From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 19353 invoked from network); 29 Mar 2022 19:53:10 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 29 Mar 2022 19:53:10 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1648583590; b=oQs1xozmweTJ5gl0drYuTqUrsfWW6MtkzruzYW5FtJ2dbI4MUsSjNz34MpXzW6RN++fItQ0mU6 Mbr7ig0AbXdvOW9Peg/vts95tiqwGU1pUNt35s26DkvpPf6/ZtipXNsZpI3tQJuv8E59aH+JUp 1ODmEvuPMSWgUdv7OFsnlthZOOn7N3waTDpZFjZUkr+6Rp7rCk8C9KyTU5aXDTHRRX5FSazQwE pQmsL81w7IjP6wM34gRQoyKH4DO2jEAY+vXCPcQVj9oA6Cg5p068WEWKxozzxu2fSDZudTXJAy d4b45KgpgrmjUqJNBA4NTzg7Xhr0dmug+dPYH/U9b54dCg==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-lj1-f171.google.com) smtp.remote-ip=209.85.208.171; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1648583590; bh=P5+mz2yyjat2KIgcdADmvGgRJ1GAE+xmDLlf1D7ZQ0I=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Type:To:Subject:Message-ID:Date:From:MIME-Version: DKIM-Signature:DKIM-Signature; b=s2aNgnJ3bwY2lrHQlMfTK180ARTeR7Gn1N02YmhCeCBmJ2rsVzKif4eplh/lx7BdBzmdu+uvUY wBwMFGsTlb1HBL5+aeCMSa8I1AU4DHpgAFRo6VA96JRTeUjgBxmhCiv4olIXDaGyn2G2pZMK2t IuHjRQsMS1ygCLrZxjd1syxpYPN7N3H/YddQmzilbC+u/NeT/iLGZYkKF/2jX+hgpkJa9lr3zL j3HjXmLZgbPYS5y9vFH3OSJpjAn2UQtqKzTnaQ5AqBJXWJhNCzRNT7Qr3hyoFNYqqABtl6+wNr afSK+h197RaqnWnqe6UlCePYn7x0A0KT7H/AAyyPEk7zJg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Type:To:Subject:Message-ID: Date:From:MIME-Version:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References; bh=RkFtpQgauOnhcNYecfmkmM2VHP7gTfDov+TVNI6a6bY=; b=BAfubJTkDCFr5BmhDXRb+OW1xm 6qZ9Pl+rukqRNIpl8cJ7forAeoivYod8KkDPE7yNst3Y9wGcBTWgM2weNwU3i1d4i16Di7CyWXpXC 9LushKz8qC8gYRyiuFQ9+g/6B9RQk+Qz6fxB+EH24gLkBql3EWP53V7bQs//XIPeDPEq+1BzKxBW2 OZ8k5r1R+8C37G7OGdcmtf+ycdxnhSOmI1NJ8SsyLopQFcUAARw9dY8Bvx0AW21H6EkZ9H4IBB4zF 83dx4ImXHm2D6+a0Q09apGOdBhkRMnNlwd9NRyVYuPUYeagPL2cFLRZit/CdhqmHF5/p0LcyWYITv bzi6/L0w==; Received: from authenticated user by zero.zsh.org with local id 1nZHts-000L9v-JH; Tue, 29 Mar 2022 19:53:08 +0000 Authentication-Results: zsh.org; iprev=pass (mail-lj1-f171.google.com) smtp.remote-ip=209.85.208.171; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none Received: from mail-lj1-f171.google.com ([209.85.208.171]:42879) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1nZHtK-000Kq8-G6; Tue, 29 Mar 2022 19:52:35 +0000 Received: by mail-lj1-f171.google.com with SMTP id c15so24845360ljr.9 for ; Tue, 29 Mar 2022 12:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=RkFtpQgauOnhcNYecfmkmM2VHP7gTfDov+TVNI6a6bY=; b=sHdN/GmAOGCUOB3SfYzcszHJMa+HSGt4nrgjiK54glFKSb0o9pAwYNUfrdNrtn1Wao aEFIiiXr9onuNJo+uV3QwWe0lhDcFuootUOwV8Pqc3StggjZuxs4qEENmenplYrvBI8z jq41fQns+VpzD8HZHuLvxOeVBMR+DJ6Ha6w0lNysorZA/uBuuAevZa0AERwtMMwJBp9T ujPYqUDKgopxCBd7PoFjNUaxvLa45zhkM7LPAujWI7ZwZ7t3GnkaCEihr8skPq7+FL1r UkDDbyyVXPlrFJtSgpOcKdhictDK1+ERCvkvjipIwBAeO1lNbkNxNHcEKiAz1uVMqgx1 QZmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=RkFtpQgauOnhcNYecfmkmM2VHP7gTfDov+TVNI6a6bY=; b=T8EK7Qj6CUenDEkNlxdi+VhjCJO5Yy/5bdZAfMcLB4REeZITHYii/aJPucWpiSz2Tc +pBFFxdqVxqVUG1U6Ax5Ai3+gqyMZyzjgEqSBzmNe34kjmR6iy4x4SnOcglWFTNknNsk 3KknY9bYZIMGfa+XwmlyxYrOvNq4RBLC6m4/6meFhSg8O1hBV4Wf+L3m1qOWKZRnUybZ /8VUfu2RqUW/vWfEOn4GVPeaX6uMQc6a0sDW/oSw3c31S0wFs6kUDGQrYXrzcxtTpSAp u1/cXYJvZPL3dHxgP7vE89az2IgR3YXk5BFoUdX9f57rkHJj/oSQZr8uvvtlHWarDyF8 x4NQ== X-Gm-Message-State: AOAM531WBpoW0TTf4KzdtKqIDwP87zZnuzgRcjn5XX80Khzm3te9FSP+ fGKDw3yhMDzlyYgBR4h6BJ/Npn6ZopCl5NArbUmk0GKTZF8f2g== X-Google-Smtp-Source: ABdhPJyA3MImY2xDzGb62u8yUhbIOvPdPocyQW/Nkzjf6ULsnhh+ZndpK2Jt8wdOCVQUVHcnwSXKyAoNcAh7xLn5COg= X-Received: by 2002:a2e:8610:0:b0:249:7bc4:bbb8 with SMTP id a16-20020a2e8610000000b002497bc4bbb8mr4150129lji.370.1648583553451; Tue, 29 Mar 2022 12:52:33 -0700 (PDT) MIME-Version: 1.0 From: Bart Schaefer Date: Tue, 29 Mar 2022 12:52:22 -0700 Message-ID: Subject: [PATCH] Improve compinit security To: Zsh hackers list Content-Type: multipart/mixed; boundary="00000000000016324905db60c52d" X-Seq: 49917 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: --00000000000016324905db60c52d Content-Type: text/plain; charset="UTF-8" This was discussed recently on zsh-security and also way back in 