From shawn at redhat.com Thu Aug 20 11:37:11 2015 Content-Type: multipart/mixed; boundary="===============7641567349522903848==" MIME-Version: 1.0 From: Shawn Wells To: scap-security-guide at lists.fedorahosted.org Subject: Re: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHEL/7] Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 specific check to be shared one Date: Fri, 30 May 2014 22:15:08 -0400 Message-ID: <53893B2C.9060907@redhat.com> In-Reply-To: 1811709082.22871970.1401448586318.JavaMail.zimbra@redhat.com --===============7641567349522903848== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 5/30/14, 7:16 AM, Jan Lieskovsky wrote: > Proposed patch adds (previously missing) package_rsh_removed XCCDF refere= nce to > already existing OVAL check with same name. Also defines the same XCCDF r= ule for > RHEL-7. Yet moves the original RHEL-6 specific package_rsh_removed OVAL c= heck to > be shared one. > > Change has been tested on RHEL/6 & RHEL/7, rpms build correctly, underlyi= ng rule > seems to work as expected (on both products). > > Please review. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > 0001-RHEL-6-Start-using-package_rsh_removed-OVAL-check.patch > > > From d83bf8ee28da32bdf93af66cb2a9e578ddcbd889 Mon Sep 17 00:00:00 2001 > From: Jan Lieskovsky > Date: Fri, 30 May 2014 13:07:42 +0200 > Subject: [PATCH] [RHEL/6] Start using package_rsh_removed OVAL check [RHE= L/7] > Define new XCCDF rule package_rsh_removed [shared] Move the RHEL-6 spec= ific > check to be shared one > > Signed-off-by: Jan Lieskovsky > --- > RHEL/6/input/checks/package_rsh_removed.xml | 27 +---------------------= ----- > RHEL/6/input/services/obsolete.xml | 4 +++- > RHEL/7/input/checks/package_rsh_removed.xml | 1 + > RHEL/7/input/services/obsolete.xml | 17 +++++++++++++++++ > shared/oval/package_rsh_removed.xml | 27 ++++++++++++++++++++++= +++++ > 5 files changed, 49 insertions(+), 27 deletions(-) > mode change 100644 =3D> 120000 RHEL/6/input/checks/package_rsh_removed.