Date: Sat, 2 Jun 2012 01:58:30 -0400 From: Eitan Adler <lists@eitanadler.com> To: ruby@freebsd.org Cc: ports-security@freebsd.org Subject: Fwd: [oss-security] Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) Message-ID: <CAF6rxgku5-4QOWNuwZyPesMZZLvLcZHFUW_bzSA=avKtVPk11A@mail.gmail.com> In-Reply-To: <20120531191529.GB79783@higgins.local> References: <20120531191529.GB79783@higgins.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--f46d044789735b776204c176ff36 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable A vulnerability has been found in a port you maintain. Please commit an update and write up a VuXML report. If you need help feel free to email ports-security@freebsd.org, ---------- Forwarded message ---------- From: Aaron Patterson <tenderlove@ruby-lang.org> Date: 31 May 2012 15:15 Subject: [oss-security] Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) To: oss-security@lists.openwall.com Unsafe Query Generation Risk in Ruby on Rails There is a vulnerability when Active Record is used in conjunction with parameter parsing from Rack via Action Pack. This vulnerability has been assigned the CVE identifier CVE-2012-2660. Versions Affected: =C2=A0ALL versions Not affected: =C2=A0 =C2=A0 =C2=A0 NONE Fixed Versions: =C2=A0 =C2=A0 3.2.4, 3.1.5, 3.0.13 Impact ------ Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with "IS NULL" where clauses. =C2=A0This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL where most users wouldn't expect it. For example, a system has password reset with token functionality: =C2=A0 =C2=A0unless params[:token].nil? =C2=A0 =C2=A0 =C2=A0user =3D User.find_by_token(params[:token]) =C2=A0 =C2=A0 =C2=A0user.reset_password! =C2=A0 =C2=A0end An attacker can craft a request such that `params[:token]` will return `[nil]`. =C2=A0The `[nil]` value will bypass the test for nil, but will still add an "IS NULL" clause to the SQL query. All users running an affected release should either upgrade or use one of the work arounds immediately. Releases -------- The FIXED releases are available at the normal locations. Workarounds ----------- This problem can be mitigated by testing for `[nil]`. =C2=A0For example: =C2=A0 =C2=A0unless params[:token].nil? || params[:token] =3D=3D [nil] =C2=A0 =C2=A0 =C2=A0user =3D User.find_by_token(params[:token]) =C2=A0 =C2=A0 =C2=A0user.reset_password! =C2=A0 =C2=A0end Another possible workaround is to cast to a known type and test against that type. =C2=A0For example: =C2=A0 =C2=A0unless