From dev-return-38971-archive-asf-public=cust-asf.ponee.io@subversion.apache.org Wed Jan 23 11:52:29 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 2E98B18066C for ; Wed, 23 Jan 2019 11:52:28 +0100 (CET) Received: (qmail 40270 invoked by uid 500); 23 Jan 2019 10:52:27 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Delivered-To: moderator for dev@subversion.apache.org Received: (qmail 30712 invoked by uid 99); 23 Jan 2019 10:49:10 -0000 X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.088 X-Spam-Level: ** X-Spam-Status: No, score=2.088 tagged_above=-999 required=6.31 tests=[HTML_FONT_FACE_BAD=0.289, HTML_MESSAGE=2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=disabled X-Disclaimed: 22758 To: dev@subversion.apache.org MIME-Version: 1.0 Subject: propositionl: patching mod_authz_svn to be used as an authz provider for apache 2.4 X-KeepSent: 0D6C6DDB:93749B80-C125838B:0033D06F; type=4; name=$KeepSent X-Mailer: IBM Notes Release 9.0.1 October 14, 2013 From: Francisco L Fernandez Tortosa Date: Wed, 23 Jan 2019 10:42:55 +0000 X-LLNOutbound: False X-TNEFEvaluated: 1 x-cbid: 19012310-1799-0000-0000-00000A1EADAF X-IBM-SpamModules-Scores: BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.43978; ST=0; TS=0; UL=0; ISC=; MB=0.000652 X-IBM-SpamModules-Versions: BY=3.00010462; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000275; SDB=6.01150565; UDB=6.00599607; IPR=6.00930902; BA=6.00006207; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00025254; XFM=3.00000015; UTC=2019-01-23 10:42:57 X-IBM-AV-DETECTION: SAVI=unsuspicious REMOTE=unsuspicious XFE=unused X-IBM-AV-VERSION: SAVI=2019-01-23 07:03:49 - 6.00009497 x-cbparentid: 19012310-1800-0000-0000-0000FD57B5B8 Message-Id: Content-Type: multipart/mixed; boundary="=_mixed 003AD67AC125838B_=" X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-23_06:,, signatures=0 X-Proofpoint-Spam-Reason: safe --=_mixed 003AD67AC125838B_= Content-Type: multipart/alternative; boundary="=_alternative 003AD67AC125838B_=" --=_alternative 003AD67AC125838B_= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="ISO-8859-1" Hello, I am involved in a customer project to replace CVS with SVN. SVN was=20 chosen against more popular alternatives like git, because it is a free,=20 open-source, mature and, this was the main point, centralized version=20 control system. Repositories are to be accessed through https protocol,=20 served by apache httpd server 2.4. Some features of the actual CVS service = had to be ported to the SVN setup. For example, normal users shouldn't be=20 able to create top (first) level folders and files. The straight forward=20 to implement that requisite was through path access cheking. But activate=20 mod=5Fauthz=5Fsvn implies breaking any other authz module, like for example= =20 mod=5Fauthnz=5Fldap, required for us to control repository access based on = LDAP group membership, or having true read only service accounts for=20 Redmine, to have just two examples. Looking at the source code I have=20 found that mod=5Fauthz=5Fsvn is coded to support apache 2.2 authn / authz=20 instead of native 2.4 model. As I didn't consider it a major effort, I=20 have dedicated a few hours to analyze and patch the code, resulting in a=20 functional 2.4 authz provider. This way it can seamless combine with other = authz providers like in this example: svn01:~/src/subversion-1.10.0/source/subversion-1.10.0 # cat=20 /etc/apache2/vhosts.d/svn.d/repos/test.conf=20 =20 SetEnvif Request=5FURI ^/repos/test Repo=5Ftest=3D1=20 CustomLog /svn/logs/repos/test/access.log "%h %t - %{SVN-REPOS-NAME}e -=20 %u - %{SVN-ACTION}e" env=3DRepo=5Ftest=20 =20 DAV svn=20 SVNPath /svn/repos/test=20 AuthzSVNAccessFile /svn/config/auth/accessfile-test=20 SVNReposName "Repositorio de TEST"=20 AuthzSVNAuthoritative Off=20 AuthzSVNAnonymous Off=20 AuthMerging And=20 =20 =20 Require control-point "GuardiasRedes"=20 Require control-point "Administradores Servidores Horizontales"=20 =20 Require svnpathaccess "Granted"=20 =20 =20 =20 svn01:~/src/subversion-1.10.0/source/subversion-1.10.0 #=20 The "Granted" argument to the "require svnpathaccess" line for the=20 provider is just a placeholder / syntax sugar as all the info that the=20 provider needs is provided through the directory level clauses=20 AuthzSVNAccessFile, SVNReposName... etc. The patched code suits our needs, but we are very concerned about support=20 and maintenance. Would it be possible for the SVN dev team to integrate in = the official code a patch like this and provide the module full apache 2.4 = integration?. Attached goes the patch for your consideration. It is written against=20 1.10 code. Perhaps you should correct some white spaces in the patch to=20 apply cleanly because security restrictions at the customer don't allow=20 the employes or subcontractors to send any type mail attachments, and I=20 had to copy it in the body. Thanks in advance Saludos / Regards -- Francisco L. Fern=E1ndez Tortosa IBM GS Spain - GTS Infrastructure Services Projects Linux & open source services Delivery Infrastructure Architect email: fco.luis.fdez@es.ibm.com phone:(+34)635520045 IBM Global Services Espa=F1a, S.A. Mar Adri=E1tico, 2,=20 28830 San Fernando de Henares (Madrid) Registro Mercantil de Madrid, Folio 49; Tomo 6430; Hoja M-104.742 CIF A80-599459 ------------------------------------------------------------- S=F3lo conozco dos tipos de personas razonables: las que aman a Dios de tod= o=20 coraz=F3n porque lo conocen, y las que lo buscan de todo coraz=F3n porque n= o=20 lo conocen. Blas Pascal Two things are infinite: the universe and human stupidity; and I'm not=20 sure about the universe. Albert Einstein Salvo indicado de otro modo m=E1s arriba / Unless stated otherwise above: International Business Machines, S.A. Santa Hortensia, 26-28, 28002 Madrid Registro Mercantil de Madrid; Folio 1; Tomo 1525; Hoja M-28146 CIF A28-010791 --=_alternative 003AD67AC125838B_= Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="ISO-8859-1" Hello,

I am involved in a customer project to replace CVS with SVN. SVN was chosen against more popular alternatives like git, because it is a free, open-source, mature and, this was the main point, centralized version control system. Repositories are to be accessed through https protocol, served by apache httpd server 2.4. Some features of the actual CVS service had to be ported to the SVN setup. For example, normal users shouldn't be able to create top (first) level folders and files. The straight forward to implement that requisite was through path access cheking. But activate  mod=5Fauthz=5Fsvn implies breaking any o= ther authz module, like for example mod=5Fauthnz=5Fldap, required for us to cont= rol repository access based on LDAP group membership, or having true read only service accounts for Redmine, to have just two examples. Looking at the source code I have found that mod=5Fauthz=5Fsvn is coded to support apache 2.2 authn / authz instead of native 2.4 model. As I didn't consider it a major effort, I have dedicated a few hours to analyze and patch the code, resulting in a functional 2.4 authz provider. This way it can seamless combine with other authz providers like in this example:

svn01:~/src/subversion-1.10.0/= source/subversion-1.10.0 # cat /etc/apache2/vhosts.d/svn.d/repos/test.conf
<IfModule mod=5Fdav=5Fsvn.c= >

SetEnvif Request=5FURI ^/repos= /test Repo=5Ftest=3D1
CustomLog   /svn/logs/rep= os/test/access.log "%h %t - %{SVN-REPOS-NAME}e - %u - %{SVN-ACTION}e" env=3DRepo=5Ft= est
<Location "/repos/test= ">
    DAV svn
    SVNPath /svn/rep= os/test
    AuthzSVNAccessFi= le /svn/config/auth/accessfile-test
    SVNReposName &qu= ot;Repositorio de TEST"
    AuthzSVNAuthorit= ative Off
    AuthzSVNAnonymous Off
    AuthMerging And
    <RequireAll&g= t;
    <RequireAny&g= t;
      Require c= ontrol-point "GuardiasRedes"
      Require c= ontrol-point "Administradores Servidores Horizontales"
    </RequireAny&= gt;
      Require s= vnpathaccess "Granted"
    </RequireAll&= gt;
 </Location>
</IfModule>
svn01:~/src/subversion-1.10.0/= source/subversion-1.10.0 #

The "Granted" argument to the "require svnpathaccess" line for the provider is just a placehold= er / syntax sugar as all the info that the provider needs is provided through the directory level clauses AuthzSVNAccessFile, SVNReposName... etc.

