Path: csiph.com!news.mixmin.net!aioe.org!gothmog.csi.it!bofh.it!news.nic.it!robomod From: Markus Koschany Newsgroups: linux.debian.maint.java Subject: Re: Tomcat 6 security vulnerabilities in Wheezy Date: Sun, 21 Feb 2016 18:50:03 +0100 Message-ID: References: X-Original-To: "team@security.debian.org" X-Mailbox-Line: From debian-java-request@lists.debian.org Sun Feb 21 17:42:54 2016 Old-Return-Path: X-Amavis-Spam-Status: No, score=-11.88 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FOURLA=0.1, LDO_WHITELIST=-5, MURPHY_DRUGS_REL8=0.02, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate:hard: -5 X-Enigmail-Draft-Status: N1110 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.6.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Cw6C7cfnEO3iFqTjrTUevSIJch8M69ma2" X-Sa-Exim-Scanned: No (on richard.fcube.de); SAEximRunCond expanded to false X-Mailing-List: archive/latest/19221 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/56C9F70A.7050601@debian.org Approved: robomod@news.nic.it Lines: 296 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: "debian-java@lists.debian.org" X-Original-Date: Sun, 21 Feb 2016 18:42:34 +0100 X-Original-Message-ID: <56C9F70A.7050601@debian.org> X-Original-References: <56C5CB0C.8040400@debian.org> <56C5FAF0.80801@apache.org> <56C5FE41.9020603@debian.org> <20160218194601.GA2305@pisco.westfalen.local> Xref: csiph.com linux.debian.maint.java:8896 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Cw6C7cfnEO3iFqTjrTUevSIJch8M69ma2 Content-Type: multipart/mixed; boundary="------------000501080202020505070708" This is a multi-part message in MIME format. --------------000501080202020505070708 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Am 18.02.2016 um 20:46 schrieb Moritz M=C3=BChlenhoff: > On Thu, Feb 18, 2016 at 06:24:17PM +0100, Markus Koschany wrote: >> Am 18.02.2016 um 18:10 schrieb Emmanuel Bourg: >>> Le 18/02/2016 14:45, Markus Koschany a =C3=A9crit : >>> >>>> According to [1] Tomcat 6 in Wheezy is still affected by a couple of= >>>> security vulnerabilities that were already fixed in Squeeze-LTS and >>>> Jessie. Would it be sensible to apply the same changes (backporting = the >>>> 6.0.41 release to Wheezy too) or are there any reasons why this has = not >>>> been done before? Has anybody spoken with the Security Team about To= mcat >>>> security updates in general? Do they approve of backporting newer >>>> upstream releases? >>> >>> Hi Markus, >>> >>> I vaguely remember trying to backport the fixes and giving up due to = the >>> complexity. Also the lack of tests in Tomcat 6 makes this operation >>> rather risky. That's why the LTS Team decided to package a more recen= t >>> release in Squeeze. >>> >>> I don't know if the Security Team would accept a new upstream release= >>> for Wheezy. Since the LTS Team is probably going to upgrade the packa= ge >>> when they take over the maintenance in April we could ask the Securit= y >>> Team to do this upgrade earlier. >> >> I am in favor of this solution, especially because we haven't heard >> anything negative about this approach for Squeeze-LTS. If the Security= >> Team agrees I am going ahead and backport this release to Wheezy, test= >> the package and send the debdiff to them. >=20 > Ok, please go ahead. I have updated the package in Wheezy. It is basically the same one as in Squeeze-LTS with some minor changes. I didn't change the compat level for instance and did not add the versioned dependency on libtcnative-1. libtcnative >=3D 1.1.30 was backported to Squeeze but it appears that the= actual version 1.1.24 is already sufficient. tomcat6.cron.daily was also slightly changed in Squeeze-LTS but I decided to keep the Wheezy cron fil= e. So in short: I imported the new upstream release, applied new security patches and removed obsolete ones and documented the changes. I have attached the debdiff between the version in Squeeze-LTS and Wheezy. Regards, Markus --------------000501080202020505070708 Content-Type: text/plain; charset=UTF-8; name="tomcat6.debdiff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="tomcat6.debdiff" ZGlmZiAtTnJ1IHRvbWNhdDYtNi4wLjQxL2RlYmlhbi9jaGFuZ2Vsb2cgdG9tY2F0Ni02LjAu NDEvZGViaWFuL2NoYW5nZWxvZwotLS0gdG9tY2F0Ni02LjAuNDEvZGViaWFuL2NoYW5nZWxv ZwkyMDE1LTA1LTI4IDEwOjAzOjEwLjAwMDAwMDAwMCArMDIwMAorKysgdG9tY2F0Ni02LjAu NDEvZGViaWFuL2NoYW5nZWxvZwkyMDE2LTAyLTE5IDIyOjAxOjE2LjAwMDAwMDAwMCArMDEw MApAQCAtMSw5NyArMSw1MSBAQAotdG9tY2F0NiAoNi4wLjQxLTIrc3F1ZWV6ZTcpIHNxdWVl emUtbHRzOyB1cmdlbmN5PW1lZGl1bQordG9tY2F0NiAoNi4wLjQxLTN+ZGViN3UxKSB3aGVl enktc2VjdXJpdHk7IHVyZ2VuY3k9aGlnaAogCi0gICogU2VjdXJpdHkgdXBsb2FkIGJ5IHRo ZSBEZWJpYW4gTFRTIHRlYW0uCi0gICogVGhpcyB1cGxvYWQgZml4ZXMgdGhlIGZvbGxvd2lu