params[:token].to_s.empty? =C2=A0 =C2=A0 =C2=A0user =3D User.find_by_token(params[:token]) =C2=A0 =C2=A0 =C2=A0user.reset_password! =C2=A0 =C2=A0end Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. =C2=A0They are in git-am format and consist of a single changeset. * 3-0-null_param.patch - Patch for 3.0 series * 3-1-null_param.patch - Patch for 3.1 series * 3-2-null_param.patch - Patch for 3.2 series Please note that only the 3.1.x and 3.2.x series are supported at present. =C2=A0Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. Credits ------- Thanks to Ben Murphy for reporting the vulnerability to us, and to Chad Pyne of thoughtbot for helping us verify the fix. -- Aaron Patterson http://tenderlovemaking.com/ --=20 Eitan Adler --f46d044789735b776204c176ff36 Content-Type: text/plain; charset=us-ascii; name="3-0-null_param.patch" Content-Disposition: attachment; filename="3-0-null_param.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: bd5d2f42f17b0493_0.0.1 RnJvbSBjMjAyNjM4MjI1NTE5YjVlMWEwM2ViZTUyM2IxMDljOTQ4ZmIwZTUyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQ0KRnJvbTogQWFyb24gUGF0dGVyc29uIDxhYXJvbi5wYXR0ZXJzb25AZ21h aWwuY29tPg0KRGF0ZTogV2VkLCAzMCBNYXkgMjAxMiAxNToxMzowMyAtMDcwMA0KU3ViamVjdDog W1BBVENIXSBTdHJpcCBbbmlsXSBmcm9tIHBhcmFtZXRlcnMgaGFzaC4gVGhhbmtzIHRvIEJlbiBN dXJwaHkgZm9yDQogcmVwb3J0aW5nIHRoaXMhDQoNCkNWRS0yMDEyLTI2NjANCg0KQ29uZmxpY3Rz Og0KDQoJYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3BhdGNoL2h0dHAvcmVxdWVzdC5yYg0KLS0t DQogYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3BhdGNoL2h0dHAvcmVxdWVzdC5yYiAgICAgfCAg IDIyICsrKysrKysrKysrKysrKysrKysrDQogLi4uL2Rpc3BhdGNoL3JlcXVlc3QvcXVlcnlfc3Ry aW5nX3BhcnNpbmdfdGVzdC5yYiAgfCAgICA3ICsrKysrLQ0KIDIgZmlsZXMgY2hhbmdlZCwgMjgg aW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbnMoLSkNCg0KZGlmZiAtLWdpdCBhL2FjdGlvbnBhY2sv bGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmIgYi9hY3Rpb25wYWNrL2xpYi9hY3Rp b25fZGlzcGF0Y2gvaHR0cC9yZXF1ZXN0LnJiDQppbmRleCA3Yzg1NTdiLi45ODViNzMwIDEwMDY0 NA0KLS0tIGEvYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3BhdGNoL2h0dHAvcmVxdWVzdC5yYg0K KysrIGIvYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3BhdGNoL2h0dHAvcmVxdWVzdC5yYg0KQEAg LTI1Nyw1ICsyNTcsMjcgQEAgbW9kdWxlIEFjdGlvbkRpc3BhdGNoDQogICAgIGRlZiBsb2NhbD8N CiAgICAgICBMT0NBTEhPU1QuYW55PyB7IHxsb2NhbF9pcHwgbG9jYWxfaXAgPT09IHJlbW90ZV9h ZGRyICYmIGxvY2FsX2lwID09PSByZW1vdGVfaXAgfQ0KICAgICBlbmQNCisNCisgICAgcHJvdGVj dGVkDQorDQorICAgICMgUmVtb3ZlIG5pbHMgZnJvbSB0aGUgcGFyYW1zIGhhc2gNCisgICAgZGVm