The patched code suits our needs, but we are very concerned about support and maintenance. Would it be possible for the SVN dev team to integrate in the official code a patch like this and provide the module full apache 2.4 integration?.

Attached goes the  patch for your consideration. It is written against 1.10 code. Perhaps you should correct some white spaces in the patch to apply cleanly because security restrictio= ns at the customer don't allow the employes or subcontractors to send any type mail attachments, and I had to copy it in the body.



Thanks in advance


Saludos / Regards

--

Francisco L. Fern=E1ndez Tortosa
IBM GS Spain - GTS Infrastructure Services Projects
Linux & open source services
Delivery Infrastructure Architect
email: fco.luis.fdez@es.ibm.com
phone:(+34)635520045

IBM Global Services Espa=F1a, S.A.
Mar Adri=E1tico, 2,
28830 San Fernando de Henares (Madrid)
Registro Mercantil de Madrid, Folio 49; Tomo 6430; Hoja M-104.742
CIF A80-599459

-------------------------------------------------------------
S=F3lo conozco dos tipos de personas razonables: las que aman a Dios de todo coraz=F3n porque lo conocen, y las que lo buscan de todo coraz=F3n porque no lo conocen.
                                                 Blas Pascal

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.
                                                 Albert Einstein


Salvo indicado de otro modo m=E1s arriba / Unless stated otherwise above: International Business Machines, S.A.
Santa Hortensia, 26-28, 28002 Madrid
Registro Mercantil de Madrid; Folio 1; Tomo 1525; Hoja M-28146
CIF A28-010791
 --=_alternative 003AD67AC125838B_=-- --=_mixed 003AD67AC125838B_= Content-Type: application/octet-stream; name="svn-1.10-authz.patch" Content-Disposition: attachment; filename="svn-1.10-authz.patch" Content-Transfer-Encoding: base64 SW5kZXg6IHN1YnZlcnNpb24tMS4xMC4wL3N1YnZlcnNpb24vbW9kX2F1dGh6X3N2bi9tb2RfYXV0 aHpfc3ZuLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gc3VidmVyc2lvbi0xLjEwLjAub3JpZy9zdWJ2ZXJzaW9u