= xml > create mode 120000 RHEL/7/input/checks/package_rsh_removed.xml > create mode 100644 shared/oval/package_rsh_removed.xml > > diff --git a/RHEL/6/input/checks/package_rsh_removed.xml b/RHEL/6/input/c= hecks/package_rsh_removed.xml > deleted file mode 100644 > index 11ae275..0000000 > --- a/RHEL/6/input/checks/package_rsh_removed.xml > +++ /dev/null > @@ -1,26 +0,0 @@ > - > - > - - version=3D"1"> > - > - Package rsh Removed > - > - Red Hat Enterprise Linux 6 > - > - The RPM package rsh should be removed. > - > - > - > - - test_ref=3D"test_package_rsh_removed" /> > - > - > - - id=3D"test_package_rsh_removed" version=3D"1" > - comment=3D"package rsh is removed"> > - > - > - > - rsh > - > - > diff --git a/RHEL/6/input/checks/package_rsh_removed.xml b/RHEL/6/input/c= hecks/package_rsh_removed.xml > new file mode 120000 > index 0000000..3b94a20 > --- /dev/null > +++ b/RHEL/6/input/checks/package_rsh_removed.xml > @@ -0,0 +1 @@ > +../../../../shared/oval/package_rsh_removed.xml > \ No newline at end of file > diff --git a/RHEL/6/input/services/obsolete.xml b/RHEL/6/input/services/o= bsolete.xml > index ee980d4..c2e5b15 100644 > --- a/RHEL/6/input/services/obsolete.xml > +++ b/RHEL/6/input/services/obsolete.xml > @@ -186,7 +186,7 @@ stolen by eavesdroppers on the network. > > = > > -Remove rsh > +Uninstal rsh Package > The rsh package contains the client commands > for the rsh services > > @@ -198,6 +198,8 @@ their credentials. Note that removing the rsh package removes > the clients for rsh,rcp, and rlogin. > > > + > + > > = > > diff --git a/RHEL/7/input/checks/package_rsh_removed.xml b/RHEL/7/input/c= hecks/package_rsh_removed.xml > new file mode 120000 > index 0000000..3b94a20 > --- /dev/null > +++ b/RHEL/7/input/checks/package_rsh_removed.xml > @@ -0,0 +1 @@ > +../../../../shared/oval/package_rsh_removed.xml > \ No newline at end of file > diff --git a/RHEL/7/input/services/obsolete.xml b/RHEL/7/input/services/o= bsolete.xml > index 84ced10..888162d 100644 > --- a/RHEL/7/input/services/obsolete.xml > +++ b/RHEL/7/input/services/obsolete.xml > @@ -170,6 +170,23 @@ stolen by eavesdroppers on the network. > > > = > + > +Uninstal rsh Package > +The rsh package contains the client commands > +for the rsh services > + > +These legacy clients contain numerous security exposures and = have > +been