ZyBpc3N1ZXM6Ci0gICAgLSBDVkUtMjAxNC0wMjI3OiBIVFRQIHJlcXVlc3Qgc211Z2dsaW5n IG9yIERvUyBieSBzdHJlYW1pbmcgbWFsZm9ybWVkIGRhdGEuCi0gICAgLSBDVkUtMjAxNC0w MjMwOiBub24tcGVyc2lzdGVudCBEb1MgYXR0YWNrIGJ5IGZlZWRpbmcgZGF0YSBhYm9ydGlu ZyBhbgotICAgICAgdXBsb2FkLgotICAgIC0gQ1ZFLTIwMTQtNzgxMDogc2VjdXJpdHkgbWFu YWdlciBieXBhc3MgYnkgdXNpbmcgZXhwcmVzc2lvbiBsYW5ndWFnZS4KLQotIC0tIFNhbnRp YWdvIFJ1YW5vIFJpbmPDs24gPHNhbnRpYWdvcnJAcmlzZXVwLm5ldD4gIFRodSwgMjggTWF5 IDIwMTUgMTA6MDI6MjcgKzAyMDAKLQotdG9tY2F0NiAoNi4wLjQxLTIrc3F1ZWV6ZTYpIHNx dWVlemUtbHRzOyB1cmdlbmN5PW1lZGl1bQotCi0gICogU2VjdXJpdHkgdXBsb2FkIGJ5IHRo ZSBEZWJpYW4gTFRTIHRlYW0uCi0gICogVGhpcyB1cGRhdGUgZml4ZXMgYSByZWdyZXNzaW9u OgotICAgIC0gRml4IGZvciAiTm9TdWNoRWxlbWVudEV4Y2VwdGlvbiB3aGVuIGFuIGF0dHJp YnV0ZSBoYXMgZW1wdHkgc3RyaW5nIGFzCi0gICAgICB2YWx1ZS4iIFJlcG9ydGVkIHVwc3Ry ZWFtIGFzCi0gICAgICBodHRwczovL2lzc3Vlcy5hcGFjaGUub3JnL2J1Z3ppbGxhL3Nob3df YnVnLmNnaT9pZD01NjU2MQotCi0gLS0gTWF0aGlldSBQYXJlbnQgPHNhdGhpZXVAZGViaWFu Lm9yZz4gIEZyaSwgMTYgSmFuIDIwMTUgMjE6MzQ6NDAgKzAxMDAKLQotdG9tY2F0NiAoNi4w LjQxLTIrc3F1ZWV6ZTUpIHNxdWVlemUtbHRzOyB1cmdlbmN5PW1lZGl1bQotCi0gICogU2Vj dXJpdHkgdXBsb2FkIGJ5IHRoZSBEZWJpYW4gTFRTIHRlYW0uCisgICogTm9uLW1haW50YWlu ZXIgdXBsb2FkLgogICAqIFRoZSBmdWxsIGxpc3Qgb2YgY2hhbmdlcyBiZXR3ZWVuIDYuMC4z NSAodGhlIHZlcnNpb24gcHJldmlvdXNseSBhdmFpbGFibGUKLSAgICBpbiBzcXVlZXplKSBh bmQgNi4wLjQxIGNhbiBiZSBzZWUgaW4gdGhlIHVwc3RyZWFtIGNoYW5nZWxvZywgd2hpY2gg aXMKKyAgICBpbiBXaGVlenkpIGFuZCA2LjAuNDEgY2FuIGJlIHNlZW4gaW4gdGhlIHVwc3Ry ZWFtIGNoYW5nZWxvZywgd2hpY2ggaXMKICAgICBhdmFpbGFibGUgb25saW5lIGF0IGh0dHA6 Ly90b21jYXQuYXBhY2hlLm9yZy90b21jYXQtNi4wLWRvYy9jaGFuZ2Vsb2cuaHRtbAogICAq IFRoaXMgdXBkYXRlIGZpeGVzIHRoZSBmb2xsb3dpbmcgc2VjdXJpdHkgaXNzdWVzOgogICAg IC0gQ1ZFLTIwMTQtMDAzMzogcHJldmVudCByZW1vdGUgYXR0YWNrZXJzIGZyb20gY29uZHVj dGluZyBzZXNzaW9uCiAgICAgICBmaXhhdGlvbiBhdHRhY2tzIHZpYSBjcmFmdGVkIFVSTHMu CisgICAgLSBDVkUtMjAxNC0wMTE5OiBGaXggbm90IHByb3Blcmx5IGNvbnN0cmFpbmluZyBj bGFzcyBsb2FkZXIgdGhhdCBhY2Nlc3NlcworICAgICAgdGhlIFhNTCBwYXJzZXIgdXNlZCB3 aXRoIGFuIFhTTFQgc3R5bGVzaGVldCB3aGljaCBhbGxvd2VkIHJlbW90ZQorICAgICAgYXR0 YWNrZXJzIHRvIHJlYWQgYXJiaXRyYXJ5IGZpbGVzIHZpYSBjcmFmdGVkIHdlYiBhcHBsaWNh dGlvbnMuCisgICAgLSBDVkUtMjAxNC0wMDk5OiBGaXggaW50ZWdlciBvdmVyZmxvdyBpbgor ICAgICAgamF2YS9vcmcvYXBhY2hlL3RvbWNhdC91dGlsL2J1Zi9Bc2NpaS5qYXZhLgorICAg IC0gQ1ZFLTIwMTQtMDA5NjogUHJvcGVybHkgcmVzdHJpY3QgWFNMVCBzdHlsZXNoZWV0cyB0 