L21vZF9hdXRoel9zdm4vbW9kX2F1dGh6X3N2bi5jCisrKyBzdWJ2ZXJzaW9uLTEuMTAuMC9zdWJ2 ZXJzaW9uL21vZF9hdXRoel9zdm4vbW9kX2F1dGh6X3N2bi5jCkBAIC0zOCw2ICszOCwxNiBAQAog I2luY2x1ZGUgPGFwcl9saWIuaD4KICNpbmNsdWRlIDxtb2RfZGF2Lmg+CgorI2lmICggQVBfU0VS VkVSX01BSk9SVkVSU0lPTl9OVU1CRVIgKiAxMCArIEFQX1NFUlZFUl9NSU5PUlZFUlNJT05fTlVN QkVSICkgPiAyMworIyBkZWZpbmUgSEFWRV9BUF8yNCAxCisjIGVsc2UKKyMgZGVmaW5lIEhBVkVf QVBfMjQgMAorI2VuZGlmCisKKyNpZiBIQVZFX0FQXzI0CisjaW5jbHVkZSAibW9kX2F1dGguaCIK KyNlbmRpZgorCiAjaW5jbHVkZSAibW9kX2Rhdl9zdm4uaCIKICNpbmNsdWRlICJtb2RfYXV0aHpf c3ZuLmgiCiAjaW5jbHVkZSAic3ZuX3BhdGguaCIKQEAgLTg0LDYgKzk0LDExIEBAIHR5cGVkZWYg c3RydWN0IGF1dGh6X3N2bl9jb25maWdfcmVjIHsKICAgY29uc3QgY2hhciAqZm9yY2VfdXNlcm5h bWVfY2FzZTsKIH0gYXV0aHpfc3ZuX2NvbmZpZ19yZWM7CgorCisKKyNpZiBIQVZFX0FQXzI0CisK KyNlbHNlCiAvKiB2ZXJzaW9uIHdoZXJlIGFwX3NvbWVfYXV0aF9yZXF1aXJlZCBicmVha3MgKi8K ICNpZiBBUF9NT0RVTEVfTUFHSUNfQVRfTEVBU1QoMjAwNjAxMTAsMCkKIC8qIGZpcnN0IHZlcnNp b24gd2l0aCBmb3JjZV9hdXRobiBob29rIGFuZCBhcF9zb21lX2F1dGhuX3JlcXVpcmVkKCkKQEAg LTEwNSw2ICsxMjAsNyBAQCB0eXBlZGVmIHN0cnVjdCBhdXRoel9zdm5fY29uZmlnX3JlYyB7CiAg ICAvKiBvbGQgZW5vdWdoIHRoYXQgYXBfc29tZV9hdXRoX3JlcXVpcmVkKCkgc3RpbGwgd29ya3Mg Ki8KICMgIGRlZmluZSBVU0VfRk9SQ0VfQVVUSE4gMAogI2VuZGlmCisjZW5kaWYKCiAvKgogICog Q29uZmlndXJhdGlvbgpAQCAtODc2LDYgKzg5Miw4OCBAQCBzdWJyZXFfYnlwYXNzKHJlcXVlc3Rf cmVjICpyLAogICogSG9va3MKICAqLwoKKworCisjaWYgSEFWRV9BUF8yNAorCitzdGF0aWMgYXV0 aHpfc3RhdHVzIHN2bnBhdGhfY2hlY2tfYXV0aG9yaXphdGlvbihyZXF1ZXN0X3JlYyAqciwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IGNo YXIgKnJlcXVpcmVfYXJncywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGNvbnN0IHZvaWQgKnBhcnNlZF9yZXF1aXJlX2FyZ3MpCit7CisgIGF1dGh6 X3N2bl9jb25maWdfcmVjICpjb25mID0gYXBfZ2V0X21vZHVsZV9jb25maWcoci0+cGVyX2Rpcl9j b25maWcsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgJmF1dGh6X3N2bl9tb2R1bGUpOworICBjb25zdCBjaGFyICpyZXBvc19wYXRoID0gTlVMTDsK KyAgY29uc3QgY2hhciAqZGVzdF9yZXBvc19wYXRoID0gTlVMTDsKKyAgaW50IHN0YXR1czsKKwor ICAvKiBVc2UgdGhlIGZvcmNlX2F1dGhuKCkgaG9vayBhdmFpbGFibGUgaW4gMi40LnggdG8gd29y ayBzZWN1cmVseQorICAgKiBnaXZlbiB0aGF0IGFwX3NvbWVfYXV0aF9yZXF1aXJlZCgpIGlzIG5v