IGRlZXBfbXVuZ2UoaGFzaCkNCisgICAgICBoYXNoLmVhY2hfdmFsdWUgZG8gfHZ8DQorICAgICAg ICBjYXNlIHYNCisgICAgICAgIHdoZW4gQXJyYXkNCisgICAgICAgICAgdi5ncmVwKEhhc2gpIHsg fHh8IGRlZXBfbXVuZ2UoeCkgfQ0KKyAgICAgICAgd2hlbiBIYXNoDQorICAgICAgICAgIGRlZXBf bXVuZ2UodikNCisgICAgICAgIGVuZA0KKyAgICAgIGVuZA0KKw0KKyAgICAgIGtleXMgPSBoYXNo LmtleXMuZmluZF9hbGwgeyB8a3wgaGFzaFtrXSA9PSBbbmlsXSB9DQorICAgICAga2V5cy5lYWNo IHsgfGt8IGhhc2hba10gPSBuaWwgfQ0KKyAgICAgIGhhc2gNCisgICAgZW5kDQorDQorICAgIGRl ZiBwYXJzZV9xdWVyeShxcykNCisgICAgICBkZWVwX211bmdlKHN1cGVyKQ0KKyAgICBlbmQNCiAg IGVuZA0KIGVuZA0KZGlmZiAtLWdpdCBhL2FjdGlvbnBhY2svdGVzdC9kaXNwYXRjaC9yZXF1ZXN0 L3F1ZXJ5X3N0cmluZ19wYXJzaW5nX3Rlc3QucmIgYi9hY3Rpb25wYWNrL3Rlc3QvZGlzcGF0Y2gv cmVxdWVzdC9xdWVyeV9zdHJpbmdfcGFyc2luZ190ZXN0LnJiDQppbmRleCAwNzFkODBjLi5jN2Fi NzAwIDEwMDY0NA0KLS0tIGEvYWN0aW9ucGFjay90ZXN0L2Rpc3BhdGNoL3JlcXVlc3QvcXVlcnlf c3RyaW5nX3BhcnNpbmdfdGVzdC5yYg0KKysrIGIvYWN0aW9ucGFjay90ZXN0L2Rpc3BhdGNoL3Jl cXVlc3QvcXVlcnlfc3RyaW5nX3BhcnNpbmdfdGVzdC5yYg0KQEAgLTgxLDcgKzgxLDEyIEBAIGNs YXNzIFF1ZXJ5U3RyaW5nUGFyc2luZ1Rlc3QgPCBBY3Rpb25Db250cm9sbGVyOjpJbnRlZ3JhdGlv blRlc3QNCiAgIGVuZA0KIA0KICAgdGVzdCAicXVlcnkgc3RyaW5nIHdpdGhvdXQgZXF1YWwiIGRv DQotICAgIGFzc2VydF9wYXJzZXMoeyAiYWN0aW9uIiA9PiBuaWwgfSwgImFjdGlvbiIpDQorICAg IGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iID0+IG5pbH0sICJhY3Rpb24iKQ0KKyAgICBhc3NlcnRf cGFyc2VzKHsiYWN0aW9uIiA9PiB7ImZvbyIgPT4gbmlsfX0sICJhY3Rpb25bZm9vXSIpDQorICAg IGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iID0+IHsiZm9vIiA9PiB7ICJiYXIiID0+IG5pbCB9fX0s ICJhY3Rpb25bZm9vXVtiYXJdIikNCisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4geyJm b28iID0+IHsgImJhciIgPT4gbmlsIH19fSwgImFjdGlvbltmb29dW2Jhcl1bXSIpDQorICAgIGFz c2VydF9wYXJzZXMoeyJhY3Rpb24iID0+IHsiZm9vIiA9PiBuaWx9fSwgImFjdGlvbltmb29dW10i KQ0KKyAgICBhc3NlcnRfcGFyc2VzKHsiYWN0aW9uIj0+eyJmb28iPT5beyJiYXIiPT5uaWx9XX19 LCAiYWN0aW9uW2Zvb11bXVtiYXJdIikNCiAgIGVuZA0KIA0KICAgdGVzdCAicXVlcnkgc3RyaW5n IHdpdGggZW1wdHkga2V5IiBkbw0KLS0gDQoxLjcuNS40DQoNCg== --f46d044789735b776204c176ff36 Content-Type: text/plain; charset=us-ascii; name="3-1-null_param.patch" Content-Disposition: attachment; filename="3-1-null_param.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: bd5d2f42f17b0493_0.0.2 RnJvbSA1YjgzYmJmYWI3ZDU3NzBlZDU2MzY2ZDczOWZmNjJhYzcwNDI1MDA4IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQ0KRnJvbTogQWFyb24gUGF0dGVyc29uIDxhYXJvbi5wYXR0ZXJzb25AZ21h aWwuY29tPg0KRGF0ZTogV2VkLCAzMCBNYXkgMjAxMiAxNToxMzowMyAtMDcwMA0KU3ViamVjdDog W1BBVENIXSBTdHJpcCBbbmlsXSBmcm9tIHBhcmFtZXRlcnMgaGFzaC4gVGhhbmtzIHRvIEJlbiBN