From shawn at redhat.com Thu Aug 20 11:35:54 2015 Content-Type: multipart/mixed; boundary="===============7025764152328246397==" MIME-Version: 1.0 From: Shawn Wells To: scap-security-guide at lists.fedorahosted.org Subject: Re: [PATCH] [Fedora] Add OVAL check for Verify that Shared Library Files Have Restrictive Permissions Date: Thu, 05 Dec 2013 02:18:38 -0500 Message-ID: <52A028CE.7080704@redhat.com> In-Reply-To: 1466766859.11694458.1386169424044.JavaMail.root@redhat.com --===============7025764152328246397== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 12/4/13, 10:03 AM, Jan Lieskovsky wrote: > This patch adds OVAL check for 'Verify that Shared Library Files Have Res= trictive Permissions' > rule for Fedora. > > It is a re-implementation / simplification against currently used RHEL-6 = form: > [1]https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL= 6/input/checks/file_permissions_library_dirs.xml > > Instead of having dedicated tests for each of /lib, /lib64, /usr/lib && /= usr/lib64 > directories (and checking based on 'equals' operation), it uses just one = test > for each of library permissions checks and files' permissions within thos= e libraries > check (and checks based on 'pattern match' operation). > > Passed basic sanity && regression testing. > > Please review (especially in relation with existing RHEL-6 form if > we would like to use this proposal also for particular RHEL-6 OVAL check > in the future). > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > 0001-Fedora-Add-OVAL-check-for-Verify-that-Shared-Library.patch > > > From 569de3bfcf8c65951b3b1c6ec4f59bd66511b367 Mon Sep 17 00:00:00 2001 > From: Jan Lieskovsky > Date: Wed, 4 Dec 2013 15:54:15 +0100 > Subject: [PATCH] [Fedora] Add OVAL check for Verify that Shared Library F= iles > Have Restrictive Permissions > > Signed-off-by: Jan Lieskovsky > --- > .../input/checks/file_permissions_library_dirs.xml | 52 +++++++++++++++= +++++++ > Fedora/input/system/permissions/files.xml | 2 +- > Fedora/scap-security-guide.spec | 1 + > 3 files changed, 54 insertions(+), 1 deletion(-) > create mode 100644 