2015 in workers/36685. It does not address the emulation mode issue mentioned last January in workers/47857 and replies. This accomplishes a few of the things mentioned in 36685. For one, it's now possible to use "autoload -r" to assure that functions are loaded from the locations where compinit found them, which was not supported in 2015. Authors of plugin managers and other add-ons that re-run compinit should take note. For another, with the changes herein, "compinit -i" attempts to update the fpath to remove any insecure directories (unless the -C option loads an existing dump file). Unfortunately this further complicates the emulation mode issue. Finally, this addresses a long-standing confusion about the meaning of the "Ignore insecure X and continue?" prompt. Prior to this patch, it had the same effect as "compinit -u", that is, it ignored the result of compaudit. With the patch, it acts like "compinit -i" and ignores (skips autoloading of) the suspect files and/or directories. I believe this change was discussed at least once (long ago) and rejected because of the difference in behavior, but I can't find the reference and it seems unlikely that anyone is frequently encountering this prompt. --00000000000016324905db60c52d Content-Type: text/plain; charset="UTF-8"; name="compinit.txt" Content-Disposition: attachment; filename="compinit.txt" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l1cj5csg0 ZGlmZiAtLWdpdCBhL0NvbXBsZXRpb24vY29tcGluaXQgYi9Db21wbGV0aW9uL2NvbXBpbml0Cmlu ZGV4IDFmMmU3YzYzNC4uNWNiNTI3ZmFjIDEwMDY0NAotLS0gYS9Db21wbGV0aW9uL2NvbXBpbml0 CisrKyBiL0NvbXBsZXRpb24vY29tcGluaXQKQEAgLTMyOSw3ICszMjksNyBAQCBjb21wZGVmKCkg ewogICAgICMgYW5kIHByb2JhYmx5IGRvIGF1dG9sb2FkaW5nLgogCiAgICAgZnVuYz0iJDEiCi0g ICAgW1sgLW4gIiRhdXRvbCIgXV0gJiYgYXV0b2xvYWQgLVV6ICIkZnVuYyIKKyAgICBbWyAtbiAi JGF1dG9sIiBdXSAmJiBhdXRvbG9hZCAtclV6ICIkZnVuYyIKICAgICBzaGlmdAogCiAgICAgY2Fz ZSAiJHR5cGUiIGluCkBAIC00NTEsNyArNDUxLDcgQEAgdHlwZXNldCBfaV93ZGlycyBfaV93Zmls ZXMKIF9pX3dkaXJzPSgpCiBfaV93ZmlsZXM9KCkKIAotYXV0b2xvYWQgLVV6IGNvbXBhdWRpdAor