replaced with the more secure SSH package. Even if the server is re= moved, > +it is best to ensure the clients are also removed to prevent users from > +inadvertently attempting to use these commands and therefore exposing > +their credentials. Note that removing the rsh package removes > +the clients for rsh,rcp, and rlogin. > + > + > + > + > + > + > > Disable rlogin Service > The rlogin service, which is available with > diff --git a/shared/oval/package_rsh_removed.xml b/shared/oval/package_rs= h_removed.xml > new file mode 100644 > index 0000000..9f739ef > --- /dev/null > +++ b/shared/oval/package_rsh_removed.xml > @@ -0,0 +1,27 @@ > + > + > + + version=3D"1"> > + > + Package rsh Removed > + > + Red Hat Enterprise Linux 6 > + Red Hat Enterprise Linux 7 > + > + The RPM package rsh should be removed. > + > + > + > + + test_ref=3D"test_package_rsh_removed" /> > + > + > + + id=3D"test_package_rsh_removed" version=3D"1" > + comment=3D"package rsh is removed"> > + > + > + > + rsh > + > + > -- 1.8.3.1 ack --===============7641567349522903848== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRG LTgiIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSI+CiAgPC9oZWFkPgogIDxib2R5IGJnY29sb3I9 IiNGRkZGRkYiIHRleHQ9IiMwMDAwMDAiPgogICAgPGJyPgogICAgPGRpdiBjbGFzcz0ibW96LWNp dGUtcHJlZml4Ij5PbiA1LzMwLzE0LCA3OjE2IEFNLCBKYW4gTGllc2tvdnNreQogICAgICB3cm90 ZTo8YnI+CiAgICA8L2Rpdj4KICAgIDxibG9ja3F1b3RlCiAgICAgIGNpdGU9Im1pZDoxODExNzA5 MDgyLjIyODcxOTcwLjE0MDE0NDg1ODYzMTguSmF2YU1haWwuemltYnJhQHJlZGhhdC5jb20iCiAg ICAgIHR5cGU9ImNpdGUiPgogICAgICA8ZGl2IGNsYXNzPSJtb3otdGV4dC1wbGFpbiIgd3JhcD0i dHJ1ZSIgZ3JhcGhpY2FsLXF1b3RlPSJ0cnVlIgogICAgICAgIHN0eWxlPSJmb250LWZhbWlseTog LW1vei1maXhlZDsgZm9udC1zaXplOiAxMnB4OyIKICAgICAgICBsYW5nPSJ4LXVuaWNvZGUiPgog ICAgICAgIDxwcmUgd3JhcD0iIj5Qcm9wb3NlZCBwYXRjaCBhZGRzIChwcmV2aW91c2x5IG1pc3Np bmcpIHBhY2thZ2VfcnNoX3JlbW92ZWQgWENDREYgcmVmZXJlbmNlIHRvCmFscmVhZHkgZXhpc3Rp bmcgT1ZBTCBjaGVjayB3aXRoIHNhbWUgbmFtZS4gQWxzbyBkZWZpbmVzIHRoZSBzYW1lIFhDQ0RG IHJ1bGUgZm9yClJIRUwtNy4gWWV0IG1vdmVzIHRoZSBvcmlnaW5hbCBSSEVMLTYgc3BlY2lmaWMg cGFja2FnZV9yc2hfcmVtb3ZlZCBPVkFMIGNoZWNrIHRvCmJlIHNoYXJlZCBvbmUuCgpDaGFuZ2Ug