IGxvbmdlciBmdW5jdGlvbmFsIGZvciBvdXIKKyAgICogcHVycG9zZXMgaW4gMi40LnguCisgICAq LworICBpbnQgYXV0aG5fY29uZmlndXJlZDsKKworICAvKiBXZSBhcmUgbm90IGNvbmZpZ3VyZWQg dG8gcnVuICovCisgIGlmICghIChjb25mLT5hY2Nlc3NfZmlsZSB8fCBjb25mLT5yZXBvX3JlbGF0 aXZlX2FjY2Vzc19maWxlKSkKKyAgICByZXR1cm4gQVVUSFpfR0VORVJBTF9FUlJPUjsKKworICAv KiBTZWUgaWYgYXV0aGVudGljYXRpb24gaXMgY29uZmlndXJlZCAqLworCisgIGF1dGhuX2NvbmZp Z3VyZWQgPSBhcF9hdXRoX3R5cGUocikgIT0gTlVMTDsKKworICAvKiBhcF9hdXRoX3R5cGU6IFJl dHVybnMgdGhlIGF1dGhlbnRpY2F0aW9uIHR5cGUgKGFzIHNldCBieSB0aGUgQXV0aFR5cGUgZGly ZWN0aXZlKSBmb3IgdGhlIHJlcXVlc3Qgci4gQ3VycmVudGx5IHRoaXMgc2hvdWxkIG9ubHkgYmUg QmFzaWMsIERpZ2VzdCwgb3IgTlVMTC4gKi8KKworICBpZiAoIXItPnVzZXIpIHsKKyAgICBpZiAo YXV0aG5fY29uZmlndXJlZCAmJiAhY29uZi0+YW5vbnltb3VzKSB7CisgICAgICAvKiBXZSBuZWVk IGFuIHVzZXIgYmVjYXVzZSBkb24ndCBhbGxvdyBhbm9ueW1vdXMgYWNjZXNzICovCisgICAgICBy ZXR1cm4gQVVUSFpfREVOSUVEX05PX1VTRVI7CisgICAgfQorICAgIGVsc2UgaWYgKCFhdXRobl9j b25maWd1cmVkICYmICFjb25mLT5hbm9ueW1vdXMpIHsKKyAgICAgIC8qIFRoZXJlIGlzIG5vIGF1 dGggZGVmaW5lZCBhbmQgd2UgZG9uJ3QgYWxsb3cgYW5vbnltb3VzICovCisgICAgICByZXR1cm4g QVVUSFpfREVOSUVEOworICAgIH0KKyAgfQorCisgIC8qIE5vdyB3ZSBoYXZlIGFuIHVzZXIgKHIt PnVzZXIpIG9yIHdlIGRvbid0IGJ1dCB3YW50IGFub255bW91cyBhY2Nlc3MgKCFhdXRobl9jb25m aWd1cmVkICYmIGNvbmYtPmFub255bW91cykgKi8KKworCisgIC8qIElmIGFub24gYWNjZXNzIGlz IGFsbG93ZWQsIHJldHVybiBPSyAqLworCisgIC8qIE5vdyB0ZXN0ICovCisKKyAgc3RhdHVzID0g cmVxX2NoZWNrX2FjY2VzcyhyLCBjb25mLCAmcmVwb3NfcGF0aCwgJmRlc3RfcmVwb3NfcGF0aCk7 CisgIGlmIChzdGF0dXMgPT0gREVDTElORUQpCisgICAgeworCisgICAgICBsb2dfYWNjZXNzX3Zl cmRpY3QoQVBMT0dfTUFSSywgciwgMCwgRkFMU0UsIHJlcG9zX3BhdGgsIGRlc3RfcmVwb3NfcGF0 aCk7CisgICAgICBpZiAoYXV0aG5fY29uZmlndXJlZCAmJiAhci0+dXNlciApIHsKKyAgICAgICAv KiBHaXZlIGEgc2Vjb25kIGNoYW5jZSBvbmx5IGluIHRoZSBjYXNlIHRoYXQgYXV0aG4gbW9kdWxl cyBjb3VsZCBjYWxsIHVzIGJhY2sgd2l0aCBhbiB1c2VyICovCisgICAgICAgcmV0dXJuIEFVVEha X0RFTklFRF9OT19VU0VSOworICAgICAgfQorCisgICAgICAvKiBpbiBhbnkgb3RoZXIgY2FzZSB3 ZSBoYXZlIGZhaWxlZCAqLworCisgICAgICByZXR1cm4gQVVUSFpfREVOSUVEOworCisgICAgfQor CisgIGlmIChzdGF0dXMgIT0gT0spIHsKKyAgICBzd2l0Y2ggKHN0YXR1cykKKyAgICAgIHsKKyAg