aGF0IGFsbG93ZWQgcmVtb3RlCisgICAgICBhdHRhY2tlcnMgdG8gYnlwYXNzIHNlY3VyaXR5 LW1hbmFnZXIgcmVzdHJpY3Rpb25zLgorICAgIC0gQ1ZFLTIwMTQtMDA3NTogRml4IGludGVn ZXIgb3ZlcmZsb3cgaW4gdGhlIHBhcnNlQ2h1bmtIZWFkZXIgZnVuY3Rpb24gaW4KKyAgICAg IGphdmEvb3JnL2FwYWNoZS9jb3lvdGUvaHR0cDExL2ZpbHRlcnMvQ2h1bmtlZElucHV0Rmls dGVyLmphdmEuCiAgICAgLSBDVkUtMjAxMy00NTkwOiBwcmV2ZW50ICJUb21jYXQgaW50ZXJu YWxzIiBpbmZvcm1hdGlvbiBsZWFrcy4KICAgICAtIENWRS0yMDEzLTQzMjI6IHByZXZlbnQg cmVtb3RlIGF0dGFja2VycyBmcm9tIGRvaW5nIGRlbmlhbCBvZiBzZXJ2aWNlCiAgICAgICBh dHRhY2tzLgogICAgIC0gQ1ZFLTIwMTMtNDI4NjogcmVqZWN0IHJlcXVlc3RzIHdpdGggbXVs dGlwbGUgY29udGVudC1sZW5ndGggaGVhZGVycyBvcgogICAgICAgd2l0aCBhIGNvbnRlbnQt bGVuZ3RoIGhlYWRlciB3aGVuIGNodW5rZWQgZW5jb2RpbmcgaXMgYmVpbmcgdXNlZC4KICAg ICAtIEF2b2lkIENWRS0yMDEzLTE1NzEgd2hlbiBnZW5lcmF0aW5nIEphdmFkb2MuCi0gICAg LSBDVkUtMjAxMi0zNDM5OiB2YXJpb3VzIGltcHJvdmVtZW50cyB0byB0aGUgRElHRVNUIGF1 dGhlbnRpY2F0b3IuCi0gICogVGhhbmtzIHRvIFRvbnkgTWFuY2lsbCBmb3IgZG9pbmcgdGhl IHZhc3QgYW1vdW50IG9mIHRoZSB3b3JrIGZvciB0aGlzCi0gICAgdXBkYXRlIQotICAqIERv d25ncmFkZSBkZWJpYW4vY29tcGF0IHRvIDggYW5kIHJlZHVjZSBidWlsZC1kZXBlbmRlbmN5 IGRvIGRlYmhlbHBlciA4Ci0gICAgdG8gbWF0Y2ggdGhlIHNxdWVlemUgc3F1ZWV6ZSB2ZXJz aW9uCi0KLSAtLSBIb2xnZXIgTGV2c2VuIDxob2xnZXJAZGViaWFuLm9yZz4gIEZyaSwgMjEg Tm92IDIwMTQgMjA6MDg6MzggKzAxMDAKLQotdG9tY2F0NiAoNi4wLjQxLTIpIHVuc3RhYmxl OyB1cmdlbmN5PW1lZGl1bQotCi0gIFsgRW1tYW51ZWwgQm91cmcgXQotICAqIFVwZGF0ZWQg dGhlIHZlcnNpb24gcmVxdWlyZWQgZm9yIGxpYnRjbmF0aXZlLTEgKD49IDEuMS4zMCkKLQot ICBbIHRvbnkgbWFuY2lsbCBdCi0gICogQWRkIHBhdGNoIGZvciBsb2dmaWxlIGNvbXByZXNz aW9uLiAoQ2xvc2VzOiAjNjgyOTU1KQotICAgIC0gVGhhbmsgeW91IHRvIFRoaWpzIEtpbmto b3JzdC4KLQotIC0tIHRvbnkgbWFuY2lsbCA8dG1hbmNpbGxAZGViaWFuLm9yZz4gIFN1biwg MjQgQXVnIDIwMTQgMTM6NTI6NDAgLTA3MDAKLQotdG9tY2F0NiAoNi4wLjQxLTEpIHVuc3Rh YmxlOyB1cmdlbmN5PW1lZGl1bQotCi0gICogTmV3IHVwc3RyZWFtIHJlbGVhc2UuCi0gICAg LSBSZWZyZXNoZWQgdGhlIHBhdGNoZXMKLQotIC0tIEVtbWFudWVsIEJvdXJnIDxlYm91cmdA YXBhY2hlLm9yZz4gIFRodSwgMjIgTWF5IDIwMTQgMTA6MDM6MDQgKzAyMDAKLQotdG9tY2F0 NiAoNi4wLjM5LTEpIHVuc3RhYmxlOyB1cmdlbmN5PW1lZGl1bQotCi0gICogVGVhbSB1cGxv YWQuCi0gICogTmV3IHVwc3RyZWFtIHJlbGVhc2UuCi0gICAgLSBSZWZyZXNoZWQgdGhlIHBh dGNoZXMKLSAgKiBTdGFuZGFyZHMtVmVyc2lvbiB1cGRhdGVkIHRvIDMuOS41IChubyBjaGFu Z2VzKQotICAqIFN3aXRjaCB0byBkZWJoZWxwZXIgbGV2ZWwgOQotICAqIFVzZSBYWiBjb21w cmVzc2lvbiBmb3IgdGhlIHVwc3RyZWFtIHRhcmJhbGwKLSAgKiBVc2UgY2Fub25pY2FsIFVS