6IFJvYmluIEguIEpvaG5z b24gPHJvYmJhdDJAZ2VudG9vLm9yZz4NCi0NCi1kaWZmIC1OdWFyIC0tZXhjbHVkZSAnKi5v cmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBhdXRoMi1wdWJrZXkuYyBhdXRoMi1wdWJrZXkuYw0K LS0tLSBhdXRoMi1wdWJrZXkuYwkyMDA4LTA3LTAzIDE5OjU0OjI1LjAwMDAwMDAwMCAtMDcw MA0KLSsrKyBhdXRoMi1wdWJrZXkuYwkyMDA4LTA4LTIzIDE1OjAyOjQ3LjAwMDAwMDAwMCAt MDcwMA0KLUBAIC01NSw2ICs1NSwxMCBAQA0KLSAjaW5jbHVkZSAibW9uaXRvcl93cmFwLmgi DQotICNpbmNsdWRlICJtaXNjLmgiDQotIA0KLSsjaWZkZWYgV0lUSF9MREFQX1BVQktFWQ0K LSsjaW5jbHVkZSAibGRhcGF1dGguaCINCi0rI2VuZGlmDQotKw0KLSAvKiBpbXBvcnQgKi8N Ci0gZXh0ZXJuIFNlcnZlck9wdGlvbnMgb3B0aW9uczsNCi0gZXh0ZXJuIHVfY2hhciAqc2Vz c2lvbl9pZDI7DQotQEAgLTE4NywxMCArMTkxLDc5IEBADQotIAl1X2xvbmcgbGluZW51bSA9 IDA7DQotIAlLZXkgKmZvdW5kOw0KLSAJY2hhciAqZnA7DQotKyNpZmRlZiBXSVRIX0xEQVBf UFVCS0VZDQotKwlsZGFwX2tleV90ICogazsNCi0rCXVuc2lnbmVkIGludCBpID0gMDsNCi0r I2VuZGlmDQotIA0KLSAJLyogVGVtcG9yYXJpbHkgdXNlIHRoZSB1c2VyJ3MgdWlkLiAqLw0K LSAJdGVtcG9yYXJpbHlfdXNlX3VpZChwdyk7DQotIA0KLSsjaWZkZWYgV0lUSF9MREFQX1BV QktFWQ0KLSsgCWZvdW5kX2tleSA9IDA7DQotKyAJLyogYWxsb2NhdGUgYSBuZXcga2V5IHR5 cGUgKi8NCi0rIAlmb3VuZCA9IGtleV9uZXcoa2V5LT50eXBlKTsNCi0rIA0KLSsgCS8qIGZp cnN0IGNoZWNrIGlmIHRoZSBvcHRpb25zIGlzIGVuYWJsZWQsIHRoZW4gdHJ5Li4gKi8NCi0r CWlmIChvcHRpb25zLmxway5vbikgew0KLSsJICAgIGRlYnVnKCJbTERBUF0gdHJ5aW5nIExE QVAgZmlyc3QgdWlkPSVzIixwdy0+cHdfbmFtZSk7DQotKwkgICAgaWYgKGxkYXBfaXNtZW1i ZXIoJm9wdGlvbnMubHBrLCBwdy0+cHdfbmFtZSkgPiAwKSB7DQotKwkJaWYgKChrID0gbGRh cF9nZXR1c2Vya2V5KCZvcHRpb25zLmxwaywgcHctPnB3X25hbWUpKSAhPSBOVUxMKSB7DQot KwkJICAgIC8qIFNraXAgbGVhZGluZyB3aGl0ZXNwYWNlLCBlbXB0eSBhbmQgY29tbWVudCBs aW5lcy4gKi8NCi0rCQkgICAgZm9yIChpID0gMCA7IGkgPCBrLT5udW0gOyBpKyspIHsNCi0r CQkJLyogZG9udCBmb3JnZXQgaWYgbXVsdGlwbGUga2V5cyB0byByZXNldCBvcHRpb25zICov DQotKwkJCWNoYXIgKmNwLCAqb3B0aW9ucyA9IE5VTEw7DQotKw0KLSsJCQlmb3IgKGNwID0g KGNoYXIgKilrLT5rZXlzW2ldLT5idl92YWw7ICpjcCA9PSAnICcgfHwgKmNwID09ICdcdCc7 IGNwKyspDQotKwkJCSAgICA7DQotKwkJCWlmICghKmNwIHx8ICpjcCA9PSAnXG4nIHx8ICpj cCA9PSAnIycpDQotKwkJCSAgICBjb250aW51ZTsNCi0rDQotKwkJCWlmIChrZXlfcmVhZChm b3VuZCwgJmNwKSAhPSAxKSB7DQotKwkJCSAgICAvKiBubyBrZXk/ICBjaGVjayBpZiB0aGVy ZSBhcmUgb3B0aW9ucyBmb3IgdGhpcyBrZXkgKi8NCi0rCQkJICAgIGludCBxdW90ZWQgPSAw Ow0KLSsJCQkgICAgZGVidWcyKCJbTERBUF0gdXNlcl9rZXlfYWxsb3dlZDogY2hlY2sgb3B0 aW9uczogJyVzJyIsIGNwKTsNCi0rCQkJICAgIG9wdGlvbnMgPSBjcDsNCi0rCQkJICAgIGZv ciAoOyAqY3AgJiYgKHF1b3RlZCB8fCAoKmNwICE9ICcgJyAmJiAqY3AgIT0gJ1x0JykpOyBj cCsrKSB7DQotKwkJCQlpZiAoKmNwID09ICdcXCcgJiYgY3BbMV0gPT0gJyInKQ0KLSsJCQkJ ICAgIGNwKys7CS8qIFNraXAgYm90aCAqLw0KLSsJCQkJZWxzZSBpZiAoKmNwID09ICciJykN Ci0rCQkJCSAgICBxdW90ZWQgPSAhcXVvdGVkOw0KLSsJCQkgICAgfQ0KLSsJCQkgICAgLyog U2tpcCByZW1haW5pbmcgd2hpdGVzcGFjZS4gKi8NCi0rCQkJICAgIGZvciAoOyAqY3AgPT0g JyAnIHx8ICpjcCA9PSAnXHQnOyBjcCsrKQ0KLSsJCQkJOw0KLSsJCQkgICAgaWYgKGtleV9y ZWFkKGZvdW5kLCAmY3ApICE9IDEpIHsNCi0rCQkJCWRlYnVnMigiW0xEQVBdIHVzZXJfa2V5 X2FsbG93ZWQ6IGFkdmFuY2U6ICclcyciLCBjcCk7DQotKwkJCQkvKiBzdGlsbCBubyBrZXk/ ICBhZHZhbmNlIHRvIG5leHQgbGluZSovDQotKwkJCQljb250aW51ZTsNCi0rCQkJICAgIH0N Ci0rCQkJfQ0KLSsNCi0rCQkJaWYgKGtleV9lcXVhbChmb3VuZCwga2V5KSAmJg0KLSsJCQkJ YXV0aF9wYXJzZV9vcHRpb25zKHB3LCBvcHRpb25zLCBmaWxlLCBsaW5lbnVtKSA9PSAxKSB7 DQotKwkJCSAgICBmb3VuZF9rZXkgPSAxOw0KLSsJCQkgICAgZGVidWcoIltMREFQXSBtYXRj aGluZyBrZXkgZm91bmQiKTsNCi0rCQkJICAgIGZwID0ga2V5X2ZpbmdlcnByaW50KGZvdW5k LCBTU0hfRlBfTUQ1LCBTU0hfRlBfSEVYKTsNCi0rCQkJICAgIHZlcmJvc2UoIltMREFQXSBG b3VuZCBtYXRjaGluZyAlcyBrZXk6ICVzIiwga2V5X3R5cGUoZm91bmQpLCBmcCk7DQotKw0K LSsJCQkgICAgLyogcmVzdG9yaW5nIG1lbW9yeSAqLw0KLSsJCQkgICAgbGRhcF9rZXlzX2Zy ZWUoayk7DQotKwkJCSAgICB4ZnJlZShmcCk7DQotKwkJCSAgICByZXN0b3JlX3VpZCgpOw0K LSsJCQkgICAga2V5X2ZyZWUoZm91bmQpOw0KLSsJCQkgICAgcmV0dXJuIGZvdW5kX2tleTsN Ci0rCQkJICAgIGJyZWFrOw0KLSsJCQl9DQotKwkJICAgIH0vKiBlbmQgb2YgTERBUCBmb3Io KSAqLw0KLSsJCX0gZWxzZSB7DQotKwkJICAgIGxvZ2l0KCJbTERBUF0gbm8ga2V5cyBmb3Vu ZCBmb3IgJyVzJyEiLCBwdy0+cHdfbmFtZSk7DQotKwkJfQ0KLSsJICAgIH0gZWxzZSB7DQot KwkJbG9naXQoIltMREFQXSAnJXMnIGlzIG5vdCBpbiAnJXMnIiwgcHctPnB3X25hbWUsIG9w dGlvbnMubHBrLnNncm91cCk7DQotKwkgICAgfQ0KLSsJfQ0KLSsjZW5kaWYNCi0gCWRlYnVn KCJ0cnlpbmcgcHVibGljIGtleSBmaWxlICVzIiwgZmlsZSk7DQotIAlmID0gYXV0aF9vcGVu a2V5ZmlsZShmaWxlLCBwdywgb3B0aW9ucy5zdHJpY3RfbW9kZXMpOw0KLSANCi1kaWZmIC1O dWFyIC0tZXhjbHVkZSAnKi5vcmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBhdXRoLXJzYS5jIGF1 dGgtcnNhLmMNCi0tLS0gYXV0aC1yc2EuYwkyMDA4LTA3LTAyIDA1OjM3OjMwLjAwMDAwMDAw MCAtMDcwMA0KLSsrKyBhdXRoLXJzYS5jCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAw IC0wNzAwDQotQEAgLTE3NCwxMCArMTc0LDk2IEBADQotIAlGSUxFICpmOw0KLSAJdV9sb25n IGxpbmVudW0gPSAwOw0KLSAJS2V5ICprZXk7DQotKyNpZmRlZiBXSVRIX0xEQVBfUFVCS0VZ DQotKwlsZGFwX2tleV90ICogazsNCi0rCXVuc2lnbmVkIGludCBpID0gMDsNCi0rI2VuZGlm DQotIA0KLSAJLyogVGVtcG9yYXJpbHkgdXNlIHRoZSB1c2VyJ3MgdWlkLiAqLw0KLSAJdGVt cG9yYXJpbHlfdXNlX3VpZChwdyk7DQotIA0KLSsjaWZkZWYgV0lUSF9MREFQX1BVQktFWQ0K LSsJLyogaGVyZSBpcyB0aGUgam9iICovDQotKwlrZXkgPSBrZXlfbmV3KEtFWV9SU0ExKTsN Ci0rDQotKwlpZiAob3B0aW9ucy5scGsub24pIHsNCi0rCSAgICBkZWJ1ZygiW0xEQVBdIHRy eWluZyBMREFQIGZpcnN0IHVpZD0lcyIsIHB3LT5wd19uYW1lKTsNCi0rCSAgICBpZiAoIGxk YXBfaXNtZW1iZXIoJm9wdGlvbnMubHBrLCBwdy0+cHdfbmFtZSkgPiAwKSB7DQotKwkJaWYg KCAoayA9IGxkYXBfZ2V0dXNlcmtleSgmb3B0aW9ucy5scGssIHB3LT5wd19uYW1lKSkgIT0g TlVMTCkgew0KLSsJCSAgICBmb3IgKGkgPSAwIDsgaSA8IGstPm51bSA7IGkrKykgew0KLSsJ CQljaGFyICpjcCwgKm9wdGlvbnMgPSBOVUxMOw0KLSsNCi0rCQkJZm9yIChjcCA9IGstPmtl eXNbaV0tPmJ2X3ZhbDsgKmNwID09ICcgJyB8fCAqY3AgPT0gJ1x0JzsgY3ArKykNCi0rCQkJ ICAgIDsNCi0rCQkJaWYgKCEqY3AgfHwgKmNwID09ICdcbicgfHwgKmNwID09ICcjJykNCi0r CQkJICAgIGNvbnRpbnVlOw0KLSsNCi0rCQkJLyoNCi0rCQkJKiBDaGVjayBpZiB0aGVyZSBh cmUgb3B0aW9ucyBmb3IgdGhpcyBrZXksIGFuZCBpZiBzbywNCi0rCQkJKiBzYXZlIHRoZWly IHN0YXJ0aW5nIGFkZHJlc3MgYW5kIHNraXAgdGhlIG9wdGlvbiBwYXJ0DQotKwkJCSogZm9y IG5vdy4gIElmIHRoZXJlIGFyZSBubyBvcHRpb25zLCBzZXQgdGhlIHN0YXJ0aW5nDQotKwkJ CSogYWRkcmVzcyB0byBOVUxMLg0KLSsJCQkgKi8NCi0rCQkJaWYgKCpjcCA8ICcwJyB8fCAq Y3AgPiAnOScpIHsNCi0rCQkJICAgIGludCBxdW90ZWQgPSAwOw0KLSsJCQkgICAgb3B0aW9u cyA9IGNwOw0KLSsJCQkgICAgZm9yICg7ICpjcCAmJiAocXVvdGVkIHx8ICgqY3AgIT0gJyAn ICYmICpjcCAhPSAnXHQnKSk7IGNwKyspIHsNCi0rCQkJCWlmICgqY3AgPT0gJ1xcJyAmJiBj cFsxXSA9PSAnIicpDQotKwkJCQkgICAgY3ArKzsJLyogU2tpcCBib3RoICovDQotKwkJCQll bHNlIGlmICgqY3AgPT0gJyInKQ0KLSsJCQkJICAgIHF1b3RlZCA9ICFxdW90ZWQ7DQotKwkJ CSAgICB9DQotKwkJCX0gZWxzZQ0KLSsJCQkgICAgb3B0aW9ucyA9IE5VTEw7DQotKw0KLSsJ CQkvKiBQYXJzZSB0aGUga2V5IGZyb20gdGhlIGxpbmUuICovDQotKwkJCWlmIChob3N0Zmls ZV9yZWFkX2tleSgmY3AsICZiaXRzLCBrZXkpID09IDApIHsNCi0rCQkJICAgIGRlYnVnKCJb TERBUF0gbGluZSAlZDogbm9uIHNzaDEga2V5IHN5bnRheCIsIGkpOw0KLSsJCQkgICAgY29u dGludWU7DQotKwkJCX0NCi0rCQkJLyogY3Agbm93IHBvaW50cyB0byB0aGUgY29tbWVudCBw YXJ0LiAqLw0KLSsNCi0rCQkJLyogQ2hlY2sgaWYgdGhlIHdlIGhhdmUgZm91bmQgdGhlIGRl c2lyZWQga2V5IChpZGVudGlmaWVkIGJ5IGl0cyBtb2R1bHVzKS4gKi8NCi0rCQkJaWYgKEJO X2NtcChrZXktPnJzYS0+biwgY2xpZW50X24pICE9IDApDQotKwkJCSAgICBjb250aW51ZTsN Ci0rDQotKwkJCS8qIGNoZWNrIHRoZSByZWFsIGJpdHMgICovDQotKwkJCWlmIChiaXRzICE9 ICh1bnNpZ25lZCBpbnQpQk5fbnVtX2JpdHMoa2V5LT5yc2EtPm4pKQ0KLSsJCQkgICAgbG9n aXQoIltMREFQXSBXYXJuaW5nOiBsZGFwLCBsaW5lICVsdToga2V5c2l6ZSBtaXNtYXRjaDog Ig0KLSsJCQkJICAgICJhY3R1YWwgJWQgdnMuIGFubm91bmNlZCAlZC4iLCAodW5zaWduZWQg bG9uZylpLCBCTl9udW1fYml0cyhrZXktPnJzYS0+biksIGJpdHMpOw0KLSsNCi0rCQkJLyog V2UgaGF2ZSBmb3VuZCB0aGUgZGVzaXJlZCBrZXkuICovDQotKwkJCS8qDQotKwkJCSogSWYg b3VyIG9wdGlvbnMgZG8gbm90IGFsbG93IHRoaXMga2V5IHRvIGJlIHVzZWQsDQotKwkJCSog ZG8gbm90IHNlbmQgY2hhbGxlbmdlLg0KLSsJCQkgKi8NCi0rCQkJaWYgKCFhdXRoX3BhcnNl X29wdGlvbnMocHcsIG9wdGlvbnMsICJbTERBUF0iLCAodW5zaWduZWQgbG9uZykgaSkpDQot KwkJCSAgICBjb250aW51ZTsNCi0rDQotKwkJCS8qIGJyZWFrIG91dCwgdGhpcyBrZXkgaXMg YWxsb3dlZCAqLw0KLSsJCQlhbGxvd2VkID0gMTsNCi0rDQotKwkJCS8qIGFkZCB0aGUgcmV0 dXJuIHN0dWZmIGV0Yy4uLiAqLw0KLSsJCQkvKiBSZXN0b3JlIHRoZSBwcml2aWxlZ2VkIHVp ZC4gKi8NCi0rCQkJcmVzdG9yZV91aWQoKTsNCi0rDQotKwkJCS8qIHJldHVybiBrZXkgaWYg YWxsb3dlZCAqLw0KLSsJCQlpZiAoYWxsb3dlZCAmJiBya2V5ICE9IE5VTEwpDQotKwkJCSAg ICAqcmtleSA9IGtleTsNCi0rCQkJZWxzZQ0KLSsJCQkgICAga2V5X2ZyZWUoa2V5KTsNCi0r DQotKwkJCWxkYXBfa2V5c19mcmVlKGspOw0KLSsJCQlyZXR1cm4gKGFsbG93ZWQpOw0KLSsJ CSAgICB9DQotKwkJfSBlbHNlIHsNCi0rCQkgICAgbG9naXQoIltMREFQXSBubyBrZXlzIGZv dW5kIGZvciAnJXMnISIsIHB3LT5wd19uYW1lKTsNCi0rCQl9DQotKwkgICAgfSBlbHNlIHsN Ci0rCQlsb2dpdCgiW0xEQVBdICclcycgaXMgbm90IGluICclcyciLCBwdy0+cHdfbmFtZSwg b3B0aW9ucy5scGsuc2dyb3VwKTsNCi0rCSAgICB9DQotKwl9DQotKyNlbmRpZg0KLSAJLyog VGhlIGF1dGhvcml6ZWQga2V5cy4gKi8NCi0gCWZpbGUgPSBhdXRob3JpemVkX2tleXNfZmls ZShwdyk7DQotIAlkZWJ1ZygidHJ5aW5nIHB1YmxpYyBSU0Ega2V5IGZpbGUgJXMiLCBmaWxl KTsNCi1kaWZmIC1OdWFyIC0tZXhjbHVkZSAnKi5vcmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBj b25maWcuaC5pbiBjb25maWcuaC5pbg0KLS0tLSBjb25maWcuaC5pbgkyMDA4LTA3LTIxIDAx OjMwOjQ5LjAwMDAwMDAwMCAtMDcwMA0KLSsrKyBjb25maWcuaC5pbgkyMDA4LTA4LTIzIDE1 OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KLUBAIC01NjAsNiArNTYwLDkgQEANCi0gLyogRGVm aW5lIHRvIDEgaWYgeW91IGhhdmUgdGhlIDxsaW51eC9pZl90dW4uaD4gaGVhZGVyIGZpbGUu ICovDQotICN1bmRlZiBIQVZFX0xJTlVYX0lGX1RVTl9IDQotIA0KLSsvKiBEZWZpbmUgaWYg eW91IHdhbnQgTERBUCBzdXBwb3J0ICovDQotKyN1bmRlZiBXSVRIX0xEQVBfUFVCS0VZDQot Kw0KLSAvKiBEZWZpbmUgaWYgeW91ciBsaWJyYXJpZXMgZGVmaW5lIGxvZ2luKCkgKi8NCi0g I3VuZGVmIEhBVkVfTE9HSU4NCi0gDQotZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycg LS1leGNsdWRlICcqLnJlaicgY29uZmlndXJlIGNvbmZpZ3VyZQ0KLS0tLSBjb25maWd1cmUJ MjAwOC0wNy0yMSAwMTozMDo1MC4wMDAwMDAwMDAgLTA3MDANCi0rKysgY29uZmlndXJlCTIw MDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQotQEAgLTEzNDAsNiArMTM0MCw3 IEBADQotICAgLS13aXRoLXRjcC13cmFwcGVyc1s9UEFUSF0gRW5hYmxlIHRjcHdyYXBwZXJz IHN1cHBvcnQgKG9wdGlvbmFsbHkgaW4gUEFUSCkNCi0gICAtLXdpdGgtbGliZWRpdFs9UEFU SF0gICBFbmFibGUgbGliZWRpdCBzdXBwb3J0IGZvciBzZnRwDQotICAgLS13aXRoLWF1ZGl0 PW1vZHVsZSAgICAgRW5hYmxlIEVYUEVSSU1FTlRBTCBhdWRpdCBzdXBwb3J0IChtb2R1bGVz PWRlYnVnLGJzbSkNCi0rICAtLXdpdGgtbGRhcFs9UEFUSF0gICAgICBFbmFibGUgTERBUCBw dWJrZXkgc3VwcG9ydCAob3B0aW9uYWxseSBpbiBQQVRIKQ0KLSAgIC0td2l0aC1zc2wtZGly PVBBVEggICAgIFNwZWNpZnkgcGF0aCB0byBPcGVuU1NMIGluc3RhbGxhdGlvbg0KLSAgIC0t d2l0aG91dC1vcGVuc3NsLWhlYWRlci1jaGVjayBEaXNhYmxlIE9wZW5TU0wgdmVyc2lvbiBj b25zaXN0ZW5jeSBjaGVjaw0KLSAgIC0td2l0aC1zc2wtZW5naW5lICAgICAgIEVuYWJsZSBP cGVuU1NMIChoYXJkd2FyZSkgRU5HSU5FIHN1cHBvcnQNCi1AQCAtMTI1NjgsNiArMTI1Njks ODUgQEANCi0gZmkNCi0gDQotIA0KLSsjIENoZWNrIHdoZXRoZXIgdXNlciB3YW50cyBMREFQ IHN1cHBvcnQNCi0rTERBUF9NU0c9Im5vIg0KLSsNCi0rIyBDaGVjayB3aGV0aGVyIC0td2l0 aC1sZGFwIHdhcyBnaXZlbi4NCi0raWYgdGVzdCAiJHt3aXRoX2xkYXArc2V0fSIgPSBzZXQ7 IHRoZW4NCi0rICB3aXRodmFsPSR3aXRoX2xkYXA7DQotKwkJaWYgdGVzdCAieCR3aXRodmFs IiAhPSAieG5vIiA7IHRoZW4NCi0rDQotKwkJCWlmIHRlc3QgIngkd2l0aHZhbCIgIT0gInh5 ZXMiIDsgdGhlbg0KLSsJCQkJQ1BQRkxBR1M9IiRDUFBGTEFHUyAtSSR7d2l0aHZhbH0vaW5j bHVkZSINCi0rCQkJCUxERkxBR1M9IiRMREZMQUdTIC1MJHt3aXRodmFsfS9saWIiDQotKwkJ CWZpDQotKw0KLSsNCi0rY2F0ID4+Y29uZmRlZnMuaCA8PFxfQUNFT0YNCi0rI2RlZmluZSBX SVRIX0xEQVBfUFVCS0VZIDENCi0rX0FDRU9GDQotKw0KLSsJCQlMSUJTPSItbGxkYXAgJExJ QlMiDQotKwkJCUxEQVBfTVNHPSJ5ZXMiDQotKw0KLSsJCQl7IGVjaG8gIiRhc19tZTokTElO RU5POiBjaGVja2luZyBmb3IgTERBUCBzdXBwb3J0IiA+JjUNCi0rZWNobyAkRUNIT19OICJj aGVja2luZyBmb3IgTERBUCBzdXBwb3J0Li4uICRFQ0hPX0MiID4mNjsgfQ0KLSsJCQljYXQg PmNvbmZ0ZXN0LiRhY19leHQgPDxfQUNFT0YNCi0rLyogY29uZmRlZnMuaC4gICovDQotK19B Q0VPRg0KLStjYXQgY29uZmRlZnMuaCA+PmNvbmZ0ZXN0LiRhY19leHQNCi0rY2F0ID4+Y29u ZnRlc3QuJGFjX2V4dCA8PF9BQ0VPRg0KLSsvKiBlbmQgY29uZmRlZnMuaC4gICovDQotKyNp bmNsdWRlIDxzeXMvdHlwZXMuaD4NCi0rCQkJCSAjaW5jbHVkZSA8bGRhcC5oPg0KLStpbnQN Ci0rbWFpbiAoKQ0KLSt7DQotKyh2b2lkKWxkYXBfaW5pdCgwLCAwKTsNCi0rICA7DQotKyAg cmV0dXJuIDA7DQotK30NCi0rX0FDRU9GDQotK3JtIC1mIGNvbmZ0ZXN0LiRhY19vYmpleHQN Ci0raWYgeyAoYWNfdHJ5PSIkYWNfY29tcGlsZSINCi0rY2FzZSAiKCgkYWNfdHJ5IiBpbg0K LSsgICpcIiogfCAqXGAqIHwgKlxcKikgYWNfdHJ5X2VjaG89XCRhY190cnk7Ow0KLSsgICop IGFjX3RyeV9lY2hvPSRhY190cnk7Ow0KLStlc2FjDQotK2V2YWwgImVjaG8gXCJcJGFzX21l OiRMSU5FTk86ICRhY190cnlfZWNob1wiIikgPiY1DQotKyAgKGV2YWwgIiRhY19jb21waWxl IikgMj5jb25mdGVzdC5lcjENCi0rICBhY19zdGF0dXM9JD8NCi0rICBncmVwIC12ICdeICor JyBjb25mdGVzdC5lcjEgPmNvbmZ0ZXN0LmVycg0KLSsgIHJtIC1mIGNvbmZ0ZXN0LmVyMQ0K LSsgIGNhdCBjb25mdGVzdC5lcnIgPiY1DQotKyAgZWNobyAiJGFzX21lOiRMSU5FTk86IFwk PyA9ICRhY19zdGF0dXMiID4mNQ0KLSsgIChleGl0ICRhY19zdGF0dXMpOyB9ICYmIHsNCi0r CSB0ZXN0IC16ICIkYWNfY193ZXJyb3JfZmxhZyIgfHwNCi0rCSB0ZXN0ICEgLXMgY29uZnRl c3QuZXJyDQotKyAgICAgICB9ICYmIHRlc3QgLXMgY29uZnRlc3QuJGFjX29iamV4dDsgdGhl bg0KLSsgIHsgZWNobyAiJGFzX21lOiRMSU5FTk86IHJlc3VsdDogeWVzIiA+JjUNCi0rZWNo byAiJHtFQ0hPX1R9eWVzIiA+JjY7IH0NCi0rZWxzZQ0KLSsgIGVjaG8gIiRhc19tZTogZmFp bGVkIHByb2dyYW0gd2FzOiIgPiY1DQotK3NlZCAncy9eL3wgLycgY29uZnRlc3QuJGFjX2V4 dCA+JjUNCi0rDQotKw0KLSsJCQkJICAgIHsgZWNobyAiJGFzX21lOiRMSU5FTk86IHJlc3Vs dDogbm8iID4mNQ0KLStlY2hvICIke0VDSE9fVH1ubyIgPiY2OyB9DQotKwkJCQkJeyB7IGVj aG8gIiRhc19tZTokTElORU5POiBlcnJvcjogKiogSW5jb21wbGV0ZSBvciBtaXNzaW5nIGxk YXAgbGlicmFyaWVzICoqIiA+JjUNCi0rZWNobyAiJGFzX21lOiBlcnJvcjogKiogSW5jb21w bGV0ZSBvciBtaXNzaW5nIGxkYXAgbGlicmFyaWVzICoqIiA+JjI7fQ0KLSsgICB7IChleGl0 IDEpOyBleGl0IDE7IH07IH0NCi0rDQotKw0KLStmaQ0KLSsNCi0rcm0gLWYgY29yZSBjb25m dGVzdC5lcnIgY29uZnRlc3QuJGFjX29iamV4dCBjb25mdGVzdC4kYWNfZXh0DQotKwkJZmkN Ci0rDQotKw0KLStmaQ0KLSsNCi0rDQotIA0KLSANCi0gDQotQEAgLTMwMTM1LDYgKzMwMjE1 LDcgQEANCi0gZWNobyAiICAgICAgICAgICAgICAgICBTbWFydGNhcmQgc3VwcG9ydDogJFND QVJEX01TRyINCi0gZWNobyAiICAgICAgICAgICAgICAgICAgICAgUy9LRVkgc3VwcG9ydDog JFNLRVlfTVNHIg0KLSBlY2hvICIgICAgICAgICAgICAgIFRDUCBXcmFwcGVycyBzdXBwb3J0 OiAkVENQV19NU0ciDQotK2VjaG8gIiAgICAgICAgICAgICAgICAgICAgICBMREFQIHN1cHBv cnQ6ICRMREFQX01TRyINCi0gZWNobyAiICAgICAgICAgICAgICBNRDUgcGFzc3dvcmQgc3Vw cG9ydDogJE1ENV9NU0ciDQotIGVjaG8gIiAgICAgICAgICAgICAgICAgICBsaWJlZGl0IHN1 cHBvcnQ6ICRMSUJFRElUX01TRyINCi0gZWNobyAiICBTb2xhcmlzIHByb2Nlc3MgY29udHJh Y3Qgc3VwcG9ydDogJFNQQ19NU0ciDQotZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycg LS1leGNsdWRlICcqLnJlaicgY29uZmlndXJlLmFjIGNvbmZpZ3VyZS5hYw0KLS0tLSBjb25m aWd1cmUuYWMJMjAwOC0wNy0wOSAwNDowNzoxOS4wMDAwMDAwMDAgLTA3MDANCi0rKysgY29u ZmlndXJlLmFjCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQotQEAgLTEy OTksNiArMTI5OSwzNyBAQA0KLSAJZXNhYyBdDQotICkNCi0gDQotKyMgQ2hlY2sgd2hldGhl ciB1c2VyIHdhbnRzIExEQVAgc3VwcG9ydA0KLStMREFQX01TRz0ibm8iDQotK0FDX0FSR19X SVRIKGxkYXAsDQotKwlbICAtLXdpdGgtbGRhcFtbPVBBVEhdXSAgICAgIEVuYWJsZSBMREFQ IHB1YmtleSBzdXBwb3J0IChvcHRpb25hbGx5IGluIFBBVEgpXSwNCi0rCVsNCi0rCQlpZiB0 ZXN0ICJ4JHdpdGh2YWwiICE9ICJ4bm8iIDsgdGhlbg0KLSsNCi0rCQkJaWYgdGVzdCAieCR3 aXRodmFsIiAhPSAieHllcyIgOyB0aGVuDQotKwkJCQlDUFBGTEFHUz0iJENQUEZMQUdTIC1J JHt3aXRodmFsfS9pbmNsdWRlIg0KLSsJCQkJTERGTEFHUz0iJExERkxBR1MgLUwke3dpdGh2 YWx9L2xpYiINCi0rCQkJZmkNCi0rDQotKwkJCUFDX0RFRklORShbV0lUSF9MREFQX1BVQktF WV0sIDEsIFtFbmFibGUgTERBUCBwdWJrZXkgc3VwcG9ydF0pDQotKwkJCUxJQlM9Ii1sbGRh cCAkTElCUyINCi0rCQkJTERBUF9NU0c9InllcyINCi0rCQ0KLSsJCQlBQ19NU0dfQ0hFQ0tJ TkcoW2ZvciBMREFQIHN1cHBvcnRdKQ0KLSsJCQlBQ19UUllfQ09NUElMRSgNCi0rCQkJCVsj aW5jbHVkZSA8c3lzL3R5cGVzLmg+DQotKwkJCQkgI2luY2x1ZGUgPGxkYXAuaD5dLA0KLSsJ CQkJWyh2b2lkKWxkYXBfaW5pdCgwLCAwKTtdLA0KLSsJCQkJW0FDX01TR19SRVNVTFQoeWVz KV0sDQotKwkJCQlbDQotKwkJCQkgICAgQUNfTVNHX1JFU1VMVChubykgDQotKwkJCQkJQUNf TVNHX0VSUk9SKFsqKiBJbmNvbXBsZXRlIG9yIG1pc3NpbmcgbGRhcCBsaWJyYXJpZXMgKipd KQ0KLSsJCQkJXQ0KLSsgICAgICAgIAkpDQotKwkJZmkNCi0rCV0NCi0rKQ0KLSsNCi0gZG5s ICAgIENoZWNrcyBmb3IgbGlicmFyeSBmdW5jdGlvbnMuIFBsZWFzZSBrZWVwIGluIGFscGhh YmV0aWNhbCBvcmRlcg0KLSBBQ19DSEVDS19GVU5DUyggXA0KLSAJYXJjNHJhbmRvbSBcDQot QEAgLTQxMzcsNiArNDE2OCw3IEBADQotIGVjaG8gIiAgICAgICAgICAgICAgICAgU21hcnRj YXJkIHN1cHBvcnQ6ICRTQ0FSRF9NU0ciDQotIGVjaG8gIiAgICAgICAgICAgICAgICAgICAg IFMvS0VZIHN1cHBvcnQ6ICRTS0VZX01TRyINCi0gZWNobyAiICAgICAgICAgICAgICBUQ1Ag V3JhcHBlcnMgc3VwcG9ydDogJFRDUFdfTVNHIg0KLStlY2hvICIgICAgICAgICAgICAgICAg ICAgICAgTERBUCBzdXBwb3J0OiAkTERBUF9NU0ciDQotIGVjaG8gIiAgICAgICAgICAgICAg TUQ1IHBhc3N3b3JkIHN1cHBvcnQ6ICRNRDVfTVNHIg0KLSBlY2hvICIgICAgICAgICAgICAg ICAgICAgbGliZWRpdCBzdXBwb3J0OiAkTElCRURJVF9NU0ciDQotIGVjaG8gIiAgU29sYXJp cyBwcm9jZXNzIGNvbnRyYWN0IHN1cHBvcnQ6ICRTUENfTVNHIg0KLWRpZmYgLU51YXIgLS1l eGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIGxkYXBhdXRoLmMgbGRhcGF1dGgu Yw0KLS0tLSBsZGFwYXV0aC5jCTE5NjktMTItMzEgMTY6MDA6MDAuMDAwMDAwMDAwIC0wODAw DQotKysrIGxkYXBhdXRoLmMJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDAN Ci1AQCAtMCwwICsxLDU3NSBAQA0KLSsvKiANCi0rICogJElkOiBvcGVuc3NoLWxway00LjNw MS0wLjMuNy5wYXRjaCx2IDEuMyAyMDA2LzA0LzE4IDE1OjI5OjA5IGVhdSBFeHAgJA0KLSsg Ki8NCi0rDQotKy8qDQotKyAqDQotKyAqIENvcHlyaWdodCAoYykgMjAwNSwgRXJpYyBBVUdF IDxlYXVAcGhlYXIub3JnPg0KLSsgKiBBbGwgcmlnaHRzIHJlc2VydmVkLg0KLSsgKg0KLSsg KiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3 aXRoIG9yIHdpdGhvdXQgbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRo YXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zIGFyZSBtZXQ6DQotKyAqDQotKyAqIFJlZGlz dHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJp Z2h0IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcg ZGlzY2xhaW1lci4NCi0rICogUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3Qg cmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29u ZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZSBkb2N1bWVudGF0 aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0 aW9uLg0KLSsgKiBOZWl0aGVyIHRoZSBuYW1lIG9mIHRoZSBwaGVhci5vcmcgbm9yIHRoZSBu YW1lcyBvZiBpdHMgY29udHJpYnV0b3JzIG1heSBiZSB1c2VkIHRvIGVuZG9yc2Ugb3IgcHJv bW90ZSBwcm9kdWN0cyBkZXJpdmVkIGZyb20gdGhpcyBzb2Z0d2FyZSB3aXRob3V0IHNwZWNp ZmljIHByaW9yIHdyaXR0ZW4gcGVybWlzc2lvbi4NCi0rICoNCi0rICogVEhJUyBTT0ZUV0FS RSBJUyBQUk9WSURFRCBCWSBUSEUgQ09QWVJJR0hUIEhPTERFUlMgQU5EIENPTlRSSUJVVE9S UyAiQVMgSVMiIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xV RElORywgDQotKyAqIEJVVCBOT1QgTElNSVRFRCBUTywgVEhFIElNUExJRUQgV0FSUkFOVElF UyBPRiBNRVJDSEFOVEFCSUxJVFkgQU5EIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQ T1NFIEFSRSBESVNDTEFJTUVELiANCi0rICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIENPUFlS SUdIVCBPV05FUiBPUiBDT05UUklCVVRPUlMgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJ TkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCANCi0rICogT1IgQ09O U0VRVUVOVElBTCBEQU1BR0VTIChJTkNMVURJTkcsIEJVVCBOT1QgTElNSVRFRCBUTywgUFJP Q1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUyBPUiBTRVJWSUNFUzsgDQotKyAqIExPU1Mg T0YgVVNFLCBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhP V0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkgVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJ TiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgDQotKyAqIE9SIFRPUlQgKElOQ0xVRElO RyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBU SEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lC SUxJVFkgT0YgU1VDSCBEQU1BR0UuDQotKyAqDQotKyAqDQotKyAqLw0KLSsNCi0rI2luY2x1 ZGUgImluY2x1ZGVzLmgiDQotKw0KLSsjaWZkZWYgV0lUSF9MREFQX1BVQktFWQ0KLSsNCi0r I2luY2x1ZGUgPHN0ZGlvLmg+DQotKyNpbmNsdWRlIDxzdGRsaWIuaD4NCi0rI2luY2x1ZGUg PHVuaXN0ZC5oPg0KLSsjaW5jbHVkZSA8c3RyaW5nLmg+DQotKw0KLSsjaW5jbHVkZSAibGRh cGF1dGguaCINCi0rI2luY2x1ZGUgImxvZy5oIg0KLSsNCi0rc3RhdGljIGNoYXIgKmF0dHJz W10gPSB7DQotKyAgICBQVUJLRVlBVFRSLA0KLSsgICAgTlVMTA0KLSt9Ow0KLSsNCi0rLyog ZmlsdGVyIGJ1aWxkaW5nIGluZm9zICovDQotKyNkZWZpbmUgRklMVEVSX0dST1VQX1BSRUZJ WCAiKCYob2JqZWN0Y2xhc3M9cG9zaXhHcm91cCkiDQotKyNkZWZpbmUgRklMVEVSX09SX1BS RUZJWCAiKHwiDQotKyNkZWZpbmUgRklMVEVSX09SX1NVRkZJWCAiKSINCi0rI2RlZmluZSBG SUxURVJfQ05fUFJFRklYICIoY249Ig0KLSsjZGVmaW5lIEZJTFRFUl9DTl9TVUZGSVggIiki DQotKyNkZWZpbmUgRklMVEVSX1VJRF9GT1JNQVQgIihtZW1iZXJVaWQ9JXMpIg0KLSsjZGVm aW5lIEZJTFRFUl9HUk9VUF9TVUZGSVggIikiDQotKyNkZWZpbmUgRklMVEVSX0dST1VQX1NJ WkUoZ3JvdXApIChzaXplX3QpIChzdHJsZW4oZ3JvdXApKyhsZGFwX2NvdW50X2dyb3VwKGdy b3VwKSo1KSs1MikNCi0rDQotKy8qIGp1c3QgZmlsdGVyIGJ1aWxkaW5nIHN0dWZmICovDQot KyNkZWZpbmUgUkVRVUVTVF9HUk9VUF9TSVpFKGZpbHRlciwgdWlkKSAoc2l6ZV90KSAoc3Ry bGVuKGZpbHRlcikrc3RybGVuKHVpZCkrMSkNCi0rI2RlZmluZSBSRVFVRVNUX0dST1VQKGJ1 ZmZlciwgcHJlZmlsdGVyLCBwd25hbWUpIFwNCi0rICAgIGJ1ZmZlciA9IChjaGFyICopIGNh bGxvYyhSRVFVRVNUX0dST1VQX1NJWkUocHJlZmlsdGVyLCBwd25hbWUpLCBzaXplb2YoY2hh cikpOyBcDQotKyAgICBpZiAoIWJ1ZmZlcikgeyBcDQotKyAgICAgICAgcGVycm9yKCJjYWxs b2MoKSIpOyBcDQotKyAgICAgICAgcmV0dXJuIEZBSUxVUkU7IFwNCi0rICAgIH0gXA0KLSsg ICAgc25wcmludGYoYnVmZmVyLCBSRVFVRVNUX0dST1VQX1NJWkUocHJlZmlsdGVyLHB3bmFt ZSksIHByZWZpbHRlciwgcHduYW1lKQ0KLSsvKg0KLStYWFggT0xEIGdyb3VwIGJ1aWxkaW5n IG1hY3Jvcw0KLSsjZGVmaW5lIFJFUVVFU1RfR1JPVVBfU0laRShncnAsIHVpZCkgKHNpemVf dCkgKHN0cmxlbihncnApK3N0cmxlbih1aWQpKzQ2KQ0KLSsjZGVmaW5lIFJFUVVFU1RfR1JP VVAoYnVmZmVyLHB3bmFtZSxncnApIFwNCi0rICAgIGJ1ZmZlciA9IChjaGFyICopIGNhbGxv YyhSRVFVRVNUX0dST1VQX1NJWkUoZ3JwLCBwd25hbWUpLCBzaXplb2YoY2hhcikpOyBcDQot KyAgICBpZiAoIWJ1ZmZlcikgeyBcDQotKyAgICAgICAgcGVycm9yKCJjYWxsb2MoKSIpOyBc DQotKyAgICAgICAgcmV0dXJuIEZBSUxVUkU7IFwNCi0rICAgIH0gXA0KLSsgICAgc25wcmlu dGYoYnVmZmVyLFJFUVVFU1RfR1JPVVBfU0laRShncnAscHduYW1lKSwiKCYob2JqZWN0Y2xh c3M9cG9zaXhHcm91cCkoY249JXMpKG1lbWJlclVpZD0lcykpIixncnAscHduYW1lKQ0KLSsg ICAgKi8NCi0rDQotKy8qDQotK1hYWCBzdG9jayB1cHN0cmVhbSB2ZXJzaW9uIHdpdGhvdXQg ZXh0cmEgZmlsdGVyIHN1cHBvcnQNCi0rI2RlZmluZSBSRVFVRVNUX1VTRVJfU0laRSh1aWQp IChzaXplX3QpIChzdHJsZW4odWlkKSs2NCkNCi0rI2RlZmluZSBSRVFVRVNUX1VTRVIoYnVm ZmVyLCBwd25hbWUpIFwNCi0rICAgIGJ1ZmZlciA9IChjaGFyICopIGNhbGxvYyhSRVFVRVNU X1VTRVJfU0laRShwd25hbWUpLCBzaXplb2YoY2hhcikpOyBcDQotKyAgICBpZiAoIWJ1ZmZl cikgeyBcDQotKyAgICAgICAgcGVycm9yKCJjYWxsb2MoKSIpOyBcDQotKyAgICAgICAgcmV0 dXJuIE5VTEw7IFwNCi0rICAgIH0gXA0KLSsgICAgc25wcmludGYoYnVmZmVyLFJFUVVFU1Rf VVNFUl9TSVpFKHB3bmFtZSksIigmKG9iamVjdGNsYXNzPXBvc2l4QWNjb3VudCkob2JqZWN0 Y2xhc3M9bGRhcFB1YmxpY0tleSkodWlkPSVzKSkiLHB3bmFtZSkNCi0rICAgKi8NCi0rDQot KyNkZWZpbmUgUkVRVUVTVF9VU0VSX1NJWkUodWlkLCBmaWx0ZXIpIChzaXplX3QpIChzdHJs ZW4odWlkKSs2NCsoZmlsdGVyICE9IE5VTEwgPyBzdHJsZW4oZmlsdGVyKSA6IDApKQ0KLSsj ZGVmaW5lIFJFUVVFU1RfVVNFUihidWZmZXIsIHB3bmFtZSwgY3VzdG9tZmlsdGVyKSBcDQot KyAgICBidWZmZXIgPSAoY2hhciAqKSBjYWxsb2MoUkVRVUVTVF9VU0VSX1NJWkUocHduYW1l LCBjdXN0b21maWx0ZXIpLCBzaXplb2YoY2hhcikpOyBcDQotKyAgICBpZiAoIWJ1ZmZlcikg eyBcDQotKyAgICAgICAgcGVycm9yKCJjYWxsb2MoKSIpOyBcDQotKyAgICAgICAgcmV0dXJu IE5VTEw7IFwNCi0rICAgIH0gXA0KLSsgICAgc25wcmludGYoYnVmZmVyLCBSRVFVRVNUX1VT RVJfU0laRShwd25hbWUsIGN1c3RvbWZpbHRlciksIFwNCi0rICAgIAkiKCYob2JqZWN0Y2xh c3M9cG9zaXhBY2NvdW50KShvYmplY3RjbGFzcz1sZGFwUHVibGljS2V5KSh1aWQ9JXMpJXMp IiwgXA0KLSsJcHduYW1lLCAoY3VzdG9tZmlsdGVyICE9IE5VTEwgPyBjdXN0b21maWx0ZXIg OiAiIikpDQotKw0KLSsvKiBzb21lIHBvcnRhYmxlIGFuZCB3b3JraW5nIHRva2VuaXplciwg