aGFzIGJlZW4gdGVzdGVkIG9uIFJIRUwvNiAmYW1wOyBSSEVMLzcsIHJwbXMgYnVpbGQgY29ycmVj dGx5LCB1bmRlcmx5aW5nIHJ1bGUKc2VlbXMgdG8gd29yayBhcyBleHBlY3RlZCAob24gYm90aCBw cm9kdWN0cykuCgpQbGVhc2UgcmV2aWV3LgoKVGhhbmsgeW91ICZhbXA7JmFtcDsgUmVnYXJkcywg SmFuLgotLQpKYW4gaWFua2tvIExpZXNrb3Zza3kgLyBSZWQgSGF0IFNlY3VyaXR5IFRlY2hub2xv Z2llcyBUZWFtCjwvcHJlPgogICAgICA8L2Rpdj4KICAgICAgPGJyPgogICAgICA8ZmllbGRzZXQg Y2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyIj48bGVnZW5kCiAgICAgICAgICBjbGFzcz0ibWlt ZUF0dGFjaG1lbnRIZWFkZXJOYW1lIj4wMDAxLVJIRUwtNi1TdGFydC11c2luZy1wYWNrYWdlX3Jz aF9yZW1vdmVkLU9WQUwtY2hlY2sucGF0Y2g8L2xlZ2VuZD48L2ZpZWxkc2V0PgogICAgICA8YnI+ CiAgICAgIDxkaXYgY2xhc3M9Im1vei10ZXh0LXBsYWluIiB3cmFwPSJ0cnVlIiBncmFwaGljYWwt cXVvdGU9InRydWUiCiAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5OiAtbW96LWZpeGVkOyBmb250 LXNpemU6IDEycHg7IgogICAgICAgIGxhbmc9Ingtd2VzdGVybiI+CiAgICAgICAgPHByZSB3cmFw PSIiPkZyb20gZDgzYmY4ZWUyOGRhMzJiZGY5M2FmNjZjYjJhOWU1NzhkZGNiZDg4OSBNb24gU2Vw IDE3IDAwOjAwOjAwIDIwMDEKRnJvbTogSmFuIExpZXNrb3Zza3kgPGEgbW96LWRvLW5vdC1zZW5k PSJ0cnVlIiBjbGFzcz0ibW96LXR4dC1saW5rLXJmYzIzOTZFIiBocmVmPSJtYWlsdG86amxpZXNr b3ZAcmVkaGF0LmNvbSI+Jmx0O2psaWVza292QHJlZGhhdC5jb20mZ3Q7PC9hPgpEYXRlOiBGcmks IDMwIE1heSAyMDE0IDEzOjA3OjQyICswMjAwClN1YmplY3Q6IFtQQVRDSF0gW1JIRUwvNl0gU3Rh cnQgdXNpbmcgcGFja2FnZV9yc2hfcmVtb3ZlZCBPVkFMIGNoZWNrIFtSSEVMLzddCiBEZWZpbmUg bmV3IFhDQ0RGIHJ1bGUgcGFja2FnZV9yc2hfcmVtb3ZlZCBbc2hhcmVkXSBNb3ZlIHRoZSBSSEVM LTYgc3BlY2lmaWMKIGNoZWNrIHRvIGJlIHNoYXJlZCBvbmUKClNpZ25lZC1vZmYtYnk6IEphbiBM aWVza292c2t5IDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgY2xhc3M9Im1vei10eHQtbGluay1y ZmMyMzk2RSIgaHJlZj0ibWFpbHRvOmpsaWVza292QHJlZGhhdC5jb20iPiZsdDtqbGllc2tvdkBy ZWRoYXQuY29tJmd0OzwvYT4KLS0tCiBSSEVMLzYvaW5wdXQvY2hlY2tzL3BhY2thZ2VfcnNoX3Jl bW92ZWQueG1sIHwgMjcgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiBSSEVMLzYvaW5wdXQv c2VydmljZXMvb2Jzb2xldGUueG1sICAgICAgICAgIHwgIDQgKysrLQogUkhFTC83L2lucHV0L2No ZWNrcy9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbCB8ICAxICsKIFJIRUwvNy9pbnB1dC9zZXJ2aWNl cy9vYnNvbGV0ZS54bWwgICAgICAgICAgfCAxNyArKysrKysrKysrKysrKysrKwogc2hhcmVkL292 YWwvcGFja2FnZV9yc2hfcmVtb3ZlZC54bWwgICAgICAgICB8IDI3ICsrKysrKysrKysrKysrKysr