ICAgIGNhc2UgSFRUUF9CQURfUkVRVUVTVDoKKyAgICAgIGNhc2UgSFRUUF9GT1JCSURERU46Cisg ICAgICAgcmV0dXJuIEFVVEhaX0dFTkVSQUxfRVJST1I7CisgICAgICBkZWZhdWx0OgorICAgICAg IHJldHVybiBBVVRIWl9ERU5JRUQ7CisgICAgICB9CisgIH0KKworICBsb2dfYWNjZXNzX3ZlcmRp Y3QoQVBMT0dfTUFSSywgciwgMSwgRkFMU0UsIHJlcG9zX3BhdGgsIGRlc3RfcmVwb3NfcGF0aCk7 CisKKyAgcmV0dXJuIEFVVEhfR1JBTlRFRDsKK30KKworI2Vsc2UKKwogc3RhdGljIGludAogYWNj ZXNzX2NoZWNrZXIocmVxdWVzdF9yZWMgKnIpCiB7CkBAIC05MTIsNyArMTAxMCw3IEBAIGFjY2Vz c19jaGVja2VyKHJlcXVlc3RfcmVjICpyKQogICAgICAgICB7CiAgICAgICAgICAgLyogU2V0IHRo ZSBub3RlIHRvIGZvcmNlIGF1dGhuIHJlZ2FyZGxlc3Mgb2Ygd2hhdCBhY2Nlc3NfY2hlY2tlcl9l eAogICAgICAgICAgICAgIGhvb2sgcmVxdWlyZXMgKi8KLSAgICAgICAgICBhcHJfdGFibGVfc2V0 bihyLT5ub3RlcywgRk9SQ0VfQVVUSE5fTk9URSwgKGNvbnN0IGNoYXIqKTEpOworICAgICAgICAg IGFwcl90YWJsZV9zZXRuKHItPm5vdGVzLCBGT1JDRV9BVVRITl9OT1RFLCAiMSIpOwoKICAgICAg ICAgICAvKiBwcm92aWRlIHRoZSBwcm9wZXIgcmV0dXJuIHNvIHRoZSBhY2Nlc3NfY2hlY2tlciBo b29rIGRvZXNuJ3QKICAgICAgICAgICAgKiBwcmV2ZW50IHRoZSBjb2RlIGZyb20gY29udGludWlu ZyBvbiB0byB0aGUgb3RoZXIgYXV0aCBob29rcyAqLwpAQCAtOTc4LDcgKzEwNzYsNyBAQCBhY2Nl c3NfY2hlY2tlcihyZXF1ZXN0X3JlYyAqcikKICAgICAgICAgICAgKiBhcF9zb21lX2F1dGhuX3Jx dWlyZWQoKSB3aXRob3V0IHRyaWdnZXJpbmcgYW4gaW5maW5pdGUKICAgICAgICAgICAgKiBsb29w IHNpbmNlIHRoZSBjYWxsIHdpbGwgdHJpZ2dlciB0aGlzIGZ1bmN0aW9uIHRvIGJlCiAgICAgICAg ICAgICogY2FsbGVkIGFnYWluLiAqLwotICAgICAgICAgIGFwcl90YWJsZV9zZXRuKHItPm5vdGVz LCBJTl9TT01FX0FVVEhOX05PVEUsIChjb25zdCBjaGFyKikxKTsKKyAgICAgICAgICBhcHJfdGFi bGVfc2V0bihyLT5ub3RlcywgSU5fU09NRV9BVVRITl9OT1RFLCAiMSIpOwogICAgICAgICAgIGF1 dGhuX3JlcXVpcmVkID0gYXBfc29tZV9hdXRobl9yZXF1aXJlZChyKTsKICAgICAgICAgICBhcHJf dGFibGVfdW5zZXQoci0+bm90ZXMsIElOX1NPTUVfQVVUSE5fTk9URSk7CiAgICAgICAgICAgaWYg KGF1dGhuX3JlcXVpcmVkKQpAQCAtMTAwMCw2ICsxMDk4LDEwIEBAIGFjY2Vzc19jaGVja2VyKHJl cXVlc3RfcmVjICpyKQogICByZXR1cm4gT0s7CiB9CgorCisKKworCiBzdGF0aWMgaW50CiBjaGVj a191c2VyX2lkKHJlcXVlc3RfcmVjICpyKQogewpAQCAtMTAyMSw3ICsxMTIzLDcgQEAgY2hlY2tf dXNlcl9pZChyZXF1ZXN0X3JlYyAqcikKICAgc3RhdHVzID0gcmVxX2NoZWNrX2FjY2VzcyhyLCBj b25mLCAmcmVwb3NfcGF0aCwgJmRlc3RfcmVwb3NfcGF0aCk7CiAgIGlmIChzdGF0dXMgPT0gT0sp