TCBmb3IgdGhlIFZjcy1HaXQgZmllbGQKLQotIC0tIEVtbWFudWVsIEJvdXJnIDxlYm91cmdA YXBhY2hlLm9yZz4gIE1vbiwgMTcgRmViIDIwMTQgMDA6MDI6MDAgKzAxMDAKLQotdG9tY2F0 NiAoNi4wLjM3LTEpIHVuc3RhYmxlOyB1cmdlbmN5PWxvdwotCi0gICogTmV3IHVwc3RyZWFt IHJlbGVhc2UuCi0gICAgLSBEcm9wIHBhdGNoZXMgZm9yIENWRS0yMDEyLTQ1MzQsIENWRS0y MDEyLTQ0MzEsIENWRS0yMDEyLTM1NDYsCi0gICAgICBDVkUtMjAxMi0yNzMzLCBDVkUtMjAx Mi0zNDM5Ci0gICAgLSBEcm9wIDAwMTEtQ1ZFLTAyMDEyLTAwMjItcmVncmVzc2lvbi1maXgu cGF0Y2gKLSAgICAtIERyb3AgMDAxNy1lY2xpcHNlLWNvbXBpbGVyLXVwZGF0ZS5wYXRjaAot ICAqIEZyZXNoZW5lZCByZW1haW5pbmcgcGF0Y2hlcy4KKyAgKiBDVkUtMjAxNC0wMjI3LnBh dGNoOgorICAgIC0gQWRkIGVycm9yIGZsYWcgdG8gYWxsb3cgc3Vic2VxdWVudCBhdHRlbXB0 cyBhdCByZWFkaW5nIGFmdGVyIGFuIGVycm9yIHRvCisgICAgICBmYWlsIGZhc3QuCisgICog Q1ZFLTIwMTQtMDIzMDogQWRkIHN1cHBvcnQgZm9yIG1heFN3YWxsb3dTaXplLgorICAqIENW RS0yMDE0LTc4MTA6CisgICAgLSBGaXggcG90ZW50aWFsIEJlYW5FTFJlc29sdmVyIGlzc3Vl IHdoZW4gcnVubmluZyB1bmRlciBhIHNlY3VyaXR5IG1hbmFnZXIuCisgICAgICBTb21lIGNs YXNzZXMgbWF5IG5vdCBiZSBhY2Nlc3NpYmxlIGJ1dCBtYXkgaGF2ZSBhY2Nlc3NpYmxlIGlu dGVyZmFjZXMuCisgICogRHJvcCB0aGUgZm9sbG93aW5nIHBhdGNoZXMuIEFwcGxpZWQgdXBz dHJlYW0uCisgICAgLSAwMDExLUNWRS0yMDEyLTAwMjItcmVncmVzc2lvbi1maXgucGF0Y2gK KyAgICAtIDAwMTItQ1ZFLTIwMTItMzU0NC5wYXRjaAorICAgIC0gMDAxNC1DVkUtMjAxMi00 NTM0LnBhdGNoCisgICAgLSAwMDE1LUNWRS0yMDEyLTQ0MzEucGF0Y2gKKyAgICAtIDAwMTYt Q1ZFLTIwMTItMzU0Ni5wYXRjaAorICAgIC0gMDAxNy1DVkUtMjAxMy0yMDY3LnBhdGNoCisg ICAgLSBjdmUtMjAxMi0yNzMzLnBhdGNoCisgICAgLSBjdmUtMjAxMi0zNDM5LnBhdGNoCiAK LSAtLSB0b255IG1hbmNpbGwgPHRtYW5jaWxsQGRlYmlhbi5vcmc+ICBTYXQsIDAzIEF1ZyAy MDEzIDIxOjUwOjIwIC0wNzAwCisgLS0gTWFya3VzIEtvc2NoYW55IDxhcG9AZGViaWFuLm9y Zz4gIEZyaSwgMTkgRmViIDIwMTYgMTk6NTI6NTggKzAxMDAKIAotdG9tY2F0NiAoNi4wLjM1 LTcpIHVuc3RhYmxlOyB1cmdlbmN5PWxvdwordG9tY2F0NiAoNi4wLjM1LTYrZGViN3UxKSBz dGFibGUtc2VjdXJpdHk7IHVyZ2VuY3k9bG93CiAKLSAgKiBUZWFtIHVwbG9hZC4KLSAgKiBG aXhlZCB0aGUgd2F0Y2ggZmlsZQotICAqIEZpeCBGVEJGUyB3aXRoIGVjaiAzLjggKGNsb3Nl czogIzcxNzI3OSwgIzcxMzc5NikgCi0gICogVXBkYXRlZCB0aGUgc3RhbmRhcmRzIHZlcnNp b24gdG8gMy45LjQgLSBubyBjaGFuZ2VzCi0gICogVXBkYXRlZCB0aGUgVmNzLUdpdCBmaWVs ZCB0byB0aGUgY2Fub25pY2FsIHVybAorICAqIENWRS0yMDEyLTM1NDQsIENWRS0yMDEzLTIw NjcKIAotIC0tIFN0ZXBoZW4gTmVsc29uIDxzdGVwaGVuQGVjY29zdHVkaW8uY29tPiAgVHVl LCAzMCBKdWwgMjAxMyAyMzowNzoxOCArMDEwMAorIC0tIE1vcml0eiBNw7xobGVuaG9mZiA8 am1tQGRlYmlhbi5vcmc+ICBUaHUsIDE4IEp1bCAyMDEzIDAwOjAwOjM1ICswMjAwCiAKIHRv