KysrKysrKysrKwogNSBmaWxlcyBjaGFuZ2VkLCA0OSBpbnNlcnRpb25zKCspLCAyNyBkZWxldGlv bnMoLSkKIG1vZGUgY2hhbmdlIDEwMDY0NCA9Jmd0OyAxMjAwMDAgUkhFTC82L2lucHV0L2NoZWNr cy9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbAogY3JlYXRlIG1vZGUgMTIwMDAwIFJIRUwvNy9pbnB1 dC9jaGVja3MvcGFja2FnZV9yc2hfcmVtb3ZlZC54bWwKIGNyZWF0ZSBtb2RlIDEwMDY0NCBzaGFy ZWQvb3ZhbC9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbAoKZGlmZiAtLWdpdCBhL1JIRUwvNi9pbnB1 dC9jaGVja3MvcGFja2FnZV9yc2hfcmVtb3ZlZC54bWwgYi9SSEVMLzYvaW5wdXQvY2hlY2tzL3Bh Y2thZ2VfcnNoX3JlbW92ZWQueG1sCmRlbGV0ZWQgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAxMWFl Mjc1Li4wMDAwMDAwCi0tLSBhL1JIRUwvNi9pbnB1dC9jaGVja3MvcGFja2FnZV9yc2hfcmVtb3Zl ZC54bWwKKysrIC9kZXYvbnVsbApAQCAtMSwyNiArMCwwIEBACi0mbHQ7ZGVmLWdyb3VwJmd0Owot ICZsdDshLS0gVEhJUyBGSUxFIElTIEdFTkVSQVRFRCBieSBjcmVhdGVfcGFja2FnZV9yZW1vdmVk LnB5LiAgRE8gTk9UIEVESVQuICAtLSZndDsKLSAgJmx0O2RlZmluaXRpb24gY2xhc3M9ImNvbXBs aWFuY2UiIGlkPSJwYWNrYWdlX3JzaF9yZW1vdmVkIgotICB2ZXJzaW9uPSIxIiZndDsKLSAgICAm bHQ7bWV0YWRhdGEmZ3Q7Ci0gICAgICAmbHQ7dGl0bGUmZ3Q7UGFja2FnZSByc2ggUmVtb3ZlZCZs dDsvdGl0bGUmZ3Q7Ci0gICAgICAmbHQ7YWZmZWN0ZWQgZmFtaWx5PSJ1bml4IiZndDsKLSAgICAg ICAgJmx0O3BsYXRmb3JtJmd0O1JlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCA2Jmx0Oy9wbGF0Zm9y bSZndDsKLSAgICAgICZsdDsvYWZmZWN0ZWQmZ3Q7Ci0gICAgICAmbHQ7ZGVzY3JpcHRpb24mZ3Q7 VGhlIFJQTSBwYWNrYWdlIHJzaCBzaG91bGQgYmUgcmVtb3ZlZC4mbHQ7L2Rlc2NyaXB0aW9uJmd0 OwotICAgICAgJmx0O3JlZmVyZW5jZSBzb3VyY2U9InN3ZWxscyIgcmVmX2lkPSIyMDEzMDgyOSIg cmVmX3VybD0idGVzdF9hdHRlc3RhdGlvbiIvJmd0OwotICAgICZsdDsvbWV0YWRhdGEmZ3Q7Ci0g ICAgJmx0O2NyaXRlcmlhJmd0OwotICAgICAgJmx0O2NyaXRlcmlvbiBjb21tZW50PSJwYWNrYWdl IHJzaCBpcyByZW1vdmVkIgotICAgICAgdGVzdF9yZWY9InRlc3RfcGFja2FnZV9yc2hfcmVtb3Zl ZCIgLyZndDsKLSAgICAmbHQ7L2NyaXRlcmlhJmd0OwotICAmbHQ7L2RlZmluaXRpb24mZ3Q7Ci0g ICZsdDtsaW51eDpycG1pbmZvX3Rlc3QgY2hlY2s9ImFsbCIgY2hlY2tfZXhpc3RlbmNlPSJub25l X2V4aXN0IgotICBpZD0idGVzdF9wYWNrYWdlX3JzaF9yZW1vdmVkIiB2ZXJzaW9uPSIxIgotICBj b21tZW50PSJwYWNrYWdlIHJzaCBpcyByZW1vdmVkIiZndDsKLSAgICAmbHQ7bGludXg6b2JqZWN0 IG9iamVjdF9yZWY9Im9ial9wYWNrYWdlX3JzaF9yZW1vdmVkIiAvJmd0OwotICAmbHQ7L2xpbnV4 OnJwbWluZm9fdGVzdCZndDsKLSAgJmx0O2xpbnV4OnJwbWluZm9fb2JqZWN0IGlkPSJvYmpfcGFj