YXV0b2xvYWQgLVJVeiBjb21wYXVkaXQKIGlmIFtbIC1uICIkX2lfY2hlY2siIF1dOyB0aGVuCiAg IHR5cGVzZXQgX2lfcQogICBpZiAhIGV2YWwgY29tcGF1ZGl0OyB0aGVuCkBAIC00NjcsMTkgKzQ2 NywxNyBAQCBJZ25vcmUgaW5zZWN1cmUgJF9pX3EgYW5kIGNvbnRpbnVlIFt5XSBvciBhYm9ydCBj b21waW5pdCBbbl0/ICI7IHRoZW4KIAogICAgICAgICAgIHJldHVybiAxCiAgICAgICAgIGZpCi0g ICAgICAgIF9pX3dmaWxlcz0oKQotCV9pX3dkaXJzPSgpCi0gICAgICBlbHNlCi0gICAgICAgICgo ICQjX2lfd2ZpbGVzICkpICYmIF9pX2ZpbGVzPSggIiR7KEApX2lfZmlsZXM6IygkeyhqOnw6KV9p X3dmaWxlcyUuendjfSl9IiAgKQotICAgICAgICAoKCAkI19pX3dkaXJzICkpICAmJiBfaV9maWxl cz0oICIkeyhAKV9pX2ZpbGVzOiMoJHsoajp8OilfaV93ZGlycyUuendjfSkvKn0iICkKICAgICAg IGZpCisgICAgICBmcGF0aD0oJHtmcGF0aDp8X2lfd2RpcnN9KQorICAgICAgKCggJCNfaV93Zmls ZXMgKSkgJiYgX2lfZmlsZXM9KCAiJHsoQClfaV9maWxlczojKCR7KGo6fDopX2lfd2ZpbGVzJS56 d2N9KX0iICApCisgICAgICAoKCAkI19pX3dkaXJzICkpICAmJiBfaV9maWxlcz0oICIkeyhAKV9p X2ZpbGVzOiMoJHsoajp8OilfaV93ZGlycyUuendjfSkvKn0iICkKICAgICBmaQogICAgIHR5cGVz ZXQgLWcgX2NvbXBfc2VjdXJlPXllcwogICBmaQogZmkKIAogIyBNYWtlIHN1cmUgY29tcGR1bXAg aXMgYXZhaWxhYmxlLCBldmVuIGlmIHdlIGFyZW4ndCBnb2luZyB0byB1c2UgaXQuCi1hdXRvbG9h ZCAtVXogY29tcGR1bXAgY29tcGluc3RhbGwKK2F1dG9sb2FkIC1SVXogY29tcGR1bXAgY29tcGlu c3RhbGwKIAogIyBJZiB3ZSBoYXZlIGEgZHVtcCBmaWxlLCBsb2FkIGl0LgogCkBAIC01MzgsNyAr NTM2LDcgQEAgaWYgW1sgLXogIiRfaV9kb25lIiBdXTsgdGhlbgogCWZpCiAJOzsKICAgICAgIChc I2F1dG9sb2FkKQotCWF1dG9sb2FkIC1VeiAiJF9pX2xpbmVbQF0iICR7X2lfbmFtZX0KKwlhdXRv bG9hZCAtclV6ICIkX2lfbGluZVtAXSIgJHtfaV9uYW1lfQogCVtbICIkX2lfbGluZSIgIT0gXCAj IF1dICYmIF9jb21wYXV0b3NbJHtfaV9uYW1lfV09IiRfaV9saW5lIgogCTs7CiAgICAgICBlc2Fj CkBAIC01NzAsNiArNTY4LDYgQEAgaWYgW1sgJHtfaV9saW5lWzJdfSA9IGV4cGFuZC1vci1jb21w bGV0ZSBdXSAmJgogZmkKIAogdW5mdW5jdGlvbiBjb21waW5pdCBjb21wYXVkaXQKLWF1dG9sb2Fk IC1VeiBjb21waW5pdCBjb21wYXVkaXQKK2F1dG9sb2FkIC1SVXogY29tcGluaXQgY29tcGF1ZGl0 CiAKIHJldHVybiAwCmRpZmYgLS1naXQgYS9Eb2MvWnNoL2NvbXBzeXMueW8gYi9Eb2MvWnNoL2Nv bXBzeXMueW8KaW5kZXggZjg1MjkzYWM3Li5iOTY4ZjIwZGMgMTAwNjQ0Ci0tLSBhL0RvYy9ac2gv Y29tcHN5cy55bworKysgYi9Eb2MvWnNoL2NvbXBzeXMueW8KQEAgLTE5MCw3ICsxOTAsNyBAQCB0 dChjb21waW5pdCkgd2lsbCBhc2sgaWYgdGhlIGNvbXBsZXRpb24gc3lzdGVtIHNob3VsZCByZWFs