dXJwaHkgZm9yDQogcmVwb3J0aW5nIHRoaXMhDQoNCkNWRS0yMDEyLTI2NjANCi0tLQ0KIGFjdGlv bnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmIgICAgIHwgICAyMiArKysr KysrKysrKysrKysrKysrKw0KIC4uLi9kaXNwYXRjaC9yZXF1ZXN0L3F1ZXJ5X3N0cmluZ19wYXJz aW5nX3Rlc3QucmIgIHwgICAgNyArKysrKy0NCiAyIGZpbGVzIGNoYW5nZWQsIDI4IGluc2VydGlv bnMoKyksIDEgZGVsZXRpb25zKC0pDQoNCmRpZmYgLS1naXQgYS9hY3Rpb25wYWNrL2xpYi9hY3Rp b25fZGlzcGF0Y2gvaHR0cC9yZXF1ZXN0LnJiIGIvYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3Bh dGNoL2h0dHAvcmVxdWVzdC5yYg0KaW5kZXggYzQ5Y2M1Ni4uOWUxZGM0YiAxMDA2NDQNCi0tLSBh L2FjdGlvbnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmINCisrKyBiL2Fj dGlvbnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmINCkBAIC0yNjcsNiAr MjY3LDI4IEBAIG1vZHVsZSBBY3Rpb25EaXNwYXRjaA0KICAgICAgIExPQ0FMSE9TVC5hbnk/IHsg fGxvY2FsX2lwfCBsb2NhbF9pcCA9PT0gcmVtb3RlX2FkZHIgJiYgbG9jYWxfaXAgPT09IHJlbW90 ZV9pcCB9DQogICAgIGVuZA0KIA0KKyAgICBwcm90ZWN0ZWQNCisNCisgICAgIyBSZW1vdmUgbmls cyBmcm9tIHRoZSBwYXJhbXMgaGFzaA0KKyAgICBkZWYgZGVlcF9tdW5nZShoYXNoKQ0KKyAgICAg IGhhc2guZWFjaF92YWx1ZSBkbyB8dnwNCisgICAgICAgIGNhc2Ugdg0KKyAgICAgICAgd2hlbiBB cnJheQ0KKyAgICAgICAgICB2LmdyZXAoSGFzaCkgeyB8eHwgZGVlcF9tdW5nZSh4KSB9DQorICAg ICAgICB3aGVuIEhhc2gNCisgICAgICAgICAgZGVlcF9tdW5nZSh2KQ0KKyAgICAgICAgZW5kDQor ICAgICAgZW5kDQorDQorICAgICAga2V5cyA9IGhhc2gua2V5cy5maW5kX2FsbCB7IHxrfCBoYXNo W2tdID09IFtuaWxdIH0NCisgICAgICBrZXlzLmVhY2ggeyB8a3wgaGFzaFtrXSA9IG5pbCB9DQor ICAgICAgaGFzaA0KKyAgICBlbmQNCisNCisgICAgZGVmIHBhcnNlX3F1ZXJ5KHFzKQ0KKyAgICAg IGRlZXBfbXVuZ2Uoc3VwZXIpDQorICAgIGVuZA0KKw0KICAgICBwcml2YXRlDQogDQogICAgIGRl ZiBjaGVja19tZXRob2QobmFtZSkNCmRpZmYgLS1naXQgYS9hY3Rpb25wYWNrL3Rlc3QvZGlzcGF0 Y2gvcmVxdWVzdC9xdWVyeV9zdHJpbmdfcGFyc2luZ190ZXN0LnJiIGIvYWN0aW9ucGFjay90ZXN0 L2Rpc3BhdGNoL3JlcXVlc3QvcXVlcnlfc3RyaW5nX3BhcnNpbmdfdGVzdC5yYg0KaW5kZXggZjZh MTQ3NS4uMTgxZjUxYSAxMDA2NDQNCi0tLSBhL2FjdGlvbnBhY2svdGVzdC9kaXNwYXRjaC9yZXF1 ZXN0L3F1ZXJ5X3N0cmluZ19wYXJzaW5nX3Rlc3QucmINCisrKyBiL2FjdGlvbnBhY2svdGVzdC9k aXNwYXRjaC9yZXF1ZXN0L3F1ZXJ5X3N0cmluZ19wYXJzaW5nX3Rlc3QucmINCkBAIC04MSw3ICs4 MSwxMiBAQCBjbGFzcyBRdWVyeVN0cmluZ1BhcnNpbmdUZXN0IDwgQWN0aW9uRGlzcGF0Y2g6Oklu dGVncmF0aW9uVGVzdA0KICAgZW5kDQogDQogICB0ZXN0ICJxdWVyeSBzdHJpbmcgd2l0aG91dCBl cXVhbCIgZG8NCi0gICAgYXNzZXJ0X3BhcnNlcyh7ICJhY3Rpb24iID0+IG5pbCB9LCAiYWN0aW9u IikNCisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4gbmlsfSwgImFjdGlvbiIpDQorICAg IGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iID0+IHsiZm9vIiA9PiBuaWx9fSwgImFjdGlvbltmb29d IikNCisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4geyJmb28iID0+IHsgImJhciIgPT4g