a2FnZV9yc2hfcmVtb3ZlZCIgdmVyc2lvbj0iMSImZ3Q7Ci0gICAgJmx0O2xpbnV4Om5hbWUmZ3Q7 cnNoJmx0Oy9saW51eDpuYW1lJmd0OwotICAmbHQ7L2xpbnV4OnJwbWluZm9fb2JqZWN0Jmd0Owot Jmx0Oy9kZWYtZ3JvdXAmZ3Q7CmRpZmYgLS1naXQgYS9SSEVMLzYvaW5wdXQvY2hlY2tzL3BhY2th Z2VfcnNoX3JlbW92ZWQueG1sIGIvUkhFTC82L2lucHV0L2NoZWNrcy9wYWNrYWdlX3JzaF9yZW1v dmVkLnhtbApuZXcgZmlsZSBtb2RlIDEyMDAwMAppbmRleCAwMDAwMDAwLi4zYjk0YTIwCi0tLSAv ZGV2L251bGwKKysrIGIvUkhFTC82L2lucHV0L2NoZWNrcy9wYWNrYWdlX3JzaF9yZW1vdmVkLnht bApAQCAtMCwwICsxIEBACisuLi8uLi8uLi8uLi9zaGFyZWQvb3ZhbC9wYWNrYWdlX3JzaF9yZW1v dmVkLnhtbApcIE5vIG5ld2xpbmUgYXQgZW5kIG9mIGZpbGUKZGlmZiAtLWdpdCBhL1JIRUwvNi9p bnB1dC9zZXJ2aWNlcy9vYnNvbGV0ZS54bWwgYi9SSEVMLzYvaW5wdXQvc2VydmljZXMvb2Jzb2xl dGUueG1sCmluZGV4IGVlOTgwZDQuLmMyZTViMTUgMTAwNjQ0Ci0tLSBhL1JIRUwvNi9pbnB1dC9z ZXJ2aWNlcy9vYnNvbGV0ZS54bWwKKysrIGIvUkhFTC82L2lucHV0L3NlcnZpY2VzL29ic29sZXRl LnhtbApAQCAtMTg2LDcgKzE4Niw3IEBAIHN0b2xlbiBieSBlYXZlc2Ryb3BwZXJzIG9uIHRoZSBu ZXR3b3JrLgogJmx0Oy9SdWxlJmd0OwogCiAmbHQ7UnVsZSBpZD0icGFja2FnZV9yc2hfcmVtb3Zl ZCImZ3Q7Ci0mbHQ7dGl0bGUmZ3Q7UmVtb3ZlIHJzaCZsdDsvdGl0bGUmZ3Q7CismbHQ7dGl0bGUm Z3Q7VW5pbnN0YWwgcnNoIFBhY2thZ2UmbHQ7L3RpdGxlJmd0OwogJmx0O2Rlc2NyaXB0aW9uJmd0 O1RoZSAmbHQ7dHQmZ3Q7cnNoJmx0Oy90dCZndDsgcGFja2FnZSBjb250YWlucyB0aGUgY2xpZW50 IGNvbW1hbmRzCiBmb3IgdGhlIHJzaCBzZXJ2aWNlcyZsdDsvZGVzY3JpcHRpb24mZ3Q7CiAmbHQ7 b2NpbCZndDsmbHQ7cGFja2FnZS1yZW1vdmUtbWFjcm8gcGFja2FnZT0icnNoIi8mZ3Q7Jmx0Oy9v Y2lsJmd0OwpAQCAtMTk4LDYgKzE5OCw4IEBAIHRoZWlyIGNyZWRlbnRpYWxzLiBOb3RlIHRoYXQg cmVtb3ZpbmcgdGhlICZsdDt0dCZndDtyc2gmbHQ7L3R0Jmd0OyBwYWNrYWdlIHJlbW92ZXMKIHRo ZSBjbGllbnRzIGZvciAmbHQ7dHQmZ3Q7cnNoJmx0Oy90dCZndDssJmx0O3R0Jmd0O3JjcCZsdDsv dHQmZ3Q7LCBhbmQgJmx0O3R0Jmd0O3Jsb2dpbiZsdDsvdHQmZ3Q7LgogJmx0Oy9yYXRpb25hbGUm Z3Q7CiAmbHQ7aWRlbnQgY2NlPSIiIC8mZ3Q7CismbHQ7b3ZhbCBpZD0icGFja2FnZV9yc2hfcmVt b3ZlZCIgLyZndDsKKyZsdDt0ZXN0ZWQgYnk9IkpMIiBvbj0iMjAxNDA1MzAiLyZndDsKICZsdDsv UnVsZSZndDsKIAogJmx0O1J1bGUgaWQ9ImRpc2FibGVfcmxvZ2luIiBzZXZlcml0eT0iaGlnaCIm Z3Q7CmRpZmYgLS1naXQgYS9SSEVMLzcvaW5wdXQvY2hlY2tzL3BhY2thZ2VfcnNoX3JlbW92ZWQu eG1sIGIvUkhFTC83L2lucHV0L2NoZWNrcy9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbApuZXcgZmls ZSBtb2RlIDEyMDAwMAppbmRleCAwMDAwMDAwLi4zYjk0YTIwCi0tLSAvZGV2L251bGwKKysrIGIv