Fedora/input/checks/file_permissions_library_dirs.xml > > diff --git a/Fedora/input/checks/file_permissions_library_dirs.xml b/Fedo= ra/input/checks/file_permissions_library_dirs.xml > new file mode 100644 > index 0000000..cce15a5 > --- /dev/null > +++ b/Fedora/input/checks/file_permissions_library_dirs.xml > @@ -0,0 +1,52 @@ > + > + > + > + Verify that Shared Library Files Have Restrictive Permissio= ns > + > + Fedora 19 > + > + > + Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and > + objects therein, are not group-writable or world-writable. > + > + > + > + > + > + > + > + > + > + > + > + > + > + > + > + > + > + > + ^\/lib(|64)|^\/usr\/lib(|64)<= /unix:path> > + > + state_perms_nogroupwrite_noworldwrite > + perms_state_symlink > + > + > + > + > + ^\/lib(|64)|^\/usr\/lib(|64)<= /unix:path> > + ^.*$ > + state_perms_nogroupwrite_noworldwrite > + perms_state_symlink > + > + > + > + true > + true > + > + > + > + symbolic link > + > + > + > diff --git a/Fedora/input/system/permissions/files.xml b/Fedora/input/sys= tem/permissions/files.xml > index c15482c..a9bfd93 100644 > --- a/Fedora/input/system/permissions/files.xml > +++ b/Fedora/input/system/permissions/files.xml > @@ -30,7 +30,7 @@ runtime. Restrictive permissions are necessary to prote= ct the integrity of the > system. > > > - > + > > = > > diff --git a/Fedora/scap-security-guide.spec b/Fedora/scap-security-guide= .spec > index cd3ff7e..356d024 100644 > --- a/Fedora/scap-security-guide.spec > +++ b/Fedora/scap-security-guide.spec > @@ -56,6 +56,7 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{bu= ildroot}%{_mandir}/en/man > %changelog > * Mon Dec 02 2013 Jan iankko Lieskovsky 0.1.4.r= c9-1 > - Fix remediation for Disable Prelinking rule > +- OVAL check for Verify that Shared Library Files Have Restrictive Permi= ssions > = > * Fri Nov 29 2013 Jan iankko Lieskovsky 0.1.4.r= c8-1 > - OVAL check and remediation for sshd's ClientAliveCountMax rule > -- 1.8.3.1 This is much cleaner. Ack to the code. Should we start the scap-security-guide/shared/oval/ directory now, = instead of placing within Fedora/input/checks/ directly? --===============7025764152328246397== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRG LTgiIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSI+CiAgPC9oZWFkPgogIDxib2R5IGJnY29sb3I9 IiNGRkZGRkYiIHRleHQ9IiMwMDAwMDAiPgogICAgPGRpdiBjbGFzcz0ibW96LWNpdGUtcHJlZml4 Ij5PbiAxMi80LzEzLCAxMDowMyBBTSwgSmFuIExpZXNrb3Zza3kKICAgICAgd3JvdGU6PGJyPgog ICAgPC9kaXY+CiAgICA8YmxvY2txdW90ZQogICAgICBjaXRlPSJtaWQ6MTQ2Njc2Njg1OS4xMTY5 NDQ1OC4xMzg2MTY5NDI0MDQ0LkphdmFNYWlsLnJvb3RAcmVkaGF0LmNvbSIKICAgICAgdHlwZT0i Y2l0ZSI+CiAgICAgIDxkaXYgY2xhc3M9Im1vei10ZXh0LXBsYWluIiB3cmFwPSJ0cnVlIiBncmFw aGljYWwtcXVvdGU9InRydWUiCiAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5OiAtbW96LWZpeGVk OyBmb250LXNpemU6IDEycHg7IgogICAgICAgIGxhbmc9IngtdW5pY29kZSI+CiAgICAgICAgPHBy ZSB3cmFwPSIiPlRoaXMgcGF0Y2ggYWRkcyBPVkFMIGNoZWNrIGZvciAnVmVyaWZ5IHRoYXQgU2hh cmVkIExpYnJhcnkgRmlsZXMgSGF2ZSBSZXN0cmljdGl2ZSBQZXJtaXNzaW9ucycKcnVsZSBmb3Ig RmVkb3JhLgoKSXQgaXMgYSByZS1pbXBsZW1lbnRhdGlvbiAvIHNpbXBsaWZpY2F0aW9uIGFnYWlu c3QgY3VycmVudGx5IHVzZWQgUkhFTC02IGZvcm06CiAgWzFdIDxhIG1vei1kby1ub3Qtc2VuZD0i dHJ1ZSIgY2xhc3M9Im1vei10eHQtbGluay1mcmVldGV4dCIgaHJlZj0iaHR0cHM6Ly9naXQuZmVk b3JhaG9zdGVkLm9yZy9jZ2l0L3NjYXAtc2VjdXJpdHktZ3VpZGUuZ2l0L3RyZWUvUkhFTDYvaW5w dXQvY2hlY2tzL2ZpbGVfcGVybWlzc2lvbnNfbGlicmFyeV9kaXJzLnhtbCI+aHR0cHM6Ly9naXQu ZmVkb3JhaG9zdGVkLm9yZy9jZ2l0L3NjYXAtc2VjdXJpdHktZ3VpZGUuZ2l0L3RyZWUvUkhFTDYv aW5wdXQvY2hlY2tzL2ZpbGVfcGVybWlzc2lvbnNfbGlicmFyeV9kaXJzLnhtbDwvYT4KCkluc3Rl YWQgb2YgaGF2aW5nIGRlZGljYXRlZCB0ZXN0cyBmb3IgZWFjaCBvZiAvbGliLCAvbGliNjQsIC91 c3IvbGliICZhbXA7JmFtcDsgL3Vzci9saWI2NApkaXJlY3RvcmllcyAoYW5kIGNoZWNraW5nIGJh c2VkIG9uICdlcXVhbHMnIG9wZXJhdGlvbiksIGl0IHVzZXMganVzdCBvbmUgdGVzdApmb3IgZWFj aCBvZiBsaWJyYXJ5IHBlcm1pc3Npb25zIGNoZWNrcyBhbmQgZmlsZXMnIHBlcm1pc3Npb25zIHdp dGhpbiB0aG9zZSBsaWJyYXJpZXMKY2hlY2sgKGFuZCBjaGVja3MgYmFzZWQgb24gJ3BhdHRlcm4g bWF0Y2gnIG9wZXJhdGlvbikuCgpQYXNzZWQgYmFzaWMgc2FuaXR5ICZhbXA7JmFtcDsgcmVncmVz c2lvbiB0ZXN0aW5nLgoKUGxlYXNlIHJldmlldyAoZXNwZWNpYWxseSBpbiByZWxhdGlvbiB3aXRo IGV4aXN0aW5nIFJIRUwtNiBmb3JtIGlmCndlIHdvdWxkIGxpa2UgdG8gdXNlIHRoaXMgcHJvcG9z YWwgYWxzbyBmb3IgcGFydGljdWxhciBSSEVMLTYgT1ZBTCBjaGVjawppbiB0aGUgZnV0dXJlKS4K