bHkgYmUgdXNlZC4gIFRvCiBhdm9pZCB0aGVzZSB0ZXN0cyBhbmQgbWFrZSBhbGwgZmlsZXMgZm91 bmQgYmUgdXNlZCB3aXRob3V0IGFza2luZywgdXNlIHRoZQogb3B0aW9uIHR0KC11KSwgYW5kIHRv IG1ha2UgdHQoY29tcGluaXQpIHNpbGVudGx5IGlnbm9yZSBhbGwgaW5zZWN1cmUgZmlsZXMKIGFu ZCBkaXJlY3RvcmllcyB1c2UgdGhlIG9wdGlvbiB0dCgtaSkuICBUaGlzIHNlY3VyaXR5IGNoZWNr IGlzIHNraXBwZWQKLWVudGlyZWx5IHdoZW4gdGhlIHR0KC1DKSBvcHRpb24gaXMgZ2l2ZW4uCitl bnRpcmVseSB3aGVuIHRoZSB0dCgtQykgb3B0aW9uIGlzIGdpdmVuLCBwcm92aWRlZCB0aGUgZHVt cGZpbGUgZXhpc3RzLgogCiBmaW5kZXgoY29tcGF1ZGl0KQogVGhlIHNlY3VyaXR5IGNoZWNrIGNh biBiZSByZXRyaWVkIGF0IGFueSB0aW1lIGJ5IHJ1bm5pbmcgdGhlIGZ1bmN0aW9uCmRpZmYgLS1n aXQgYS9ORVdTIGIvTkVXUwppbmRleCAxZTk5MjZjMDUuLjgzMmEyN2UzNiAxMDA2NDQKLS0tIGEv TkVXUworKysgYi9ORVdTCkBAIC00LDI1ICs0LDggQEAgQ0hBTkdFUyBGUk9NIFBSRVZJT1VTIFZF UlNJT05TIE9GIFpTSAogCiBOb3RlIGFsc28gdGhlIGxpc3Qgb2YgaW5jb21wYXRpYmlsaXRpZXMg aW4gdGhlIFJFQURNRSBmaWxlLgogCi1DaGFuZ2VzIHNpbmNlIDUuOAotLS0tLS0tLS0tLS0tLS0t LS0KLQotQ1ZFLTIwMjEtNDU0NDQ6IFNvbWUgcHJvbXB0IGV4cGFuc2lvbiBzZXF1ZW5jZXMsIHN1 Y2ggYXMgJUYsIHN1cHBvcnQKLSdhcmd1bWVudHMnIHdoaWNoIGFyZSB0aGVtc2VsdmVzIGV4cGFu ZGVkIGluIGNhc2UgdGhleSBjb250YWluIGNvbG91cgotdmFsdWVzLCBldGMuIFRoaXMgYWRkaXRp b25hbCBleHBhbnNpb24gd291bGQgdHJpZ2dlciBQUk9NUFRfU1VCU1QKLWV2YWx1YXRpb24sIGlm IGVuYWJsZWQuIFRoaXMgY291bGQgYmUgYWJ1c2VkIHRvIGV4ZWN1dGUgY29kZSB0aGUgdXNlcgot ZGlkbid0IGV4cGVjdC4gZS5nLiwgZ2l2ZW4gYSBjZXJ0YWluIHByb21wdCBjb25maWd1cmF0aW9u LCBhbiBhdHRhY2tlcgotY291bGQgdHJpY2sgYSB1c2VyIGludG8gZXhlY3V0aW5nIGFyYml0cmFy eSBjb2RlIGJ5IGhhdmluZyB0aGVtIGNoZWNrCi1vdXQgYSBHaXQgYnJhbmNoIHdpdGggYSBzcGVj aWFsbHkgY3JhZnRlZCBuYW1lLgotCi1UaGlzIGlzIGZpeGVkIGluIHRoZSBzaGVsbCBpdHNlbGYg Ynkgbm8gbG9uZ2VyIHBlcmZvcm1pbmcgUFJPTVBUX1NVQlNUCi1ldmFsdWF0aW9uIG9uIHRoZXNl IHByb21wdC1leHBhbnNpb24gYXJndW1lbnRzLgotCi1Vc2VycyB3aG8gYXJlIGNvbmNlcm5lZCBh Ym91dCBhbiBleHBsb2l0IGJ1dCB1bmFibGUgdG8gdXBkYXRlIHRoZWlyCi1iaW5hcmllcyBtYXkg YXBwbHkgdGhlIHBhcnRpYWwgd29yay1hcm91bmQgZGVzY3JpYmVkIGluIHRoZSBmaWxlCi1FdGMv Q1ZFLTIwMjEtNDU0NDQtVkNTX0luZm8td29ya2Fyb3VuZC5wYXRjaCBpbmNsdWRlZCB3aXRoIHRo ZSBzaGVsbAotc291cmNlLiBbIFJlcG9ydGVkIGJ5IFJ5b3RhSyA8c2VjdXJpdHlAcnlvdGFrLm1l