bGFtZSB0aG91Z2ggKi8NCi0rc3RhdGljIGludCB0b2tlbml6ZShjaGFyICoqIG8sIHNpemVf dCBzaXplLCBjaGFyICogaW5wdXQpIHsNCi0rICAgIHVuc2lnbmVkIGludCBpID0gMCwgbnVt Ow0KLSsgICAgY29uc3QgY2hhciAqIGNoYXJzZXQgPSAiIFx0IjsNCi0rICAgIGNoYXIgKiBw dHIgPSBpbnB1dDsNCi0rDQotKyAgICAvKiBsZWFkaW5nIHdoaXRlIHNwYWNlcyBhcmUgaWdu b3JlZCAqLw0KLSsgICAgbnVtID0gc3Ryc3BuKHB0ciwgY2hhcnNldCk7DQotKyAgICBwdHIg Kz0gbnVtOw0KLSsNCi0rICAgIHdoaWxlICgobnVtID0gc3RyY3NwbihwdHIsIGNoYXJzZXQp KSkgew0KLSsgICAgICAgIGlmIChpIDwgc2l6ZS0xKSB7DQotKyAgICAgICAgICAgIG9baSsr XSA9IHB0cjsNCi0rICAgICAgICAgICAgcHRyICs9IG51bTsNCi0rICAgICAgICAgICAgaWYg KCpwdHIpDQotKyAgICAgICAgICAgICAgICAqcHRyKysgPSAnXDAnOw0KLSsgICAgICAgIH0N Ci0rICAgIH0NCi0rICAgIG9baV0gPSBOVUxMOw0KLSsgICAgcmV0dXJuIFNVQ0NFU1M7DQot K30NCi0rDQotK3ZvaWQgbGRhcF9jbG9zZShsZGFwX29wdF90ICogbGRhcCkgew0KLSsNCi0r ICAgIGlmICghbGRhcCkNCi0rICAgICAgICByZXR1cm47DQotKw0KLSsgICAgaWYgKCBsZGFw X3VuYmluZF9leHQobGRhcC0+bGQsIE5VTEwsIE5VTEwpIDwgMCkNCi0rCWxkYXBfcGVycm9y KGxkYXAtPmxkLCAibGRhcF91bmJpbmQoKSIpOw0KLSsNCi0rICAgIGxkYXAtPmxkID0gTlVM TDsNCi0rICAgIEZMQUdfU0VUX0RJU0NPTk5FQ1RFRChsZGFwLT5mbGFncyk7DQotKw0KLSsg ICAgcmV0dXJuOw0KLSt9DQotKw0KLSsvKiBpbml0ICYmIGJpbmQgKi8NCi0raW50IGxkYXBf Y29ubmVjdChsZGFwX29wdF90ICogbGRhcCkgew0KLSsgICAgaW50IHZlcnNpb24gPSBMREFQ X1ZFUlNJT04zOw0KLSsNCi0rICAgIGlmICghbGRhcC0+c2VydmVycykNCi0rICAgICAgICBy ZXR1cm4gRkFJTFVSRTsNCi0rDQotKyAgICAvKiBDb25uZWN0aW9uIEluaXQgYW5kIHNldHVw ICovDQotKyAgICBsZGFwLT5sZCA9IGxkYXBfaW5pdChsZGFwLT5zZXJ2ZXJzLCBMREFQX1BP UlQpOw0KLSsgICAgaWYgKCFsZGFwLT5sZCkgew0KLSsgICAgICAgIGxkYXBfcGVycm9yKGxk YXAtPmxkLCAibGRhcF9pbml0KCkiKTsNCi0rICAgICAgICByZXR1cm4gRkFJTFVSRTsNCi0r ICAgIH0NCi0rDQotKyAgICBpZiAoIGxkYXBfc2V0X29wdGlvbihsZGFwLT5sZCwgTERBUF9P UFRfUFJPVE9DT0xfVkVSU0lPTiwgJnZlcnNpb24pICE9IExEQVBfT1BUX1NVQ0NFU1MpIHsN Ci0rICAgICAgICBsZGFwX3BlcnJvcihsZGFwLT5sZCwgImxkYXBfc2V0X29wdGlvbihMREFQ X09QVF9QUk9UT0NPTF9WRVJTSU9OKSIpOw0KLSsgICAgICAgIHJldHVybiBGQUlMVVJFOw0K LSsgICAgfQ0KLSsNCi0rICAgIC8qIFRpbWVvdXRzIHNldHVwICovDQotKyAgICBpZiAobGRh cF9zZXRfb3B0aW9uKGxkYXAtPmxkLCBMREFQX09QVF9ORVRXT1JLX1RJTUVPVVQsICZsZGFw LT5iX3RpbWVvdXQpICE9IExEQVBfU1VDQ0VTUykgew0KLSsgICAgICAgIGxkYXBfcGVycm9y KGxkYXAtPmxkLCAibGRhcF9zZXRfb3B0aW9uKExEQVBfT1BUX05FVFdPUktfVElNRU9VVCki KTsNCi0rICAgIH0NCi0rICAgIGlmIChsZGFwX3NldF9vcHRpb24obGRhcC0+bGQsIExEQVBf T1BUX1RJTUVPVVQsICZsZGFwLT5zX3RpbWVvdXQpICE9IExEQVBfU1VDQ0VTUykgew0KLSsg ICAgICAgIGxkYXBfcGVycm9yKGxkYXAtPmxkLCAibGRhcF9zZXRfb3B0aW9uKExEQVBfT1BU X1RJTUVPVVQpIik7DQotKyAgICB9DQotKw0KLSsgICAgLyogVExTIHN1cHBvcnQgKi8NCi0r ICAgIGlmICggKGxkYXAtPnRscyA9PSAtMSkgfHwgKGxkYXAtPnRscyA9PSAxKSApIHsNCi0r ICAgICAgICBpZiAobGRhcF9zdGFydF90bHNfcyhsZGFwLT5sZCwgTlVMTCwgTlVMTCApICE9 IExEQVBfU1VDQ0VTUykgew0KLSsgICAgICAgICAgICAvKiBmYWlsZWQgdGhlbiByZWluaXQg dGhlIGluaXRpYWwgY29ubmVjdCAqLw0KLSsgICAgICAgICAgICBsZGFwX3BlcnJvcihsZGFw LT5sZCwgImxkYXBfY29ubmVjdDogKFRMUykgbGRhcF9zdGFydF90bHMoKSIpOw0KLSsgICAg ICAgICAgICBpZiAobGRhcC0+dGxzID09IDEpDQotKyAgICAgICAgICAgICAgICByZXR1cm4g RkFJTFVSRTsNCi0rDQotKyAgICAgICAgICAgIGxkYXAtPmxkID0gbGRhcF9pbml0KGxkYXAt PnNlcnZlcnMsIExEQVBfUE9SVCk7DQotKyAgICAgICAgICAgIGlmICghbGRhcC0+bGQpIHsg DQotKyAgICAgICAgICAgICAgICBsZGFwX3BlcnJvcihsZGFwLT5sZCwgImxkYXBfaW5pdCgp Iik7DQotKyAgICAgICAgICAgICAgICByZXR1cm4gRkFJTFVSRTsNCi0rICAgICAgICAgICAg fQ0KLSsNCi0rICAgICAgICAgICAgaWYgKCBsZGFwX3NldF9vcHRpb24obGRhcC0+bGQsIExE QVBfT1BUX1BST1RPQ09MX1ZFUlNJT04sICZ2ZXJzaW9uKSAhPSBMREFQX09QVF9TVUNDRVNT KSB7DQotKyAgICAgICAgICAgICAgICAgbGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFwX3Nl dF9vcHRpb24oKSIpOw0KLSsgICAgICAgICAgICAgICAgIHJldHVybiBGQUlMVVJFOw0KLSsg ICAgICAgICAgICB9DQotKyAgICAgICAgfQ0KLSsgICAgfQ0KLSsNCi0rDQotKyAgICBpZiAo IGxkYXBfc2ltcGxlX2JpbmRfcyhsZGFwLT5sZCwgbGRhcC0+YmluZGRuLCBsZGFwLT5iaW5k cHcpICE9IExEQVBfU1VDQ0VTUykgew0KLSsgICAgICAgIGxkYXBfcGVycm9yKGxkYXAtPmxk LCAibGRhcF9zaW1wbGVfYmluZF9zKCkiKTsNCi0rICAgICAgICByZXR1cm4gRkFJTFVSRTsN Ci0rICAgIH0NCi0rDQotKyAgICAvKiBzYXlzIGl0IGlzIGNvbm5lY3RlZCAqLw0KLSsgICAg RkxBR19TRVRfQ09OTkVDVEVEKGxkYXAtPmZsYWdzKTsNCi0rDQotKyAgICByZXR1cm4gU1VD Q0VTUzsNCi0rfQ0KLSsNCi0rLyogbXVzdCBmcmVlIGFsbG9jYXRlZCByZXNzb3VyY2UgKi8N Ci0rc3RhdGljIGNoYXIgKiBsZGFwX2J1aWxkX2hvc3QoY2hhciAqaG9zdCwgaW50IHBvcnQp IHsNCi0rICAgIHVuc2lnbmVkIGludCBzaXplID0gc3RybGVuKGhvc3QpKzExOw0KLSsgICAg Y2hhciAqIGggPSAoY2hhciAqKSBjYWxsb2MgKHNpemUsIHNpemVvZihjaGFyKSk7DQotKyAg ICBpbnQgcmM7DQotKyAgICBpZiAoIWgpDQotKyAgICAgICAgIHJldHVybiBOVUxMOw0KLSsN Ci0rICAgIHJjID0gc25wcmludGYoaCwgc2l6ZSwgIiVzOiVkICIsIGhvc3QsIHBvcnQpOw0K LSsgICAgaWYgKHJjID09IC0xKQ0KLSsgICAgICAgIHJldHVybiBOVUxMOw0KLSsgICAgcmV0 dXJuIGg7DQotK30NCi0rDQotK3N0YXRpYyBpbnQgbGRhcF9jb3VudF9ncm91cChjb25zdCBj aGFyICogaW5wdXQpIHsNCi0rICAgIGNvbnN0IGNoYXIgKiBjaGFyc2V0ID0gIiBcdCI7DQot KyAgICBjb25zdCBjaGFyICogcHRyID0gaW5wdXQ7DQotKyAgICB1bnNpZ25lZCBpbnQgY291 bnQgPSAwOw0KLSsgICAgdW5zaWduZWQgaW50IG51bTsNCi0rDQotKyAgICBudW0gPSBzdHJz cG4ocHRyLCBjaGFyc2V0KTsNCi0rICAgIHB0ciArPSBudW07DQotKw0KLSsgICAgd2hpbGUg KChudW0gPSBzdHJjc3BuKHB0ciwgY2hhcnNldCkpKSB7DQotKyAgICBjb3VudCsrOw0KLSsg ICAgcHRyICs9IG51bTsNCi0rICAgIHB0cisrOw0KLSsgICAgfQ0KLSsNCi0rICAgIHJldHVy biBjb3VudDsNCi0rfQ0KLSsNCi0rLyogZm9ybWF0IGZpbHRlciAqLw0KLStjaGFyICogbGRh cF9wYXJzZV9ncm91cHMoY29uc3QgY2hhciAqIGdyb3Vwcykgew0KLSsgICAgdW5zaWduZWQg aW50IGJ1ZmZlcl9zaXplID0gRklMVEVSX0dST1VQX1NJWkUoZ3JvdXBzKTsNCi0rICAgIGNo YXIgKiBidWZmZXIgPSAoY2hhciAqKSBjYWxsb2MoYnVmZmVyX3NpemUsIHNpemVvZihjaGFy KSk7DQotKyAgICBjaGFyICogZyA9IE5VTEw7DQotKyAgICBjaGFyICogZ2FycmF5WzMyXTsN Ci0rICAgIHVuc2lnbmVkIGludCBpID0gMDsNCi0rDQotKyAgICBpZiAoKCFncm91cHMpfHwo IWJ1ZmZlcikpDQotKyAgICAgICAgcmV0dXJuIE5VTEw7DQotKw0KLSsgICAgZyA9IHN0cmR1 cChncm91cHMpOw0KLSsgICAgaWYgKCFnKSB7DQotKyAgICAgICAgZnJlZShidWZmZXIpOw0K LSsgICAgICAgIHJldHVybiBOVUxMOw0KLSsgICAgfQ0KLSsNCi0rICAgIC8qIGZpcnN0IHNl cGFyYXRlIGludG8gbiB0b2tlbnMgKi8NCi0rICAgIGlmICggdG9rZW5pemUoZ2FycmF5LCBz aXplb2YoZ2FycmF5KS9zaXplb2YoKmdhcnJheSksIGcpIDwgMCkgew0KLSsgICAgICAgIGZy ZWUoZyk7DQotKyAgICAgICAgZnJlZShidWZmZXIpOw0KLSsgICAgICAgIHJldHVybiBOVUxM Ow0KLSsgICAgfQ0KLSsNCi0rICAgIC8qIGJ1aWxkIHRoZSBmaW5hbCBmaWx0ZXIgZm9ybWF0 ICovDQotKyAgICBzdHJsY2F0KGJ1ZmZlciwgRklMVEVSX0dST1VQX1BSRUZJWCwgYnVmZmVy X3NpemUpOw0KLSsgICAgc3RybGNhdChidWZmZXIsIEZJTFRFUl9PUl9QUkVGSVgsIGJ1ZmZl cl9zaXplKTsNCi0rICAgIGkgPSAwOw0KLSsgICAgd2hpbGUgKGdhcnJheVtpXSkgew0KLSsg ICAgICAgIHN0cmxjYXQoYnVmZmVyLCBGSUxURVJfQ05fUFJFRklYLCBidWZmZXJfc2l6ZSk7 DQotKyAgICAgICAgc3RybGNhdChidWZmZXIsIGdhcnJheVtpXSwgYnVmZmVyX3NpemUpOw0K LSsgICAgICAgIHN0cmxjYXQoYnVmZmVyLCBGSUxURVJfQ05fU1VGRklYLCBidWZmZXJfc2l6 ZSk7DQotKyAgICAgICAgaSsrOw0KLSsgICAgfQ0KLSsgICAgc3RybGNhdChidWZmZXIsIEZJ TFRFUl9PUl9TVUZGSVgsIGJ1ZmZlcl9zaXplKTsNCi0rICAgIHN0cmxjYXQoYnVmZmVyLCBG SUxURVJfVUlEX0ZPUk1BVCwgYnVmZmVyX3NpemUpOw0KLSsgICAgc3RybGNhdChidWZmZXIs IEZJTFRFUl9HUk9VUF9TVUZGSVgsIGJ1ZmZlcl9zaXplKTsNCi0rDQotKyAgICBmcmVlKGcp Ow0KLSsgICAgcmV0dXJuIGJ1ZmZlcjsNCi0rfQ0KLSsNCi0rLyogYSBiaXQgZGlydHkgYnV0 IGxlYWsgZnJlZSAgKi8NCi0rY2hhciAqIGxkYXBfcGFyc2Vfc2VydmVycyhjb25zdCBjaGFy ICogc2VydmVycykgew0KLSsgICAgY2hhciAqIHMgPSBOVUxMOw0KLSsgICAgY2hhciAqIHRt cCA9IE5VTEwsICp1cmxzWzMyXTsNCi0rICAgIHVuc2lnbmVkIGludCBudW0gPSAwICwgaSA9 IDAgLCBhc2l6ZSA9IDA7DQotKyAgICBMREFQVVJMRGVzYyAqdXJsZFszMl07DQotKw0KLSsg ICAgaWYgKCFzZXJ2ZXJzKQ0KLSsgICAgICAgIHJldHVybiBOVUxMOw0KLSsNCi0rICAgIC8q IGxvY2FsIGNvcHkgb2YgdGhlIGFyZyAqLw0KLSsgICAgcyA9IHN0cmR1cChzZXJ2ZXJzKTsN Ci0rICAgIGlmICghcykNCi0rICAgICAgICByZXR1cm4gTlVMTDsNCi0rDQotKyAgICAvKiBm aXJzdCBzZXBhcmF0ZSBpbnRvIFVSTCB0b2tlbnMgKi8NCi0rICAgIGlmICggdG9rZW5pemUo dXJscywgc2l6ZW9mKHVybHMpL3NpemVvZigqdXJscyksIHMpIDwgMCkNCi0rICAgICAgICBy ZXR1cm4gTlVMTDsNCi0rDQotKyAgICBpID0gMDsNCi0rICAgIHdoaWxlICh1cmxzW2ldKSB7 DQotKyAgICAgICAgaWYgKCEgbGRhcF9pc19sZGFwX3VybCh1cmxzW2ldKSB8fA0KLSsgICAg ICAgICAgIChsZGFwX3VybF9wYXJzZSh1cmxzW2ldLCAmdXJsZFtpXSkgIT0gMCkpIHsNCi0r ICAgICAgICAgICAgICAgIHJldHVybiBOVUxMOw0KLSsgICAgICAgIH0NCi0rICAgICAgICBp Kys7DQotKyAgICB9DQotKw0KLSsgICAgLyogbm93IGZyZWUocykgKi8NCi0rICAgIGZyZWUg KHMpOw0KLSsNCi0rICAgIC8qIGhvdyBtdWNoIG1lbW9yeSBkbyB3ZSBuZWVkICovDQotKyAg ICBudW0gPSBpOw0KLSsgICAgZm9yIChpID0gMCA7IGkgPCBudW0gOyBpKyspDQotKyAgICAg ICAgYXNpemUgKz0gc3RybGVuKHVybGRbaV0tPmx1ZF9ob3N0KSsxMTsNCi0rDQotKyAgICAv KiBhbGxvYyAqLw0KLSsgICAgcyA9IChjaGFyICopIGNhbGxvYyggYXNpemUrMSAsIHNpemVv ZihjaGFyKSk7DQotKyAgICBpZiAoIXMpIHsNCi0rICAgICAgICBmb3IgKGkgPSAwIDsgaSA8 IG51bSA7IGkrKykNCi0rICAgICAgICAgICAgbGRhcF9mcmVlX3VybGRlc2ModXJsZFtpXSk7 DQotKyAgICAgICAgcmV0dXJuIE5VTEw7DQotKyAgICB9DQotKw0KLSsgICAgLyogdGhlbiBi dWlsZCB0aGUgZmluYWwgaG9zdCBzdHJpbmcgKi8NCi0rICAgIGZvciAoaSA9IDAgOyBpIDwg bnVtIDsgaSsrKSB7DQotKyAgICAgICAgLyogYnVpbHQgaG9zdCBwYXJ0ICovDQotKyAgICAg ICAgdG1wID0gbGRhcF9idWlsZF9ob3N0KHVybGRbaV0tPmx1ZF9ob3N0LCB1cmxkW2ldLT5s dWRfcG9ydCk7DQotKyAgICAgICAgc3RybmNhdChzLCB0bXAsIHN0cmxlbih0bXApKTsNCi0r ICAgICAgICBsZGFwX2ZyZWVfdXJsZGVzYyh1cmxkW2ldKTsNCi0rICAgICAgICBmcmVlKHRt cCk7DQotKyAgICB9DQotKw0KLSsgICAgcmV0dXJuIHM7DQotK30NCi0rDQotK3ZvaWQgbGRh cF9vcHRpb25zX3ByaW50KGxkYXBfb3B0X3QgKiBsZGFwKSB7DQotKyAgICBkZWJ1ZygibGRh cCBvcHRpb25zOiIpOw0KLSsgICAgZGVidWcoInNlcnZlcnM6ICVzIiwgbGRhcC0+c2VydmVy cyk7DQotKyAgICBpZiAobGRhcC0+dV9iYXNlZG4pDQotKyAgICAgICAgZGVidWcoInVzZXIg YmFzZWRuOiAlcyIsIGxkYXAtPnVfYmFzZWRuKTsNCi0rICAgIGlmIChsZGFwLT5nX2Jhc2Vk bikNCi0rICAgICAgICBkZWJ1ZygiZ3JvdXAgYmFzZWRuOiAlcyIsIGxkYXAtPmdfYmFzZWRu KTsNCi0rICAgIGlmIChsZGFwLT5iaW5kZG4pDQotKyAgICAgICAgZGVidWcoImJpbmRkbjog JXMiLCBsZGFwLT5iaW5kZG4pOw0KLSsgICAgaWYgKGxkYXAtPmJpbmRwdykNCi0rICAgICAg ICBkZWJ1ZygiYmluZHB3OiAlcyIsIGxkYXAtPmJpbmRwdyk7DQotKyAgICBpZiAobGRhcC0+ c2dyb3VwKQ0KLSsgICAgICAgIGRlYnVnKCJncm91cDogJXMiLCBsZGFwLT5zZ3JvdXApOw0K LSsgICAgaWYgKGxkYXAtPmZpbHRlcikNCi0rICAgICAgICBkZWJ1ZygiZmlsdGVyOiAlcyIs IGxkYXAtPmZpbHRlcik7DQotK30NCi0rDQotK3ZvaWQgbGRhcF9vcHRpb25zX2ZyZWUobGRh cF9vcHRfdCAqIGwpIHsNCi0rICAgIGlmICghbCkNCi0rICAgICAgICByZXR1cm47DQotKyAg ICBpZiAobC0+c2VydmVycykNCi0rICAgICAgICBmcmVlKGwtPnNlcnZlcnMpOw0KLSsgICAg aWYgKGwtPnVfYmFzZWRuKQ0KLSsgICAgICAgIGZyZWUobC0+dV9iYXNlZG4pOw0KLSsgICAg aWYgKGwtPmdfYmFzZWRuKQ0KLSsgICAgICAgIGZyZWUobC0+Z19iYXNlZG4pOw0KLSsgICAg aWYgKGwtPmJpbmRkbikNCi0rICAgICAgICBmcmVlKGwtPmJpbmRkbik7DQotKyAgICBpZiAo bC0+YmluZHB3KQ0KLSsgICAgICAgIGZyZWUobC0+YmluZHB3KTsNCi0rICAgIGlmIChsLT5z Z3JvdXApDQotKyAgICAgICAgZnJlZShsLT5zZ3JvdXApOw0KLSsgICAgaWYgKGwtPmZncm91 cCkNCi0rICAgICAgICBmcmVlKGwtPmZncm91cCk7DQotKyAgICBpZiAobC0+ZmlsdGVyKQ0K LSsgICAgICAgIGZyZWUobC0+ZmlsdGVyKTsNCi0rICAgIGlmIChsLT5sX2NvbmYpDQotKyAg ICAgICAgZnJlZShsLT5sX2NvbmYpOw0KLSsgICAgZnJlZShsKTsNCi0rfQ0KLSsNCi0rLyog ZnJlZSBrZXlzICovDQotK3ZvaWQgbGRhcF9rZXlzX2ZyZWUobGRhcF9rZXlfdCAqIGspIHsN Ci0rICAgIGxkYXBfdmFsdWVfZnJlZV9sZW4oay0+a2V5cyk7DQotKyAgICBmcmVlKGspOw0K LSsgICAgcmV0dXJuOw0KLSt9DQotKw0KLStsZGFwX2tleV90ICogbGRhcF9nZXR1c2Vya2V5 KGxkYXBfb3B0X3QgKmwsIGNvbnN0IGNoYXIgKiB1c2VyKSB7DQotKyAgICBsZGFwX2tleV90 ICogayA9IChsZGFwX2tleV90ICopIGNhbGxvYyAoMSwgc2l6ZW9mKGxkYXBfa2V5X3QpKTsN Ci0rICAgIExEQVBNZXNzYWdlICpyZXMsICplOw0KLSsgICAgY2hhciAqIGZpbHRlcjsNCi0r ICAgIGludCBpOw0KLSsNCi0rICAgIGlmICgoIWspIHx8ICghbCkpDQotKyAgICAgICAgIHJl dHVybiBOVUxMOw0KLSsNCi0rICAgIC8qIEFtIGkgc3RpbGwgY29ubmVjdGVkID8gUkVUUlkg biB0aW1lcyAqLw0KLSsgICAgLyogWFhYIFRPRE86IHNldHVwIHNvbWUgY29uZiB2YWx1ZSBm b3IgcmV0cnlpbmcgKi8NCi0rICAgIGlmICghKGwtPmZsYWdzICYgRkxBR19DT05ORUNURUQp KQ0KLSsgICAgICAgIGZvciAoaSA9IDAgOyBpIDwgMiA7IGkrKykNCi0rICAgICAgICAgICAg aWYgKGxkYXBfY29ubmVjdChsKSA9PSAwKQ0KLSsgICAgICAgICAgICAgICAgYnJlYWs7DQot Kw0KLSsgICAgLyogcXVpY2sgY2hlY2sgZm9yIGF0dGVtcHRzIHRvIGJlIGV2aWwgKi8NCi0r ICAgIGlmICgoc3RyY2hyKHVzZXIsICcoJykgIT0gTlVMTCkgfHwgKHN0cmNocih1c2VyLCAn KScpICE9IE5VTEwpIHx8DQotKyAgICAgICAgKHN0cmNocih1c2VyLCAnKicpICE9IE5VTEwp IHx8IChzdHJjaHIodXNlciwgJ1xcJykgIT0gTlVMTCkpDQotKyAgICAgICAgcmV0dXJuIE5V TEw7DQotKw0KLSsgICAgLyogYnVpbGQgIGZpbHRlciBmb3IgTERBUCByZXF1ZXN0ICovDQot KyAgICBSRVFVRVNUX1VTRVIoZmlsdGVyLCB1c2VyLCBsLT5maWx0ZXIpOw0KLSsNCi0rICAg IGlmICggbGRhcF9zZWFyY2hfc3QoIGwtPmxkLA0KLSsgICAgICAgIGwtPnVfYmFzZWRuLA0K LSsgICAgICAgIExEQVBfU0NPUEVfU1VCVFJFRSwNCi0rICAgICAgICBmaWx0ZXIsDQotKyAg ICAgICAgYXR0cnMsIDAsICZsLT5zX3RpbWVvdXQsICZyZXMgKSAhPSBMREFQX1NVQ0NFU1Mp IHsNCi0rICAgICAgICANCi0rICAgICAgICBsZGFwX3BlcnJvcihsLT5sZCwgImxkYXBfc2Vh cmNoX3N0KCkiKTsNCi0rDQotKyAgICAgICAgZnJlZShmaWx0ZXIpOw0KLSsgICAgICAgIGZy ZWUoayk7DQotKw0KLSsgICAgICAgIC8qIFhYWCBlcnJvciBvbiBzZWFyY2gsIHRpbWVvdXQg ZXRjLi4gY2xvc2UgYXNrIGZvciByZWNvbm5lY3QgKi8NCi0rICAgICAgICBsZGFwX2Nsb3Nl KGwpOw0KLSsNCi0rICAgICAgICByZXR1cm4gTlVMTDsNCi0rICAgIH0gDQotKw0KLSsgICAg LyogZnJlZSAqLw0KLSsgICAgZnJlZShmaWx0ZXIpOw0KLSsNCi0rICAgIC8qIGNoZWNrIGlm IGFueSByZXN1bHRzICovDQotKyAgICBpID0gbGRhcF9jb3VudF9lbnRyaWVzKGwtPmxkLHJl cyk7DQotKyAgICBpZiAoaSA8PSAwKSB7DQotKyAgICAgICAgbGRhcF9tc2dmcmVlKHJlcyk7 DQotKyAgICAgICAgZnJlZShrKTsNCi0rICAgICAgICByZXR1cm4gTlVMTDsNCi0rICAgIH0N Ci0rDQotKyAgICBpZiAoaSA+IDEpDQotKyAgICAgICAgZGVidWcoIltMREFQXSBkdXBsaWNh dGUgZW50cmllcywgdXNpbmcgdGhlIEZJUlNUIGVudHJ5IHJldHVybmVkIik7DQotKw0KLSsg ICAgZSA9IGxkYXBfZmlyc3RfZW50cnkobC0+bGQsIHJlcyk7DQotKyAgICBrLT5rZXlzID0g bGRhcF9nZXRfdmFsdWVzX2xlbihsLT5sZCwgZSwgUFVCS0VZQVRUUik7DQotKyAgICBrLT5u dW0gPSBsZGFwX2NvdW50X3ZhbHVlc19sZW4oay0+a2V5cyk7DQotKw0KLSsgICAgbGRhcF9t c2dmcmVlKHJlcyk7DQotKyAgICByZXR1cm4gazsNCi0rfQ0KLSsNCi0rDQotKy8qIC0xIGlm IHRyb3VibGUNCi0rICAgMCBpZiB1c2VyIGlzIE5PVCBtZW1iZXIgb2YgY3VycmVudCBzZXJ2 ZXIgZ3JvdXANCi0rICAgMSBpZiB1c2VyIElTIE1FTUJFUiBvZiBjdXJyZW50IHNlcnZlciBn cm91cCANCi0rICovDQotK2ludCBsZGFwX2lzbWVtYmVyKGxkYXBfb3B0X3QgKiBsLCBjb25z dCBjaGFyICogdXNlcikgew0KLSsgICAgTERBUE1lc3NhZ2UgKnJlczsNCi0rICAgIGNoYXIg KiBmaWx0ZXI7DQotKyAgICBpbnQgaTsNCi0rDQotKyAgICBpZiAoKCFsLT5zZ3JvdXApIHx8 ICEobC0+Z19iYXNlZG4pKQ0KLSsgICAgICAgIHJldHVybiAxOw0KLSsNCi0rICAgIC8qIEFt IGkgc3RpbGwgY29ubmVjdGVkID8gUkVUUlkgbiB0aW1lcyAqLw0KLSsgICAgLyogWFhYIFRP RE86IHNldHVwIHNvbWUgY29uZiB2YWx1ZSBmb3IgcmV0cnlpbmcgKi8NCi0rICAgIGlmICgh KGwtPmZsYWdzICYgRkxBR19DT05ORUNURUQpKSANCi0rICAgICAgICBmb3IgKGkgPSAwIDsg aSA8IDIgOyBpKyspDQotKyAgICAgICAgICAgIGlmIChsZGFwX2Nvbm5lY3QobCkgPT0gMCkN Ci0rICAgICAgICAgICAgICAgICBicmVhazsNCi0rDQotKyAgICAvKiBxdWljayBjaGVjayBm b3IgYXR0ZW1wdHMgdG8gYmUgZXZpbCAqLw0KLSsgICAgaWYgKChzdHJjaHIodXNlciwgJygn KSAhPSBOVUxMKSB8fCAoc3RyY2hyKHVzZXIsICcpJykgIT0gTlVMTCkgfHwNCi0rICAgICAg ICAoc3RyY2hyKHVzZXIsICcqJykgIT0gTlVMTCkgfHwgKHN0cmNocih1c2VyLCAnXFwnKSAh PSBOVUxMKSkNCi0rICAgICAgICByZXR1cm4gRkFJTFVSRTsNCi0rDQotKyAgICAvKiBidWls ZCBmaWx0ZXIgZm9yIExEQVAgcmVxdWVzdCAqLw0KLSsgICAgUkVRVUVTVF9HUk9VUChmaWx0 ZXIsIGwtPmZncm91cCwgdXNlcik7DQotKw0KLSsgICAgaWYgKGxkYXBfc2VhcmNoX3N0KCBs LT5sZCwgDQotKyAgICAgICAgbC0+Z19iYXNlZG4sDQotKyAgICAgICAgTERBUF9TQ09QRV9T VUJUUkVFLA0KLSsgICAgICAgIGZpbHRlciwNCi0rICAgICAgICBOVUxMLCAwLCAmbC0+c190 aW1lb3V0LCAmcmVzKSAhPSBMREFQX1NVQ0NFU1MpIHsNCi0rICAgIA0KLSsgICAgICAgIGxk YXBfcGVycm9yKGwtPmxkLCAibGRhcF9zZWFyY2hfc3QoKSIpOw0KLSsNCi0rICAgICAgICBm cmVlKGZpbHRlcik7DQotKw0KLSsgICAgICAgIC8qIFhYWCBlcnJvciBvbiBzZWFyY2gsIHRp bWVvdXQgZXRjLi4gY2xvc2UgYXNrIGZvciByZWNvbm5lY3QgKi8NCi0rICAgICAgICBsZGFw X2Nsb3NlKGwpOw0KLSsNCi0rICAgICAgICByZXR1cm4gRkFJTFVSRTsNCi0rICAgIH0NCi0r DQotKyAgICBmcmVlKGZpbHRlcik7DQotKw0KLSsgICAgLyogY2hlY2sgaWYgYW55IHJlc3Vs dHMgKi8NCi0rICAgIGlmIChsZGFwX2NvdW50X2VudHJpZXMobC0+bGQsIHJlcykgPiAwKSB7 DQotKyAgICAgICAgbGRhcF9tc2dmcmVlKHJlcyk7DQotKyAgICAgICAgcmV0dXJuIDE7DQot KyAgICB9DQotKw0KLSsgICAgbGRhcF9tc2dmcmVlKHJlcyk7DQotKyAgICByZXR1cm4gMDsN Ci0rfQ0KLSsNCi0rLyoNCi0rICogbGRhcC5jb25mIHNpbXBsZSBwYXJzZXINCi0rICogWFhY IFRPRE86ICBzYW5pdHkgY2hlY2tzDQotKyAqIG11c3QgZWl0aGVyDQotKyAqIC0gZnJlZSB0 aGUgcHJldmlvdXMgbGRhcF9vcHRfYmVmb3JlIHJlcGxhY2luZyBlbnRyaWVzDQotKyAqIC0g ZnJlZSBlYWNoIG5lY2Vzc2FyeSBwcmV2aW91c2x5IHBhcnNlZCBlbGVtZW50cw0KLSsgKiBy ZXQ6DQotKyAqIC0xIG9uIEZBSUxVUkUsIDAgb24gU1VDQ0VTUw0KLSsgKi8NCi0raW50IGxk YXBfcGFyc2VfbGNvbmYobGRhcF9vcHRfdCAqIGwpIHsNCi0rICAgIEZJTEUgKiBsY2Q7IC8q IGxkYXAuY29uZiBkZXNjcmlwdG9yICovDQotKyAgICBjaGFyIGJ1ZltCVUZTSVpdOw0KLSsg ICAgY2hhciAqIHMgPSBOVUxMLCAqIGsgPSBOVUxMLCAqIHYgPSBOVUxMOw0KLSsgICAgaW50 IGxpLCBsZW47DQotKw0KLSsgICAgbGNkID0gZm9wZW4gKGwtPmxfY29uZiwgInIiKTsNCi0r ICAgIGlmIChsY2QgPT0gTlVMTCkgew0KLSsgICAgICAgIC8qIGRlYnVnKCJDYW5ub3Qgb3Bl biAlcyIsIGwtPmxfY29uZik7ICovDQotKyAgICAgICAgcGVycm9yKCJsZGFwX3BhcnNlX2xj b25mKCkiKTsNCi0rICAgICAgICByZXR1cm4gRkFJTFVSRTsNCi0rICAgIH0NCi0rICAgIA0K LSsgICAgd2hpbGUgKGZnZXRzIChidWYsIHNpemVvZiAoYnVmKSwgbGNkKSAhPSBOVUxMKSB7 DQotKw0KLSsgICAgICAgIGlmICgqYnVmID09ICdcbicgfHwgKmJ1ZiA9PSAnIycpDQotKyAg ICAgICAgICAgIGNvbnRpbnVlOw0KLSsNCi0rICAgICAgICBrID0gYnVmOw0KLSsgICAgICAg IHYgPSBrOw0KLSsgICAgICAgIHdoaWxlICgqdiAhPSAnXDAnICYmICp2ICE9ICcgJyAmJiAq diAhPSAnXHQnKQ0KLSsgICAgICAgICAgICB2Kys7DQotKw0KLSsgICAgICAgIGlmICgqdiA9 PSAnXDAnKQ0KLSsgICAgICAgICAgICBjb250aW51ZTsNCi0rDQotKyAgICAgICAgKih2Kysp ID0gJ1wwJzsNCi0rDQotKyAgICAgICAgd2hpbGUgKCp2ID09ICcgJyB8fCAqdiA9PSAnXHQn KQ0KLSsgICAgICAgICAgICB2Kys7DQotKw0KLSsgICAgICAgIGxpID0gc3RybGVuICh2KSAt IDE7DQotKyAgICAgICAgd2hpbGUgKHZbbGldID09ICcgJyB8fCB2W2xpXSA9PSAnXHQnIHx8 IHZbbGldID09ICdcbicpDQotKyAgICAgICAgICAgIC0tbGk7DQotKyAgICAgICAgdltsaSAr IDFdID0gJ1wwJzsNCi0rDQotKyAgICAgICAgaWYgKCFzdHJjYXNlY21wIChrLCAidXJpIikp IHsNCi0rICAgICAgICAgICAgaWYgKChsLT5zZXJ2ZXJzID0gbGRhcF9wYXJzZV9zZXJ2ZXJz KHYpKSA9PSBOVUxMKSB7DQotKyAgICAgICAgICAgICAgICBmYXRhbCgiZXJyb3IgaW4gbGRh cCBzZXJ2ZXJzIik7DQotKyAgICAgICAgICAgIHJldHVybiBGQUlMVVJFOw0KLSsgICAgICAg ICAgICB9DQotKw0KLSsgICAgICAgIH0NCi0rICAgICAgICBlbHNlIGlmICghc3RyY2FzZWNt cCAoaywgImJhc2UiKSkgeyANCi0rICAgICAgICAgICAgcyA9IHN0cmNociAodiwgJz8nKTsN Ci0rICAgICAgICAgICAgaWYgKHMgIT0gTlVMTCkgew0KLSsgICAgICAgICAgICAgICAgbGVu ID0gcyAtIHY7DQotKyAgICAgICAgICAgICAgICBsLT51X2Jhc2VkbiA9IG1hbGxvYyAobGVu ICsgMSk7DQotKyAgICAgICAgICAgICAgICBzdHJuY3B5IChsLT51X2Jhc2VkbiwgdiwgbGVu KTsNCi0rICAgICAgICAgICAgICAgIGwtPnVfYmFzZWRuW2xlbl0gPSAnXDAnOw0KLSsgICAg ICAgICAgICB9IGVsc2Ugew0KLSsgICAgICAgICAgICAgICAgbC0+dV9iYXNlZG4gPSBzdHJk dXAgKHYpOw0KLSsgICAgICAgICAgICB9DQotKyAgICAgICAgfQ0KLSsgICAgICAgIGVsc2Ug aWYgKCFzdHJjYXNlY21wIChrLCAiYmluZGRuIikpIHsNCi0rICAgICAgICAgICAgbC0+Ymlu ZGRuID0gc3RyZHVwICh2KTsNCi0rICAgICAgICB9DQotKyAgICAgICAgZWxzZSBpZiAoIXN0 cmNhc2VjbXAgKGssICJiaW5kcHciKSkgew0KLSsgICAgICAgICAgICBsLT5iaW5kcHcgPSBz dHJkdXAgKHYpOw0KLSsgICAgICAgIH0NCi0rICAgICAgICBlbHNlIGlmICghc3RyY2FzZWNt cCAoaywgInRpbWVsaW1pdCIpKSB7DQotKyAgICAgICAgICAgIGwtPnNfdGltZW91dC50dl9z ZWMgPSBhdG9pICh2KTsNCi0rICAgICAgICAgICAgICAgIH0NCi0rICAgICAgICBlbHNlIGlm ICghc3RyY2FzZWNtcCAoaywgImJpbmRfdGltZWxpbWl0IikpIHsNCi0rICAgICAgICAgICAg bC0+Yl90aW1lb3V0LnR2X3NlYyA9IGF0b2kgKHYpOw0KLSsgICAgICAgIH0NCi0rICAgICAg ICBlbHNlIGlmICghc3RyY2FzZWNtcCAoaywgInNzbCIpKSB7DQotKyAgICAgICAgICAgIGlm ICghc3RyY2FzZWNtcCAodiwgInN0YXJ0X3RscyIpKQ0KLSsgICAgICAgICAgICAgICAgbC0+ dGxzID0gMTsNCi0rICAgICAgICB9DQotKyAgICB9DQotKw0KLSsgICAgZmNsb3NlIChsY2Qp Ow0KLSsgICAgcmV0dXJuIFNVQ0NFU1M7DQotK30NCi0rDQotKyNlbmRpZiAvKiBXSVRIX0xE QVBfUFVCS0VZICovDQotZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRl ICcqLnJlaicgbGRhcGF1dGguaCBsZGFwYXV0aC5oDQotLS0tIGxkYXBhdXRoLmgJMTk2OS0x Mi0zMSAxNjowMDowMC4wMDAwMDAwMDAgLTA4MDANCi0rKysgbGRhcGF1dGguaAkyMDA4LTA4 LTIzIDE1OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KLUBAIC0wLDAgKzEsMTI0IEBADQotKy8q DQotKyAqICRJZDogb3BlbnNzaC1scGstNC4zcDEtMC4zLjcucGF0Y2gsdiAxLjMgMjAwNi8w NC8xOCAxNToyOTowOSBlYXUgRXhwICQgDQotKyAqLw0KLSsNCi0rLyoNCi0rICoNCi0rICog Q29weXJpZ2h0IChjKSAyMDA1LCBFcmljIEFVR0UgPGVhdUBwaGVhci5vcmc+DQotKyAqIEFs bCByaWdodHMgcmVzZXJ2ZWQuDQotKyAqDQotKyAqIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2Ug aW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRp b24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlv bnMgYXJlIG1ldDoNCi0rICoNCi0rICogUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2Rl IG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2Yg Y29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyLg0KLSsgKiBSZWRpc3Ry aWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHly aWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5n IGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFs cyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uDQotKyAqIE5laXRoZXIgdGhlIG5h bWUgb2YgdGhlIHBoZWFyLm9yZyBub3IgdGhlIG5hbWVzIG9mIGl0cyBjb250cmlidXRvcnMg bWF5IGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJv bSB0aGlzIHNvZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMgcHJpb3Igd3JpdHRlbiBwZXJtaXNz aW9uLg0KLSsgKg0KLSsgKiBUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZ UklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTICJBUyBJUyIgQU5EIEFOWSBFWFBSRVNT IE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCANCi0rICogQlVUIE5PVCBMSU1J VEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQg RklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIA0KLSsg KiBJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQ09QWVJJR0hUIE9XTkVSIE9SIENPTlRSSUJVVE9S UyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVD SUFMLCBFWEVNUExBUlksIA0KLSsgKiBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xV RElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdP T0RTIE9SIFNFUlZJQ0VTOyANCi0rICogTE9TUyBPRiBVU0UsIERBVEEsIE9SIFBST0ZJVFM7 IE9SIEJVU0lORVNTIElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5EIE9OIEFOWSBU SEVPUlkgT0YgTElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklM SVRZLCANCi0rICogT1IgVE9SVCAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNF KSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUyBTT0ZUV0FSRSwg RVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4NCi0r ICoNCi0rICoNCi0rICovDQotKw0KLSsjaWZuZGVmIExEQVBBVVRIX0gNCi0rI2RlZmluZSBM REFQQVVUSF9IDQotKw0KLSsjZGVmaW5lIExEQVBfREVQUkVDQVRFRCAxDQotKw0KLSsjaW5j bHVkZSA8c3RyaW5nLmg+DQotKyNpbmNsdWRlIDx0aW1lLmg+DQotKyNpbmNsdWRlIDxsZGFw Lmg+DQotKyNpbmNsdWRlIDxsYmVyLmg+DQotKw0KLSsvKiB0b2tlbnMgaW4gdXNlIGZvciBj b25maWcgKi8NCi0rI2RlZmluZSBfREVGQVVMVF9MUEtfVE9LRU4gIlVzZUxQSyINCi0rI2Rl ZmluZSBfREVGQVVMVF9TUlZfVE9LRU4gIkxwa1NlcnZlcnMiDQotKyNkZWZpbmUgX0RFRkFV TFRfVVNSX1RPS0VOICJMcGtVc2VyRE4iDQotKyNkZWZpbmUgX0RFRkFVTFRfR1JQX1RPS0VO ICJMcGtHcm91cEROIg0KLSsjZGVmaW5lIF9ERUZBVUxUX0JETl9UT0tFTiAiTHBrQmluZERO Ig0KLSsjZGVmaW5lIF9ERUZBVUxUX0JQV19UT0tFTiAiTHBrQmluZFB3Ig0KLSsjZGVmaW5l IF9ERUZBVUxUX01ZR19UT0tFTiAiTHBrU2VydmVyR3JvdXAiDQotKyNkZWZpbmUgX0RFRkFV TFRfRklMX1RPS0VOICJMcGtGaWx0ZXIiDQotKyNkZWZpbmUgX0RFRkFVTFRfVExTX1RPS0VO ICJMcGtGb3JjZVRMUyINCi0rI2RlZmluZSBfREVGQVVMVF9CVElfVE9LRU4gIkxwa0JpbmRU