ClRoYW5rIHlvdSAmYW1wOyZhbXA7IFJlZ2FyZHMsIEphbi4KLS0KSmFuIGlhbmtrbyBMaWVza292 c2t5IC8gUmVkIEhhdCBTZWN1cml0eSBUZWNobm9sb2dpZXMgVGVhbQo8L3ByZT4KICAgICAgPC9k aXY+CiAgICAgIDxicj4KICAgICAgPGZpZWxkc2V0IGNsYXNzPSJtaW1lQXR0YWNobWVudEhlYWRl ciI+PGxlZ2VuZAogICAgICAgICAgY2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyTmFtZSI+MDAw MS1GZWRvcmEtQWRkLU9WQUwtY2hlY2stZm9yLVZlcmlmeS10aGF0LVNoYXJlZC1MaWJyYXJ5LnBh dGNoPC9sZWdlbmQ+PC9maWVsZHNldD4KICAgICAgPGJyPgogICAgICA8ZGl2IGNsYXNzPSJtb3ot dGV4dC1wbGFpbiIgd3JhcD0idHJ1ZSIgZ3JhcGhpY2FsLXF1b3RlPSJ0cnVlIgogICAgICAgIHN0 eWxlPSJmb250LWZhbWlseTogLW1vei1maXhlZDsgZm9udC1zaXplOiAxMnB4OyIKICAgICAgICBs YW5nPSJ4LXdlc3Rlcm4iPgogICAgICAgIDxwcmUgd3JhcD0iIj5Gcm9tIDU2OWRlM2JmY2Y4YzY1 OTUxYjNiMWM2ZWM0ZjU5YmQ2NjUxMWIzNjcgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCkZyb206 IEphbiBMaWVza292c2t5IDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgY2xhc3M9Im1vei10eHQt bGluay1yZmMyMzk2RSIgaHJlZj0ibWFpbHRvOmpsaWVza292QHJlZGhhdC5jb20iPiZsdDtqbGll c2tvdkByZWRoYXQuY29tJmd0OzwvYT4KRGF0ZTogV2VkLCA0IERlYyAyMDEzIDE1OjU0OjE1ICsw MTAwClN1YmplY3Q6IFtQQVRDSF0gW0ZlZG9yYV0gQWRkIE9WQUwgY2hlY2sgZm9yIFZlcmlmeSB0 aGF0IFNoYXJlZCBMaWJyYXJ5IEZpbGVzCiBIYXZlIFJlc3RyaWN0aXZlIFBlcm1pc3Npb25zCgpT aWduZWQtb2ZmLWJ5OiBKYW4gTGllc2tvdnNreSA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGNs YXNzPSJtb3otdHh0LWxpbmstcmZjMjM5NkUiIGhyZWY9Im1haWx0bzpqbGllc2tvdkByZWRoYXQu Y29tIj4mbHQ7amxpZXNrb3ZAcmVkaGF0LmNvbSZndDs8L2E+Ci0tLQogLi4uL2lucHV0L2NoZWNr cy9maWxlX3Blcm1pc3Npb25zX2xpYnJhcnlfZGlycy54bWwgfCA1MiArKysrKysrKysrKysrKysr KysrKysrCiBGZWRvcmEvaW5wdXQvc3lzdGVtL3Blcm1pc3Npb25zL2ZpbGVzLnhtbCAgICAgICAg ICB8ICAyICstCiBGZWRvcmEvc2NhcC1zZWN1cml0eS1ndWlkZS5zcGVjICAgICAgICAgICAgICAg ICAgICB8ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgNTQgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlv bigtKQogY3JlYXRlIG1vZGUgMTAwNjQ0IEZlZG9yYS9pbnB1dC9jaGVja3MvZmlsZV9wZXJtaXNz aW9uc19saWJyYXJ5X2RpcnMueG1sCgpkaWZmIC0tZ2l0IGEvRmVkb3JhL2lucHV0L2NoZWNrcy9m aWxlX3Blcm1pc3Npb25zX2xpYnJhcnlfZGlycy54bWwgYi9GZWRvcmEvaW5wdXQvY2hlY2tzL2Zp bGVfcGVybWlzc2lvbnNfbGlicmFyeV9kaXJzLnhtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRl eCAwMDAwMDAwLi5jY2UxNWE1Ci0tLSAvZGV2L251bGwKKysrIGIvRmVkb3JhL2lucHV0L2NoZWNr cy9maWxlX3Blcm1pc3Npb25zX2xpYnJhcnlfZGlycy54bWwKQEAgLTAsMCArMSw1MiBAQAorJmx0 O2RlZi1ncm91cCZndDsKKyAgJmx0O2RlZmluaXRpb24gY2xhc3M9ImNvbXBsaWFuY2UiIGlkPSJm aWxlX3Blcm1pc3Npb25zX2xpYnJhcnlfZGlycyIgdmVyc2lvbj0iMSImZ3Q7CisgICAgJmx0O21l dGFkYXRhJmd0OworICAgICAgJmx0O3RpdGxlJmd0O1ZlcmlmeSB0aGF0IFNoYXJlZCBMaWJyYXJ5 IEZpbGVzIEhhdmUgUmVzdHJpY3RpdmUgUGVybWlzc2lvbnMmbHQ7L3RpdGxlJmd0OworICAgICAg Jmx0O2FmZmVjdGVkIGZhbWlseT0idW5peCImZ3Q7CisgICAgICAgICZsdDtwbGF0Zm9ybSZndDtG ZWRvcmEgMTkmbHQ7L3BsYXRmb3JtJmd0OworICAgICAgJmx0Oy9hZmZlY3RlZCZndDsKKyAgICAg ICZsdDtkZXNjcmlwdGlvbiZndDsKKyAgICAgICAgQ2hlY2tzIHRoYXQgL2xpYiwgL2xpYjY0LCAv dXNyL2xpYiwgL3Vzci9saWI2NCwgL2xpYi9tb2R1bGVzLCBhbmQKKyAgICAgICAgb2JqZWN0cyB0 aGVyZWluLCBhcmUgbm90IGdyb3VwLXdyaXRhYmxlIG9yIHdvcmxkLXdyaXRhYmxlLgorICAgICAg Jmx0Oy9kZXNjcmlwdGlvbiZndDsKKyAgICAmbHQ7L21ldGFkYXRhJmd0OworICAgICZsdDtjcml0 ZXJpYSBvcGVyYXRvcj0iQU5EIiZndDsKKyAgICAgICZsdDtjcml0ZXJpb24gdGVzdF9yZWY9InRl c3RfcGVybXNfbGliX2RpciIgLyZndDsKKyAgICAgICZsdDtjcml0ZXJpb24gdGVzdF9yZWY9InRl c3RfcGVybXNfbGliX2ZpbGVzIiAvJmd0OworICAgICZsdDsvY3JpdGVyaWEmZ3Q7CisgICZsdDsv ZGVmaW5pdGlvbiZndDsKKworICAmbHQ7dW5peDpmaWxlX3Rlc3QgY2hlY2s9ImFsbCIgY2hlY2tf ZXhpc3RlbmNlPSJub25lX2V4aXN0IiBjb21tZW50PSJsaWJyYXJ5IGRpcmVjdG9yaWVzIGdvLXci IGlkPSJ0ZXN0X3Blcm1zX2xpYl9kaXIiIHZlcnNpb249IjEiJmd0OworICAgICZsdDt1bml4Om9i amVjdCBvYmplY3RfcmVmPSJvYmplY3RfZmlsZV9wZXJtaXNzaW9uc19saWJfZGlyIiAvJmd0Owor ICAmbHQ7L3VuaXg6ZmlsZV90ZXN0Jmd0OworCisgICZsdDt1bml4OmZpbGVfdGVzdCBjaGVjaz0i YWxsIiBjaGVja19leGlzdGVuY2U9Im5vbmVfZXhpc3QiIGNvbW1lbnQ9ImxpYnJhcnkgZmlsZXMg Z28tdyIgaWQ9InRlc3RfcGVybXNfbGliX2ZpbGVzIiB2ZXJzaW9uPSIxIiZndDsKKyAgICAmbHQ7 dW5peDpvYmplY3Qgb2JqZWN0X3JlZj0ib2JqZWN0X2ZpbGVfcGVybWlzc2lvbnNfbGliX2ZpbGVz IiAvJmd0OworICAmbHQ7L3VuaXg6ZmlsZV90ZXN0Jmd0OworCisgICZsdDt1bml4OmZpbGVfb2Jq ZWN0IGNvbW1lbnQ9ImxpYnJhcnkgZGlyZWN0b3JpZXMiIGlkPSJvYmplY3RfZmlsZV9wZXJtaXNz aW9uc19saWJfZGlyIiB2ZXJzaW9uPSIxIiZndDsKKyAgICAmbHQ7IS0tIENoZWNrIHRoYXQgL2xp YiwgL2xpYjY0LCAvdXNyL2xpYiwgL3Vzci9saWI2NCBkaXJlY3RvcmllcyBoYXZlIHNhZmUgcGVy bWlzc2lvbnMgKGdvLXcpIC0tJmd0OworICAgICZsdDt1bml4OnBhdGggb3BlcmF0aW9uPSJwYXR0 