UkhFTC83L2lucHV0L2NoZWNrcy9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbApAQCAtMCwwICsxIEBA CisuLi8uLi8uLi8uLi9zaGFyZWQvb3ZhbC9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbApcIE5vIG5l d2xpbmUgYXQgZW5kIG9mIGZpbGUKZGlmZiAtLWdpdCBhL1JIRUwvNy9pbnB1dC9zZXJ2aWNlcy9v YnNvbGV0ZS54bWwgYi9SSEVMLzcvaW5wdXQvc2VydmljZXMvb2Jzb2xldGUueG1sCmluZGV4IDg0 Y2VkMTAuLjg4ODE2MmQgMTAwNjQ0Ci0tLSBhL1JIRUwvNy9pbnB1dC9zZXJ2aWNlcy9vYnNvbGV0 ZS54bWwKKysrIGIvUkhFTC83L2lucHV0L3NlcnZpY2VzL29ic29sZXRlLnhtbApAQCAtMTcwLDYg KzE3MCwyMyBAQCBzdG9sZW4gYnkgZWF2ZXNkcm9wcGVycyBvbiB0aGUgbmV0d29yay4KICZsdDt0 ZXN0ZWQgYnk9IkRTIiBvbj0iMjAxMjEwMjYiLyZndDsKICZsdDsvUnVsZSZndDsKIAorJmx0O1J1 bGUgaWQ9InBhY2thZ2VfcnNoX3JlbW92ZWQiJmd0OworJmx0O3RpdGxlJmd0O1VuaW5zdGFsIHJz aCBQYWNrYWdlJmx0Oy90aXRsZSZndDsKKyZsdDtkZXNjcmlwdGlvbiZndDtUaGUgJmx0O3R0Jmd0 O3JzaCZsdDsvdHQmZ3Q7IHBhY2thZ2UgY29udGFpbnMgdGhlIGNsaWVudCBjb21tYW5kcworZm9y IHRoZSByc2ggc2VydmljZXMmbHQ7L2Rlc2NyaXB0aW9uJmd0OworJmx0O29jaWwmZ3Q7Jmx0O3Bh Y2thZ2UtcmVtb3ZlLW1hY3JvIHBhY2thZ2U9InJzaCIvJmd0OyZsdDsvb2NpbCZndDsKKyZsdDty YXRpb25hbGUmZ3Q7VGhlc2UgbGVnYWN5IGNsaWVudHMgY29udGFpbiBudW1lcm91cyBzZWN1cml0 eSBleHBvc3VyZXMgYW5kIGhhdmUKK2JlZW4gcmVwbGFjZWQgd2l0aCB0aGUgbW9yZSBzZWN1cmUg U1NIIHBhY2thZ2UuIEV2ZW4gaWYgdGhlIHNlcnZlciBpcyByZW1vdmVkLAoraXQgaXMgYmVzdCB0 byBlbnN1cmUgdGhlIGNsaWVudHMgYXJlIGFsc28gcmVtb3ZlZCB0byBwcmV2ZW50IHVzZXJzIGZy b20KK2luYWR2ZXJ0ZW50bHkgYXR0ZW1wdGluZyB0byB1c2UgdGhlc2UgY29tbWFuZHMgYW5kIHRo ZXJlZm9yZSBleHBvc2luZwordGhlaXIgY3JlZGVudGlhbHMuIE5vdGUgdGhhdCByZW1vdmluZyB0 aGUgJmx0O3R0Jmd0O3JzaCZsdDsvdHQmZ3Q7IHBhY2thZ2UgcmVtb3ZlcwordGhlIGNsaWVudHMg Zm9yICZsdDt0dCZndDtyc2gmbHQ7L3R0Jmd0OywmbHQ7dHQmZ3Q7cmNwJmx0Oy90dCZndDssIGFu ZCAmbHQ7dHQmZ3Q7cmxvZ2luJmx0Oy90dCZndDsuCismbHQ7L3JhdGlvbmFsZSZndDsKKyZsdDtp ZGVudCBjY2U9IiIgLyZndDsKKyZsdDtvdmFsIGlkPSJwYWNrYWdlX3JzaF9yZW1vdmVkIiAvJmd0 OworJmx0O3Rlc3RlZCBieT0iSkwiIG9uPSIyMDE0MDUzMCIvJmd0OworJmx0Oy9SdWxlJmd0Owor CiAmbHQ7UnVsZSBpZD0iZGlzYWJsZV9ybG9naW4iIHNldmVyaXR5PSJoaWdoIiZndDsKICZsdDt0 aXRsZSZndDtEaXNhYmxlIHJsb2dpbiBTZXJ2aWNlJmx0Oy90aXRsZSZndDsKICZsdDtkZXNjcmlw dGlvbiZndDtUaGUgJmx0O3R0Jmd0O3Jsb2dpbiZsdDsvdHQmZ3Q7IHNlcnZpY2UsIHdoaWNoIGlz