aW1lbGltaXQiDQotKyNkZWZpbmUgX0RFRkFVTFRfU1RJX1RPS0VOICJMcGtTZWFyY2hUaW1l bGltaXQiDQotKyNkZWZpbmUgX0RFRkFVTFRfTERQX1RPS0VOICJMcGtMZGFwQ29uZiINCi0r DQotKy8qIGRlZmF1bHQgb3B0aW9ucyAqLw0KLSsjZGVmaW5lIF9ERUZBVUxUX0xQS19PTiAw DQotKyNkZWZpbmUgX0RFRkFVTFRfTFBLX1NFUlZFUlMgTlVMTA0KLSsjZGVmaW5lIF9ERUZB VUxUX0xQS19VRE4gTlVMTA0KLSsjZGVmaW5lIF9ERUZBVUxUX0xQS19HRE4gTlVMTA0KLSsj ZGVmaW5lIF9ERUZBVUxUX0xQS19CSU5ERE4gTlVMTA0KLSsjZGVmaW5lIF9ERUZBVUxUX0xQ S19CSU5EUFcgTlVMTA0KLSsjZGVmaW5lIF9ERUZBVUxUX0xQS19TR1JPVVAgTlVMTA0KLSsj ZGVmaW5lIF9ERUZBVUxUX0xQS19GSUxURVIgTlVMTA0KLSsjZGVmaW5lIF9ERUZBVUxUX0xQ S19UTFMgLTENCi0rI2RlZmluZSBfREVGQVVMVF9MUEtfQlRJTUVPVVQgMTANCi0rI2RlZmlu ZSBfREVGQVVMVF9MUEtfU1RJTUVPVVQgMTANCi0rI2RlZmluZSBfREVGQVVMVF9MUEtfTERQ IE5VTEwNCi0rDQotKy8qIGZsYWdzICovDQotKyNkZWZpbmUgRkxBR19FTVBUWQkgICAgMHgw MDAwMDAwMA0KLSsjZGVmaW5lIEZMQUdfQ09OTkVDVEVECSAgICAweDAwMDAwMDAxDQotKw0K LSsvKiBmbGFnIG1hY3JvcyAqLw0KLSsjZGVmaW5lIEZMQUdfU0VUX0VNUFRZKHgpCQl4Jj0o RkxBR19FTVBUWSkNCi0rI2RlZmluZSBGTEFHX1NFVF9DT05ORUNURUQoeCkJCXh8PShGTEFH X0NPTk5FQ1RFRCkNCi0rI2RlZmluZSBGTEFHX1NFVF9ESVNDT05ORUNURUQoeCkJeCY9fihG TEFHX0NPTk5FQ1RFRCkNCi0rDQotKy8qIGRlZmluZXMgKi8NCi0rI2RlZmluZSBGQUlMVVJF IC0xDQotKyNkZWZpbmUgU1VDQ0VTUyAwDQotKyNkZWZpbmUgUFVCS0VZQVRUUiAic3NoUHVi bGljS2V5Ig0KLSsNCi0rLyogDQotKyAqDQotKyAqIGRlZmluZWQgZmlsZXMgcGF0aCANCi0r ICogKHNob3VsZCBiZSByZWxvY2F0ZWQgdG8gcGF0aG5hbWVzLmgsDQotKyAqIGlmIG9uZSBk YXkgaXQncyBpbmNsdWRlZCB3aXRoaW4gdGhlIHRyZWUpIA0KLSsgKg0KLSsgKi8NCi0rI2Rl ZmluZSBfUEFUSF9MREFQX0NPTkZJR19GSUxFICIvZXRjL2xkYXAuY29uZiINCi0rDQotKy8q IHN0cnVjdHVyZXMgKi8NCi0rdHlwZWRlZiBzdHJ1Y3QgbGRhcF9vcHRpb25zIHsNCi0rICAg IGludCBvbjsJCQkvKiBVc2UgaXQgb3IgTk9UICovDQotKyAgICBMREFQICogbGQ7CQkJLyog TERBUCBmaWxlIGRlc2MgKi8NCi0rICAgIGNoYXIgKiBzZXJ2ZXJzOwkJLyogcGFyc2VkIHNl cnZlcnMgZm9yIGxkYXBsaWIgZmFpbG92ZXIgaGFuZGxpbmcgKi8NCi0rICAgIGNoYXIgKiB1 X2Jhc2VkbjsJCS8qIHVzZXIgYmFzZWRuICovDQotKyAgICBjaGFyICogZ19iYXNlZG47CQkv KiBncm91cCBiYXNlZG4gKi8NCi0rICAgIGNoYXIgKiBiaW5kZG47CQkvKiBiaW5kZG4gKi8N Ci0rICAgIGNoYXIgKiBiaW5kcHc7CQkvKiBiaW5kIHBhc3N3b3JkICovDQotKyAgICBjaGFy ICogc2dyb3VwOwkJLyogc2VydmVyIGdyb3VwICovDQotKyAgICBjaGFyICogZmdyb3VwOwkJ LyogZ3JvdXAgZmlsdGVyICovDQotKyAgICBjaGFyICogZmlsdGVyOwkJLyogYWRkaXRpb25h bCBmaWx0ZXIgKi8NCi0rICAgIGNoYXIgKiBsX2NvbmY7CQkvKiB1c2UgbGRhcC5jb25mICov DQotKyAgICBpbnQgdGxzOwkJCS8qIFRMUyBvbmx5ICovDQotKyAgICBzdHJ1Y3QgdGltZXZh bCBiX3RpbWVvdXQ7ICAgLyogYmluZCB0aW1lb3V0ICovDQotKyAgICBzdHJ1Y3QgdGltZXZh bCBzX3RpbWVvdXQ7ICAgLyogc2VhcmNoIHRpbWVvdXQgKi8NCi0rICAgIHVuc2lnbmVkIGlu dCBmbGFnczsJCS8qIG1pc2MgZmxhZ3MgKHJlY29ubmVjdGlvbiwgZnV0dXJlIHVzZT8pICov DQotK30gbGRhcF9vcHRfdDsNCi0rDQotK3R5cGVkZWYgc3RydWN0IGxkYXBfa2V5cyB7DQot KyAgICBzdHJ1Y3QgYmVydmFsICoqIGtleXM7CS8qIHRoZSBwdWJsaWMga2V5cyByZXRyaWV2 ZWQgKi8NCi0rICAgIHVuc2lnbmVkIGludCBudW07CQkvKiBudW1iZXIgb2Yga2V5cyAqLw0K LSt9IGxkYXBfa2V5X3Q7DQotKw0KLSsNCi0rLyogZnVuY3Rpb24gaGVhZGVycyAqLw0KLSt2 b2lkIGxkYXBfY2xvc2UobGRhcF9vcHRfdCAqKTsNCi0raW50IGxkYXBfY29ubmVjdChsZGFw X29wdF90ICopOw0KLStjaGFyICogbGRhcF9wYXJzZV9ncm91cHMoY29uc3QgY2hhciAqKTsN Ci0rY2hhciAqIGxkYXBfcGFyc2Vfc2VydmVycyhjb25zdCBjaGFyICopOw0KLSt2b2lkIGxk YXBfb3B0aW9uc19wcmludChsZGFwX29wdF90ICopOw0KLSt2b2lkIGxkYXBfb3B0aW9uc19m cmVlKGxkYXBfb3B0X3QgKik7DQotK3ZvaWQgbGRhcF9rZXlzX2ZyZWUobGRhcF9rZXlfdCAq KTsNCi0raW50IGxkYXBfcGFyc2VfbGNvbmYobGRhcF9vcHRfdCAqKTsNCi0rbGRhcF9rZXlf dCAqIGxkYXBfZ2V0dXNlcmtleShsZGFwX29wdF90ICosIGNvbnN0IGNoYXIgKik7DQotK2lu dCBsZGFwX2lzbWVtYmVyKGxkYXBfb3B0X3QgKiwgY29uc3QgY2hhciAqKTsNCi0rDQotKyNl bmRpZg0KLWRpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWon IGxway11c2VyLWV4YW1wbGUudHh0IGxway11c2VyLWV4YW1wbGUudHh0DQotLS0tIGxway11 c2VyLWV4YW1wbGUudHh0CTE5NjktMTItMzEgMTY6MDA6MDAuMDAwMDAwMDAwIC0wODAwDQot KysrIGxway11c2VyLWV4YW1wbGUudHh0CTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAw IC0wNzAwDQotQEAgLTAsMCArMSwxMTcgQEANCi0rDQotK1Bvc3QgdG8gTUwgLT4gVXNlciBN YWRlIFF1aWNrIEluc3RhbGwgRG9jLg0KLStDb250cmlidXRpb24gZnJvbSBKb2huIExhbmUg PGpvaG5AbGFuZS51ay5uZXQ+DQotKw0KLSsrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrDQotKw0K LStPcGVuU1NIIExEQVAga2V5c3RvcmUgUGF0Y2gNCi0rPT09PT09PT09PT09PT09PT09PT09 PT09PT09DQotKw0KLStOT1RFOiB0aGVzZSBub3RlcyBhcmUgYSB0cmFuc2NyaXB0IG9mIGEg c3BlY2lmaWMgaW5zdGFsbGF0aW9uDQotKyAgICAgIHRoZXkgd29yayBmb3IgbWUsIHlvdXIg c3BlY2lmaWNzIG1heSBiZSBkaWZmZXJlbnQhDQotKyAgICAgIGZyb20gSm9obiBMYW5lIE1h cmNoIDE3dGggMjAwNSAgICAgICAgIGpvaG5AbGFuZS51ay5uZXQNCi0rDQotK1RoaXMgaXMg YSBwYXRjaCB0byBPcGVuU1NIIDQuMHAxIHRvIGFsbG93IGl0IHRvIG9idGFpbiB1c2Vycycg cHVibGljIGtleXMNCi0rZnJvbSB0aGVpciBMREFQIHJlY29yZCBhcyBhbiBhbHRlcm5hdGl2 ZSB0byB+Ly5zc2gvYXV0aG9yaXplZF9rZXlzLg0KLSsNCi0rKEFzc3VtaW5nIGhlcmUgdGhh dCBuZWNlc3NhcnkgYnVpbGQgc3R1ZmYgaXMgaW4gJEJVSUxEKQ0KLSsNCi0rY2QgJEJVSUxE L29wZW5zc2gtNC4wcDENCi0rcGF0Y2ggLU5wMSAtaSAkQlVJTEQvb3BlbnNzaC1scGstNC4w cDEtMC4zLnBhdGNoDQotK21rZGlyIC1wIC92YXIvZW1wdHkgJiYNCi0rLi9jb25maWd1cmUg LS1wcmVmaXg9L3VzciAtLXN5c2NvbmZkaXI9L2V0Yy9zc2ggXA0KLSsgICAgLS1saWJleGVj ZGlyPS91c3Ivc2JpbiAtLXdpdGgtbWQ1LXBhc3N3b3JkcyAtLXdpdGgtcGFtIFwNCi0rICAg IC0td2l0aC1saWJzPSItbGxkYXAiIC0td2l0aC1jcHBmbGFncz0iLURXSVRIX0xEQVBfUFVC S0VZIg0KLStOb3cgZG8uDQotK21ha2UgJiYNCi0rbWFrZSBpbnN0YWxsDQotKw0KLStBZGQg dGhlIGZvbGxvd2luZyBjb25maWcgdG8gL2V0Yy9zc2gvc3NoX2NvbmZpZw0KLStVc2VMUEsg eWVzDQotK0xwa1NlcnZlcnMgbGRhcDovL215aG9zdC5teWRvbWFpbi5jb20NCi0rTHBrVXNl ckROICBvdT1QZW9wbGUsZGM9bXlkb21haW4sZGM9Y29tDQotKw0KLStXZSBuZWVkIHRvIHRl bGwgc3NoZCBhYm91dCB0aGUgU1NMIGtleXMgZHVyaW5nIGJvb3QsIGFzIHJvb3Qncw0KLStl bnZpcm9ubWVudCBkb2VzIG5vdCBleGlzdCBhdCB0aGF0IHRpbWUuIEVkaXQgL2V0Yy9yYy5k L2luaXQuZC9zc2hkLg0KLStDaGFuZ2UgdGhlIHN0YXJ0dXAgY29kZSBmcm9tIHRoaXM6DQot KyAgICAgICAgICAgICAgICBlY2hvICJTdGFydGluZyBTU0ggU2VydmVyLi4uIg0KLSsgICAg ICAgICAgICAgICAgbG9hZHByb2MgL3Vzci9zYmluL3NzaGQNCi0rICAgICAgICAgICAgICAg IDs7DQotK3RvIHRoaXM6DQotKyAgICAgICAgICAgICAgICBlY2hvICJTdGFydGluZyBTU0gg U2VydmVyLi4uIg0KLSsgICAgICAgICAgICAgICAgTERBUFJDPSIvcm9vdC8ubGRhcHJjIiBs b2FkcHJvYyAvdXNyL3NiaW4vc3NoZA0KLSsgICAgICAgICAgICAgICAgOzsNCi0rDQotK1Jl LXN0YXJ0IHRoZSBzc2hkIGRhZW1vbjoNCi0rL2V0Yy9yYy5kL2luaXQuZC9zc2hkIHJlc3Rh cnQNCi0rDQotK0luc3RhbGwgdGhlIGFkZGl0aW9uYWwgTERBUCBzY2hlbWENCi0rY3AgJEJV SUxEL29wZW5zc2gtbHBrLTAuMi5zY2hlbWEgIC9ldGMvb3BlbmxkYXAvc2NoZW1hL29wZW5z c2guc2NoZW1hDQotKw0KLStOb3cgYWRkIHRoZSBvcGVuU1NIIExEQVAgc2NoZW1hIHRvIC9l dGMvb3BlbmxkYXAvc2xhcGQuY29uZjoNCi0rQWRkIHRoZSBmb2xsb3dpbmcgdG8gdGhlIGVu ZCBvZiB0aGUgZXhpc3RpbmcgYmxvY2sgb2Ygc2NoZW1hIGluY2x1ZGVzDQotK2luY2x1ZGUg ICAgICAgICAvZXRjL29wZW5sZGFwL3NjaGVtYS9vcGVuc3NoLnNjaGVtYQ0KLSsNCi0rUmUt c3RhcnQgdGhlIExEQVAgc2VydmVyOg0KLSsvZXRjL3JjLmQvaW5pdC5kL3NsYXBkIHJlc3Rh cnQNCi0rDQotK1RvIGFkZCBvbmUgb3IgbW9yZSBwdWJsaWMga2V5cyB0byBhIHVzZXIsIGVn ICJ0ZXN0dXNlciIgOg0KLStsZGFwc2VhcmNoIC14IC1XIC1aIC1MTEwgLWIgInVpZD10ZXN0 dXNlcixvdT1QZW9wbGUsZGM9bXlkb21haW4sZGM9Y29tIiAtRA0KLSsidWlkPXRlc3R1c2Vy LG91PVBlb3BsZSxkYz1teWRvbWFpbixkYz1jb20iID4gL3RtcC90ZXN0dXNlcg0KLSsNCi0r YXBwZW5kIHRoZSBmb2xsb3dpbmcgdG8gdGhpcyAvdG1wL3Rlc3R1c2VyIGZpbGUNCi0rb2Jq ZWN0Y2xhc3M6IGxkYXBQdWJsaWNLZXkNCi0rc3NoUHVibGljS2V5OiBzc2gtcnNhDQotK0FB QUFCM056YUMxeWMyRUFBQUFCSlFBQUFJQjNkc3J3cVhxRDdFNHpZWXJ4d2RES0JVUXhLTWlv WHk5cHhGVmFpNjRrQVB4alU5S1MNCi0rcUlvN1Fma2pzbGZzamZsa3NqZmxkZmtqc2xkZmpM WC81emt6Um1UMjhJNXBpR3p1blB2MTdTODl6OFh3U3N1QW9SMXQ4NnQrNWRsSQ0KLSs3ZVpF L2dWYm4yVVFrUXE3K2tkRFRTMnlYVjZWbkM1Mk4va0tMRzNjaUJrQkF3PT0gR2VuZXJhbCBQ dXJwb3NlIFJTQSBLZXkNCi0rDQotK1RoZW4gZG8gYSBtb2RpZnk6DQotK2xkYXBtb2RpZnkg LXggLUQgInVpZD10ZXN0dXNlcixvdT1QZW9wbGUsZGM9bXlkb21haW4sZGM9Y29tIiAtVyAt Zg0KLSsvdG1wL3Rlc3R1c2VyIC1aDQotK0VudGVyIExEQVAgUGFzc3dvcmQ6DQotK21vZGlm eWluZyBlbnRyeSAidWlkPXRlc3R1c2VyLG91PVBlb3BsZSxkYz1teWRvbWFpbixkYz1jb20i DQotK0FuZCBjaGVjayB0aGUgbW9kaWZ5IGlzIG9rOg0KLStsZGFwc2VhcmNoIC14IC1XIC1a IC1iICJ1aWQ9dGVzdHVzZXIsb3U9UGVvcGxlLGRjPW15ZG9tYWluLGRjPWNvbSIgLUQNCi0r InVpZD10ZXN0dXNlcixvdT1QZW9wbGUsZGM9bXlkb21haW4sZGM9Y29tIg0KLStFbnRlciBM REFQIFBhc3N3b3JkOg0KLSsjIGV4dGVuZGVkIExESUYNCi0rIw0KLSsjIExEQVB2Mw0KLSsj IGJhc2UgPHVpZD10ZXN0dXNlcixvdT1QZW9wbGUsZGM9bXlkb21haW4sZGM9Y29tPiB3aXRo IHNjb3BlIHN1Yg0KLSsjIGZpbHRlcjogKG9iamVjdGNsYXNzPSopDQotKyMgcmVxdWVzdGlu ZzogQUxMDQotKyMNCi0rDQotKyMgdGVzdHVzZXIsIFBlb3BsZSwgbXlkb21haW4uY29tDQot K2RuOiB1aWQ9dGVzdHVzZXIsb3U9UGVvcGxlLGRjPW15ZG9tYWluLGRjPWNvbQ0KLSt1aWQ6 IHRlc3R1c2VyDQotK2NuOiB0ZXN0dXNlcg0KLStvYmplY3RDbGFzczogYWNjb3VudA0KLStv YmplY3RDbGFzczogcG9zaXhBY2NvdW50DQotK29iamVjdENsYXNzOiB0b3ANCi0rb2JqZWN0 Q2xhc3M6IHNoYWRvd0FjY291bnQNCi0rb2JqZWN0Q2xhc3M6IGxkYXBQdWJsaWNLZXkNCi0r c2hhZG93TGFzdENoYW5nZTogMTI3NTcNCi0rc2hhZG93TWF4OiA5OTk5OQ0KLStzaGFkb3dX YXJuaW5nOiA3DQotK2xvZ2luU2hlbGw6IC9iaW4vYmFzaA0KLSt1aWROdW1iZXI6IDk5OTkN Ci0rZ2lkTnVtYmVyOiA1MDENCi0raG9tZURpcmVjdG9yeTogL2hvbWUvdGVzdHVzZXINCi0r dXNlclBhc3N3b3JkOjogZTFOVFNFRjlVRGd3VjFobk0xVmpVRFJKSzBrMVluRmlMMWQ0WlVK T2JYbFpaM1ozVVRVPQ0KLStzc2hQdWJsaWNLZXk6IHNzaC1yc2ENCi0rQUFBQUIzTnphQzF5 YzJFQUFBQUJKUUFBQUlCM2RzcndxWHFEN0U0ellZcnh3ZERLQlVReEtNaW9YeTlweEZWYWk2 NGtBUHhqVTlLU3FJbzdRZmtqc2xmc2pmbGtzamZsZGZranNsZGZqTFgvNXprelJtVDI4STVw aUd6dW5QdjE3Uzg5eg0KLSs4WHdTc3VBb1IxdDg2dCs1ZGxJN2VaRS9nVmJuMlVRa1FxNytr ZERUUzJ5WFY2Vm5DNTJOL2tLTEczY2lCa0JBdz09IEdlbmVyYWwgUHVycG9zZSBSU0EgS2V5 DQotKw0KLSsjIHNlYXJjaCByZXN1bHQNCi0rc2VhcmNoOiAzDQotK3Jlc3VsdDogMCBTdWNj ZXNzDQotKw0KLSsjIG51bVJlc3BvbnNlczogMg0KLSsjIG51bUVudHJpZXM6IDENCi0rDQot K05vdyBzdGFydCBhIHNzaCBzZXNzaW9uIHRvIHVzZXIgInRlc3R1c2VyIiBmcm9tIHVzdWFs IHNzaCBjbGllbnQgKGUuZy4NCi0rcHVUVFkpLiBMb2dpbiBzaG91bGQgc3VjY2VlZC4NCi0r DQotKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysNCi1kaWZmIC1OdWFyIC0tZXhjbHVkZSAnKi5v cmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBNYWtlZmlsZS5pbiBNYWtlZmlsZS5pbg0KLS0tLSBN YWtlZmlsZS5pbgkyMDA4LTA3LTA4IDA3OjIxOjEyLjAwMDAwMDAwMCAtMDcwMA0KLSsrKyBN YWtlZmlsZS5pbgkyMDA4LTA4LTIzIDE1OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KLUBAIC04 Niw3ICs4Niw3IEBADQotIAlhdXRoLWtyYjUubyBcDQotIAlhdXRoMi1nc3MubyBnc3Mtc2Vy di5vIGdzcy1zZXJ2LWtyYjUubyBcDQotIAlsb2dpbnJlYy5vIGF1dGgtcGFtLm8gYXV0aC1z aGFkb3cubyBhdXRoLXNpYS5vIG1kNWNyeXB0Lm8gXA0KLS0JYXVkaXQubyBhdWRpdC1ic20u byBwbGF0Zm9ybS5vIHNmdHAtc2VydmVyLm8gc2Z0cC1jb21tb24ubw0KLSsJYXVkaXQubyBh dWRpdC1ic20ubyBwbGF0Zm9ybS5vIGxkYXBhdXRoLm8gc2Z0cC1zZXJ2ZXIubyBzZnRwLWNv bW1vbi5vDQotIA0KLSBNQU5QQUdFUwk9IG1vZHVsaS41Lm91dCBzY3AuMS5vdXQgc3NoLWFk ZC4xLm91dCBzc2gtYWdlbnQuMS5vdXQgc3NoLWtleWdlbi4xLm91dCBzc2gta2V5c2Nhbi4x Lm91dCBzc2guMS5vdXQgc3NoZC44Lm91dCBzZnRwLXNlcnZlci44Lm91dCBzZnRwLjEub3V0 IHNzaC1yYW5kLWhlbHBlci44Lm91dCBzc2gta2V5c2lnbi44Lm91dCBzc2hkX2NvbmZpZy41 Lm91dCBzc2hfY29uZmlnLjUub3V0DQotIE1BTlBBR0VTX0lOCT0gbW9kdWxpLjUgc2NwLjEg c3NoLWFkZC4xIHNzaC1hZ2VudC4xIHNzaC1rZXlnZW4uMSBzc2gta2V5c2Nhbi4xIHNzaC4x IHNzaGQuOCBzZnRwLXNlcnZlci44IHNmdHAuMSBzc2gtcmFuZC1oZWxwZXIuOCBzc2gta2V5 c2lnbi44IHNzaGRfY29uZmlnLjUgc3NoX2NvbmZpZy41DQotZGlmZiAtTnVhciAtLWV4Y2x1 ZGUgJyoub3JpZycgLS1leGNsdWRlICcqLnJlaicgb3BlbnNzaC1scGtfb3BlbmxkYXAuc2No ZW1hIG9wZW5zc2gtbHBrX29wZW5sZGFwLnNjaGVtYQ0KLS0tLSBvcGVuc3NoLWxwa19vcGVu bGRhcC5zY2hlbWEJMTk2OS0xMi0zMSAxNjowMDowMC4wMDAwMDAwMDAgLTA4MDANCi0rKysg b3BlbnNzaC1scGtfb3BlbmxkYXAuc2NoZW1hCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAw MDAwIC0wNzAwDQotQEAgLTAsMCArMSwxOSBAQA0KLSsjDQotKyMgTERBUCBQdWJsaWMgS2V5 IFBhdGNoIHNjaGVtYSBmb3IgdXNlIHdpdGggb3BlbnNzaC1sZGFwcHVia2V5DQotKyMgQXV0 aG9yOiBFcmljIEFVR0UgPGVhdUBwaGVhci5vcmc+DQotKyMgDQotKyMgQmFzZWQgb24gdGhl IHByb3Bvc2FsIG9mIDogTWFyayBSdWlqdGVyDQotKyMNCi0rDQotKw0KLSsjIG9jdGV0U3Ry aW5nIFNZTlRBWA0KLSthdHRyaWJ1dGV0eXBlICggMS4zLjYuMS40LjEuMjQ1NTIuNTAwLjEu MS4xLjEzIE5BTUUgJ3NzaFB1YmxpY0tleScgDQotKwlERVNDICdNQU5EQVRPUlk6IE9wZW5T U0ggUHVibGljIGtleScgDQotKwlFUVVBTElUWSBvY3RldFN0cmluZ01hdGNoDQotKwlTWU5U QVggMS4zLjYuMS40LjEuMTQ2Ni4xMTUuMTIxLjEuNDAgKQ0KLSsNCi0rIyBwcmludGFibGVT dHJpbmcgU1lOVEFYIHllc3xubw0KLStvYmplY3RjbGFzcyAoIDEuMy42LjEuNC4xLjI0NTUy LjUwMC4xLjEuMi4wIE5BTUUgJ2xkYXBQdWJsaWNLZXknIFNVUCB0b3AgQVVYSUxJQVJZDQot KwlERVNDICdNQU5EQVRPUlk6IE9wZW5TU0ggTFBLIG9iamVjdGNsYXNzJw0KLSsJTVVTVCAo IHNzaFB1YmxpY0tleSAkIHVpZCApIA0KLSsJKQ0KLWRpZmYgLU51YXIgLS1leGNsdWRlICcq Lm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIG9wZW5zc2gtbHBrX3N1bi5zY2hlbWEgb3BlbnNz aC1scGtfc3VuLnNjaGVtYQ0KLS0tLSBvcGVuc3NoLWxwa19zdW4uc2NoZW1hCTE5NjktMTIt MzEgMTY6MDA6MDAuMDAwMDAwMDAwIC0wODAwDQotKysrIG9wZW5zc2gtbHBrX3N1bi5zY2hl bWEJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCi1AQCAtMCwwICsxLDIx IEBADQotKyMNCi0rIyBMREFQIFB1YmxpYyBLZXkgUGF0Y2ggc2NoZW1hIGZvciB1c2Ugd2l0 aCBvcGVuc3NoLWxkYXBwdWJrZXkNCi0rIyBBdXRob3I6IEVyaWMgQVVHRSA8ZWF1QHBoZWFy Lm9yZz4NCi0rIyANCi0rIyBTY2hlbWEgZm9yIFN1biBEaXJlY3RvcnkgU2VydmVyLg0KLSsj IEJhc2VkIG9uIHRoZSBvcmlnaW5hbCBzY2hlbWEsIG1vZGlmaWVkIGJ5IFN0ZWZhbiBGaXNj aGVyLg0KLSsjDQotKw0KLStkbjogY249c2NoZW1hDQotKw0KLSsjIG9jdGV0U3RyaW5nIFNZ TlRBWA0KLSthdHRyaWJ1dGVUeXBlczogKCAxLjMuNi4xLjQuMS4yNDU1Mi41MDAuMS4xLjEu MTMgTkFNRSAnc3NoUHVibGljS2V5JyANCi0rCURFU0MgJ01BTkRBVE9SWTogT3BlblNTSCBQ dWJsaWMga2V5JyANCi0rCUVRVUFMSVRZIG9jdGV0U3RyaW5nTWF0Y2gNCi0rCVNZTlRBWCAx LjMuNi4xLjQuMS4xNDY2LjExNS4xMjEuMS40MCApDQotKw0KLSsjIHByaW50YWJsZVN0cmlu ZyBTWU5UQVggeWVzfG5vDQotK29iamVjdENsYXNzZXM6ICggMS4zLjYuMS40LjEuMjQ1NTIu NTAwLjEuMS4yLjAgTkFNRSAnbGRhcFB1YmxpY0tleScgU1VQIHRvcCBBVVhJTElBUlkNCi0r CURFU0MgJ01BTkRBVE9SWTogT3BlblNTSCBMUEsgb2JqZWN0Y2xhc3MnDQotKwlNVVNUICgg c3NoUHVibGljS2V5ICQgdWlkICkgDQotKwkpDQotZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyou b3JpZycgLS1leGNsdWRlICcqLnJlaicgUkVBRE1FLmxwayBSRUFETUUubHBrDQotLS0tIFJF QURNRS5scGsJMTk2OS0xMi0zMSAxNjowMDowMC4wMDAwMDAwMDAgLTA4MDANCi0rKysgUkVB RE1FLmxwawkyMDA4LTA4LTIzIDE1OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KLUBAIC0wLDAg KzEsMjY3IEBADQotK09wZW5TU0ggTERBUCBQVUJMSUMgS0VZIFBBVENIIA0KLStDb3B5cmln aHQgKGMpIDIwMDMgRXJpYyBBVUdFIChlYXVAcGhlYXIub3JnKQ0KLStBbGwgcmlnaHRzIHJl c2VydmVkLg0KLSsNCi0rUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJp bmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0DQotK21vZGlmaWNhdGlvbiwgYXJlIHBlcm1p dHRlZCBwcm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucw0KLSthcmUgbWV0 Og0KLSsxLiBSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhl IGFib3ZlIGNvcHlyaWdodA0KLSsgICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25z IGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuDQotKzIuIFJlZGlzdHJpYnV0aW9ucyBp biBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0DQotKyAg IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlz Y2xhaW1lciBpbiB0aGUNCi0rICAgZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3RoZXIgbWF0ZXJp YWxzIHByb3ZpZGVkIHdpdGggdGhlIGRpc3RyaWJ1dGlvbi4NCi0rMy4gVGhlIG5hbWUgb2Yg dGhlIGF1dGhvciBtYXkgbm90IGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1 Y3RzDQotKyAgIGRlcml2ZWQgZnJvbSB0aGlzIHNvZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMg cHJpb3Igd3JpdHRlbiBwZXJtaXNzaW9uLg0KLSsNCi0rVEhJUyBTT0ZUV0FSRSBJUyBQUk9W SURFRCBCWSBUSEUgQVVUSE9SIGBgQVMgSVMnJyBBTkQgQU5ZIEVYUFJFU1MgT1INCi0rSU1Q TElFRCBXQVJSQU5USUVTLCBJTkNMVURJTkcsIEJVVCBOT1QgTElNSVRFRCBUTywgVEhFIElN UExJRUQgV0FSUkFOVElFUw0KLStPRiBNRVJDSEFOVEFCSUxJVFkgQU5EIEZJVE5FU1MgRk9S IEEgUEFSVElDVUxBUiBQVVJQT1NFIEFSRSBESVNDTEFJTUVELg0KLStJTiBOTyBFVkVOVCBT SEFMTCBUSEUgQVVUSE9SIEJFIExJQUJMRSBGT1IgQU5ZIERJUkVDVCwgSU5ESVJFQ1QsDQot K0lOQ0lERU5UQUwsIFNQRUNJQUwsIEVYRU1QTEFSWSwgT1IgQ09OU0VRVUVOVElBTCBEQU1B R0VTIChJTkNMVURJTkcsIEJVVA0KLStOT1QgTElNSVRFRCBUTywgUFJPQ1VSRU1FTlQgT0Yg U1VCU1RJVFVURSBHT09EUyBPUiBTRVJWSUNFUzsgTE9TUyBPRiBVU0UsDQotK0RBVEEsIE9S IFBST0ZJVFM7IE9SIEJVU0lORVNTIElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5E IE9OIEFOWQ0KLStUSEVPUlkgT0YgTElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBT VFJJQ1QgTElBQklMSVRZLCBPUiBUT1JUDQotKyhJTkNMVURJTkcgTkVHTElHRU5DRSBPUiBP VEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWSBPVVQgT0YgVEhFIFVTRSBPRg0KLStUSElT IFNPRlRXQVJFLCBFVkVOIElGIEFEVklTRUQgT0YgVEhFIFBPU1NJQklMSVRZIE9GIFNVQ0gg REFNQUdFLg0KLSsNCi0rcHVycG9zZXMgb2YgdGhpcyBwYXRjaDoNCi0rDQotK1RoaXMgcGF0 Y2ggd291bGQgaGVscCB0byBoYXZlIGF1dGhlbnRpY2F0aW9uIGNlbnRyYWxpemF0aW9uIHBv bGljeQ0KLSt1c2luZyBzc2ggcHVibGljIGtleSBhdXRoZW50aWNhdGlvbi4NCi0rVGhpcyBw YXRjaCBjb3VsZCBiZSBhbiBhbHRlcm5hdGl2ZSB0byBvdGhlciAic2VjdXJlIiBhdXRoZW50 aWNhdGlvbiBzeXN0ZW0NCi0rd29ya2luZyBpbiBhIHNpbWlsYXIgd2F5IChLZXJiZXJvcywg U2VjdXJJRCwgZXRjLi4uKSwgZXhjZXB0IHRoZSBmYWN0IA0KLSt0aGF0IGl0J3MgYmFzZWQg b24gT3BlblNTSCBhbmQgaXRzIHB1YmxpYyBrZXkgYWJpbGl0aWVzLg0KLSsNCi0rPj4gRllJ OiA8PA0KLSsndWlkJzogbWVhbnMgdW5peCBhY2NvdW50cyBleGlzdGluZyBvbiB0aGUgY3Vy cmVudCBzZXJ2ZXINCi0rJ2xwa1NlcnZlckdyb3VwOicgbWVhbiBzZXJ2ZXIgZ3JvdXAgY29u ZmlndXJlZCBvbiB0aGUgY3VycmVudCBzZXJ2ZXIgKCdscGtTZXJ2ZXJHcm91cCcgaW4gc3No ZF9jb25maWcpDQotKw0KLStleGFtcGxlIHNjaGVtYToNCi0rDQotKw0KLSsgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyMSAodWlkOiBlYXUscml2YWwsdG90bykg KGxwa1NlcnZlckdyb3VwOiB1bml4KQ0KLSsgICAgICAgICAgICAgICAgX19fX19fX19fX18g ICAgICAvDQotKyAgICAgICAgICAgICAgIC8gICAgICAgICAgIFwgLS0tIC0gc2VydmVyMyAo dWlkOiBlYXUsIHRpdGkpIChscGtTZXJ2ZXJHcm91cDogdW5peCkNCi0rICAgICAgICAgICAg ICB8IExEQVAgU2VydmVyIHwgICAgXA0KLSsJICAgICAgfCBlYXUgICxyaXZhbCB8ICAgICBz ZXJ2ZXIyICh1aWQ6IHJpdmFsLCBlYXUpIChscGtTZXJ2ZXJHcm91cDogdW5peCkNCi0rCSAg ICAgIHwgdGl0aSAsdG90byAgfA0KLSsJICAgICAgfCB1c2VyeCwuLi4uICB8ICAgICAgICAg c2VydmVyNSAodWlkOiBlYXUpICAobHBrU2VydmVyR3JvdXA6IG1haWwpDQotKyAgICAgICAg ICAgICAgIFxfX19fX19fX19fXy8gXCAgICAgICAvDQotKwkgICAgICAgICAgICAgICAgICAg ICAgIC0tLS0tIC0gc2VydmVyNCAodWlkOiBlYXUsIHJpdmFsKSAgKG5vIGdyb3VwIGNvbmZp Z3VyZWQpDQotKwkJCSAgICAgICAgICAgICBcDQotKwkJCQkgICAgICAgIGV0Yy4uLg0KLSsN Ci0rLSBXSEFUIFdFIE5FRUQgOg0KLSsNCi0rICAqIGNvbmZpZ3VyZWQgTERBUCBzZXJ2ZXIg c29tZXdoZXJlIG9uIHRoZSBuZXR3b3JrIChpLmUuIE9wZW5MREFQKQ0KLSsgICogcGF0Y2hl ZCBzc2hkICh3aXRoIHRoaXMgcGF0Y2ggOykNCi0rICAqIExEQVAgdXNlcigvZ3JvdXApIGVu dHJ5IChsb29rIGF0IHVzZXJzLmxkaWYgKCYgZ3JvdXBzLmxkaWYpKToNCi0rICAgICAgICBV c2VyIGVudHJ5Og0KLSsJLSBhdHRhY2hlZCB0byB0aGUgJ2xkYXBQdWJsaWNLZXknIG9iamVj dGNsYXNzDQotKwktIGF0dGFjaGVkIHRvIHRoZSAncG9zaXhBY2NvdW50JyBvYmplY3RjbGFz cw0KLSsJLSB3aXRoIGEgZmlsbGVkICdzc2hQdWJsaWNLZXknIGF0dHJpYnV0ZSANCi0rCUV4 YW1wbGU6DQotKwkJZG46IHVpZD1lYXUsb3U9dXNlcnMsZGM9Y3Vja29vcyxkYz1uZXQNCi0r CQlvYmplY3RjbGFzczogdG9wDQotKwkJb2JqZWN0Y2xhc3M6IHBlcnNvbg0KLSsJCW9iamVj dGNsYXNzOiBvcmdhbml6YXRpb25hbFBlcnNvbg0KLSsJCW9iamVjdGNsYXNzOiBwb3NpeEFj Y291bnQNCi0rCQlvYmplY3RjbGFzczogbGRhcFB1YmxpY0tleQ0KLSsJCWRlc2NyaXB0aW9u OiBFcmljIEFVR0UgQWNjb3VudA0KLSsJCXVzZXJQYXNzd29yZDogYmxhaA0KLSsJCWNuOiBF cmljIEFVR0UNCi0rCQlzbjogRXJpYyBBVUdFDQotKwkJdWlkOiBlYXUNCi0rCQl1aWROdW1i ZXI6IDEwMzQNCi0rCQlnaWROdW1iZXI6IDENCi0rCQlob21lRGlyZWN0b3J5OiAvZXhwb3J0 L2hvbWUvZWF1DQotKwkJc3NoUHVibGljS2V5OiBzc2gtZHNzIEFBQUFCMy4uLg0KLSsJCXNz aFB1YmxpY0tleTogc3NoLWRzcyBBQUFBTTUuLi4NCi0rDQotKwlHcm91cCBlbnRyeToNCi0r CS0gYXR0YWNoZWQgdG8gdGhlICdwb3NpeEdyb3VwJyBvYmplY3RjbGFzcw0KLSsJLSB3aXRo IGEgJ2NuJyBncm91cG5hbWUgYXR0cmlidXRlDQotKwktIHdpdGggbXVsdGlwbGUgJ21lbWJl clVpZCcgYXR0cmlidXRlcyBmaWxsZWQgd2l0aCB1c2VybmFtZXMgYWxsb3dlZCBpbiB0aGlz IGdyb3VwDQotKwlFeGFtcGxlOg0KLSsJCSMgZmV3IG1lbWJlcnMNCi0rCQlkbjogY249dW5p eCxvdT1ncm91cHMsZGM9Y3Vja29vcyxkYz1uZXQNCi0rCQlvYmplY3RjbGFzczogdG9wDQot KwkJb2JqZWN0Y2xhc3M6IHBvc2l4R3JvdXANCi0rCQlkZXNjcmlwdGlvbjogVW5peCBiYXNl ZCBzZXJ2ZXJzIGdyb3VwDQotKwkJY246IHVuaXgNCi0rCQlnaWROdW1iZXI6IDEwMDINCi0r CQltZW1iZXJVaWQ6IGVhdQ0KLSsJCW1lbWJlclVpZDogdXNlcjENCi0rCQltZW1iZXJVaWQ6 IHVzZXIyDQotKw0KLSsNCi0rLSBIT1cgSVQgV09SS1MgOg0KLSsNCi0rICAqIHdpdGhvdXQg cGF0Y2gNCi0rICBJZiBhIHVzZXIgd2FudHMgdG8gYXV0aGVudGljYXRlIHRvIGxvZyBpbiBh IHNlcnZlciB0aGUgc3NoZCwgd2lsbCBmaXJzdCBsb29rIGZvciBhdXRoZW50aWNhdGlvbiBt ZXRob2QgYWxsb3dlZCAoUlNBYXV0aCxrZXJiZXJvcyxldGMuLikNCi0rICBhbmQgaWYgUlNB YXV0aCBhbmQgdGlja2V0cyBiYXNlZCBhdXRoIGZhaWxzLCBpdCB3aWxsIGZhbGxiYWNrIHRv IHN0YW5kYXJkIHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uIChpZiBlbmFibGVkKS4NCi0rDQot KyAgKiB3aXRoIHRoZSBwYXRjaA0KLSsgIElmIGEgdXNlciB3YW50IHRvIGF1dGhlbnRpY2F0 ZSB0byBsb2cgaW4gYSBzZXJ2ZXIsIHRoZSBzc2hkIHdpbGwgZmlyc3QgbG9vayBmb3IgYXV0 aCBtZXRob2QgaW5jbHVkaW5nIExEQVAgcHVia2V5LCBpZiB0aGUgbGRhcHB1YmtleSBvcHRp b25zIGlzIGVuYWJsZWQuDQotKyAgSXQgd2lsbCBkbyBhbiBsZGFwc2VhcmNoIHRvIGdldCB0 aGUgcHVibGljIGtleSBkaXJlY3RseSBmcm9tIHRoZSBMREFQIGluc3RlYWQgb2YgcmVhZGlu ZyBpdCBmcm9tIHRoZSBzZXJ2ZXIgZmlsZXN5c3RlbS4gDQotKyAgKHVzdWFsbHkgaW4gJEhP TUUvLnNzaC9hdXRob3JpemVkX2tleXMpDQotKw0KLSsgIElmIGdyb3VwcyBhcmUgZW5hYmxl ZCwgaXQgd2lsbCBhbHNvIGNoZWNrIGlmIHRoZSB1c2VyIHRoYXQgd2FudHMgdG8gbG9naW4g aXMgaW4gdGhlIGdyb3VwIG9mIHRoZSBzZXJ2ZXIgaGUgaXMgdHJ5aW5nIHRvIGxvZyBpbnRv Lg0KLSsgIElmIGl0IGZhaWxzLCBpdCBmYWxscyBiYWNrIG9uIFJTQSBhdXRoIGZpbGVzICgk SE9NRS8uc3NoL2F1dGhvcml6ZWRfa2V5cyksIGV0Yy4uIGFuZCBmaW5hbGx5IHRvIHN0YW5k YXJkIHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uIChpZiBlbmFibGVkKS4NCi0rDQotKyAgNyB0 b2tlbnMgYXJlIGFkZGVkIHRvIHNzaGRfY29uZmlnIDoNCi0rICAjIGhlcmUgaXMgdGhlIG5l dyBwYXRjaGVkIGxkYXAgcmVsYXRlZCB0b2tlbnMNCi0rICAjIGVudHJpZXMgaW4geW91ciBM REFQIG11c3QgYmUgcG9zaXhBY2NvdW50ICYgc3Ryb25nQXV0aGVudGljYXRpb25Vc2VyICYg cG9zaXhHcm91cA0KLSsgIFVzZUxQSyB5ZXMJCQkJCQkJCSMgbG9vayB0aGUgcHViIGtleSBp bnRvIExEQVANCi0rICBMcGtTZXJ2ZXJzIGxkYXA6Ly8xMC4zMS4zMi41LyBsZGFwOi8vMTAu MzEuMzIuNCBsZGFwOi8vMTAuMzEuMzIuMwkjIHdoaWNoIExEQVAgc2VydmVyIGZvciB1c2Vy cyA/IChVUkwgZm9ybWF0KQ0KLSsgIExwa1VzZXJETiAgb3U9dXNlcnMsZGM9Zm9vYmFyLGRj PW5ldAkJCQkJIyB3aGljaCBiYXNlIEROIGZvciB1c2VycyA/DQotKyAgTHBrR3JvdXBETiBv dT1ncm91cHMsZGM9Zm9vYmFyLGRjPW5ldAkJCQkJIyB3aGljaCBiYXNlIEROIGZvciBncm91 cHMgPyANCi0rICBMcGtCaW5kRE4gY249bWFuYWdlcixkYz1mb29iYXIsZGM9bmV0CQkJCQkj IHdoaWNoIGJpbmQgRE4gPw0KLSsgIExwa0JpbmRQdyBhc2VjcmV0CQkJCQkJCSMgYmluZCBE TiBjcmVkaWRlbnRpYWxzDQotKyAgTHBrU2VydmVyR3JvdXAgYWdyb3VwbmFtZQkJCQkJCSMg dGhlIGdyb3VwIHRoZSBzZXJ2ZXIgaXMgcGFydCBvZg0KLSsNCi0rICBSaWdodCBub3cgaSdt IHVzaW5nIGFub255bW91cyBiaW5kaW5nIHRvIGdldCBwdWJsaWMga2V5cywgYmVjYXVzZSBn ZXR0aW5nIHB1YmxpYyBrZXlzIG9mIHNvbWVvbmUgZG9lc24ndCBpbXBlcnNvbmF0ZSBoaW24 IGJ1dCB0aGVyZSBpcyBzb21lDQotKyAgZmxhd3MgeW91IGhhdmUgdG8gdGFrZSBjYXJlIG9m Lg0KLSsNCi0rLSBIT1cgVE8gSU5TRVJUIEEgVVNFUi9LRVkgSU5UTyBBTiBMREFQIEVOVFJZ DQotKw0KLSsgICogbXkgd2F5ICh0aGVyZSBpcyBwbGVudHkgOikNCi0rICAtIGNyZWF0ZSBs ZGlmIGZpbGUgKGkuZS4gdXNlcnMubGRpZikNCi0rICAtIGNhdCB+Ly5zc2gvaWRfZHNhLnB1 YiBPUiBjYXQgfi8uc3NoL2lkX3JzYS5wdWIgT1IgY2F0IH4vLnNzaC9pZGVudGl0eS5wdWIN Ci0rICAtIG15IHdheSBpbiA0IHN0ZXBzIDoNCi0rICBFeGFtcGxlOg0KLSsNCi0rICAjIHlv dSBhZGQgdGhpcyB0byB0aGUgdXNlciBlbnRyeSBpbiB0aGUgTERJRiBmaWxlIDoNCi0rICBb