CiAgICAgewotICAgICAgYXByX3RhYmxlX3NldG4oci0+bm90ZXMsICJhdXRoel9zdm4tYW5vbi1v ayIsIChjb25zdCBjaGFyKikxKTsKKyAgICAgIGFwcl90YWJsZV9zZXRuKHItPm5vdGVzLCAiYXV0 aHpfc3ZuLWFub24tb2siLCAiMSIpOwogICAgICAgbG9nX2FjY2Vzc192ZXJkaWN0KEFQTE9HX01B UkssIHIsIDEsIEZBTFNFLCByZXBvc19wYXRoLCBkZXN0X3JlcG9zX3BhdGgpOwogICAgICAgcmV0 dXJuIE9LOwogICAgIH0KQEAgLTEwNzcsMzEgKzExNzksOTMgQEAgZm9yY2VfYXV0aG4ocmVxdWVz dF9yZWMgKnIpCiAgIHJldHVybiBERUNMSU5FRDsKIH0KICNlbmRpZgorI2VuZGlmCgogLyoKICAq IE1vZHVsZSBmbGVzaAogICovCgorCisKKyNpZiBIQVZFX0FQXzI0CisKK3N0YXRpYyBjb25zdCBj aGFyICpzdm5wYXRoY2hrX3BhcnNlX2NvbmZpZyhjbWRfcGFybXMgKmNtZCwgY29uc3QgY2hhciAq cmVxdWlyZV9saW5lLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0 IHZvaWQgKipwYXJzZWRfcmVxdWlyZV9saW5lKQoreworICAgIGNvbnN0IGNoYXIgKmV4cHJfZXJy ID0gTlVMTDsKKyAgICBhcF9leHByX2luZm9fdCAqZXhwcjsKKworICAgIGV4cHIgPSBhcF9leHBy X3BhcnNlX2NtZChjbWQsIHJlcXVpcmVfbGluZSwgQVBfRVhQUl9GTEFHX1NUUklOR19SRVNVTFQs CisgICAgICAgICAgICAmZXhwcl9lcnIsIE5VTEwpOworCisgICAgaWYgKGV4cHJfZXJyKQorICAg ICAgICByZXR1cm4gYXByX3BzdHJjYXQoY21kLT50ZW1wX3Bvb2wsCisgICAgICAgICAgICAgICAg ICAgICAgICAgICAiQ2Fubm90IHBhcnNlIGV4cHJlc3Npb24gaW4gcmVxdWlyZSBsaW5lOiAiLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgZXhwcl9lcnIsIE5VTEwpOworCisgICAgKnBhcnNl ZF9yZXF1aXJlX2xpbmUgPSBleHByOworCisgICAgcmV0dXJuIE5VTEw7Cit9CisKKworc3RhdGlj IGNvbnN0IGF1dGh6X3Byb3ZpZGVyIGF1dGh6X3N2bnBhdGhjaGtfcHJvdmlkZXIgPQoreworICAm c3ZucGF0aF9jaGVja19hdXRob3JpemF0aW9uLAorICAmc3ZucGF0aGNoa19wYXJzZV9jb25maWcs Cit9OworCisKKyNlbmRpZgorCisKIC8qIEltcGxlbWVudHMgdGhlICNyZWdpc3Rlcl9ob29rcyBt ZXRob2Qgb2YgQXBhY2hlJ3MgI21vZHVsZSB2dGFibGUuICovCiBzdGF0aWMgdm9pZAogcmVnaXN0 ZXJfaG9va3MoYXByX3Bvb2xfdCAqcCkKIHsKKworI2lmIEhBVkVfQVBfMjQKKyAgLyoKKyAgICog UmVnaXN0ZXIgYXV0aHogcHJvdmlkZXIKKyAgICogV2UgYmVnaW4gd2l0aCBBUF9BVVRIX0lOVEVS TkFMX1BFUl9DT05GIHNldHRpbmcKKyAgICogdG8gYXZvaWQgYnJlYWtpbmcgdG9vIG11Y2ggdGhp bmdzLCBhcyB3ZSBkb24ndCBrbm93IGlmIHN1YnJlcXVlc3RzIG9mIGF1biBhdXRob3JpemVkIHBh dGgKKyAgICogYXJlIGdvaW5nIHRvIHVzZSBhbiB1bmF1dGhvcml6ZWQgcGF0aAorICAgKgorICAg KiBPdGhlcndheXMgd2UgY291bGQgYmUgdXNpbmcgQVBfQVVUSF9JTlRFUk5BTF9QRVJfVVJJCisg