IGF2YWlsYWJsZSB3aXRoCmRpZmYgLS1naXQgYS9zaGFyZWQvb3ZhbC9wYWNrYWdlX3JzaF9yZW1v dmVkLnhtbCBiL3NoYXJlZC9vdmFsL3BhY2thZ2VfcnNoX3JlbW92ZWQueG1sCm5ldyBmaWxlIG1v ZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjlmNzM5ZWYKLS0tIC9kZXYvbnVsbAorKysgYi9zaGFy ZWQvb3ZhbC9wYWNrYWdlX3JzaF9yZW1vdmVkLnhtbApAQCAtMCwwICsxLDI3IEBACismbHQ7ZGVm LWdyb3VwJmd0OworICZsdDshLS0gVEhJUyBGSUxFIElTIEdFTkVSQVRFRCBieSBjcmVhdGVfcGFj a2FnZV9yZW1vdmVkLnB5LiAgRE8gTk9UIEVESVQuICAtLSZndDsKKyAgJmx0O2RlZmluaXRpb24g Y2xhc3M9ImNvbXBsaWFuY2UiIGlkPSJwYWNrYWdlX3JzaF9yZW1vdmVkIgorICB2ZXJzaW9uPSIx IiZndDsKKyAgICAmbHQ7bWV0YWRhdGEmZ3Q7CisgICAgICAmbHQ7dGl0bGUmZ3Q7UGFja2FnZSBy c2ggUmVtb3ZlZCZsdDsvdGl0bGUmZ3Q7CisgICAgICAmbHQ7YWZmZWN0ZWQgZmFtaWx5PSJ1bml4 IiZndDsKKyAgICAgICAgJmx0O3BsYXRmb3JtJmd0O1JlZCBIYXQgRW50ZXJwcmlzZSBMaW51eCA2 Jmx0Oy9wbGF0Zm9ybSZndDsKKyAgICAgICAgJmx0O3BsYXRmb3JtJmd0O1JlZCBIYXQgRW50ZXJw cmlzZSBMaW51eCA3Jmx0Oy9wbGF0Zm9ybSZndDsKKyAgICAgICZsdDsvYWZmZWN0ZWQmZ3Q7Cisg ICAgICAmbHQ7ZGVzY3JpcHRpb24mZ3Q7VGhlIFJQTSBwYWNrYWdlIHJzaCBzaG91bGQgYmUgcmVt b3ZlZC4mbHQ7L2Rlc2NyaXB0aW9uJmd0OworICAgICAgJmx0O3JlZmVyZW5jZSBzb3VyY2U9IkpM IiByZWZfaWQ9IjIwMTQwNTMwIiByZWZfdXJsPSJ0ZXN0X2F0dGVzdGF0aW9uIi8mZ3Q7CisgICAg Jmx0Oy9tZXRhZGF0YSZndDsKKyAgICAmbHQ7Y3JpdGVyaWEmZ3Q7CisgICAgICAmbHQ7Y3JpdGVy aW9uIGNvbW1lbnQ9InBhY2thZ2UgcnNoIGlzIHJlbW92ZWQiCisgICAgICB0ZXN0X3JlZj0idGVz dF9wYWNrYWdlX3JzaF9yZW1vdmVkIiAvJmd0OworICAgICZsdDsvY3JpdGVyaWEmZ3Q7CisgICZs dDsvZGVmaW5pdGlvbiZndDsKKyAgJmx0O2xpbnV4OnJwbWluZm9fdGVzdCBjaGVjaz0iYWxsIiBj aGVja19leGlzdGVuY2U9Im5vbmVfZXhpc3QiCisgIGlkPSJ0ZXN0X3BhY2thZ2VfcnNoX3JlbW92 ZWQiIHZlcnNpb249IjEiCisgIGNvbW1lbnQ9InBhY2thZ2UgcnNoIGlzIHJlbW92ZWQiJmd0Owor ICAgICZsdDtsaW51eDpvYmplY3Qgb2JqZWN0X3JlZj0ib2JqX3BhY2thZ2VfcnNoX3JlbW92ZWQi IC8mZ3Q7CisgICZsdDsvbGludXg6cnBtaW5mb190ZXN0Jmd0OworICAmbHQ7bGludXg6cnBtaW5m b19vYmplY3QgaWQ9Im9ial9wYWNrYWdlX3JzaF9yZW1vdmVkIiB2ZXJzaW9uPSIxIiZndDsKKyAg ICAmbHQ7bGludXg6bmFtZSZndDtyc2gmbHQ7L2xpbnV4Om5hbWUmZ3Q7CisgICZsdDsvbGludXg6 cnBtaW5mb19vYmplY3QmZ3Q7CismbHQ7L2RlZi1ncm91cCZndDsKPGRpdiBjbGFzcz0ibW96LXR4 dC1zaWciPi0tIAoxLjguMy4xCgo8L2Rpdj48L3ByZT4KICAgICAgPC9kaXY+CiAgICA8L2Jsb2Nr cXVvdGU+CiAgICA8YnI+CiAgICBhY2s8YnI+CiAgPC9ib2R5Pgo8L2h0bWw+Cg== --===============7641567349522903848==--