ZXJuIG1hdGNoIiZndDteXC9saWIofDY0KXxeXC91c3JcL2xpYih8NjQpJmx0Oy91bml4OnBhdGgm Z3Q7CisgICAgJmx0O3VuaXg6ZmlsZW5hbWUgeHNpOm5pbD0idHJ1ZSIgLyZndDsKKyAgICAmbHQ7 ZmlsdGVyIGFjdGlvbj0iaW5jbHVkZSImZ3Q7c3RhdGVfcGVybXNfbm9ncm91cHdyaXRlX25vd29y bGR3cml0ZSZsdDsvZmlsdGVyJmd0OworICAgICZsdDtmaWx0ZXIgYWN0aW9uPSJleGNsdWRlIiZn dDtwZXJtc19zdGF0ZV9zeW1saW5rJmx0Oy9maWx0ZXImZ3Q7CisgICZsdDsvdW5peDpmaWxlX29i amVjdCZndDsKKworICAmbHQ7dW5peDpmaWxlX29iamVjdCBjb21tZW50PSJsaWJyYXJ5IGZpbGVz IiBpZD0ib2JqZWN0X2ZpbGVfcGVybWlzc2lvbnNfbGliX2ZpbGVzIiB2ZXJzaW9uPSIxIiZndDsK KyAgICAmbHQ7IS0tIENoZWNrIHRoZSBmaWxlcyB3aXRoaW4gL2xpYiwgL2xpYjY0LCAvdXNyL2xp YiwgL3Vzci9saWI2NCBkaXJlY3RvcmllcyBoYXZlIHNhZmUgcGVybWlzc2lvbnMgKGdvLXcpIC0t Jmd0OworICAgICZsdDt1bml4OnBhdGggb3BlcmF0aW9uPSJwYXR0ZXJuIG1hdGNoIiZndDteXC9s aWIofDY0KXxeXC91c3JcL2xpYih8NjQpJmx0Oy91bml4OnBhdGgmZ3Q7CisgICAgJmx0O3VuaXg6 ZmlsZW5hbWUgb3BlcmF0aW9uPSJwYXR0ZXJuIG1hdGNoIiZndDteLiokJmx0Oy91bml4OmZpbGVu YW1lJmd0OworICAgICZsdDtmaWx0ZXIgYWN0aW9uPSJpbmNsdWRlIiZndDtzdGF0ZV9wZXJtc19u b2dyb3Vwd3JpdGVfbm93b3JsZHdyaXRlJmx0Oy9maWx0ZXImZ3Q7CisgICAgJmx0O2ZpbHRlciBh Y3Rpb249ImV4Y2x1ZGUiJmd0O3Blcm1zX3N0YXRlX3N5bWxpbmsmbHQ7L2ZpbHRlciZndDsKKyAg Jmx0Oy91bml4OmZpbGVfb2JqZWN0Jmd0OworCisgICZsdDt1bml4OmZpbGVfc3RhdGUgaWQ9InN0 YXRlX3Blcm1zX25vZ3JvdXB3cml0ZV9ub3dvcmxkd3JpdGUiIHZlcnNpb249IjEiIG9wZXJhdG9y PSJPUiImZ3Q7CisgICAgJmx0O3VuaXg6Z3dyaXRlIGRhdGF0eXBlPSJib29sZWFuIiZndDt0cnVl Jmx0Oy91bml4Omd3cml0ZSZndDsKKyAgICAmbHQ7dW5peDpvd3JpdGUgZGF0YXR5cGU9ImJvb2xl YW4iJmd0O3RydWUmbHQ7L3VuaXg6b3dyaXRlJmd0OworICAmbHQ7L3VuaXg6ZmlsZV9zdGF0ZSZn dDsKKworICAmbHQ7dW5peDpmaWxlX3N0YXRlIGlkPSJwZXJtc19zdGF0ZV9zeW1saW5rIiB2ZXJz aW9uPSIxIiZndDsKKyAgICAmbHQ7dW5peDp0eXBlIG9wZXJhdGlvbj0iZXF1YWxzIiZndDtzeW1i b2xpYyBsaW5rJmx0Oy91bml4OnR5cGUmZ3Q7CisgICZsdDsvdW5peDpmaWxlX3N0YXRlJmd0Owor CismbHQ7L2RlZi1ncm91cCZndDsKZGlmZiAtLWdpdCBhL0ZlZG9yYS9pbnB1dC9zeXN0ZW0vcGVy bWlzc2lvbnMvZmlsZXMueG1sIGIvRmVkb3JhL2lucHV0L3N5c3RlbS9wZXJtaXNzaW9ucy9maWxl cy54bWwKaW5kZXggYzE1NDgyYy4uYTliZmQ5MyAxMDA2NDQKLS0tIGEvRmVkb3JhL2lucHV0L3N5 c3RlbS9wZXJtaXNzaW9ucy9maWxlcy54bWwKKysrIGIvRmVkb3JhL2lucHV0L3N5c3RlbS9wZXJt