bWNhdDYgKDYuMC4zNS02KSB1bnN0YWJsZTsgdXJnZW5jeT1oaWdoCiAKZGlmZiAtTnJ1IHRv bWNhdDYtNi4wLjQxL2RlYmlhbi9jb21wYXQgdG9tY2F0Ni02LjAuNDEvZGViaWFuL2NvbXBh dAotLS0gdG9tY2F0Ni02LjAuNDEvZGViaWFuL2NvbXBhdAkyMDE1LTA1LTIyIDExOjA3OjEz LjAwMDAwMDAwMCArMDIwMAorKysgdG9tY2F0Ni02LjAuNDEvZGViaWFuL2NvbXBhdAkyMDE2 LTAyLTE5IDIyOjAxOjE2LjAwMDAwMDAwMCArMDEwMApAQCAtMSArMSBAQAotOAorNwpkaWZm IC1OcnUgdG9tY2F0Ni02LjAuNDEvZGViaWFuL2NvbnRyb2wgdG9tY2F0Ni02LjAuNDEvZGVi aWFuL2NvbnRyb2wKLS0tIHRvbWNhdDYtNi4wLjQxL2RlYmlhbi9jb250cm9sCTIwMTUtMDUt MjIgMTE6MDc6MzMuMDAwMDAwMDAwICswMjAwCisrKyB0b21jYXQ2LTYuMC40MS9kZWJpYW4v Y29udHJvbAkyMDE2LTAyLTE5IDIyOjAxOjE2LjAwMDAwMDAwMCArMDEwMApAQCAtNiwxNCAr NiwxMyBAQAogIEx1ZG92aWMgQ2xhdWRlIDxsdWRvdmljLmNsYXVkZUBsYXBvc3RlLm5ldD4s CiAgRGFtaWVuIFJhdWRlLU1vcnZhbiA8ZHJhenppYkBkZWJpYW4ub3JnPiwKICBNaWd1ZWwg TGFuZGFldGEgPG1pZ3VlbEBtaWd1ZWwuY2M+LAotIHRvbnkgbWFuY2lsbCA8dG1hbmNpbGxA ZGViaWFuLm9yZz4sCi0gRW1tYW51ZWwgQm91cmcgPGVib3VyZ0BhcGFjaGUub3JnPgotQnVp bGQtRGVwZW5kczogZGVmYXVsdC1qZGssIGFudC1vcHRpb25hbCwgZGViaGVscGVyICg+PSA4 KSwgcG8tZGViY29uZgorIHRvbnkgbWFuY2lsbCA8dG1hbmNpbGxAZGViaWFuLm9yZz4KK0J1 aWxkLURlcGVuZHM6IGRlZmF1bHQtamRrLCBhbnQtb3B0aW9uYWwsIGRlYmhlbHBlciAoPj0g NyksIHBvLWRlYmNvbmYKIEJ1aWxkLURlcGVuZHMtSW5kZXA6IG1hdmVuLXJlcG8taGVscGVy ICg+PiAxLjAuMSksIGxpYmVjai1qYXZhCi1TdGFuZGFyZHMtVmVyc2lvbjogMy45LjUKLVZj cy1HaXQ6IGdpdDovL2Fub25zY20uZGViaWFuLm9yZy9wa2ctamF2YS90b21jYXQ2LmdpdAot VmNzLUJyb3dzZXI6IGh0dHA6Ly9hbm9uc2NtLmRlYmlhbi5vcmcvZ2l0d2ViLz9wPXBrZy1q YXZhL3RvbWNhdDYuZ2l0CitTdGFuZGFyZHMtVmVyc2lvbjogMy45LjMKIEhvbWVwYWdlOiBo dHRwOi8vdG9tY2F0LmFwYWNoZS5vcmcKK1Zjcy1HaXQ6IGdpdDovL2dpdC5kZWJpYW4ub3Jn L2dpdC9wa2ctamF2YS90b21jYXQ2LmdpdAorVmNzLUJyb3dzZXI6IGh0dHA6Ly9hbm9uc2Nt LmRlYmlhbi5vcmcvZ2l0d2ViLz9wPXBrZy1qYXZhL3RvbWNhdDYuZ2l0CiAKIFBhY2thZ2U6 IHRvbWNhdDYtY29tbW9uCiBBcmNoaXRlY3R1cmU6IGFsbApAQCAtMzYsNyArMzUsNyBAQAog IHRvbWNhdDYtYWRtaW4gKD49ICR7c291cmNlOlZlcnNpb259KSwKICB0b21jYXQ2LWV4YW1w bGVzICg+PSAke3NvdXJjZTpWZXJzaW9ufSksCiAgdG9tY2F0Ni11c2VyICg+PSAke3NvdXJj ZTpWZXJzaW9ufSksCi0gbGlidGNuYXRpdmUtMSAoPj0gMS4xLjMwKQorIGxpYnRjbmF0aXZl LTEKIERlc2NyaXB0aW9uOiBTZXJ2bGV0IGFuZCBKU1AgZW5naW5lCiAgQXBhY2hlIFRvbWNh dCBpbXBsZW1lbnRzIHRoZSBKYXZhIFNlcnZsZXQgYW5kIHRoZSBKYXZhU2VydmVyIFBhZ2Vz IChKU1ApCiAgc3BlY2lmaWNhdGlvbnMgZnJvbSBTdW4gTWljcm9zeXN0ZW1zLCBhbmQgcHJv dmlkZXMgYSAicHVyZSBKYXZhIiBIVFRQIHdlYgpkaWZmIC1OcnUgdG9tY2F0Ni02LjAuNDEv