Pi4gQWRkaXRpb25hbCB0aGFua3MgdG8KLU1hcmMgQ29ybmVsbMOgIDxoZWxsb0BtY29ybmVsbGEu Y29tPi4gXQorQ2hhbmdlcyBzaW5jZSA1LjguMQorLS0tLS0tLS0tLS0tLS0tLS0tLQogCiBXaGVu IHVuc2V0dGluZyBhIGhhc2ggZWxlbWVudCwgdGhlIHN0cmluZyBlbmNsb3NlZCBpbiBzcXVhcmUg YnJhY2tldHMgaXMKIGludGVycHJldGVkIGxpdGVyYWxseSBhZnRlciBhbnkgbm9ybWFsIGNvbW1h bmQtbGluZS1hcmd1bWVudCBleHBhbnNpb25zLgpAQCAtNTUsNiArMzgsMTEgQEAgVGhlIG9wdGlv biBDTE9CQkVSX0VNUFRZIHdhcyBhZGRlZCB0byBlbmFibGUgdGhlIG92ZXJ3cml0ZSBiZWhhdmlv dXIKIG9mIENMT0JCRVIgZm9yIGVtcHR5IGZpbGVzIG9ubHkuIEl0IGlzIGRpc2FibGVkIGJ5IGRl ZmF1bHQuCiAKIFRoZSBjb21waW5pdCBmdW5jdGlvbiBsZWFybnQgYSAtdyBvcHRpb24gdG8gZXhw bGFpbiB3aHkgY29tcGR1bXAgcnVucy4KK1doZW4gcnVuIHdpdGhvdXQgdGhlIC1pIG9yIC11IG9w dGlvbnMgYW5kIGNvbXBhdWRpdCBkaXNjb3ZlcnMgc2VjdXJpdHkKK2lzc3VlcywgYW5zd2VyaW5n ICJ5IiB0byB0aGUgIklnbm9yZSBpbnNlY3VyZSAuLi4iIHByb21wdCByZW1vdmVzIHRoZQoraW5z ZWN1cmUgZWxlbWVudHMgKGxpa2UgdGhlIC1pIG9wdGlvbikgd2hlcmUgcHJldmlvdXNseSBpdCBp Z25vcmVkIHRoZQorcmVzdWx0ICh0aHVzIGZvcm1lcmx5IGxpa2UgdGhlIC11IG9wdGlvbikuICBG dXJ0aGVyLCByZW1vdmluZyB0aG9zZQorZWxlbWVudHMgaW5jbHVkZXMgZHJvcHBpbmcgZGlyZWN0 b3JpZXMgZnJvbSB0aGUgJGZwYXRoIGFycmF5LgogCiBUaGUgenNoL2RhdGV0aW1lIG1vZHVsZSdz IHN0cmZ0aW1lIGJ1aWx0aW4gbGVhcm50IGFuIC1uIG9wdGlvbiB0byBvbWl0CiB0aGUgdHJhaWxp bmcgbmV3bGluZSB3aGVuIHByaW50aW5nIGEgZm9ybWF0dGVkIHRpbWUuCkBAIC03MCw2ICs1OCwz MiBAQCBhdHRyaWJ1dGVzIHN1Y2ggYXMgbnVtZXJpYyB0eXBlLCBzb3J0aW5nLCBhbmQgcGFkZGlu ZyBhcmUgcmV0YWluZWQgdW50aWwKIHRoZSBwYXJhbWV0ZXIgaXMgZXhwbGljaXRseSB1bnNldCBv ciBhIGNvbmZsaWN0aW5nIHZhbHVlIGlzIGFzc2lnbmVkLgogVGhpcyBpcyBzaW1pbGFyIHRvIGRl ZmF1bHQgYmVoYXZpb3Igb2YgYmFzaCBhbmQga3NoLgogCitUaGUgImpvYnMiIGNvbW1hbmQgYW5k ICIkam9ic3RhdGVzIiBhbmQgcmVsYXRlZCBwYXJhbWV0ZXJzIGNhbiByZXBvcnQgb24KK3BhcmVu dCBzaGVsbCBqb2JzIGV2ZW4gaW4gc3Vic2hlbGxzLiAgVGhpcyBpcyBhIHNuYXBzaG90IG9mIHRo ZSBwYXJlbnQKK3N0YXRlLCBmcm96ZW4gYXQgdGhlIHBvaW50IHRoZSBzdWJzaGVsbCBzdGFydGVk LiAgSG93ZXZlciwgaWYgYSBzdWJzaGVsbAorc3RhcnRzIGl0cyBvd24gYmFja2dyb3VuZCBqb2Jz LCB0aGUgcGFyZW50IHN0YXRlIGlzIGRpc2NhcmRlZCBpbiBvcmRlcgordG8gcmVwb3J0IG9uIHRo b3NlIG5ldyBqb2JzLgorCitDaGFuZ2VzIHNpbmNlIDUuOAorLS0tLS0tLS0tLS0tLS0tLS0KKwor