aXNzaW9ucy9maWxlcy54bWwKQEAgLTMwLDcgKzMwLDcgQEAgcnVudGltZS4gUmVzdHJpY3RpdmUg cGVybWlzc2lvbnMgYXJlIG5lY2Vzc2FyeSB0byBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkgb2YgdGhl CiBzeXN0ZW0uCiAmbHQ7L3JhdGlvbmFsZSZndDsKICZsdDtyZWYgbmlzdD0iQUMtNiIgZGlzYT0i MTQ5OSIvJmd0OwotJmx0OyEtLSAmbHQ7b3ZhbCBpZD0iZmlsZV9wZXJtaXNzaW9uc19saWJyYXJ5 X2RpcnMiIC8mZ3Q7IC0tJmd0OworJmx0O292YWwgaWQ9ImZpbGVfcGVybWlzc2lvbnNfbGlicmFy eV9kaXJzIiAvJmd0OwogJmx0Oy9SdWxlJmd0OwogCiAmbHQ7UnVsZSBpZD0iZmlsZV9vd25lcnNo aXBfbGlicmFyeV9kaXJzIiBzZXZlcml0eT0ibWVkaXVtIiZndDsKZGlmZiAtLWdpdCBhL0ZlZG9y YS9zY2FwLXNlY3VyaXR5LWd1aWRlLnNwZWMgYi9GZWRvcmEvc2NhcC1zZWN1cml0eS1ndWlkZS5z cGVjCmluZGV4IGNkM2ZmN2UuLjM1NmQwMjQgMTAwNjQ0Ci0tLSBhL0ZlZG9yYS9zY2FwLXNlY3Vy aXR5LWd1aWRlLnNwZWMKKysrIGIvRmVkb3JhL3NjYXAtc2VjdXJpdHktZ3VpZGUuc3BlYwpAQCAt NTYsNiArNTYsNyBAQCBjcCAtYSBGZWRvcmEvaW5wdXQvYXV4aWxpYXJ5L3NjYXAtc2VjdXJpdHkt Z3VpZGUuOCAle2J1aWxkcm9vdH0le19tYW5kaXJ9L2VuL21hbgogJWNoYW5nZWxvZwogKiBNb24g RGVjIDAyIDIwMTMgSmFuIGlhbmtrbyBMaWVza292c2t5IDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1 ZSIgY2xhc3M9Im1vei10eHQtbGluay1yZmMyMzk2RSIgaHJlZj0ibWFpbHRvOmpsaWVza292QHJl ZGhhdC5jb20iPiZsdDtqbGllc2tvdkByZWRoYXQuY29tJmd0OzwvYT4gMC4xLjQucmM5LTEKIC0g Rml4IHJlbWVkaWF0aW9uIGZvciBEaXNhYmxlIFByZWxpbmtpbmcgcnVsZQorLSBPVkFMIGNoZWNr IGZvciBWZXJpZnkgdGhhdCBTaGFyZWQgTGlicmFyeSBGaWxlcyBIYXZlIFJlc3RyaWN0aXZlIFBl cm1pc3Npb25zCiAKICogRnJpIE5vdiAyOSAyMDEzIEphbiBpYW5ra28gTGllc2tvdnNreSA8YSBt b3otZG8tbm90LXNlbmQ9InRydWUiIGNsYXNzPSJtb3otdHh0LWxpbmstcmZjMjM5NkUiIGhyZWY9 Im1haWx0bzpqbGllc2tvdkByZWRoYXQuY29tIj4mbHQ7amxpZXNrb3ZAcmVkaGF0LmNvbSZndDs8 L2E+IDAuMS40LnJjOC0xCiAtIE9WQUwgY2hlY2sgYW5kIHJlbWVkaWF0aW9uIGZvciBzc2hkJ3Mg Q2xpZW50QWxpdmVDb3VudE1heCBydWxlCjxkaXYgY2xhc3M9Im1vei10eHQtc2lnIj4tLSAKMS44 LjMuMQo8L2Rpdj48L3ByZT4KICAgICAgPC9kaXY+CiAgICA8L2Jsb2NrcXVvdGU+CiAgICA8YnI+ CiAgICBUaGlzIGlzIG11Y2ggY2xlYW5lci4gQWNrIHRvIHRoZSBjb2RlLjxicj4KICAgIDxicj4K ICAgIFNob3VsZCB3ZSBzdGFydCB0aGUgc2NhcC1zZWN1cml0eS1ndWlkZS9zaGFyZWQvb3ZhbC8g ZGlyZWN0b3J5IG5vdywKICAgIGluc3RlYWQgb2YgcGxhY2luZyB3aXRoaW4gRmVkb3JhL2lucHV0 L2NoZWNrcy8gZGlyZWN0bHk/PGJyPgogIDwvYm9keT4KPC9odG1sPgo= --===============7025764152328246397==--