Li4uXQ0KLSsgIG9iamVjdGNsYXNzOiBwb3NpeEFjY291bnQNCi0rICBvYmplY3RjbGFzczog bGRhcFB1YmxpY0tleQ0KLSsgIFsuLi5dDQotKyAgc3NoUHVibGlLZXk6IHNzaC1kc3MgQUFB QUJEaDEyRERVUjIuLi4NCi0rICBbLi4uXQ0KLSsNCi0rICAjIGluc2VydCB5b3VyIGVudHJ5 IGFuZCB5b3UncmUgZG9uZSA6KQ0KLSsgIGxkYXBhZGQgLUQgYmFsYmxhYmxhIC13IGJsZWgg PCBmaWxlLmxkaWYgDQotKyAgDQotKyAgYWxsIHN0YW5kYXJkIG9wdGlvbnMgY2FuIGJlIHBy ZXNlbnQgaW4gdGhlICdzc2hQdWJsaWNLZXknIGF0dHJpYnV0ZS4NCi0rDQotKy0gV0hZIDoN Ci0rDQotKyAgU2ltcGx5IGJlY2F1c2UsIGkgd2FzIGxvb2tpbmcgZm9yIGEgd2F5IHRvIGNl bnRyYWxpemUgYWxsIHN5c2FkbWlucyBhdXRoZW50aWNhdGlvbiwgZWFzaWx5LCAgd2l0aG91 dCBjb21wbGV0ZWx5IHVzaW5nIExEQVAgDQotKyAgYXMgYXV0aGVudGljYXRpb24gbWV0aG9k IChsaWtlIHBhbV9sZGFwIGV0Yy4uKS4gIA0KLSsgIA0KLSsgIEFmdGVyIGxvb2tpbmcgaW50 byBLZXJiZXJvcywgU2VjdXJJRCwgYW5kIG90aGVyIGNlbnRyYWxpemVkIHNlY3VyZSBhdXRo ZW50aWNhdGlvbnMgc3lzdGVtcywgdGhlIHVzZSBvZiBSU0EgYW5kIExEQVAgdG8gZ2V0IA0K LSsgIHB1YmxpYyBrZXkgZm9yIGF1dGhlbnRpY2F0aW9uIGFsbG93cyB1cyB0byBjb250cm9s IHdobyBoYXMgYWNjZXNzIHRvIHdoaWNoIHNlcnZlciAodGhlIHVzZXIgbmVlZHMgYW4gYWNj b3VudCBhbmQgdG8gYmUgaW4gJ3N0cm9uZ0F1dGhlbnRpY2F0aW9uVXNlcicNCi0rICBvYmpl Y3RjbGFzcyB3aXRoaW4gTERBUCBhbmQgcGFydCBvZiB0aGUgZ3JvdXAgdGhlIFNTSCBzZXJ2 ZXIgaXMgaW4pLiANCi0rDQotKyAgUGFzc3dvcmRzIHVwZGF0ZSBhcmUgbm8gbG9uZ2VyIGEg bmlnaHRtYXJlIGZvciBhIHNlcnZlciBmYXJtIChrZXkgcGFpciBwYXNzcGhyYXNlIGlzIHN0 b3JlZCBvbiBlYWNoIHVzZXIncyBib3ggYW5kIHByaXZhdGUga2V5IGlzIGxvY2FsbHkgZW5j cnlwdGVkIHVzaW5nIGhpcyBwYXNzcGhyYXNlIA0KLSsgIHNvIGVhY2ggdXNlciBjYW4gY2hh bmdlIGl0IGFzIG11Y2ggYXMgaGUgd2FudHMpLiANCi0rDQotKyAgQmxvY2tpbmcgYSB1c2Vy IGFjY291bnQgY2FuIGJlIGRvbmUgZGlyZWN0bHkgZnJvbSB0aGUgTERBUCAoaWYgc3NoZCBp cyB1c2luZyBSU0FBdXRoICsgbGRhcCBvbmx5KS4NCi0rDQotKy0gUlVMRVMgOiAgDQotKyAg RW50cnkgaW4gdGhlIExEQVAgc2VydmVyIG11c3QgcmVzcGVjdCAncG9zaXhBY2NvdW50JyBh bmQgJ2xkYXBQdWJsaWNLZXknIHdoaWNoIGFyZSBkZWZpbmVkIGluIGNvcmUuc2NoZW1hLiAN Ci0rICBhbmQgdGhlIGFkZGl0aW9ubmFsIGxway5zY2hlbWEuDQotKw0KLSsgIFRoaXMgcGF0 Y2ggY291bGQgYWxsb3cgYSBzbW9vdGggdHJhbnNpdGlvbiBiZXR3ZWVuIHN0YW5kYXJkIGF1 dGggKC9ldGMvcGFzc3dkKSBhbmQgY29tcGxldGUgTERBUCBiYXNlZCBhdXRoZW50aWNhdGlv biANCi0rICAocGFtbGRhcCwgbnNzX2xkYXAsIGV0Yy4uKS4NCi0rDQotKyAgVGhpcyBjYW4g YmUgYW4gYWx0ZXJuYXRpdmUgdG8gb3RoZXIgKG9sZD8vZXhwZW5zaXZlPykgYXV0aGVudGlj YXRpb24gbWV0aG9kcyAoS2VyYmVyb3MvU2VjdXJJRC8uLikuDQotKyAgDQotKyAgUmVmZXJy aW5nIHRvIHNjaGVtYSBhdCB0aGUgYmVnaW5uaW5nIG9mIHRoaXMgZmlsZSBpZiB1c2VyICdl YXUnIGlzIG9ubHkgaW4gZ3JvdXAgJ3VuaXgnDQotKyAgJ2VhdScgd291bGQgT05MWSBhY2Nl c3MgJ3NlcnZlcjEnLCAnc2VydmVyMicsICdzZXJ2ZXIzJyBBTkQgJ3NlcnZlcjQnIEJVVCBO T1QgJ3NlcnZlcjUnLg0KLSsgIElmIHlvdSB0aGVuIG1vZGlmeSB0aGUgTERBUCAnbWFpbCcg Z3JvdXAgZW50cnkgdG8gYWRkICdtZW1iZXJVaWQ6IGVhdScgVEhFTiB1c2VyICdlYXUnIHdv dWxkIGJlIGFibGUNCi0rICB0byBsb2cgaW4gJ3NlcnZlcjUnIChpIGhvcGUgeW91IGdvdCB0 aGUgaWRlYSwgbXkgZW5nbGlzaCBpcyBiYWQgOikuDQotKw0KLSsgIEVhY2ggc2VydmVyJ3Mg c3NoZCBpcyBwYXRjaGVkIGFuZCBjb25maWd1cmVkIHRvIGFzayB0aGUgcHVibGljIGtleSBh bmQgdGhlIGdyb3VwIGluZm9zIGluIHRoZSBMREFQDQotKyAgc2VydmVyLg0KLSsgIFdoZW4g eW91IHdhbnQgdG8gYWxsb3cgYSBuZXcgdXNlciB0byBoYXZlIGFjY2VzcyB0byB0aGUgc2Vy dmVyIHBhcmMsIHlvdSBqdXN0IGFkZCBoaW0gYW4gYWNjb3VudCBvbiANCi0rICB5b3VyIHNl cnZlcnMsIHlvdSBhZGQgaGlzIHB1YmxpYyBrZXkgaW50byBoaXMgZW50cnkgb24gdGhlIExE QVAgc2VydmVyLCBpdCdzIGRvbmUuIA0KLSsNCi0rICBCZWNhdXNlIHNzaGRzIGFyZSBsb29r aW5nIHB1YmxpYyBrZXlzIGludG8gdGhlIExEQVAgZGlyZWN0bHkgaW5zdGVhZCBvZiBhIGZp bGUgKCRIT01FLy5zc2gvYXV0aG9yaXplZF9rZXlzKS4NCi0rDQotKyAgV2hlbiB0aGUgdXNl ciBuZWVkcyB0byBjaGFuZ2UgaGlzIHBhc3NwaHJhc2UgaGUgY2FuIGRvIGl0IGRpcmVjdGx5 IGZyb20gaGlzIHdvcmtzdGF0aW9uIGJ5IGNoYW5naW5nIA0KLSsgIGhpcyBvd24ga2V5IHNl dCBsb2NrIHBhc3NwaHJhc2UsIGFuZCBhbGwgc2VydmVycyBhcmUgYXV0b21hdGljYWxseSBh d2FyZS4NCi0rIA0KLSsgIFdpdGggYSBDQVJFRlVMIExEQVAgc2VydmVyIGNvbmZpZ3VyYXRp b24geW91IGNvdWxkIGFsbG93IGEgdXNlciB0byBhZGQvZGVsZXRlL21vZGlmeSBoaXMgb3du IGVudHJ5IGhpbXNlbGYNCi0rICBzbyBoZSBjYW4gYWRkL21vZGlmeS9kZWxldGUgaGltc2Vs ZiBoaXMgcHVibGljIGtleSB3aGVuIG5lZWRlZC4NCi0rDQotK60gRkxBV1MgOg0KLSsgIExE QVAgbXVzdCBiZSB3ZWxsIGNvbmZpZ3VyZWQsIGdldHRpbmcgdGhlIHB1YmxpYyBrZXkgb2Yg c29tZSB1c2VyIGlzIG5vdCBhIHByb2JsZW0sIGJ1dCBpZiBhbm9ueW1vdXMgTERBUCANCi0r ICBhbGxvdyB3cml0ZSB0byB1c2VycyBkbiwgc29tZWJvZHkgY291bGQgcmVwbGFjZSBzb21l dXNlcidzIHB1YmxpYyBrZXkgYnkgaXRzIG93biBhbmQgaW1wZXJzb25hdGUgc29tZSANCi0r ICBvZiB5b3VyIHVzZXJzIGluIGFsbCB5b3VyIHNlcnZlciBmYXJtIGJlIFZFUlkgQ0FSRUZV TC4NCi0rICANCi0rICBNSVRNIGF0dGFjayB3aGVuIHNzaGQgaXMgcmVxdWVzdGluZyB0aGUg cHVibGljIGtleSwgY291bGQgbGVhZCB0byBhIGNvbXByb21pc2Ugb2YgeW91ciBzZXJ2ZXJz IGFsbG93aW5nIGxvZ2luIA0KLSsgIGFzIHRoZSBpbXBlcnNvbm5hdGVkIHVzZXIuDQotKw0K LSsgIElmIExEQVAgc2VydmVyIGlzIGRvd24gdGhlbiwgZmFsbGJhY2sgb24gcGFzc3dkIGF1 dGguDQotKyAgDQotKyAgdGhlIGxkYXAgY29kZSBwYXJ0IGhhcyBub3QgYmVlbiB3ZWxsIGF1 ZGl0ZWQgeWV0Lg0KLSsNCi0rLSBMREFQIFVTRVIgRU5UUlkgRVhBTVBMRVMgKExESUYgRm9y bWF0LCBsb29rIGluIHVzZXJzLmxkaWYpDQotKyAgICAtLS0gQ1VUIEhFUkUgLS0tDQotKyAg ICBkbjogdWlkPWpkb2Usb3U9dXNlcnMsZGM9Zm9vYmFyLGRjPW5ldA0KLSsgICAgb2JqZWN0 Y2xhc3M6IHRvcA0KLSsgICAgb2JqZWN0Y2xhc3M6IHBlcnNvbg0KLSsgICAgb2JqZWN0Y2xh c3M6IG9yZ2FuaXphdGlvbmFsUGVyc29uDQotKyAgICBvYmplY3RjbGFzczogcG9zaXhBY2Nv dW50DQotKyAgICBvYmplY3RjbGFzczogbGRhcFB1YmxpY0tleQ0KLSsgICAgZGVzY3JpcHRp b246IE15IGFjY291bnQNCi0rICAgIGNuOiBKb2huIERvZQ0KLSsgICAgc246IEpvaG4gRG9l DQotKyAgICB1aWQ6IGpkb2UNCi0rICAgIHVpZE51bWJlcjogMTAwDQotKyAgICBnaWROdW1i ZXI6IDEwMA0KLSsgICAgaG9tZURpcmVjdG9yeTogL2hvbWUvamRvZQ0KLSsgICAgc3NoUHVi bGljS2V5OiBzc2gtZHNzIEFBQUFCM056YUMxa2MzTUFBQUVCQU92TDhwUkVVZzl3U3kvOCto UUo1NFlGM0FYa0IwT1pyWEIuLi4uDQotKyAgICBbLi4uXQ0KLSsgICAgLS0tIENVVCBIRVJF IC0tLQ0KLSsNCi0rLSBMREFQIEdST1VQIEVOVFJZIEVYQU1QTEVTIChMRElGIEZvcm1hdCwg bG9vayBpbiBncm91cHMubGRpZikNCi0rICAgIC0tLSBDVVQgSEVSRSAtLS0NCi0rICAgIGRu OiBjbj11bml4LG91PWdyb3VwcyxkYz1jdWNrb29zLGRjPW5ldA0KLSsgICAgb2JqZWN0Y2xh c3M6IHRvcA0KLSsgICAgb2JqZWN0Y2xhc3M6IHBvc2l4R3JvdXANCi0rICAgIGRlc2NyaXB0 aW9uOiBVbml4IGJhc2VkIHNlcnZlcnMgZ3JvdXANCi0rICAgIGNuOiB1bml4DQotKyAgICBn aWROdW1iZXI6IDEwMDINCi0rICAgIG1lbWJlclVpZDogamRvZQ0KLSsgICAgbWVtYmVyVWlk OiB1c2VyMQ0KLSsgICAgbWVtYmVyVWlkOiB1c2VyMg0KLSsgICAgWy4uLl0NCi0rICAgIC0t LSBDVVQgSEVSRSAtLS0NCi0rDQotKz4+IEZZSTogPDwgDQotK011bHRpcGxlICdzc2hQdWJs aWNLZXknIGluIGEgdXNlciBlbnRyeSBhcmUgYWxsb3dlZCwgYXMgd2VsbCBhcyBtdWx0aXBs ZSAnbWVtYmVyVWlkJyBhdHRyaWJ1dGVzIGluIGEgZ3JvdXAgZW50cnkNCi0rDQotKy0gQ09N UElMSU5HOg0KLSsgIDEuIEFwcGx5IHRoZSBwYXRjaA0KLSsgIDIuIC4vY29uZmlndXJlIC0t d2l0aC15b3VyLW9wdGlvbnMgLS13aXRoLWxkYXA9L3ByZWZpeC90by9sZGFwX2xpYnNfYW5k X2luY2x1ZGVzDQotKyAgMy4gbWFrZQ0KLSsgIDQuIGl0J3MgZG9uZS4NCi0rDQotKy0gQkxB IDoNCi0rICBJIGhvcGUgdGhpcyBjb3VsZCBoZWxwLCBhbmQgaSBob3BlIHRvIGJlIGNsZWFy IGVub3VnaCwsIG9yIGdpdmUgaWRlYXMuICBxdWVzdGlvbnMvY29tbWVudHMvaW1wcm92ZW1l bnRzIGFyZSB3ZWxjb21lLg0KLSsgIA0KLSstIFRPRE8gOg0KLSsgIFJlZGVzaWduIGRpZmZl cmVudGx5Lg0KLSsNCi0rLSBET0NTL0xJTksgOg0KLSsgIGh0dHA6Ly9wYWNzZWMuanAvY29y ZTA1L3BzajA1LWJhcmlzYW5pLWVuLnBkZg0KLSsgIGh0dHA6Ly9mcml0ei5wb3RzZGFtLmVk dS9wcm9qZWN0cy9vcGVuc3NoLWxway8NCi0rICBodHRwOi8vZnJpdHoucG90c2RhbS5lZHUv cHJvamVjdHMvc3NoZ2F0ZS8NCi0rICBodHRwOi8vZGV2LmludmVyc2VwYXRoLmNvbS90cmFj L29wZW5zc2gtbHBrDQotKyAgaHR0cDovL2xhbS5zZi5uZXQvICggaHR0cDovL2xhbS5zb3Vy Y2Vmb3JnZS5uZXQvZG9jdW1lbnRhdGlvbi9zdXBwb3J0ZWRTY2hlbWFzLmh0bSApDQotKw0K LSstIENPTlRSSUJVVE9SUy9JREVBUy9HUkVFVFMgOg0KLSsgIC0gRmFsayBTaWVtb25zbWVp ZXIuDQotKyAgLSBKYWNvYiBSaWVmLg0KLSsgIC0gTWljaGFlbCBEdXJjaGdyYWYuDQotKyAg LSBmcmVkZXJpYyBwZXRlcnMuDQotKyAgLSBGaW5sYXkgZG9iYmllLg0KLSsgIC0gU3RlZmFu IEZpc2hlci4NCi0rICAtIFJvYmluIEguIEpvaG5zb24uDQotKyAgLSBBZHJpYW4gQnJpZGdl dHQuDQotKw0KLSstIENPTlRBQ1QgOg0KLSsgIC0gRXJpYyBBVUdFIDxlYXVAcGhlYXIub3Jn Pg0KLSsgIC0gQW5kcmVhIEJhcmlzYW5pIDxhbmRyZWFAaW52ZXJzZXBhdGguY29tPg0KLQ0K LWRpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIHNlcnZj b25mLmggc2VydmNvbmYuaA0KLS0tLSBzZXJ2Y29uZi5oCTIwMDgtMDYtMTAgMDY6MDE6NTEu MDAwMDAwMDAwIC0wNzAwDQotKysrIHNlcnZjb25mLmgJMjAwOC0wOC0yMyAxNTowMjo0Ny4w MDAwMDAwMDAgLTA3MDANCi1AQCAtMTYsNiArMTYsMTAgQEANCi0gI2lmbmRlZiBTRVJWQ09O Rl9IDQotICNkZWZpbmUgU0VSVkNPTkZfSA0KLSANCi0rI2lmZGVmIFdJVEhfTERBUF9QVUJL RVkNCi0rI2luY2x1ZGUgImxkYXBhdXRoLmgiDQotKyNlbmRpZg0KLSsNCi0gI2RlZmluZSBN QVhfUE9SVFMJCTI1NgkvKiBNYXggIyBwb3J0cy4gKi8NCi0gDQotICNkZWZpbmUgTUFYX0FM TE9XX1VTRVJTCQkyNTYJLyogTWF4ICMgdXNlcnMgb24gYWxsb3cgbGlzdC4gKi8NCi1AQCAt MTQ1LDYgKzE0OSw5IEBADQotIAlpbnQJdXNlX3BhbTsJCS8qIEVuYWJsZSBhdXRoIHZpYSBQ QU0gKi8NCi0gDQotIAlpbnQJcGVybWl0X3R1bjsNCi0rI2lmZGVmIFdJVEhfTERBUF9QVUJL RVkNCi0rICAgICAgICBsZGFwX29wdF90IGxwazsNCi0rI2VuZGlmDQotIA0KLSAJaW50CW51 bV9wZXJtaXR0ZWRfb3BlbnM7DQotIA0KLWRpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcn IC0tZXhjbHVkZSAnKi5yZWonIHNzaGQuYyBzc2hkLmMNCi0tLS0gc3NoZC5jCTIwMDgtMDct MTEgMDA6MzY6NDkuMDAwMDAwMDAwIC0wNzAwDQotKysrIHNzaGQuYwkyMDA4LTA4LTIzIDE1 OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KLUBAIC0xMjcsNiArMTI3LDEwIEBADQotIGludCBk ZW55X3NldmVyaXR5Ow0KLSAjZW5kaWYgLyogTElCV1JBUCAqLw0KLSANCi0rI2lmZGVmIFdJ VEhfTERBUF9QVUJLRVkNCi0rI2luY2x1ZGUgImxkYXBhdXRoLmgiDQotKyNlbmRpZg0KLSsN Ci0gI2lmbmRlZiBPX05PQ1RUWQ0KLSAjZGVmaW5lIE9fTk9DVFRZCTANCi0gI2VuZGlmDQot QEAgLTE0ODQsNiArMTQ4OCwxNiBAQA0KLSAJCWV4aXQoMSk7DQotIAl9DQotIA0KLSsjaWZk ZWYgV0lUSF9MREFQX1BVQktFWQ0KLSsgICAgLyogbGRhcF9vcHRpb25zX3ByaW50KCZvcHRp b25zLmxwayk7ICovDQotKyAgICAvKiBYWFggaW5pdGlhbGl6ZS9jaGVjayBsZGFwIGNvbm5l Y3Rpb24gYW5kIHNldCAqTEQgKi8NCi0rICAgIGlmIChvcHRpb25zLmxway5vbikgew0KLSsg ICAgICAgIGlmIChvcHRpb25zLmxway5sX2NvbmYgJiYgKGxkYXBfcGFyc2VfbGNvbmYoJm9w dGlvbnMubHBrKSA8IDApICkNCi0rICAgICAgICAgICAgZXJyb3IoIltMREFQXSBjb3VsZCBu b3QgcGFyc2UgJXMiLCBvcHRpb25zLmxway5sX2NvbmYpOw0KLSsgICAgICAgIGlmIChsZGFw X2Nvbm5lY3QoJm9wdGlvbnMubHBrKSA8IDApDQotKyAgICAgICAgICAgIGVycm9yKCJbTERB UF0gY291bGQgbm90IGluaXRpYWxpemUgbGRhcCBjb25uZWN0aW9uIik7DQotKyAgICB9DQot KyNlbmRpZg0KLSAJZGVidWcoInNzaGQgdmVyc2lvbiAlLjEwMHMiLCBTU0hfUkVMRUFTRSk7 DQotIA0KLSAJLyogU3RvcmUgcHJpdmlsZWdlIHNlcGFyYXRpb24gdXNlciBmb3IgbGF0ZXIg dXNlIGlmIHJlcXVpcmVkLiAqLw0KLWRpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0t ZXhjbHVkZSAnKi5yZWonIHNzaGRfY29uZmlnIHNzaGRfY29uZmlnDQotLS0tIHNzaGRfY29u ZmlnCTIwMDgtMDctMDIgMDU6MzU6NDMuMDAwMDAwMDAwIC0wNzAwDQotKysrIHNzaGRfY29u ZmlnCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQotQEAgLTEwOSw2ICsx MDksMjEgQEANCi0gIyBubyBkZWZhdWx0IGJhbm5lciBwYXRoDQotICNCYW5uZXIgbm9uZQ0K LSANCi0rIyBoZXJlIGFyZSB0aGUgbmV3IHBhdGNoZWQgbGRhcCByZWxhdGVkIHRva2Vucw0K LSsjIGVudHJpZXMgaW4geW91ciBMREFQIG11c3QgaGF2ZSBwb3NpeEFjY291bnQgJiBsZGFw UHVibGljS2V5IG9iamVjdGNsYXNzDQotKyNVc2VMUEsgeWVzDQotKyNMcGtMZGFwQ29uZiAv ZXRjL2xkYXAuY29uZg0KLSsjTHBrU2VydmVycyAgbGRhcDovLzEwLjEuNy4xLyBsZGFwOi8v MTAuMS43LjIvDQotKyNMcGtVc2VyRE4gICBvdT11c2VycyxkYz1waGVhcixkYz1vcmcNCi0r I0xwa0dyb3VwRE4gIG91PWdyb3VwcyxkYz1waGVhcixkYz1vcmcNCi0rI0xwa0JpbmRETiBj bj1NYW5hZ2VyLGRjPXBoZWFyLGRjPW9yZw0KLSsjTHBrQmluZFB3IHNlY3JldA0KLSsjTHBr U2VydmVyR3JvdXAgbWFpbA0KLSsjTHBrRmlsdGVyIChob3N0QWNjZXNzPW1hc3Rlci5waGVh ci5vcmcpDQotKyNMcGtGb3JjZVRMUyBubw0KLSsjTHBrU2VhcmNoVGltZWxpbWl0IDMNCi0r I0xwa0JpbmRUaW1lbGltaXQgMw0KLSsNCi0gIyBvdmVycmlkZSBkZWZhdWx0IG9mIG5vIHN1 YnN5c3RlbXMNCi0gU3Vic3lzdGVtCXNmdHAJL3Vzci9saWJleGVjL3NmdHAtc2VydmVyDQot IA0KLWRpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIHNz aGRfY29uZmlnLjUgc3NoZF9jb25maWcuNQ0KLS0tLSBzc2hkX2NvbmZpZy41CTIwMDgtMDct MDIgMDU6MzU6NDMuMDAwMDAwMDAwIC0wNzAwDQotKysrIHNzaGRfY29uZmlnLjUJMjAwOC0w OC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCi1AQCAtMTAwMyw2ICsxMDAzLDYyIEBA DQotIHByb2dyYW0uDQotIFRoZSBkZWZhdWx0IGlzDQotIC5QYSAvdXNyL1gxMVI2L2Jpbi94 YXV0aCAuDQotKy5JdCBDbSBVc2VMUEsNCi0rU3BlY2lmaWVzIHdoZXRoZXIgTERBUCBwdWJs aWMga2V5IHJldHJpZXZhbCBtdXN0IGJlIHVzZWQgb3Igbm90LiBJdCBhbGxvdw0KLSthbiBl YXN5IGNlbnRyYWxpc2F0aW9uIG9mIHB1YmxpYyBrZXlzIHdpdGhpbiBhbiBMREFQIGRpcmVj dG9yeS4gVGhlIGFyZ3VtZW50IG11c3QgYmUNCi0rLkRxIHllcw0KLStvcg0KLSsuRHEgbm8g Lg0KLSsuSXQgQ20gTHBrTGRhcENvbmYNCi0rU3BlY2lmaWVzIHdoZXRoZXIgTERBUCBQdWJs aWMga2V5cyBzaG91bGQgcGFyc2UgdGhlIHNwZWNpZmllZCBsZGFwLmNvbmYgZmlsZQ0KLStp bnN0ZWFkIG9mIHNzaGRfY29uZmlnIFRva2Vucy4gVGhlIGFyZ3VtZW50IG11c3QgYmUgYSB2 YWxpZCBwYXRoIHRvIGFuIGxkYXAuY29uZg0KLStmaWxlIGxpa2UNCi0rLlBhIC9ldGMvbGRh cC5jb25mDQotKy5JdCBDbSBMcGtTZXJ2ZXJzDQotK1NwZWNpZmllcyBMREFQIG9uZSBvciBt b3JlIFs6c3BhY2U6XSBzZXBhcmF0ZWQgc2VydmVyJ3MgdXJsIHRoZSBmb2xsb3dpbmcgZm9y bSBtYXkgYmUgdXNlZDoNCi0rLlBwDQotK0xwa1NlcnZlcnMgbGRhcHM6Ly8xMjcuMC4wLjEg bGRhcDovLzEyNy4wLjAuMiBsZGFwOi8vMTI3LjAuMC4zDQotKy5JdCBDbSBMcGtVc2VyRE4N Ci0rU3BlY2lmaWVzIHRoZSBMREFQIHVzZXIgRE4uDQotKy5QcA0KLStMcGtVc2VyRE4gb3U9 dXNlcnMsZGM9cGhlYXIsZGM9b3JnDQotKy5JdCBDbSBMcGtHcm91cERODQotK1NwZWNpZmll cyB0aGUgTERBUCBncm91cHMgRE4uDQotKy5QcA0KLStMcGtHcm91cEROIG91PWdyb3Vwcyxk Yz1waGVhcixkYz1vcmcNCi0rLkl0IENtIExwa0JpbmRETg0KLStTcGVjaWZpZXMgdGhlIExE QVAgYmluZCBETiB0byB1c2UgaWYgbmVjZXNzYXJ5Lg0KLSsuUHANCi0rTHBrQmluZEROIGNu PU1hbmFnZXIsZGM9cGhlYXIsZGM9b3JnDQotKy5JdCBDbSBMcGtCaW5kUHcNCi0rU3BlY2lm aWVzIHRoZSBMREFQIGJpbmQgY3JlZGVudGlhbC4gDQotKy5QcA0KLStMcGtCaW5kUHcgc2Vj cmV0DQotKy5JdCBDbSBMcGtTZXJ2ZXJHcm91cA0KLStTcGVjaWZpZXMgb25lIG9yIG1vcmUg WzpzcGFjZTpdIHNlcGFyYXRlZCBncm91cCB0aGUgc2VydmVyIGlzIHBhcnQgb2YuIA0KLSsu UHANCi0rTHBrU2VydmVyR3JvdXAgdW5peCBtYWlsIHByb2QNCi0rLkl0IENtIExwa0ZpbHRl cg0KLStTcGVjaWZpZXMgYW4gYWRkaXRpb25hbCBMREFQIGZpbHRlciB0byB1c2UgZm9yIGZp bmRpbmcgU1NIIGtleXMNCi0rLlBwDQotK0xwa0ZpbHRlciAoaG9zdEFjY2Vzcz1tYXN0ZXIu cGhlYXIub3JnKQ0KLSsuSXQgQ20gTHBrRm9yY2VUTFMNCi0rU3BlY2lmaWVzIGlmIHRoZSBM REFQIHNlcnZlciBjb25uZWN0aW9uIG11c3QgYmUgdHJpZWQsIGZvcmNlZCBvciBub3QgdXNl ZC4gVGhlIGFyZ3VtZW50IG11c3QgYmUgDQotKy5EcSB5ZXMNCi0rb3INCi0rLkRxIG5vDQot K29yDQotKy5EcSB0cnkgLg0KLSsuSXQgQ20gTHBrU2VhcmNoVGltZWxpbWl0DQotK1NlcGNp ZmllcyB0aGUgc2VhcmNoIHRpbWUgbGltaXQgYmVmb3JlIHRoZSBzZWFyY2ggaXMgY29uc2lk ZXJlZCBvdmVyLiB2YWx1ZSBpcw0KLStpbiBzZWNvbmRzLg0KLSsuUHANCi0rTHBrU2VhcmNo VGltZWxpbWl0IDMNCi0rLkl0IENtIExwa0JpbmRUaW1lbGltaXQNCi0rU2VwY2lmaWVzIHRo ZSBiaW5kIHRpbWUgbGltaXQgYmVmb3JlIHRoZSBjb25uZWN0aW9uIGlzIGNvbnNpZGVyZWQg ZGVhZC4gdmFsdWUgaXMNCi0raW4gc2Vjb25kcy4NCi0rLlBwDQotK0xwa0JpbmRUaW1lbGlt aXQgMw0KLSAuRWwNCi0gLlNoIFRJTUUgRk9STUFUUw0KLSAuWHIgc3NoZCA4DQpkaWZmIC1O cnUgL2hvbWUvZ2F3cmlsb2ZmL2xway9vcGVuc3NoLXBvcnRhYmxlL2ZpbGVzL2NvbnRyaWIt b3BlbnNzaC1scGstNS4zcDEtMC4zLjEwLnBhdGNoIC9ob21lL2dhd3JpbG9mZi9vcGVuc3No LXBvcnRhYmxlL2ZpbGVzL2NvbnRyaWItb3BlbnNzaC1scGstNS4zcDEtMC4zLjEwLnBhdGNo DQotLS0gL2hvbWUvZ2F3cmlsb2ZmL2xway9vcGVuc3NoLXBvcnRhYmxlL2ZpbGVzL2NvbnRy aWItb3BlbnNzaC1scGstNS4zcDEtMC4zLjEwLnBhdGNoCTE5NzAtMDEtMDEgMDM6MDA6MDAu MDAwMDAwMDAwICswMzAwDQorKysgL2hvbWUvZ2F3cmlsb2ZmL29wZW5zc2gtcG9ydGFibGUv ZmlsZXMvY29udHJpYi1vcGVuc3NoLWxway01LjNwMS0wLjMuMTAucGF0Y2gJMjAxMC0xMi0y MSAxMTozMDowMi4wMDAwMDAwMDAgKzAyMDANCkBAIC0wLDAgKzEsMTg4MSBAQA0KK2RpZmYg LU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIGF1dGgyLXB1Ymtl eS5jIGF1dGgyLXB1YmtleS5jDQorLS0tIGF1dGgyLXB1YmtleS5jCTIwMDgtMDctMDMgMTk6 NTQ6MjUuMDAwMDAwMDAwIC0wNzAwDQorKysrIGF1dGgyLXB1YmtleS5jCTIwMDgtMDgtMjMg MTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQorQEAgLTU1LDYgKzU1LDEwIEBADQorICNpbmNs dWRlICJtb25pdG9yX3dyYXAuaCINCisgI2luY2x1ZGUgIm1pc2MuaCINCisgDQorKyNpZmRl ZiBXSVRIX0xEQVBfUFVCS0VZDQorKyNpbmNsdWRlICJsZGFwYXV0aC5oIg0KKysjZW5kaWYN CisrDQorIC8qIGltcG9ydCAqLw0KKyBleHRlcm4gU2VydmVyT3B0aW9ucyBvcHRpb25zOw0K KyBleHRlcm4gdV9jaGFyICpzZXNzaW9uX2lkMjsNCitAQCAtMTgzLDEwICsxODcsNzkgQEAN CisgCXVfbG9uZyBsaW5lbnVtID0gMDsNCisgCUtleSAqZm91bmQ7DQorIAljaGFyICpmcDsN CisrI2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCisrCWxkYXBfa2V5X3QgKiBrOw0KKysJdW5z aWduZWQgaW50IGkgPSAwOw0KKysjZW5kaWYNCisgDQorIAkvKiBUZW1wb3JhcmlseSB1c2Ug dGhlIHVzZXIncyB1aWQuICovDQorIAl0ZW1wb3JhcmlseV91c2VfdWlkKHB3KTsNCisgDQor KyNpZmRlZiBXSVRIX0xEQVBfUFVCS0VZDQorKyAJZm91bmRfa2V5ID0gMDsNCisrIAkvKiBh bGxvY2F0ZSBhIG5ldyBrZXkgdHlwZSAqLw0KKysgCWZvdW5kID0ga2V5X25ldyhrZXktPnR5 cGUpOw0KKysgDQorKyAJLyogZmlyc3QgY2hlY2sgaWYgdGhlIG9wdGlvbnMgaXMgZW5hYmxl ZCwgdGhlbiB0cnkuLiAqLw0KKysJaWYgKG9wdGlvbnMubHBrLm9uKSB7DQorKwkgICAgZGVi dWcoIltMREFQXSB0cnlpbmcgTERBUCBmaXJzdCB1aWQ9JXMiLHB3LT5wd19uYW1lKTsNCisr CSAgICBpZiAobGRhcF9pc21lbWJlcigmb3B0aW9ucy5scGssIHB3LT5wd19uYW1lKSA+IDAp IHsNCisrCQlpZiAoKGsgPSBsZGFwX2dldHVzZXJrZXkoJm9wdGlvbnMubHBrLCBwdy0+cHdf bmFtZSkpICE9IE5VTEwpIHsNCisrCQkgICAgLyogU2tpcCBsZWFkaW5nIHdoaXRlc3BhY2Us IGVtcHR5IGFuZCBjb21tZW50IGxpbmVzLiAqLw0KKysJCSAgICBmb3IgKGkgPSAwIDsgaSA8 IGstPm51bSA7IGkrKykgew0KKysJCQkvKiBkb250IGZvcmdldCBpZiBtdWx0aXBsZSBrZXlz IHRvIHJlc2V0IG9wdGlvbnMgKi8NCisrCQkJY2hhciAqY3AsICpvcHRpb25zID0gTlVMTDsN CisrDQorKwkJCWZvciAoY3AgPSAoY2hhciAqKWstPmtleXNbaV0tPmJ2X3ZhbDsgKmNwID09 ICcgJyB8fCAqY3AgPT0gJ1x0JzsgY3ArKykNCisrCQkJICAgIDsNCisrCQkJaWYgKCEqY3Ag fHwgKmNwID09ICdcbicgfHwgKmNwID09ICcjJykNCisrCQkJICAgIGNvbnRpbnVlOw0KKysN CisrCQkJaWYgKGtleV9yZWFkKGZvdW5kLCAmY3ApICE9IDEpIHsNCisrCQkJICAgIC8qIG5v IGtleT8gIGNoZWNrIGlmIHRoZXJlIGFyZSBvcHRpb25zIGZvciB0aGlzIGtleSAqLw0KKysJ CQkgICAgaW50IHF1b3RlZCA9IDA7DQorKwkJCSAgICBkZWJ1ZzIoIltMREFQXSB1c2VyX2tl eV9hbGxvd2VkOiBjaGVjayBvcHRpb25zOiAnJXMnIiwgY3ApOw0KKysJCQkgICAgb3B0aW9u cyA9IGNwOw0KKysJCQkgICAgZm9yICg7ICpjcCAmJiAocXVvdGVkIHx8ICgqY3AgIT0gJyAn ICYmICpjcCAhPSAnXHQnKSk7IGNwKyspIHsNCisrCQkJCWlmICgqY3AgPT0gJ1xcJyAmJiBj cFsxXSA9PSAnIicpDQorKwkJCQkgICAgY3ArKzsJLyogU2tpcCBib3RoICovDQorKwkJCQll bHNlIGlmICgqY3AgPT0gJyInKQ0KKysJCQkJICAgIHF1b3RlZCA9ICFxdW90ZWQ7DQorKwkJ CSAgICB9DQorKwkJCSAgICAvKiBTa2lwIHJlbWFpbmluZyB3aGl0ZXNwYWNlLiAqLw0KKysJ CQkgICAgZm9yICg7ICpjcCA9PSAnICcgfHwgKmNwID09ICdcdCc7IGNwKyspDQorKwkJCQk7 DQorKwkJCSAgICBpZiAoa2V5X3JlYWQoZm91bmQsICZjcCkgIT0gMSkgew0KKysJCQkJZGVi dWcyKCJbTERBUF0gdXNlcl9rZXlfYWxsb3dlZDogYWR2YW5jZTogJyVzJyIsIGNwKTsNCisr CQkJCS8qIHN0aWxsIG5vIGtleT8gIGFkdmFuY2UgdG8gbmV4dCBsaW5lKi8NCisrCQkJCWNv bnRpbnVlOw0KKysJCQkgICAgfQ0KKysJCQl9DQorKw0KKysJCQlpZiAoa2V5X2VxdWFsKGZv dW5kLCBrZXkpICYmDQorKwkJCQlhdXRoX3BhcnNlX29wdGlvbnMocHcsIG9wdGlvbnMsIGZp bGUsIGxpbmVudW0pID09IDEpIHsNCisrCQkJICAgIGZvdW5kX2tleSA9IDE7DQorKwkJCSAg ICBkZWJ1ZygiW0xEQVBdIG1hdGNoaW5nIGtleSBmb3VuZCIpOw0KKysJCQkgICAgZnAgPSBr ZXlfZmluZ2VycHJpbnQoZm91bmQsIFNTSF9GUF9NRDUsIFNTSF9GUF9IRVgpOw0KKysJCQkg ICAgdmVyYm9zZSgiW0xEQVBdIEZvdW5kIG1hdGNoaW5nICVzIGtleTogJXMiLCBrZXlfdHlw ZShmb3VuZCksIGZwKTsNCisrDQorKwkJCSAgICAvKiByZXN0b3JpbmcgbWVtb3J5ICovDQor KwkJCSAgICBsZGFwX2tleXNfZnJlZShrKTsNCisrCQkJICAgIHhmcmVlKGZwKTsNCisrCQkJ ICAgIHJlc3RvcmVfdWlkKCk7DQorKwkJCSAgICBrZXlfZnJlZShmb3VuZCk7DQorKwkJCSAg ICByZXR1cm4gZm91bmRfa2V5Ow0KKysJCQkgICAgYnJlYWs7DQorKwkJCX0NCisrCQkgICAg fS8qIGVuZCBvZiBMREFQIGZvcigpICovDQorKwkJfSBlbHNlIHsNCisrCQkgICAgbG9naXQo IltMREFQXSBubyBrZXlzIGZvdW5kIGZvciAnJXMnISIsIHB3LT5wd19uYW1lKTsNCisrCQl9 DQorKwkgICAgfSBlbHNlIHsNCisrCQlsb2dpdCgiW0xEQVBdICclcycgaXMgbm90IGluICcl cyciLCBwdy0+cHdfbmFtZSwgb3B0aW9ucy5scGsuc2dyb3VwKTsNCisrCSAgICB9DQorKwl9 DQorKyNlbmRpZg0KKyAJZGVidWcoInRyeWluZyBwdWJsaWMga2V5IGZpbGUgJXMiLCBmaWxl KTsNCisgCWYgPSBhdXRoX29wZW5rZXlmaWxlKGZpbGUsIHB3LCBvcHRpb25zLnN0cmljdF9t b2Rlcyk7DQorIA0KK2RpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAn Ki5yZWonIGF1dGgtcnNhLmMgYXV0aC1yc2EuYw0KKy0tLSBhdXRoLXJzYS5jCTIwMDgtMDct MDIgMDU6Mzc6MzAuMDAwMDAwMDAwIC0wNzAwDQorKysrIGF1dGgtcnNhLmMJMjAwOC0wOC0y MyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCitAQCAtMTc0LDEwICsxNzQsOTYgQEANCisg CUZJTEUgKmY7DQorIAl1X2xvbmcgbGluZW51bSA9IDA7DQorIAlLZXkgKmtleTsNCisrI2lm ZGVmIFdJVEhfTERBUF9QVUJLRVkNCisrCWxkYXBfa2V5X3QgKiBrOw0KKysJdW5zaWduZWQg aW50IGkgPSAwOw0KKysjZW5kaWYNCisgDQorIAkvKiBUZW1wb3JhcmlseSB1c2UgdGhlIHVz ZXIncyB1aWQuICovDQorIAl0ZW1wb3JhcmlseV91c2VfdWlkKHB3KTsNCisgDQorKyNpZmRl ZiBXSVRIX0xEQVBfUFVCS0VZDQorKwkvKiBoZXJlIGlzIHRoZSBqb2IgKi8NCisrCWtleSA9 IGtleV9uZXcoS0VZX1JTQTEpOw0KKysNCisrCWlmIChvcHRpb25zLmxway5vbikgew0KKysJ ICAgIGRlYnVnKCJbTERBUF0gdHJ5aW5nIExEQVAgZmlyc3QgdWlkPSVzIiwgcHctPnB3X25h bWUpOw0KKysJICAgIGlmICggbGRhcF9pc21lbWJlcigmb3B0aW9ucy5scGssIHB3LT5wd19u YW1lKSA+IDApIHsNCisrCQlpZiAoIChrID0gbGRhcF9nZXR1c2Vya2V5KCZvcHRpb25zLmxw aywgcHctPnB3X25hbWUpKSAhPSBOVUxMKSB7DQorKwkJICAgIGZvciAoaSA9IDAgOyBpIDwg ay0+bnVtIDsgaSsrKSB7DQorKwkJCWNoYXIgKmNwLCAqb3B0aW9ucyA9IE5VTEw7DQorKw0K KysJCQlmb3IgKGNwID0gay0+a2V5c1tpXS0+YnZfdmFsOyAqY3AgPT0gJyAnIHx8ICpjcCA9 PSAnXHQnOyBjcCsrKQ0KKysJCQkgICAgOw0KKysJCQlpZiAoISpjcCB8fCAqY3AgPT0gJ1xu JyB8fCAqY3AgPT0gJyMnKQ0KKysJCQkgICAgY29udGludWU7DQorKw0KKysJCQkvKg0KKysJ CQkqIENoZWNrIGlmIHRoZXJlIGFyZSBvcHRpb25zIGZvciB0aGlzIGtleSwgYW5kIGlmIHNv LA0KKysJCQkqIHNhdmUgdGhlaXIgc3RhcnRpbmcgYWRkcmVzcyBhbmQgc2tpcCB0aGUgb3B0 aW9uIHBhcnQNCisrCQkJKiBmb3Igbm93LiAgSWYgdGhlcmUgYXJlIG5vIG9wdGlvbnMsIHNl dCB0aGUgc3RhcnRpbmcNCisrCQkJKiBhZGRyZXNzIHRvIE5VTEwuDQorKwkJCSAqLw0KKysJ CQlpZiAoKmNwIDwgJzAnIHx8ICpjcCA+ICc5Jykgew0KKysJCQkgICAgaW50IHF1b3RlZCA9 IDA7DQorKwkJCSAgICBvcHRpb25zID0gY3A7DQorKwkJCSAgICBmb3IgKDsgKmNwICYmIChx dW90ZWQgfHwgKCpjcCAhPSAnICcgJiYgKmNwICE9ICdcdCcpKTsgY3ArKykgew0KKysJCQkJ aWYgKCpjcCA9PSAnXFwnICYmIGNwWzFdID09ICciJykNCisrCQkJCSAgICBjcCsrOwkvKiBT a2lwIGJvdGggKi8NCisrCQkJCWVsc2UgaWYgKCpjcCA9PSAnIicpDQorKwkJCQkgICAgcXVv dGVkID0gIXF1b3RlZDsNCisrCQkJICAgIH0NCisrCQkJfSBlbHNlDQorKwkJCSAgICBvcHRp b25zID0gTlVMTDsNCisrDQorKwkJCS8qIFBhcnNlIHRoZSBrZXkgZnJvbSB0aGUgbGluZS4g Ki8NCisrCQkJaWYgKGhvc3RmaWxlX3JlYWRfa2V5KCZjcCwgJmJpdHMsIGtleSkgPT0gMCkg ew0KKysJCQkgICAgZGVidWcoIltMREFQXSBsaW5lICVkOiBub24gc3NoMSBrZXkgc3ludGF4 IiwgaSk7DQorKwkJCSAgICBjb250aW51ZTsNCisrCQkJfQ0KKysJCQkvKiBjcCBub3cgcG9p bnRzIHRvIHRoZSBjb21tZW50IHBhcnQuICovDQorKw0KKysJCQkvKiBDaGVjayBpZiB0aGUg d2UgaGF2ZSBmb3VuZCB0aGUgZGVzaXJlZCBrZXkgKGlkZW50aWZpZWQgYnkgaXRzIG1vZHVs dXMpLiAqLw0KKysJCQlpZiAoQk5fY21wKGtleS0+cnNhLT5uLCBjbGllbnRfbikgIT0gMCkN CisrCQkJICAgIGNvbnRpbnVlOw0KKysNCisrCQkJLyogY2hlY2sgdGhlIHJlYWwgYml0cyAg Ki8NCisrCQkJaWYgKGJpdHMgIT0gKHVuc2lnbmVkIGludClCTl9udW1fYml0cyhrZXktPnJz YS0+bikpDQorKwkJCSAgICBsb2dpdCgiW0xEQVBdIFdhcm5pbmc6IGxkYXAsIGxpbmUgJWx1 OiBrZXlzaXplIG1pc21hdGNoOiAiDQorKwkJCQkgICAgImFjdHVhbCAlZCB2cy4gYW5ub3Vu Y2VkICVkLiIsICh1bnNpZ25lZCBsb25nKWksIEJOX251bV9iaXRzKGtleS0+cnNhLT5uKSwg Yml0cyk7DQorKw0KKysJCQkvKiBXZSBoYXZlIGZvdW5kIHRoZSBkZXNpcmVkIGtleS4gKi8N CisrCQkJLyoNCisrCQkJKiBJZiBvdXIgb3B0aW9ucyBkbyBub3QgYWxsb3cgdGhpcyBrZXkg dG8gYmUgdXNlZCwNCisrCQkJKiBkbyBub3Qgc2VuZCBjaGFsbGVuZ2UuDQorKwkJCSAqLw0K KysJCQlpZiAoIWF1dGhfcGFyc2Vfb3B0aW9ucyhwdywgb3B0aW9ucywgIltMREFQXSIsICh1 bnNpZ25lZCBsb25nKSBpKSkNCisrCQkJICAgIGNvbnRpbnVlOw0KKysNCisrCQkJLyogYnJl YWsgb3V0LCB0aGlzIGtleSBpcyBhbGxvd2VkICovDQorKwkJCWFsbG93ZWQgPSAxOw0KKysN CisrCQkJLyogYWRkIHRoZSByZXR1cm4gc3R1ZmYgZXRjLi4uICovDQorKwkJCS8qIFJlc3Rv cmUgdGhlIHByaXZpbGVnZWQgdWlkLiAqLw0KKysJCQlyZXN0b3JlX3VpZCgpOw0KKysNCisr