bmlsIH19fSwgImFjdGlvbltmb29dW2Jhcl0iKQ0KKyAgICBhc3NlcnRfcGFyc2VzKHsiYWN0aW9u IiA9PiB7ImZvbyIgPT4geyAiYmFyIiA9PiBuaWwgfX19LCAiYWN0aW9uW2Zvb11bYmFyXVtdIikN CisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4geyJmb28iID0+IG5pbH19LCAiYWN0aW9u W2Zvb11bXSIpDQorICAgIGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iPT57ImZvbyI9Plt7ImJhciI9 Pm5pbH1dfX0sICJhY3Rpb25bZm9vXVtdW2Jhcl0iKQ0KICAgZW5kDQogDQogICB0ZXN0ICJxdWVy eSBzdHJpbmcgd2l0aCBlbXB0eSBrZXkiIGRvDQotLSANCjEuNy41LjQNCg0K --f46d044789735b776204c176ff36 Content-Type: text/plain; charset=us-ascii; name="3-2-null_param.patch" Content-Disposition: attachment; filename="3-2-null_param.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: bd5d2f42f17b0493_0.0.3 RnJvbSBkZmY2ZGIxODg0MGUyZmQxZGQzZjNlNGVmMGFlN2E5YTM5ODZkMDFkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQ0KRnJvbTogQWFyb24gUGF0dGVyc29uIDxhYXJvbi5wYXR0ZXJzb25AZ21h aWwuY29tPg0KRGF0ZTogV2VkLCAzMCBNYXkgMjAxMiAxNToxMzowMyAtMDcwMA0KU3ViamVjdDog W1BBVENIXSBTdHJpcCBbbmlsXSBmcm9tIHBhcmFtZXRlcnMgaGFzaC4gVGhhbmtzIHRvIEJlbiBN dXJwaHkgZm9yDQogcmVwb3J0aW5nIHRoaXMhDQoNCkNWRS0yMDEyLTI2NjANCi0tLQ0KIGFjdGlv bnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmIgICAgIHwgICAyMiArKysr KysrKysrKysrKysrKysrKw0KIC4uLi9kaXNwYXRjaC9yZXF1ZXN0L3F1ZXJ5X3N0cmluZ19wYXJz aW5nX3Rlc3QucmIgIHwgICAgNyArKysrKy0NCiAyIGZpbGVzIGNoYW5nZWQsIDI4IGluc2VydGlv bnMoKyksIDEgZGVsZXRpb25zKC0pDQoNCmRpZmYgLS1naXQgYS9hY3Rpb25wYWNrL2xpYi9hY3Rp b25fZGlzcGF0Y2gvaHR0cC9yZXF1ZXN0LnJiIGIvYWN0aW9ucGFjay9saWIvYWN0aW9uX2Rpc3Bh dGNoL2h0dHAvcmVxdWVzdC5yYg0KaW5kZXggODIwOTIxMi4uYWRiYjVkMSAxMDA2NDQNCi0tLSBh L2FjdGlvbnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmINCisrKyBiL2Fj dGlvbnBhY2svbGliL2FjdGlvbl9kaXNwYXRjaC9odHRwL3JlcXVlc3QucmINCkBAIC0yNDcsNiAr MjQ3LDI4IEBAIG1vZHVsZSBBY3Rpb25EaXNwYXRjaA0KICAgICAgIExPQ0FMSE9TVC5hbnk/IHsg fGxvY2FsX2lwfCBsb2NhbF9pcCA9PT0gcmVtb3RlX2FkZHIgJiYgbG9jYWxfaXAgPT09IHJlbW90 ZV9pcCB9DQogICAgIGVuZA0KIA0KKyAgICBwcm90ZWN0ZWQNCisNCisgICAgIyBSZW1vdmUgbmls cyBmcm9tIHRoZSBwYXJhbXMgaGFzaA0KKyAgICBkZWYgZGVlcF9tdW5nZShoYXNoKQ0KKyAgICAg IGhhc2guZWFjaF92YWx1ZSBkbyB8dnwNCisgICAgICAgIGNhc2Ugdg0KKyAgICAgICAgd2hlbiBB cnJheQ0KKyAgICAgICAgICB2LmdyZXAoSGFzaCkgeyB8eHwgZGVlcF9tdW5nZSh4KSB9DQorICAg ICAgICB3aGVuIEhhc2gNCisgICAgICAgICAgZGVlcF9tdW5nZSh2KQ0KKyAgICAgICAgZW5kDQor ICAgICAgZW5kDQorDQorICAgICAga2V5cyA9IGhhc2gua2V5cy5maW5kX2FsbCB7IHxrfCBoYXNo W2tdID09IFtuaWxdIH0NCisgICAgICBrZXlzLmVhY2ggeyB8a3wgaGFzaFtrXSA9IG5pbCB9DQor ICAgICAgaGFzaA0KKyAgICBlbmQNCisNCisgICAgZGVmIHBhcnNlX3F1ZXJ5KHFzKQ0KKyAgICAg