ZGViaWFuL2NvcHlyaWdodCB0b21jYXQ2LTYuMC40MS9kZWJpYW4vY29weXJpZ2h0Ci0tLSB0 b21jYXQ2LTYuMC40MS9kZWJpYW4vY29weXJpZ2h0CTIwMTUtMDUtMjIgMTE6MDg6MTEuMDAw MDAwMDAwICswMjAwCisrKyB0b21jYXQ2LTYuMC40MS9kZWJpYW4vY29weXJpZ2h0CTIwMTYt MDItMTkgMjI6MDE6MTYuMDAwMDAwMDAwICswMTAwCkBAIC05LDcgKzksNyBAQAogSXQgd2Fz IGRvd25sb2FkZWQgZnJvbSBodHRwOi8vdG9tY2F0LmFwYWNoZS5vcmcKIAogQ29weXJpZ2h0 OiAKLSAgQ29weXJpZ2h0IChDKSAyMDAwLTIwMTQsIFRoZSBBcGFjaGUgU29mdHdhcmUgRm91 bmRhdGlvbi4KKyAgQ29weXJpZ2h0IChDKSAyMDAwLTIwMDcgQXBhY2hlIFNvZnR3YXJlIEZv dW5kYXRpb24uCiAgIENvcHlyaWdodCAoQykgSW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNo aW5lcyBDb3Jwb3JhdGlvbiAyMDAyCiAKIEF1dGhvcnM6CmRpZmYgLU5ydSB0b21jYXQ2LTYu MC40MS9kZWJpYW4vZGVmYXVsdHMudGVtcGxhdGUgdG9tY2F0Ni02LjAuNDEvZGViaWFuL2Rl ZmF1bHRzLnRlbXBsYXRlCi0tLSB0b21jYXQ2LTYuMC40MS9kZWJpYW4vZGVmYXVsdHMudGVt cGxhdGUJMjAxNS0wNS0yMiAxMTowODowNi4wMDAwMDAwMDAgKzAyMDAKKysrIHRvbWNhdDYt Ni4wLjQxL2RlYmlhbi9kZWZhdWx0cy50ZW1wbGF0ZQkyMDE2LTAyLTE5IDIyOjAxOjE2LjAw MDAwMDAwMCArMDEwMApAQCAtMzMsOCArMzMsNiBAQAogCiAjIE51bWJlciBvZiBkYXlzIHRv IGtlZXAgbG9nZmlsZXMgaW4gL3Zhci9sb2cvdG9tY2F0Ni4gRGVmYXVsdCBpcyAxNCBkYXlz LgogI0xPR0ZJTEVfREFZUz0xNAotIyBXaGV0aGVyIHRvIGNvbXByZXNzIGxvZ2ZpbGVzIG9s ZGVyIHRoYW4gdG9kYXkncwotI0xPR0ZJTEVfQ09NUFJFU1M9MQogCiAjIExvY2F0aW9uIG9m IHRoZSBKVk0gdGVtcG9yYXJ5IGRpcmVjdG9yeQogIyBXQVJOSU5HOiBUaGlzIGRpcmVjdG9y eSB3aWxsIGJlIGRlc3Ryb3llZCBhbmQgcmVjcmVhdGVkIGF0IGV2ZXJ5IHN0YXJ0dXAgIQpk aWZmIC1OcnUgdG9tY2F0Ni02LjAuNDEvZGViaWFuL29yaWctdGFyLnNoIHRvbWNhdDYtNi4w LjQxL2RlYmlhbi9vcmlnLXRhci5zaAotLS0gdG9tY2F0Ni02LjAuNDEvZGViaWFuL29yaWct dGFyLnNoCTIwMTUtMDUtMjIgMTA6NTc6MTMuMDAwMDAwMDAwICswMjAwCisrKyB0b21jYXQ2 LTYuMC40MS9kZWJpYW4vb3JpZy10YXIuc2gJMjAxNi0wMi0xOSAyMjowMToxNi4wMDAwMDAw MDAgKzAxMDAKQEAgLTEsMTIgKzEsMTIgQEAKICMhL2Jpbi9zaCAtZQogCiBWRVJTSU9OPSQy Ci1UQVI9Li4vdG9tY2F0Nl8kVkVSU0lPTi5vcmlnLnRhci54egorVEFSPS4uL3RvbWNhdDZf JFZFUlNJT04ub3JpZy50YXIuZ3oKIERJUj10b21jYXQ2LSRWRVJTSU9OCiBUQUc9JChlY2hv IFRPTUNBVF8kVkVSU0lPTiB8IHNlZCAtZSAncy9cLi9fL2cnKQogCiBzdm4gZXhwb3J0IGh0 dHA6Ly9zdm4uYXBhY2hlLm9yZy9yZXBvcy9hc2YvdG9tY2F0L3RjNi4wLngvdGFncy8kVEFH ICRESVIKLXRhciAtYyAtSiAtZiAkVEFSIC0tZXhjbHVkZSAnc3RhbmRhcmQuamFyJyAtLWV4 Y2x1ZGUgJ2pzdGwuamFyJyAkRElSCit0YXIgLWMgLXogLWYgJFRBUiAtLWV4Y2x1ZGUgJ3N0 YW5kYXJkLmphcicgLS1leGNsdWRlICdqc3RsLmphcicgJERJUgogcm0gLXJmICRESVIgLi4v JFRBRwogCiAjIG1vdmUgdG8gZGlyZWN0b3J5ICd0YXJiYWxscycKZGlmZiAtTnJ1IHRvbWNh