CQkJLyogcmV0dXJuIGtleSBpZiBhbGxvd2VkICovDQorKwkJCWlmIChhbGxvd2VkICYmIHJr ZXkgIT0gTlVMTCkNCisrCQkJICAgICpya2V5ID0ga2V5Ow0KKysJCQllbHNlDQorKwkJCSAg ICBrZXlfZnJlZShrZXkpOw0KKysNCisrCQkJbGRhcF9rZXlzX2ZyZWUoayk7DQorKwkJCXJl dHVybiAoYWxsb3dlZCk7DQorKwkJICAgIH0NCisrCQl9IGVsc2Ugew0KKysJCSAgICBsb2dp dCgiW0xEQVBdIG5vIGtleXMgZm91bmQgZm9yICclcychIiwgcHctPnB3X25hbWUpOw0KKysJ CX0NCisrCSAgICB9IGVsc2Ugew0KKysJCWxvZ2l0KCJbTERBUF0gJyVzJyBpcyBub3QgaW4g JyVzJyIsIHB3LT5wd19uYW1lLCBvcHRpb25zLmxway5zZ3JvdXApOw0KKysJICAgIH0NCisr CX0NCisrI2VuZGlmDQorIAkvKiBUaGUgYXV0aG9yaXplZCBrZXlzLiAqLw0KKyAJZmlsZSA9 IGF1dGhvcml6ZWRfa2V5c19maWxlKHB3KTsNCisgCWRlYnVnKCJ0cnlpbmcgcHVibGljIFJT QSBrZXkgZmlsZSAlcyIsIGZpbGUpOw0KK2RpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcn IC0tZXhjbHVkZSAnKi5yZWonIGNvbmZpZy5oLmluIGNvbmZpZy5oLmluDQorLS0tIGNvbmZp Zy5oLmluCTIwMDgtMDctMjEgMDE6MzA6NDkuMDAwMDAwMDAwIC0wNzAwDQorKysrIGNvbmZp Zy5oLmluCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQorQEAgLTU3NSw2 ICs1NzUsOSBAQA0KKyAvKiBEZWZpbmUgdG8gMSBpZiB5b3UgaGF2ZSB0aGUgPGxpbnV4L2lm X3R1bi5oPiBoZWFkZXIgZmlsZS4gKi8NCisgI3VuZGVmIEhBVkVfTElOVVhfSUZfVFVOX0gN CisgDQorKy8qIERlZmluZSBpZiB5b3Ugd2FudCBMREFQIHN1cHBvcnQgKi8NCisrI3VuZGVm IFdJVEhfTERBUF9QVUJLRVkNCisrDQorIC8qIERlZmluZSBpZiB5b3VyIGxpYnJhcmllcyBk ZWZpbmUgbG9naW4oKSAqLw0KKyAjdW5kZWYgSEFWRV9MT0dJTg0KKyANCitkaWZmIC1OdWFy IC0tZXhjbHVkZSAnKi5vcmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBjb25maWd1cmUgY29uZmln dXJlDQorLS0tIGNvbmZpZ3VyZQkyMDA4LTA3LTIxIDAxOjMwOjUwLjAwMDAwMDAwMCAtMDcw MA0KKysrKyBjb25maWd1cmUJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDAN CitAQCAtMTQ2OCw2ICsxNDY4LDcgQEANCisgICAtLXdpdGgtdGNwLXdyYXBwZXJzWz1QQVRI XSBFbmFibGUgdGNwd3JhcHBlcnMgc3VwcG9ydCAob3B0aW9uYWxseSBpbiBQQVRIKQ0KKyAg IC0td2l0aC1saWJlZGl0Wz1QQVRIXSAgIEVuYWJsZSBsaWJlZGl0IHN1cHBvcnQgZm9yIHNm dHANCisgICAtLXdpdGgtYXVkaXQ9bW9kdWxlICAgICBFbmFibGUgRVhQRVJJTUVOVEFMIGF1 ZGl0IHN1cHBvcnQgKG1vZHVsZXM9ZGVidWcsYnNtKQ0KKysgIC0td2l0aC1sZGFwWz1QQVRI XSAgICAgIEVuYWJsZSBMREFQIHB1YmtleSBzdXBwb3J0IChvcHRpb25hbGx5IGluIFBBVEgp DQorICAgLS13aXRoLXNzbC1kaXI9UEFUSCAgICAgU3BlY2lmeSBwYXRoIHRvIE9wZW5TU0wg aW5zdGFsbGF0aW9uDQorICAgLS13aXRob3V0LW9wZW5zc2wtaGVhZGVyLWNoZWNrIERpc2Fi bGUgT3BlblNTTCB2ZXJzaW9uIGNvbnNpc3RlbmN5IGNoZWNrDQorICAgLS13aXRoLXNzbC1l bmdpbmUgICAgICAgRW5hYmxlIE9wZW5TU0wgKGhhcmR3YXJlKSBFTkdJTkUgc3VwcG9ydA0K K0BAIC0xMzQxMSw2ICsxMzQxMiw4NSBAQA0KKyBmaQ0KKyANCisgDQorKyMgQ2hlY2sgd2hl dGhlciB1c2VyIHdhbnRzIExEQVAgc3VwcG9ydA0KKytMREFQX01TRz0ibm8iDQorKw0KKysj IENoZWNrIHdoZXRoZXIgLS13aXRoLWxkYXAgd2FzIGdpdmVuLg0KKytpZiB0ZXN0ICIke3dp dGhfbGRhcCtzZXR9IiA9IHNldDsgdGhlbg0KKysgIHdpdGh2YWw9JHdpdGhfbGRhcDsNCisr CQlpZiB0ZXN0ICJ4JHdpdGh2YWwiICE9ICJ4bm8iIDsgdGhlbg0KKysNCisrCQkJaWYgdGVz dCAieCR3aXRodmFsIiAhPSAieHllcyIgOyB0aGVuDQorKwkJCQlDUFBGTEFHUz0iJENQUEZM QUdTIC1JJHt3aXRodmFsfS9pbmNsdWRlIg0KKysJCQkJTERGTEFHUz0iJExERkxBR1MgLUwk e3dpdGh2YWx9L2xpYiINCisrCQkJZmkNCisrDQorKw0KKytjYXQgPj5jb25mZGVmcy5oIDw8 XF9BQ0VPRg0KKysjZGVmaW5lIFdJVEhfTERBUF9QVUJLRVkgMQ0KKytfQUNFT0YNCisrDQor KwkJCUxJQlM9Ii1sbGRhcCAkTElCUyINCisrCQkJTERBUF9NU0c9InllcyINCisrDQorKwkJ CXsgZWNobyAiJGFzX21lOiRMSU5FTk86IGNoZWNraW5nIGZvciBMREFQIHN1cHBvcnQiID4m NQ0KKytlY2hvICRFQ0hPX04gImNoZWNraW5nIGZvciBMREFQIHN1cHBvcnQuLi4gJEVDSE9f QyIgPiY2OyB9DQorKwkJCWNhdCA+Y29uZnRlc3QuJGFjX2V4dCA8PF9BQ0VPRg0KKysvKiBj b25mZGVmcy5oLiAgKi8NCisrX0FDRU9GDQorK2NhdCBjb25mZGVmcy5oID4+Y29uZnRlc3Qu JGFjX2V4dA0KKytjYXQgPj5jb25mdGVzdC4kYWNfZXh0IDw8X0FDRU9GDQorKy8qIGVuZCBj b25mZGVmcy5oLiAgKi8NCisrI2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KKysJCQkJICNpbmNs dWRlIDxsZGFwLmg+DQorK2ludA0KKyttYWluICgpDQorK3sNCisrKHZvaWQpbGRhcF9pbml0 KDAsIDApOw0KKysgIDsNCisrICByZXR1cm4gMDsNCisrfQ0KKytfQUNFT0YNCisrcm0gLWYg Y29uZnRlc3QuJGFjX29iamV4dA0KKytpZiB7IChhY190cnk9IiRhY19jb21waWxlIg0KKytj YXNlICIoKCRhY190cnkiIGluDQorKyAgKlwiKiB8ICpcYCogfCAqXFwqKSBhY190cnlfZWNo bz1cJGFjX3RyeTs7DQorKyAgKikgYWNfdHJ5X2VjaG89JGFjX3RyeTs7DQorK2VzYWMNCisr ZXZhbCAiZWNobyBcIlwkYXNfbWU6JExJTkVOTzogJGFjX3RyeV9lY2hvXCIiKSA+JjUNCisr ICAoZXZhbCAiJGFjX2NvbXBpbGUiKSAyPmNvbmZ0ZXN0LmVyMQ0KKysgIGFjX3N0YXR1cz0k Pw0KKysgIGdyZXAgLXYgJ14gKisnIGNvbmZ0ZXN0LmVyMSA+Y29uZnRlc3QuZXJyDQorKyAg cm0gLWYgY29uZnRlc3QuZXIxDQorKyAgY2F0IGNvbmZ0ZXN0LmVyciA+JjUNCisrICBlY2hv ICIkYXNfbWU6JExJTkVOTzogXCQ/ID0gJGFjX3N0YXR1cyIgPiY1DQorKyAgKGV4aXQgJGFj X3N0YXR1cyk7IH0gJiYgew0KKysJIHRlc3QgLXogIiRhY19jX3dlcnJvcl9mbGFnIiB8fA0K KysJIHRlc3QgISAtcyBjb25mdGVzdC5lcnINCisrICAgICAgIH0gJiYgdGVzdCAtcyBjb25m dGVzdC4kYWNfb2JqZXh0OyB0aGVuDQorKyAgeyBlY2hvICIkYXNfbWU6JExJTkVOTzogcmVz dWx0OiB5ZXMiID4mNQ0KKytlY2hvICIke0VDSE9fVH15ZXMiID4mNjsgfQ0KKytlbHNlDQor KyAgZWNobyAiJGFzX21lOiBmYWlsZWQgcHJvZ3JhbSB3YXM6IiA+JjUNCisrc2VkICdzL14v fCAvJyBjb25mdGVzdC4kYWNfZXh0ID4mNQ0KKysNCisrDQorKwkJCQkgICAgeyBlY2hvICIk YXNfbWU6JExJTkVOTzogcmVzdWx0OiBubyIgPiY1DQorK2VjaG8gIiR7RUNIT19UfW5vIiA+ JjY7IH0NCisrCQkJCQl7IHsgZWNobyAiJGFzX21lOiRMSU5FTk86IGVycm9yOiAqKiBJbmNv bXBsZXRlIG9yIG1pc3NpbmcgbGRhcCBsaWJyYXJpZXMgKioiID4mNQ0KKytlY2hvICIkYXNf bWU6IGVycm9yOiAqKiBJbmNvbXBsZXRlIG9yIG1pc3NpbmcgbGRhcCBsaWJyYXJpZXMgKioi ID4mMjt9DQorKyAgIHsgKGV4aXQgMSk7IGV4aXQgMTsgfTsgfQ0KKysNCisrDQorK2ZpDQor Kw0KKytybSAtZiBjb3JlIGNvbmZ0ZXN0LmVyciBjb25mdGVzdC4kYWNfb2JqZXh0IGNvbmZ0 ZXN0LiRhY19leHQNCisrCQlmaQ0KKysNCisrDQorK2ZpDQorKw0KKysNCisgDQorIA0KKyAN CitAQCAtMzIyMjUsNiArMzIzMDUsNyBAQA0KKyBlY2hvICIgICAgICAgICAgICAgICAgIFNt YXJ0Y2FyZCBzdXBwb3J0OiAkU0NBUkRfTVNHIg0KKyBlY2hvICIgICAgICAgICAgICAgICAg ICAgICBTL0tFWSBzdXBwb3J0OiAkU0tFWV9NU0ciDQorIGVjaG8gIiAgICAgICAgICAgICAg VENQIFdyYXBwZXJzIHN1cHBvcnQ6ICRUQ1BXX01TRyINCisrZWNobyAiICAgICAgICAgICAg ICAgICAgICAgIExEQVAgc3VwcG9ydDogJExEQVBfTVNHIg0KKyBlY2hvICIgICAgICAgICAg ICAgIE1ENSBwYXNzd29yZCBzdXBwb3J0OiAkTUQ1X01TRyINCisgZWNobyAiICAgICAgICAg ICAgICAgICAgIGxpYmVkaXQgc3VwcG9ydDogJExJQkVESVRfTVNHIg0KKyBlY2hvICIgIFNv bGFyaXMgcHJvY2VzcyBjb250cmFjdCBzdXBwb3J0OiAkU1BDX01TRyINCitkaWZmIC1OdWFy IC0tZXhjbHVkZSAnKi5vcmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBjb25maWd1cmUuYWMgY29u ZmlndXJlLmFjDQorLS0tIGNvbmZpZ3VyZS5hYwkyMDA4LTA3LTA5IDA0OjA3OjE5LjAwMDAw MDAwMCAtMDcwMA0KKysrKyBjb25maWd1cmUuYWMJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAw MDAwMDAgLTA3MDANCitAQCAtMTMxOSw2ICsxMzE5LDM3IEBADQorIAllc2FjIF0NCisgKQ0K KyANCisrIyBDaGVjayB3aGV0aGVyIHVzZXIgd2FudHMgTERBUCBzdXBwb3J0DQorK0xEQVBf TVNHPSJubyINCisrQUNfQVJHX1dJVEgobGRhcCwNCisrCVsgIC0td2l0aC1sZGFwW1s9UEFU SF1dICAgICAgRW5hYmxlIExEQVAgcHVia2V5IHN1cHBvcnQgKG9wdGlvbmFsbHkgaW4gUEFU SCldLA0KKysJWw0KKysJCWlmIHRlc3QgIngkd2l0aHZhbCIgIT0gInhubyIgOyB0aGVuDQor Kw0KKysJCQlpZiB0ZXN0ICJ4JHdpdGh2YWwiICE9ICJ4eWVzIiA7IHRoZW4NCisrCQkJCUNQ UEZMQUdTPSIkQ1BQRkxBR1MgLUkke3dpdGh2YWx9L2luY2x1ZGUiDQorKwkJCQlMREZMQUdT PSIkTERGTEFHUyAtTCR7d2l0aHZhbH0vbGliIg0KKysJCQlmaQ0KKysNCisrCQkJQUNfREVG SU5FKFtXSVRIX0xEQVBfUFVCS0VZXSwgMSwgW0VuYWJsZSBMREFQIHB1YmtleSBzdXBwb3J0 XSkNCisrCQkJTElCUz0iLWxsZGFwICRMSUJTIg0KKysJCQlMREFQX01TRz0ieWVzIg0KKysJ DQorKwkJCUFDX01TR19DSEVDS0lORyhbZm9yIExEQVAgc3VwcG9ydF0pDQorKwkJCUFDX1RS WV9DT01QSUxFKA0KKysJCQkJWyNpbmNsdWRlIDxzeXMvdHlwZXMuaD4NCisrCQkJCSAjaW5j bHVkZSA8bGRhcC5oPl0sDQorKwkJCQlbKHZvaWQpbGRhcF9pbml0KDAsIDApO10sDQorKwkJ CQlbQUNfTVNHX1JFU1VMVCh5ZXMpXSwNCisrCQkJCVsNCisrCQkJCSAgICBBQ19NU0dfUkVT VUxUKG5vKSANCisrCQkJCQlBQ19NU0dfRVJST1IoWyoqIEluY29tcGxldGUgb3IgbWlzc2lu ZyBsZGFwIGxpYnJhcmllcyAqKl0pDQorKwkJCQldDQorKyAgICAgICAgCSkNCisrCQlmaQ0K KysJXQ0KKyspDQorKw0KKyBkbmwgICAgQ2hlY2tzIGZvciBsaWJyYXJ5IGZ1bmN0aW9ucy4g UGxlYXNlIGtlZXAgaW4gYWxwaGFiZXRpY2FsIG9yZGVyDQorIEFDX0NIRUNLX0ZVTkNTKCBc DQorIAlhcmM0cmFuZG9tIFwNCitAQCAtNDIyOSw2ICs0MjYwLDcgQEANCisgZWNobyAiICAg ICAgICAgICAgICAgICBTbWFydGNhcmQgc3VwcG9ydDogJFNDQVJEX01TRyINCisgZWNobyAi ICAgICAgICAgICAgICAgICAgICAgUy9LRVkgc3VwcG9ydDogJFNLRVlfTVNHIg0KKyBlY2hv ICIgICAgICAgICAgICAgIFRDUCBXcmFwcGVycyBzdXBwb3J0OiAkVENQV19NU0ciDQorK2Vj aG8gIiAgICAgICAgICAgICAgICAgICAgICBMREFQIHN1cHBvcnQ6ICRMREFQX01TRyINCisg ZWNobyAiICAgICAgICAgICAgICBNRDUgcGFzc3dvcmQgc3VwcG9ydDogJE1ENV9NU0ciDQor IGVjaG8gIiAgICAgICAgICAgICAgICAgICBsaWJlZGl0IHN1cHBvcnQ6ICRMSUJFRElUX01T RyINCisgZWNobyAiICBTb2xhcmlzIHByb2Nlc3MgY29udHJhY3Qgc3VwcG9ydDogJFNQQ19N U0ciDQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRlICcqLnJlaicg bGRhcGF1dGguYyBsZGFwYXV0aC5jDQorLS0tIGxkYXBhdXRoLmMJMTk2OS0xMi0zMSAxNjow MDowMC4wMDAwMDAwMDAgLTA4MDANCisrKysgbGRhcGF1dGguYwkyMDA4LTA4LTIzIDE1OjAy OjQ3LjAwMDAwMDAwMCAtMDcwMA0KK0BAIC0wLDAgKzEsNTc1IEBADQorKy8qIA0KKysgKiAk SWQ6IG9wZW5zc2gtbHBrLTQuM3AxLTAuMy43LnBhdGNoLHYgMS4zIDIwMDYvMDQvMTggMTU6 Mjk6MDkgZWF1IEV4cCAkDQorKyAqLw0KKysNCisrLyoNCisrICoNCisrICogQ29weXJpZ2h0 IChjKSAyMDA1LCBFcmljIEFVR0UgPGVhdUBwaGVhci5vcmc+DQorKyAqIEFsbCByaWdodHMg cmVzZXJ2ZWQuDQorKyAqDQorKyAqIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNl IGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBw ZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1l dDoNCisrICoNCisrICogUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0 YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9u cyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyLg0KKysgKiBSZWRpc3RyaWJ1dGlvbnMg aW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3Rp Y2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWlt ZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRl ZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uDQorKyAqIE5laXRoZXIgdGhlIG5hbWUgb2YgdGhl IHBoZWFyLm9yZyBub3IgdGhlIG5hbWVzIG9mIGl0cyBjb250cmlidXRvcnMgbWF5IGJlIHVz ZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbSB0aGlzIHNv ZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMgcHJpb3Igd3JpdHRlbiBwZXJtaXNzaW9uLg0KKysg Kg0KKysgKiBUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9M REVSUyBBTkQgQ09OVFJJQlVUT1JTICJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJ RUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCANCisrICogQlVUIE5PVCBMSU1JVEVEIFRPLCBU SEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBG T1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIA0KKysgKiBJTiBOTyBF VkVOVCBTSEFMTCBUSEUgQ09QWVJJR0hUIE9XTkVSIE9SIENPTlRSSUJVVE9SUyBCRSBMSUFC TEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVN UExBUlksIA0KKysgKiBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVU IE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNF UlZJQ0VTOyANCisrICogTE9TUyBPRiBVU0UsIERBVEEsIE9SIFBST0ZJVFM7IE9SIEJVU0lO RVNTIElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5EIE9OIEFOWSBUSEVPUlkgT0Yg TElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklMSVRZLCANCisr ICogT1IgVE9SVCAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5H IElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBB RFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4NCisrICoNCisrICoN CisrICovDQorKw0KKysjaW5jbHVkZSAiaW5jbHVkZXMuaCINCisrDQorKyNpZmRlZiBXSVRI X0xEQVBfUFVCS0VZDQorKw0KKysjaW5jbHVkZSA8c3RkaW8uaD4NCisrI2luY2x1ZGUgPHN0 ZGxpYi5oPg0KKysjaW5jbHVkZSA8dW5pc3RkLmg+DQorKyNpbmNsdWRlIDxzdHJpbmcuaD4N CisrDQorKyNpbmNsdWRlICJsZGFwYXV0aC5oIg0KKysjaW5jbHVkZSAibG9nLmgiDQorKw0K KytzdGF0aWMgY2hhciAqYXR0cnNbXSA9IHsNCisrICAgIFBVQktFWUFUVFIsDQorKyAgICBO VUxMDQorK307DQorKw0KKysvKiBmaWx0ZXIgYnVpbGRpbmcgaW5mb3MgKi8NCisrI2RlZmlu ZSBGSUxURVJfR1JPVVBfUFJFRklYICIoJihvYmplY3RjbGFzcz1wb3NpeEdyb3VwKSINCisr I2RlZmluZSBGSUxURVJfT1JfUFJFRklYICIofCINCisrI2RlZmluZSBGSUxURVJfT1JfU1VG RklYICIpIg0KKysjZGVmaW5lIEZJTFRFUl9DTl9QUkVGSVggIihjbj0iDQorKyNkZWZpbmUg RklMVEVSX0NOX1NVRkZJWCAiKSINCisrI2RlZmluZSBGSUxURVJfVUlEX0ZPUk1BVCAiKG1l bWJlclVpZD0lcykiDQorKyNkZWZpbmUgRklMVEVSX0dST1VQX1NVRkZJWCAiKSINCisrI2Rl ZmluZSBGSUxURVJfR1JPVVBfU0laRShncm91cCkgKHNpemVfdCkgKHN0cmxlbihncm91cCkr KGxkYXBfY291bnRfZ3JvdXAoZ3JvdXApKjUpKzUyKQ0KKysNCisrLyoganVzdCBmaWx0ZXIg YnVpbGRpbmcgc3R1ZmYgKi8NCisrI2RlZmluZSBSRVFVRVNUX0dST1VQX1NJWkUoZmlsdGVy LCB1aWQpIChzaXplX3QpIChzdHJsZW4oZmlsdGVyKStzdHJsZW4odWlkKSsxKQ0KKysjZGVm aW5lIFJFUVVFU1RfR1JPVVAoYnVmZmVyLCBwcmVmaWx0ZXIsIHB3bmFtZSkgXA0KKysgICAg YnVmZmVyID0gKGNoYXIgKikgY2FsbG9jKFJFUVVFU1RfR1JPVVBfU0laRShwcmVmaWx0ZXIs IHB3bmFtZSksIHNpemVvZihjaGFyKSk7IFwNCisrICAgIGlmICghYnVmZmVyKSB7IFwNCisr ICAgICAgICBwZXJyb3IoImNhbGxvYygpIik7IFwNCisrICAgICAgICByZXR1cm4gRkFJTFVS RTsgXA0KKysgICAgfSBcDQorKyAgICBzbnByaW50ZihidWZmZXIsIFJFUVVFU1RfR1JPVVBf U0laRShwcmVmaWx0ZXIscHduYW1lKSwgcHJlZmlsdGVyLCBwd25hbWUpDQorKy8qDQorK1hY WCBPTEQgZ3JvdXAgYnVpbGRpbmcgbWFjcm9zDQorKyNkZWZpbmUgUkVRVUVTVF9HUk9VUF9T SVpFKGdycCwgdWlkKSAoc2l6ZV90KSAoc3RybGVuKGdycCkrc3RybGVuKHVpZCkrNDYpDQor KyNkZWZpbmUgUkVRVUVTVF9HUk9VUChidWZmZXIscHduYW1lLGdycCkgXA0KKysgICAgYnVm ZmVyID0gKGNoYXIgKikgY2FsbG9jKFJFUVVFU1RfR1JPVVBfU0laRShncnAsIHB3bmFtZSks IHNpemVvZihjaGFyKSk7IFwNCisrICAgIGlmICghYnVmZmVyKSB7IFwNCisrICAgICAgICBw ZXJyb3IoImNhbGxvYygpIik7IFwNCisrICAgICAgICByZXR1cm4gRkFJTFVSRTsgXA0KKysg ICAgfSBcDQorKyAgICBzbnByaW50ZihidWZmZXIsUkVRVUVTVF9HUk9VUF9TSVpFKGdycCxw d25hbWUpLCIoJihvYmplY3RjbGFzcz1wb3NpeEdyb3VwKShjbj0lcykobWVtYmVyVWlkPSVz KSkiLGdycCxwd25hbWUpDQorKyAgICAqLw0KKysNCisrLyoNCisrWFhYIHN0b2NrIHVwc3Ry ZWFtIHZlcnNpb24gd2l0aG91dCBleHRyYSBmaWx0ZXIgc3VwcG9ydA0KKysjZGVmaW5lIFJF UVVFU1RfVVNFUl9TSVpFKHVpZCkgKHNpemVfdCkgKHN0cmxlbih1aWQpKzY0KQ0KKysjZGVm aW5lIFJFUVVFU1RfVVNFUihidWZmZXIsIHB3bmFtZSkgXA0KKysgICAgYnVmZmVyID0gKGNo YXIgKikgY2FsbG9jKFJFUVVFU1RfVVNFUl9TSVpFKHB3bmFtZSksIHNpemVvZihjaGFyKSk7 IFwNCisrICAgIGlmICghYnVmZmVyKSB7IFwNCisrICAgICAgICBwZXJyb3IoImNhbGxvYygp Iik7IFwNCisrICAgICAgICByZXR1cm4gTlVMTDsgXA0KKysgICAgfSBcDQorKyAgICBzbnBy aW50ZihidWZmZXIsUkVRVUVTVF9VU0VSX1NJWkUocHduYW1lKSwiKCYob2JqZWN0Y2xhc3M9 cG9zaXhBY2NvdW50KShvYmplY3RjbGFzcz1sZGFwUHVibGljS2V5KSh1aWQ9JXMpKSIscHdu YW1lKQ0KKysgICAqLw0KKysNCisrI2RlZmluZSBSRVFVRVNUX1VTRVJfU0laRSh1aWQsIGZp bHRlcikgKHNpemVfdCkgKHN0cmxlbih1aWQpKzY0KyhmaWx0ZXIgIT0gTlVMTCA/IHN0cmxl bihmaWx0ZXIpIDogMCkpDQorKyNkZWZpbmUgUkVRVUVTVF9VU0VSKGJ1ZmZlciwgcHduYW1l LCBjdXN0b21maWx0ZXIpIFwNCisrICAgIGJ1ZmZlciA9IChjaGFyICopIGNhbGxvYyhSRVFV RVNUX1VTRVJfU0laRShwd25hbWUsIGN1c3RvbWZpbHRlciksIHNpemVvZihjaGFyKSk7IFwN CisrICAgIGlmICghYnVmZmVyKSB7IFwNCisrICAgICAgICBwZXJyb3IoImNhbGxvYygpIik7 IFwNCisrICAgICAgICByZXR1cm4gTlVMTDsgXA0KKysgICAgfSBcDQorKyAgICBzbnByaW50 ZihidWZmZXIsIFJFUVVFU1RfVVNFUl9TSVpFKHB3bmFtZSwgY3VzdG9tZmlsdGVyKSwgXA0K KysgICAgCSIoJihvYmplY3RjbGFzcz1wb3NpeEFjY291bnQpKG9iamVjdGNsYXNzPWxkYXBQ dWJsaWNLZXkpKHVpZD0lcyklcykiLCBcDQorKwlwd25hbWUsIChjdXN0b21maWx0ZXIgIT0g TlVMTCA/IGN1c3RvbWZpbHRlciA6ICIiKSkNCisrDQorKy8qIHNvbWUgcG9ydGFibGUgYW5k IHdvcmtpbmcgdG9rZW5pemVyLCBsYW1lIHRob3VnaCAqLw0KKytzdGF0aWMgaW50IHRva2Vu aXplKGNoYXIgKiogbywgc2l6ZV90IHNpemUsIGNoYXIgKiBpbnB1dCkgew0KKysgICAgdW5z aWduZWQgaW50IGkgPSAwLCBudW07DQorKyAgICBjb25zdCBjaGFyICogY2hhcnNldCA9ICIg XHQiOw0KKysgICAgY2hhciAqIHB0ciA9IGlucHV0Ow0KKysNCisrICAgIC8qIGxlYWRpbmcg d2hpdGUgc3BhY2VzIGFyZSBpZ25vcmVkICovDQorKyAgICBudW0gPSBzdHJzcG4ocHRyLCBj aGFyc2V0KTsNCisrICAgIHB0ciArPSBudW07DQorKw0KKysgICAgd2hpbGUgKChudW0gPSBz dHJjc3BuKHB0ciwgY2hhcnNldCkpKSB7DQorKyAgICAgICAgaWYgKGkgPCBzaXplLTEpIHsN CisrICAgICAgICAgICAgb1tpKytdID0gcHRyOw0KKysgICAgICAgICAgICBwdHIgKz0gbnVt Ow0KKysgICAgICAgICAgICBpZiAoKnB0cikNCisrICAgICAgICAgICAgICAgICpwdHIrKyA9 ICdcMCc7DQorKyAgICAgICAgfQ0KKysgICAgfQ0KKysgICAgb1tpXSA9IE5VTEw7DQorKyAg ICByZXR1cm4gU1VDQ0VTUzsNCisrfQ0KKysNCisrdm9pZCBsZGFwX2Nsb3NlKGxkYXBfb3B0 X3QgKiBsZGFwKSB7DQorKw0KKysgICAgaWYgKCFsZGFwKQ0KKysgICAgICAgIHJldHVybjsN CisrDQorKyAgICBpZiAoIGxkYXBfdW5iaW5kX2V4dChsZGFwLT5sZCwgTlVMTCwgTlVMTCkg PCAwKQ0KKysJbGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFwX3VuYmluZCgpIik7DQorKw0K KysgICAgbGRhcC0+bGQgPSBOVUxMOw0KKysgICAgRkxBR19TRVRfRElTQ09OTkVDVEVEKGxk YXAtPmZsYWdzKTsNCisrDQorKyAgICByZXR1cm47DQorK30NCisrDQorKy8qIGluaXQgJiYg YmluZCAqLw0KKytpbnQgbGRhcF9jb25uZWN0KGxkYXBfb3B0X3QgKiBsZGFwKSB7DQorKyAg ICBpbnQgdmVyc2lvbiA9IExEQVBfVkVSU0lPTjM7DQorKw0KKysgICAgaWYgKCFsZGFwLT5z ZXJ2ZXJzKQ0KKysgICAgICAgIHJldHVybiBGQUlMVVJFOw0KKysNCisrICAgIC8qIENvbm5l Y3Rpb24gSW5pdCBhbmQgc2V0dXAgKi8NCisrICAgIGxkYXAtPmxkID0gbGRhcF9pbml0KGxk YXAtPnNlcnZlcnMsIExEQVBfUE9SVCk7DQorKyAgICBpZiAoIWxkYXAtPmxkKSB7DQorKyAg ICAgICAgbGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFwX2luaXQoKSIpOw0KKysgICAgICAg IHJldHVybiBGQUlMVVJFOw0KKysgICAgfQ0KKysNCisrICAgIGlmICggbGRhcF9zZXRfb3B0 aW9uKGxkYXAtPmxkLCBMREFQX09QVF9QUk9UT0NPTF9WRVJTSU9OLCAmdmVyc2lvbikgIT0g TERBUF9PUFRfU1VDQ0VTUykgew0KKysgICAgICAgIGxkYXBfcGVycm9yKGxkYXAtPmxkLCAi bGRhcF9zZXRfb3B0aW9uKExEQVBfT1BUX1BST1RPQ09MX1ZFUlNJT04pIik7DQorKyAgICAg ICAgcmV0dXJuIEZBSUxVUkU7DQorKyAgICB9DQorKw0KKysgICAgLyogVGltZW91dHMgc2V0 dXAgKi8NCisrICAgIGlmIChsZGFwX3NldF9vcHRpb24obGRhcC0+bGQsIExEQVBfT1BUX05F VFdPUktfVElNRU9VVCwgJmxkYXAtPmJfdGltZW91dCkgIT0gTERBUF9TVUNDRVNTKSB7DQor KyAgICAgICAgbGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFwX3NldF9vcHRpb24oTERBUF9P UFRfTkVUV09SS19USU1FT1VUKSIpOw0KKysgICAgfQ0KKysgICAgaWYgKGxkYXBfc2V0X29w dGlvbihsZGFwLT5sZCwgTERBUF9PUFRfVElNRU9VVCwgJmxkYXAtPnNfdGltZW91dCkgIT0g TERBUF9TVUNDRVNTKSB7DQorKyAgICAgICAgbGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFw X3NldF9vcHRpb24oTERBUF9PUFRfVElNRU9VVCkiKTsNCisrICAgIH0NCisrDQorKyAgICAv KiBUTFMgc3VwcG9ydCAqLw0KKysgICAgaWYgKCAobGRhcC0+dGxzID09IC0xKSB8fCAobGRh cC0+dGxzID09IDEpICkgew0KKysgICAgICAgIGlmIChsZGFwX3N0YXJ0X3Rsc19zKGxkYXAt PmxkLCBOVUxMLCBOVUxMICkgIT0gTERBUF9TVUNDRVNTKSB7DQorKyAgICAgICAgICAgIC8q IGZhaWxlZCB0aGVuIHJlaW5pdCB0aGUgaW5pdGlhbCBjb25uZWN0ICovDQorKyAgICAgICAg ICAgIGxkYXBfcGVycm9yKGxkYXAtPmxkLCAibGRhcF9jb25uZWN0OiAoVExTKSBsZGFwX3N0 YXJ0X3RscygpIik7DQorKyAgICAgICAgICAgIGlmIChsZGFwLT50bHMgPT0gMSkNCisrICAg ICAgICAgICAgICAgIHJldHVybiBGQUlMVVJFOw0KKysNCisrICAgICAgICAgICAgbGRhcC0+ bGQgPSBsZGFwX2luaXQobGRhcC0+c2VydmVycywgTERBUF9QT1JUKTsNCisrICAgICAgICAg ICAgaWYgKCFsZGFwLT5sZCkgeyANCisrICAgICAgICAgICAgICAgIGxkYXBfcGVycm9yKGxk YXAtPmxkLCAibGRhcF9pbml0KCkiKTsNCisrICAgICAgICAgICAgICAgIHJldHVybiBGQUlM VVJFOw0KKysgICAgICAgICAgICB9DQorKw0KKysgICAgICAgICAgICBpZiAoIGxkYXBfc2V0 X29wdGlvbihsZGFwLT5sZCwgTERBUF9PUFRfUFJPVE9DT0xfVkVSU0lPTiwgJnZlcnNpb24p ICE9IExEQVBfT1BUX1NVQ0NFU1MpIHsNCisrICAgICAgICAgICAgICAgICBsZGFwX3BlcnJv cihsZGFwLT5sZCwgImxkYXBfc2V0X29wdGlvbigpIik7DQorKyAgICAgICAgICAgICAgICAg cmV0dXJuIEZBSUxVUkU7DQorKyAgICAgICAgICAgIH0NCisrICAgICAgICB9DQorKyAgICB9 DQorKw0KKysNCisrICAgIGlmICggbGRhcF9zaW1wbGVfYmluZF9zKGxkYXAtPmxkLCBsZGFw LT5iaW5kZG4sIGxkYXAtPmJpbmRwdykgIT0gTERBUF9TVUNDRVNTKSB7DQorKyAgICAgICAg bGRhcF9wZXJyb3IobGRhcC0+bGQsICJsZGFwX3NpbXBsZV9iaW5kX3MoKSIpOw0KKysgICAg ICAgIHJldHVybiBGQUlMVVJFOw0KKysgICAgfQ0KKysNCisrICAgIC8qIHNheXMgaXQgaXMg Y29ubmVjdGVkICovDQorKyAgICBGTEFHX1NFVF9DT05ORUNURUQobGRhcC0+ZmxhZ3MpOw0K KysNCisrICAgIHJldHVybiBTVUNDRVNTOw0KKyt9DQorKw0KKysvKiBtdXN0IGZyZWUgYWxs b2NhdGVkIHJlc3NvdXJjZSAqLw0KKytzdGF0aWMgY2hhciAqIGxkYXBfYnVpbGRfaG9zdChj aGFyICpob3N0LCBpbnQgcG9ydCkgew0KKysgICAgdW5zaWduZWQgaW50IHNpemUgPSBzdHJs ZW4oaG9zdCkrMTE7DQorKyAgICBjaGFyICogaCA9IChjaGFyICopIGNhbGxvYyAoc2l6ZSwg c2l6ZW9mKGNoYXIpKTsNCisrICAgIGludCByYzsNCisrICAgIGlmICghaCkNCisrICAgICAg ICAgcmV0dXJuIE5VTEw7DQorKw0KKysgICAgcmMgPSBzbnByaW50ZihoLCBzaXplLCAiJXM6 JWQgIiwgaG9zdCwgcG9ydCk7DQorKyAgICBpZiAocmMgPT0gLTEpDQorKyAgICAgICAgcmV0 dXJuIE5VTEw7DQorKyAgICByZXR1cm4gaDsNCisrfQ0KKysNCisrc3RhdGljIGludCBsZGFw X2NvdW50X2dyb3VwKGNvbnN0IGNoYXIgKiBpbnB1dCkgew0KKysgICAgY29uc3QgY2hhciAq IGNoYXJzZXQgPSAiIFx0IjsNCisrICAgIGNvbnN0IGNoYXIgKiBwdHIgPSBpbnB1dDsNCisr ICAgIHVuc2lnbmVkIGludCBjb3VudCA9IDA7DQorKyAgICB1bnNpZ25lZCBpbnQgbnVtOw0K KysNCisrICAgIG51bSA9IHN0cnNwbihwdHIsIGNoYXJzZXQpOw0KKysgICAgcHRyICs9IG51 bTsNCisrDQorKyAgICB3aGlsZSAoKG51bSA9IHN0cmNzcG4ocHRyLCBjaGFyc2V0KSkpIHsN CisrICAgIGNvdW50Kys7DQorKyAgICBwdHIgKz0gbnVtOw0KKysgICAgcHRyKys7DQorKyAg ICB9DQorKw0KKysgICAgcmV0dXJuIGNvdW50Ow0KKyt9DQorKw0KKysvKiBmb3JtYXQgZmls dGVyICovDQorK2NoYXIgKiBsZGFwX3BhcnNlX2dyb3Vwcyhjb25zdCBjaGFyICogZ3JvdXBz KSB7DQorKyAgICB1bnNpZ25lZCBpbnQgYnVmZmVyX3NpemUgPSBGSUxURVJfR1JPVVBfU0la RShncm91cHMpOw0KKysgICAgY2hhciAqIGJ1ZmZlciA9IChjaGFyICopIGNhbGxvYyhidWZm ZXJfc2l6ZSwgc2l6ZW9mKGNoYXIpKTsNCisrICAgIGNoYXIgKiBnID0gTlVMTDsNCisrICAg IGNoYXIgKiBnYXJyYXlbMzJdOw0KKysgICAgdW5zaWduZWQgaW50IGkgPSAwOw0KKysNCisr ICAgIGlmICgoIWdyb3Vwcyl8fCghYnVmZmVyKSkNCisrICAgICAgICByZXR1cm4gTlVMTDsN CisrDQorKyAgICBnID0gc3RyZHVwKGdyb3Vwcyk7DQorKyAgICBpZiAoIWcpIHsNCisrICAg ICAgICBmcmVlKGJ1ZmZlcik7DQorKyAgICAgICAgcmV0dXJuIE5VTEw7DQorKyAgICB9DQor Kw0KKysgICAgLyogZmlyc3Qgc2VwYXJhdGUgaW50byBuIHRva2VucyAqLw0KKysgICAgaWYg KCB0b2tlbml6ZShnYXJyYXksIHNpemVvZihnYXJyYXkpL3NpemVvZigqZ2FycmF5KSwgZykg PCAwKSB7DQorKyAgICAgICAgZnJlZShnKTsNCisrICAgICAgICBmcmVlKGJ1ZmZlcik7DQor KyAgICAgICAgcmV0dXJuIE5VTEw7DQorKyAgICB9DQorKw0KKysgICAgLyogYnVpbGQgdGhl IGZpbmFsIGZpbHRlciBmb3JtYXQgKi8NCisrICAgIHN0cmxjYXQoYnVmZmVyLCBGSUxURVJf R1JPVVBfUFJFRklYLCBidWZmZXJfc2l6ZSk7DQorKyAgICBzdHJsY2F0KGJ1ZmZlciwgRklM VEVSX09SX1BSRUZJWCwgYnVmZmVyX3NpemUpOw0KKysgICAgaSA9IDA7DQorKyAgICB3aGls ZSAoZ2FycmF5W2ldKSB7DQorKyAgICAgICAgc3RybGNhdChidWZmZXIsIEZJTFRFUl9DTl9Q UkVGSVgsIGJ1ZmZlcl9zaXplKTsNCisrICAgICAgICBzdHJsY2F0KGJ1ZmZlciwgZ2FycmF5 W2ldLCBidWZmZXJfc2l6ZSk7DQorKyAgICAgICAgc3RybGNhdChidWZmZXIsIEZJTFRFUl9D Tl9TVUZGSVgsIGJ1ZmZlcl9zaXplKTsNCisrICAgICAgICBpKys7DQorKyAgICB9DQorKyAg ICBzdHJsY2F0KGJ1ZmZlciwgRklMVEVSX09SX1NVRkZJWCwgYnVmZmVyX3NpemUpOw0KKysg ICAgc3RybGNhdChidWZmZXIsIEZJTFRFUl9VSURfRk9STUFULCBidWZmZXJfc2l6ZSk7DQor KyAgICBzdHJsY2F0KGJ1ZmZlciwgRklMVEVSX0dST1VQX1NVRkZJWCwgYnVmZmVyX3NpemUp Ow0KKysNCisrICAgIGZyZWUoZyk7DQorKyAgICByZXR1cm4gYnVmZmVyOw0KKyt9DQorKw0K KysvKiBhIGJpdCBkaXJ0eSBidXQgbGVhayBmcmVlICAqLw0KKytjaGFyICogbGRhcF9wYXJz ZV9zZXJ2ZXJzKGNvbnN0IGNoYXIgKiBzZXJ2ZXJzKSB7DQorKyAgICBjaGFyICogcyA9IE5V TEw7DQorKyAgICBjaGFyICogdG1wID0gTlVMTCwgKnVybHNbMzJdOw0KKysgICAgdW5zaWdu ZWQgaW50IG51bSA9IDAgLCBpID0gMCAsIGFzaXplID0gMDsNCisrICAgIExEQVBVUkxEZXNj ICp1cmxkWzMyXTsNCisrDQorKyAgICBpZiAoIXNlcnZlcnMpDQorKyAgICAgICAgcmV0dXJu IE5VTEw7DQorKw0KKysgICAgLyogbG9jYWwgY29weSBvZiB0aGUgYXJnICovDQorKyAgICBz ID0gc3RyZHVwKHNlcnZlcnMpOw0KKysgICAgaWYgKCFzKQ0KKysgICAgICAgIHJldHVybiBO VUxMOw0KKysNCisrICAgIC8qIGZpcnN0IHNlcGFyYXRlIGludG8gVVJMIHRva2VucyAqLw0K KysgICAgaWYgKCB0b2tlbml6ZSh1cmxzLCBzaXplb2YodXJscykvc2l6ZW9mKCp1cmxzKSwg cykgPCAwKQ0KKysgICAgICAgIHJldHVybiBOVUxMOw0KKysNCisrICAgIGkgPSAwOw0KKysg ICAgd2hpbGUgKHVybHNbaV0pIHsNCisrICAgICAgICBpZiAoISBsZGFwX2lzX2xkYXBfdXJs KHVybHNbaV0pIHx8DQorKyAgICAgICAgICAgKGxkYXBfdXJsX3BhcnNlKHVybHNbaV0sICZ1 cmxkW2ldKSAhPSAwKSkgew0KKysgICAgICAgICAgICAgICAgcmV0dXJuIE5VTEw7DQorKyAg