IGRlZXBfbXVuZ2Uoc3VwZXIpDQorICAgIGVuZA0KKw0KICAgICBwcml2YXRlDQogDQogICAgIGRl ZiBjaGVja19tZXRob2QobmFtZSkNCmRpZmYgLS1naXQgYS9hY3Rpb25wYWNrL3Rlc3QvZGlzcGF0 Y2gvcmVxdWVzdC9xdWVyeV9zdHJpbmdfcGFyc2luZ190ZXN0LnJiIGIvYWN0aW9ucGFjay90ZXN0 L2Rpc3BhdGNoL3JlcXVlc3QvcXVlcnlfc3RyaW5nX3BhcnNpbmdfdGVzdC5yYg0KaW5kZXggZjZh MTQ3NS4uMTgxZjUxYSAxMDA2NDQNCi0tLSBhL2FjdGlvbnBhY2svdGVzdC9kaXNwYXRjaC9yZXF1 ZXN0L3F1ZXJ5X3N0cmluZ19wYXJzaW5nX3Rlc3QucmINCisrKyBiL2FjdGlvbnBhY2svdGVzdC9k aXNwYXRjaC9yZXF1ZXN0L3F1ZXJ5X3N0cmluZ19wYXJzaW5nX3Rlc3QucmINCkBAIC04MSw3ICs4 MSwxMiBAQCBjbGFzcyBRdWVyeVN0cmluZ1BhcnNpbmdUZXN0IDwgQWN0aW9uRGlzcGF0Y2g6Oklu dGVncmF0aW9uVGVzdA0KICAgZW5kDQogDQogICB0ZXN0ICJxdWVyeSBzdHJpbmcgd2l0aG91dCBl cXVhbCIgZG8NCi0gICAgYXNzZXJ0X3BhcnNlcyh7ICJhY3Rpb24iID0+IG5pbCB9LCAiYWN0aW9u IikNCisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4gbmlsfSwgImFjdGlvbiIpDQorICAg IGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iID0+IHsiZm9vIiA9PiBuaWx9fSwgImFjdGlvbltmb29d IikNCisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4geyJmb28iID0+IHsgImJhciIgPT4g bmlsIH19fSwgImFjdGlvbltmb29dW2Jhcl0iKQ0KKyAgICBhc3NlcnRfcGFyc2VzKHsiYWN0aW9u IiA9PiB7ImZvbyIgPT4geyAiYmFyIiA9PiBuaWwgfX19LCAiYWN0aW9uW2Zvb11bYmFyXVtdIikN CisgICAgYXNzZXJ0X3BhcnNlcyh7ImFjdGlvbiIgPT4geyJmb28iID0+IG5pbH19LCAiYWN0aW9u W2Zvb11bXSIpDQorICAgIGFzc2VydF9wYXJzZXMoeyJhY3Rpb24iPT57ImZvbyI9Plt7ImJhciI9 Pm5pbH1dfX0sICJhY3Rpb25bZm9vXVtdW2Jhcl0iKQ0KICAgZW5kDQogDQogICB0ZXN0ICJxdWVy eSBzdHJpbmcgd2l0aCBlbXB0eSBrZXkiIGRvDQotLSANCjEuNy41LjQNCg0K --f46d044789735b776204c176ff36 Content-Type: application/pgp-signature Content-Disposition: attachment Content-Transfer-Encoding: base64 X-Attachment-Id: bd5d2f42f17b0493_0.1 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjQuMTIgKERh cndpbikNCg0KaVFFY0JBRUJBZ0FHQlFKUHg4TlJBQW9KRUpVeGNMeTAvNi9HMlYwSUFKUTlnYy9T djkxbWhkR200YzBKaUVVbw0KOG13c084U1g2czNLUHd4dUljanRKME95QlZweDFNaU84MnllYWVk R3ZGeHpKd1ZCVEcwdnduMmdBRisrSTgyMQ0KQ0tacW1ldUZYVFIyWHdwZTZ6NW1EcTlsWGFxWDRz cDZhOG5ERlJza1NOSkZ3N3lQRUxQelUzVjZxblJ5YnpHdA0KMjlQNHQxaU9tdFVBczBtNWo4bG9p Y3pIeFd6THJkVldMMk1JbnJPYlo0a0UwZm43MEVnVjBVaDNVRk42QThLUQ0KOEZURzIrOXRZYS9s Y2taQVVoNG1IQ015UzFwWWNXVlVWN3o5c0pzbmJyYS9KK0dFWTY4L3Nrd2pmdHZiZjNZVQ0KK2Rp OW1hRlhISGx3T1FuMXVCcWdEVnVuWEFXYmplMGZJdk9IZUdkakhYKzYzbERKNmt1WTU3UHRuQmRw SmtRPQ0KPS9EOGcNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K --f46d044789735b776204c176ff36--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgku5-4QOWNuwZyPesMZZLvLcZHFUW_bzSA=avKtVPk11A>