dDYtNi4wLjQxL2RlYmlhbi90b21jYXQ2LmNyb24uZGFpbHkgdG9tY2F0Ni02LjAuNDEvZGVi aWFuL3RvbWNhdDYuY3Jvbi5kYWlseQotLS0gdG9tY2F0Ni02LjAuNDEvZGViaWFuL3RvbWNh dDYuY3Jvbi5kYWlseQkyMDE1LTA1LTIyIDExOjA4OjEwLjAwMDAwMDAwMCArMDIwMAorKysg dG9tY2F0Ni02LjAuNDEvZGViaWFuL3RvbWNhdDYuY3Jvbi5kYWlseQkyMDE2LTAyLTE5IDIy OjAxOjE2LjAwMDAwMDAwMCArMDEwMApAQCAtMiwxNCArMiwxMSBAQAogCiBOQU1FPXRvbWNh dDYKIERFRkFVTFQ9L2V0Yy9kZWZhdWx0LyROQU1FCi1MT0dFWFQ9bG9nCiAKICMgVGhlIGZv bGxvd2luZyB2YXJpYWJsZXMgY2FuIGJlIG92ZXJ3cml0dGVuIGluICRERUZBVUxUCiAKICMg RGVmYXVsdCBmb3IgbnVtYmVyIG9mIGRheXMgdG8ga2VlcCBvbGQgbG9nIGZpbGVzIGluIC92 YXIvbG9nL3RvbWNhdE4vCiBMT0dGSUxFX0RBWVM9MTQKLSMgV2hldGhlciB0byBjb21wcmVz cyBsb2dmaWxlcyBvbGRlciB0aGFuIHRvZGF5J3MKLUxPR0ZJTEVfQ09NUFJFU1M9MQogCiAj IEVuZCBvZiB2YXJpYWJsZXMgdGhhdCBjYW4gYmUgb3ZlcndyaXR0ZW4gaW4gJERFRkFVTFQK IApAQCAtMTksMTIgKzE2LDYgQEAKIGZpCiAKIGlmIFsgLWQgL3Zhci9sb2cvJE5BTUUgXTsg dGhlbgotCWlmIFsgJExPR0ZJTEVfQ09NUFJFU1MgPSAxIF07IHRoZW4KLQkJZmluZCAvdmFy L2xvZy8kTkFNRS8gLW5hbWUgXCouJExPR0VYVCAtZGF5c3RhcnQgLW10aW1lICswIC1wcmlu dDAgXAotCQkJfCB4YXJncyAtLW5vLXJ1bi1pZi1lbXB0eSAtMCBnemlwIC05Ci0JCUxPR0VY VD1sb2cuZ3oKLQlmaQotCi0JZmluZCAvdmFyL2xvZy8kTkFNRS8gLW5hbWUgXCouJExPR0VY VCAtbXRpbWUgKyRMT0dGSUxFX0RBWVMgLXByaW50MCBcCisJZmluZCAvdmFyL2xvZy8kTkFN RS8gLW5hbWUgXCoubG9nIC1tdGltZSArJExPR0ZJTEVfREFZUyAtcHJpbnQwIFwKIAkJfCB4 YXJncyAtLW5vLXJ1bi1pZi1lbXB0eSAtMCBybSAtLQogZmkK --------------000501080202020505070708-- --Cw6C7cfnEO3iFqTjrTUevSIJch8M69ma2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJWyfcKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HklQsP/2zY1hzBa7tlbx3JHkBJyuZy /kgOwcOPraZZZsrp5hmoSCuoCqcdZc3xfPWU01F4i1Uns+jmLaC8DLpstePgU4Xo p5upjdgZpTJYkYqokV1FIXpfCtrDfkmZsmiWcS64jRQ6yX/Af0aIj6CAUo9BdXIS 6vp7d8lamUXbTw7MBoRH2d27xIumJussB4JVuvHWpcYyoNcuN4CcWTFaI/5L/Rs9 EkSFvncoBlwbmQxljLpiCE7Odq+0CNFzm+mMLZ0aGJge3/oTWUXIkcrWow3zkJQs KOdzfkBu3P09SHGNGUuNZHtFcNNG1oOxL7/kE/25r0TyWHL/LvrDoVWSANvAkmBt Tz0IYKElgYoO4nkjt5kD7j4uynFx9LWS4RnOWsUng7y/Y7G4jhouTHA9J5QrLvZn MSTZ1bPZ6MPjcpdVE6t3uGMVO/9Nth1pIVE3WOZtDRZqEmS0BEILu0ytKkqN91Nd lGZiyiaD/D2ZMc+T/jpD6Ys/kbsGL7a9Z2YfEmO7TU0CnM1dtfTqJq19yjTHktxB HQKqH9BwYf23CcmUrttgMprUMxuf6Jcn5A75GKwcEZt7JnXSLpHVZkRNqip2WCNw d+i70ihPLd5oYhzdyaB8zvtA9AWvDlqtmK/N/B4jWgS5N9V78qdaA26KpK7q2lbP lSXnIGSYU+4sFcBszNbx =RqRJ -----END PGP SIGNATURE----- --Cw6C7cfnEO3iFqTjrTUevSIJch8M69ma2--