ICAgICAgfQ0KKysgICAgICAgIGkrKzsNCisrICAgIH0NCisrDQorKyAgICAvKiBub3cgZnJl ZShzKSAqLw0KKysgICAgZnJlZSAocyk7DQorKw0KKysgICAgLyogaG93IG11Y2ggbWVtb3J5 IGRvIHdlIG5lZWQgKi8NCisrICAgIG51bSA9IGk7DQorKyAgICBmb3IgKGkgPSAwIDsgaSA8 IG51bSA7IGkrKykNCisrICAgICAgICBhc2l6ZSArPSBzdHJsZW4odXJsZFtpXS0+bHVkX2hv c3QpKzExOw0KKysNCisrICAgIC8qIGFsbG9jICovDQorKyAgICBzID0gKGNoYXIgKikgY2Fs bG9jKCBhc2l6ZSsxICwgc2l6ZW9mKGNoYXIpKTsNCisrICAgIGlmICghcykgew0KKysgICAg ICAgIGZvciAoaSA9IDAgOyBpIDwgbnVtIDsgaSsrKQ0KKysgICAgICAgICAgICBsZGFwX2Zy ZWVfdXJsZGVzYyh1cmxkW2ldKTsNCisrICAgICAgICByZXR1cm4gTlVMTDsNCisrICAgIH0N CisrDQorKyAgICAvKiB0aGVuIGJ1aWxkIHRoZSBmaW5hbCBob3N0IHN0cmluZyAqLw0KKysg ICAgZm9yIChpID0gMCA7IGkgPCBudW0gOyBpKyspIHsNCisrICAgICAgICAvKiBidWlsdCBo b3N0IHBhcnQgKi8NCisrICAgICAgICB0bXAgPSBsZGFwX2J1aWxkX2hvc3QodXJsZFtpXS0+ bHVkX2hvc3QsIHVybGRbaV0tPmx1ZF9wb3J0KTsNCisrICAgICAgICBzdHJuY2F0KHMsIHRt cCwgc3RybGVuKHRtcCkpOw0KKysgICAgICAgIGxkYXBfZnJlZV91cmxkZXNjKHVybGRbaV0p Ow0KKysgICAgICAgIGZyZWUodG1wKTsNCisrICAgIH0NCisrDQorKyAgICByZXR1cm4gczsN CisrfQ0KKysNCisrdm9pZCBsZGFwX29wdGlvbnNfcHJpbnQobGRhcF9vcHRfdCAqIGxkYXAp IHsNCisrICAgIGRlYnVnKCJsZGFwIG9wdGlvbnM6Iik7DQorKyAgICBkZWJ1Zygic2VydmVy czogJXMiLCBsZGFwLT5zZXJ2ZXJzKTsNCisrICAgIGlmIChsZGFwLT51X2Jhc2VkbikNCisr ICAgICAgICBkZWJ1ZygidXNlciBiYXNlZG46ICVzIiwgbGRhcC0+dV9iYXNlZG4pOw0KKysg ICAgaWYgKGxkYXAtPmdfYmFzZWRuKQ0KKysgICAgICAgIGRlYnVnKCJncm91cCBiYXNlZG46 ICVzIiwgbGRhcC0+Z19iYXNlZG4pOw0KKysgICAgaWYgKGxkYXAtPmJpbmRkbikNCisrICAg ICAgICBkZWJ1ZygiYmluZGRuOiAlcyIsIGxkYXAtPmJpbmRkbik7DQorKyAgICBpZiAobGRh cC0+YmluZHB3KQ0KKysgICAgICAgIGRlYnVnKCJiaW5kcHc6ICVzIiwgbGRhcC0+YmluZHB3 KTsNCisrICAgIGlmIChsZGFwLT5zZ3JvdXApDQorKyAgICAgICAgZGVidWcoImdyb3VwOiAl cyIsIGxkYXAtPnNncm91cCk7DQorKyAgICBpZiAobGRhcC0+ZmlsdGVyKQ0KKysgICAgICAg IGRlYnVnKCJmaWx0ZXI6ICVzIiwgbGRhcC0+ZmlsdGVyKTsNCisrfQ0KKysNCisrdm9pZCBs ZGFwX29wdGlvbnNfZnJlZShsZGFwX29wdF90ICogbCkgew0KKysgICAgaWYgKCFsKQ0KKysg ICAgICAgIHJldHVybjsNCisrICAgIGlmIChsLT5zZXJ2ZXJzKQ0KKysgICAgICAgIGZyZWUo bC0+c2VydmVycyk7DQorKyAgICBpZiAobC0+dV9iYXNlZG4pDQorKyAgICAgICAgZnJlZShs LT51X2Jhc2Vkbik7DQorKyAgICBpZiAobC0+Z19iYXNlZG4pDQorKyAgICAgICAgZnJlZShs LT5nX2Jhc2Vkbik7DQorKyAgICBpZiAobC0+YmluZGRuKQ0KKysgICAgICAgIGZyZWUobC0+ YmluZGRuKTsNCisrICAgIGlmIChsLT5iaW5kcHcpDQorKyAgICAgICAgZnJlZShsLT5iaW5k cHcpOw0KKysgICAgaWYgKGwtPnNncm91cCkNCisrICAgICAgICBmcmVlKGwtPnNncm91cCk7 DQorKyAgICBpZiAobC0+Zmdyb3VwKQ0KKysgICAgICAgIGZyZWUobC0+Zmdyb3VwKTsNCisr ICAgIGlmIChsLT5maWx0ZXIpDQorKyAgICAgICAgZnJlZShsLT5maWx0ZXIpOw0KKysgICAg aWYgKGwtPmxfY29uZikNCisrICAgICAgICBmcmVlKGwtPmxfY29uZik7DQorKyAgICBmcmVl KGwpOw0KKyt9DQorKw0KKysvKiBmcmVlIGtleXMgKi8NCisrdm9pZCBsZGFwX2tleXNfZnJl ZShsZGFwX2tleV90ICogaykgew0KKysgICAgbGRhcF92YWx1ZV9mcmVlX2xlbihrLT5rZXlz KTsNCisrICAgIGZyZWUoayk7DQorKyAgICByZXR1cm47DQorK30NCisrDQorK2xkYXBfa2V5 X3QgKiBsZGFwX2dldHVzZXJrZXkobGRhcF9vcHRfdCAqbCwgY29uc3QgY2hhciAqIHVzZXIp IHsNCisrICAgIGxkYXBfa2V5X3QgKiBrID0gKGxkYXBfa2V5X3QgKikgY2FsbG9jICgxLCBz aXplb2YobGRhcF9rZXlfdCkpOw0KKysgICAgTERBUE1lc3NhZ2UgKnJlcywgKmU7DQorKyAg ICBjaGFyICogZmlsdGVyOw0KKysgICAgaW50IGk7DQorKw0KKysgICAgaWYgKCghaykgfHwg KCFsKSkNCisrICAgICAgICAgcmV0dXJuIE5VTEw7DQorKw0KKysgICAgLyogQW0gaSBzdGls bCBjb25uZWN0ZWQgPyBSRVRSWSBuIHRpbWVzICovDQorKyAgICAvKiBYWFggVE9ETzogc2V0 dXAgc29tZSBjb25mIHZhbHVlIGZvciByZXRyeWluZyAqLw0KKysgICAgaWYgKCEobC0+Zmxh Z3MgJiBGTEFHX0NPTk5FQ1RFRCkpDQorKyAgICAgICAgZm9yIChpID0gMCA7IGkgPCAyIDsg aSsrKQ0KKysgICAgICAgICAgICBpZiAobGRhcF9jb25uZWN0KGwpID09IDApDQorKyAgICAg ICAgICAgICAgICBicmVhazsNCisrDQorKyAgICAvKiBxdWljayBjaGVjayBmb3IgYXR0ZW1w dHMgdG8gYmUgZXZpbCAqLw0KKysgICAgaWYgKChzdHJjaHIodXNlciwgJygnKSAhPSBOVUxM KSB8fCAoc3RyY2hyKHVzZXIsICcpJykgIT0gTlVMTCkgfHwNCisrICAgICAgICAoc3RyY2hy KHVzZXIsICcqJykgIT0gTlVMTCkgfHwgKHN0cmNocih1c2VyLCAnXFwnKSAhPSBOVUxMKSkN CisrICAgICAgICByZXR1cm4gTlVMTDsNCisrDQorKyAgICAvKiBidWlsZCAgZmlsdGVyIGZv ciBMREFQIHJlcXVlc3QgKi8NCisrICAgIFJFUVVFU1RfVVNFUihmaWx0ZXIsIHVzZXIsIGwt PmZpbHRlcik7DQorKw0KKysgICAgaWYgKCBsZGFwX3NlYXJjaF9zdCggbC0+bGQsDQorKyAg ICAgICAgbC0+dV9iYXNlZG4sDQorKyAgICAgICAgTERBUF9TQ09QRV9TVUJUUkVFLA0KKysg ICAgICAgIGZpbHRlciwNCisrICAgICAgICBhdHRycywgMCwgJmwtPnNfdGltZW91dCwgJnJl cyApICE9IExEQVBfU1VDQ0VTUykgew0KKysgICAgICAgIA0KKysgICAgICAgIGxkYXBfcGVy cm9yKGwtPmxkLCAibGRhcF9zZWFyY2hfc3QoKSIpOw0KKysNCisrICAgICAgICBmcmVlKGZp bHRlcik7DQorKyAgICAgICAgZnJlZShrKTsNCisrDQorKyAgICAgICAgLyogWFhYIGVycm9y IG9uIHNlYXJjaCwgdGltZW91dCBldGMuLiBjbG9zZSBhc2sgZm9yIHJlY29ubmVjdCAqLw0K KysgICAgICAgIGxkYXBfY2xvc2UobCk7DQorKw0KKysgICAgICAgIHJldHVybiBOVUxMOw0K KysgICAgfSANCisrDQorKyAgICAvKiBmcmVlICovDQorKyAgICBmcmVlKGZpbHRlcik7DQor Kw0KKysgICAgLyogY2hlY2sgaWYgYW55IHJlc3VsdHMgKi8NCisrICAgIGkgPSBsZGFwX2Nv dW50X2VudHJpZXMobC0+bGQscmVzKTsNCisrICAgIGlmIChpIDw9IDApIHsNCisrICAgICAg ICBsZGFwX21zZ2ZyZWUocmVzKTsNCisrICAgICAgICBmcmVlKGspOw0KKysgICAgICAgIHJl dHVybiBOVUxMOw0KKysgICAgfQ0KKysNCisrICAgIGlmIChpID4gMSkNCisrICAgICAgICBk ZWJ1ZygiW0xEQVBdIGR1cGxpY2F0ZSBlbnRyaWVzLCB1c2luZyB0aGUgRklSU1QgZW50cnkg cmV0dXJuZWQiKTsNCisrDQorKyAgICBlID0gbGRhcF9maXJzdF9lbnRyeShsLT5sZCwgcmVz KTsNCisrICAgIGstPmtleXMgPSBsZGFwX2dldF92YWx1ZXNfbGVuKGwtPmxkLCBlLCBQVUJL RVlBVFRSKTsNCisrICAgIGstPm51bSA9IGxkYXBfY291bnRfdmFsdWVzX2xlbihrLT5rZXlz KTsNCisrDQorKyAgICBsZGFwX21zZ2ZyZWUocmVzKTsNCisrICAgIHJldHVybiBrOw0KKyt9 DQorKw0KKysNCisrLyogLTEgaWYgdHJvdWJsZQ0KKysgICAwIGlmIHVzZXIgaXMgTk9UIG1l bWJlciBvZiBjdXJyZW50IHNlcnZlciBncm91cA0KKysgICAxIGlmIHVzZXIgSVMgTUVNQkVS IG9mIGN1cnJlbnQgc2VydmVyIGdyb3VwIA0KKysgKi8NCisraW50IGxkYXBfaXNtZW1iZXIo bGRhcF9vcHRfdCAqIGwsIGNvbnN0IGNoYXIgKiB1c2VyKSB7DQorKyAgICBMREFQTWVzc2Fn ZSAqcmVzOw0KKysgICAgY2hhciAqIGZpbHRlcjsNCisrICAgIGludCBpOw0KKysNCisrICAg IGlmICgoIWwtPnNncm91cCkgfHwgIShsLT5nX2Jhc2VkbikpDQorKyAgICAgICAgcmV0dXJu IDE7DQorKw0KKysgICAgLyogQW0gaSBzdGlsbCBjb25uZWN0ZWQgPyBSRVRSWSBuIHRpbWVz ICovDQorKyAgICAvKiBYWFggVE9ETzogc2V0dXAgc29tZSBjb25mIHZhbHVlIGZvciByZXRy eWluZyAqLw0KKysgICAgaWYgKCEobC0+ZmxhZ3MgJiBGTEFHX0NPTk5FQ1RFRCkpIA0KKysg ICAgICAgIGZvciAoaSA9IDAgOyBpIDwgMiA7IGkrKykNCisrICAgICAgICAgICAgaWYgKGxk YXBfY29ubmVjdChsKSA9PSAwKQ0KKysgICAgICAgICAgICAgICAgIGJyZWFrOw0KKysNCisr ICAgIC8qIHF1aWNrIGNoZWNrIGZvciBhdHRlbXB0cyB0byBiZSBldmlsICovDQorKyAgICBp ZiAoKHN0cmNocih1c2VyLCAnKCcpICE9IE5VTEwpIHx8IChzdHJjaHIodXNlciwgJyknKSAh PSBOVUxMKSB8fA0KKysgICAgICAgIChzdHJjaHIodXNlciwgJyonKSAhPSBOVUxMKSB8fCAo c3RyY2hyKHVzZXIsICdcXCcpICE9IE5VTEwpKQ0KKysgICAgICAgIHJldHVybiBGQUlMVVJF Ow0KKysNCisrICAgIC8qIGJ1aWxkIGZpbHRlciBmb3IgTERBUCByZXF1ZXN0ICovDQorKyAg ICBSRVFVRVNUX0dST1VQKGZpbHRlciwgbC0+Zmdyb3VwLCB1c2VyKTsNCisrDQorKyAgICBp ZiAobGRhcF9zZWFyY2hfc3QoIGwtPmxkLCANCisrICAgICAgICBsLT5nX2Jhc2VkbiwNCisr ICAgICAgICBMREFQX1NDT1BFX1NVQlRSRUUsDQorKyAgICAgICAgZmlsdGVyLA0KKysgICAg ICAgIE5VTEwsIDAsICZsLT5zX3RpbWVvdXQsICZyZXMpICE9IExEQVBfU1VDQ0VTUykgew0K KysgICAgDQorKyAgICAgICAgbGRhcF9wZXJyb3IobC0+bGQsICJsZGFwX3NlYXJjaF9zdCgp Iik7DQorKw0KKysgICAgICAgIGZyZWUoZmlsdGVyKTsNCisrDQorKyAgICAgICAgLyogWFhY IGVycm9yIG9uIHNlYXJjaCwgdGltZW91dCBldGMuLiBjbG9zZSBhc2sgZm9yIHJlY29ubmVj dCAqLw0KKysgICAgICAgIGxkYXBfY2xvc2UobCk7DQorKw0KKysgICAgICAgIHJldHVybiBG QUlMVVJFOw0KKysgICAgfQ0KKysNCisrICAgIGZyZWUoZmlsdGVyKTsNCisrDQorKyAgICAv KiBjaGVjayBpZiBhbnkgcmVzdWx0cyAqLw0KKysgICAgaWYgKGxkYXBfY291bnRfZW50cmll cyhsLT5sZCwgcmVzKSA+IDApIHsNCisrICAgICAgICBsZGFwX21zZ2ZyZWUocmVzKTsNCisr ICAgICAgICByZXR1cm4gMTsNCisrICAgIH0NCisrDQorKyAgICBsZGFwX21zZ2ZyZWUocmVz KTsNCisrICAgIHJldHVybiAwOw0KKyt9DQorKw0KKysvKg0KKysgKiBsZGFwLmNvbmYgc2lt cGxlIHBhcnNlcg0KKysgKiBYWFggVE9ETzogIHNhbml0eSBjaGVja3MNCisrICogbXVzdCBl aXRoZXINCisrICogLSBmcmVlIHRoZSBwcmV2aW91cyBsZGFwX29wdF9iZWZvcmUgcmVwbGFj aW5nIGVudHJpZXMNCisrICogLSBmcmVlIGVhY2ggbmVjZXNzYXJ5IHByZXZpb3VzbHkgcGFy c2VkIGVsZW1lbnRzDQorKyAqIHJldDoNCisrICogLTEgb24gRkFJTFVSRSwgMCBvbiBTVUND RVNTDQorKyAqLw0KKytpbnQgbGRhcF9wYXJzZV9sY29uZihsZGFwX29wdF90ICogbCkgew0K KysgICAgRklMRSAqIGxjZDsgLyogbGRhcC5jb25mIGRlc2NyaXB0b3IgKi8NCisrICAgIGNo YXIgYnVmW0JVRlNJWl07DQorKyAgICBjaGFyICogcyA9IE5VTEwsICogayA9IE5VTEwsICog diA9IE5VTEw7DQorKyAgICBpbnQgbGksIGxlbjsNCisrDQorKyAgICBsY2QgPSBmb3BlbiAo bC0+bF9jb25mLCAiciIpOw0KKysgICAgaWYgKGxjZCA9PSBOVUxMKSB7DQorKyAgICAgICAg LyogZGVidWcoIkNhbm5vdCBvcGVuICVzIiwgbC0+bF9jb25mKTsgKi8NCisrICAgICAgICBw ZXJyb3IoImxkYXBfcGFyc2VfbGNvbmYoKSIpOw0KKysgICAgICAgIHJldHVybiBGQUlMVVJF Ow0KKysgICAgfQ0KKysgICAgDQorKyAgICB3aGlsZSAoZmdldHMgKGJ1Ziwgc2l6ZW9mIChi dWYpLCBsY2QpICE9IE5VTEwpIHsNCisrDQorKyAgICAgICAgaWYgKCpidWYgPT0gJ1xuJyB8 fCAqYnVmID09ICcjJykNCisrICAgICAgICAgICAgY29udGludWU7DQorKw0KKysgICAgICAg IGsgPSBidWY7DQorKyAgICAgICAgdiA9IGs7DQorKyAgICAgICAgd2hpbGUgKCp2ICE9ICdc MCcgJiYgKnYgIT0gJyAnICYmICp2ICE9ICdcdCcpDQorKyAgICAgICAgICAgIHYrKzsNCisr DQorKyAgICAgICAgaWYgKCp2ID09ICdcMCcpDQorKyAgICAgICAgICAgIGNvbnRpbnVlOw0K KysNCisrICAgICAgICAqKHYrKykgPSAnXDAnOw0KKysNCisrICAgICAgICB3aGlsZSAoKnYg PT0gJyAnIHx8ICp2ID09ICdcdCcpDQorKyAgICAgICAgICAgIHYrKzsNCisrDQorKyAgICAg ICAgbGkgPSBzdHJsZW4gKHYpIC0gMTsNCisrICAgICAgICB3aGlsZSAodltsaV0gPT0gJyAn IHx8IHZbbGldID09ICdcdCcgfHwgdltsaV0gPT0gJ1xuJykNCisrICAgICAgICAgICAgLS1s aTsNCisrICAgICAgICB2W2xpICsgMV0gPSAnXDAnOw0KKysNCisrICAgICAgICBpZiAoIXN0 cmNhc2VjbXAgKGssICJ1cmkiKSkgew0KKysgICAgICAgICAgICBpZiAoKGwtPnNlcnZlcnMg PSBsZGFwX3BhcnNlX3NlcnZlcnModikpID09IE5VTEwpIHsNCisrICAgICAgICAgICAgICAg IGZhdGFsKCJlcnJvciBpbiBsZGFwIHNlcnZlcnMiKTsNCisrICAgICAgICAgICAgcmV0dXJu IEZBSUxVUkU7DQorKyAgICAgICAgICAgIH0NCisrDQorKyAgICAgICAgfQ0KKysgICAgICAg IGVsc2UgaWYgKCFzdHJjYXNlY21wIChrLCAiYmFzZSIpKSB7IA0KKysgICAgICAgICAgICBz ID0gc3RyY2hyICh2LCAnPycpOw0KKysgICAgICAgICAgICBpZiAocyAhPSBOVUxMKSB7DQor KyAgICAgICAgICAgICAgICBsZW4gPSBzIC0gdjsNCisrICAgICAgICAgICAgICAgIGwtPnVf YmFzZWRuID0gbWFsbG9jIChsZW4gKyAxKTsNCisrICAgICAgICAgICAgICAgIHN0cm5jcHkg KGwtPnVfYmFzZWRuLCB2LCBsZW4pOw0KKysgICAgICAgICAgICAgICAgbC0+dV9iYXNlZG5b bGVuXSA9ICdcMCc7DQorKyAgICAgICAgICAgIH0gZWxzZSB7DQorKyAgICAgICAgICAgICAg ICBsLT51X2Jhc2VkbiA9IHN0cmR1cCAodik7DQorKyAgICAgICAgICAgIH0NCisrICAgICAg ICB9DQorKyAgICAgICAgZWxzZSBpZiAoIXN0cmNhc2VjbXAgKGssICJiaW5kZG4iKSkgew0K KysgICAgICAgICAgICBsLT5iaW5kZG4gPSBzdHJkdXAgKHYpOw0KKysgICAgICAgIH0NCisr ICAgICAgICBlbHNlIGlmICghc3RyY2FzZWNtcCAoaywgImJpbmRwdyIpKSB7DQorKyAgICAg ICAgICAgIGwtPmJpbmRwdyA9IHN0cmR1cCAodik7DQorKyAgICAgICAgfQ0KKysgICAgICAg IGVsc2UgaWYgKCFzdHJjYXNlY21wIChrLCAidGltZWxpbWl0IikpIHsNCisrICAgICAgICAg ICAgbC0+c190aW1lb3V0LnR2X3NlYyA9IGF0b2kgKHYpOw0KKysgICAgICAgICAgICAgICAg fQ0KKysgICAgICAgIGVsc2UgaWYgKCFzdHJjYXNlY21wIChrLCAiYmluZF90aW1lbGltaXQi KSkgew0KKysgICAgICAgICAgICBsLT5iX3RpbWVvdXQudHZfc2VjID0gYXRvaSAodik7DQor KyAgICAgICAgfQ0KKysgICAgICAgIGVsc2UgaWYgKCFzdHJjYXNlY21wIChrLCAic3NsIikp IHsNCisrICAgICAgICAgICAgaWYgKCFzdHJjYXNlY21wICh2LCAic3RhcnRfdGxzIikpDQor KyAgICAgICAgICAgICAgICBsLT50bHMgPSAxOw0KKysgICAgICAgIH0NCisrICAgIH0NCisr DQorKyAgICBmY2xvc2UgKGxjZCk7DQorKyAgICByZXR1cm4gU1VDQ0VTUzsNCisrfQ0KKysN CisrI2VuZGlmIC8qIFdJVEhfTERBUF9QVUJLRVkgKi8NCitkaWZmIC1OdWFyIC0tZXhjbHVk ZSAnKi5vcmlnJyAtLWV4Y2x1ZGUgJyoucmVqJyBsZGFwYXV0aC5oIGxkYXBhdXRoLmgNCist LS0gbGRhcGF1dGguaAkxOTY5LTEyLTMxIDE2OjAwOjAwLjAwMDAwMDAwMCAtMDgwMA0KKysr KyBsZGFwYXV0aC5oCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQorQEAg LTAsMCArMSwxMjQgQEANCisrLyoNCisrICogJElkOiBvcGVuc3NoLWxway00LjNwMS0wLjMu Ny5wYXRjaCx2IDEuMyAyMDA2LzA0LzE4IDE1OjI5OjA5IGVhdSBFeHAgJCANCisrICovDQor Kw0KKysvKg0KKysgKg0KKysgKiBDb3B5cmlnaHQgKGMpIDIwMDUsIEVyaWMgQVVHRSA8ZWF1 QHBoZWFyLm9yZz4NCisrICogQWxsIHJpZ2h0cyByZXNlcnZlZC4NCisrICoNCisrICogUmVk aXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBv ciB3aXRob3V0IG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0aGF0IHRo ZSBmb2xsb3dpbmcgY29uZGl0aW9ucyBhcmUgbWV0Og0KKysgKg0KKysgKiBSZWRpc3RyaWJ1 dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBu b3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2Ns YWltZXIuDQorKyAqIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJv ZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlv bnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lciBpbiB0aGUgZG9jdW1lbnRhdGlvbiBh bmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhlIGRpc3RyaWJ1dGlvbi4N CisrICogTmVpdGhlciB0aGUgbmFtZSBvZiB0aGUgcGhlYXIub3JnIG5vciB0aGUgbmFtZXMg b2YgaXRzIGNvbnRyaWJ1dG9ycyBtYXkgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUg cHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBw cmlvciB3cml0dGVuIHBlcm1pc3Npb24uDQorKyAqDQorKyAqIFRISVMgU09GVFdBUkUgSVMg UFJPVklERUQgQlkgVEhFIENPUFlSSUdIVCBIT0xERVJTIEFORCBDT05UUklCVVRPUlMgIkFT IElTIiBBTkQgQU5ZIEVYUFJFU1MgT1IgSU1QTElFRCBXQVJSQU5USUVTLCBJTkNMVURJTkcs IA0KKysgKiBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0Yg TUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBB UkUgRElTQ0xBSU1FRC4gDQorKyAqIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBDT1BZUklHSFQg T1dORVIgT1IgQ09OVFJJQlVUT1JTIEJFIExJQUJMRSBGT1IgQU5ZIERJUkVDVCwgSU5ESVJF Q1QsIElOQ0lERU5UQUwsIFNQRUNJQUwsIEVYRU1QTEFSWSwgDQorKyAqIE9SIENPTlNFUVVF TlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFBST0NVUkVN RU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IA0KKysgKiBMT1NTIE9GIFVT RSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVS IENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09O VFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIA0KKysgKiBPUiBUT1JUIChJTkNMVURJTkcgTkVH TElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWSBPVVQgT0YgVEhFIFVT RSBPRiBUSElTIFNPRlRXQVJFLCBFVkVOIElGIEFEVklTRUQgT0YgVEhFIFBPU1NJQklMSVRZ IE9GIFNVQ0ggREFNQUdFLg0KKysgKg0KKysgKg0KKysgKi8NCisrDQorKyNpZm5kZWYgTERB UEFVVEhfSA0KKysjZGVmaW5lIExEQVBBVVRIX0gNCisrDQorKyNkZWZpbmUgTERBUF9ERVBS RUNBVEVEIDENCisrDQorKyNpbmNsdWRlIDxzdHJpbmcuaD4NCisrI2luY2x1ZGUgPHRpbWUu aD4NCisrI2luY2x1ZGUgPGxkYXAuaD4NCisrI2luY2x1ZGUgPGxiZXIuaD4NCisrDQorKy8q IHRva2VucyBpbiB1c2UgZm9yIGNvbmZpZyAqLw0KKysjZGVmaW5lIF9ERUZBVUxUX0xQS19U T0tFTiAiVXNlTFBLIg0KKysjZGVmaW5lIF9ERUZBVUxUX1NSVl9UT0tFTiAiTHBrU2VydmVy cyINCisrI2RlZmluZSBfREVGQVVMVF9VU1JfVE9LRU4gIkxwa1VzZXJETiINCisrI2RlZmlu ZSBfREVGQVVMVF9HUlBfVE9LRU4gIkxwa0dyb3VwRE4iDQorKyNkZWZpbmUgX0RFRkFVTFRf QkROX1RPS0VOICJMcGtCaW5kRE4iDQorKyNkZWZpbmUgX0RFRkFVTFRfQlBXX1RPS0VOICJM cGtCaW5kUHciDQorKyNkZWZpbmUgX0RFRkFVTFRfTVlHX1RPS0VOICJMcGtTZXJ2ZXJHcm91 cCINCisrI2RlZmluZSBfREVGQVVMVF9GSUxfVE9LRU4gIkxwa0ZpbHRlciINCisrI2RlZmlu ZSBfREVGQVVMVF9UTFNfVE9LRU4gIkxwa0ZvcmNlVExTIg0KKysjZGVmaW5lIF9ERUZBVUxU X0JUSV9UT0tFTiAiTHBrQmluZFRpbWVsaW1pdCINCisrI2RlZmluZSBfREVGQVVMVF9TVElf VE9LRU4gIkxwa1NlYXJjaFRpbWVsaW1pdCINCisrI2RlZmluZSBfREVGQVVMVF9MRFBfVE9L RU4gIkxwa0xkYXBDb25mIg0KKysNCisrLyogZGVmYXVsdCBvcHRpb25zICovDQorKyNkZWZp bmUgX0RFRkFVTFRfTFBLX09OIDANCisrI2RlZmluZSBfREVGQVVMVF9MUEtfU0VSVkVSUyBO VUxMDQorKyNkZWZpbmUgX0RFRkFVTFRfTFBLX1VETiBOVUxMDQorKyNkZWZpbmUgX0RFRkFV TFRfTFBLX0dETiBOVUxMDQorKyNkZWZpbmUgX0RFRkFVTFRfTFBLX0JJTkRETiBOVUxMDQor KyNkZWZpbmUgX0RFRkFVTFRfTFBLX0JJTkRQVyBOVUxMDQorKyNkZWZpbmUgX0RFRkFVTFRf TFBLX1NHUk9VUCBOVUxMDQorKyNkZWZpbmUgX0RFRkFVTFRfTFBLX0ZJTFRFUiBOVUxMDQor KyNkZWZpbmUgX0RFRkFVTFRfTFBLX1RMUyAtMQ0KKysjZGVmaW5lIF9ERUZBVUxUX0xQS19C VElNRU9VVCAxMA0KKysjZGVmaW5lIF9ERUZBVUxUX0xQS19TVElNRU9VVCAxMA0KKysjZGVm aW5lIF9ERUZBVUxUX0xQS19MRFAgTlVMTA0KKysNCisrLyogZmxhZ3MgKi8NCisrI2RlZmlu ZSBGTEFHX0VNUFRZCSAgICAweDAwMDAwMDAwDQorKyNkZWZpbmUgRkxBR19DT05ORUNURUQJ ICAgIDB4MDAwMDAwMDENCisrDQorKy8qIGZsYWcgbWFjcm9zICovDQorKyNkZWZpbmUgRkxB R19TRVRfRU1QVFkoeCkJCXgmPShGTEFHX0VNUFRZKQ0KKysjZGVmaW5lIEZMQUdfU0VUX0NP Tk5FQ1RFRCh4KQkJeHw9KEZMQUdfQ09OTkVDVEVEKQ0KKysjZGVmaW5lIEZMQUdfU0VUX0RJ U0NPTk5FQ1RFRCh4KQl4Jj1+KEZMQUdfQ09OTkVDVEVEKQ0KKysNCisrLyogZGVmaW5lcyAq Lw0KKysjZGVmaW5lIEZBSUxVUkUgLTENCisrI2RlZmluZSBTVUNDRVNTIDANCisrI2RlZmlu ZSBQVUJLRVlBVFRSICJzc2hQdWJsaWNLZXkiDQorKw0KKysvKiANCisrICoNCisrICogZGVm aW5lZCBmaWxlcyBwYXRoIA0KKysgKiAoc2hvdWxkIGJlIHJlbG9jYXRlZCB0byBwYXRobmFt ZXMuaCwNCisrICogaWYgb25lIGRheSBpdCdzIGluY2x1ZGVkIHdpdGhpbiB0aGUgdHJlZSkg DQorKyAqDQorKyAqLw0KKysjZGVmaW5lIF9QQVRIX0xEQVBfQ09ORklHX0ZJTEUgIi9ldGMv bGRhcC5jb25mIg0KKysNCisrLyogc3RydWN0dXJlcyAqLw0KKyt0eXBlZGVmIHN0cnVjdCBs ZGFwX29wdGlvbnMgew0KKysgICAgaW50IG9uOwkJCS8qIFVzZSBpdCBvciBOT1QgKi8NCisr ICAgIExEQVAgKiBsZDsJCQkvKiBMREFQIGZpbGUgZGVzYyAqLw0KKysgICAgY2hhciAqIHNl cnZlcnM7CQkvKiBwYXJzZWQgc2VydmVycyBmb3IgbGRhcGxpYiBmYWlsb3ZlciBoYW5kbGlu ZyAqLw0KKysgICAgY2hhciAqIHVfYmFzZWRuOwkJLyogdXNlciBiYXNlZG4gKi8NCisrICAg IGNoYXIgKiBnX2Jhc2VkbjsJCS8qIGdyb3VwIGJhc2VkbiAqLw0KKysgICAgY2hhciAqIGJp bmRkbjsJCS8qIGJpbmRkbiAqLw0KKysgICAgY2hhciAqIGJpbmRwdzsJCS8qIGJpbmQgcGFz c3dvcmQgKi8NCisrICAgIGNoYXIgKiBzZ3JvdXA7CQkvKiBzZXJ2ZXIgZ3JvdXAgKi8NCisr ICAgIGNoYXIgKiBmZ3JvdXA7CQkvKiBncm91cCBmaWx0ZXIgKi8NCisrICAgIGNoYXIgKiBm aWx0ZXI7CQkvKiBhZGRpdGlvbmFsIGZpbHRlciAqLw0KKysgICAgY2hhciAqIGxfY29uZjsJ CS8qIHVzZSBsZGFwLmNvbmYgKi8NCisrICAgIGludCB0bHM7CQkJLyogVExTIG9ubHkgKi8N CisrICAgIHN0cnVjdCB0aW1ldmFsIGJfdGltZW91dDsgICAvKiBiaW5kIHRpbWVvdXQgKi8N CisrICAgIHN0cnVjdCB0aW1ldmFsIHNfdGltZW91dDsgICAvKiBzZWFyY2ggdGltZW91dCAq Lw0KKysgICAgdW5zaWduZWQgaW50IGZsYWdzOwkJLyogbWlzYyBmbGFncyAocmVjb25uZWN0 aW9uLCBmdXR1cmUgdXNlPykgKi8NCisrfSBsZGFwX29wdF90Ow0KKysNCisrdHlwZWRlZiBz dHJ1Y3QgbGRhcF9rZXlzIHsNCisrICAgIHN0cnVjdCBiZXJ2YWwgKioga2V5czsJLyogdGhl IHB1YmxpYyBrZXlzIHJldHJpZXZlZCAqLw0KKysgICAgdW5zaWduZWQgaW50IG51bTsJCS8q IG51bWJlciBvZiBrZXlzICovDQorK30gbGRhcF9rZXlfdDsNCisrDQorKw0KKysvKiBmdW5j dGlvbiBoZWFkZXJzICovDQorK3ZvaWQgbGRhcF9jbG9zZShsZGFwX29wdF90ICopOw0KKytp bnQgbGRhcF9jb25uZWN0KGxkYXBfb3B0X3QgKik7DQorK2NoYXIgKiBsZGFwX3BhcnNlX2dy b3Vwcyhjb25zdCBjaGFyICopOw0KKytjaGFyICogbGRhcF9wYXJzZV9zZXJ2ZXJzKGNvbnN0 IGNoYXIgKik7DQorK3ZvaWQgbGRhcF9vcHRpb25zX3ByaW50KGxkYXBfb3B0X3QgKik7DQor K3ZvaWQgbGRhcF9vcHRpb25zX2ZyZWUobGRhcF9vcHRfdCAqKTsNCisrdm9pZCBsZGFwX2tl eXNfZnJlZShsZGFwX2tleV90ICopOw0KKytpbnQgbGRhcF9wYXJzZV9sY29uZihsZGFwX29w dF90ICopOw0KKytsZGFwX2tleV90ICogbGRhcF9nZXR1c2Vya2V5KGxkYXBfb3B0X3QgKiwg Y29uc3QgY2hhciAqKTsNCisraW50IGxkYXBfaXNtZW1iZXIobGRhcF9vcHRfdCAqLCBjb25z dCBjaGFyICopOw0KKysNCisrI2VuZGlmDQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3Jp ZycgLS1leGNsdWRlICcqLnJlaicgbHBrLXVzZXItZXhhbXBsZS50eHQgbHBrLXVzZXItZXhh bXBsZS50eHQNCistLS0gbHBrLXVzZXItZXhhbXBsZS50eHQJMTk2OS0xMi0zMSAxNjowMDow MC4wMDAwMDAwMDAgLTA4MDANCisrKysgbHBrLXVzZXItZXhhbXBsZS50eHQJMjAwOC0wOC0y MyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCitAQCAtMCwwICsxLDExNyBAQA0KKysNCisr UG9zdCB0byBNTCAtPiBVc2VyIE1hZGUgUXVpY2sgSW5zdGFsbCBEb2MuDQorK0NvbnRyaWJ1 dGlvbiBmcm9tIEpvaG4gTGFuZSA8am9obkBsYW5lLnVrLm5ldD4NCisrDQorKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysNCisrDQorK09wZW5TU0ggTERBUCBrZXlzdG9yZSBQYXRjaA0KKys9 PT09PT09PT09PT09PT09PT09PT09PT09PT0NCisrDQorK05PVEU6IHRoZXNlIG5vdGVzIGFy ZSBhIHRyYW5zY3JpcHQgb2YgYSBzcGVjaWZpYyBpbnN0YWxsYXRpb24NCisrICAgICAgdGhl eSB3b3JrIGZvciBtZSwgeW91ciBzcGVjaWZpY3MgbWF5IGJlIGRpZmZlcmVudCENCisrICAg ICAgZnJvbSBKb2huIExhbmUgTWFyY2ggMTd0aCAyMDA1ICAgICAgICAgam9obkBsYW5lLnVr Lm5ldA0KKysNCisrVGhpcyBpcyBhIHBhdGNoIHRvIE9wZW5TU0ggNC4wcDEgdG8gYWxsb3cg aXQgdG8gb2J0YWluIHVzZXJzJyBwdWJsaWMga2V5cw0KKytmcm9tIHRoZWlyIExEQVAgcmVj b3JkIGFzIGFuIGFsdGVybmF0aXZlIHRvIH4vLnNzaC9hdXRob3JpemVkX2tleXMuDQorKw0K KysoQXNzdW1pbmcgaGVyZSB0aGF0IG5lY2Vzc2FyeSBidWlsZCBzdHVmZiBpcyBpbiAkQlVJ TEQpDQorKw0KKytjZCAkQlVJTEQvb3BlbnNzaC00LjBwMQ0KKytwYXRjaCAtTnAxIC1pICRC VUlMRC9vcGVuc3NoLWxway00LjBwMS0wLjMucGF0Y2gNCisrbWtkaXIgLXAgL3Zhci9lbXB0 eSAmJg0KKysuL2NvbmZpZ3VyZSAtLXByZWZpeD0vdXNyIC0tc3lzY29uZmRpcj0vZXRjL3Nz aCBcDQorKyAgICAtLWxpYmV4ZWNkaXI9L3Vzci9zYmluIC0td2l0aC1tZDUtcGFzc3dvcmRz IC0td2l0aC1wYW0gXA0KKysgICAgLS13aXRoLWxpYnM9Ii1sbGRhcCIgLS13aXRoLWNwcGZs YWdzPSItRFdJVEhfTERBUF9QVUJLRVkiDQorK05vdyBkby4NCisrbWFrZSAmJg0KKyttYWtl IGluc3RhbGwNCisrDQorK0FkZCB0aGUgZm9sbG93aW5nIGNvbmZpZyB0byAvZXRjL3NzaC9z c2hfY29uZmlnDQorK1VzZUxQSyB5ZXMNCisrTHBrU2VydmVycyBsZGFwOi8vbXlob3N0Lm15 ZG9tYWluLmNvbQ0KKytMcGtVc2VyRE4gIG91PVBlb3BsZSxkYz1teWRvbWFpbixkYz1jb20N CisrDQorK1dlIG5lZWQgdG8gdGVsbCBzc2hkIGFib3V0IHRoZSBTU0wga2V5cyBkdXJpbmcg Ym9vdCwgYXMgcm9vdCdzDQorK2Vudmlyb25tZW50IGRvZXMgbm90IGV4aXN0IGF0IHRoYXQg dGltZS4gRWRpdCAvZXRjL3JjLmQvaW5pdC5kL3NzaGQuDQorK0NoYW5nZSB0aGUgc3RhcnR1 cCBjb2RlIGZyb20gdGhpczoNCisrICAgICAgICAgICAgICAgIGVjaG8gIlN0YXJ0aW5nIFNT SCBTZXJ2ZXIuLi4iDQorKyAgICAgICAgICAgICAgICBsb2FkcHJvYyAvdXNyL3NiaW4vc3No ZA0KKysgICAgICAgICAgICAgICAgOzsNCisrdG8gdGhpczoNCisrICAgICAgICAgICAgICAg IGVjaG8gIlN0YXJ0aW5nIFNTSCBTZXJ2ZXIuLi4iDQorKyAgICAgICAgICAgICAgICBMREFQ UkM9Ii9yb290Ly5sZGFwcmMiIGxvYWRwcm9jIC91c3Ivc2Jpbi9zc2hkDQorKyAgICAgICAg ICAgICAgICA7Ow0KKysNCisrUmUtc3RhcnQgdGhlIHNzaGQgZGFlbW9uOg0KKysvZXRjL3Jj LmQvaW5pdC5kL3NzaGQgcmVzdGFydA0KKysNCisrSW5zdGFsbCB0aGUgYWRkaXRpb25hbCBM REFQIHNjaGVtYQ0KKytjcCAkQlVJTEQvb3BlbnNzaC1scGstMC4yLnNjaGVtYSAgL2V0Yy9v cGVubGRhcC9zY2hlbWEvb3BlbnNzaC5zY2hlbWENCisrDQorK05vdyBhZGQgdGhlIG9wZW5T U0ggTERBUCBzY2hlbWEgdG8gL2V0Yy9vcGVubGRhcC9zbGFwZC5jb25mOg0KKytBZGQgdGhl IGZvbGxvd2luZyB0byB0aGUgZW5kIG9mIHRoZSBleGlzdGluZyBibG9jayBvZiBzY2hlbWEg aW5jbHVkZXMNCisraW5jbHVkZSAgICAgICAgIC9ldGMvb3BlbmxkYXAvc2NoZW1hL29wZW5z c2guc2NoZW1hDQorKw0KKytSZS1zdGFydCB0aGUgTERBUCBzZXJ2ZXI6DQorKy9ldGMvcmMu ZC9pbml0LmQvc2xhcGQgcmVzdGFydA0KKysNCisrVG8gYWRkIG9uZSBvciBtb3JlIHB1Ymxp YyBrZXlzIHRvIGEgdXNlciwgZWcgInRlc3R1c2VyIiA6DQorK2xkYXBzZWFyY2ggLXggLVcg LVogLUxMTCAtYiAidWlkPXRlc3R1c2VyLG91PVBlb3BsZSxkYz1teWRvbWFpbixkYz1jb20i IC1EDQorKyJ1aWQ9dGVzdHVzZXIsb3U9UGVvcGxlLGRjPW15ZG9tYWluLGRjPWNvbSIgPiAv dG1wL3Rlc3R1c2VyDQorKw0KKythcHBlbmQgdGhlIGZvbGxvd2luZyB0byB0aGlzIC90bXAv dGVzdHVzZXIgZmlsZQ0KKytvYmplY3RjbGFzczogbGRhcFB1YmxpY0tleQ0KKytzc2hQdWJs aWNLZXk6IHNzaC1yc2ENCisrQUFBQUIzTnphQzF5YzJFQUFBQUJKUUFBQUlCM2RzcndxWHFE N0U0ellZcnh3ZERLQlVReEtNaW9YeTlweEZWYWk2NGtBUHhqVTlLUw0KKytxSW83UWZranNs ZnNqZmxrc2pmbGRma2pzbGRmakxYLzV6a3pSbVQyOEk1cGlHenVuUHYxN1M4OXo4WHdTc3VB b1IxdDg2dCs1ZGxJDQorKzdlWkUvZ1ZibjJVUWtRcTcra2REVFMyeVhWNlZuQzUyTi9rS0xH M2NpQmtCQXc9PSBHZW5lcmFsIFB1cnBvc2UgUlNBIEtleQ0KKysNCisrVGhlbiBkbyBhIG1v ZGlmeToNCisrbGRhcG1vZGlmeSAteCAtRCAidWlkPXRlc3R1c2VyLG91PVBlb3BsZSxkYz1t eWRvbWFpbixkYz1jb20iIC1XIC1mDQorKy90bXAvdGVzdHVzZXIgLVoNCisrRW50ZXIgTERB UCBQYXNzd29yZDoNCisrbW9kaWZ5aW5nIGVudHJ5ICJ1aWQ9dGVzdHVzZXIsb3U9UGVvcGxl LGRjPW15ZG9tYWluLGRjPWNvbSINCisrQW5kIGNoZWNrIHRoZSBtb2RpZnkgaXMgb2s6DQor K2xkYXBzZWFyY2ggLXggLVcgLVogLWIgInVpZD10ZXN0dXNlcixvdT1QZW9wbGUsZGM9bXlk b21haW4sZGM9Y29tIiAtRA0KKysidWlkPXRlc3R1c2VyLG91PVBlb3BsZSxkYz1teWRvbWFp bixkYz1jb20iDQorK0VudGVyIExEQVAgUGFzc3dvcmQ6DQorKyMgZXh0ZW5kZWQgTERJRg0K