Q1ZFLTIwMjEtNDU0NDQ6IFNvbWUgcHJvbXB0IGV4cGFuc2lvbiBzZXF1ZW5jZXMsIHN1Y2ggYXMg JUYsIHN1cHBvcnQKKydhcmd1bWVudHMnIHdoaWNoIGFyZSB0aGVtc2VsdmVzIGV4cGFuZGVkIGlu IGNhc2UgdGhleSBjb250YWluIGNvbG91cgordmFsdWVzLCBldGMuIFRoaXMgYWRkaXRpb25hbCBl eHBhbnNpb24gd291bGQgdHJpZ2dlciBQUk9NUFRfU1VCU1QKK2V2YWx1YXRpb24sIGlmIGVuYWJs ZWQuIFRoaXMgY291bGQgYmUgYWJ1c2VkIHRvIGV4ZWN1dGUgY29kZSB0aGUgdXNlcgorZGlkbid0 IGV4cGVjdC4gZS5nLiwgZ2l2ZW4gYSBjZXJ0YWluIHByb21wdCBjb25maWd1cmF0aW9uLCBhbiBh dHRhY2tlcgorY291bGQgdHJpY2sgYSB1c2VyIGludG8gZXhlY3V0aW5nIGFyYml0cmFyeSBjb2Rl IGJ5IGhhdmluZyB0aGVtIGNoZWNrCitvdXQgYSBHaXQgYnJhbmNoIHdpdGggYSBzcGVjaWFsbHkg Y3JhZnRlZCBuYW1lLgorCitUaGlzIGlzIGZpeGVkIGluIHRoZSBzaGVsbCBpdHNlbGYgYnkgbm8g bG9uZ2VyIHBlcmZvcm1pbmcgUFJPTVBUX1NVQlNUCitldmFsdWF0aW9uIG9uIHRoZXNlIHByb21w dC1leHBhbnNpb24gYXJndW1lbnRzLgorCitVc2VycyB3aG8gYXJlIGNvbmNlcm5lZCBhYm91dCBh biBleHBsb2l0IGJ1dCB1bmFibGUgdG8gdXBkYXRlIHRoZWlyCitiaW5hcmllcyBtYXkgYXBwbHkg dGhlIHBhcnRpYWwgd29yay1hcm91bmQgZGVzY3JpYmVkIGluIHRoZSBmaWxlCitFdGMvQ1ZFLTIw MjEtNDU0NDQtVkNTX0luZm8td29ya2Fyb3VuZC5wYXRjaCBpbmNsdWRlZCB3aXRoIHRoZSBzaGVs bAorc291cmNlLiBbIFJlcG9ydGVkIGJ5IFJ5b3RhSyA8c2VjdXJpdHlAcnlvdGFrLm1lPi4gQWRk aXRpb25hbCB0aGFua3MgdG8KK01hcmMgQ29ybmVsbMOgIDxoZWxsb0BtY29ybmVsbGEuY29tPi4g XQorCiBDaGFuZ2VzIGZyb20gNS43LjEtdGVzdC0zIHRvIDUuOAogLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0KIApkaWZmIC0tZ2l0IGEvUkVBRE1FIGIvUkVBRE1FCmluZGV4IDM1MzY2 NzI4OS4uYzI3ZDY4ODFhIDEwMDY0NAotLS0gYS9SRUFETUUKKysrIGIvUkVBRE1FCkBAIC0zMyw2 ICszMywxMCBAQCBkZXRhaWxzLCBzZWUgdGhlIGRvY3VtZW50YXRpb24uCiBJbmNvbXBhdGliaWxp dGllcyBzaW5jZSA1LjgKIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogCitjb21waW5pdDog QSAieSIgcmVzcG9uc2UgdG8gdGhlICJJZ25vcmUgLi4uIGFuZCBjb250aW51ZT8iIHByb21wdCBy ZW1vdmVzCitpbnNlY3VyZSBlbGVtZW50cyBmcm9tIHRoZSBzZXQgb2YgY29tcGxldGlvbiBmdW5j dGlvbnMsIHdoZXJlIHByZXZpb3VzbHkKK2l0IGlnbm9yZWQgdGhlIGNvbXBhdWRpdCByZXN1bHQg YW5kIGluY2x1ZGVkIGFsbCBlbGVtZW50cy4KKwogUFJPTVBUX1NVQlNUIGV4cGFuc2lvbiBpcyBu byBsb25nZXIgcGVyZm9ybWVkIG9uIGFyZ3VtZW50cyB0byBwcm9tcHQtCiBleHBhbnNpb24gc2Vx dWVuY2VzIHN1Y2ggYXMgJUYuCiAK --00000000000016324905db60c52d--