ICAqLworICBhcF9yZWdpc3Rlcl9hdXRoX3Byb3ZpZGVyKHAsIEFVVEhaX1BST1ZJREVSX0dST1VQ LCAic3ZucGF0aGFjY2VzcyIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBVVRIWl9Q Uk9WSURFUl9WRVJTSU9OLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJmF1dGh6X3N2 bnBhdGhjaGtfcHJvdmlkZXIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBUF9BVVRI X0lOVEVSTkFMX1BFUl9DT05GKTsKKworCisKKyNlbHNlCisgIC8qCisgICAqIDIuMiBjb21wYXRp YmxlIHN0dWZmCisgICAqIGZyb20gPGh0dHBzOi8vaHR0cGQuYXBhY2hlLm9yZy9kb2NzLzIuNC9k ZXZlbG9wZXIvbmV3X2FwaV8yXzQuaHRtbD4sIGl0IGlzOgorICAgKiogREVQUkVDQVRFRCBkaXJl Y3QgdXNlIG9mIGFwX2hvb2tfYWNjZXNzX2NoZWNrZXIsIGFjY2Vzc19jaGVja2VyX2V4LCBhcF9o b29rX2NoZWNrX3VzZXJfaWQsIGFwX2hvb2tfYXV0aF9jaGVja2VyCisgICAqLwogICBzdGF0aWMg Y29uc3QgY2hhciAqIGNvbnN0IG1vZF9zc2xbXSA9IHsgIm1vZF9zc2wuYyIsIE5VTEwgfTsKCisg ICNpZiBVU0VfRk9SQ0VfQVVUSE4KKyAgYXBfaG9va19mb3JjZV9hdXRobihmb3JjZV9hdXRobiwg TlVMTCwgTlVMTCwgQVBSX0hPT0tfRklSU1QpOworICAjZW5kaWYKICAgYXBfaG9va19hY2Nlc3Nf Y2hlY2tlcihhY2Nlc3NfY2hlY2tlciwgTlVMTCwgTlVMTCwgQVBSX0hPT0tfTEFTVCk7CiAgIC8q IE91ciBjaGVja191c2VyX2lkIGhvb2sgbXVzdCBiZSBiZWZvcmUgYW55IG1vZHVsZSB3aGljaCB3 aWxsIHJldHVybgogICAgKiBIVFRQX1VOQVVUSE9SSVpFRCAobW9kX2F1dGhfYmFzaWMsIGV0Yy4p LCBidXQgYWZ0ZXIgbW9kX3NzbCwgdG8KICAgICogZ2l2ZSBTU0xPcHRpb25zICtGYWtlQmFzaWNB dXRoIGEgY2hhbmNlIHRvIHdvcmsuICovCiAgIGFwX2hvb2tfY2hlY2tfdXNlcl9pZChjaGVja191 c2VyX2lkLCBtb2Rfc3NsLCBOVUxMLCBBUFJfSE9PS19GSVJTVCk7CiAgIGFwX2hvb2tfYXV0aF9j aGVja2VyKGF1dGhfY2hlY2tlciwgTlVMTCwgTlVMTCwgQVBSX0hPT0tfRklSU1QpOwotI2lmIFVT RV9GT1JDRV9BVVRITgotICBhcF9ob29rX2ZvcmNlX2F1dGhuKGZvcmNlX2F1dGhuLCBOVUxMLCBO VUxMLCBBUFJfSE9PS19GSVJTVCk7CiAjZW5kaWYKKwogICBhcF9yZWdpc3Rlcl9wcm92aWRlcihw LAogICAgICAgICAgICAgICAgICAgICAgICBBVVRIWl9TVk5fX1NVQlJFUV9CWVBBU1NfUFJPVl9H UlAsCiAgICAgICAgICAgICAgICAgICAgICAgIEFVVEhaX1NWTl9fU1VCUkVRX0JZUEFTU19QUk9W X05BTUUsCiAgICAgICAgICAgICAgICAgICAgICAgIEFVVEhaX1NWTl9fU1VCUkVRX0JZUEFTU19Q Uk9WX1ZFUiwKICAgICAgICAgICAgICAgICAgICAgICAgKHZvaWQqKXN1YnJlcV9ieXBhc3MpOwor CisKIH0KCiBtb2R1bGUgQVBfTU9EVUxFX0RFQ0xBUkVfREFUQSBhdXRoel9zdm5fbW9kdWxlID0g Cgo= --=_mixed 003AD67AC125838B_=--