KysjDQorKyMgTERBUHYzDQorKyMgYmFzZSA8dWlkPXRlc3R1c2VyLG91PVBlb3BsZSxkYz1t eWRvbWFpbixkYz1jb20+IHdpdGggc2NvcGUgc3ViDQorKyMgZmlsdGVyOiAob2JqZWN0Y2xh c3M9KikNCisrIyByZXF1ZXN0aW5nOiBBTEwNCisrIw0KKysNCisrIyB0ZXN0dXNlciwgUGVv cGxlLCBteWRvbWFpbi5jb20NCisrZG46IHVpZD10ZXN0dXNlcixvdT1QZW9wbGUsZGM9bXlk b21haW4sZGM9Y29tDQorK3VpZDogdGVzdHVzZXINCisrY246IHRlc3R1c2VyDQorK29iamVj dENsYXNzOiBhY2NvdW50DQorK29iamVjdENsYXNzOiBwb3NpeEFjY291bnQNCisrb2JqZWN0 Q2xhc3M6IHRvcA0KKytvYmplY3RDbGFzczogc2hhZG93QWNjb3VudA0KKytvYmplY3RDbGFz czogbGRhcFB1YmxpY0tleQ0KKytzaGFkb3dMYXN0Q2hhbmdlOiAxMjc1Nw0KKytzaGFkb3dN YXg6IDk5OTk5DQorK3NoYWRvd1dhcm5pbmc6IDcNCisrbG9naW5TaGVsbDogL2Jpbi9iYXNo DQorK3VpZE51bWJlcjogOTk5OQ0KKytnaWROdW1iZXI6IDUwMQ0KKytob21lRGlyZWN0b3J5 OiAvaG9tZS90ZXN0dXNlcg0KKyt1c2VyUGFzc3dvcmQ6OiBlMU5UU0VGOVVEZ3dWMWhuTTFW alVEUkpLMGsxWW5GaUwxZDRaVUpPYlhsWlozWjNVVFU9DQorK3NzaFB1YmxpY0tleTogc3No LXJzYQ0KKytBQUFBQjNOemFDMXljMkVBQUFBQkpRQUFBSUIzZHNyd3FYcUQ3RTR6WVlyeHdk REtCVVF4S01pb1h5OXB4RlZhaTY0a0FQeGpVOUtTcUlvN1Fma2pzbGZzamZsa3NqZmxkZmtq c2xkZmpMWC81emt6Um1UMjhJNXBpR3p1blB2MTdTODl6DQorKzhYd1NzdUFvUjF0ODZ0KzVk bEk3ZVpFL2dWYm4yVVFrUXE3K2tkRFRTMnlYVjZWbkM1Mk4va0tMRzNjaUJrQkF3PT0gR2Vu ZXJhbCBQdXJwb3NlIFJTQSBLZXkNCisrDQorKyMgc2VhcmNoIHJlc3VsdA0KKytzZWFyY2g6 IDMNCisrcmVzdWx0OiAwIFN1Y2Nlc3MNCisrDQorKyMgbnVtUmVzcG9uc2VzOiAyDQorKyMg bnVtRW50cmllczogMQ0KKysNCisrTm93IHN0YXJ0IGEgc3NoIHNlc3Npb24gdG8gdXNlciAi dGVzdHVzZXIiIGZyb20gdXN1YWwgc3NoIGNsaWVudCAoZS5nLg0KKytwdVRUWSkuIExvZ2lu IHNob3VsZCBzdWNjZWVkLg0KKysNCisrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKw0KK2RpZmYg LU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIE1ha2VmaWxlLmlu IE1ha2VmaWxlLmluDQorLS0tIE1ha2VmaWxlLmluCTIwMDgtMDctMDggMDc6MjE6MTIuMDAw MDAwMDAwIC0wNzAwDQorKysrIE1ha2VmaWxlLmluCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAw MDAwMDAwIC0wNzAwDQorQEAgLTg3LDcgKzg3LDcgQEANCisgCWF1dGgta3JiNS5vIFwNCisg CWF1dGgyLWdzcy5vIGdzcy1zZXJ2Lm8gZ3NzLXNlcnYta3JiNS5vIFwNCisgCWxvZ2lucmVj Lm8gYXV0aC1wYW0ubyBhdXRoLXNoYWRvdy5vIGF1dGgtc2lhLm8gbWQ1Y3J5cHQubyBcDQor LQlhdWRpdC5vIGF1ZGl0LWJzbS5vIHBsYXRmb3JtLm8gc2Z0cC1zZXJ2ZXIubyBzZnRwLWNv bW1vbi5vIFwNCisrCWF1ZGl0Lm8gYXVkaXQtYnNtLm8gcGxhdGZvcm0ubyBsZGFwYXV0aC5v IHNmdHAtc2VydmVyLm8gc2Z0cC1jb21tb24ubyBcDQorIAlyb2FtaW5nX2NvbW1vbi5vDQor IA0KKyBNQU5QQUdFUwk9IG1vZHVsaS41Lm91dCBzY3AuMS5vdXQgc3NoLWFkZC4xLm91dCBz c2gtYWdlbnQuMS5vdXQgc3NoLWtleWdlbi4xLm91dCBzc2gta2V5c2Nhbi4xLm91dCBzc2gu MS5vdXQgc3NoZC44Lm91dCBzZnRwLXNlcnZlci44Lm91dCBzZnRwLjEub3V0IHNzaC1yYW5k LWhlbHBlci44Lm91dCBzc2gta2V5c2lnbi44Lm91dCBzc2hkX2NvbmZpZy41Lm91dCBzc2hf Y29uZmlnLjUub3V0DQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRl ICcqLnJlaicgb3BlbnNzaC1scGtfb3BlbmxkYXAuc2NoZW1hIG9wZW5zc2gtbHBrX29wZW5s ZGFwLnNjaGVtYQ0KKy0tLSBvcGVuc3NoLWxwa19vcGVubGRhcC5zY2hlbWEJMTk2OS0xMi0z MSAxNjowMDowMC4wMDAwMDAwMDAgLTA4MDANCisrKysgb3BlbnNzaC1scGtfb3BlbmxkYXAu c2NoZW1hCTIwMDgtMDgtMjMgMTU6MDI6NDcuMDAwMDAwMDAwIC0wNzAwDQorQEAgLTAsMCAr MSwxOSBAQA0KKysjDQorKyMgTERBUCBQdWJsaWMgS2V5IFBhdGNoIHNjaGVtYSBmb3IgdXNl IHdpdGggb3BlbnNzaC1sZGFwcHVia2V5DQorKyMgQXV0aG9yOiBFcmljIEFVR0UgPGVhdUBw aGVhci5vcmc+DQorKyMgDQorKyMgQmFzZWQgb24gdGhlIHByb3Bvc2FsIG9mIDogTWFyayBS dWlqdGVyDQorKyMNCisrDQorKw0KKysjIG9jdGV0U3RyaW5nIFNZTlRBWA0KKythdHRyaWJ1 dGV0eXBlICggMS4zLjYuMS40LjEuMjQ1NTIuNTAwLjEuMS4xLjEzIE5BTUUgJ3NzaFB1Ymxp Y0tleScgDQorKwlERVNDICdNQU5EQVRPUlk6IE9wZW5TU0ggUHVibGljIGtleScgDQorKwlF UVVBTElUWSBvY3RldFN0cmluZ01hdGNoDQorKwlTWU5UQVggMS4zLjYuMS40LjEuMTQ2Ni4x MTUuMTIxLjEuNDAgKQ0KKysNCisrIyBwcmludGFibGVTdHJpbmcgU1lOVEFYIHllc3xubw0K KytvYmplY3RjbGFzcyAoIDEuMy42LjEuNC4xLjI0NTUyLjUwMC4xLjEuMi4wIE5BTUUgJ2xk YXBQdWJsaWNLZXknIFNVUCB0b3AgQVVYSUxJQVJZDQorKwlERVNDICdNQU5EQVRPUlk6IE9w ZW5TU0ggTFBLIG9iamVjdGNsYXNzJw0KKysJTVVTVCAoIHNzaFB1YmxpY0tleSAkIHVpZCAp IA0KKysJKQ0KK2RpZmYgLU51YXIgLS1leGNsdWRlICcqLm9yaWcnIC0tZXhjbHVkZSAnKi5y ZWonIG9wZW5zc2gtbHBrX3N1bi5zY2hlbWEgb3BlbnNzaC1scGtfc3VuLnNjaGVtYQ0KKy0t LSBvcGVuc3NoLWxwa19zdW4uc2NoZW1hCTE5NjktMTItMzEgMTY6MDA6MDAuMDAwMDAwMDAw IC0wODAwDQorKysrIG9wZW5zc2gtbHBrX3N1bi5zY2hlbWEJMjAwOC0wOC0yMyAxNTowMjo0 Ny4wMDAwMDAwMDAgLTA3MDANCitAQCAtMCwwICsxLDIxIEBADQorKyMNCisrIyBMREFQIFB1 YmxpYyBLZXkgUGF0Y2ggc2NoZW1hIGZvciB1c2Ugd2l0aCBvcGVuc3NoLWxkYXBwdWJrZXkN CisrIyBBdXRob3I6IEVyaWMgQVVHRSA8ZWF1QHBoZWFyLm9yZz4NCisrIyANCisrIyBTY2hl bWEgZm9yIFN1biBEaXJlY3RvcnkgU2VydmVyLg0KKysjIEJhc2VkIG9uIHRoZSBvcmlnaW5h bCBzY2hlbWEsIG1vZGlmaWVkIGJ5IFN0ZWZhbiBGaXNjaGVyLg0KKysjDQorKw0KKytkbjog Y249c2NoZW1hDQorKw0KKysjIG9jdGV0U3RyaW5nIFNZTlRBWA0KKythdHRyaWJ1dGVUeXBl czogKCAxLjMuNi4xLjQuMS4yNDU1Mi41MDAuMS4xLjEuMTMgTkFNRSAnc3NoUHVibGljS2V5 JyANCisrCURFU0MgJ01BTkRBVE9SWTogT3BlblNTSCBQdWJsaWMga2V5JyANCisrCUVRVUFM SVRZIG9jdGV0U3RyaW5nTWF0Y2gNCisrCVNZTlRBWCAxLjMuNi4xLjQuMS4xNDY2LjExNS4x MjEuMS40MCApDQorKw0KKysjIHByaW50YWJsZVN0cmluZyBTWU5UQVggeWVzfG5vDQorK29i amVjdENsYXNzZXM6ICggMS4zLjYuMS40LjEuMjQ1NTIuNTAwLjEuMS4yLjAgTkFNRSAnbGRh cFB1YmxpY0tleScgU1VQIHRvcCBBVVhJTElBUlkNCisrCURFU0MgJ01BTkRBVE9SWTogT3Bl blNTSCBMUEsgb2JqZWN0Y2xhc3MnDQorKwlNVVNUICggc3NoUHVibGljS2V5ICQgdWlkICkg DQorKwkpDQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRlICcqLnJl aicgUkVBRE1FLmxwayBSRUFETUUubHBrDQorLS0tIFJFQURNRS5scGsJMTk2OS0xMi0zMSAx NjowMDowMC4wMDAwMDAwMDAgLTA4MDANCisrKysgUkVBRE1FLmxwawkyMDA4LTA4LTIzIDE1 OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KK0BAIC0wLDAgKzEsMjY3IEBADQorK09wZW5TU0gg TERBUCBQVUJMSUMgS0VZIFBBVENIIA0KKytDb3B5cmlnaHQgKGMpIDIwMDMgRXJpYyBBVUdF IChlYXVAcGhlYXIub3JnKQ0KKytBbGwgcmlnaHRzIHJlc2VydmVkLg0KKysNCisrUmVkaXN0 cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3 aXRob3V0DQorK21vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0aGF0IHRo ZSBmb2xsb3dpbmcgY29uZGl0aW9ucw0KKythcmUgbWV0Og0KKysxLiBSZWRpc3RyaWJ1dGlv bnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodA0KKysg ICBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRp c2NsYWltZXIuDQorKzIuIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJl cHJvZHVjZSB0aGUgYWJvdmUgY29weXJpZ2h0DQorKyAgIG5vdGljZSwgdGhpcyBsaXN0IG9m IGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lciBpbiB0aGUNCisrICAg ZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhl IGRpc3RyaWJ1dGlvbi4NCisrMy4gVGhlIG5hbWUgb2YgdGhlIGF1dGhvciBtYXkgbm90IGJl IHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzDQorKyAgIGRlcml2ZWQgZnJv bSB0aGlzIHNvZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMgcHJpb3Igd3JpdHRlbiBwZXJtaXNz aW9uLg0KKysNCisrVEhJUyBTT0ZUV0FSRSBJUyBQUk9WSURFRCBCWSBUSEUgQVVUSE9SIGBg QVMgSVMnJyBBTkQgQU5ZIEVYUFJFU1MgT1INCisrSU1QTElFRCBXQVJSQU5USUVTLCBJTkNM VURJTkcsIEJVVCBOT1QgTElNSVRFRCBUTywgVEhFIElNUExJRUQgV0FSUkFOVElFUw0KKytP RiBNRVJDSEFOVEFCSUxJVFkgQU5EIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NF IEFSRSBESVNDTEFJTUVELg0KKytJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQVVUSE9SIEJFIExJ QUJMRSBGT1IgQU5ZIERJUkVDVCwgSU5ESVJFQ1QsDQorK0lOQ0lERU5UQUwsIFNQRUNJQUws IEVYRU1QTEFSWSwgT1IgQ09OU0VRVUVOVElBTCBEQU1BR0VTIChJTkNMVURJTkcsIEJVVA0K KytOT1QgTElNSVRFRCBUTywgUFJPQ1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUyBPUiBT RVJWSUNFUzsgTE9TUyBPRiBVU0UsDQorK0RBVEEsIE9SIFBST0ZJVFM7IE9SIEJVU0lORVNT IElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5EIE9OIEFOWQ0KKytUSEVPUlkgT0Yg TElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklMSVRZLCBPUiBU T1JUDQorKyhJTkNMVURJTkcgTkVHTElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4g QU5ZIFdBWSBPVVQgT0YgVEhFIFVTRSBPRg0KKytUSElTIFNPRlRXQVJFLCBFVkVOIElGIEFE VklTRUQgT0YgVEhFIFBPU1NJQklMSVRZIE9GIFNVQ0ggREFNQUdFLg0KKysNCisrcHVycG9z ZXMgb2YgdGhpcyBwYXRjaDoNCisrDQorK1RoaXMgcGF0Y2ggd291bGQgaGVscCB0byBoYXZl IGF1dGhlbnRpY2F0aW9uIGNlbnRyYWxpemF0aW9uIHBvbGljeQ0KKyt1c2luZyBzc2ggcHVi bGljIGtleSBhdXRoZW50aWNhdGlvbi4NCisrVGhpcyBwYXRjaCBjb3VsZCBiZSBhbiBhbHRl cm5hdGl2ZSB0byBvdGhlciAic2VjdXJlIiBhdXRoZW50aWNhdGlvbiBzeXN0ZW0NCisrd29y a2luZyBpbiBhIHNpbWlsYXIgd2F5IChLZXJiZXJvcywgU2VjdXJJRCwgZXRjLi4uKSwgZXhj ZXB0IHRoZSBmYWN0IA0KKyt0aGF0IGl0J3MgYmFzZWQgb24gT3BlblNTSCBhbmQgaXRzIHB1 YmxpYyBrZXkgYWJpbGl0aWVzLg0KKysNCisrPj4gRllJOiA8PA0KKysndWlkJzogbWVhbnMg dW5peCBhY2NvdW50cyBleGlzdGluZyBvbiB0aGUgY3VycmVudCBzZXJ2ZXINCisrJ2xwa1Nl cnZlckdyb3VwOicgbWVhbiBzZXJ2ZXIgZ3JvdXAgY29uZmlndXJlZCBvbiB0aGUgY3VycmVu dCBzZXJ2ZXIgKCdscGtTZXJ2ZXJHcm91cCcgaW4gc3NoZF9jb25maWcpDQorKw0KKytleGFt cGxlIHNjaGVtYToNCisrDQorKw0KKysgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc2VydmVyMSAodWlkOiBlYXUscml2YWwsdG90bykgKGxwa1NlcnZlckdyb3VwOiB1bml4 KQ0KKysgICAgICAgICAgICAgICAgX19fX19fX19fX18gICAgICAvDQorKyAgICAgICAgICAg ICAgIC8gICAgICAgICAgIFwgLS0tIC0gc2VydmVyMyAodWlkOiBlYXUsIHRpdGkpIChscGtT ZXJ2ZXJHcm91cDogdW5peCkNCisrICAgICAgICAgICAgICB8IExEQVAgU2VydmVyIHwgICAg XA0KKysJICAgICAgfCBlYXUgICxyaXZhbCB8ICAgICBzZXJ2ZXIyICh1aWQ6IHJpdmFsLCBl YXUpIChscGtTZXJ2ZXJHcm91cDogdW5peCkNCisrCSAgICAgIHwgdGl0aSAsdG90byAgfA0K KysJICAgICAgfCB1c2VyeCwuLi4uICB8ICAgICAgICAgc2VydmVyNSAodWlkOiBlYXUpICAo bHBrU2VydmVyR3JvdXA6IG1haWwpDQorKyAgICAgICAgICAgICAgIFxfX19fX19fX19fXy8g XCAgICAgICAvDQorKwkgICAgICAgICAgICAgICAgICAgICAgIC0tLS0tIC0gc2VydmVyNCAo dWlkOiBlYXUsIHJpdmFsKSAgKG5vIGdyb3VwIGNvbmZpZ3VyZWQpDQorKwkJCSAgICAgICAg ICAgICBcDQorKwkJCQkgICAgICAgIGV0Yy4uLg0KKysNCisrLSBXSEFUIFdFIE5FRUQgOg0K KysNCisrICAqIGNvbmZpZ3VyZWQgTERBUCBzZXJ2ZXIgc29tZXdoZXJlIG9uIHRoZSBuZXR3 b3JrIChpLmUuIE9wZW5MREFQKQ0KKysgICogcGF0Y2hlZCBzc2hkICh3aXRoIHRoaXMgcGF0 Y2ggOykNCisrICAqIExEQVAgdXNlcigvZ3JvdXApIGVudHJ5IChsb29rIGF0IHVzZXJzLmxk aWYgKCYgZ3JvdXBzLmxkaWYpKToNCisrICAgICAgICBVc2VyIGVudHJ5Og0KKysJLSBhdHRh Y2hlZCB0byB0aGUgJ2xkYXBQdWJsaWNLZXknIG9iamVjdGNsYXNzDQorKwktIGF0dGFjaGVk IHRvIHRoZSAncG9zaXhBY2NvdW50JyBvYmplY3RjbGFzcw0KKysJLSB3aXRoIGEgZmlsbGVk ICdzc2hQdWJsaWNLZXknIGF0dHJpYnV0ZSANCisrCUV4YW1wbGU6DQorKwkJZG46IHVpZD1l YXUsb3U9dXNlcnMsZGM9Y3Vja29vcyxkYz1uZXQNCisrCQlvYmplY3RjbGFzczogdG9wDQor KwkJb2JqZWN0Y2xhc3M6IHBlcnNvbg0KKysJCW9iamVjdGNsYXNzOiBvcmdhbml6YXRpb25h bFBlcnNvbg0KKysJCW9iamVjdGNsYXNzOiBwb3NpeEFjY291bnQNCisrCQlvYmplY3RjbGFz czogbGRhcFB1YmxpY0tleQ0KKysJCWRlc2NyaXB0aW9uOiBFcmljIEFVR0UgQWNjb3VudA0K KysJCXVzZXJQYXNzd29yZDogYmxhaA0KKysJCWNuOiBFcmljIEFVR0UNCisrCQlzbjogRXJp YyBBVUdFDQorKwkJdWlkOiBlYXUNCisrCQl1aWROdW1iZXI6IDEwMzQNCisrCQlnaWROdW1i ZXI6IDENCisrCQlob21lRGlyZWN0b3J5OiAvZXhwb3J0L2hvbWUvZWF1DQorKwkJc3NoUHVi bGljS2V5OiBzc2gtZHNzIEFBQUFCMy4uLg0KKysJCXNzaFB1YmxpY0tleTogc3NoLWRzcyBB QUFBTTUuLi4NCisrDQorKwlHcm91cCBlbnRyeToNCisrCS0gYXR0YWNoZWQgdG8gdGhlICdw b3NpeEdyb3VwJyBvYmplY3RjbGFzcw0KKysJLSB3aXRoIGEgJ2NuJyBncm91cG5hbWUgYXR0 cmlidXRlDQorKwktIHdpdGggbXVsdGlwbGUgJ21lbWJlclVpZCcgYXR0cmlidXRlcyBmaWxs ZWQgd2l0aCB1c2VybmFtZXMgYWxsb3dlZCBpbiB0aGlzIGdyb3VwDQorKwlFeGFtcGxlOg0K KysJCSMgZmV3IG1lbWJlcnMNCisrCQlkbjogY249dW5peCxvdT1ncm91cHMsZGM9Y3Vja29v cyxkYz1uZXQNCisrCQlvYmplY3RjbGFzczogdG9wDQorKwkJb2JqZWN0Y2xhc3M6IHBvc2l4 R3JvdXANCisrCQlkZXNjcmlwdGlvbjogVW5peCBiYXNlZCBzZXJ2ZXJzIGdyb3VwDQorKwkJ Y246IHVuaXgNCisrCQlnaWROdW1iZXI6IDEwMDINCisrCQltZW1iZXJVaWQ6IGVhdQ0KKysJ CW1lbWJlclVpZDogdXNlcjENCisrCQltZW1iZXJVaWQ6IHVzZXIyDQorKw0KKysNCisrLSBI T1cgSVQgV09SS1MgOg0KKysNCisrICAqIHdpdGhvdXQgcGF0Y2gNCisrICBJZiBhIHVzZXIg d2FudHMgdG8gYXV0aGVudGljYXRlIHRvIGxvZyBpbiBhIHNlcnZlciB0aGUgc3NoZCwgd2ls bCBmaXJzdCBsb29rIGZvciBhdXRoZW50aWNhdGlvbiBtZXRob2QgYWxsb3dlZCAoUlNBYXV0 aCxrZXJiZXJvcyxldGMuLikNCisrICBhbmQgaWYgUlNBYXV0aCBhbmQgdGlja2V0cyBiYXNl ZCBhdXRoIGZhaWxzLCBpdCB3aWxsIGZhbGxiYWNrIHRvIHN0YW5kYXJkIHBhc3N3b3JkIGF1 dGhlbnRpY2F0aW9uIChpZiBlbmFibGVkKS4NCisrDQorKyAgKiB3aXRoIHRoZSBwYXRjaA0K KysgIElmIGEgdXNlciB3YW50IHRvIGF1dGhlbnRpY2F0ZSB0byBsb2cgaW4gYSBzZXJ2ZXIs IHRoZSBzc2hkIHdpbGwgZmlyc3QgbG9vayBmb3IgYXV0aCBtZXRob2QgaW5jbHVkaW5nIExE QVAgcHVia2V5LCBpZiB0aGUgbGRhcHB1YmtleSBvcHRpb25zIGlzIGVuYWJsZWQuDQorKyAg SXQgd2lsbCBkbyBhbiBsZGFwc2VhcmNoIHRvIGdldCB0aGUgcHVibGljIGtleSBkaXJlY3Rs eSBmcm9tIHRoZSBMREFQIGluc3RlYWQgb2YgcmVhZGluZyBpdCBmcm9tIHRoZSBzZXJ2ZXIg ZmlsZXN5c3RlbS4gDQorKyAgKHVzdWFsbHkgaW4gJEhPTUUvLnNzaC9hdXRob3JpemVkX2tl eXMpDQorKw0KKysgIElmIGdyb3VwcyBhcmUgZW5hYmxlZCwgaXQgd2lsbCBhbHNvIGNoZWNr IGlmIHRoZSB1c2VyIHRoYXQgd2FudHMgdG8gbG9naW4gaXMgaW4gdGhlIGdyb3VwIG9mIHRo ZSBzZXJ2ZXIgaGUgaXMgdHJ5aW5nIHRvIGxvZyBpbnRvLg0KKysgIElmIGl0IGZhaWxzLCBp dCBmYWxscyBiYWNrIG9uIFJTQSBhdXRoIGZpbGVzICgkSE9NRS8uc3NoL2F1dGhvcml6ZWRf a2V5cyksIGV0Yy4uIGFuZCBmaW5hbGx5IHRvIHN0YW5kYXJkIHBhc3N3b3JkIGF1dGhlbnRp Y2F0aW9uIChpZiBlbmFibGVkKS4NCisrDQorKyAgNyB0b2tlbnMgYXJlIGFkZGVkIHRvIHNz aGRfY29uZmlnIDoNCisrICAjIGhlcmUgaXMgdGhlIG5ldyBwYXRjaGVkIGxkYXAgcmVsYXRl ZCB0b2tlbnMNCisrICAjIGVudHJpZXMgaW4geW91ciBMREFQIG11c3QgYmUgcG9zaXhBY2Nv dW50ICYgc3Ryb25nQXV0aGVudGljYXRpb25Vc2VyICYgcG9zaXhHcm91cA0KKysgIFVzZUxQ SyB5ZXMJCQkJCQkJCSMgbG9vayB0aGUgcHViIGtleSBpbnRvIExEQVANCisrICBMcGtTZXJ2 ZXJzIGxkYXA6Ly8xMC4zMS4zMi41LyBsZGFwOi8vMTAuMzEuMzIuNCBsZGFwOi8vMTAuMzEu MzIuMwkjIHdoaWNoIExEQVAgc2VydmVyIGZvciB1c2VycyA/IChVUkwgZm9ybWF0KQ0KKysg IExwa1VzZXJETiAgb3U9dXNlcnMsZGM9Zm9vYmFyLGRjPW5ldAkJCQkJIyB3aGljaCBiYXNl IEROIGZvciB1c2VycyA/DQorKyAgTHBrR3JvdXBETiBvdT1ncm91cHMsZGM9Zm9vYmFyLGRj PW5ldAkJCQkJIyB3aGljaCBiYXNlIEROIGZvciBncm91cHMgPyANCisrICBMcGtCaW5kRE4g Y249bWFuYWdlcixkYz1mb29iYXIsZGM9bmV0CQkJCQkjIHdoaWNoIGJpbmQgRE4gPw0KKysg IExwa0JpbmRQdyBhc2VjcmV0CQkJCQkJCSMgYmluZCBETiBjcmVkaWRlbnRpYWxzDQorKyAg THBrU2VydmVyR3JvdXAgYWdyb3VwbmFtZQkJCQkJCSMgdGhlIGdyb3VwIHRoZSBzZXJ2ZXIg aXMgcGFydCBvZg0KKysNCisrICBSaWdodCBub3cgaSdtIHVzaW5nIGFub255bW91cyBiaW5k aW5nIHRvIGdldCBwdWJsaWMga2V5cywgYmVjYXVzZSBnZXR0aW5nIHB1YmxpYyBrZXlzIG9m IHNvbWVvbmUgZG9lc24ndCBpbXBlcnNvbmF0ZSBoaW24IGJ1dCB0aGVyZSBpcyBzb21lDQor KyAgZmxhd3MgeW91IGhhdmUgdG8gdGFrZSBjYXJlIG9mLg0KKysNCisrLSBIT1cgVE8gSU5T RVJUIEEgVVNFUi9LRVkgSU5UTyBBTiBMREFQIEVOVFJZDQorKw0KKysgICogbXkgd2F5ICh0 aGVyZSBpcyBwbGVudHkgOikNCisrICAtIGNyZWF0ZSBsZGlmIGZpbGUgKGkuZS4gdXNlcnMu bGRpZikNCisrICAtIGNhdCB+Ly5zc2gvaWRfZHNhLnB1YiBPUiBjYXQgfi8uc3NoL2lkX3Jz YS5wdWIgT1IgY2F0IH4vLnNzaC9pZGVudGl0eS5wdWINCisrICAtIG15IHdheSBpbiA0IHN0 ZXBzIDoNCisrICBFeGFtcGxlOg0KKysNCisrICAjIHlvdSBhZGQgdGhpcyB0byB0aGUgdXNl ciBlbnRyeSBpbiB0aGUgTERJRiBmaWxlIDoNCisrICBbLi4uXQ0KKysgIG9iamVjdGNsYXNz OiBwb3NpeEFjY291bnQNCisrICBvYmplY3RjbGFzczogbGRhcFB1YmxpY0tleQ0KKysgIFsu Li5dDQorKyAgc3NoUHVibGlLZXk6IHNzaC1kc3MgQUFBQUJEaDEyRERVUjIuLi4NCisrICBb Li4uXQ0KKysNCisrICAjIGluc2VydCB5b3VyIGVudHJ5IGFuZCB5b3UncmUgZG9uZSA6KQ0K KysgIGxkYXBhZGQgLUQgYmFsYmxhYmxhIC13IGJsZWggPCBmaWxlLmxkaWYgDQorKyAgDQor KyAgYWxsIHN0YW5kYXJkIG9wdGlvbnMgY2FuIGJlIHByZXNlbnQgaW4gdGhlICdzc2hQdWJs aWNLZXknIGF0dHJpYnV0ZS4NCisrDQorKy0gV0hZIDoNCisrDQorKyAgU2ltcGx5IGJlY2F1 c2UsIGkgd2FzIGxvb2tpbmcgZm9yIGEgd2F5IHRvIGNlbnRyYWxpemUgYWxsIHN5c2FkbWlu cyBhdXRoZW50aWNhdGlvbiwgZWFzaWx5LCAgd2l0aG91dCBjb21wbGV0ZWx5IHVzaW5nIExE QVAgDQorKyAgYXMgYXV0aGVudGljYXRpb24gbWV0aG9kIChsaWtlIHBhbV9sZGFwIGV0Yy4u KS4gIA0KKysgIA0KKysgIEFmdGVyIGxvb2tpbmcgaW50byBLZXJiZXJvcywgU2VjdXJJRCwg YW5kIG90aGVyIGNlbnRyYWxpemVkIHNlY3VyZSBhdXRoZW50aWNhdGlvbnMgc3lzdGVtcywg dGhlIHVzZSBvZiBSU0EgYW5kIExEQVAgdG8gZ2V0IA0KKysgIHB1YmxpYyBrZXkgZm9yIGF1 dGhlbnRpY2F0aW9uIGFsbG93cyB1cyB0byBjb250cm9sIHdobyBoYXMgYWNjZXNzIHRvIHdo aWNoIHNlcnZlciAodGhlIHVzZXIgbmVlZHMgYW4gYWNjb3VudCBhbmQgdG8gYmUgaW4gJ3N0 cm9uZ0F1dGhlbnRpY2F0aW9uVXNlcicNCisrICBvYmplY3RjbGFzcyB3aXRoaW4gTERBUCBh bmQgcGFydCBvZiB0aGUgZ3JvdXAgdGhlIFNTSCBzZXJ2ZXIgaXMgaW4pLiANCisrDQorKyAg UGFzc3dvcmRzIHVwZGF0ZSBhcmUgbm8gbG9uZ2VyIGEgbmlnaHRtYXJlIGZvciBhIHNlcnZl ciBmYXJtIChrZXkgcGFpciBwYXNzcGhyYXNlIGlzIHN0b3JlZCBvbiBlYWNoIHVzZXIncyBi b3ggYW5kIHByaXZhdGUga2V5IGlzIGxvY2FsbHkgZW5jcnlwdGVkIHVzaW5nIGhpcyBwYXNz cGhyYXNlIA0KKysgIHNvIGVhY2ggdXNlciBjYW4gY2hhbmdlIGl0IGFzIG11Y2ggYXMgaGUg d2FudHMpLiANCisrDQorKyAgQmxvY2tpbmcgYSB1c2VyIGFjY291bnQgY2FuIGJlIGRvbmUg ZGlyZWN0bHkgZnJvbSB0aGUgTERBUCAoaWYgc3NoZCBpcyB1c2luZyBSU0FBdXRoICsgbGRh cCBvbmx5KS4NCisrDQorKy0gUlVMRVMgOiAgDQorKyAgRW50cnkgaW4gdGhlIExEQVAgc2Vy dmVyIG11c3QgcmVzcGVjdCAncG9zaXhBY2NvdW50JyBhbmQgJ2xkYXBQdWJsaWNLZXknIHdo aWNoIGFyZSBkZWZpbmVkIGluIGNvcmUuc2NoZW1hLiANCisrICBhbmQgdGhlIGFkZGl0aW9u bmFsIGxway5zY2hlbWEuDQorKw0KKysgIFRoaXMgcGF0Y2ggY291bGQgYWxsb3cgYSBzbW9v dGggdHJhbnNpdGlvbiBiZXR3ZWVuIHN0YW5kYXJkIGF1dGggKC9ldGMvcGFzc3dkKSBhbmQg Y29tcGxldGUgTERBUCBiYXNlZCBhdXRoZW50aWNhdGlvbiANCisrICAocGFtbGRhcCwgbnNz X2xkYXAsIGV0Yy4uKS4NCisrDQorKyAgVGhpcyBjYW4gYmUgYW4gYWx0ZXJuYXRpdmUgdG8g b3RoZXIgKG9sZD8vZXhwZW5zaXZlPykgYXV0aGVudGljYXRpb24gbWV0aG9kcyAoS2VyYmVy b3MvU2VjdXJJRC8uLikuDQorKyAgDQorKyAgUmVmZXJyaW5nIHRvIHNjaGVtYSBhdCB0aGUg YmVnaW5uaW5nIG9mIHRoaXMgZmlsZSBpZiB1c2VyICdlYXUnIGlzIG9ubHkgaW4gZ3JvdXAg J3VuaXgnDQorKyAgJ2VhdScgd291bGQgT05MWSBhY2Nlc3MgJ3NlcnZlcjEnLCAnc2VydmVy MicsICdzZXJ2ZXIzJyBBTkQgJ3NlcnZlcjQnIEJVVCBOT1QgJ3NlcnZlcjUnLg0KKysgIElm IHlvdSB0aGVuIG1vZGlmeSB0aGUgTERBUCAnbWFpbCcgZ3JvdXAgZW50cnkgdG8gYWRkICdt ZW1iZXJVaWQ6IGVhdScgVEhFTiB1c2VyICdlYXUnIHdvdWxkIGJlIGFibGUNCisrICB0byBs b2cgaW4gJ3NlcnZlcjUnIChpIGhvcGUgeW91IGdvdCB0aGUgaWRlYSwgbXkgZW5nbGlzaCBp cyBiYWQgOikuDQorKw0KKysgIEVhY2ggc2VydmVyJ3Mgc3NoZCBpcyBwYXRjaGVkIGFuZCBj b25maWd1cmVkIHRvIGFzayB0aGUgcHVibGljIGtleSBhbmQgdGhlIGdyb3VwIGluZm9zIGlu IHRoZSBMREFQDQorKyAgc2VydmVyLg0KKysgIFdoZW4geW91IHdhbnQgdG8gYWxsb3cgYSBu ZXcgdXNlciB0byBoYXZlIGFjY2VzcyB0byB0aGUgc2VydmVyIHBhcmMsIHlvdSBqdXN0IGFk ZCBoaW0gYW4gYWNjb3VudCBvbiANCisrICB5b3VyIHNlcnZlcnMsIHlvdSBhZGQgaGlzIHB1 YmxpYyBrZXkgaW50byBoaXMgZW50cnkgb24gdGhlIExEQVAgc2VydmVyLCBpdCdzIGRvbmUu IA0KKysNCisrICBCZWNhdXNlIHNzaGRzIGFyZSBsb29raW5nIHB1YmxpYyBrZXlzIGludG8g dGhlIExEQVAgZGlyZWN0bHkgaW5zdGVhZCBvZiBhIGZpbGUgKCRIT01FLy5zc2gvYXV0aG9y aXplZF9rZXlzKS4NCisrDQorKyAgV2hlbiB0aGUgdXNlciBuZWVkcyB0byBjaGFuZ2UgaGlz IHBhc3NwaHJhc2UgaGUgY2FuIGRvIGl0IGRpcmVjdGx5IGZyb20gaGlzIHdvcmtzdGF0aW9u IGJ5IGNoYW5naW5nIA0KKysgIGhpcyBvd24ga2V5IHNldCBsb2NrIHBhc3NwaHJhc2UsIGFu ZCBhbGwgc2VydmVycyBhcmUgYXV0b21hdGljYWxseSBhd2FyZS4NCisrIA0KKysgIFdpdGgg YSBDQVJFRlVMIExEQVAgc2VydmVyIGNvbmZpZ3VyYXRpb24geW91IGNvdWxkIGFsbG93IGEg dXNlciB0byBhZGQvZGVsZXRlL21vZGlmeSBoaXMgb3duIGVudHJ5IGhpbXNlbGYNCisrICBz byBoZSBjYW4gYWRkL21vZGlmeS9kZWxldGUgaGltc2VsZiBoaXMgcHVibGljIGtleSB3aGVu IG5lZWRlZC4NCisrDQorK60gRkxBV1MgOg0KKysgIExEQVAgbXVzdCBiZSB3ZWxsIGNvbmZp Z3VyZWQsIGdldHRpbmcgdGhlIHB1YmxpYyBrZXkgb2Ygc29tZSB1c2VyIGlzIG5vdCBhIHBy b2JsZW0sIGJ1dCBpZiBhbm9ueW1vdXMgTERBUCANCisrICBhbGxvdyB3cml0ZSB0byB1c2Vy cyBkbiwgc29tZWJvZHkgY291bGQgcmVwbGFjZSBzb21ldXNlcidzIHB1YmxpYyBrZXkgYnkg aXRzIG93biBhbmQgaW1wZXJzb25hdGUgc29tZSANCisrICBvZiB5b3VyIHVzZXJzIGluIGFs bCB5b3VyIHNlcnZlciBmYXJtIGJlIFZFUlkgQ0FSRUZVTC4NCisrICANCisrICBNSVRNIGF0 dGFjayB3aGVuIHNzaGQgaXMgcmVxdWVzdGluZyB0aGUgcHVibGljIGtleSwgY291bGQgbGVh ZCB0byBhIGNvbXByb21pc2Ugb2YgeW91ciBzZXJ2ZXJzIGFsbG93aW5nIGxvZ2luIA0KKysg IGFzIHRoZSBpbXBlcnNvbm5hdGVkIHVzZXIuDQorKw0KKysgIElmIExEQVAgc2VydmVyIGlz IGRvd24gdGhlbiwgZmFsbGJhY2sgb24gcGFzc3dkIGF1dGguDQorKyAgDQorKyAgdGhlIGxk YXAgY29kZSBwYXJ0IGhhcyBub3QgYmVlbiB3ZWxsIGF1ZGl0ZWQgeWV0Lg0KKysNCisrLSBM REFQIFVTRVIgRU5UUlkgRVhBTVBMRVMgKExESUYgRm9ybWF0LCBsb29rIGluIHVzZXJzLmxk aWYpDQorKyAgICAtLS0gQ1VUIEhFUkUgLS0tDQorKyAgICBkbjogdWlkPWpkb2Usb3U9dXNl cnMsZGM9Zm9vYmFyLGRjPW5ldA0KKysgICAgb2JqZWN0Y2xhc3M6IHRvcA0KKysgICAgb2Jq ZWN0Y2xhc3M6IHBlcnNvbg0KKysgICAgb2JqZWN0Y2xhc3M6IG9yZ2FuaXphdGlvbmFsUGVy c29uDQorKyAgICBvYmplY3RjbGFzczogcG9zaXhBY2NvdW50DQorKyAgICBvYmplY3RjbGFz czogbGRhcFB1YmxpY0tleQ0KKysgICAgZGVzY3JpcHRpb246IE15IGFjY291bnQNCisrICAg IGNuOiBKb2huIERvZQ0KKysgICAgc246IEpvaG4gRG9lDQorKyAgICB1aWQ6IGpkb2UNCisr ICAgIHVpZE51bWJlcjogMTAwDQorKyAgICBnaWROdW1iZXI6IDEwMA0KKysgICAgaG9tZURp cmVjdG9yeTogL2hvbWUvamRvZQ0KKysgICAgc3NoUHVibGljS2V5OiBzc2gtZHNzIEFBQUFC M056YUMxa2MzTUFBQUVCQU92TDhwUkVVZzl3U3kvOCtoUUo1NFlGM0FYa0IwT1pyWEIuLi4u DQorKyAgICBbLi4uXQ0KKysgICAgLS0tIENVVCBIRVJFIC0tLQ0KKysNCisrLSBMREFQIEdS T1VQIEVOVFJZIEVYQU1QTEVTIChMRElGIEZvcm1hdCwgbG9vayBpbiBncm91cHMubGRpZikN CisrICAgIC0tLSBDVVQgSEVSRSAtLS0NCisrICAgIGRuOiBjbj11bml4LG91PWdyb3Vwcyxk Yz1jdWNrb29zLGRjPW5ldA0KKysgICAgb2JqZWN0Y2xhc3M6IHRvcA0KKysgICAgb2JqZWN0 Y2xhc3M6IHBvc2l4R3JvdXANCisrICAgIGRlc2NyaXB0aW9uOiBVbml4IGJhc2VkIHNlcnZl cnMgZ3JvdXANCisrICAgIGNuOiB1bml4DQorKyAgICBnaWROdW1iZXI6IDEwMDINCisrICAg IG1lbWJlclVpZDogamRvZQ0KKysgICAgbWVtYmVyVWlkOiB1c2VyMQ0KKysgICAgbWVtYmVy VWlkOiB1c2VyMg0KKysgICAgWy4uLl0NCisrICAgIC0tLSBDVVQgSEVSRSAtLS0NCisrDQor Kz4+IEZZSTogPDwgDQorK011bHRpcGxlICdzc2hQdWJsaWNLZXknIGluIGEgdXNlciBlbnRy eSBhcmUgYWxsb3dlZCwgYXMgd2VsbCBhcyBtdWx0aXBsZSAnbWVtYmVyVWlkJyBhdHRyaWJ1 dGVzIGluIGEgZ3JvdXAgZW50cnkNCisrDQorKy0gQ09NUElMSU5HOg0KKysgIDEuIEFwcGx5 IHRoZSBwYXRjaA0KKysgIDIuIC4vY29uZmlndXJlIC0td2l0aC15b3VyLW9wdGlvbnMgLS13 aXRoLWxkYXA9L3ByZWZpeC90by9sZGFwX2xpYnNfYW5kX2luY2x1ZGVzDQorKyAgMy4gbWFr ZQ0KKysgIDQuIGl0J3MgZG9uZS4NCisrDQorKy0gQkxBIDoNCisrICBJIGhvcGUgdGhpcyBj b3VsZCBoZWxwLCBhbmQgaSBob3BlIHRvIGJlIGNsZWFyIGVub3VnaCwsIG9yIGdpdmUgaWRl YXMuICBxdWVzdGlvbnMvY29tbWVudHMvaW1wcm92ZW1lbnRzIGFyZSB3ZWxjb21lLg0KKysg IA0KKystIFRPRE8gOg0KKysgIFJlZGVzaWduIGRpZmZlcmVudGx5Lg0KKysNCisrLSBET0NT L0xJTksgOg0KKysgIGh0dHA6Ly9wYWNzZWMuanAvY29yZTA1L3BzajA1LWJhcmlzYW5pLWVu LnBkZg0KKysgIGh0dHA6Ly9mcml0ei5wb3RzZGFtLmVkdS9wcm9qZWN0cy9vcGVuc3NoLWxw ay8NCisrICBodHRwOi8vZnJpdHoucG90c2RhbS5lZHUvcHJvamVjdHMvc3NoZ2F0ZS8NCisr ICBodHRwOi8vZGV2LmludmVyc2VwYXRoLmNvbS90cmFjL29wZW5zc2gtbHBrDQorKyAgaHR0 cDovL2xhbS5zZi5uZXQvICggaHR0cDovL2xhbS5zb3VyY2Vmb3JnZS5uZXQvZG9jdW1lbnRh dGlvbi9zdXBwb3J0ZWRTY2hlbWFzLmh0bSApDQorKw0KKystIENPTlRSSUJVVE9SUy9JREVB Uy9HUkVFVFMgOg0KKysgIC0gRmFsayBTaWVtb25zbWVpZXIuDQorKyAgLSBKYWNvYiBSaWVm Lg0KKysgIC0gTWljaGFlbCBEdXJjaGdyYWYuDQorKyAgLSBmcmVkZXJpYyBwZXRlcnMuDQor KyAgLSBGaW5sYXkgZG9iYmllLg0KKysgIC0gU3RlZmFuIEZpc2hlci4NCisrICAtIFJvYmlu IEguIEpvaG5zb24uDQorKyAgLSBBZHJpYW4gQnJpZGdldHQuDQorKw0KKystIENPTlRBQ1Qg Og0KKysgIC0gRXJpYyBBVUdFIDxlYXVAcGhlYXIub3JnPg0KKysgIC0gQW5kcmVhIEJhcmlz YW5pIDxhbmRyZWFAaW52ZXJzZXBhdGguY29tPg0KK2RpZmYgLU51YXIgLS1leGNsdWRlICcq Lm9yaWcnIC0tZXhjbHVkZSAnKi5yZWonIHNlcnZjb25mLmMgc2VydmNvbmYuYw0KKy0tLSBz ZXJ2Y29uZi5jCTIwMDgtMDctMDMgMjA6NTE6MTIuMDAwMDAwMDAwIC0wNzAwDQorKysrIHNl cnZjb25mLmMJMjAwOC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCitAQCAtNDIs NiArNDIsMTAgQEANCisgI2luY2x1ZGUgImNoYW5uZWxzLmgiDQorICNpbmNsdWRlICJncm91 cGFjY2Vzcy5oIg0KKyANCisrI2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCisrI2luY2x1ZGUg ImxkYXBhdXRoLmgiDQorKyNlbmRpZg0KKysNCisgc3RhdGljIHZvaWQgYWRkX2xpc3Rlbl9h ZGRyKFNlcnZlck9wdGlvbnMgKiwgY2hhciAqLCBpbnQpOw0KKyBzdGF0aWMgdm9pZCBhZGRf b25lX2xpc3Rlbl9hZGRyKFNlcnZlck9wdGlvbnMgKiwgY2hhciAqLCBpbnQpOw0KKyANCitA QCAtMTI4LDYgKzEzMiwyNSBAQA0KKyAJb3B0aW9ucy0+YWRtX2ZvcmNlZF9jb21tYW5kID0g TlVMTDsNCisgCW9wdGlvbnMtPmNocm9vdF9kaXJlY3RvcnkgPSBOVUxMOw0KKyAJb3B0aW9u cy0+emVyb19rbm93bGVkZ2VfcGFzc3dvcmRfYXV0aGVudGljYXRpb24gPSAtMTsNCisrI2lm ZGVmIFdJVEhfTERBUF9QVUJLRVkNCisrIAkvKiBYWFggZGlydHkgKi8NCisrIAlvcHRpb25z LT5scGsubGQgPSBOVUxMOw0KKysgCW9wdGlvbnMtPmxway5vbiA9IC0xOw0KKysgCW9wdGlv bnMtPmxway5zZXJ2ZXJzID0gTlVMTDsNCisrIAlvcHRpb25zLT5scGsudV9iYXNlZG4gPSBO VUxMOw0KKysgCW9wdGlvbnMtPmxway5nX2Jhc2VkbiA9IE5VTEw7DQorKyAJb3B0aW9ucy0+ bHBrLmJpbmRkbiA9IE5VTEw7DQorKyAJb3B0aW9ucy0+bHBrLmJpbmRwdyA9IE5VTEw7DQor KyAJb3B0aW9ucy0+bHBrLnNncm91cCA9IE5VTEw7DQorKyAJb3B0aW9ucy0+bHBrLmZpbHRl ciA9IE5VTEw7DQorKyAJb3B0aW9ucy0+bHBrLmZncm91cCA9IE5VTEw7DQorKyAJb3B0aW9u cy0+bHBrLmxfY29uZiA9IE5VTEw7DQorKyAJb3B0aW9ucy0+bHBrLnRscyA9IC0xOw0KKysg CW9wdGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjID0gLTE7DQorKyAJb3B0aW9ucy0+bHBr LnNfdGltZW91dC50dl9zZWMgPSAtMTsNCisrIAlvcHRpb25zLT5scGsuZmxhZ3MgPSBGTEFH X0VNUFRZOw0KKysjZW5kaWYNCisrDQorIH0NCisgDQorIHZvaWQNCitAQCAtMjYxLDYgKzI4 NCwzMiBAQA0KKyAJCW9wdGlvbnMtPnBlcm1pdF90dW4gPSBTU0hfVFVOTU9ERV9OTzsNCisg CWlmIChvcHRpb25zLT56ZXJvX2tub3dsZWRnZV9wYXNzd29yZF9hdXRoZW50aWNhdGlvbiA9 PSAtMSkNCisgCQlvcHRpb25zLT56ZXJvX2tub3dsZWRnZV9wYXNzd29yZF9hdXRoZW50aWNh dGlvbiA9IDA7DQorKyNpZmRlZiBXSVRIX0xEQVBfUFVCS0VZDQorKwlpZiAob3B0aW9ucy0+ bHBrLm9uID09IC0xKQ0KKysJICAgIG9wdGlvbnMtPmxway5vbiA9IF9ERUZBVUxUX0xQS19P TjsNCisrCWlmIChvcHRpb25zLT5scGsuc2VydmVycyA9PSBOVUxMKQ0KKysJICAgIG9wdGlv bnMtPmxway5zZXJ2ZXJzID0gX0RFRkFVTFRfTFBLX1NFUlZFUlM7DQorKwlpZiAob3B0aW9u cy0+bHBrLnVfYmFzZWRuID09IE5VTEwpDQorKwkgICAgb3B0aW9ucy0+bHBrLnVfYmFzZWRu ID0gX0RFRkFVTFRfTFBLX1VETjsNCisrCWlmIChvcHRpb25zLT5scGsuZ19iYXNlZG4gPT0g TlVMTCkNCisrCSAgICBvcHRpb25zLT5scGsuZ19iYXNlZG4gPSBfREVGQVVMVF9MUEtfR0RO Ow0KKysJaWYgKG9wdGlvbnMtPmxway5iaW5kZG4gPT0gTlVMTCkNCisrCSAgICBvcHRpb25z LT5scGsuYmluZGRuID0gX0RFRkFVTFRfTFBLX0JJTkRETjsNCisrCWlmIChvcHRpb25zLT5s cGsuYmluZHB3ID09IE5VTEwpDQorKwkgICAgb3B0aW9ucy0+bHBrLmJpbmRwdyA9IF9ERUZB VUxUX0xQS19CSU5EUFc7DQorKwlpZiAob3B0aW9ucy0+bHBrLnNncm91cCA9PSBOVUxMKQ0K KysJICAgIG9wdGlvbnMtPmxway5zZ3JvdXAgPSBfREVGQVVMVF9MUEtfU0dST1VQOw0KKysJ aWYgKG9wdGlvbnMtPmxway5maWx0ZXIgPT0gTlVMTCkNCisrCSAgICBvcHRpb25zLT5scGsu ZmlsdGVyID0gX0RFRkFVTFRfTFBLX0ZJTFRFUjsNCisrCWlmIChvcHRpb25zLT5scGsudGxz ID09IC0xKQ0KKysJICAgIG9wdGlvbnMtPmxway50bHMgPSBfREVGQVVMVF9MUEtfVExTOw0K KysJaWYgKG9wdGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjID09IC0xKQ0KKysJICAgIG9w dGlvbnMtPmxway5iX3RpbWVvdXQudHZfc2VjID0gX0RFRkFVTFRfTFBLX0JUSU1FT1VUOw0K KysJaWYgKG9wdGlvbnMtPmxway5zX3RpbWVvdXQudHZfc2VjID09IC0xKQ0KKysJICAgIG9w dGlvbnMtPmxway5zX3RpbWVvdXQudHZfc2VjID0gX0RFRkFVTFRfTFBLX1NUSU1FT1VUOw0K KysJaWYgKG9wdGlvbnMtPmxway5sX2NvbmYgPT0gTlVMTCkNCisrCSAgICBvcHRpb25zLT5s cGsubF9jb25mID0gX0RFRkFVTFRfTFBLX0xEUDsNCisrI2VuZGlmDQorIA0KKyAJLyogVHVy biBwcml2aWxlZ2Ugc2VwYXJhdGlvbiBvbiBieSBkZWZhdWx0ICovDQorIAlpZiAodXNlX3By aXZzZXAgPT0gLTEpDQorQEAgLTMwNyw2ICszNTYsMTIgQEANCisgCXNVc2VQcml2aWxlZ2VT ZXBhcmF0aW9uLCBzQWxsb3dBZ2VudEZvcndhcmRpbmcsDQorCXNaZXJvS25vd2xlZGdlUGFz c3dvcmRBdXRoZW50aWNhdGlvbiwNCisgCXNEZXByZWNhdGVkLCBzVW5zdXBwb3J0ZWQNCisr I2lmZGVmIFdJVEhfTERBUF9QVUJLRVkNCisrCSxzTGRhcFB1YmxpY2tleSwgc0xkYXBTZXJ2 ZXJzLCBzTGRhcFVzZXJETg0KKysJLHNMZGFwR3JvdXBETiwgc0JpbmRETiwgc0JpbmRQdywg c015R3JvdXANCisrCSxzTGRhcEZpbHRlciwgc0ZvcmNlVExTLCBzQmluZFRpbWVvdXQNCisr CSxzU2VhcmNoVGltZW91dCwgc0xkYXBDb25mDQorKyNlbmRpZg0KKyB9IFNlcnZlck9wQ29k ZXM7DQorIA0KKyAjZGVmaW5lIFNTSENGR19HTE9CQUwJMHgwMQkvKiBhbGxvd2VkIGluIG1h aW4gc2VjdGlvbiBvZiBzc2hkX2NvbmZpZyAqLw0KK0BAIC00MTcsNiArNDcyLDIwIEBADQor IAl7ICJjbGllbnRhbGl2ZWNvdW50bWF4Iiwgc0NsaWVudEFsaXZlQ291bnRNYXgsIFNTSENG R19HTE9CQUwgfSwNCisgCXsgImF1dGhvcml6ZWRrZXlzZmlsZSIsIHNBdXRob3JpemVkS2V5 c0ZpbGUsIFNTSENGR19HTE9CQUwgfSwNCisgCXsgImF1dGhvcml6ZWRrZXlzZmlsZTIiLCBz QXV0aG9yaXplZEtleXNGaWxlMiwgU1NIQ0ZHX0dMT0JBTCB9LA0KKysjaWZkZWYgV0lUSF9M REFQX1BVQktFWQ0KKysJeyBfREVGQVVMVF9MUEtfVE9LRU4sIHNMZGFwUHVibGlja2V5LCBT U0hDRkdfR0xPQkFMIH0sDQorKwl7IF9ERUZBVUxUX1NSVl9UT0tFTiwgc0xkYXBTZXJ2ZXJz LCBTU0hDRkdfR0xPQkFMIH0sDQorKwl7IF9ERUZBVUxUX1VTUl9UT0tFTiwgc0xkYXBVc2Vy RE4sIFNTSENGR19HTE9CQUwgfSwNCisrCXsgX0RFRkFVTFRfR1JQX1RPS0VOLCBzTGRhcEdy b3VwRE4sIFNTSENGR19HTE9CQUwgfSwNCisrCXsgX0RFRkFVTFRfQkROX1RPS0VOLCBzQmlu ZEROLCBTU0hDRkdfR0xPQkFMIH0sDQorKwl7IF9ERUZBVUxUX0JQV19UT0tFTiwgc0JpbmRQ dywgU1NIQ0ZHX0dMT0JBTCB9LA0KKysJeyBfREVGQVVMVF9NWUdfVE9LRU4sIHNNeUdyb3Vw LCBTU0hDRkdfR0xPQkFMIH0sDQorKwl7IF9ERUZBVUxUX0ZJTF9UT0tFTiwgc0xkYXBGaWx0 ZXIsIFNTSENGR19HTE9CQUwgfSwNCisrCXsgX0RFRkFVTFRfVExTX1RPS0VOLCBzRm9yY2VU TFMsIFNTSENGR19HTE9CQUwgfSwNCisrCXsgX0RFRkFVTFRfQlRJX1RPS0VOLCBzQmluZFRp bWVvdXQsIFNTSENGR19HTE9CQUwgfSwNCisrCXsgX0RFRkFVTFRfU1RJX1RPS0VOLCBzU2Vh cmNoVGltZW91dCwgU1NIQ0ZHX0dMT0JBTCB9LA0KKysJeyBfREVGQVVMVF9MRFBfVE9LRU4s IHNMZGFwQ29uZiwgU1NIQ0ZHX0dMT0JBTCB9LA0KKysjZW5kaWYNCisgCXsgInVzZXByaXZp bGVnZXNlcGFyYXRpb24iLCBzVXNlUHJpdmlsZWdlU2VwYXJhdGlvbiwgU1NIQ0ZHX0dMT0JB TH0sDQorIAl7ICJhY2NlcHRlbnYiLCBzQWNjZXB0RW52LCBTU0hDRkdfR0xPQkFMIH0sDQor IAl7ICJwZXJtaXR0dW5uZWwiLCBzUGVybWl0VHVubmVsLCBTU0hDRkdfR0xPQkFMIH0sDQor QEAgLTEzMDcsNiArMTM3NiwxMDcgQEANCisgCQl3aGlsZSAoYXJnKQ0KKyAJCSAgICBhcmcg PSBzdHJkZWxpbSgmY3ApOw0KKyAJCWJyZWFrOw0KKysjaWZkZWYgV0lUSF9MREFQX1BVQktF WQ0KKysJY2FzZSBzTGRhcFB1YmxpY2tleToNCisrCQlpbnRwdHIgPSAmb3B0aW9ucy0+bHBr Lm9uOw0KKysJCWdvdG8gcGFyc2VfZmxhZzsNCisrCWNhc2Ugc0xkYXBTZXJ2ZXJzOg0KKysJ CS8qIGFyZyA9IHN0cmRlbGltKCZjcCk7ICovDQorKwkJcCA9IGxpbmU7DQorKwkJd2hpbGUo KnArKyk7DQorKwkJYXJnID0gcDsNCisrCQlpZiAoIWFyZyB8fCAqYXJnID09ICdcMCcpDQor KwkJICAgIGZhdGFsKCIlcyBsaW5lICVkOiBtaXNzaW5nIGxkYXAgc2VydmVyIixmaWxlbmFt ZSxsaW5lbnVtKTsNCisrCQlhcmdbc3RybGVuKGFyZyldID0gJ1wwJzsNCisrCQlpZiAoKG9w dGlvbnMtPmxway5zZXJ2ZXJzID0gbGRhcF9wYXJzZV9zZXJ2ZXJzKGFyZykpID09IE5VTEwp DQorKwkJICAgIGZhdGFsKCIlcyBsaW5lICVkOiBlcnJvciBpbiBsZGFwIHNlcnZlcnMiLCBm aWxlbmFtZSwgbGluZW51bSk7DQorKwkJbWVtc2V0KGFyZywwLHN0cmxlbihhcmcpKTsNCisr CQlicmVhazsNCisrCWNhc2Ugc0xkYXBVc2VyRE46DQorKwkJYXJnID0gY3A7DQorKwkJaWYg KCFhcmcgfHwgKmFyZyA9PSAnXDAnKQ0KKysJCSAgICBmYXRhbCgiJXMgbGluZSAlZDogbWlz c2luZyBsZGFwIHNlcnZlciIsZmlsZW5hbWUsbGluZW51bSk7DQorKwkJYXJnW3N0cmxlbihh cmcpXSA9ICdcMCc7DQorKwkJb3B0aW9ucy0+bHBrLnVfYmFzZWRuID0geHN0cmR1cChhcmcp Ow0KKysJCW1lbXNldChhcmcsMCxzdHJsZW4oYXJnKSk7DQorKwkJYnJlYWs7DQorKwljYXNl IHNMZGFwR3JvdXBETjoNCisrCQlhcmcgPSBjcDsNCisrCQlpZiAoIWFyZyB8fCAqYXJnID09 ICdcMCcpDQorKwkJICAgIGZhdGFsKCIlcyBsaW5lICVkOiBtaXNzaW5nIGxkYXAgc2VydmVy IixmaWxlbmFtZSxsaW5lbnVtKTsNCisrCQlhcmdbc3RybGVuKGFyZyldID0gJ1wwJzsNCisr CQlvcHRpb25zLT5scGsuZ19iYXNlZG4gPSB4c3RyZHVwKGFyZyk7DQorKwkJbWVtc2V0KGFy ZywwLHN0cmxlbihhcmcpKTsNCisrCQlicmVhazsNCisrCWNhc2Ugc0JpbmRETjoNCisrCQlh cmcgPSBjcDsNCisrCQlpZiAoIWFyZyB8fCAqYXJnID09ICdcMCcpDQorKwkJICAgIGZhdGFs KCIlcyBsaW5lICVkOiBtaXNzaW5nIGJpbmRkbiIsZmlsZW5hbWUsbGluZW51bSk7DQorKwkJ YXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQorKwkJb3B0aW9ucy0+bHBrLmJpbmRkbiA9IHhz dHJkdXAoYXJnKTsNCisrCQltZW1zZXQoYXJnLDAsc3RybGVuKGFyZykpOw0KKysJCWJyZWFr Ow0KKysJY2FzZSBzQmluZFB3Og0KKysJCWFyZyA9IGNwOw0KKysJCWlmICghYXJnIHx8ICph cmcgPT0gJ1wwJykNCisrCQkgICAgZmF0YWwoIiVzIGxpbmUgJWQ6IG1pc3NpbmcgYmluZHB3 IixmaWxlbmFtZSxsaW5lbnVtKTsNCisrCQlhcmdbc3RybGVuKGFyZyldID0gJ1wwJzsNCisr CQlvcHRpb25zLT5scGsuYmluZHB3ID0geHN0cmR1cChhcmcpOw0KKysJCW1lbXNldChhcmcs MCxzdHJsZW4oYXJnKSk7DQorKwkJYnJlYWs7DQorKwljYXNlIHNNeUdyb3VwOg0KKysJCWFy ZyA9IGNwOw0KKysJCWlmICghYXJnIHx8ICphcmcgPT0gJ1wwJykNCisrCQkgICAgZmF0YWwo IiVzIGxpbmUgJWQ6IG1pc3NpbmcgZ3JvdXBuYW1lIixmaWxlbmFtZSwgbGluZW51bSk7DQor KwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQorKwkJb3B0aW9ucy0+bHBrLnNncm91cCA9 IHhzdHJkdXAoYXJnKTsNCisrCQlpZiAob3B0aW9ucy0+bHBrLnNncm91cCkNCisrCQkgICAg b3B0aW9ucy0+bHBrLmZncm91cCA9IGxkYXBfcGFyc2VfZ3JvdXBzKG9wdGlvbnMtPmxway5z Z3JvdXApOw0KKysJCW1lbXNldChhcmcsMCxzdHJsZW4oYXJnKSk7DQorKwkJYnJlYWs7DQor KwljYXNlIHNMZGFwRmlsdGVyOg0KKysJCWFyZyA9IGNwOw0KKysJCWlmICghYXJnIHx8ICph cmcgPT0gJ1wwJykNCisrCQkgICAgZmF0YWwoIiVzIGxpbmUgJWQ6IG1pc3NpbmcgZmlsdGVy IixmaWxlbmFtZSwgbGluZW51bSk7DQorKwkJYXJnW3N0cmxlbihhcmcpXSA9ICdcMCc7DQor KwkJb3B0aW9ucy0+bHBrLmZpbHRlciA9IHhzdHJkdXAoYXJnKTsNCisrCQltZW1zZXQoYXJn LDAsc3RybGVuKGFyZykpOw0KKysJCWJyZWFrOw0KKysJY2FzZSBzRm9yY2VUTFM6DQorKwkJ aW50cHRyID0gJm9wdGlvbnMtPmxway50bHM7DQorKwkJYXJnID0gc3RyZGVsaW0oJmNwKTsN CisrCQlpZiAoIWFyZyB8fCAqYXJnID09ICdcMCcpDQorKwkJCWZhdGFsKCIlcyBsaW5lICVk OiBtaXNzaW5nIHllcy9ubyBhcmd1bWVudC4iLA0KKysJCQkgICAgZmlsZW5hbWUsIGxpbmVu dW0pOw0KKysJCXZhbHVlID0gMDsJLyogc2lsZW5jZSBjb21waWxlciAqLw0KKysJCWlmIChz dHJjbXAoYXJnLCAieWVzIikgPT0gMCkNCisrCQkJdmFsdWUgPSAxOw0KKysJCWVsc2UgaWYg KHN0cmNtcChhcmcsICJubyIpID09IDApDQorKwkJCXZhbHVlID0gMDsNCisrCQllbHNlIGlm IChzdHJjbXAoYXJnLCAidHJ5IikgPT0gMCkNCisrCQkJdmFsdWUgPSAtMTsNCisrCQllbHNl DQorKwkJCWZhdGFsKCIlcyBsaW5lICVkOiBCYWQgeWVzL25vIGFyZ3VtZW50OiAlcyIsDQor KwkJCQlmaWxlbmFtZSwgbGluZW51bSwgYXJnKTsNCisrCQlpZiAoKmludHB0ciA9PSAtMSkN CisrCQkJKmludHB0ciA9IHZhbHVlOw0KKysJCWJyZWFrOw0KKysJY2FzZSBzQmluZFRpbWVv dXQ6DQorKwkJaW50cHRyID0gKGludCAqKSAmb3B0aW9ucy0+bHBrLmJfdGltZW91dC50dl9z ZWM7DQorKwkJZ290byBwYXJzZV9pbnQ7DQorKwljYXNlIHNTZWFyY2hUaW1lb3V0Og0KKysJ CWludHB0ciA9IChpbnQgKikgJm9wdGlvbnMtPmxway5zX3RpbWVvdXQudHZfc2VjOw0KKysJ CWdvdG8gcGFyc2VfaW50Ow0KKysJCWJyZWFrOw0KKysJY2FzZSBzTGRhcENvbmY6DQorKwkJ YXJnID0gY3A7DQorKwkJaWYgKCFhcmcgfHwgKmFyZyA9PSAnXDAnKQ0KKysJCSAgICBmYXRh bCgiJXMgbGluZSAlZDogbWlzc2luZyBMcGtMZGFwQ29uZiIsIGZpbGVuYW1lLCBsaW5lbnVt KTsNCisrCQlhcmdbc3RybGVuKGFyZyldID0gJ1wwJzsNCisrCQlvcHRpb25zLT5scGsubF9j b25mID0geHN0cmR1cChhcmcpOw0KKysJCW1lbXNldChhcmcsIDAsIHN0cmxlbihhcmcpKTsN CisrCQlicmVhazsNCisrI2VuZGlmDQorIA0KKyAJZGVmYXVsdDoNCisgCQlmYXRhbCgiJXMg bGluZSAlZDogTWlzc2luZyBoYW5kbGVyIGZvciBvcGNvZGUgJXMgKCVkKSIsDQorZGlmZiAt TnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRlICcqLnJlaicgc2VydmNvbmYuaCBz ZXJ2Y29uZi5oDQorLS0tIHNlcnZjb25mLmgJMjAwOC0wNi0xMCAwNjowMTo1MS4wMDAwMDAw MDAgLTA3MDANCisrKysgc2VydmNvbmYuaAkyMDA4LTA4LTIzIDE1OjAyOjQ3LjAwMDAwMDAw MCAtMDcwMA0KK0BAIC0xNiw2ICsxNiwxMCBAQA0KKyAjaWZuZGVmIFNFUlZDT05GX0gNCisg I2RlZmluZSBTRVJWQ09ORl9IDQorIA0KKysjaWZkZWYgV0lUSF9MREFQX1BVQktFWQ0KKysj aW5jbHVkZSAibGRhcGF1dGguaCINCisrI2VuZGlmDQorKw0KKyAjZGVmaW5lIE1BWF9QT1JU UwkJMjU2CS8qIE1heCAjIHBvcnRzLiAqLw0KKyANCisgI2RlZmluZSBNQVhfQUxMT1dfVVNF UlMJCTI1NgkvKiBNYXggIyB1c2VycyBvbiBhbGxvdyBsaXN0LiAqLw0KK0BAIC0xNDcsNiAr MTUxLDkgQEANCisgCWludAl1c2VfcGFtOwkJLyogRW5hYmxlIGF1dGggdmlhIFBBTSAqLw0K KyANCisgCWludAlwZXJtaXRfdHVuOw0KKysjaWZkZWYgV0lUSF9MREFQX1BVQktFWQ0KKysg ICAgICAgIGxkYXBfb3B0X3QgbHBrOw0KKysjZW5kaWYNCisgDQorIAlpbnQJbnVtX3Blcm1p dHRlZF9vcGVuczsNCisgDQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNs dWRlICcqLnJlaicgc3NoZC5jIHNzaGQuYw0KKy0tLSBzc2hkLmMJMjAwOC0wNy0xMSAwMDoz Njo0OS4wMDAwMDAwMDAgLTA3MDANCisrKysgc3NoZC5jCTIwMDgtMDgtMjMgMTU6MDI6NDcu MDAwMDAwMDAwIC0wNzAwDQorQEAgLTEyNyw2ICsxMjcsMTAgQEANCisgaW50IGRlbnlfc2V2 ZXJpdHk7DQorICNlbmRpZiAvKiBMSUJXUkFQICovDQorIA0KKysjaWZkZWYgV0lUSF9MREFQ X1BVQktFWQ0KKysjaW5jbHVkZSAibGRhcGF1dGguaCINCisrI2VuZGlmDQorKw0KKyAjaWZu ZGVmIE9fTk9DVFRZDQorICNkZWZpbmUgT19OT0NUVFkJMA0KKyAjZW5kaWYNCitAQCAtMTQ4 NCw2ICsxNDg4LDE2IEBADQorIAkJZXhpdCgxKTsNCisgCX0NCisgDQorKyNpZmRlZiBXSVRI X0xEQVBfUFVCS0VZDQorKyAgICAvKiBsZGFwX29wdGlvbnNfcHJpbnQoJm9wdGlvbnMubHBr KTsgKi8NCisrICAgIC8qIFhYWCBpbml0aWFsaXplL2NoZWNrIGxkYXAgY29ubmVjdGlvbiBh bmQgc2V0ICpMRCAqLw0KKysgICAgaWYgKG9wdGlvbnMubHBrLm9uKSB7DQorKyAgICAgICAg aWYgKG9wdGlvbnMubHBrLmxfY29uZiAmJiAobGRhcF9wYXJzZV9sY29uZigmb3B0aW9ucy5s cGspIDwgMCkgKQ0KKysgICAgICAgICAgICBlcnJvcigiW0xEQVBdIGNvdWxkIG5vdCBwYXJz ZSAlcyIsIG9wdGlvbnMubHBrLmxfY29uZik7DQorKyAgICAgICAgaWYgKGxkYXBfY29ubmVj dCgmb3B0aW9ucy5scGspIDwgMCkNCisrICAgICAgICAgICAgZXJyb3IoIltMREFQXSBjb3Vs ZCBub3QgaW5pdGlhbGl6ZSBsZGFwIGNvbm5lY3Rpb24iKTsNCisrICAgIH0NCisrI2VuZGlm DQorIAlkZWJ1Zygic3NoZCB2ZXJzaW9uICUuMTAwcyIsIFNTSF9SRUxFQVNFKTsNCisgDQor IAkvKiBTdG9yZSBwcml2aWxlZ2Ugc2VwYXJhdGlvbiB1c2VyIGZvciBsYXRlciB1c2UgaWYg cmVxdWlyZWQuICovDQorZGlmZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRl ICcqLnJlaicgc3NoZF9jb25maWcgc3NoZF9jb25maWcNCistLS0gc3NoZF9jb25maWcJMjAw OC0wNy0wMiAwNTozNTo0My4wMDAwMDAwMDAgLTA3MDANCisrKysgc3NoZF9jb25maWcJMjAw OC0wOC0yMyAxNTowMjo0Ny4wMDAwMDAwMDAgLTA3MDANCitAQCAtMTA5LDYgKzEwOSwyMSBA QA0KKyAjIG5vIGRlZmF1bHQgYmFubmVyIHBhdGgNCisgI0Jhbm5lciBub25lDQorIA0KKysj IGhlcmUgYXJlIHRoZSBuZXcgcGF0Y2hlZCBsZGFwIHJlbGF0ZWQgdG9rZW5zDQorKyMgZW50 cmllcyBpbiB5b3VyIExEQVAgbXVzdCBoYXZlIHBvc2l4QWNjb3VudCAmIGxkYXBQdWJsaWNL ZXkgb2JqZWN0Y2xhc3MNCisrI1VzZUxQSyB5ZXMNCisrI0xwa0xkYXBDb25mIC9ldGMvbGRh cC5jb25mDQorKyNMcGtTZXJ2ZXJzICBsZGFwOi8vMTAuMS43LjEvIGxkYXA6Ly8xMC4xLjcu Mi8NCisrI0xwa1VzZXJETiAgIG91PXVzZXJzLGRjPXBoZWFyLGRjPW9yZw0KKysjTHBrR3Jv dXBETiAgb3U9Z3JvdXBzLGRjPXBoZWFyLGRjPW9yZw0KKysjTHBrQmluZEROIGNuPU1hbmFn ZXIsZGM9cGhlYXIsZGM9b3JnDQorKyNMcGtCaW5kUHcgc2VjcmV0DQorKyNMcGtTZXJ2ZXJH cm91cCBtYWlsDQorKyNMcGtGaWx0ZXIgKGhvc3RBY2Nlc3M9bWFzdGVyLnBoZWFyLm9yZykN CisrI0xwa0ZvcmNlVExTIG5vDQorKyNMcGtTZWFyY2hUaW1lbGltaXQgMw0KKysjTHBrQmlu ZFRpbWVsaW1pdCAzDQorKw0KKyAjIG92ZXJyaWRlIGRlZmF1bHQgb2Ygbm8gc3Vic3lzdGVt cw0KKyBTdWJzeXN0ZW0Jc2Z0cAkvdXNyL2xpYmV4ZWMvc2Z0cC1zZXJ2ZXINCisgDQorZGlm ZiAtTnVhciAtLWV4Y2x1ZGUgJyoub3JpZycgLS1leGNsdWRlICcqLnJlaicgc3NoZF9jb25m aWcuNSBzc2hkX2NvbmZpZy41DQorLS0tIHNzaGRfY29uZmlnLjUJMjAwOC0wNy0wMiAwNToz NTo0My4wMDAwMDAwMDAgLTA3MDANCisrKysgc3NoZF9jb25maWcuNQkyMDA4LTA4LTIzIDE1 OjAyOjQ3LjAwMDAwMDAwMCAtMDcwMA0KK0BAIC0xMDEwLDYgKzEwMTAsNjIgQEANCisgcHJv Z3JhbS4NCisgVGhlIGRlZmF1bHQgaXMNCisgLlBhIC91c3IvWDExUjYvYmluL3hhdXRoIC4N CisrLkl0IENtIFVzZUxQSw0KKytTcGVjaWZpZXMgd2hldGhlciBMREFQIHB1YmxpYyBrZXkg cmV0cmlldmFsIG11c3QgYmUgdXNlZCBvciBub3QuIEl0IGFsbG93DQorK2FuIGVhc3kgY2Vu dHJhbGlzYXRpb24gb2YgcHVibGljIGtleXMgd2l0aGluIGFuIExEQVAgZGlyZWN0b3J5LiBU aGUgYXJndW1lbnQgbXVzdCBiZQ0KKysuRHEgeWVzDQorK29yDQorKy5EcSBubyAuDQorKy5J dCBDbSBMcGtMZGFwQ29uZg0KKytTcGVjaWZpZXMgd2hldGhlciBMREFQIFB1YmxpYyBrZXlz IHNob3VsZCBwYXJzZSB0aGUgc3BlY2lmaWVkIGxkYXAuY29uZiBmaWxlDQorK2luc3RlYWQg b2Ygc3NoZF9jb25maWcgVG9rZW5zLiBUaGUgYXJndW1lbnQgbXVzdCBiZSBhIHZhbGlkIHBh dGggdG8gYW4gbGRhcC5jb25mDQorK2ZpbGUgbGlrZQ0KKysuUGEgL2V0Yy9sZGFwLmNvbmYN CisrLkl0IENtIExwa1NlcnZlcnMNCisrU3BlY2lmaWVzIExEQVAgb25lIG9yIG1vcmUgWzpz cGFjZTpdIHNlcGFyYXRlZCBzZXJ2ZXIncyB1cmwgdGhlIGZvbGxvd2luZyBmb3JtIG1heSBi ZSB1c2VkOg0KKysuUHANCisrTHBrU2VydmVycyBsZGFwczovLzEyNy4wLjAuMSBsZGFwOi8v MTI3LjAuMC4yIGxkYXA6Ly8xMjcuMC4wLjMNCisrLkl0IENtIExwa1VzZXJETg0KKytTcGVj aWZpZXMgdGhlIExEQVAgdXNlciBETi4NCisrLlBwDQorK0xwa1VzZXJETiBvdT11c2Vycyxk Yz1waGVhcixkYz1vcmcNCisrLkl0IENtIExwa0dyb3VwRE4NCisrU3BlY2lmaWVzIHRoZSBM REFQIGdyb3VwcyBETi4NCisrLlBwDQorK0xwa0dyb3VwRE4gb3U9Z3JvdXBzLGRjPXBoZWFy LGRjPW9yZw0KKysuSXQgQ20gTHBrQmluZERODQorK1NwZWNpZmllcyB0aGUgTERBUCBiaW5k IEROIHRvIHVzZSBpZiBuZWNlc3NhcnkuDQorKy5QcA0KKytMcGtCaW5kRE4gY249TWFuYWdl cixkYz1waGVhcixkYz1vcmcNCisrLkl0IENtIExwa0JpbmRQdw0KKytTcGVjaWZpZXMgdGhl IExEQVAgYmluZCBjcmVkZW50aWFsLiANCisrLlBwDQorK0xwa0JpbmRQdyBzZWNyZXQNCisr Lkl0IENtIExwa1NlcnZlckdyb3VwDQorK1NwZWNpZmllcyBvbmUgb3IgbW9yZSBbOnNwYWNl Ol0gc2VwYXJhdGVkIGdyb3VwIHRoZSBzZXJ2ZXIgaXMgcGFydCBvZi4gDQorKy5QcA0KKytM cGtTZXJ2ZXJHcm91cCB1bml4IG1haWwgcHJvZA0KKysuSXQgQ20gTHBrRmlsdGVyDQorK1Nw ZWNpZmllcyBhbiBhZGRpdGlvbmFsIExEQVAgZmlsdGVyIHRvIHVzZSBmb3IgZmluZGluZyBT U0gga2V5cw0KKysuUHANCisrTHBrRmlsdGVyIChob3N0QWNjZXNzPW1hc3Rlci5waGVhci5v cmcpDQorKy5JdCBDbSBMcGtGb3JjZVRMUw0KKytTcGVjaWZpZXMgaWYgdGhlIExEQVAgc2Vy dmVyIGNvbm5lY3Rpb24gbXVzdCBiZSB0cmllZCwgZm9yY2VkIG9yIG5vdCB1c2VkLiBUaGUg YXJndW1lbnQgbXVzdCBiZSANCisrLkRxIHllcw0KKytvcg0KKysuRHEgbm8NCisrb3INCisr LkRxIHRyeSAuDQorKy5JdCBDbSBMcGtTZWFyY2hUaW1lbGltaXQNCisrU2VwY2lmaWVzIHRo ZSBzZWFyY2ggdGltZSBsaW1pdCBiZWZvcmUgdGhlIHNlYXJjaCBpcyBjb25zaWRlcmVkIG92 ZXIuIHZhbHVlIGlzDQorK2luIHNlY29uZHMuDQorKy5QcA0KKytMcGtTZWFyY2hUaW1lbGlt aXQgMw0KKysuSXQgQ20gTHBrQmluZFRpbWVsaW1pdA0KKytTZXBjaWZpZXMgdGhlIGJpbmQg dGltZSBsaW1pdCBiZWZvcmUgdGhlIGNvbm5lY3Rpb24gaXMgY29uc2lkZXJlZCBkZWFkLiB2 YWx1ZSBpcw0KKytpbiBzZWNvbmRzLg0KKysuUHANCisrTHBrQmluZFRpbWVsaW1pdCAzDQor IC5FbA0KKyAuU2ggVElNRSBGT1JNQVRTDQorIC5YciBzc2hkIDgNCmRpZmYgLU5ydSAvaG9t ZS9nYXdyaWxvZmYvbHBrL29wZW5zc2gtcG9ydGFibGUvZmlsZXMvcGF0Y2gtc3NoZF9jb25m aWcuNSAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9wYXRjaC1zc2hk X2NvbmZpZy41DQotLS0gL2hvbWUvZ2F3cmlsb2ZmL2xway9vcGVuc3NoLXBvcnRhYmxlL2Zp bGVzL3BhdGNoLXNzaGRfY29uZmlnLjUJMjAwNi0xMC0wMSAwNToxNTowMC4wMDAwMDAwMDAg KzAzMDANCisrKyAvaG9tZS9nYXdyaWxvZmYvb3BlbnNzaC1wb3J0YWJsZS9maWxlcy9wYXRj aC1zc2hkX2NvbmZpZy41CTIwMTAtMTItMjEgMTE6MzY6MDYuMDAwMDAwMDAwICswMjAwDQpA QCAtMSwyNSArMSw1IEBADQogLS0tIHNzaGRfY29uZmlnLjUub3JpZwlUdWUgQXVnIDI5IDIy OjA2OjM0IDIwMDYNCiArKysgc3NoZF9jb25maWcuNQlTYXQgU2VwIDMwIDEwOjM5OjA3IDIw MDYNCi1AQCAtMTY5LDkgKzE3MCwxNiBAQA0KLSBCeSBkZWZhdWx0LCBubyBiYW5uZXIgaXMg ZGlzcGxheWVkLg0KLSAuSXQgQ20gQ2hhbGxlbmdlUmVzcG9uc2VBdXRoZW50aWNhdGlvbg0K LSBTcGVjaWZpZXMgd2hldGhlciBjaGFsbGVuZ2UtcmVzcG9uc2UgYXV0aGVudGljYXRpb24g aXMgYWxsb3dlZC4NCi0tQWxsIGF1dGhlbnRpY2F0aW9uIHN0eWxlcyBmcm9tDQotLS5YciBs b2dpbi5jb25mIDUNCi0tYXJlIHN1cHBvcnRlZC4NCi0rU3BlY2lmaWNhbGx5LCBpbg0KLSsu RnggLA0KLSt0aGlzIGNvbnRyb2xzIHRoZSB1c2Ugb2YgUEFNIChzZWUNCi0rLlhyIHBhbSAz ICkNCi0rZm9yIGF1dGhlbnRpY2F0aW9uLg0KLStOb3RlIHRoYXQgdGhpcyBhZmZlY3RzIHRo ZSBlZmZlY3RpdmVuZXNzIG9mIHRoZQ0KLSsuQ20gUGFzc3dvcmRBdXRoZW50aWNhdGlvbg0K LSthbmQNCi0rLkNtIFBlcm1pdFJvb3RMb2dpbg0KLSt2YXJpYWJsZXMuDQotIFRoZSBkZWZh dWx0IGlzDQotIC5EcSB5ZXMgLg0KLSAuSXQgQ20gQ2lwaGVycw0KIEBAIC01NTQsNyArNTYw LDIyIEBADQogIC5JdCBDbSBQYXNzd29yZEF1dGhlbnRpY2F0aW9uDQogIFNwZWNpZmllcyB3 aGV0aGVyIHBhc3N3b3JkIGF1dGhlbnRpY2F0aW9uIGlzIGFsbG93ZWQuDQo= --------------090100050300010803050402-- From: Freddie Cash To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Wed, 9 Mar 2011 12:12:51 -0800 So ... what's the magical patch incantation that's needed to apply these patches, in order to help test the new port, to get it into the tree sooner? The following fails with all kinds of rejected hunks in various files: cd /usr/ports/security/openssh-portable patch < /path/to/patch.diff The same with -p0 added to the patch command. And the same with -l and -p0 added to the patch command. It also error out with all the hunks that are diffed against /dev/null, asking which file to work on. I would really like to test this, as we're currently testing ZFSv28 on 9-CURRENT, and using rsync-over-ssh without HPN is extremely slow. -- Freddie Cash fjwcash@gmail.com From: Freddie Cash To: bug-followup@freebsd.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Fri, 11 Mar 2011 08:55:12 -0800 Upon closer inspection, I see that OpenSSH in the base for 9-CURRENT is already 5.6, so there's no reason the port shouldn't compile. According to SVN, it looks like DES was the last one to touch OpenSSH in the base, so maybe he'll have some ideas on how to make the port compile on 9.0? I did a first go-round of trying to manually patch the /usr/src/crypto/openssh tree with the HPN patches. The "kitchensink" patch didn't work, all kinds of errors with the multi-threaded cipher patches. However, the dynamic window and none cipher patch applied with only 3 rejected hunks (due to VersionAddendum lines in our sources) that are easily hand-merged. Recompiling /usr/src/secure and re-installing it enables the NONE cipher in the base OpenSSH. :) So, for those running 9-CURRENT, it's possible to get the benefits of some of the HPN patches, without installing a port. -- Freddie Cash fjwcash@gmail.com Responsible-Changed-From-To: freebsd-ports-bugs->stephen Responsible-Changed-By: stephen Responsible-Changed-When: Sat Jul 16 03:25:31 UTC 2011 Responsible-Changed-Why: I'll take it for now. http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 State-Changed-From-To: open->feedback State-Changed-By: stephen State-Changed-When: Sat Jul 16 03:26:10 UTC 2011 State-Changed-Why: I need to see who wants maintainer, and we need more up to date patches. http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 From: Stephen Montgomery-Smith To: bug-followup@FreeBSD.org, magik@roorback.net, jhein@symmetricom.com Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Fri, 15 Jul 2011 22:28:08 -0500 Hi Grzegorz Blach and John Hein, As a committer, I am prepared to work with either of you if you become maintainer of this port. Just decide between the two of you who wants to maintain it. If there is any indecision (for example, both are willing to defer), I will make Grzegorz Blach the maintainer on the basis of he asked first in this PR. I doubt any of your patches will apply cleanly, because I recently committed someone else's changes to this port: ports/142824. Also I see it is now at version 5.8p2. But whoever decides to maintain it, I am prepared to start committing the various changes as you start submitting them. I don't use openssh-portable myself, so I will be relying on you guys to see that it works. But I am willing to do the work to make sure the port builds, and stays compliant with the various practices of port management. See if you can answer the following PR's as well: ports/144597, ports/155456, ports/156926. From: Grzegorz Blach To: Stephen Montgomery-Smith Cc: bug-followup@freebsd.org, jhein@symmetricom.com Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sat, 16 Jul 2011 19:03:53 +0200 I'm coming back to maintain this port. And I wanna be official maintainer. Now I'm working on update to recent version (5.8) and I need week or two before I'll send new patches. From: Stephen Montgomery-Smith To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Sat, 16 Jul 2011 12:48:40 -0500 I'll set magik@roorback.net as maintainer ASAP. I am a new committer, so I need to get approval from my mentors first. After I have set you as maintainer, I set you up as getting feedback from all the other security/openssh-portable PR's. From: Stephen Montgomery-Smith To: bug-followup@FreeBSD.org, magik@roorback.net Cc: Subject: Re: ports/150493: Update for: security/openssh-portable port from 5.2p1 to 5.6p1 Date: Mon, 18 Jul 2011 21:08:20 -0500 magik@roorback.net is now maintainer of openssh-portable. State-Changed-From-To: feedback->closed State-Changed-By: flo State-Changed-When: Fri Oct 21 16:25:30 UTC 2011 State-Changed-Why: Superseded by ports/161818 http://www.freebsd.org/cgi/query-pr.cgi?pr=150493 >Unformatted: