From llrw6ve9fzwh1001 at sneakemail.com  Thu Nov  2 09:08:48 2006
From: llrw6ve9fzwh1001 at sneakemail.com (J. Kras)
Date: 29 Apr 2001
Subject: OpenSSH_2.5.2p2 port forwarding problem
Message-ID: <135352282.988563046417.JavaMail.root@boots>

Version: OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
Platform: RedHat Linux 7.0 and Sun Solaris 2.6

I have the following problem: when I set up port forwarding for HTTP, running Squid
at one end as an HTTP proxy and a browser at the other end (Netscape, IE) everything
works fine, I can tunnel HTTP requests through OpenSSH but I keep seeing
the following error messages that mess up my display really bad:

channel 14: chan_shutdown_read: shutdown() failed for fd23 [i1 o16]: Transport endpoint is not connected
channel 28: chan_shutdown_read: shutdown() failed for fd37 [i1 o16]: Transport endpoint is not connected

(There are very many of these, they never end).

I noticed that if I start the client with "ssh -q" or if I set the LogLevel in ssh_config to
FATAL the errors are not printed anymore. A log level of ERROR will still print
them so I would assume they are errors.

I did not used to have this problem with ssh-1.2.27, but I just upgraded to OpenSSH
and this problem is anoying.

I don't want to always set the LogLevel to FATAL as I want to see other informational
messages like for example the open  forwarded connections when I close the ssh client.

Is this considered a bug or intended behavior? Any fixes, workarounds?

Please CC: me when you reply as I am not on the mailing lists yet.

Thanks.

Kras

-----------------------------------------------------
Protect yourself from spam, use http://sneakemail.com


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.1.1162419417.11741.openssh-unix-dev@mindrot.org>

child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.2.1162419426.11741.openssh-unix-dev@mindrot.org>

Multiple ListenAddress options are permitted. Additionally, any Port options
must precede this option for non port qualified addresses.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.3.1162419439.11741.openssh-unix-dev@mindrot.org>

Client is Linux OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
Server (from which i copy): OpenSSH_3.0.2p1 Solaris 8/7

I attached both debug logs.  (working_debug.log, failed_debug.log)

My ssh_config is:

Host *
   ForwardAgent no
   ForwardX11 no
   RhostsAuthentication no
   RhostsRSAAuthentication no
   RSAAuthentication yes
   PasswordAuthentication yes
   FallBackToRsh no
   UseRsh no
   BatchMode no
   CheckHostIP yes
   StrictHostKeyChecking yes
   IdentityFile ~/.ssh/id_dsa
   Port 22
   Protocol 2
   Ciphers arcfour
   MACs hmac-md5-96
   PreferredAuthentications publickey
   HostKeyAlgorithms ssh-dss
   EscapeChar ~



Any help would be greatly appreciated.

Martin


// Martin Decker, Systems Engineer, Data Center Operations     //
// AOL Germany, Dingolfinger-Str. 2-4, D-81673 Munich, Germany //
// AIM: mdecker77 mail: mdecker77 at aol.com ICQ: 15620821        //
// Phone:+49.8966572214                                        //

--84558759-596667786-1013180678=:15933
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="failed_debug.log"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.33.0202081604380.15933 at decks.muc.office.aol.com>
Content-Description: 
Content-Disposition: attachment; filename="failed_debug.log"

RXhlY3V0aW5nOiBwcm9ncmFtIC91c3IvYmluL3NzaCBob3N0IDE5Mi4xNjgu
MTAxLjEyNiwgdXNlciByb290LCBjb21tYW5kIHNjcCAtdiAtZiAvd2VibG9n
L3BlcmYyX2NsaWVudC9wZXJmMi1zeXN0ZW0ubG9nX3RyYW5zZmVyDQpPcGVu
U1NIXzIuOS45cDIsIFNTSCBwcm90b2NvbHMgMS41LzIuMCwgT3BlblNTTCAw
eDAwOTA2MDJmDQpkZWJ1ZzE6IFJlYWRpbmcgY29uZmlndXJhdGlvbiBkYXRh
IC9ldGMvc3NoL3NzaF9jb25maWcNDQpkZWJ1ZzE6IEFwcGx5aW5nIG9wdGlv
bnMgZm9yICoNDQpkZWJ1ZzM6IGNpcGhlciBvazogYXJjZm91ciBbYXJjZm91
cl0NDQpkZWJ1ZzM6IGNpcGhlcnMgb2s6IFthcmNmb3VyXQ0NCmRlYnVnMjog
bWFjX2luaXQ6IGZvdW5kIGhtYWMtbWQ1LTk2DQ0KZGVidWczOiBtYWMgb2s6
IGhtYWMtbWQ1LTk2IFtobWFjLW1kNS05Nl0NDQpkZWJ1ZzM6IG1hY3Mgb2s6
IFtobWFjLW1kNS05Nl0NDQpkZWJ1ZzM6IGtleSBuYW1lcyBvazogW3NzaC1k
c3NdDQ0KZGVidWcxOiBTZWVkaW5nIHJhbmRvbSBudW1iZXIgZ2VuZXJhdG9y
DQ0KZGVidWcxOiBSaG9zdHMgQXV0aGVudGljYXRpb24gZGlzYWJsZWQsIG9y
aWdpbmF0aW5nIHBvcnQgd2lsbCBub3QgYmUgdHJ1c3RlZC4NDQpkZWJ1ZzE6
IHJlc3RvcmVfdWlkDQ0KZGVidWcxOiBzc2hfY29ubmVjdDogZ2V0dWlkIDAg
Z2V0ZXVpZCAwIGFub24gMQ0NCmRlYnVnMTogQ29ubmVjdGluZyB0byAxOTIu
MTY4LjEwMS4xMjYgWzE5Mi4xNjguMTAxLjEyNl0gcG9ydCAyMi4NDQpkZWJ1
ZzE6IHRlbXBvcmFyaWx5X3VzZV91aWQ6IDAvMCAoZT0wKQ0NCmRlYnVnMTog
cmVzdG9yZV91aWQNDQpkZWJ1ZzE6IHRlbXBvcmFyaWx5X3VzZV91aWQ6IDAv
MCAoZT0wKQ0NCmRlYnVnMTogcmVzdG9yZV91aWQNDQpkZWJ1ZzE6IENvbm5l
Y3Rpb24gZXN0YWJsaXNoZWQuDQ0KZGVidWczOiBObyBSU0ExIGtleSBmaWxl
IC9yb290Ly5zc2gvaWRfZHNhLg0NCmRlYnVnMjoga2V5X3R5cGVfZnJvbV9u
YW1lOiB1bmtub3duIGtleSB0eXBlICctLS0tLUJFR0lOJw0NCmRlYnVnMzog
a2V5X3JlYWQ6IG5vIGtleSBmb3VuZA0NCmRlYnVnMzoga2V5X3JlYWQ6IG5v
IHNwYWNlDQ0KZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6
IGtleV9yZWFkOiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNw
YWNlDQ0KZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6IGtl
eV9yZWFkOiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNwYWNl
DQ0KZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6IGtleV9y
ZWFkOiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNwYWNlDQ0K
ZGVidWcyOiBrZXlfdHlwZV9mcm9tX25hbWU6IHVua25vd24ga2V5IHR5cGUg
Jy0tLS0tRU5EJw0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIGtleSBmb3VuZA0N
CmRlYnVnMTogaWRlbnRpdHkgZmlsZSAvcm9vdC8uc3NoL2lkX2RzYSB0eXBl
IDINDQpkZWJ1ZzE6IFJlbW90ZSBwcm90b2NvbCB2ZXJzaW9uIDIuMCwgcmVt
b3RlIHNvZnR3YXJlIHZlcnNpb24gT3BlblNTSF8zLjAuMnAxDQ0KZGVidWcx
OiBtYXRjaDogT3BlblNTSF8zLjAuMnAxIHBhdCBeT3BlblNTSA0NCkVuYWJs
aW5nIGNvbXBhdGliaWxpdHkgbW9kZSBmb3IgcHJvdG9jb2wgMi4wDQ0KZGVi
dWcxOiBMb2NhbCB2ZXJzaW9uIHN0cmluZyBTU0gtMi4wLU9wZW5TU0hfMi45
LjlwMg0NCmRlYnVnMTogU1NIMl9NU0dfS0VYSU5JVCBzZW50DQ0KZGVidWcx
OiBTU0gyX01TR19LRVhJTklUIHJlY2VpdmVkDQ0KZGVidWcyOiBrZXhfcGFy
c2Vfa2V4aW5pdDogZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hh
MSxkaWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQ0NCmRlYnVnMjoga2V4X3Bh
cnNlX2tleGluaXQ6IHNzaC1kc3MNDQpkZWJ1ZzI6IGtleF9wYXJzZV9rZXhp
bml0OiBhcmNmb3VyDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogYXJj
Zm91cg0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGluaXQ6IGhtYWMtbWQ1LTk2
DQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogaG1hYy1tZDUtOTYNDQpk
ZWJ1ZzI6IGtleF9wYXJzZV9rZXhpbml0OiB6bGliDQ0KZGVidWcyOiBrZXhf
cGFyc2Vfa2V4aW5pdDogemxpYg0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGlu
aXQ6IA0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGluaXQ6IA0NCmRlYnVnMjog
a2V4X3BhcnNlX2tleGluaXQ6IGZpcnN0X2tleF9mb2xsb3dzIDAgDQ0KZGVi
dWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogcmVzZXJ2ZWQgMCANDQpkZWJ1ZzI6
IGtleF9wYXJzZV9rZXhpbml0OiBkaWZmaWUtaGVsbG1hbi1ncm91cC1leGNo
YW5nZS1zaGExLGRpZmZpZS1oZWxsbWFuLWdyb3VwMS1zaGExDQ0KZGVidWcy
OiBrZXhfcGFyc2Vfa2V4aW5pdDogc3NoLWRzcw0NCmRlYnVnMjoga2V4X3Bh
cnNlX2tleGluaXQ6IGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2Jj
LGNhc3QxMjgtY2JjLGFyY2ZvdXIsYWVzMTkyLWNiYyxhZXMyNTYtY2JjLHJp
am5kYWVsMTI4LWNiYyxyaWpuZGFlbDE5Mi1jYmMscmlqbmRhZWwyNTYtY2Jj
LHJpam5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQ0NCmRlYnVnMjoga2V4X3Bh
cnNlX2tleGluaXQ6IGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2Jj
LGNhc3QxMjgtY2JjLGFyY2ZvdXIsYWVzMTkyLWNiYyxhZXMyNTYtY2JjLHJp
am5kYWVsMTI4LWNiYyxyaWpuZGFlbDE5Mi1jYmMscmlqbmRhZWwyNTYtY2Jj
LHJpam5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQ0NCmRlYnVnMjoga2V4X3Bh
cnNlX2tleGluaXQ6IGhtYWMtbWQ1LGhtYWMtc2hhMSxobWFjLXJpcGVtZDE2
MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFjLXNoYTEtOTYsaG1h
Yy1tZDUtOTYNDQpkZWJ1ZzI6IGtleF9wYXJzZV9rZXhpbml0OiBobWFjLW1k
NSxobWFjLXNoYTEsaG1hYy1yaXBlbWQxNjAsaG1hYy1yaXBlbWQxNjBAb3Bl
bnNzaC5jb20saG1hYy1zaGExLTk2LGhtYWMtbWQ1LTk2DQ0KZGVidWcyOiBr
ZXhfcGFyc2Vfa2V4aW5pdDogbm9uZSx6bGliDQ0KZGVidWcyOiBrZXhfcGFy
c2Vfa2V4aW5pdDogbm9uZSx6bGliDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4
aW5pdDogDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogDQ0KZGVidWcy
OiBrZXhfcGFyc2Vfa2V4aW5pdDogZmlyc3Rfa2V4X2ZvbGxvd3MgMCANDQpk
ZWJ1ZzI6IGtleF9wYXJzZV9rZXhpbml0OiByZXNlcnZlZCAwIA0NCmRlYnVn
MjogbWFjX2luaXQ6IGZvdW5kIGhtYWMtbWQ1LTk2DQ0KZGVidWcxOiBrZXg6
IHNlcnZlci0+Y2xpZW50IGFyY2ZvdXIgaG1hYy1tZDUtOTYgemxpYg0NCmRl
YnVnMjogbWFjX2luaXQ6IGZvdW5kIGhtYWMtbWQ1LTk2DQ0KZGVidWcxOiBr
ZXg6IGNsaWVudC0+c2VydmVyIGFyY2ZvdXIgaG1hYy1tZDUtOTYgemxpYg0N
CmRlYnVnMTogU1NIMl9NU0dfS0VYX0RIX0dFWF9SRVFVRVNUIHNlbnQNDQpk
ZWJ1ZzE6IGV4cGVjdGluZyBTU0gyX01TR19LRVhfREhfR0VYX0dST1VQDQ0K
ZGVidWcxOiBkaF9nZW5fa2V5OiBwcml2IGtleSBiaXRzIHNldDogMTE4LzI1
Ng0NCmRlYnVnMTogYml0cyBzZXQ6IDE1NTAvMzE5MQ0NCmRlYnVnMTogU1NI
Ml9NU0dfS0VYX0RIX0dFWF9JTklUIHNlbnQNDQpkZWJ1ZzE6IGV4cGVjdGlu
ZyBTU0gyX01TR19LRVhfREhfR0VYX1JFUExZDQ0KZGVidWczOiBjaGVja19o
b3N0X2luX2hvc3RmaWxlOiBmaWxlbmFtZSAvcm9vdC8uc3NoL2tub3duX2hv
c3RzDQ0KZGVidWczOiBjaGVja19ob3N0X2luX2hvc3RmaWxlOiBtYXRjaCBs
aW5lIDMwDQ0KZGVidWcxOiBIb3N0ICcxOTIuMTY4LjEwMS4xMjYnIGlzIGtu
b3duIGFuZCBtYXRjaGVzIHRoZSBEU0EgaG9zdCBrZXkuDQ0KZGVidWcxOiBG
b3VuZCBrZXkgaW4gL3Jvb3QvLnNzaC9rbm93bl9ob3N0czozMA0NCmRlYnVn
MTogYml0cyBzZXQ6IDE1NzMvMzE5MQ0NCmRlYnVnMTogc3NoX2Rzc192ZXJp
Znk6IHNpZ25hdHVyZSBjb3JyZWN0DQ0KZGVidWcxOiBrZXhfZGVyaXZlX2tl
eXMNDQpkZWJ1ZzE6IG5ld2tleXM6IG1vZGUgMQ0NCmRlYnVnMTogRW5hYmxp
bmcgY29tcHJlc3Npb24gYXQgbGV2ZWwgNi4NDQpkZWJ1ZzE6IFNTSDJfTVNH
X05FV0tFWVMgc2VudA0NCmRlYnVnMTogd2FpdGluZyBmb3IgU1NIMl9NU0df
TkVXS0VZUw0NCmRlYnVnMTogbmV3a2V5czogbW9kZSAwDQ0KZGVidWcxOiBT
U0gyX01TR19ORVdLRVlTIHJlY2VpdmVkDQ0KZGVidWcxOiBkb25lOiBzc2hf
a2V4Mi4NDQpkZWJ1ZzE6IHNlbmQgU1NIMl9NU0dfU0VSVklDRV9SRVFVRVNU
DQ0KZGVidWcxOiBzZXJ2aWNlX2FjY2VwdDogc3NoLXVzZXJhdXRoDQ0KZGVi
dWcxOiBnb3QgU1NIMl9NU0dfU0VSVklDRV9BQ0NFUFQNDQpkZWJ1ZzE6IGF1
dGhlbnRpY2F0aW9ucyB0aGF0IGNhbiBjb250aW51ZTogcHVibGlja2V5LHBh
c3N3b3JkLGtleWJvYXJkLWludGVyYWN0aXZlDQ0KZGVidWczOiBzdGFydCBv
dmVyLCBwYXNzZWQgYSBkaWZmZXJlbnQgbGlzdCBwdWJsaWNrZXkscGFzc3dv
cmQsa2V5Ym9hcmQtaW50ZXJhY3RpdmUNDQpkZWJ1ZzM6IHByZWZlcnJlZCBw
dWJsaWNrZXkNDQpkZWJ1ZzM6IGF1dGhtZXRob2RfbG9va3VwIHB1YmxpY2tl
eQ0NCmRlYnVnMzogcmVtYWluaW5nIHByZWZlcnJlZDogDQ0KZGVidWczOiBh
dXRobWV0aG9kX2lzX2VuYWJsZWQgcHVibGlja2V5DQ0KZGVidWcxOiBuZXh0
IGF1dGggbWV0aG9kIHRvIHRyeSBpcyBwdWJsaWNrZXkNDQpkZWJ1ZzE6IHRy
eSBwdWJrZXk6IC9yb290Ly5zc2gvaWRfZHNhDQ0KZGVidWczOiBzZW5kX3B1
YmtleV90ZXN0DQ0KZGVidWcyOiB3ZSBzZW50IGEgcHVibGlja2V5IHBhY2tl
dCwgd2FpdCBmb3IgcmVwbHkNDQpkZWJ1ZzE6IGlucHV0X3VzZXJhdXRoX3Br
X29rOiBwa2FsZyBzc2gtZHNzIGJsZW4gNDMzIGxhc3RrZXkgMHg4MTBhODgw
IGhpbnQgMA0NCmRlYnVnMjogaW5wdXRfdXNlcmF1dGhfcGtfb2s6IGZwIDI1
OmNkOjJiOjNmOjY0OmUyOjBmOmVmOmE4Ojg2OmU4OjEwOjU4OmZjOjlmOjU3
DQ0KZGVidWczOiBzaWduX2FuZF9zZW5kX3B1YmtleQ0NCmRlYnVnMTogcmVh
ZCBQRU0gcHJpdmF0ZSBrZXkgZG9uZTogdHlwZSBEU0ENDQpkZWJ1ZzE6IHNz
aC11c2VyYXV0aDIgc3VjY2Vzc2Z1bDogbWV0aG9kIHB1YmxpY2tleQ0NCmRl
YnVnMTogZmQgNSBzZXR0aW5nIE9fTk9OQkxPQ0sNDQpkZWJ1ZzE6IGZkIDYg
c2V0dGluZyBPX05PTkJMT0NLDQ0KZGVidWcxOiBmZCA3IHNldHRpbmcgT19O
T05CTE9DSw0NCmRlYnVnMTogY2hhbm5lbCAwOiBuZXcgW2NsaWVudC1zZXNz
aW9uXQ0NCmRlYnVnMzogc3NoX3Nlc3Npb24yX29wZW46IGNoYW5uZWxfbmV3
OiAwDQ0KZGVidWcxOiBzZW5kIGNoYW5uZWwgb3BlbiAwDQ0KZGVidWcxOiBF
bnRlcmluZyBpbnRlcmFjdGl2ZSBzZXNzaW9uLg0NCmRlYnVnMjogY2FsbGJh
Y2sgc3RhcnQNDQpkZWJ1ZzE6IHNzaF9zZXNzaW9uMl9zZXR1cDogaWQgMA0N
CmRlYnVnMTogU2VuZGluZyBjb21tYW5kOiBzY3AgLXYgLWYgL3dlYmxvZy9w
ZXJmMl9jbGllbnQvcGVyZjItc3lzdGVtLmxvZ190cmFuc2Zlcg0NCmRlYnVn
MjogY2FsbGJhY2sgZG9uZQ0NCmRlYnVnMTogY2hhbm5lbCAwOiBvcGVuIGNv
bmZpcm0gcndpbmRvdyAwIHJtYXggMTYzODQNDQpkZWJ1ZzI6IGNoYW5uZWwg
MDogcmN2ZCBhZGp1c3QgMzI3NjgNDQpkZWJ1ZzI6IGNoYW5uZWwgMDogcmN2
ZCBleHQgZGF0YSAyMA0NClNlbmRpbmcgZmlsZSBtb2RlczogZGVidWcyOiBj
aGFubmVsIDA6IHdyaXR0ZW4gMjAgdG8gZWZkIDcNDQpkZWJ1ZzI6IGNoYW5u
ZWwgMDogcmN2ZCBleHQgZGF0YSAzNg0NCkMwNjQ0IDY2OCBwZXJmMi1zeXN0
ZW0ubG9nX3RyYW5zZmVyDQpkZWJ1ZzI6IGNoYW5uZWwgMDogd3JpdHRlbiAz
NiB0byBlZmQgNw0NCmRlYnVnMTogY2hhbm5lbCAwOiByY3ZkIGVvZg0NCmRl
YnVnMTogY2hhbm5lbCAwOiBvdXRwdXQgb3BlbiAtPiBkcmFpbg0NCmRlYnVn
MTogY2hhbm5lbCAwOiBvYnVmIGVtcHR5DQ0KZGVidWcxOiBjaGFubmVsIDA6
IG91dHB1dCBkcmFpbiAtPiBjbG9zZWQNDQpkZWJ1ZzE6IGNoYW5uZWwgMDog
Y2xvc2Vfd3JpdGUNDQo=
--84558759-596667786-1013180678=:15933
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="working_debug.log"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.33.0202081604381.15933 at decks.muc.office.aol.com>
Content-Description: 
Content-Disposition: attachment; filename="working_debug.log"

RXhlY3V0aW5nOiBwcm9ncmFtIC91c3IvYmluL3NzaCBob3N0IDE5Mi4xNjgu
MTAxLjk0LCB1c2VyIHJvb3QsIGNvbW1hbmQgc2NwIC12IC1mIC93ZWJsb2cv
cGVyZjJfY2xpZW50L3BlcmYyLXN5c3RlbS5sb2dfdHJhbnNmZXINCk9wZW5T
U0hfMi45LjlwMiwgU1NIIHByb3RvY29scyAxLjUvMi4wLCBPcGVuU1NMIDB4
MDA5MDYwMmYNCmRlYnVnMTogUmVhZGluZyBjb25maWd1cmF0aW9uIGRhdGEg
L2V0Yy9zc2gvc3NoX2NvbmZpZw0NCmRlYnVnMTogQXBwbHlpbmcgb3B0aW9u
cyBmb3IgKg0NCmRlYnVnMzogY2lwaGVyIG9rOiBhcmNmb3VyIFthcmNmb3Vy
XQ0NCmRlYnVnMzogY2lwaGVycyBvazogW2FyY2ZvdXJdDQ0KZGVidWcyOiBt
YWNfaW5pdDogZm91bmQgaG1hYy1tZDUtOTYNDQpkZWJ1ZzM6IG1hYyBvazog
aG1hYy1tZDUtOTYgW2htYWMtbWQ1LTk2XQ0NCmRlYnVnMzogbWFjcyBvazog
W2htYWMtbWQ1LTk2XQ0NCmRlYnVnMzoga2V5IG5hbWVzIG9rOiBbc3NoLWRz
c10NDQpkZWJ1ZzE6IFNlZWRpbmcgcmFuZG9tIG51bWJlciBnZW5lcmF0b3IN
DQpkZWJ1ZzE6IFJob3N0cyBBdXRoZW50aWNhdGlvbiBkaXNhYmxlZCwgb3Jp
Z2luYXRpbmcgcG9ydCB3aWxsIG5vdCBiZSB0cnVzdGVkLg0NCmRlYnVnMTog
cmVzdG9yZV91aWQNDQpkZWJ1ZzE6IHNzaF9jb25uZWN0OiBnZXR1aWQgMCBn
ZXRldWlkIDAgYW5vbiAxDQ0KZGVidWcxOiBDb25uZWN0aW5nIHRvIDE5Mi4x
NjguMTAxLjk0IFsxOTIuMTY4LjEwMS45NF0gcG9ydCAyMi4NDQpkZWJ1ZzE6
IHRlbXBvcmFyaWx5X3VzZV91aWQ6IDAvMCAoZT0wKQ0NCmRlYnVnMTogcmVz
dG9yZV91aWQNDQpkZWJ1ZzE6IHRlbXBvcmFyaWx5X3VzZV91aWQ6IDAvMCAo
ZT0wKQ0NCmRlYnVnMTogcmVzdG9yZV91aWQNDQpkZWJ1ZzE6IENvbm5lY3Rp
b24gZXN0YWJsaXNoZWQuDQ0KZGVidWczOiBObyBSU0ExIGtleSBmaWxlIC9y
b290Ly5zc2gvaWRfZHNhLg0NCmRlYnVnMjoga2V5X3R5cGVfZnJvbV9uYW1l
OiB1bmtub3duIGtleSB0eXBlICctLS0tLUJFR0lOJw0NCmRlYnVnMzoga2V5
X3JlYWQ6IG5vIGtleSBmb3VuZA0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNw
YWNlDQ0KZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6IGtl
eV9yZWFkOiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNwYWNl
DQ0KZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6IGtleV9y
ZWFkOiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNwYWNlDQ0K
ZGVidWczOiBrZXlfcmVhZDogbm8gc3BhY2UNDQpkZWJ1ZzM6IGtleV9yZWFk
OiBubyBzcGFjZQ0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIHNwYWNlDQ0KZGVi
dWcyOiBrZXlfdHlwZV9mcm9tX25hbWU6IHVua25vd24ga2V5IHR5cGUgJy0t
LS0tRU5EJw0NCmRlYnVnMzoga2V5X3JlYWQ6IG5vIGtleSBmb3VuZA0NCmRl
YnVnMTogaWRlbnRpdHkgZmlsZSAvcm9vdC8uc3NoL2lkX2RzYSB0eXBlIDIN
DQpkZWJ1ZzE6IFJlbW90ZSBwcm90b2NvbCB2ZXJzaW9uIDIuMCwgcmVtb3Rl
IHNvZnR3YXJlIHZlcnNpb24gT3BlblNTSF8zLjAuMnAxDQ0KZGVidWcxOiBt
YXRjaDogT3BlblNTSF8zLjAuMnAxIHBhdCBeT3BlblNTSA0NCkVuYWJsaW5n
IGNvbXBhdGliaWxpdHkgbW9kZSBmb3IgcHJvdG9jb2wgMi4wDQ0KZGVidWcx
OiBMb2NhbCB2ZXJzaW9uIHN0cmluZyBTU0gtMi4wLU9wZW5TU0hfMi45Ljlw
Mg0NCmRlYnVnMTogU1NIMl9NU0dfS0VYSU5JVCBzZW50DQ0KZGVidWcxOiBT
U0gyX01TR19LRVhJTklUIHJlY2VpdmVkDQ0KZGVidWcyOiBrZXhfcGFyc2Vf
a2V4aW5pdDogZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMSxk
aWZmaWUtaGVsbG1hbi1ncm91cDEtc2hhMQ0NCmRlYnVnMjoga2V4X3BhcnNl
X2tleGluaXQ6IHNzaC1kc3MNDQpkZWJ1ZzI6IGtleF9wYXJzZV9rZXhpbml0
OiBhcmNmb3VyDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogYXJjZm91
cg0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGluaXQ6IGhtYWMtbWQ1LTk2DQ0K
ZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogaG1hYy1tZDUtOTYNDQpkZWJ1
ZzI6IGtleF9wYXJzZV9rZXhpbml0OiB6bGliDQ0KZGVidWcyOiBrZXhfcGFy
c2Vfa2V4aW5pdDogemxpYg0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGluaXQ6
IA0NCmRlYnVnMjoga2V4X3BhcnNlX2tleGluaXQ6IA0NCmRlYnVnMjoga2V4
X3BhcnNlX2tleGluaXQ6IGZpcnN0X2tleF9mb2xsb3dzIDAgDQ0KZGVidWcy
OiBrZXhfcGFyc2Vfa2V4aW5pdDogcmVzZXJ2ZWQgMCANDQpkZWJ1ZzI6IGtl
eF9wYXJzZV9rZXhpbml0OiBkaWZmaWUtaGVsbG1hbi1ncm91cC1leGNoYW5n
ZS1zaGExLGRpZmZpZS1oZWxsbWFuLWdyb3VwMS1zaGExDQ0KZGVidWcyOiBr
ZXhfcGFyc2Vfa2V4aW5pdDogc3NoLWRzcw0NCmRlYnVnMjoga2V4X3BhcnNl
X2tleGluaXQ6IGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNh
c3QxMjgtY2JjLGFyY2ZvdXIsYWVzMTkyLWNiYyxhZXMyNTYtY2JjLHJpam5k
YWVsMTI4LWNiYyxyaWpuZGFlbDE5Mi1jYmMscmlqbmRhZWwyNTYtY2JjLHJp
am5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQ0NCmRlYnVnMjoga2V4X3BhcnNl
X2tleGluaXQ6IGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNh
c3QxMjgtY2JjLGFyY2ZvdXIsYWVzMTkyLWNiYyxhZXMyNTYtY2JjLHJpam5k
YWVsMTI4LWNiYyxyaWpuZGFlbDE5Mi1jYmMscmlqbmRhZWwyNTYtY2JjLHJp
am5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQ0NCmRlYnVnMjoga2V4X3BhcnNl
X2tleGluaXQ6IGhtYWMtbWQ1LGhtYWMtc2hhMSxobWFjLXJpcGVtZDE2MCxo
bWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFjLXNoYTEtOTYsaG1hYy1t
ZDUtOTYNDQpkZWJ1ZzI6IGtleF9wYXJzZV9rZXhpbml0OiBobWFjLW1kNSxo
bWFjLXNoYTEsaG1hYy1yaXBlbWQxNjAsaG1hYy1yaXBlbWQxNjBAb3BlbnNz
aC5jb20saG1hYy1zaGExLTk2LGhtYWMtbWQ1LTk2DQ0KZGVidWcyOiBrZXhf
cGFyc2Vfa2V4aW5pdDogbm9uZSx6bGliDQ0KZGVidWcyOiBrZXhfcGFyc2Vf
a2V4aW5pdDogbm9uZSx6bGliDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5p
dDogDQ0KZGVidWcyOiBrZXhfcGFyc2Vfa2V4aW5pdDogDQ0KZGVidWcyOiBr
ZXhfcGFyc2Vfa2V4aW5pdDogZmlyc3Rfa2V4X2ZvbGxvd3MgMCANDQpkZWJ1
ZzI6IGtleF9wYXJzZV9rZXhpbml0OiByZXNlcnZlZCAwIA0NCmRlYnVnMjog
bWFjX2luaXQ6IGZvdW5kIGhtYWMtbWQ1LTk2DQ0KZGVidWcxOiBrZXg6IHNl
cnZlci0+Y2xpZW50IGFyY2ZvdXIgaG1hYy1tZDUtOTYgemxpYg0NCmRlYnVn
MjogbWFjX2luaXQ6IGZvdW5kIGhtYWMtbWQ1LTk2DQ0KZGVidWcxOiBrZXg6
IGNsaWVudC0+c2VydmVyIGFyY2ZvdXIgaG1hYy1tZDUtOTYgemxpYg0NCmRl
YnVnMTogU1NIMl9NU0dfS0VYX0RIX0dFWF9SRVFVRVNUIHNlbnQNDQpkZWJ1
ZzE6IGV4cGVjdGluZyBTU0gyX01TR19LRVhfREhfR0VYX0dST1VQDQ0KZGVi
dWcxOiBkaF9nZW5fa2V5OiBwcml2IGtleSBiaXRzIHNldDogMTI1LzI1Ng0N
CmRlYnVnMTogYml0cyBzZXQ6IDE1NzEvMzE5MQ0NCmRlYnVnMTogU1NIMl9N
U0dfS0VYX0RIX0dFWF9JTklUIHNlbnQNDQpkZWJ1ZzE6IGV4cGVjdGluZyBT
U0gyX01TR19LRVhfREhfR0VYX1JFUExZDQ0KZGVidWczOiBjaGVja19ob3N0
X2luX2hvc3RmaWxlOiBmaWxlbmFtZSAvcm9vdC8uc3NoL2tub3duX2hvc3Rz
DQ0KZGVidWczOiBjaGVja19ob3N0X2luX2hvc3RmaWxlOiBtYXRjaCBsaW5l
IDIxDQ0KZGVidWcxOiBIb3N0ICcxOTIuMTY4LjEwMS45NCcgaXMga25vd24g
YW5kIG1hdGNoZXMgdGhlIERTQSBob3N0IGtleS4NDQpkZWJ1ZzE6IEZvdW5k
IGtleSBpbiAvcm9vdC8uc3NoL2tub3duX2hvc3RzOjIxDQ0KZGVidWcxOiBi
aXRzIHNldDogMTU3Mi8zMTkxDQ0KZGVidWcxOiBzc2hfZHNzX3ZlcmlmeTog
c2lnbmF0dXJlIGNvcnJlY3QNDQpkZWJ1ZzE6IGtleF9kZXJpdmVfa2V5cw0N
CmRlYnVnMTogbmV3a2V5czogbW9kZSAxDQ0KZGVidWcxOiBFbmFibGluZyBj
b21wcmVzc2lvbiBhdCBsZXZlbCA2Lg0NCmRlYnVnMTogU1NIMl9NU0dfTkVX
S0VZUyBzZW50DQ0KZGVidWcxOiB3YWl0aW5nIGZvciBTU0gyX01TR19ORVdL
RVlTDQ0KZGVidWcxOiBuZXdrZXlzOiBtb2RlIDANDQpkZWJ1ZzE6IFNTSDJf
TVNHX05FV0tFWVMgcmVjZWl2ZWQNDQpkZWJ1ZzE6IGRvbmU6IHNzaF9rZXgy
Lg0NCmRlYnVnMTogc2VuZCBTU0gyX01TR19TRVJWSUNFX1JFUVVFU1QNDQpk
ZWJ1ZzE6IHNlcnZpY2VfYWNjZXB0OiBzc2gtdXNlcmF1dGgNDQpkZWJ1ZzE6
IGdvdCBTU0gyX01TR19TRVJWSUNFX0FDQ0VQVA0NCmRlYnVnMTogYXV0aGVu
dGljYXRpb25zIHRoYXQgY2FuIGNvbnRpbnVlOiBwdWJsaWNrZXkscGFzc3dv
cmQsa2V5Ym9hcmQtaW50ZXJhY3RpdmUNDQpkZWJ1ZzM6IHN0YXJ0IG92ZXIs
IHBhc3NlZCBhIGRpZmZlcmVudCBsaXN0IHB1YmxpY2tleSxwYXNzd29yZCxr
ZXlib2FyZC1pbnRlcmFjdGl2ZQ0NCmRlYnVnMzogcHJlZmVycmVkIHB1Ymxp
Y2tleQ0NCmRlYnVnMzogYXV0aG1ldGhvZF9sb29rdXAgcHVibGlja2V5DQ0K
ZGVidWczOiByZW1haW5pbmcgcHJlZmVycmVkOiANDQpkZWJ1ZzM6IGF1dGht
ZXRob2RfaXNfZW5hYmxlZCBwdWJsaWNrZXkNDQpkZWJ1ZzE6IG5leHQgYXV0
aCBtZXRob2QgdG8gdHJ5IGlzIHB1YmxpY2tleQ0NCmRlYnVnMTogdHJ5IHB1
YmtleTogL3Jvb3QvLnNzaC9pZF9kc2ENDQpkZWJ1ZzM6IHNlbmRfcHVia2V5
X3Rlc3QNDQpkZWJ1ZzI6IHdlIHNlbnQgYSBwdWJsaWNrZXkgcGFja2V0LCB3
YWl0IGZvciByZXBseQ0NCmRlYnVnMTogaW5wdXRfdXNlcmF1dGhfcGtfb2s6
IHBrYWxnIHNzaC1kc3MgYmxlbiA0MzMgbGFzdGtleSAweDgxMGE4ODAgaGlu
dCAwDQ0KZGVidWcyOiBpbnB1dF91c2VyYXV0aF9wa19vazogZnAgMjU6Y2Q6
MmI6M2Y6NjQ6ZTI6MGY6ZWY6YTg6ODY6ZTg6MTA6NTg6ZmM6OWY6NTcNDQpk
ZWJ1ZzM6IHNpZ25fYW5kX3NlbmRfcHVia2V5DQ0KZGVidWcxOiByZWFkIFBF
TSBwcml2YXRlIGtleSBkb25lOiB0eXBlIERTQQ0NCmRlYnVnMTogc3NoLXVz
ZXJhdXRoMiBzdWNjZXNzZnVsOiBtZXRob2QgcHVibGlja2V5DQ0KZGVidWcx
OiBmZCA1IHNldHRpbmcgT19OT05CTE9DSw0NCmRlYnVnMTogZmQgNiBzZXR0
aW5nIE9fTk9OQkxPQ0sNDQpkZWJ1ZzE6IGZkIDcgc2V0dGluZyBPX05PTkJM
T0NLDQ0KZGVidWcxOiBjaGFubmVsIDA6IG5ldyBbY2xpZW50LXNlc3Npb25d
DQ0KZGVidWczOiBzc2hfc2Vzc2lvbjJfb3BlbjogY2hhbm5lbF9uZXc6IDAN
DQpkZWJ1ZzE6IHNlbmQgY2hhbm5lbCBvcGVuIDANDQpkZWJ1ZzE6IEVudGVy
aW5nIGludGVyYWN0aXZlIHNlc3Npb24uDQ0KZGVidWcyOiBjYWxsYmFjayBz
dGFydA0NCmRlYnVnMTogc3NoX3Nlc3Npb24yX3NldHVwOiBpZCAwDQ0KZGVi
dWcxOiBTZW5kaW5nIGNvbW1hbmQ6IHNjcCAtdiAtZiAvd2VibG9nL3BlcmYy
X2NsaWVudC9wZXJmMi1zeXN0ZW0ubG9nX3RyYW5zZmVyDQ0KZGVidWcyOiBj
YWxsYmFjayBkb25lDQ0KZGVidWcxOiBjaGFubmVsIDA6IG9wZW4gY29uZmly
bSByd2luZG93IDAgcm1heCAxNjM4NA0NCmRlYnVnMjogY2hhbm5lbCAwOiBy
Y3ZkIGFkanVzdCAzMjc2OA0NCmRlYnVnMjogY2hhbm5lbCAwOiByY3ZkIGV4
dCBkYXRhIDU3DQ0KU2VuZGluZyBmaWxlIG1vZGVzOiBDMDY0NCAxMjgzIHBl
cmYyLXN5c3RlbS5sb2dfdHJhbnNmZXINCmRlYnVnMjogY2hhbm5lbCAwOiB3
cml0dGVuIDU3IHRvIGVmZCA3DQ0KZGVidWcxOiBjbGllbnRfaW5wdXRfY2hh
bm5lbF9yZXE6IGNoYW5uZWwgMCBydHlwZSBleGl0LXN0YXR1cyByZXBseSAw
DQ0KZGVidWcxOiBjaGFubmVsIDA6IHJjdmQgZW9mDQ0KZGVidWcxOiBjaGFu
bmVsIDA6IG91dHB1dCBvcGVuIC0+IGRyYWluDQ0KZGVidWcxOiBjaGFubmVs
IDA6IHJjdmQgY2xvc2UNDQpkZWJ1ZzE6IGNoYW5uZWwgMDogaW5wdXQgb3Bl
biAtPiBjbG9zZWQNDQpkZWJ1ZzE6IGNoYW5uZWwgMDogY2xvc2VfcmVhZA0N
CmRlYnVnMjogY2hhbm5lbCAwOiBubyBkYXRhIGFmdGVyIENMT1NFDQ0KZGVi
dWcxOiBjaGFubmVsIDA6IG9idWYgZW1wdHkNDQpkZWJ1ZzE6IGNoYW5uZWwg
MDogb3V0cHV0IGRyYWluIC0+IGNsb3NlZA0NCmRlYnVnMTogY2hhbm5lbCAw
OiBjbG9zZV93cml0ZQ0NCmRlYnVnMTogY2hhbm5lbCAwOiBzZW5kIGNsb3Nl
DQ0KZGVidWcxOiBjaGFubmVsIDA6IGlzIGRlYWQNDQpkZWJ1ZzE6IGNoYW5u
ZWxfZnJlZTogY2hhbm5lbCAwOiBjbGllbnQtc2Vzc2lvbiwgbmNoYW5uZWxz
IDENDQpkZWJ1ZzM6IGNoYW5uZWxfZnJlZTogc3RhdHVzOiBUaGUgZm9sbG93
aW5nIGNvbm5lY3Rpb25zIGFyZSBvcGVuOg0NCiAgIzAgY2xpZW50LXNlc3Np
b24gKHQ0IHIwIGk4LzAgbzEyOC8wIGZkIC0xLy0xKQ0NCg0NCmRlYnVnMTog
Y2hhbm5lbF9mcmVlOiBjaGFubmVsIDA6IGRldGFjaGluZyBjaGFubmVsIHVz
ZXINDQpkZWJ1ZzM6IGNoYW5uZWxfY2xvc2VfZmRzOiBjaGFubmVsIDA6IHIg
LTEgdyAtMSBlIDcNDQpkZWJ1ZzE6IGZkIDAgY2xlYXJpbmcgT19OT05CTE9D
Sw0NCmRlYnVnMTogZmQgMSBjbGVhcmluZyBPX05PTkJMT0NLDQ0KZGVidWcx
OiBmZCAyIGNsZWFyaW5nIE9fTk9OQkxPQ0sNDQpkZWJ1ZzE6IFRyYW5zZmVy
cmVkOiBzdGRpbiAwLCBzdGRvdXQgMCwgc3RkZXJyIDAgYnl0ZXMgaW4gMC4z
IHNlY29uZHMNDQpkZWJ1ZzE6IEJ5dGVzIHBlciBzZWNvbmQ6IHN0ZGluIDAu
MCwgc3Rkb3V0IDAuMCwgc3RkZXJyIDAuMA0NCmRlYnVnMTogRXhpdCBzdGF0
dXMgMA0NCmRlYnVnMTogY29tcHJlc3Mgb3V0Z29pbmc6IHJhdyBkYXRhIDEy
MjIsIGNvbXByZXNzZWQgNjgzLCBmYWN0b3IgMC41Ng0NCmRlYnVnMTogY29t
cHJlc3MgaW5jb21pbmc6IHJhdyBkYXRhIDE5OTEsIGNvbXByZXNzZWQgMTE0
OCwgZmFjdG9yIDAuNTgNDQo=
--84558759-596667786-1013180678=:15933--


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.4.1162419445.11741.openssh-unix-dev@mindrot.org>

free, and both myself and the Stanford OTL have been responsive to any
questions that might arise.  The OpenSSH patches are clearly
RFC2945-based, and are unambiguously royalty-free.  Isn't this exactly
what you praised USC and Xerox for just a moment ago?

> The other technologies are well established, and we are protected by the
> entire industry.

And it seems you are unwilling to allow SRP that same opportunity to
become "well-established" and "protected by the entire industry" because
of some personal, emotional grudge against some group at Stanford, a
grudge that, as far as I can tell, may not even be shared by the other
OpenSSH developers.

Tom
-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.5.1162419450.11741.openssh-unix-dev@mindrot.org>

<start>
In AIX Version 4, the pty subsystem uses naming conventions similar
to those from UNIX System V. There is one node for the control driver,
/dev/ptc, and a maximum number of N nodes for the slave drivers, /dev/pts/n.
N is configurable at pty configuration and may be changed dynamically
by pty reconfiguration, without closing the opened devices.

The control device is set up as a clone device whose major device
number is the clone device's major number and whose minor device number
is the control driver's major number. There is no node in the filesystem
for control devices. A control device can be opened only once, but
slave devices can be opened several times.

By opening the control device with the /dev/ptc special file, an application
can quickly open the control and slave sides of an unused pseudo-terminal.
The name of the corresponding slave side can be retrieved using the
ttyname subroutine, which always returns the name of the slave side.

Implementation Specifics

This file is part of Base Operating System (BOS) Runtime.

With Berkeley pty subsystems, commands have to search for an unused
pseudo-terminal by opening each control side sequentially. The control
side could not be opened if it was already in use. Thus, the opens
would fail, setting the errno variable to EIO, until an unused pseudo-terminal
was found. It is possible to configure the pty subsystem in order
to use special files with the BSD pty naming convention:

Control devices /dev/pty[p-zA-Z][0-f]

Slave devices   /dev/tty[p-zA-Z][0-f]

These special files are not symbolic links to the AIX special files.
The BSD special files are completely separate from the AIX special
files. The number of control and slave pair devices using the BSD
naming convention is configurable.

In version 3 of the operating system, the pty subsystem used two multiplexed
special files, /dev/ptc and /dev/pts. These special files no longer
exist, but the procedure for opening a pty device is the same.
</end>

$ ls -l /dev/ptc
crw-rw-rw-   1 root     system    11, 24 Apr 30 1999  /dev/ptc
$ tty
/dev/pts/1
$ ls -l /dev/pts/1
crw--w--w-   1 alleni   teacher   25,  1 Feb 19 04:27 /dev/pts/1
$ ls -l /dev/pts/99
crw-rw-rw-   1 root     system    25, 99 Apr 25 2001  /dev/pts/99





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.6.1162419471.11741.openssh-unix-dev@mindrot.org>

sys/queue.h.


A patch should be forwarded to the person opening the ticket on BSDi 4.2
to ensure it works as expected.

- Ben



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.7.1162419494.11741.openssh-unix-dev@mindrot.org>

safely say they can't get it to work period.

I personally (this is ME.. not anyone else mind you!) find it silly to
for a bunch of people to stand up and yell "Not vulnerable!".  It makes
it harder to find the few people in the crowd yelling "Hey, idiots..
upgrade!  We are affected!"

However, in --current we did decide all fatal() calls should skip dealing
with zlib stuff and just exit.  As a 'better safe then sorry' view.

- Ben

On Wed, 3 Apr 2002 dale at accentre.com wrote:

> On Wed, Apr 03, 2002 at 11:08:44AM -0600, Dave Dykstra wrote:
> > I'm disappointed that nobody has replied to my question.  OpenSSH
> > development team, isn't the potential for a remote root exploit something
> > that's important to you?  Many other tools that use zlib have issued a
> > public statement saying they are or they are not vulnerable.
>
> The issue has been discussed on this list.  I quote:
>
> > From: Nalin Dahyabhai <nalin at redhat.com>
> > Subject: Re: zlib compression, the exploit, and OpenSSH
> > Date: Wed, 13 Mar 2002 16:23:59 -0500
> >
> > On Wed, Mar 13, 2002 at 12:07:34PM -0800, ewheeler at kaico.com wrote:
> > > 3.  Does OpenSSH statically link (or can it/does it by default) to the
> > > zlib library -- will updating the zlib library to 1.1.4 take care of the
> > > situation?
> >
> > I can't speak to the rest of your questions, but because the portable
> > tree doesn't bundle its own copy of zlib, OpenSSH links against the
> > version installed on the system it's being compiled on.  Usually that's
> > a shared library if your OS has shared libraries, but it's going to be
> > OS-specific.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.8.1162419506.11741.openssh-unix-dev@mindrot.org>

deep rather quickly and what I hope to day may end up being rather
complicated.

Thanks for any input.

Allan





From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.9.1162419523.11741.openssh-unix-dev@mindrot.org>

each pass afterwards looks to see if the hash table has grown.

If pSOS OS is having issues I'd question your compiler or OS for
reallocating memory that should be tagged as used.

- Ben

On Wed, 15 May 2002, Amandeep Singh wrote:

> Hi All,
>
> Did anybody ever had problems created by static h in function
> detect_attack() in deattack.c? In our system which is based on pSOS OS, this
> static h is causing a crash, because after closing first ssh session, it
> pSOS system is allocating same memory to another ssh session and this static
> h is overwriting that memory.
>
> I would appreciate if you know why h is statically allocated. detect_attack
> is used to check crc32 compensation attack.
> Thanks,
> Aman
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.10.1162419523.11741.openssh-unix-dev@mindrot.org>

3 )xxx#ssh -v yyy
        debug:
SshAppCommon/sshappcommon.c:133/ssh_app_get_global_regex_context:
Allocating
global SshRegex context.
debug: SshConfig/sshconfig.c:2232/ssh2_parse_config: Unable to open
//.ssh2/ssh2_config
debug: Connecting to harmugi, port 22... (SOCKS not used)
ssh: FATAL: Connecting to harmugi failed: No address associated to the
name
#########################################################################
My objective is connect from ssh3 machine to ssh1 machine as root and
without asking password ie xxx#ssh yyy
                   yyy#

Any body can help me to sort out this problem or point me to right
direction.

Rgeards



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.11.1162419536.11741.openssh-unix-dev@mindrot.org>

forwarding at all, or it's been turned off in /etc/ssh/sshd_config.

To find out you're IP that you're coming from, use www.whatismyip.com
it will tell you what you're IP is. Either that or who -l should show
you as well, when you're ssh'd into the system.(the one that the VPN is
talking to)



On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote:
> No "ssh -X hostname" doesn't work.
>=20
> But when you "export DISPLAY=3D..." it works!?
>=20
> I set the the Display Hack so that I can see my IP with "env" or
> "echo
> SSH_CLIENT" when I'm connect via VPN-Tunnel and I don't know my IP
> in
> the Net I'm connected through.
>=20
>=20
>=20
> Andreas Kerl
>=20
> -----------------------------------------
> DTS Medien GmbH
> Heidestrasse 38
> 32051 Herford
>=20
> Tel:  +49-5221-1011082
> Fax: +49-5221-1012001
>=20
> mailto: andreas.kerl at dts.de
> pgp-id:0xCE58889B
> web: www.dts.de
> -----------------------------------------
>=20
>=20
> -----Original Message-----
> From: Austin Gonyou [mailto:austin at coremetrics.com]=20
> Sent: Friday, May 31, 2002 8:51 PM
> To: Kerl, Andreas
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: (no subject)
>=20
>=20
> so does ssh -X hostname work, and allow forward?
>=20
>=20
>=20
> On Fri, 2002-05-31 at 07:07, Kerl, Andreas wrote:
> > Hello,
> > I've got the Problem that the Display Variable is not set when I=20
> > connect to sshd.
> > X-Forward is active.
> > I think I tested all Configurations but it doesn't work.
> > Sorry :-)
> > Solaris 8   openssh 3.2.3
> > =20
> >=20
> > Andreas Kerl
> >=20
> >=20
> >=20
> >=20
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list=20
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> --=20
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
>=20
> "One ought never to turn one's back on a threatened danger and=20
> try to run away from it. If you do that, you will double the danger.
> But if you meet it promptly and without flinching, you will=20
> reduce the danger by half."
> Sir Winston Churchill
--=20
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com

"One ought never to turn one's back on a threatened danger and=20
try to run away from it. If you do that, you will double the danger.=20
But if you meet it promptly and without flinching, you will=20
reduce the danger by half."
Sir Winston Churchill

--=-cv79M/VXR3yiofFkgm8c
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8+Sux94g6ZVmFMoIRAikGAKDqisVQqQiKb+g7jtA9CcMPyg+f0QCdHyhc
T+PnBz+BZPyoiohrtWcDw3A=
=msa7
-----END PGP SIGNATURE-----

--=-cv79M/VXR3yiofFkgm8c--


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.12.1162419536.11741.openssh-unix-dev@mindrot.org>

forwarding at all, or it's been turned off in /etc/ssh/sshd_config.

To find out you're IP that you're coming from, use www.whatismyip.com it
will tell you what you're IP is. Either that or who -l should show you
as well, when you're ssh'd into the system.(the one that the VPN is
talking to)



On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote:
> No "ssh -X hostname" doesn't work.
>=20
> But when you "export DISPLAY=3D..." it works!?
>=20
> I set the the Display Hack so that I can see my IP with "env" or "echo
> SSH_CLIENT" when I'm connect via VPN-Tunnel and I don't know my IP
> in
> the Net I'm connected through.
>=20
>=20
>=20
> Andreas Kerl
>=20
> -----------------------------------------
> DTS Medien GmbH
> Heidestrasse 38
> 32051 Herford
>=20
> Tel:  +49-5221-1011082
> Fax: +49-5221-1012001
>=20
> mailto: andreas.kerl at dts.de
> pgp-id:0xCE58889B
> web: www.dts.de
> -----------------------------------------
>=20
>=20
> -----Original Message-----
> From: Austin Gonyou [mailto:austin at coremetrics.com]
> Sent: Friday, May 31, 2002 8:51 PM
> To: Kerl, Andreas
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: (no subject)
>=20
>=20
> so does ssh -X hostname work, and allow forward?
>=20
>=20
>=20
> On Fri, 2002-05-31 at 07:07, Kerl, Andreas wrote:
> > Hello,
> > I've got the Problem that the Display Variable is not set when I
> > connect to sshd.
> > X-Forward is active.
> > I think I tested all Configurations but it doesn't work.
> > Sorry :-)
> > Solaris 8   openssh 3.2.3
> > =20
> >=20
> > Andreas Kerl
> >=20
> >=20
> >=20
> >=20
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> --
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
>=20
> "One ought never to turn one's back on a threatened danger and
> try to run away from it. If you do that, you will double the danger.
> But if you meet it promptly and without flinching, you will=20
> reduce the danger by half."
> Sir Winston Churchill
--=20
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com

"One ought never to turn one's back on a threatened danger and=20
try to run away from it. If you do that, you will double the danger.=20
But if you meet it promptly and without flinching, you will=20
reduce the danger by half."
Sir Winston Churchill


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.13.1162419536.11741.openssh-unix-dev@mindrot.org>

forwarding at all, or it's been turned off in /etc/ssh/sshd_config.

To find out you're IP that you're coming from, use www.whatismyip.com it
will tell you what you're IP is. Either that or who -l should show you
as well, when you're ssh'd into the system.(the one that the VPN is
talking to)



On Fri, 2002-05-31 at 17:05, Kerl, Andreas wrote:
> No "ssh -X hostname" doesn't work.
>
> But when you "export DISPLAY=..." it works!?
>
> I set the the Display Hack so that I can see my IP with "env" or "echo
> SSH_CLIENT" when I'm connect via VPN-Tunnel and I don't know my IP
> in
> the Net I'm connected through.
>
>
>
> Andreas Kerl
>
> -----------------------------------------
> DTS Medien GmbH
> Heidestrasse 38
> 32051 Herford
>
> Tel:  +49-5221-1011082
> Fax: +49-5221-1012001
>
> mailto: andreas.kerl at dts.de
> pgp-id:0xCE58889B
> web: www.dts.de
> -----------------------------------------
>
>
> -----Original Message-----
> From: Austin Gonyou [mailto:austin at coremetrics.com]
> Sent: Friday, May 31, 2002 8:51 PM
> To: Kerl, Andreas
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: (no subject)
>
>
> so does ssh -X hostname work, and allow forward?
>
>
>
> On Fri, 2002-05-31 at 07:07, Kerl, Andreas wrote:
> > Hello,
> > I've got the Problem that the Display Variable is not set when I
> > connect to sshd.
> > X-Forward is active.
> > I think I tested all Configurations but it doesn't work.
> > Sorry :-)
> > Solaris 8   openssh 3.2.3
> >
> >
> > Andreas Kerl
> >
> >
> >
> >
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> --
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
>
> "One ought never to turn one's back on a threatened danger and
> try to run away from it. If you do that, you will double the danger.
> But if you meet it promptly and without flinching, you will
> reduce the danger by half."
> Sir Winston Churchill
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com

"One ought never to turn one's back on a threatened danger and
try to run away from it. If you do that, you will double the danger.
But if you meet it promptly and without flinching, you will
reduce the danger by half."
Sir Winston Churchill
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.14.1162419551.11741.openssh-unix-dev@mindrot.org>

All previous versions work great.

$ ssh localhost
Read from socket failed: Broken pipe

Jun 25 05:56:33 buggz1 sshd[1670]: fatal: mmap(65536): Invalid argument

Anyone know what this is?  I'm kernel 2.2.20.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.15.1162419555.11741.openssh-unix-dev@mindrot.org>

upcomming OpenSSH vulnerability will be to run OpenSSH-3.3 with the Privilege 
Separation enabled.

This scares the daylights out of me! Think about what you are doing here. 

 (1) OpenSSH 3.3 with the privsep code has been only out for less then a week. 

 (2) Its hundreds of lines of code. 

 (3) The privsep does not run on all platforms

 (4) The privsep does not work with all the features in current ssh.

 (5) The privsep code has SSHD using here-to-for unused operating system features.

 (6) People with local modifications to SSH may not be able to 
     integrate them in such a short time frame.

Don't get me wrong, the privsep concept looks like a great idea, as a second
line of defense. But it should not be the primary defense. 

A fix is needed for the original bug. You still need it to keep the hackers 
off the machine. Saying that they are confined to the unprivileged child process 
still lets then have access to cycles and the network where they can try and 
attack the operating system and your network from inside. 

The other aspect of this is the reliability of 3.3. With all the new code 
what other problems might be introduced?     

If you publish the problem, with out a real fix, and expect everyone to
implement 3.3 with privsep you will have a lot of people upset who can't run 3.3 or 
can't run the privsep code. These people will be left out in the cold. 

You need to provide a universal fix for all, not a partial fix for only some.

Thanks for listening. 

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.16.1162419557.11741.openssh-unix-dev@mindrot.org>

    The ISO C99 standard says that if the output array isn't big enough
    and if no other errors occur, snprintf and vsnprintf truncate
    the output and return the number of bytes that ought to have been
    produced. Some older systems return the truncated length (e.g., GNU C
    Library 2.0.x or IRIX 6.5), some a negative value (e.g., earlier GNU
    C Library versions), and some the buffer length without truncation
    (e.g., 32-bit Solaris 7).  Also, some buggy older systems ignore
    the length and overrun the buffer (e.g., 64-bit Solaris 7).

So if you want to fatal() a message that is too long, you probably want
to #ifdef for non-C99 printf.

/fc


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.17.1162419565.11741.openssh-unix-dev@mindrot.org>

services without me telling it SUCKS.

Why?  Configuration files changes.  I've seen too many people do RPM
upgrades of critical services only to have a service that is working to
fail or worse yet an interrupted connection which drops the ssh connection
now leaving them unable to log into the box.

*ANYONE* saying a package manager should automately restart services
without user interaction is cursing their users to pain and suffering.

=)  I'll stop ranting on the topic.

- Ben



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.18.1162419569.11741.openssh-unix-dev@mindrot.org>

<Snip>
debug1: server_input_channel_req: channel 0 request x11-req reply 0^M
debug1: session_by_channel: session 0 channel 0^M
debug1: session_input_channel_req: session 0 req x11-req^M
debug1: bind port 6010: Can't assign requested address^M
debug1: fd 11 setting O_NONBLOCK^M
debug2: fd 11 is O_NONBLOCK^M
debug1: channel 1: new [X11 inet listener]^M
debug1: server_input_channel_req: channel 0 request shell reply 0^M
debug1: session_by_channel: session 0 channel 0^M
debug1: session_input_channel_req: session 0 req shell^M
debug1: fd 4 setting TCP_NODELAY^M
debug1: channel 0: rfd 10 isatty^M
debug1: fd 10 setting O_NONBLOCK^M
debug2: fd 9 is O_NONBLOCK^M
debug1: Setting controlling tty using TIOCSCTTY.^M
Connection closed by remote host.^M
debug1: channel_free: channel 0: server-session, nchannels 2^M
debug3: channel_free: status: The following connections are open:^M
  #0 server-session (t4 r0 i0/43 o0/0 fd 10/9)^M
^M
debug3: channel_close_fds: channel 0: r 10 w 9 e -1^M
debug1: channel_free: channel 1: X11 inet listener, nchannels 1^M
debug3: channel_free: status: The following connections are open:^M


I tried setting user sshd as a member of group terminals, reseting protection 
of /dev/pts, etc.

Also, when loging in as user root, the log progresses to the line

debug1: Setting controlling tty using TIOCSCTTY.^M 

when the session is established.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.19.1162419575.11741.openssh-unix-dev@mindrot.org>

interacts with the telnet/rlogin server on AIX.  The previous entries
about this only starting at ML03 and above seem to be correct.  The bug
is not triggered in earlier versions of AIX.

Unfortunately, I have been unable to create a test case program that
causes the hang to occur.  However, a simple hack to channels.c does
seem to fix the problem:

--- channels.c.orig	Tue Jul  2 14:34:32 2002
+++ channels.c	Tue Jul  2 14:35:39 2002
@@ -1278,6 +1278,9 @@
 	    buffer_len(&c->output) > 0) {
 		data = buffer_ptr(&c->output);
 		dlen = buffer_len(&c->output);
+		/* XXX - hack - do not apply - LBB */
+		if (dlen > 8192)
+			dlen = 8192;
 		len = write(c->wfd, data, dlen);
 		if (len < 0 && (errno == EINTR || errno == EAGAIN))
 			return 1;

I've not tried all possible combinations for the magic number "8192".
But, a value of 16384 is too big (does not fix the problem).  I've not 
encountered a hang after applying this patch (although I got bored after 
5 or 10 minutes).

I'd be interested in seeing if that hack fixes the problems others are
seeing, and if there is a case for capping the max size of a write to
tty devices, or if some other clean solution can be applied.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.20.1162419585.11741.openssh-unix-dev@mindrot.org>

"It is intended to replace rlogin and rsh, and provide secure encrypted
communications between two untrusted hosts over an insecure network."

I can agree that it is "more" than secure RSH, but if it plans to
replace it, shouldn't it have the same functionality?

-- 
Eric Garff
System Administrator
egarff at omniture.com
801.722.0134

Omniture
http://www.omniture.com
"Unique Questions, Precise Answers"


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.21.1162419602.11741.openssh-unix-dev@mindrot.org>

(yet-unknown) server key, but just checking all possible locations, not
finding the key, and giving up.

I have seen a similar effect on a system that had a /dev/tty entry that
was not world-writeable (thus the ssh client couldn't open it to ask for
a confirmation).

The effect will also happen if you have "StrictHostKeyChecking yes" in
ssh_config - set that to "ask", otherwise it will fail if the key isn't
known in advance.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.22.1162419608.11741.openssh-unix-dev@mindrot.org>

I pressed <enter> as empty for both the filename identity and passphrase
then sent the public key to B  under .ssh and saved as authorized_keys
(the first time I sent the key I got message: Warning: Permanently added
'hostname, host ip' (DSA) to the list of know hosts.)

Now I could successfully to scp FROM A TO B without having password
prompted.

*******
In the other direction, from B to A:

From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.23.1162419608.11741.openssh-unix-dev@mindrot.org>

I pressed <enter> as empty for both the filename identity and passphrase
then sent the public key to A  under .ssh and saved as authorized_keys
(the first time I sent the key I got message: The authenticity of host
'hostname (host ip)' can't be established)
Now if I run scp from B to A, I ALWAYS get password (of the A host)
prompted! Which I don't want.
*****
 Frustrated, I also tried set up running ssh-agent and ssh-add indentity for
password authentication but I failed.
I am thinking of reset the sshd_config file:  RSAAuthentication to yes.
Will it help make the problem go away?

Thanks so much!
Neil Huynh
Sprint PCS
NTAC Engineer_Sprint PCS_NTAC West_ System Support
Email Address: nhuynh01 at sprintspectrum.com
Office: (949) 225-2805
Mobile: (714) 404-9729





------_=_NextPart_001_01C23983.236E569C
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2655.61">
<TITLE>First time user: set up ssh/scp without having password =
entered.</TITLE>
</HEAD>
<BODY>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">SSH wizards,</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">I hope you all can helps</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">!</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">I have two Unix =
Solaris</FONT> <FONT SIZE=3D2 FACE=3D"Arial">(2.8 version)</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">machine</FONT><FONT SIZE=3D2 FACE=3D"Arial">s A =
and B</FONT><FONT SIZE=3D2 FACE=3D"Arial"> installed SSH</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">(A has OpenSSH_3.2.3p</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">1 and B has OpenSSH_3.1p1)</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">, I am trying to set up running scp</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">in both directions between A and B without =
having to enter password.</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">From A: I ran</FONT> =
<FONT SIZE=3D2 FACE=3D"Arial">/usr/local/bin/ssh-keygen</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">-</FONT><FONT SIZE=3D2 FACE=3D"Arial">t =
rsa</FONT> </P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">I pressed &lt;enter&gt; =
as empty for</FONT> <FONT SIZE=3D2 FACE=3D"Arial">both</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">the filename identity and =
passphrase</FONT><FONT SIZE=3D2 FACE=3D"Arial"></FONT>&nbsp;<FONT =
SIZE=3D2 FACE=3D"Arial"> then sen</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">t</FONT><FONT SIZE=3D2 FACE=3D"Arial"> the public key to =
B&nbsp; under .ssh and saved as authorized_keys</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">(the first time I sent =
the key I got message:</FONT> <FONT SIZE=3D2 FACE=3D"Arial">Warning: =
Permanently added</FONT> <FONT SIZE=3D2 FACE=3D"Arial">'</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">hostname, host ip</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">'</FONT><FONT SIZE=3D2 FACE=3D"Arial"> (DSA) to the list =
of know host</FONT><FONT SIZE=3D2 FACE=3D"Arial">s.)</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">Now I could successfully =
to scp FROM A TO B without having password prompted</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">.</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">*******</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">In the other direction, =
from B to A:</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">From B: I ran =
/opt/openssh2/bin/ssh-keygen</FONT><FONT SIZE=3D2 =
FACE=3D"Arial"></FONT> <FONT SIZE=3D2 FACE=3D"Arial">-</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">t rsa</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">I pressed &lt;enter&gt; =
as empty for</FONT> <FONT SIZE=3D2 FACE=3D"Arial">both</FONT> <FONT =
SIZE=3D2 FACE=3D"Arial">the filename identity and =
passphrase</FONT><FONT SIZE=3D2 FACE=3D"Arial"></FONT>&nbsp;<FONT =
SIZE=3D2 FACE=3D"Arial"> then sen</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">t</FONT><FONT SIZE=3D2 FACE=3D"Arial"> the public key =
to</FONT> <FONT SIZE=3D2 FACE=3D"Arial">A</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">&nbsp; under .ssh and saved as =
authorized_keys</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">(</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">the first time I sent the key I got message:</FONT><FONT =
SIZE=3D2 FACE=3D"Arial"></FONT> <FONT SIZE=3D2 FACE=3D"Arial">The =
authenticity of host</FONT> <FONT SIZE=3D2 FACE=3D"Arial">'</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">hostname (host ip)</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">'</FONT><FONT SIZE=3D2 FACE=3D"Arial"> can</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">'</FONT><FONT SIZE=3D2 FACE=3D"Arial">t be =
established)</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">Now if I run =
scp</FONT><FONT SIZE=3D2 FACE=3D"Arial"> from B to A</FONT><FONT =
SIZE=3D2 FACE=3D"Arial">,</FONT><B> <FONT SIZE=3D2 FACE=3D"Arial">I =
ALWAYS get password</FONT></B><B><FONT SIZE=3D2 FACE=3D"Arial"> (of the =
A host) prompted!</FONT></B><B><FONT SIZE=3D2 =
FACE=3D"Arial"></FONT></B><B> <FONT SIZE=3D2 FACE=3D"Arial">Which I =
don</FONT></B><B><FONT SIZE=3D2 FACE=3D"Arial">'</FONT></B><B><FONT =
SIZE=3D2 FACE=3D"Arial">t want.</FONT></B><B></B></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">***</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">**</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial"></FONT>&nbsp;<FONT =
SIZE=3D2 FACE=3D"Arial">Frustrated,</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">I also tri</FONT><FONT SIZE=3D2 FACE=3D"Arial">ed set =
up</FONT> <FONT SIZE=3D2 FACE=3D"Arial">running</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">ssh-agent and ssh-add indentity</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">for password authentication</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">but I failed</FONT><FONT SIZE=3D2 =
FACE=3D"Arial">.</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">I am thinking of reset =
the sshd_config file:&nbsp; RSAAuthentication to yes.&nbsp; Will it =
help</FONT><FONT SIZE=3D2 FACE=3D"Arial"> make the problem go =
away?</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Arial">Thanks so =
much!</FONT></P>

<P ALIGN=3DLEFT><B><I><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Courier =
New">Neil Huynh</FONT></I></B><B><I></I></B></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Tahoma">Sprint PCS</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Tahoma">NTAC Engineer_Sprint =
PCS_NTAC West_ System Support</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Tahoma">Email Address: =
nhuynh01 at sprintspectrum.com</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Tahoma">Office: (949) =
225-2805</FONT></P>

<P ALIGN=3DLEFT><FONT SIZE=3D2 FACE=3D"Tahoma">Mobile: (714) =
404-9729</FONT></P>
<BR>
<BR>
<BR>

</BODY>
</HTML>
------_=_NextPart_001_01C23983.236E569C--


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.24.1162419609.11741.openssh-unix-dev@mindrot.org>

HAVE_SENDMSG = 1
HAVE_ACCRIGHTS_IN_MSGHDR - not defined
HAVE_CONTROL_IN_MSGHDR = 1

> void
> mm_send_fd(int socket, int fd)
> {
> #if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
>       struct msghdr msg;
>       struct iovec vec;
>       char ch = '\0';
>       int n;
> #ifndef HAVE_ACCRIGHTS_IN_MSGHDR
>       char tmp[CMSG_SPACE(sizeof(int))];
>       struct cmsghdr *cmsg;
> #endif
> 
>       memset(&msg, 0, sizeof(msg));
> #ifdef HAVE_ACCRIGHTS_IN_MSGHDR
>       msg.msg_accrights = (caddr_t)&fd;
>       msg.msg_accrightslen = sizeof(fd);
> #else
>       msg.msg_control = (caddr_t)tmp;
>       msg.msg_controllen = CMSG_LEN(sizeof(int));
>       cmsg = CMSG_FIRSTHDR(&msg);
>       cmsg->cmsg_len = CMSG_LEN(sizeof(int));
>       cmsg->cmsg_level = SOL_SOCKET;
>       cmsg->cmsg_type = SCM_RIGHTS;
>       *(int *)CMSG_DATA(cmsg) = fd;
> #endif
> 
>       vec.iov_base = &ch;
>       vec.iov_len = 1;
>       msg.msg_iov = &vec;
>       msg.msg_iovlen = 1;
> 
>       if ((n = sendmsg(socket, &msg, 0)) == -1)
>               fatal("%s: sendmsg(%d): %s", __func__, fd,
>                   strerror(errno));
>       if (n != 1)
>               fatal("%s: sendmsg: expected sent 1 got %d",
>                   __func__, n);
> #else
>       fatal("%s: UsePrivilegeSeparation=yes not supported",
>           __func__);
> #endif
> }


Okay, compiler is complaining about CMSG_FIRSTHDR and CMSG_DATA. Where
they are??? Shouldn't be in defines.h ??? (as CMSG_LEN) ... I was
grepping for them in all files ... they are not there ...

Regards, Richard.

PS: Attaching config.log. Maybe will help you to identify the problem.

On Thu, Jun 27, 2002 at 01:51:13PM +0200, seth at kokos.cz wrote:

| Hello openssh-unix-dev,
| 
| Some time ago I successfully compiled version 3.1 of OpenSSH.
| Today I tried new OpenSSH version and I am not able to compile it.
| Configuration script runned well. When running make, following error
| occured:
| 
| make[1]: Entering directory `/tools/openssh-3.4p1/openbsd-compat'
| make[1]: Nothing to be done for `all'.
| make[1]: Leaving directory `/tools/openssh-3.4p1/openbsd-compat'
| gcc -o ssh ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib  -lssh -lopenbsd-compat -lbsd -lz  -lcrypto
| ./libssh.a(monitor_fdpass.o): In function `mm_send_fd':
| /tools/openssh-3.4p1/monitor_fdpass.c:54: undefined reference to `CMSG_FIRSTHDR'
| /tools/openssh-3.4p1/monitor_fdpass.c:58: undefined reference to `CMSG_DATA'
| ./libssh.a(monitor_fdpass.o): In function `mm_receive_fd':
| /tools/openssh-3.4p1/monitor_fdpass.c:114: undefined reference to `CMSG_FIRSTHDR'
| /tools/openssh-3.4p1/monitor_fdpass.c:118: undefined reference to `CMSG_DATA'
| collect2: ld returned 1 exit status
| make: *** [ssh] Error 1
| 
| Really don't know where the problem could be.
| 
| Some info about comp:
| i386 Slackware linux

Which specific Slackware?  Too embarrassed to say?

| Kernel 2.0.34
| OpenSSL 0.9.6

Which OpenSSL?  0.9.6a?  0.9.6b?  0.9.6c?  0.9.6d?

| egcs-2.90.29 980515 (egcs-1.0.3 release)
| libc 4.7.6
| 
| - don't know what other info can help you.

How about telling me how long you're going to leave this machine
running such an old system?  Slackware 8.1 is out now.  Be sure
to get the "patches" directory, which includes OpenSSH 3.4p1.

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://phil.ipal.org/     |
-----------------------------------------------------------------
------------102196104183A44AE
Content-Type: application/octet-stream; name="config.log"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="config.log"

VGhpcyBmaWxlIGNvbnRhaW5zIGFueSBtZXNzYWdlcyBwcm9kdWNlZCBieSBjb21waWxlcnMgd2hp
bGUKcnVubmluZyBjb25maWd1cmUsIHRvIGFpZCBkZWJ1Z2dpbmcgaWYgY29uZmlndXJlIG1ha2Vz
IGEgbWlzdGFrZS4KCkl0IHdhcyBjcmVhdGVkIGJ5IGNvbmZpZ3VyZSwgd2hpY2ggd2FzCmdlbmVy
YXRlZCBieSBHTlUgQXV0b2NvbmYgMi41My4gIEludm9jYXRpb24gY29tbWFuZCBsaW5lIHdhcwoK
ICAkIC4vY29uZmlndXJlIAoKIyMgLS0tLS0tLS0tICMjCiMjIFBsYXRmb3JtLiAjIwojIyAtLS0t
LS0tLS0gIyMKCmhvc3RuYW1lID0gcG9zdAp1bmFtZSAtbSA9IGk0ODYKdW5hbWUgLXIgPSAyLjAu
MzQKdW5hbWUgLXMgPSBMaW51eAp1bmFtZSAtdiA9ICMyIFRodSBKdW4gNCAyMjozNjowNyBQRFQg
MTk5OAoKL3Vzci9iaW4vdW5hbWUgLXAgPSB1bmtub3duCi9iaW4vdW5hbWUgLVggICAgID0gdW5r
bm93bgoKL2Jpbi9hcmNoICAgICAgICAgICAgICA9IGk0ODYKL3Vzci9iaW4vYXJjaCAtayAgICAg
ICA9IHVua25vd24KL3Vzci9jb252ZXgvZ2V0c3lzaW5mbyA9IHVua25vd24KaG9zdGluZm8gICAg
ICAgICAgICAgICA9IHVua25vd24KL2Jpbi9tYWNoaW5lICAgICAgICAgICA9IHVua25vd24KL3Vz
ci9iaW4vb3NsZXZlbCAgICAgICA9IHVua25vd24KL2Jpbi91bml2ZXJzZSAgICAgICAgICA9IHVu
a25vd24KClBBVEg6IC91c3IvYmluClBBVEg6IC9iaW4KUEFUSDogL3Vzci9zYmluClBBVEg6IC9z
YmluClBBVEg6IC91c3IvbG9jYWwvYmluClBBVEg6IC91c3IvWDExUjYvYmluClBBVEg6IC91c3Iv
b3Blbndpbi9iaW4KUEFUSDogL3Rvb2xzL2pkazExNi9iaW4KUEFUSDogL3Rvb2xzL2pyZS9iaW4K
UEFUSDogLgoKCiMjIC0tLS0tLS0tLS0tICMjCiMjIENvcmUgdGVzdHMuICMjCiMjIC0tLS0tLS0t
LS0tICMjCgpjb25maWd1cmU6MTMyMjogY2hlY2tpbmcgZm9yIGdjYwpjb25maWd1cmU6MTMyMjog
Zm91bmQgL3Vzci9iaW4vZ2NjCmNvbmZpZ3VyZToxMzIyOiByZXN1bHQ6IGdjYwpjb25maWd1cmU6
MTU1NzogY2hlY2tpbmcgZm9yIEMgY29tcGlsZXIgdmVyc2lvbgpjb25maWd1cmU6MTU2MzogZ2Nj
IC0tdmVyc2lvbiA8L2Rldi9udWxsID4mNQplZ2NzLTIuOTAuMjkgOTgwNTE1IChlZ2NzLTEuMC4z
IHJlbGVhc2UpCmNvbmZpZ3VyZToxNTYzOiAkPyA9IDAKY29uZmlndXJlOjE1Njg6IGdjYyAtdiA8
L2Rldi9udWxsID4mNQpSZWFkaW5nIHNwZWNzIGZyb20gL3Vzci9saWIvZ2NjLWxpYi9pNTg2LXBj
LWxpbnV4LWdudWxpYmMxL2VnY3MtMi45MC4yOS9zcGVjcwpnY2MgdmVyc2lvbiBlZ2NzLTIuOTAu
MjkgOTgwNTE1IChlZ2NzLTEuMC4zIHJlbGVhc2UpCmNvbmZpZ3VyZToxNTY4OiAkPyA9IDAKY29u
ZmlndXJlOjE1NzM6IGdjYyAtViA8L2Rldi9udWxsID4mNQpnY2M6IGFyZ3VtZW50IHRvIGAtVicg
aXMgbWlzc2luZwpjb25maWd1cmU6MTU3MzogJD8gPSAxCmNvbmZpZ3VyZToxNTk4OiBjaGVja2lu
ZyBmb3IgQyBjb21waWxlciBkZWZhdWx0IG91dHB1dApjb25maWd1cmU6MTYzNDogZ2NjICAgIGNv
bmZ0ZXN0LmMgID4mNQpjb25maWd1cmU6MTYzNDogJD8gPSAwCmNvbmZpZ3VyZToxNjM3OiByZXN1
bHQ6IGEub3V0CmNvbmZpZ3VyZToxNjQyOiBjaGVja2luZyB3aGV0aGVyIHRoZSBDIGNvbXBpbGVy
IHdvcmtzCmNvbmZpZ3VyZToxNjY1OiAuL2Eub3V0CmNvbmZpZ3VyZToxNjY1OiAkPyA9IDAKY29u
ZmlndXJlOjE2NjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxNjczOiBjaGVja2luZyB3aGV0aGVy
IHdlIGFyZSBjcm9zcyBjb21waWxpbmcKY29uZmlndXJlOjE2NzU6IHJlc3VsdDogbm8KY29uZmln
dXJlOjE2Nzg6IGNoZWNraW5nIGZvciBzdWZmaXggb2YgZXhlY3V0YWJsZXMKY29uZmlndXJlOjE3
MDI6IGdjYyAtbyBjb25mdGVzdCAgICBjb25mdGVzdC5jICA+JjUKY29uZmlndXJlOjE3MDI6ICQ/
ID0gMApjb25maWd1cmU6MTcwNTogcmVzdWx0OiAKY29uZmlndXJlOjE3MTE6IGNoZWNraW5nIGZv
ciBzdWZmaXggb2Ygb2JqZWN0IGZpbGVzCmNvbmZpZ3VyZToxNzU2OiBnY2MgLWMgICBjb25mdGVz
dC5jID4mNQpjb25maWd1cmU6MTc1NjogJD8gPSAwCmNvbmZpZ3VyZToxNzU3OiByZXN1bHQ6IG8K
Y29uZmlndXJlOjE3NjE6IGNoZWNraW5nIHdoZXRoZXIgd2UgYXJlIHVzaW5nIHRoZSBHTlUgQyBj
b21waWxlcgpjb25maWd1cmU6MTgwODogZ2NjIC1jICAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJl
OjE4MDg6ICQ/ID0gMApjb25maWd1cmU6MTgwODogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3Vy
ZToxODA4OiAkPyA9IDAKY29uZmlndXJlOjE4MDk6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxODE1
OiBjaGVja2luZyB3aGV0aGVyIGdjYyBhY2NlcHRzIC1nCmNvbmZpZ3VyZToxODU3OiBnY2MgLWMg
LWcgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZToxODU3OiAkPyA9IDAKY29uZmlndXJlOjE4NTc6
IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6MTg1NzogJD8gPSAwCmNvbmZpZ3VyZToxODU4
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTk5MDogZ2NjIC1jIC1nIC1PMiAgY29uZnRlc3QuYyA+
JjUKY29uZnRlc3QuYzoyOiBwYXJzZSBlcnJvciBiZWZvcmUgYG1lJwpjb25maWd1cmU6MTk5MDog
JD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojaWZuZGVmIF9fY3BsdXNwbHVz
CiAgY2hva2UgbWUKI2VuZGlmCmNvbmZpZ3VyZToyMDI5OiBjaGVja2luZyBidWlsZCBzeXN0ZW0g
dHlwZQpjb25maWd1cmU6MjA0NzogcmVzdWx0OiBpNDg2LXBjLWxpbnV4LWdudWxpYmMxCmNvbmZp
Z3VyZToyMDU1OiBjaGVja2luZyBob3N0IHN5c3RlbSB0eXBlCmNvbmZpZ3VyZToyMDY5OiByZXN1
bHQ6IGk0ODYtcGMtbGludXgtZ251bGliYzEKY29uZmlndXJlOjIwNzg6IGNoZWNraW5nIHdoZXRo
ZXIgYnl0ZSBvcmRlcmluZyBpcyBiaWdlbmRpYW4KY29uZmlndXJlOjIyNjA6IGdjYyAtYyAtZyAt
TzIgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpjb25maWd1
cmU6MjI3NDogYGJvZ3VzJyB1bmRlY2xhcmVkIChmaXJzdCB1c2UgdGhpcyBmdW5jdGlvbikKY29u
ZmlndXJlOjIyNzQ6IChFYWNoIHVuZGVjbGFyZWQgaWRlbnRpZmllciBpcyByZXBvcnRlZCBvbmx5
IG9uY2UKY29uZmlndXJlOjIyNzQ6IGZvciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMgaW4uKQpj
b25maWd1cmU6MjI3NDogcGFyc2UgZXJyb3IgYmVmb3JlIGBlbmRpYW4nCmNvbmZpZ3VyZToyMjYw
OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDIyNjAgImNvbmZp
Z3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2luY2x1
ZGUgPHN5cy9wYXJhbS5oPgoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNw
bHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJl
dHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CiNpZiAhQllURV9PUkRFUiB8fCAhQklHX0VO
RElBTiB8fCAhTElUVExFX0VORElBTgogYm9ndXMgZW5kaWFuIG1hY3JvcwojZW5kaWYKCiAgOwog
IHJldHVybiAwOwp9CmNvbmZpZ3VyZToyMjYwOiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yICAgY29u
ZnRlc3QuYyAgPiY1CmNvbmZpZ3VyZToyMjYwOiAkPyA9IDAKY29uZmlndXJlOjIyNjA6IC4vY29u
ZnRlc3QKY29uZmlndXJlOjIyNjA6ICQ/ID0gMApjb25maWd1cmU6MjI2MTogcmVzdWx0OiBubwpj
b25maWd1cmU6MjI4NzogY2hlY2tpbmcgaG93IHRvIHJ1biB0aGUgQyBwcmVwcm9jZXNzb3IKY29u
ZmlndXJlOjIzODg6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6MjM4ODogJD8gPSAwCmNv
bmZpZ3VyZToyMzg4OiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjIzODk6IGFjX25vbmV4
aXN0ZW50Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjIzODg6ICQ/ID0g
MQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgMjM4OCAiY29uZmlndXJlIgoj
aW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPGFjX25vbmV4aXN0ZW50Lmg+CmNvbmZpZ3Vy
ZToyMzg5OiByZXN1bHQ6IGdjYyAtRQpjb25maWd1cmU6MjQ2NTogZ2NjIC1FICBjb25mdGVzdC5j
CmNvbmZpZ3VyZToyNDY1OiAkPyA9IDAKY29uZmlndXJlOjI0NjU6IGdjYyAtRSAgY29uZnRlc3Qu
Ywpjb25maWd1cmU6MjQ2NjogYWNfbm9uZXhpc3RlbnQuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVj
dG9yeQpjb25maWd1cmU6MjQ2NTogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2Fz
OgojbGluZSAyNDY1ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8
YWNfbm9uZXhpc3RlbnQuaD4KY29uZmlndXJlOjI1NjA6IGNoZWNraW5nIGZvciByYW5saWIKY29u
ZmlndXJlOjI1NjA6IGZvdW5kIC91c3IvYmluL3JhbmxpYgpjb25maWd1cmU6MjU2MDogcmVzdWx0
OiByYW5saWIKY29uZmlndXJlOjI1NzQ6IGNoZWNraW5nIGZvciBhIEJTRC1jb21wYXRpYmxlIGlu
c3RhbGwKY29uZmlndXJlOjI2Mjg6IHJlc3VsdDogL3Vzci9iaW4vZ2luc3RhbGwgLWMKY29uZmln
dXJlOjI2NDE6IGNoZWNraW5nIGZvciBhcgpjb25maWd1cmU6MjY2NzogZm91bmQgL3Vzci9iaW4v
YXIKY29uZmlndXJlOjI2NzY6IHJlc3VsdDogL3Vzci9iaW4vYXIKY29uZmlndXJlOjI3MjA6IGNo
ZWNraW5nIGZvciBwZXJsNQpjb25maWd1cmU6MjcyMDogcmVzdWx0OiBubwpjb25maWd1cmU6Mjcy
MDogY2hlY2tpbmcgZm9yIHBlcmwKY29uZmlndXJlOjI3MjA6IGZvdW5kIC91c3IvYmluL3BlcmwK
Y29uZmlndXJlOjI3MjA6IHJlc3VsdDogL3Vzci9iaW4vcGVybApjb25maWd1cmU6MjcyNTogY2hl
Y2tpbmcgZm9yIGVudApjb25maWd1cmU6Mjc2MDogcmVzdWx0OiBubwpjb25maWd1cmU6MjgwNjog
Y2hlY2tpbmcgZm9yIGZpbGVwcml2CmNvbmZpZ3VyZToyODA2OiByZXN1bHQ6IG5vCmNvbmZpZ3Vy
ZToyODExOiBjaGVja2luZyBmb3IgYmFzaApjb25maWd1cmU6MjgzNzogZm91bmQgL3Vzci9iaW4v
YmFzaApjb25maWd1cmU6Mjg0NjogcmVzdWx0OiAvdXNyL2Jpbi9iYXNoCmNvbmZpZ3VyZToyODUw
OiBjaGVja2luZyBmb3Iga3NoCmNvbmZpZ3VyZToyODg1OiByZXN1bHQ6IC91c3IvYmluL2Jhc2gK
Y29uZmlndXJlOjI4ODk6IGNoZWNraW5nIGZvciBzaApjb25maWd1cmU6MjkyNDogcmVzdWx0OiAv
dXNyL2Jpbi9iYXNoCmNvbmZpZ3VyZToyOTI4OiBjaGVja2luZyBmb3Igc2gKY29uZmlndXJlOjI5
NTQ6IGZvdW5kIC9iaW4vc2gKY29uZmlndXJlOjI5NjM6IHJlc3VsdDogL2Jpbi9zaApjb25maWd1
cmU6MzI3ODogY2hlY2tpbmcgZm9yIHNwZWNpYWwgQyBjb21waWxlciBvcHRpb25zIG5lZWRlZCBm
b3IgbGFyZ2UgZmlsZXMKY29uZmlndXJlOjMyNzg6IHJlc3VsdDogbm8KY29uZmlndXJlOjMyNzg6
IGNoZWNraW5nIGZvciBfRklMRV9PRkZTRVRfQklUUyB2YWx1ZSBuZWVkZWQgZm9yIGxhcmdlIGZp
bGVzCmNvbmZpZ3VyZTozMjc4OiBnY2MgLWMgLWcgLU8yICBjb25mdGVzdC5jID4mNQpjb25maWd1
cmU6MzI4NTogd2FybmluZzogbGVmdCBzaGlmdCBjb3VudCA+PSB3aWR0aCBvZiB0eXBlCmNvbmZp
Z3VyZTozMjg1OiB3YXJuaW5nOiBsZWZ0IHNoaWZ0IGNvdW50ID49IHdpZHRoIG9mIHR5cGUKY29u
ZmlndXJlOjMyODc6IHNpemUgb2YgYXJyYXkgYG9mZl90X2lzX2xhcmdlJyBpcyBuZWdhdGl2ZQpj
b25maWd1cmU6MzI3ODogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGlu
ZSAzMjc4ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3lzL3R5
cGVzLmg+CiAvKiBDaGVjayB0aGF0IG9mZl90IGNhbiByZXByZXNlbnQgMioqNjMgLSAxIGNvcnJl
Y3RseS4KICAgIFdlIGNhbid0IHNpbXBseSBkZWZpbmUgTEFSR0VfT0ZGX1QgdG8gYmUgOTIyMzM3
MjAzNjg1NDc3NTgwNywKICAgIHNpbmNlIHNvbWUgQysrIGNvbXBpbGVycyBtYXNxdWVyYWRpbmcg
YXMgQyBjb21waWxlcnMKICAgIGluY29ycmVjdGx5IHJlamVjdCA5MjIzMzcyMDM2ODU0Nzc1ODA3
LiAgKi8KI2RlZmluZSBMQVJHRV9PRkZfVCAoKChvZmZfdCkgMSA8PCA2MikgLSAxICsgKChvZmZf
dCkgMSA8PCA2MikpCiAgaW50IG9mZl90X2lzX2xhcmdlWyhMQVJHRV9PRkZfVCAlIDIxNDc0ODM2
MjkgPT0gNzIxCgkJICAgICAgICYmIExBUkdFX09GRl9UICUgMjE0NzQ4MzY0NyA9PSAxKQoJCSAg
ICAgID8gMSA6IC0xXTsKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVz
CiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVy
biAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6
MzI3ODogZ2NjIC1jIC1nIC1PMiAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjMyODY6IHdhcm5p
bmc6IGxlZnQgc2hpZnQgY291bnQgPj0gd2lkdGggb2YgdHlwZQpjb25maWd1cmU6MzI4Njogd2Fy
bmluZzogbGVmdCBzaGlmdCBjb3VudCA+PSB3aWR0aCBvZiB0eXBlCmNvbmZpZ3VyZTozMjg4OiBz
aXplIG9mIGFycmF5IGBvZmZfdF9pc19sYXJnZScgaXMgbmVnYXRpdmUKY29uZmlndXJlOjMyNzg6
ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgMzI3OCAiY29uZmln
dXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2RlZmluZSBfRklMRV9PRkZTRVRfQklUUyA2NAoj
aW5jbHVkZSA8c3lzL3R5cGVzLmg+CiAvKiBDaGVjayB0aGF0IG9mZl90IGNhbiByZXByZXNlbnQg
MioqNjMgLSAxIGNvcnJlY3RseS4KICAgIFdlIGNhbid0IHNpbXBseSBkZWZpbmUgTEFSR0VfT0ZG
X1QgdG8gYmUgOTIyMzM3MjAzNjg1NDc3NTgwNywKICAgIHNpbmNlIHNvbWUgQysrIGNvbXBpbGVy
cyBtYXNxdWVyYWRpbmcgYXMgQyBjb21waWxlcnMKICAgIGluY29ycmVjdGx5IHJlamVjdCA5MjIz
MzcyMDM2ODU0Nzc1ODA3LiAgKi8KI2RlZmluZSBMQVJHRV9PRkZfVCAoKChvZmZfdCkgMSA8PCA2
MikgLSAxICsgKChvZmZfdCkgMSA8PCA2MikpCiAgaW50IG9mZl90X2lzX2xhcmdlWyhMQVJHRV9P
RkZfVCAlIDIxNDc0ODM2MjkgPT0gNzIxCgkJICAgICAgICYmIExBUkdFX09GRl9UICUgMjE0NzQ4
MzY0NyA9PSAxKQoJCSAgICAgID8gMSA6IC0xXTsKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlm
ZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1Z
X01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CgogIDsKICByZXR1cm4g
MDsKfQpjb25maWd1cmU6MzI3ODogcmVzdWx0OiBubwpjb25maWd1cmU6MzI3ODogY2hlY2tpbmcg
Zm9yIF9MQVJHRV9GSUxFUyB2YWx1ZSBuZWVkZWQgZm9yIGxhcmdlIGZpbGVzCmNvbmZpZ3VyZToz
Mjc4OiBnY2MgLWMgLWcgLU8yICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MzI4NTogd2Fybmlu
ZzogbGVmdCBzaGlmdCBjb3VudCA+PSB3aWR0aCBvZiB0eXBlCmNvbmZpZ3VyZTozMjg1OiB3YXJu
aW5nOiBsZWZ0IHNoaWZ0IGNvdW50ID49IHdpZHRoIG9mIHR5cGUKY29uZmlndXJlOjMyODc6IHNp
emUgb2YgYXJyYXkgYG9mZl90X2lzX2xhcmdlJyBpcyBuZWdhdGl2ZQpjb25maWd1cmU6MzI3ODog
JD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSAzMjc4ICJjb25maWd1
cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiAvKiBDaGVj
ayB0aGF0IG9mZl90IGNhbiByZXByZXNlbnQgMioqNjMgLSAxIGNvcnJlY3RseS4KICAgIFdlIGNh
bid0IHNpbXBseSBkZWZpbmUgTEFSR0VfT0ZGX1QgdG8gYmUgOTIyMzM3MjAzNjg1NDc3NTgwNywK
ICAgIHNpbmNlIHNvbWUgQysrIGNvbXBpbGVycyBtYXNxdWVyYWRpbmcgYXMgQyBjb21waWxlcnMK
ICAgIGluY29ycmVjdGx5IHJlamVjdCA5MjIzMzcyMDM2ODU0Nzc1ODA3LiAgKi8KI2RlZmluZSBM
QVJHRV9PRkZfVCAoKChvZmZfdCkgMSA8PCA2MikgLSAxICsgKChvZmZfdCkgMSA8PCA2MikpCiAg
aW50IG9mZl90X2lzX2xhcmdlWyhMQVJHRV9PRkZfVCAlIDIxNDc0ODM2MjkgPT0gNzIxCgkJICAg
ICAgICYmIExBUkdFX09GRl9UICUgMjE0NzQ4MzY0NyA9PSAxKQoJCSAgICAgID8gMSA6IC0xXTsK
I2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJD
IgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgpp
bnQKbWFpbiAoKQp7CgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6MzI3ODogZ2NjIC1jIC1n
IC1PMiAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjMyODY6IHdhcm5pbmc6IGxlZnQgc2hpZnQg
Y291bnQgPj0gd2lkdGggb2YgdHlwZQpjb25maWd1cmU6MzI4Njogd2FybmluZzogbGVmdCBzaGlm
dCBjb3VudCA+PSB3aWR0aCBvZiB0eXBlCmNvbmZpZ3VyZTozMjg4OiBzaXplIG9mIGFycmF5IGBv
ZmZfdF9pc19sYXJnZScgaXMgbmVnYXRpdmUKY29uZmlndXJlOjMyNzg6ICQ/ID0gMQpjb25maWd1
cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgMzI3OCAiY29uZmlndXJlIgojaW5jbHVkZSAi
Y29uZmRlZnMuaCIKI2RlZmluZSBfTEFSR0VfRklMRVMgMQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+
CiAvKiBDaGVjayB0aGF0IG9mZl90IGNhbiByZXByZXNlbnQgMioqNjMgLSAxIGNvcnJlY3RseS4K
ICAgIFdlIGNhbid0IHNpbXBseSBkZWZpbmUgTEFSR0VfT0ZGX1QgdG8gYmUgOTIyMzM3MjAzNjg1
NDc3NTgwNywKICAgIHNpbmNlIHNvbWUgQysrIGNvbXBpbGVycyBtYXNxdWVyYWRpbmcgYXMgQyBj
b21waWxlcnMKICAgIGluY29ycmVjdGx5IHJlamVjdCA5MjIzMzcyMDM2ODU0Nzc1ODA3LiAgKi8K
I2RlZmluZSBMQVJHRV9PRkZfVCAoKChvZmZfdCkgMSA8PCA2MikgLSAxICsgKChvZmZfdCkgMSA8
PCA2MikpCiAgaW50IG9mZl90X2lzX2xhcmdlWyhMQVJHRV9PRkZfVCAlIDIxNDc0ODM2MjkgPT0g
NzIxCgkJICAgICAgICYmIExBUkdFX09GRl9UICUgMjE0NzQ4MzY0NyA9PSAxKQoJCSAgICAgID8g
MSA6IC0xXTsKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAg
ZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9
CiNlbmRpZgppbnQKbWFpbiAoKQp7CgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6MzI3ODog
cmVzdWx0OiBubwpjb25maWd1cmU6MzM0MDogY2hlY2tpbmcgZm9yIGxvZ2luCmNvbmZpZ3VyZToz
MzQwOiBmb3VuZCAvYmluL2xvZ2luCmNvbmZpZ3VyZTozMzQwOiByZXN1bHQ6IC9iaW4vbG9naW4K
Y29uZmlndXJlOjMzNDc6IGNoZWNraW5nIGZvciBnY2Mgb3B0aW9uIHRvIGFjY2VwdCBBTlNJIEMK
Y29uZmlndXJlOjM0MzI6IGdjYyAgLWMgLWcgLU8yICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6
MzQzMjogJD8gPSAwCmNvbmZpZ3VyZTozNDMyOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJl
OjM0MzI6ICQ/ID0gMApjb25maWd1cmU6MzQ0MjogcmVzdWx0OiBub25lIG5lZWRlZApjb25maWd1
cmU6MzQ0NDogY2hlY2tpbmcgZm9yIGlubGluZQpjb25maWd1cmU6MzQ4MDogZ2NjIC1jIC1nIC1P
MiAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjM0ODA6ICQ/ID0gMApjb25maWd1cmU6MzQ4MDog
dGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTozNDgwOiAkPyA9IDAKY29uZmlndXJlOjM0ODE6
IHJlc3VsdDogaW5saW5lCmNvbmZpZ3VyZTo0NDU3OiBjaGVja2luZyBmb3IgQU5TSSBDIGhlYWRl
ciBmaWxlcwpjb25maWd1cmU6NDU4MzogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0NTgz
OiAkPyA9IDAKY29uZmlndXJlOjQ1ODM6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdw
b2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgID4mNQpjb25maWd1
cmU6NDU4MzogJD8gPSAwCmNvbmZpZ3VyZTo0NTgzOiAuL2NvbmZ0ZXN0CmNvbmZpZ3VyZTo0NTgz
OiAkPyA9IDAKY29uZmlndXJlOjQ1ODQ6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0NjQ5OiBjaGVj
a2luZyBmb3Igc3lzL3R5cGVzLmgKY29uZmlndXJlOjQ2NDk6IGdjYyAtYyAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmln
dXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1cmU6NDY0OTogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZp
Z3VyZTo0NjQ5OiAkPyA9IDAKY29uZmlndXJlOjQ2NDk6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
NjQ5OiBjaGVja2luZyBmb3Igc3lzL3N0YXQuaApjb25maWd1cmU6NDY0OTogZ2NjIC1jIC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4m
NQpjb25maWd1cmU6NDY0OTogJD8gPSAwCmNvbmZpZ3VyZTo0NjQ5OiB0ZXN0IC1zIGNvbmZ0ZXN0
Lm8KY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1cmU6NDY0OTogcmVzdWx0OiB5ZXMKY29u
ZmlndXJlOjQ2NDk6IGNoZWNraW5nIGZvciBzdGRsaWIuaApjb25maWd1cmU6NDY0OTogZ2NjIC1j
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBjb25mdGVz
dC5jID4mNQpjb25maWd1cmU6NDY0OTogJD8gPSAwCmNvbmZpZ3VyZTo0NjQ5OiB0ZXN0IC1zIGNv
bmZ0ZXN0Lm8KY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1cmU6NDY0OTogcmVzdWx0OiB5
ZXMKY29uZmlndXJlOjQ2NDk6IGNoZWNraW5nIGZvciBzdHJpbmcuaApjb25maWd1cmU6NDY0OTog
Z2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBj
b25mdGVzdC5jID4mNQpjb25maWd1cmU6NDY0OTogJD8gPSAwCmNvbmZpZ3VyZTo0NjQ5OiB0ZXN0
IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1cmU6NDY0OTogcmVz
dWx0OiB5ZXMKY29uZmlndXJlOjQ2NDk6IGNoZWNraW5nIGZvciBtZW1vcnkuaApjb25maWd1cmU6
NDY0OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDY0OTogJD8gPSAwCmNvbmZpZ3VyZTo0NjQ5
OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1cmU6NDY0
OTogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ2NDk6IGNoZWNraW5nIGZvciBzdHJpbmdzLmgKY29u
ZmlndXJlOjQ2NDk6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1
cmU6NDY0OTogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0NjQ5OiAkPyA9IDAKY29uZmln
dXJlOjQ2NDk6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0NjQ5OiBjaGVja2luZyBmb3IgaW50dHlw
ZXMuaApjb25maWd1cmU6NDY0OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGgg
LVduby11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDY4NTogaW50dHlw
ZXMuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDY0OTogJD8gPSAxCmNv
bmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0NjQ5ICJjb25maWd1cmUiCiNpbmNs
dWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8uaD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gK
IyBpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNpZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNs
dWRlIDxzeXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENfSEVBREVSUwojIGluY2x1ZGUgPHN0ZGxp
Yi5oPgojIGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQojIGlmIEhBVkVfU1RETElCX0gKIyAgaW5j
bHVkZSA8c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1NUUklOR19ICiMgaWYgIVNU
RENfSEVBREVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGluY2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlm
CiMgaW5jbHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYgSEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRl
IDxzdHJpbmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRUWVBFU19ICiMgaW5jbHVkZSA8aW50dHlw
ZXMuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMgIGluY2x1ZGUgPHN0ZGludC5oPgojIGVu
ZGlmCiNlbmRpZgojaWYgSEFWRV9VTklTVERfSAojIGluY2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYK
CiNpbmNsdWRlIDxpbnR0eXBlcy5oPgpjb25maWd1cmU6NDY0OTogcmVzdWx0OiBubwpjb25maWd1
cmU6NDY0OTogY2hlY2tpbmcgZm9yIHN0ZGludC5oCmNvbmZpZ3VyZTo0NjQ5OiBnY2MgLWMgLWcg
LU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMg
PiY1CmNvbmZpZ3VyZTo0Njg1OiBzdGRpbnQuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpj
b25maWd1cmU6NDY0OTogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGlu
ZSA0NjQ5ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8u
aD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNp
ZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRlIDxzeXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENf
SEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQoj
IGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVkZSA8c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNp
ZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENfSEVBREVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGlu
Y2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMgaW5jbHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYg
SEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxzdHJpbmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRU
WVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMg
IGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9VTklTVERfSAojIGlu
Y2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKCiNpbmNsdWRlIDxzdGRpbnQuaD4KY29uZmlndXJlOjQ2
NDk6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ2NDk6IGNoZWNraW5nIGZvciB1bmlzdGQuaApjb25m
aWd1cmU6NDY0OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmlu
aXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDY0OTogJD8gPSAwCmNvbmZpZ3Vy
ZTo0NjQ5OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ2NDk6ICQ/ID0gMApjb25maWd1
cmU6NDY0OTogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGJzdHJpbmcuaCB1
c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFy
aXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/
ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAk
PyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2lu
ZyBic3RyaW5nLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpj
b25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1
cmU6NDgxMjogY2hlY2tpbmcgZm9yIGJzdHJpbmcuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5
ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGNyeXB0LmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0
ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6
ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBjcnlwdC5oOiBObyBzdWNoIGZpbGUg
b3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJv
Z3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNp
bmNsdWRlIDxzdGRpby5oPgojaWYgSEFWRV9TWVNfVFlQRVNfSAojIGluY2x1ZGUgPHN5cy90eXBl
cy5oPgojZW5kaWYKI2lmIEhBVkVfU1lTX1NUQVRfSAojIGluY2x1ZGUgPHN5cy9zdGF0Lmg+CiNl
bmRpZgojaWYgU1REQ19IRUFERVJTCiMgaW5jbHVkZSA8c3RkbGliLmg+CiMgaW5jbHVkZSA8c3Rk
ZGVmLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERMSUJfSAojICBpbmNsdWRlIDxzdGRsaWIuaD4KIyBl
bmRpZgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HX0gKIyBpZiAhU1REQ19IRUFERVJTICYmIEhBVkVf
TUVNT1JZX0gKIyAgaW5jbHVkZSA8bWVtb3J5Lmg+CiMgZW5kaWYKIyBpbmNsdWRlIDxzdHJpbmcu
aD4KI2VuZGlmCiNpZiBIQVZFX1NUUklOR1NfSAojIGluY2x1ZGUgPHN0cmluZ3MuaD4KI2VuZGlm
CiNpZiBIQVZFX0lOVFRZUEVTX0gKIyBpbmNsdWRlIDxpbnR0eXBlcy5oPgojZWxzZQojIGlmIEhB
VkVfU1RESU5UX0gKIyAgaW5jbHVkZSA8c3RkaW50Lmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBIQVZF
X1VOSVNURF9ICiMgaW5jbHVkZSA8dW5pc3RkLmg+CiNlbmRpZgojaW5jbHVkZSA8Y3J5cHQuaD4K
Y29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGNyeXB0
LmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6
NDgxMzogY3J5cHQuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjog
JD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1
cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8Y3J5cHQuaD4KY29uZmlndXJlOjQ4
MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBjcnlwdC5oCmNvbmZp
Z3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBlbmRpYW4uaCB1
c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFy
aXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/
ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAk
PyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2lu
ZyBlbmRpYW4uaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNv
bmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3Vy
ZTo0ODEyOiBjaGVja2luZyBmb3IgZW5kaWFuLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVz
CmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmbG9hdGluZ3BvaW50LmggdXNhYmlsaXR5CmNvbmZp
Z3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBmbG9hdGluZ3BvaW50Lmg6
IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1
cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAi
Y29uZmRlZnMuaCIKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBFU19ICiMgaW5j
bHVkZSA8c3lzL3R5cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMgaW5jbHVkZSA8
c3lzL3N0YXQuaD4KI2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxzdGRsaWIuaD4K
IyBpbmNsdWRlIDxzdGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMgIGluY2x1ZGUg
PHN0ZGxpYi5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlmICFTVERDX0hF
QURFUlMgJiYgSEFWRV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBlbmRpZgojIGlu
Y2x1ZGUgPHN0cmluZy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5jbHVkZSA8c3Ry
aW5ncy5oPgojZW5kaWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGludHR5cGVzLmg+
CiNlbHNlCiMgaWYgSEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4KIyBlbmRpZgoj
ZW5kaWYKI2lmIEhBVkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2VuZGlmCiNpbmNs
dWRlIDxmbG9hdGluZ3BvaW50Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3Vy
ZTo0ODEyOiBjaGVja2luZyBmbG9hdGluZ3BvaW50LmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6
IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NDgxMzogZmxvYXRpbmdwb2ludC5oOiBObyBz
dWNoIGZpbGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBm
YWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZk
ZWZzLmgiCiNpbmNsdWRlIDxmbG9hdGluZ3BvaW50Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6
IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3IgZmxvYXRpbmdwb2ludC5oCmNvbmZpZ3Vy
ZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBnZXRvcHQuaCB1c2Fi
aWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRo
IC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/ID0g
MApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAkPyA9
IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBn
ZXRvcHQuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZp
Z3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyBmb3IgZ2V0b3B0LmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNv
bmZpZ3VyZTo0ODEyOiBjaGVja2luZyBnbG9iLmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0ODEyOiBn
Y2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNv
bmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHRlc3Qg
LXMgY29uZnRlc3Qubwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1
bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgZ2xvYi5oIHByZXNlbmNlCmNvbmZpZ3Vy
ZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1
cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBnbG9iLmgK
Y29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBsYXN0
bG9nLmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9p
bnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0
ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6
NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjog
Y2hlY2tpbmcgbGFzdGxvZy5oIHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0
ZXN0LmMKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMK
Y29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBsYXN0bG9nLmgKY29uZmlndXJlOjQ4MTI6IHJl
c3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBsaW1pdHMuaCB1c2FiaWxpdHkKY29u
ZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1
cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmln
dXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBsaW1pdHMuaCBw
cmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEy
OiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVj
a2luZyBmb3IgbGltaXRzLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyBsb2dpbi5oIHVzYWJpbGl0eQpjb25maWd1cmU6NDgxMjogZ2NjIC1jIC1n
IC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBjb25mdGVzdC5j
ID4mNQpjb25maWd1cmU6NDg0NzogbG9naW4uaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpj
b25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGlu
ZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8u
aD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNp
ZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRlIDxzeXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENf
SEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQoj
IGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVkZSA8c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNp
ZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENfSEVBREVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGlu
Y2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMgaW5jbHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYg
SEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxzdHJpbmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRU
WVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMg
IGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9VTklTVERfSAojIGlu
Y2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKI2luY2x1ZGUgPGxvZ2luLmg+CmNvbmZpZ3VyZTo0ODEy
OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBsb2dpbi5oIHByZXNlbmNlCmNv
bmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4MTM6IGxvZ2luLmg6
IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1
cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAi
Y29uZmRlZnMuaCIKI2luY2x1ZGUgPGxvZ2luLmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5v
CmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3IgbG9naW4uaApjb25maWd1cmU6NDgxMjogcmVz
dWx0OiBubwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgbG9naW5fY2FwLmggdXNhYmlsaXR5CmNv
bmZpZ3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVu
aW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBsb2dpbl9jYXAuaDog
Tm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZpZ3Vy
ZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRlICJj
b25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8uaD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBpbmNs
dWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNpZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRlIDxz
eXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENfSEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5oPgoj
IGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQojIGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVkZSA8
c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENfSEVB
REVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGluY2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMgaW5j
bHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYgSEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxzdHJp
bmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRUWVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMuaD4K
I2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMgIGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlmCiNl
bmRpZgojaWYgSEFWRV9VTklTVERfSAojIGluY2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKI2luY2x1
ZGUgPGxvZ2luX2NhcC5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgx
MjogY2hlY2tpbmcgbG9naW5fY2FwLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAg
Y29uZnRlc3QuYwpjb25maWd1cmU6NDgxMzogbG9naW5fY2FwLmg6IE5vIHN1Y2ggZmlsZSBvciBk
aXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFt
IHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1
ZGUgPGxvZ2luX2NhcC5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgx
MjogY2hlY2tpbmcgZm9yIGxvZ2luX2NhcC5oCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZTo0ODEyOiBjaGVja2luZyBtYWlsbG9jay5oIHVzYWJpbGl0eQpjb25maWd1cmU6NDgx
MjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVk
ICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDg0NzogbWFpbGxvY2suaDogTm8gc3VjaCBmaWxl
IG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHBy
b2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoj
aW5jbHVkZSA8c3RkaW8uaD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBpbmNsdWRlIDxzeXMvdHlw
ZXMuaD4KI2VuZGlmCiNpZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRlIDxzeXMvc3RhdC5oPgoj
ZW5kaWYKI2lmIFNURENfSEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGluY2x1ZGUgPHN0
ZGRlZi5oPgojZWxzZQojIGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVkZSA8c3RkbGliLmg+CiMg
ZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENfSEVBREVSUyAmJiBIQVZF
X01FTU9SWV9ICiMgIGluY2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMgaW5jbHVkZSA8c3RyaW5n
Lmg+CiNlbmRpZgojaWYgSEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxzdHJpbmdzLmg+CiNlbmRp
ZgojaWYgSEFWRV9JTlRUWVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMuaD4KI2Vsc2UKIyBpZiBI
QVZFX1NURElOVF9ICiMgIGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFW
RV9VTklTVERfSAojIGluY2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKI2luY2x1ZGUgPG1haWxsb2Nr
Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBt
YWlsbG9jay5oIHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29u
ZmlndXJlOjQ4MTM6IG1haWxsb2NrLmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmln
dXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgx
MiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPG1haWxsb2NrLmg+
CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Ig
bWFpbGxvY2suaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgxMjogY2hl
Y2tpbmcgbmV0ZGIuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdh
bGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29u
ZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNv
bmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3Vy
ZTo0ODEyOiBjaGVja2luZyBuZXRkYi5oIHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUg
IGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0
OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBuZXRkYi5oCmNvbmZpZ3VyZTo0ODEy
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgbmV0Z3JvdXAuaCB1c2FiaWxp
dHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1X
bm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4NDc6IG5ldGdyb3Vw
Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25m
aWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVk
ZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBFU19ICiMg
aW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMgaW5jbHVk
ZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxzdGRsaWIu
aD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMgIGluY2x1
ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlmICFTVERD
X0hFQURFUlMgJiYgSEFWRV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBlbmRpZgoj
IGluY2x1ZGUgPHN0cmluZy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5jbHVkZSA8
c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGludHR5cGVz
Lmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4KIyBlbmRp
ZgojZW5kaWYKI2lmIEhBVkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2VuZGlmCiNp
bmNsdWRlIDxuZXRncm91cC5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6
NDgxMjogY2hlY2tpbmcgbmV0Z3JvdXAuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1F
ICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEzOiBuZXRncm91cC5oOiBObyBzdWNoIGZpbGUgb3Ig
ZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3Jh
bSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNs
dWRlIDxuZXRncm91cC5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgx
MjogY2hlY2tpbmcgZm9yIG5ldGdyb3VwLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29u
ZmlndXJlOjQ4MTI6IGNoZWNraW5nIG5ldGluZXQvaW5fc3lzdG0uaCB1c2FiaWxpdHkKY29uZmln
dXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0
aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6
NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJl
OjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBuZXRpbmV0L2luX3N5
c3RtLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1
cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgx
MjogY2hlY2tpbmcgZm9yIG5ldGluZXQvaW5fc3lzdG0uaApjb25maWd1cmU6NDgxMjogcmVzdWx0
OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHBhdGhzLmggdXNhYmlsaXR5CmNvbmZpZ3Vy
ZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlh
bGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4
MTI6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0
ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgcGF0aHMuaCBwcmVzZW5j
ZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEyOiAkPyA9
IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBm
b3IgcGF0aHMuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIHB0eS5oIHVzYWJpbGl0eQpjb25maWd1cmU6NDgxMjogZ2NjIC1jIC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25m
aWd1cmU6NDg0NzogcHR5Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4
MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29u
ZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZF
X1NZU19UWVBFU19ICiMgaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNf
U1RBVF9ICiMgaW5jbHVkZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBp
bmNsdWRlIDxzdGRsaWIuaD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NU
RExJQl9ICiMgIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJ
TkdfSAojIGlmICFTVERDX0hFQURFUlMgJiYgSEFWRV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1v
cnkuaD4KIyBlbmRpZgojIGluY2x1ZGUgPHN0cmluZy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5H
U19ICiMgaW5jbHVkZSA8c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGlu
Y2x1ZGUgPGludHR5cGVzLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxz
dGRpbnQuaD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlz
dGQuaD4KI2VuZGlmCiNpbmNsdWRlIDxwdHkuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8K
Y29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHB0eS5oIHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBn
Y2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4MTM6IHB0eS5oOiBObyBzdWNoIGZpbGUgb3Ig
ZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3Jh
bSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNs
dWRlIDxwdHkuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIGZvciBwdHkuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgx
MjogY2hlY2tpbmcgcmVhZHBhc3NwaHJhc2UuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdj
YyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29u
ZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4NDc6IHJlYWRwYXNzcGhyYXNlLmg6IE5vIHN1Y2ggZmls
ZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBw
cm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIK
I2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBFU19ICiMgaW5jbHVkZSA8c3lzL3R5
cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMgaW5jbHVkZSA8c3lzL3N0YXQuaD4K
I2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxzdGRsaWIuaD4KIyBpbmNsdWRlIDxz
dGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMgIGluY2x1ZGUgPHN0ZGxpYi5oPgoj
IGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlmICFTVERDX0hFQURFUlMgJiYgSEFW
RV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBlbmRpZgojIGluY2x1ZGUgPHN0cmlu
Zy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5jbHVkZSA8c3RyaW5ncy5oPgojZW5k
aWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGludHR5cGVzLmg+CiNlbHNlCiMgaWYg
SEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4KIyBlbmRpZgojZW5kaWYKI2lmIEhB
VkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2VuZGlmCiNpbmNsdWRlIDxyZWFkcGFz
c3BocmFzZS5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25maWd1cmU6NDgxMjogY2hl
Y2tpbmcgcmVhZHBhc3NwaHJhc2UuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBj
b25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEzOiByZWFkcGFzc3BocmFzZS5oOiBObyBzdWNoIGZpbGUg
b3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJv
Z3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNp
bmNsdWRlIDxyZWFkcGFzc3BocmFzZS5oPgpjb25maWd1cmU6NDgxMjogcmVzdWx0OiBubwpjb25m
aWd1cmU6NDgxMjogY2hlY2tpbmcgZm9yIHJlYWRwYXNzcGhyYXNlLmgKY29uZmlndXJlOjQ4MTI6
IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHJwYy90eXBlcy5oIHVzYWJpbGl0
eQpjb25maWd1cmU6NDgxMjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVdu
by11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNv
bmZpZ3VyZTo0ODEyOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApj
b25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHJwYy90
eXBlcy5oIHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmln
dXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4
MTI6IGNoZWNraW5nIGZvciBycGMvdHlwZXMuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMK
Y29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHNlY3VyaXR5L3BhbV9hcHBsLmggdXNhYmlsaXR5CmNv
bmZpZ3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVu
aW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBzZWN1cml0eS9wYW1f
YXBwbC5oOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEK
Y29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2lu
Y2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNsdWRlIDxzdGRpby5oPgojaWYgSEFWRV9TWVNfVFlQRVNf
SAojIGluY2x1ZGUgPHN5cy90eXBlcy5oPgojZW5kaWYKI2lmIEhBVkVfU1lTX1NUQVRfSAojIGlu
Y2x1ZGUgPHN5cy9zdGF0Lmg+CiNlbmRpZgojaWYgU1REQ19IRUFERVJTCiMgaW5jbHVkZSA8c3Rk
bGliLmg+CiMgaW5jbHVkZSA8c3RkZGVmLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERMSUJfSAojICBp
bmNsdWRlIDxzdGRsaWIuaD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HX0gKIyBpZiAh
U1REQ19IRUFERVJTICYmIEhBVkVfTUVNT1JZX0gKIyAgaW5jbHVkZSA8bWVtb3J5Lmg+CiMgZW5k
aWYKIyBpbmNsdWRlIDxzdHJpbmcuaD4KI2VuZGlmCiNpZiBIQVZFX1NUUklOR1NfSAojIGluY2x1
ZGUgPHN0cmluZ3MuaD4KI2VuZGlmCiNpZiBIQVZFX0lOVFRZUEVTX0gKIyBpbmNsdWRlIDxpbnR0
eXBlcy5oPgojZWxzZQojIGlmIEhBVkVfU1RESU5UX0gKIyAgaW5jbHVkZSA8c3RkaW50Lmg+CiMg
ZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1VOSVNURF9ICiMgaW5jbHVkZSA8dW5pc3RkLmg+CiNlbmRp
ZgojaW5jbHVkZSA8c2VjdXJpdHkvcGFtX2FwcGwuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDog
bm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHNlY3VyaXR5L3BhbV9hcHBsLmggcHJlc2VuY2UK
Y29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NDgxMzogc2VjdXJp
dHkvcGFtX2FwcGwuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjog
JD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1
cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c2VjdXJpdHkvcGFtX2FwcGwuaD4K
Y29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBz
ZWN1cml0eS9wYW1fYXBwbC5oCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyBzaGFkb3cuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAt
ZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3Qu
YyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25m
dGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVz
CmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzaGFkb3cuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgx
MjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4
MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Igc2hhZG93LmgKY29u
ZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzdGRkZWYu
aCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVy
LWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6
ICQ/ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEy
OiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVj
a2luZyBzdGRkZWYuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5j
CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZp
Z3VyZTo0ODEyOiBjaGVja2luZyBmb3Igc3RkZGVmLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDog
eWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Igc3RkaW50LmgKY29uZmlndXJlOjQ4MTI6
IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciBzdHJpbmdzLmgKY29uZmln
dXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvYml0eXBl
cy5oIHVzYWJpbGl0eQpjb25maWd1cmU6NDgxMjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDgx
MjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ4
MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIHN5cy9iaXR5cGVzLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29u
ZnRlc3QuYwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHll
cwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgZm9yIHN5cy9iaXR5cGVzLmgKY29uZmlndXJlOjQ4
MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvYnNkdHR5LmggdXNh
YmlsaXR5CmNvbmZpZ3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0
aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBzeXMv
YnNkdHR5Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0g
MQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgoj
aW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBF
U19ICiMgaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMg
aW5jbHVkZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxz
dGRsaWIuaD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMg
IGluY2x1ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlm
ICFTVERDX0hFQURFUlMgJiYgSEFWRV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBl
bmRpZgojIGluY2x1ZGUgPHN0cmluZy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5j
bHVkZSA8c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGlu
dHR5cGVzLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4K
IyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2Vu
ZGlmCiNpbmNsdWRlIDxzeXMvYnNkdHR5Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvYnNkdHR5LmggcHJlc2VuY2UKY29uZmlndXJlOjQ4
MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NDgxMzogc3lzL2JzZHR0eS5oOiBObyBz
dWNoIGZpbGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBm
YWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZk
ZWZzLmgiCiNpbmNsdWRlIDxzeXMvYnNkdHR5Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5v
CmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Igc3lzL2JzZHR0eS5oCmNvbmZpZ3VyZTo0ODEy
OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvY2RlZnMuaCB1c2FiaWxp
dHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1X
bm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApj
b25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAK
Y29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMv
Y2RlZnMuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZp
Z3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyBmb3Igc3lzL2NkZWZzLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVz
CmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvbW1hbi5oIHVzYWJpbGl0eQpjb25maWd1cmU6
NDgxMjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEy
OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgx
MjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHN5cy9tbWFuLmggcHJlc2Vu
Y2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NDgxMjogJD8g
PSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcg
Zm9yIHN5cy9tbWFuLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEy
OiBjaGVja2luZyBzeXMvc2VsZWN0LmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0ODEyOiBnY2MgLWMg
LWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0
LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBzeXMvc2VsZWN0Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJl
Y3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdh
czoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUg
PHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBFU19ICiMgaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNl
bmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMgaW5jbHVkZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNp
ZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxzdGRsaWIuaD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4K
I2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMgIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNl
bmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlmICFTVERDX0hFQURFUlMgJiYgSEFWRV9NRU1PUllf
SAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBlbmRpZgojIGluY2x1ZGUgPHN0cmluZy5oPgojZW5k
aWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5jbHVkZSA8c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhB
VkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGludHR5cGVzLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJ
TlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfVU5JU1RE
X0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2VuZGlmCiNpbmNsdWRlIDxzeXMvc2VsZWN0Lmg+CmNv
bmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvc2Vs
ZWN0LmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1
cmU6NDgxMzogc3lzL3NlbGVjdC5oOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3Vy
ZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIg
ImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNsdWRlIDxzeXMvc2VsZWN0Lmg+
CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Ig
c3lzL3NlbGVjdC5oCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBj
aGVja2luZyBmb3Igc3lzL3N0YXQuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmln
dXJlOjQ4MTI6IGNoZWNraW5nIHN5cy9zdHJvcHRzLmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0ODEy
OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQg
IGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiBzeXMvc3Ryb3B0cy5oOiBObyBzdWNoIGZp
bGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQg
cHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgi
CiNpbmNsdWRlIDxzdGRpby5oPgojaWYgSEFWRV9TWVNfVFlQRVNfSAojIGluY2x1ZGUgPHN5cy90
eXBlcy5oPgojZW5kaWYKI2lmIEhBVkVfU1lTX1NUQVRfSAojIGluY2x1ZGUgPHN5cy9zdGF0Lmg+
CiNlbmRpZgojaWYgU1REQ19IRUFERVJTCiMgaW5jbHVkZSA8c3RkbGliLmg+CiMgaW5jbHVkZSA8
c3RkZGVmLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERMSUJfSAojICBpbmNsdWRlIDxzdGRsaWIuaD4K
IyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HX0gKIyBpZiAhU1REQ19IRUFERVJTICYmIEhB
VkVfTUVNT1JZX0gKIyAgaW5jbHVkZSA8bWVtb3J5Lmg+CiMgZW5kaWYKIyBpbmNsdWRlIDxzdHJp
bmcuaD4KI2VuZGlmCiNpZiBIQVZFX1NUUklOR1NfSAojIGluY2x1ZGUgPHN0cmluZ3MuaD4KI2Vu
ZGlmCiNpZiBIQVZFX0lOVFRZUEVTX0gKIyBpbmNsdWRlIDxpbnR0eXBlcy5oPgojZWxzZQojIGlm
IEhBVkVfU1RESU5UX0gKIyAgaW5jbHVkZSA8c3RkaW50Lmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBI
QVZFX1VOSVNURF9ICiMgaW5jbHVkZSA8dW5pc3RkLmg+CiNlbmRpZgojaW5jbHVkZSA8c3lzL3N0
cm9wdHMuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNr
aW5nIHN5cy9zdHJvcHRzLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRl
c3QuYwpjb25maWd1cmU6NDgxMzogc3lzL3N0cm9wdHMuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVj
dG9yeQpjb25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2Fz
OgojbGluZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8
c3lzL3N0cm9wdHMuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6
IGNoZWNraW5nIGZvciBzeXMvc3Ryb3B0cy5oCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvc3lzbWFjcm9zLmggdXNhYmlsaXR5CmNvbmZpZ3Vy
ZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlh
bGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4
MTI6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0
ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgc3lzL3N5c21hY3Jvcy5o
IHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4
MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIGZvciBzeXMvc3lzbWFjcm9zLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNv
bmZpZ3VyZTo0ODEyOiBjaGVja2luZyBzeXMvdGltZS5oIHVzYWJpbGl0eQpjb25maWd1cmU6NDgx
MjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVk
ICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiB0
ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjog
cmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHN5cy90aW1lLmggcHJlc2VuY2UK
Y29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NDgxMjogJD8gPSAw
CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgZm9y
IHN5cy90aW1lLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBj
aGVja2luZyBzeXMvdW4uaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUK
Y29uZmlndXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5v
CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZp
Z3VyZTo0ODEyOiBjaGVja2luZyBzeXMvdW4uaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2Nj
IC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJl
c3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Igc3lzL3VuLmgKY29uZmlndXJl
OjQ4MTI6IHJlc3VsdDogCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyB0aW1lLmggdXNhYmlsaXR5
CmNvbmZpZ3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25v
LXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29u
ZmlndXJlOjQ4MTI6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNv
bmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgdGltZS5o
IHByZXNlbmNlCmNvbmZpZ3VyZTo0ODEyOiBnY2MgLUUgIGNvbmZ0ZXN0LmMKY29uZmlndXJlOjQ4
MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIGZvciB0aW1lLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyB0dHllbnQuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAt
ZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3Qu
YyA+JjUKY29uZmlndXJlOjQ4NDc6IHR0eWVudC5oOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5
CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNs
aW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCiNpbmNsdWRlIDxzdGRp
by5oPgojaWYgSEFWRV9TWVNfVFlQRVNfSAojIGluY2x1ZGUgPHN5cy90eXBlcy5oPgojZW5kaWYK
I2lmIEhBVkVfU1lTX1NUQVRfSAojIGluY2x1ZGUgPHN5cy9zdGF0Lmg+CiNlbmRpZgojaWYgU1RE
Q19IRUFERVJTCiMgaW5jbHVkZSA8c3RkbGliLmg+CiMgaW5jbHVkZSA8c3RkZGVmLmg+CiNlbHNl
CiMgaWYgSEFWRV9TVERMSUJfSAojICBpbmNsdWRlIDxzdGRsaWIuaD4KIyBlbmRpZgojZW5kaWYK
I2lmIEhBVkVfU1RSSU5HX0gKIyBpZiAhU1REQ19IRUFERVJTICYmIEhBVkVfTUVNT1JZX0gKIyAg
aW5jbHVkZSA8bWVtb3J5Lmg+CiMgZW5kaWYKIyBpbmNsdWRlIDxzdHJpbmcuaD4KI2VuZGlmCiNp
ZiBIQVZFX1NUUklOR1NfSAojIGluY2x1ZGUgPHN0cmluZ3MuaD4KI2VuZGlmCiNpZiBIQVZFX0lO
VFRZUEVTX0gKIyBpbmNsdWRlIDxpbnR0eXBlcy5oPgojZWxzZQojIGlmIEhBVkVfU1RESU5UX0gK
IyAgaW5jbHVkZSA8c3RkaW50Lmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1VOSVNURF9ICiMg
aW5jbHVkZSA8dW5pc3RkLmg+CiNlbmRpZgojaW5jbHVkZSA8dHR5ZW50Lmg+CmNvbmZpZ3VyZTo0
ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyB0dHllbnQuaCBwcmVzZW5j
ZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEzOiB0dHll
bnQuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjogJD8gPSAxCmNv
bmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1cmUiCiNpbmNs
dWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8dHR5ZW50Lmg+CmNvbmZpZ3VyZTo0ODEyOiByZXN1
bHQ6IG5vCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3IgdHR5ZW50LmgKY29uZmlndXJlOjQ4
MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHVzZXJzZWMuaCB1c2FiaWxp
dHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1X
bm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjQ4NDc6IHVzZXJzZWMu
aDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZp
Z3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRl
ICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8uaD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBp
bmNsdWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNpZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRl
IDxzeXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENfSEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5o
PgojIGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQojIGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVk
ZSA8c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNpZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENf
SEVBREVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGluY2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMg
aW5jbHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYgSEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxz
dHJpbmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRUWVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMu
aD4KI2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMgIGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlm
CiNlbmRpZgojaWYgSEFWRV9VTklTVERfSAojIGluY2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKI2lu
Y2x1ZGUgPHVzZXJzZWMuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4
MTI6IGNoZWNraW5nIHVzZXJzZWMuaCBwcmVzZW5jZQpjb25maWd1cmU6NDgxMjogZ2NjIC1FICBj
b25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEzOiB1c2Vyc2VjLmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJl
Y3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdh
czoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUg
PHVzZXJzZWMuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNo
ZWNraW5nIGZvciB1c2Vyc2VjLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJl
OjQ4MTI6IGNoZWNraW5nIHV0aWwuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAt
ZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3Qu
YyA+JjUKY29uZmlndXJlOjQ4NDc6IHV0aWwuaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpj
b25maWd1cmU6NDgxMjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGlu
ZSA0ODEyICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8c3RkaW8u
aD4KI2lmIEhBVkVfU1lTX1RZUEVTX0gKIyBpbmNsdWRlIDxzeXMvdHlwZXMuaD4KI2VuZGlmCiNp
ZiBIQVZFX1NZU19TVEFUX0gKIyBpbmNsdWRlIDxzeXMvc3RhdC5oPgojZW5kaWYKI2lmIFNURENf
SEVBREVSUwojIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGluY2x1ZGUgPHN0ZGRlZi5oPgojZWxzZQoj
IGlmIEhBVkVfU1RETElCX0gKIyAgaW5jbHVkZSA8c3RkbGliLmg+CiMgZW5kaWYKI2VuZGlmCiNp
ZiBIQVZFX1NUUklOR19ICiMgaWYgIVNURENfSEVBREVSUyAmJiBIQVZFX01FTU9SWV9ICiMgIGlu
Y2x1ZGUgPG1lbW9yeS5oPgojIGVuZGlmCiMgaW5jbHVkZSA8c3RyaW5nLmg+CiNlbmRpZgojaWYg
SEFWRV9TVFJJTkdTX0gKIyBpbmNsdWRlIDxzdHJpbmdzLmg+CiNlbmRpZgojaWYgSEFWRV9JTlRU
WVBFU19ICiMgaW5jbHVkZSA8aW50dHlwZXMuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURElOVF9ICiMg
IGluY2x1ZGUgPHN0ZGludC5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9VTklTVERfSAojIGlu
Y2x1ZGUgPHVuaXN0ZC5oPgojZW5kaWYKI2luY2x1ZGUgPHV0aWwuaD4KY29uZmlndXJlOjQ4MTI6
IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHV0aWwuaCBwcmVzZW5jZQpjb25m
aWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEzOiB1dGlsLmg6IE5v
IHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjQ4MTI6ICQ/ID0gMQpjb25maWd1cmU6
IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNDgxMiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29u
ZmRlZnMuaCIKI2luY2x1ZGUgPHV0aWwuaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29u
ZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciB1dGlsLmgKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDog
bm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHV0aW1lLmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo0
ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6
ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6
IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEy
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgdXRpbWUuaCBwcmVzZW5jZQpj
b25maWd1cmU6NDgxMjogZ2NjIC1FICBjb25mdGVzdC5jCmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDAK
Y29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0ODEyOiBjaGVja2luZyBmb3Ig
dXRpbWUuaApjb25maWd1cmU6NDgxMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNr
aW5nIHV0bXAuaCB1c2FiaWxpdHkKY29uZmlndXJlOjQ4MTI6IGdjYyAtYyAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgY29uZnRlc3QuYyA+JjUKY29uZmln
dXJlOjQ4MTI6ICQ/ID0gMApjb25maWd1cmU6NDgxMjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZp
Z3VyZTo0ODEyOiAkPyA9IDAKY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0
ODEyOiBjaGVja2luZyB1dG1wLmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29u
ZnRlc3QuYwpjb25maWd1cmU6NDgxMjogJD8gPSAwCmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IHll
cwpjb25maWd1cmU6NDgxMjogY2hlY2tpbmcgZm9yIHV0bXAuaApjb25maWd1cmU6NDgxMjogcmVz
dWx0OiB5ZXMKY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIHV0bXB4LmggdXNhYmlsaXR5CmNvbmZp
Z3VyZTo0ODEyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo0ODQ3OiB1dG1weC5oOiBObyBzdWNo
IGZpbGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo0ODEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWls
ZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDQ4MTIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZz
LmgiCiNpbmNsdWRlIDxzdGRpby5oPgojaWYgSEFWRV9TWVNfVFlQRVNfSAojIGluY2x1ZGUgPHN5
cy90eXBlcy5oPgojZW5kaWYKI2lmIEhBVkVfU1lTX1NUQVRfSAojIGluY2x1ZGUgPHN5cy9zdGF0
Lmg+CiNlbmRpZgojaWYgU1REQ19IRUFERVJTCiMgaW5jbHVkZSA8c3RkbGliLmg+CiMgaW5jbHVk
ZSA8c3RkZGVmLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERMSUJfSAojICBpbmNsdWRlIDxzdGRsaWIu
aD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HX0gKIyBpZiAhU1REQ19IRUFERVJTICYm
IEhBVkVfTUVNT1JZX0gKIyAgaW5jbHVkZSA8bWVtb3J5Lmg+CiMgZW5kaWYKIyBpbmNsdWRlIDxz
dHJpbmcuaD4KI2VuZGlmCiNpZiBIQVZFX1NUUklOR1NfSAojIGluY2x1ZGUgPHN0cmluZ3MuaD4K
I2VuZGlmCiNpZiBIQVZFX0lOVFRZUEVTX0gKIyBpbmNsdWRlIDxpbnR0eXBlcy5oPgojZWxzZQoj
IGlmIEhBVkVfU1RESU5UX0gKIyAgaW5jbHVkZSA8c3RkaW50Lmg+CiMgZW5kaWYKI2VuZGlmCiNp
ZiBIQVZFX1VOSVNURF9ICiMgaW5jbHVkZSA8dW5pc3RkLmg+CiNlbmRpZgojaW5jbHVkZSA8dXRt
cHguaD4KY29uZmlndXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5n
IHV0bXB4LmggcHJlc2VuY2UKY29uZmlndXJlOjQ4MTI6IGdjYyAtRSAgY29uZnRlc3QuYwpjb25m
aWd1cmU6NDgxMzogdXRtcHguaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6
NDgxMjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA0ODEyICJj
b25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgojaW5jbHVkZSA8dXRtcHguaD4KY29uZmln
dXJlOjQ4MTI6IHJlc3VsdDogbm8KY29uZmlndXJlOjQ4MTI6IGNoZWNraW5nIGZvciB1dG1weC5o
CmNvbmZpZ3VyZTo0ODEyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo0ODE2OiBjaGVja2luZyBmb3Ig
eXBfbWF0Y2gKY29uZmlndXJlOjQ4Nzc6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdw
b2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgID4mNQpjb25maWd1
cmU6NDg3NzogJD8gPSAwCmNvbmZpZ3VyZTo0ODc3OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3Vy
ZTo0ODc3OiAkPyA9IDAKY29uZmlndXJlOjQ4Nzg6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo0OTUw
OiBjaGVja2luZyBmb3Igc2V0c29ja29wdApjb25maWd1cmU6NTAxMTogZ2NjIC1vIGNvbmZ0ZXN0
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRl
c3QuYyAgPiY1CmNvbmZpZ3VyZTo1MDExOiAkPyA9IDAKY29uZmlndXJlOjUwMTE6IHRlc3QgLXMg
Y29uZnRlc3QKY29uZmlndXJlOjUwMTE6ICQ/ID0gMApjb25maWd1cmU6NTAxMjogcmVzdWx0OiB5
ZXMKY29uZmlndXJlOjUxNDk6IGNoZWNraW5nIGZvciBnZXRzcG5hbQpjb25maWd1cmU6NTIxMDog
Z2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRp
YWxpemVkICAgY29uZnRlc3QuYyAgPiY1CmNvbmZpZ3VyZTo1MjEwOiAkPyA9IDAKY29uZmlndXJl
OjUyMTA6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjUyMTA6ICQ/ID0gMApjb25maWd1cmU6
NTIxMTogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjUzMjY6IGNoZWNraW5nIGZvciBkZWZsYXRlIGlu
IC1segpjb25maWd1cmU6NTM3ODogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbHogICA+JjUKY29uZmln
dXJlOjUzNzg6ICQ/ID0gMApjb25maWd1cmU6NTM3ODogdGVzdCAtcyBjb25mdGVzdApjb25maWd1
cmU6NTM3ODogJD8gPSAwCmNvbmZpZ3VyZTo1Mzc5OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NTM5
NTogY2hlY2tpbmcgZm9yIHN0cmNhc2VjbXAKY29uZmlndXJlOjU0NTY6IGdjYyAtbyBjb25mdGVz
dCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0
ZXN0LmMgLWx6ICA+JjUKY29uZmlndXJlOjU0NTY6ICQ/ID0gMApjb25maWd1cmU6NTQ1NjogdGVz
dCAtcyBjb25mdGVzdApjb25maWd1cmU6NTQ1NjogJD8gPSAwCmNvbmZpZ3VyZTo1NDU3OiByZXN1
bHQ6IHllcwpjb25maWd1cmU6NTUyNDogY2hlY2tpbmcgZm9yIHV0aW1lcwpjb25maWd1cmU6NTU4
NTogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmlu
aXRpYWxpemVkICAgY29uZnRlc3QuYyAtbHogID4mNQpjb25maWd1cmU6NTU4NTogJD8gPSAwCmNv
bmZpZ3VyZTo1NTg1OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo1NTg1OiAkPyA9IDAKY29u
ZmlndXJlOjU1ODY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo1NzY2OiBjaGVja2luZyBsaWJ1dGls
LmggdXNhYmlsaXR5CmNvbmZpZ3VyZTo1NzY2OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo1ODAx
OiBsaWJ1dGlsLmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjU3NjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNTc2NiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19U
WVBFU19ICiMgaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNlbmRpZgojaWYgSEFWRV9TWVNfU1RBVF9I
CiMgaW5jbHVkZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNpZiBTVERDX0hFQURFUlMKIyBpbmNsdWRl
IDxzdGRsaWIuaD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4KI2Vsc2UKIyBpZiBIQVZFX1NURExJQl9I
CiMgIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNlbmRpZgojaWYgSEFWRV9TVFJJTkdfSAoj
IGlmICFTVERDX0hFQURFUlMgJiYgSEFWRV9NRU1PUllfSAojICBpbmNsdWRlIDxtZW1vcnkuaD4K
IyBlbmRpZgojIGluY2x1ZGUgPHN0cmluZy5oPgojZW5kaWYKI2lmIEhBVkVfU1RSSU5HU19ICiMg
aW5jbHVkZSA8c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhBVkVfSU5UVFlQRVNfSAojIGluY2x1ZGUg
PGludHR5cGVzLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJTlRfSAojICBpbmNsdWRlIDxzdGRpbnQu
aD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfVU5JU1REX0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4K
I2VuZGlmCiNpbmNsdWRlIDxsaWJ1dGlsLmg+CmNvbmZpZ3VyZTo1NzY2OiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZTo1NzY2OiBjaGVja2luZyBsaWJ1dGlsLmggcHJlc2VuY2UKY29uZmlndXJlOjU3NjY6
IGdjYyAtRSAgY29uZnRlc3QuYwpjb25maWd1cmU6NTc2NzogbGlidXRpbC5oOiBObyBzdWNoIGZp
bGUgb3IgZGlyZWN0b3J5CmNvbmZpZ3VyZTo1NzY2OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQg
cHJvZ3JhbSB3YXM6CiNsaW5lIDU3NjYgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgi
CiNpbmNsdWRlIDxsaWJ1dGlsLmg+CmNvbmZpZ3VyZTo1NzY2OiByZXN1bHQ6IG5vCmNvbmZpZ3Vy
ZTo1NzY2OiBjaGVja2luZyBmb3IgbGlidXRpbC5oCmNvbmZpZ3VyZTo1NzY2OiByZXN1bHQ6IG5v
CmNvbmZpZ3VyZTo1NzY4OiBjaGVja2luZyBmb3IgbGlicmFyeSBjb250YWluaW5nIGxvZ2luCmNv
bmZpZ3VyZTo1ODY4OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0
aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1seiAgPiY1Ci90bXAvY2NhMjM5NDQx
Lm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjU4
ODY6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYGxvZ2luJwpjb2xsZWN0MjogbGQgcmV0dXJuZWQg
MSBleGl0IHN0YXR1cwpjb25maWd1cmU6NTg2ODogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHBy
b2dyYW0gd2FzOgojbGluZSA1ODY4ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoK
LyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9y
LiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFy
IGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVp
bHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAg
Ki8KY2hhciBsb2dpbiAoKTsKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNw
bHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJl
dHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CmxvZ2luICgpOwogIDsKICByZXR1cm4gMDsK
fQpjb25maWd1cmU6NTg2ODogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXIt
YXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbHV0aWwgIC1seiAgPiY1Ci91
c3IvaTU4Ni1wYy1saW51eC1nbnVsaWJjMS9iaW4vbGQ6IGNhbm5vdCBvcGVuIC1sdXRpbDogTm8g
c3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1
cwpjb25maWd1cmU6NTg2ODogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgoj
bGluZSA1ODY4ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKLyogT3ZlcnJpZGUg
YW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVm
IF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50
IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhl
biBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBsb2dp
biAoKTsKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0
ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNl
bmRpZgppbnQKbWFpbiAoKQp7CmxvZ2luICgpOwogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6
NTg2ODogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11
bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAgLWx6ICA+JjUKY29uZmlndXJlOjU4Njg6
ICQ/ID0gMApjb25maWd1cmU6NTg2ODogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NTg2ODog
JD8gPSAwCmNvbmZpZ3VyZTo1ODY5OiByZXN1bHQ6IC1sYnNkCmNvbmZpZ3VyZTo1OTU1OiBjaGVj
a2luZyBmb3IgbG9nb3V0CmNvbmZpZ3VyZTo1OTU1OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1X
YWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNk
IC1seiAgPiY1CmNvbmZpZ3VyZTo1OTU1OiAkPyA9IDAKY29uZmlndXJlOjU5NTU6IHRlc3QgLXMg
Y29uZnRlc3QKY29uZmlndXJlOjU5NTU6ICQ/ID0gMApjb25maWd1cmU6NTk1NTogcmVzdWx0OiB5
ZXMKY29uZmlndXJlOjU5NTU6IGNoZWNraW5nIGZvciB1cGR3dG1wCmNvbmZpZ3VyZTo1OTU1OiBn
Y2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlh
bGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQwMTMxLm86IEluIGZ1
bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjU5ODM6IHVuZGVm
aW5lZCByZWZlcmVuY2UgdG8gYHVwZHd0bXAnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQg
c3RhdHVzCmNvbmZpZ3VyZTo1OTU1OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3
YXM6CiNsaW5lIDU5NTUgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3Rl
bSBoZWFkZXIgdG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90
eXBlcywKICAgIHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgdXBkd3RtcCAoKTsgYmVsb3cu
ICAqLwojaW5jbHVkZSA8YXNzZXJ0Lmg+Ci8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHBy
b3RvdHlwZSB0byBhdm9pZCBhbiBlcnJvci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4g
IkMiCiNlbmRpZgovKiBXZSB1c2UgY2hhciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0
dXJuIHR5cGUgb2YgYSBnY2MyCiAgIGJ1aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3Rv
dHlwZSB3b3VsZCBzdGlsbCBhcHBseS4gICovCmNoYXIgdXBkd3RtcCAoKTsKY2hhciAoKmYpICgp
OwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJu
ICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRp
ZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVu
Y3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lT
LiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRp
bmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmlu
ZWQgKF9fc3R1Yl91cGR3dG1wKSB8fCBkZWZpbmVkIChfX3N0dWJfX191cGR3dG1wKQpjaG9rZSBt
ZQojZWxzZQpmID0gdXBkd3RtcDsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6
NTk1NTogcmVzdWx0OiBubwpjb25maWd1cmU6NTk1NTogY2hlY2tpbmcgZm9yIGxvZ3d0bXAKY29u
ZmlndXJlOjU5NTU6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRo
IC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJl
OjU5NTU6ICQ/ID0gMApjb25maWd1cmU6NTk1NTogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6
NTk1NTogJD8gPSAwCmNvbmZpZ3VyZTo1OTU1OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjA5Nzog
Y2hlY2tpbmcgZm9yIHN0cmZ0aW1lCmNvbmZpZ3VyZTo2MDk3OiBnY2MgLW8gY29uZnRlc3QgLWcg
LU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5j
IC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2MDk3OiAkPyA9IDAKY29uZmlndXJlOjYwOTc6IHRl
c3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjYwOTc6ICQ/ID0gMApjb25maWd1cmU6NjA5NzogcmVz
dWx0OiB5ZXMKY29uZmlndXJlOjYxMDE6IGNoZWNraW5nIGZvciBHTE9CX0FMVERJUkZVTkMgc3Vw
cG9ydApjb25maWd1cmU6NjEyOTogcmVzdWx0OiBubwpjb25maWd1cmU6NjEzNDogY2hlY2tpbmcg
Zm9yIGdsX21hdGNoYyBmaWVsZCBpbiBnbG9iX3QKY29uZmlndXJlOjYxNjA6IHJlc3VsdDogbm8K
Y29uZmlndXJlOjYxNjQ6IGNoZWNraW5nIHdoZXRoZXIgc3RydWN0IGRpcmVudCBhbGxvY2F0ZXMg
c3BhY2UgZm9yIGRfbmFtZQpjb25maWd1cmU6NjIwOTogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAt
V2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJz
ZCAtbHogID4mNQpjb25maWd1cmU6NjIwOTogJD8gPSAwCmNvbmZpZ3VyZTo2MjA5OiAuL2NvbmZ0
ZXN0CmNvbmZpZ3VyZTo2MjA5OiAkPyA9IDAKY29uZmlndXJlOjYyMDk6IHJlc3VsdDogeWVzCmNv
bmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgYXJjNHJhbmRvbQpjb25maWd1cmU6NjUyNjogZ2Nj
IC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQovdG1wL2NjYTI0MTExMS5vOiBJbiBmdW5j
dGlvbiBgbWFpbic6Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmlu
ZWQgcmVmZXJlbmNlIHRvIGBhcmM0cmFuZG9tJwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0
IHN0YXR1cwpjb25maWd1cmU6NjUyNjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0g
d2FzOgojbGluZSA2NTI2ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0
ZW0gaGVhZGVyIHRvIGRlZmluZSBfX3N0dWIgbWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3Rv
dHlwZXMsCiAgICB3aGljaCBjYW4gY29uZmxpY3Qgd2l0aCBjaGFyIGFyYzRyYW5kb20gKCk7IGJl
bG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5h
bCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0
ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhl
IHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBw
cm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIGFyYzRyYW5kb20gKCk7CmNoYXIg
KCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAg
IGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsg
fQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMg
Zm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRo
IEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5n
IHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNp
ZiBkZWZpbmVkIChfX3N0dWJfYXJjNHJhbmRvbSkgfHwgZGVmaW5lZCAoX19zdHViX19fYXJjNHJh
bmRvbSkKY2hva2UgbWUKI2Vsc2UKZiA9IGFyYzRyYW5kb207CiNlbmRpZgoKICA7CiAgcmV0dXJu
IDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJlOjY1MjY6IGNoZWNraW5n
IGZvciBiNjRfbnRvcApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAt
bHogID4mNQovdG1wL2NjYTI0MTMwMS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVu
c3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBiNjRfbnRv
cCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHVi
IG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZs
aWN0IHdpdGggY2hhciBiNjRfbnRvcCAoKTsgYmVsb3cuICAqLwojaW5jbHVkZSA8YXNzZXJ0Lmg+
Ci8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlwZSB0byBhdm9pZCBhbiBlcnJv
ci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNlbmRpZgovKiBXZSB1c2UgY2hh
ciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5cGUgb2YgYSBnY2MyCiAgIGJ1
aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3b3VsZCBzdGlsbCBhcHBseS4g
ICovCmNoYXIgYjY0X250b3AgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJ
TgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3
N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUg
R05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1l
bnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBh
Y3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3Jt
YWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0dWJfYjY0X250b3ApIHx8
IGRlZmluZWQgKF9fc3R1Yl9fX2I2NF9udG9wKQpjaG9rZSBtZQojZWxzZQpmID0gYjY0X250b3A7
CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29u
ZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBiY29weQpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNv
bmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAg
Y29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3Vy
ZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJl
OjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgYmluZHJlc3Zw
b3J0X3NhCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9p
bnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1
Ci90bXAvY2NhMjQxNzQxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40
cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYGJpbmRyZXN2cG9ydF9z
YScKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHVi
IG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZs
aWN0IHdpdGggY2hhciBiaW5kcmVzdnBvcnRfc2EgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFz
c2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQg
YW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2Ug
dXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2Nj
MgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwg
YXBwbHkuICAqLwpjaGFyIGJpbmRyZXN2cG9ydF9zYSAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVm
IEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBl
bmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFp
biAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdo
aWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBm
dW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBf
XyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1
Yl9iaW5kcmVzdnBvcnRfc2EpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX2JpbmRyZXN2cG9ydF9zYSkK
Y2hva2UgbWUKI2Vsc2UKZiA9IGJpbmRyZXN2cG9ydF9zYTsKI2VuZGlmCgogIDsKICByZXR1cm4g
MDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcg
Zm9yIGNsb2NrCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1X
cG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAg
PiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRl
c3QKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29u
ZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBmY2htb2QKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBj
b25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAg
IGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1
cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3Vy
ZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGZjaG93bgpj
b25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJp
dGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1
cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3Vy
ZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2
OiBjaGVja2luZyBmb3IgZnJlZWFkZHJpbmZvCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRl
c3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25m
dGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQyNjgxLm86IEluIGZ1bmN0aW9uIGBtYWlu
JzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVu
Y2UgdG8gYGZyZWVhZGRyaW5mbycKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMK
Y29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xp
bmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRl
ciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAog
ICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBmcmVlYWRkcmluZm8gKCk7IGJlbG93LiAg
Ki8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90
b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJD
IgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVy
biB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5
cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIGZyZWVhZGRyaW5mbyAoKTsKY2hhciAoKmYp
ICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0
ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNl
bmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3Ig
ZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5P
U1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3Rh
cnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRl
ZmluZWQgKF9fc3R1Yl9mcmVlYWRkcmluZm8pIHx8IGRlZmluZWQgKF9fc3R1Yl9fX2ZyZWVhZGRy
aW5mbykKY2hva2UgbWUKI2Vsc2UKZiA9IGZyZWVhZGRyaW5mbzsKI2VuZGlmCgogIDsKICByZXR1
cm4gMDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tp
bmcgZm9yIGZ1dGltZXMKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdh
bGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2Qg
LWx6ICA+JjUKL3RtcC9jY2EyNDI4NzEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3Bl
bnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgZnV0aW1l
cycKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHVi
IG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZs
aWN0IHdpdGggY2hhciBmdXRpbWVzICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4K
LyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9y
LiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFy
IGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVp
bHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAg
Ki8KY2hhciBmdXRpbWVzICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4K
IyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdf
RFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdO
VSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50
cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0
dWFsbHkgbmFtZWQKICAgIHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFs
IG5hbWUgaXMgYW4gYWxpYXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX2Z1dGltZXMpIHx8IGRl
ZmluZWQgKF9fc3R1Yl9fX2Z1dGltZXMpCmNob2tlIG1lCiNlbHNlCmYgPSBmdXRpbWVzOwojZW5k
aWYKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3Vy
ZTo2NTI2OiBjaGVja2luZyBmb3IgZ2FpX3N0cmVycm9yCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8g
Y29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQg
ICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQzMDYxLm86IEluIGZ1bmN0aW9u
IGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCBy
ZWZlcmVuY2UgdG8gYGdhaV9zdHJlcnJvcicKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBz
dGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdh
czoKI2xpbmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVt
IGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5
cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBnYWlfc3RyZXJyb3IgKCk7IGJl
bG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5h
bCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0
ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhl
IHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBw
cm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIGdhaV9zdHJlcnJvciAoKTsKY2hh
ciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAg
ICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAx
OyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhp
cyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdp
dGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhp
bmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8K
I2lmIGRlZmluZWQgKF9fc3R1Yl9nYWlfc3RyZXJyb3IpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX2dh
aV9zdHJlcnJvcikKY2hva2UgbWUKI2Vsc2UKZiA9IGdhaV9zdHJlcnJvcjsKI2VuZGlmCgogIDsK
ICByZXR1cm4gMDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjog
Y2hlY2tpbmcgZm9yIGdldGFkZHJpbmZvCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3Qg
LWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVz
dC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQzMjUxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoK
L3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2Ug
dG8gYGdldGFkZHJpbmZvJwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25m
aWd1cmU6NjUyNjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2
NTI2ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRv
IGRlZmluZSBfX3N0dWIgbWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3
aGljaCBjYW4gY29uZmxpY3Qgd2l0aCBjaGFyIGdldGFkZHJpbmZvICgpOyBiZWxvdy4gICovCiNp
bmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBl
IHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2Vu
ZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlw
ZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdv
dWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBnZXRhZGRyaW5mbyAoKTsKY2hhciAoKmYpICgpOwoK
I2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJD
IgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgpp
bnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rp
b25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAg
U29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcg
d2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQg
KF9fc3R1Yl9nZXRhZGRyaW5mbykgfHwgZGVmaW5lZCAoX19zdHViX19fZ2V0YWRkcmluZm8pCmNo
b2tlIG1lCiNlbHNlCmYgPSBnZXRhZGRyaW5mbzsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpj
b25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGdl
dGN3ZApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpj
b25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNv
bmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3Vy
ZTo2NTI2OiBjaGVja2luZyBmb3IgZ2V0Z3JvdXBsaXN0CmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8g
Y29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQg
ICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQzNjkxLm86IEluIGZ1bmN0aW9u
IGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCBy
ZWZlcmVuY2UgdG8gYGdldGdyb3VwbGlzdCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBz
dGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdh
czoKI2xpbmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVt
IGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5
cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBnZXRncm91cGxpc3QgKCk7IGJl
bG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5h
bCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0
ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhl
IHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBw
cm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIGdldGdyb3VwbGlzdCAoKTsKY2hh
ciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAg
ICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAx
OyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhp
cyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdp
dGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhp
bmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8K
I2lmIGRlZmluZWQgKF9fc3R1Yl9nZXRncm91cGxpc3QpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX2dl
dGdyb3VwbGlzdCkKY2hva2UgbWUKI2Vsc2UKZiA9IGdldGdyb3VwbGlzdDsKI2VuZGlmCgogIDsK
ICByZXR1cm4gMDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjog
Y2hlY2tpbmcgZm9yIGdldG5hbWVpbmZvCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3Qg
LWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVz
dC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQzODgxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoK
L3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2Ug
dG8gYGdldG5hbWVpbmZvJwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25m
aWd1cmU6NjUyNjogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2
NTI2ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRv
IGRlZmluZSBfX3N0dWIgbWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3
aGljaCBjYW4gY29uZmxpY3Qgd2l0aCBjaGFyIGdldG5hbWVpbmZvICgpOyBiZWxvdy4gICovCiNp
bmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBl
IHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2Vu
ZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlw
ZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdv
dWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBnZXRuYW1laW5mbyAoKTsKY2hhciAoKmYpICgpOwoK
I2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJD
IgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgpp
bnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rp
b25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAg
U29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcg
d2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQg
KF9fc3R1Yl9nZXRuYW1laW5mbykgfHwgZGVmaW5lZCAoX19zdHViX19fZ2V0bmFtZWluZm8pCmNo
b2tlIG1lCiNlbHNlCmYgPSBnZXRuYW1laW5mbzsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpj
b25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGdl
dG9wdApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpj
b25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNv
bmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3Vy
ZTo2NTI2OiBjaGVja2luZyBmb3IgZ2V0cmxpbWl0CmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29u
ZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBj
b25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJl
OjY1MjY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6
NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBnZXRydXNhZ2UK
Y29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFy
aXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmln
dXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1
cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUy
NjogY2hlY2tpbmcgZm9yIGdldHR0eWVudApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRl
c3QuYyAtbGJzZCAtbHogID4mNQovdG1wL2NjYTI0NDgyMS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6
Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNl
IHRvIGBnZXR0dHllbnQnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNvbmZp
Z3VyZTo2NTI2OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDY1
MjYgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFkZXIgdG8g
ZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywKICAgIHdo
aWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgZ2V0dHR5ZW50ICgpOyBiZWxvdy4gICovCiNpbmNs
dWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRv
IGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlm
Ci8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBv
ZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxk
IHN0aWxsIGFwcGx5LiAgKi8KY2hhciBnZXR0dHllbnQgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRl
ZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAg
ZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1h
aW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3
aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUg
ZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGgg
X18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0
dWJfZ2V0dHR5ZW50KSB8fCBkZWZpbmVkIChfX3N0dWJfX19nZXR0dHllbnQpCmNob2tlIG1lCiNl
bHNlCmYgPSBnZXR0dHllbnQ7CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjY1
MjY6IHJlc3VsdDogbm8KY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBnbG9iCmNvbmZpZ3Vy
ZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25v
LXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2
OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6
ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNr
aW5nIGZvciBpbmV0X2F0b24KY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxi
c2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAt
cyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6
IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGluZXRfbnRvYQpjb25maWd1cmU6NjUy
NjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmlu
aXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8g
PSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9
IDAKY29uZmlndXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBm
b3IgaW5ldF9udG9wCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxs
IC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1s
eiAgPiY1Ci90bXAvY2NhMjQ1NzYxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5z
c2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYGluZXRfbnRv
cCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHVi
IG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZs
aWN0IHdpdGggY2hhciBpbmV0X250b3AgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5o
PgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJy
b3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNo
YXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBi
dWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHku
ICAqLwpjaGFyIGluZXRfbnRvcCAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9N
QUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQg
Rjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRo
ZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxl
bWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJl
IGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5v
cm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1Yl9pbmV0X250b3Ap
IHx8IGRlZmluZWQgKF9fc3R1Yl9fX2luZXRfbnRvcCkKY2hva2UgbWUKI2Vsc2UKZiA9IGluZXRf
bnRvcDsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBu
bwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGlubmV0Z3IKY29uZmlndXJlOjY1MjY6IGdj
YyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFs
aXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApj
b25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNv
bmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIGxv
Z2luX2dldGNhcGJvb2wKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdh
bGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2Qg
LWx6ICA+JjUKL3RtcC9jY2EyNDYyMDEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3Bl
bnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgbG9naW5f
Z2V0Y2FwYm9vbCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJl
OjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAi
Y29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZp
bmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2gg
Y2FuIGNvbmZsaWN0IHdpdGggY2hhciBsb2dpbl9nZXRjYXBib29sICgpOyBiZWxvdy4gICovCiNp
bmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBl
IHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2Vu
ZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlw
ZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdv
dWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBsb2dpbl9nZXRjYXBib29sICgpOwpjaGFyICgqZikg
KCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRl
cm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2Vu
ZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZvciBm
dW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBFTk9T
WVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFsbHkgbmFtZWQKICAgIHNvbWV0aGluZyBzdGFy
dGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5hbWUgaXMgYW4gYWxpYXMuICAqLwojaWYgZGVm
aW5lZCAoX19zdHViX2xvZ2luX2dldGNhcGJvb2wpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX2xvZ2lu
X2dldGNhcGJvb2wpCmNob2tlIG1lCiNlbHNlCmYgPSBsb2dpbl9nZXRjYXBib29sOwojZW5kaWYK
CiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2
NTI2OiBjaGVja2luZyBmb3IgbWQ1X2NyeXB0CmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRl
c3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25m
dGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjQ2MzkxLm86IEluIGZ1bmN0aW9uIGBtYWlu
JzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVu
Y2UgdG8gYG1kNV9jcnlwdCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29u
ZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUg
NjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0
byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAg
d2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBtZDVfY3J5cHQgKCk7IGJlbG93LiAgKi8KI2lu
Y2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUg
dG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5k
aWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBl
IG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291
bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIG1kNV9jcnlwdCAoKTsKY2hhciAoKmYpICgpOwoKI2lm
ZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgoj
ICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQK
bWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25z
IHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29t
ZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0
aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9f
c3R1Yl9tZDVfY3J5cHQpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX21kNV9jcnlwdCkKY2hva2UgbWUK
I2Vsc2UKZiA9IG1kNV9jcnlwdDsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6
NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIG1lbW1vdmUKY29u
ZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRo
IC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJl
OjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6
NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjog
Y2hlY2tpbmcgZm9yIG1rZHRlbXAKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAt
TzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMg
LWxic2QgLWx6ICA+JjUKL3RtcC9jY2EyNDY4NTEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9v
bHMvb3BlbnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBg
bWtkdGVtcCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1
MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29u
ZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUg
X19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2Fu
IGNvbmZsaWN0IHdpdGggY2hhciBta2R0ZW1wICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3Nl
cnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFu
IGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVz
ZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIK
ICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFw
cGx5LiAgKi8KY2hhciBta2R0ZW1wICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1Z
X01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGlu
dCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyog
VGhlIEdOVSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1w
bGVtZW50cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBh
cmUgYWN0dWFsbHkgbmFtZWQKICAgIHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUg
bm9ybWFsIG5hbWUgaXMgYW4gYWxpYXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX21rZHRlbXAp
IHx8IGRlZmluZWQgKF9fc3R1Yl9fX21rZHRlbXApCmNob2tlIG1lCiNlbHNlCmYgPSBta2R0ZW1w
OwojZW5kaWYKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgbW1hcApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNv
bmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAg
Y29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3Vy
ZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJl
OjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgbmdldGFkZHJp
bmZvCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90
bXAvY2NhMjQ3MjkxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEv
Y29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYG5nZXRhZGRyaW5mbycKY29s
bGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/ID0gMQpj
b25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJlIgojaW5j
bHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3Jv
cyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdp
dGggY2hhciBuZ2V0YWRkcmluZm8gKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgov
KiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3Iu
ICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIg
YmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWls
dGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAq
LwpjaGFyIG5nZXRhZGRyaW5mbyAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9N
QUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQg
Rjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRo
ZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxl
bWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJl
IGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5v
cm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1Yl9uZ2V0YWRkcmlu
Zm8pIHx8IGRlZmluZWQgKF9fc3R1Yl9fX25nZXRhZGRyaW5mbykKY2hva2UgbWUKI2Vsc2UKZiA9
IG5nZXRhZGRyaW5mbzsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6NjUyNjog
cmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIG9wZW5wdHkKY29uZmlndXJl
OjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8t
dW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6
ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjog
JD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tp
bmcgZm9yIG9nZXRhZGRyaW5mbwpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAt
bGJzZCAtbHogID4mNQovdG1wL2NjYTI0NzczMS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29s
cy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBv
Z2V0YWRkcmluZm8nCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNvbmZpZ3Vy
ZTo2NTI2OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDY1MjYg
ImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFkZXIgdG8gZGVm
aW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywKICAgIHdoaWNo
IGNhbiBjb25mbGljdCB3aXRoIGNoYXIgb2dldGFkZHJpbmZvICgpOyBiZWxvdy4gICovCiNpbmNs
dWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRv
IGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlm
Ci8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBv
ZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxk
IHN0aWxsIGFwcGx5LiAgKi8KY2hhciBvZ2V0YWRkcmluZm8gKCk7CmNoYXIgKCpmKSAoKTsKCiNp
ZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIK
IyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50
Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9u
cyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNv
bWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdp
dGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChf
X3N0dWJfb2dldGFkZHJpbmZvKSB8fCBkZWZpbmVkIChfX3N0dWJfX19vZ2V0YWRkcmluZm8pCmNo
b2tlIG1lCiNlbHNlCmYgPSBvZ2V0YWRkcmluZm87CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0K
Y29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBy
ZWFkcGFzc3BocmFzZQpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAt
bHogID4mNQovdG1wL2NjYTI0NzkyMS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVu
c3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGByZWFkcGFz
c3BocmFzZScKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1
MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29u
ZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUg
X19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2Fu
IGNvbmZsaWN0IHdpdGggY2hhciByZWFkcGFzc3BocmFzZSAoKTsgYmVsb3cuICAqLwojaW5jbHVk
ZSA8YXNzZXJ0Lmg+Ci8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlwZSB0byBh
dm9pZCBhbiBlcnJvci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNlbmRpZgov
KiBXZSB1c2UgY2hhciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5cGUgb2Yg
YSBnY2MyCiAgIGJ1aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3b3VsZCBz
dGlsbCBhcHBseS4gICovCmNoYXIgcmVhZHBhc3NwaHJhc2UgKCk7CmNoYXIgKCpmKSAoKTsKCiNp
ZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIK
IyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50
Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9u
cyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNv
bWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdp
dGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChf
X3N0dWJfcmVhZHBhc3NwaHJhc2UpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX3JlYWRwYXNzcGhyYXNl
KQpjaG9rZSBtZQojZWxzZQpmID0gcmVhZHBhc3NwaHJhc2U7CiNlbmRpZgoKICA7CiAgcmV0dXJu
IDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJlOjY1MjY6IGNoZWNraW5n
IGZvciByZWFscGF0aApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAt
bHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNv
bmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3VsdDogeWVz
CmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgcmVjdm1zZwpjb25maWd1cmU6NjUyNjogZ2Nj
IC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNv
bmZpZ3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29u
ZmlndXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgcnJl
c3Zwb3J0X2FmCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1X
cG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAg
PiY1Ci90bXAvY2NhMjQ4NjExLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gt
My40cDEvY29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYHJyZXN2cG9ydF9h
ZicKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJl
IgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHVi
IG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZs
aWN0IHdpdGggY2hhciBycmVzdnBvcnRfYWYgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2Vy
dC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4g
ZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNl
IGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgog
ICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBw
bHkuICAqLwpjaGFyIHJyZXN2cG9ydF9hZiAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVmIEY3N19E
VU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgog
ICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7
Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0
IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBmdW5jdGlv
bnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQg
dGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1Yl9ycmVz
dnBvcnRfYWYpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX3JyZXN2cG9ydF9hZikKY2hva2UgbWUKI2Vs
c2UKZiA9IHJyZXN2cG9ydF9hZjsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6
NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHNlbmRtc2cKY29u
ZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRo
IC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJl
OjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6
NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjog
Y2hlY2tpbmcgZm9yIHNldGR0YWJsZXNpemUKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVz
dCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0
ZXN0LmMgLWxic2QgLWx6ICA+JjUKL3RtcC9jY2EyNDkwNTEubzogSW4gZnVuY3Rpb24gYG1haW4n
OgovdG9vbHMvb3BlbnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5j
ZSB0byBgc2V0ZHRhYmxlc2l6ZScKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMK
Y29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xp
bmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRl
ciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAog
ICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBzZXRkdGFibGVzaXplICgpOyBiZWxvdy4g
ICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJv
dG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAi
QyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1
cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90
eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBzZXRkdGFibGVzaXplICgpOwpjaGFyICgq
ZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBl
eHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0K
I2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZv
ciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBF
Tk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFsbHkgbmFtZWQKICAgIHNvbWV0aGluZyBz
dGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5hbWUgaXMgYW4gYWxpYXMuICAqLwojaWYg
ZGVmaW5lZCAoX19zdHViX3NldGR0YWJsZXNpemUpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX3NldGR0
YWJsZXNpemUpCmNob2tlIG1lCiNlbHNlCmYgPSBzZXRkdGFibGVzaXplOwojZW5kaWYKCiAgOwog
IHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2NTI2OiBj
aGVja2luZyBmb3Igc2V0ZWdpZApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAt
bGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0
IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3Vs
dDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3Igc2V0ZW52CmNvbmZpZ3VyZTo2NTI2
OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9
IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6ICQ/ID0g
MApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZv
ciBzZXRldWlkCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1X
cG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAg
PiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRl
c3QKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29u
ZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBzZXRncm91cHMKY29uZmlndXJlOjY1MjY6IGdjYyAt
byBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXpl
ZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25m
aWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZp
Z3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHNldGxv
Z2luCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90
bXAvY2NhMjUwMjQxLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEv
Y29uZmlndXJlOjY1NTQ6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYHNldGxvZ2luJwpjb2xsZWN0
MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25maWd1cmU6NjUyNjogJD8gPSAxCmNvbmZp
Z3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2NTI2ICJjb25maWd1cmUiCiNpbmNsdWRl
ICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRvIGRlZmluZSBfX3N0dWIgbWFjcm9zIGFu
ZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3aGljaCBjYW4gY29uZmxpY3Qgd2l0aCBj
aGFyIHNldGxvZ2luICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJp
ZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lm
ZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2Ug
aW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQg
dGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBz
ZXRsb2dpbiAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVm
IF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01B
SU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJy
YXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRv
IGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5h
bWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlz
IGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1Yl9zZXRsb2dpbikgfHwgZGVmaW5lZCAo
X19zdHViX19fc2V0bG9naW4pCmNob2tlIG1lCiNlbHNlCmYgPSBzZXRsb2dpbjsKI2VuZGlmCgog
IDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUy
NjogY2hlY2tpbmcgZm9yIHNldHByb2N0aXRsZQpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0
ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29u
ZnRlc3QuYyAtbGJzZCAtbHogID4mNQovdG1wL2NjYTI1MDQzMS5vOiBJbiBmdW5jdGlvbiBgbWFp
bic6Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJl
bmNlIHRvIGBzZXRwcm9jdGl0bGUnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVz
CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNs
aW5lIDY1MjYgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFk
ZXIgdG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywK
ICAgIHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgc2V0cHJvY3RpdGxlICgpOyBiZWxvdy4g
ICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJv
dG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAi
QyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1
cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90
eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBzZXRwcm9jdGl0bGUgKCk7CmNoYXIgKCpm
KSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4
dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQoj
ZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9y
IGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVO
T1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0
YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBk
ZWZpbmVkIChfX3N0dWJfc2V0cHJvY3RpdGxlKSB8fCBkZWZpbmVkIChfX3N0dWJfX19zZXRwcm9j
dGl0bGUpCmNob2tlIG1lCiNlbHNlCmYgPSBzZXRwcm9jdGl0bGU7CiNlbmRpZgoKICA7CiAgcmV0
dXJuIDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJlOjY1MjY6IGNoZWNr
aW5nIGZvciBzZXRyZXNnaWQKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxi
c2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAt
cyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6
IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHNldHJldWlkCmNvbmZpZ3VyZTo2NTI2
OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9
IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6ICQ/ID0g
MApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZv
ciBzZXRybGltaXQKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6
ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25m
dGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpj
b25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHNldHNpZApjb25maWd1cmU6NjUyNjogZ2NjIC1v
IGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVk
ICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZp
Z3VyZTo2NTI2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmln
dXJlOjY1MjY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3Igc2V0cGNy
ZWQKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVy
LWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKL3Rt
cC9jY2EyNTE2MjEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3BlbnNzaC0zLjRwMS9j
b25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgc2V0cGNyZWQnCmNvbGxlY3Qy
OiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDEKY29uZmln
dXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDY1MjYgImNvbmZpZ3VyZSIKI2luY2x1ZGUg
ImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFkZXIgdG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5k
IGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywKICAgIHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNo
YXIgc2V0cGNyZWQgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlk
ZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZk
ZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBp
bnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0
aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIHNl
dHBjcmVkICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYg
X19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJ
TigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBDIGxpYnJh
cnkgZGVmaW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwogICAgdG8g
YWx3YXlzIGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFsbHkgbmFt
ZWQKICAgIHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5hbWUgaXMg
YW4gYWxpYXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX3NldHBjcmVkKSB8fCBkZWZpbmVkIChf
X3N0dWJfX19zZXRwY3JlZCkKY2hva2UgbWUKI2Vsc2UKZiA9IHNldHBjcmVkOwojZW5kaWYKCiAg
OwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2NTI2
OiBjaGVja2luZyBmb3Igc2V0dmJ1Zgpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1n
IC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3Qu
YyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0
ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJl
c3VsdDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3Igc2lnYWN0aW9uCmNvbmZpZ3Vy
ZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25v
LXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2
OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6
ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNr
aW5nIGZvciBzaWd2ZWMKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdh
bGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2Qg
LWx6ICA+JjUKL3RtcC9jY2EyNTIzMTEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3Bl
bnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgc2lndmVj
Jwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25maWd1cmU6NjUyNjogJD8g
PSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2NTI2ICJjb25maWd1cmUi
CiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRvIGRlZmluZSBfX3N0dWIg
bWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3aGljaCBjYW4gY29uZmxp
Y3Qgd2l0aCBjaGFyIHNpZ3ZlYyAoKTsgYmVsb3cuICAqLwojaW5jbHVkZSA8YXNzZXJ0Lmg+Ci8q
IE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlwZSB0byBhdm9pZCBhbiBlcnJvci4g
ICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNlbmRpZgovKiBXZSB1c2UgY2hhciBi
ZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5cGUgb2YgYSBnY2MyCiAgIGJ1aWx0
aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3b3VsZCBzdGlsbCBhcHBseS4gICov
CmNoYXIgc2lndmVjICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAg
aWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVN
TVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBD
IGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwog
ICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFs
bHkgbmFtZWQKICAgIHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5h
bWUgaXMgYW4gYWxpYXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX3NpZ3ZlYykgfHwgZGVmaW5l
ZCAoX19zdHViX19fc2lndmVjKQpjaG9rZSBtZQojZWxzZQpmID0gc2lndmVjOwojZW5kaWYKCiAg
OwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2NTI2
OiBjaGVja2luZyBmb3Igc25wcmludGYKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAt
ZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0
LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjog
dGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiBy
ZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHNvY2tldHBhaXIKY29uZmln
dXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1X
bm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1
MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUy
NjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hl
Y2tpbmcgZm9yIHN0cmVycm9yCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8y
IC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1s
YnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3Qg
LXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0
OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciBzdHJsY2F0CmNvbmZpZ3VyZTo2NTI2
OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjUzMjUxLm86IElu
IGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjY1NTQ6IHVu
ZGVmaW5lZCByZWZlcmVuY2UgdG8gYHN0cmxjYXQnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4
aXQgc3RhdHVzCmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3Jh
bSB3YXM6CiNsaW5lIDY1MjYgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5
c3RlbSBoZWFkZXIgdG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJv
dG90eXBlcywKICAgIHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgc3RybGNhdCAoKTsgYmVs
b3cuICAqLwojaW5jbHVkZSA8YXNzZXJ0Lmg+Ci8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFs
IHByb3RvdHlwZSB0byBhdm9pZCBhbiBlcnJvci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRl
cm4gIkMiCiNlbmRpZgovKiBXZSB1c2UgY2hhciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUg
cmV0dXJuIHR5cGUgb2YgYSBnY2MyCiAgIGJ1aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHBy
b3RvdHlwZSB3b3VsZCBzdGlsbCBhcHBseS4gICovCmNoYXIgc3RybGNhdCAoKTsKY2hhciAoKmYp
ICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0
ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNl
bmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3Ig
ZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5P
U1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3Rh
cnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRl
ZmluZWQgKF9fc3R1Yl9zdHJsY2F0KSB8fCBkZWZpbmVkIChfX3N0dWJfX19zdHJsY2F0KQpjaG9r
ZSBtZQojZWxzZQpmID0gc3RybGNhdDsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1
cmU6NjUyNjogcmVzdWx0OiBubwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHN0cmxjcHkK
Y29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFy
aXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKL3RtcC9j
Y2EyNTM0NDEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3BlbnNzaC0zLjRwMS9jb25m
aWd1cmU6NjU1NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgc3RybGNweScKY29sbGVjdDI6IGxk
IHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6
IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29u
ZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9w
ZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBz
dHJsY3B5ICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55
IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9f
Y3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1p
Z2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBp
dHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBzdHJsY3B5
ICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1
c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsg
cmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBDIGxpYnJhcnkgZGVm
aW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwogICAgdG8gYWx3YXlz
IGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFsbHkgbmFtZWQKICAg
IHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5hbWUgaXMgYW4gYWxp
YXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX3N0cmxjcHkpIHx8IGRlZmluZWQgKF9fc3R1Yl9f
X3N0cmxjcHkpCmNob2tlIG1lCiNlbHNlCmYgPSBzdHJsY3B5OwojZW5kaWYKCiAgOwogIHJldHVy
biAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2lu
ZyBmb3Igc3RybW9kZQpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAt
bHogID4mNQovdG1wL2NjYTI1MzYzMS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVu
c3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBzdHJtb2Rl
Jwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25maWd1cmU6NjUyNjogJD8g
PSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2NTI2ICJjb25maWd1cmUi
CiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRvIGRlZmluZSBfX3N0dWIg
bWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3aGljaCBjYW4gY29uZmxp
Y3Qgd2l0aCBjaGFyIHN0cm1vZGUgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgov
KiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3Iu
ICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIg
YmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWls
dGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAq
LwpjaGFyIHN0cm1vZGUgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgoj
ICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19E
VU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05V
IEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRz
CiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1
YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwg
bmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0dWJfc3RybW9kZSkgfHwgZGVm
aW5lZCAoX19zdHViX19fc3RybW9kZSkKY2hva2UgbWUKI2Vsc2UKZiA9IHN0cm1vZGU7CiNlbmRp
ZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJl
OjY1MjY6IGNoZWNraW5nIGZvciBzdHJzZXAKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVz
dCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0
ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUy
NjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIHN5c2NvbmYKY29uZmln
dXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1X
bm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1
MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUy
NjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hl
Y2tpbmcgZm9yIHRjZ2V0cGdycApjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAt
bGJzZCAtbHogID4mNQpjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiB0ZXN0
IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHJlc3Vs
dDogeWVzCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2luZyBmb3IgdHJ1bmNhdGUKY29uZmlndXJlOjY1
MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8g
PSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcg
Zm9yIHV0aW1lcwpjb25maWd1cmU6NjUyNjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNo
ZWNraW5nIGZvciB2aGFuZ3VwCmNvbmZpZ3VyZTo2NTI2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8y
IC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1s
YnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTI2OiAkPyA9IDAKY29uZmlndXJlOjY1MjY6IHRlc3Qg
LXMgY29uZnRlc3QKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogcmVzdWx0
OiB5ZXMKY29uZmlndXJlOjY1MjY6IGNoZWNraW5nIGZvciB2c25wcmludGYKY29uZmlndXJlOjY1
MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/
ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NjUyNjogJD8g
PSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NjUyNjogY2hlY2tpbmcg
Zm9yIHdhaXRwaWQKY29uZmlndXJlOjY1MjY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6
ICA+JjUKY29uZmlndXJlOjY1MjY6ICQ/ID0gMApjb25maWd1cmU6NjUyNjogdGVzdCAtcyBjb25m
dGVzdApjb25maWd1cmU6NjUyNjogJD8gPSAwCmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IHllcwpj
b25maWd1cmU6NjUyNjogY2hlY2tpbmcgZm9yIF9fYjY0X250b3AKY29uZmlndXJlOjY1MjY6IGdj
YyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFs
aXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKL3RtcC9jY2EyNTU2NzEubzogSW4gZnVu
Y3Rpb24gYG1haW4nOgovdG9vbHMvb3BlbnNzaC0zLjRwMS9jb25maWd1cmU6NjU1NDogdW5kZWZp
bmVkIHJlZmVyZW5jZSB0byBgX19iNjRfbnRvcCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhp
dCBzdGF0dXMKY29uZmlndXJlOjY1MjY6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFt
IHdhczoKI2xpbmUgNjUyNiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lz
dGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90
b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBfX2I2NF9udG9wICgpOyBi
ZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJu
YWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4
dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRo
ZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQg
cHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBfX2I2NF9udG9wICgpOwpjaGFy
ICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAg
ICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7
IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdOVSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlz
IGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0
aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0dWFsbHkgbmFtZWQKICAgIHNvbWV0aGlu
ZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFsIG5hbWUgaXMgYW4gYWxpYXMuICAqLwoj
aWYgZGVmaW5lZCAoX19zdHViX19fYjY0X250b3ApIHx8IGRlZmluZWQgKF9fc3R1Yl9fX19fYjY0
X250b3ApCmNob2tlIG1lCiNlbHNlCmYgPSBfX2I2NF9udG9wOwojZW5kaWYKCiAgOwogIHJldHVy
biAwOwp9CmNvbmZpZ3VyZTo2NTI2OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTo2NTI2OiBjaGVja2lu
ZyBmb3IgX2dldHB0eQpjb25maWd1cmU6NjUyNjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAt
bHogID4mNQovdG1wL2NjYTI1NTg2MS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVu
c3NoLTMuNHAxL2NvbmZpZ3VyZTo2NTU0OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBfZ2V0cHR5
Jwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0YXR1cwpjb25maWd1cmU6NjUyNjogJD8g
PSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSA2NTI2ICJjb25maWd1cmUi
CiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0gaGVhZGVyIHRvIGRlZmluZSBfX3N0dWIg
bWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlwZXMsCiAgICB3aGljaCBjYW4gY29uZmxp
Y3Qgd2l0aCBjaGFyIF9nZXRwdHkgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgov
KiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3Iu
ICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIg
YmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWls
dGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAq
LwpjaGFyIF9nZXRwdHkgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgoj
ICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19E
VU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05V
IEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRz
CiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1
YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwg
bmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0dWJfX2dldHB0eSkgfHwgZGVm
aW5lZCAoX19zdHViX19fX2dldHB0eSkKY2hva2UgbWUKI2Vsc2UKZiA9IF9nZXRwdHk7CiNlbmRp
ZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjY1MjY6IHJlc3VsdDogbm8KY29uZmlndXJl
OjY1ODQ6IGNoZWNraW5nIGZvciBtbWFwIGFub24gc2hhcmVkCmNvbmZpZ3VyZTo2NTg0OiBnY2Mg
LW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6
ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo2NTkxOiB3YXJuaW5nOiBy
ZXR1cm4tdHlwZSBkZWZhdWx0cyB0byBgaW50Jwpjb25maWd1cmU6NjU4NDogJD8gPSAwCmNvbmZp
Z3VyZTo2NTg0OiAuL2NvbmZ0ZXN0CmNvbmZpZ3VyZTo2NTg0OiAkPyA9IDEKY29uZmlndXJlOiBw
cm9ncmFtIGV4aXRlZCB3aXRoIHN0YXR1cyAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2Fz
OgojbGluZSA2NTg0ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKI2luY2x1ZGUg
PHN0ZGlvLmg+CiNpbmNsdWRlIDxzeXMvbW1hbi5oPgojaWYgIWRlZmluZWQoTUFQX0FOT04pICYm
IGRlZmluZWQoTUFQX0FOT05ZTU9VUykKI2RlZmluZSBNQVBfQU5PTiBNQVBfQU5PTllNT1VTCiNl
bmRpZgptYWluKCkgeyBjaGFyICpwOwpwID0gKGNoYXIgKikgbW1hcChOVUxMLCAxMCwgUFJPVF9X
UklURXxQUk9UX1JFQUQsIE1BUF9BTk9OfE1BUF9TSEFSRUQsIC0xLCAwKTsKaWYgKHAgPT0gKGNo
YXIgKiktMSkKCWV4aXQoMSk7CmV4aXQoMCk7Cn0KCmNvbmZpZ3VyZTo2NTg0OiByZXN1bHQ6IG5v
CmNvbmZpZ3VyZTo3MDE3OiBjaGVja2luZyBmb3IgZGlybmFtZQpjb25maWd1cmU6NzAxNzogZ2Nj
IC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQovdG1wL2NjYTI1NjIzMS5vOiBJbiBmdW5j
dGlvbiBgbWFpbic6Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo3MDQ1OiB1bmRlZmlu
ZWQgcmVmZXJlbmNlIHRvIGBkaXJuYW1lJwpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0IHN0
YXR1cwpjb25maWd1cmU6NzAxNzogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2Fz
OgojbGluZSA3MDE3ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgovKiBTeXN0ZW0g
aGVhZGVyIHRvIGRlZmluZSBfX3N0dWIgbWFjcm9zIGFuZCBob3BlZnVsbHkgZmV3IHByb3RvdHlw
ZXMsCiAgICB3aGljaCBjYW4gY29uZmxpY3Qgd2l0aCBjaGFyIGRpcm5hbWUgKCk7IGJlbG93LiAg
Ki8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90
b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJD
IgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVy
biB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5
cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIGRpcm5hbWUgKCk7CmNoYXIgKCpmKSAoKTsK
CiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAi
QyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYK
aW50Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0
aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4g
IFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5n
IHdpdGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVk
IChfX3N0dWJfZGlybmFtZSkgfHwgZGVmaW5lZCAoX19zdHViX19fZGlybmFtZSkKY2hva2UgbWUK
I2Vsc2UKZiA9IGRpcm5hbWU7CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjcw
MTc6IHJlc3VsdDogbm8KY29uZmlndXJlOjcwMTc6IGNoZWNraW5nIGZvciBkaXJuYW1lIGluIC1s
Z2VuCmNvbmZpZ3VyZTo3MDE3OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sZ2VuICAtbGJzZCAtbHog
ID4mNQovdXNyL2k1ODYtcGMtbGludXgtZ251bGliYzEvYmluL2xkOiBjYW5ub3Qgb3BlbiAtbGdl
bjogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb2xsZWN0MjogbGQgcmV0dXJuZWQgMSBleGl0
IHN0YXR1cwpjb25maWd1cmU6NzAxNzogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0g
d2FzOgojbGluZSA3MDE3ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKLyogT3Zl
cnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8K
I2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1
c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBh
bmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hh
ciBkaXJuYW1lICgpOwojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMK
ICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJu
IDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKZGlybmFtZSAoKTsKICA7CiAgcmV0dXJuIDA7Cn0K
Y29uZmlndXJlOjcwMTc6IHJlc3VsdDogbm8KY29uZmlndXJlOjcwOTU6IGNoZWNraW5nIGZvciBn
ZXR0aW1lb2ZkYXkKY29uZmlndXJlOjcwOTU6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6
ICA+JjUKY29uZmlndXJlOjcwOTU6ICQ/ID0gMApjb25maWd1cmU6NzA5NTogdGVzdCAtcyBjb25m
dGVzdApjb25maWd1cmU6NzA5NTogJD8gPSAwCmNvbmZpZ3VyZTo3MDk1OiByZXN1bHQ6IHllcwpj
b25maWd1cmU6NzA5NTogY2hlY2tpbmcgZm9yIHRpbWUKY29uZmlndXJlOjcwOTU6IGdjYyAtbyBj
b25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAg
IGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjcwOTU6ICQ/ID0gMApjb25maWd1
cmU6NzA5NTogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NzA5NTogJD8gPSAwCmNvbmZpZ3Vy
ZTo3MDk1OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NzE3NjogY2hlY2tpbmcgZm9yIGVuZHV0ZW50
CmNvbmZpZ3VyZTo3MTc2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1h
cml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1CmNvbmZp
Z3VyZTo3MTc2OiAkPyA9IDAKY29uZmlndXJlOjcxNzY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmln
dXJlOjcxNzY6ICQ/ID0gMApjb25maWd1cmU6NzE3NjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjcx
NzY6IGNoZWNraW5nIGZvciBnZXR1dGVudApjb25maWd1cmU6NzE3NjogZ2NjIC1vIGNvbmZ0ZXN0
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRl
c3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NzE3NjogJD8gPSAwCmNvbmZpZ3VyZTo3MTc2
OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo3MTc2OiAkPyA9IDAKY29uZmlndXJlOjcxNzY6
IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo3MTc2OiBjaGVja2luZyBmb3IgZ2V0dXRpZApjb25maWd1
cmU6NzE3NjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVdu
by11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NzE3
NjogJD8gPSAwCmNvbmZpZ3VyZTo3MTc2OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo3MTc2
OiAkPyA9IDAKY29uZmlndXJlOjcxNzY6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo3MTc2OiBjaGVj
a2luZyBmb3IgZ2V0dXRsaW5lCmNvbmZpZ3VyZTo3MTc2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8y
IC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1s
YnNkIC1seiAgPiY1CmNvbmZpZ3VyZTo3MTc2OiAkPyA9IDAKY29uZmlndXJlOjcxNzY6IHRlc3Qg
LXMgY29uZnRlc3QKY29uZmlndXJlOjcxNzY6ICQ/ID0gMApjb25maWd1cmU6NzE3NjogcmVzdWx0
OiB5ZXMKY29uZmlndXJlOjcxNzY6IGNoZWNraW5nIGZvciBwdXR1dGxpbmUKY29uZmlndXJlOjcx
NzY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjcxNzY6ICQ/
ID0gMApjb25maWd1cmU6NzE3NjogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NzE3NjogJD8g
PSAwCmNvbmZpZ3VyZTo3MTc2OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NzE3NjogY2hlY2tpbmcg
Zm9yIHNldHV0ZW50CmNvbmZpZ3VyZTo3MTc2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxs
IC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1s
eiAgPiY1CmNvbmZpZ3VyZTo3MTc2OiAkPyA9IDAKY29uZmlndXJlOjcxNzY6IHRlc3QgLXMgY29u
ZnRlc3QKY29uZmlndXJlOjcxNzY6ICQ/ID0gMApjb25maWd1cmU6NzE3NjogcmVzdWx0OiB5ZXMK
Y29uZmlndXJlOjcyNTI6IGNoZWNraW5nIGZvciB1dG1wbmFtZQpjb25maWd1cmU6NzI1MjogZ2Nj
IC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxp
emVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQpjb25maWd1cmU6NzI1MjogJD8gPSAwCmNv
bmZpZ3VyZTo3MjUyOiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo3MjUyOiAkPyA9IDAKY29u
ZmlndXJlOjcyNTI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo3MzMyOiBjaGVja2luZyBmb3IgZW5k
dXR4ZW50CmNvbmZpZ3VyZTo3MzMyOiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9p
bnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1
Ci90bXAvY2NhMjU4ODExLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40
cDEvY29uZmlndXJlOjczNjA6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYGVuZHV0eGVudCcKY29s
bGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjczMzI6ICQ/ID0gMQpj
b25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNzMzMiAiY29uZmlndXJlIgojaW5j
bHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3Jv
cyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdp
dGggY2hhciBlbmR1dHhlbnQgKCk7IGJlbG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBP
dmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAq
LwojaWZkZWYgX19jcGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVj
YXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGlu
IGFuZCB0aGVuIGl0cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpj
aGFyIGVuZHV0eGVudCAoKTsKY2hhciAoKmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMg
IGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RV
TU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUg
QyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMK
ICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVh
bGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBu
YW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQgKF9fc3R1Yl9lbmR1dHhlbnQpIHx8IGRl
ZmluZWQgKF9fc3R1Yl9fX2VuZHV0eGVudCkKY2hva2UgbWUKI2Vsc2UKZiA9IGVuZHV0eGVudDsK
I2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6NzMzMjogcmVzdWx0OiBubwpjb25m
aWd1cmU6NzMzMjogY2hlY2tpbmcgZm9yIGdldHV0eGVudApjb25maWd1cmU6NzMzMjogZ2NjIC1v
IGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVk
ICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQovdG1wL2NjYTI1OTAwMS5vOiBJbiBmdW5jdGlv
biBgbWFpbic6Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZTo3MzYwOiB1bmRlZmluZWQg
cmVmZXJlbmNlIHRvIGBnZXR1dHhlbnQnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3Rh
dHVzCmNvbmZpZ3VyZTo3MzMyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6
CiNsaW5lIDczMzIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBo
ZWFkZXIgdG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBl
cywKICAgIHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgZ2V0dXR4ZW50ICgpOyBiZWxvdy4g
ICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJv
dG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAi
QyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1
cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90
eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8KY2hhciBnZXR1dHhlbnQgKCk7CmNoYXIgKCpmKSAo
KTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVy
biAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5k
aWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1
bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZ
Uy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0
aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZp
bmVkIChfX3N0dWJfZ2V0dXR4ZW50KSB8fCBkZWZpbmVkIChfX3N0dWJfX19nZXR1dHhlbnQpCmNo
b2tlIG1lCiNlbHNlCmYgPSBnZXR1dHhlbnQ7CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29u
ZmlndXJlOjczMzI6IHJlc3VsdDogbm8KY29uZmlndXJlOjczMzI6IGNoZWNraW5nIGZvciBnZXR1
dHhpZApjb25maWd1cmU6NzMzMjogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHogID4mNQov
dG1wL2NjYTI1OTE5MS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVuc3NoLTMuNHAx
L2NvbmZpZ3VyZTo3MzYwOiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBnZXR1dHhpZCcKY29sbGVj
dDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjczMzI6ICQ/ID0gMQpjb25m
aWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNzMzMiAiY29uZmlndXJlIgojaW5jbHVk
ZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBh
bmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGgg
Y2hhciBnZXR1dHhpZCAoKTsgYmVsb3cuICAqLwojaW5jbHVkZSA8YXNzZXJ0Lmg+Ci8qIE92ZXJy
aWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlwZSB0byBhdm9pZCBhbiBlcnJvci4gICovCiNp
ZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNlbmRpZgovKiBXZSB1c2UgY2hhciBiZWNhdXNl
IGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5cGUgb2YgYSBnY2MyCiAgIGJ1aWx0aW4gYW5k
IHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3b3VsZCBzdGlsbCBhcHBseS4gICovCmNoYXIg
Z2V0dXR4aWQgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRl
ZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9N
QUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUgR05VIEMgbGli
cmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1lbnRzCiAgICB0
byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBhY3R1YWxseSBu
YW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3JtYWwgbmFtZSBp
cyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0dWJfZ2V0dXR4aWQpIHx8IGRlZmluZWQg
KF9fc3R1Yl9fX2dldHV0eGlkKQpjaG9rZSBtZQojZWxzZQpmID0gZ2V0dXR4aWQ7CiNlbmRpZgoK
ICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjczMzI6IHJlc3VsdDogbm8KY29uZmlndXJlOjcz
MzI6IGNoZWNraW5nIGZvciBnZXR1dHhsaW5lCmNvbmZpZ3VyZTo3MzMyOiBnY2MgLW8gY29uZnRl
c3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25m
dGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjU5MzgxLm86IEluIGZ1bmN0aW9uIGBtYWlu
JzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjczNjA6IHVuZGVmaW5lZCByZWZlcmVu
Y2UgdG8gYGdldHV0eGxpbmUnCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNv
bmZpZ3VyZTo3MzMyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5l
IDczMzIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFkZXIg
dG8gZGVmaW5lIF9fc3R1YiBtYWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywKICAg
IHdoaWNoIGNhbiBjb25mbGljdCB3aXRoIGNoYXIgZ2V0dXR4bGluZSAoKTsgYmVsb3cuICAqLwoj
aW5jbHVkZSA8YXNzZXJ0Lmg+Ci8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlw
ZSB0byBhdm9pZCBhbiBlcnJvci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNl
bmRpZgovKiBXZSB1c2UgY2hhciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5
cGUgb2YgYSBnY2MyCiAgIGJ1aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3
b3VsZCBzdGlsbCBhcHBseS4gICovCmNoYXIgZ2V0dXR4bGluZSAoKTsKY2hhciAoKmYpICgpOwoK
I2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJD
IgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgpp
bnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBmb3IgZnVuY3Rp
b25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGggRU5PU1lTLiAg
U29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcgc3RhcnRpbmcg
d2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lmIGRlZmluZWQg
KF9fc3R1Yl9nZXR1dHhsaW5lKSB8fCBkZWZpbmVkIChfX3N0dWJfX19nZXR1dHhsaW5lKQpjaG9r
ZSBtZQojZWxzZQpmID0gZ2V0dXR4bGluZTsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsKfQpjb25m
aWd1cmU6NzMzMjogcmVzdWx0OiBubwpjb25maWd1cmU6NzMzMjogY2hlY2tpbmcgZm9yIHB1dHV0
eGxpbmUKY29uZmlndXJlOjczMzI6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2lu
dGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUK
L3RtcC9jY2EyNTk1NzEubzogSW4gZnVuY3Rpb24gYG1haW4nOgovdG9vbHMvb3BlbnNzaC0zLjRw
MS9jb25maWd1cmU6NzM2MDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgcHV0dXR4bGluZScKY29s
bGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjczMzI6ICQ/ID0gMQpj
b25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgNzMzMiAiY29uZmlndXJlIgojaW5j
bHVkZSAiY29uZmRlZnMuaCIKLyogU3lzdGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3Jv
cyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdp
dGggY2hhciBwdXR1dHhsaW5lICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4KLyog
T3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9yLiAg
Ki8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFyIGJl
Y2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVpbHRp
biBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAgKi8K
Y2hhciBwdXR1dHhsaW5lICgpOwpjaGFyICgqZikgKCk7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4K
IyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdf
RFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKLyogVGhlIEdO
VSBDIGxpYnJhcnkgZGVmaW5lcyB0aGlzIGZvciBmdW5jdGlvbnMgd2hpY2ggaXQgaW1wbGVtZW50
cwogICAgdG8gYWx3YXlzIGZhaWwgd2l0aCBFTk9TWVMuICBTb21lIGZ1bmN0aW9ucyBhcmUgYWN0
dWFsbHkgbmFtZWQKICAgIHNvbWV0aGluZyBzdGFydGluZyB3aXRoIF9fIGFuZCB0aGUgbm9ybWFs
IG5hbWUgaXMgYW4gYWxpYXMuICAqLwojaWYgZGVmaW5lZCAoX19zdHViX3B1dHV0eGxpbmUpIHx8
IGRlZmluZWQgKF9fc3R1Yl9fX3B1dHV0eGxpbmUpCmNob2tlIG1lCiNlbHNlCmYgPSBwdXR1dHhs
aW5lOwojZW5kaWYKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZTo3MzMyOiByZXN1bHQ6IG5v
CmNvbmZpZ3VyZTo3NDA5OiBjaGVja2luZyBmb3Igc2V0dXR4ZW50CmNvbmZpZ3VyZTo3NDA5OiBn
Y2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlh
bGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1Ci90bXAvY2NhMjU5NzYxLm86IEluIGZ1
bmN0aW9uIGBtYWluJzoKL3Rvb2xzL29wZW5zc2gtMy40cDEvY29uZmlndXJlOjc0Mzc6IHVuZGVm
aW5lZCByZWZlcmVuY2UgdG8gYHNldHV0eGVudCcKY29sbGVjdDI6IGxkIHJldHVybmVkIDEgZXhp
dCBzdGF0dXMKY29uZmlndXJlOjc0MDk6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFt
IHdhczoKI2xpbmUgNzQwOSAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKLyogU3lz
dGVtIGhlYWRlciB0byBkZWZpbmUgX19zdHViIG1hY3JvcyBhbmQgaG9wZWZ1bGx5IGZldyBwcm90
b3R5cGVzLAogICAgd2hpY2ggY2FuIGNvbmZsaWN0IHdpdGggY2hhciBzZXR1dHhlbnQgKCk7IGJl
bG93LiAgKi8KI2luY2x1ZGUgPGFzc2VydC5oPgovKiBPdmVycmlkZSBhbnkgZ2NjMiBpbnRlcm5h
bCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19jcGx1c3BsdXMKZXh0
ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWlnaHQgbWF0Y2ggdGhl
IHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0cyBhcmd1bWVudCBw
cm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIHNldHV0eGVudCAoKTsKY2hhciAo
KmYpICgpOwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAg
ZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9
CiNlbmRpZgppbnQKbWFpbiAoKQp7Ci8qIFRoZSBHTlUgQyBsaWJyYXJ5IGRlZmluZXMgdGhpcyBm
b3IgZnVuY3Rpb25zIHdoaWNoIGl0IGltcGxlbWVudHMKICAgIHRvIGFsd2F5cyBmYWlsIHdpdGgg
RU5PU1lTLiAgU29tZSBmdW5jdGlvbnMgYXJlIGFjdHVhbGx5IG5hbWVkCiAgICBzb21ldGhpbmcg
c3RhcnRpbmcgd2l0aCBfXyBhbmQgdGhlIG5vcm1hbCBuYW1lIGlzIGFuIGFsaWFzLiAgKi8KI2lm
IGRlZmluZWQgKF9fc3R1Yl9zZXR1dHhlbnQpIHx8IGRlZmluZWQgKF9fc3R1Yl9fX3NldHV0eGVu
dCkKY2hva2UgbWUKI2Vsc2UKZiA9IHNldHV0eGVudDsKI2VuZGlmCgogIDsKICByZXR1cm4gMDsK
fQpjb25maWd1cmU6NzQwOTogcmVzdWx0OiBubwpjb25maWd1cmU6NzQwOTogY2hlY2tpbmcgZm9y
IHV0bXB4bmFtZQpjb25maWd1cmU6NzQwOTogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAt
V3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkICAgY29uZnRlc3QuYyAtbGJzZCAtbHog
ID4mNQovdG1wL2NjYTI1OTk1MS5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVuc3No
LTMuNHAxL2NvbmZpZ3VyZTo3NDM3OiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGB1dG1weG5hbWUn
CmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNvbmZpZ3VyZTo3NDA5OiAkPyA9
IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDc0MDkgImNvbmZpZ3VyZSIK
I2luY2x1ZGUgImNvbmZkZWZzLmgiCi8qIFN5c3RlbSBoZWFkZXIgdG8gZGVmaW5lIF9fc3R1YiBt
YWNyb3MgYW5kIGhvcGVmdWxseSBmZXcgcHJvdG90eXBlcywKICAgIHdoaWNoIGNhbiBjb25mbGlj
dCB3aXRoIGNoYXIgdXRtcHhuYW1lICgpOyBiZWxvdy4gICovCiNpbmNsdWRlIDxhc3NlcnQuaD4K
LyogT3ZlcnJpZGUgYW55IGdjYzIgaW50ZXJuYWwgcHJvdG90eXBlIHRvIGF2b2lkIGFuIGVycm9y
LiAgKi8KI2lmZGVmIF9fY3BsdXNwbHVzCmV4dGVybiAiQyIKI2VuZGlmCi8qIFdlIHVzZSBjaGFy
IGJlY2F1c2UgaW50IG1pZ2h0IG1hdGNoIHRoZSByZXR1cm4gdHlwZSBvZiBhIGdjYzIKICAgYnVp
bHRpbiBhbmQgdGhlbiBpdHMgYXJndW1lbnQgcHJvdG90eXBlIHdvdWxkIHN0aWxsIGFwcGx5LiAg
Ki8KY2hhciB1dG1weG5hbWUgKCk7CmNoYXIgKCpmKSAoKTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJ
TgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3
N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewovKiBUaGUg
R05VIEMgbGlicmFyeSBkZWZpbmVzIHRoaXMgZm9yIGZ1bmN0aW9ucyB3aGljaCBpdCBpbXBsZW1l
bnRzCiAgICB0byBhbHdheXMgZmFpbCB3aXRoIEVOT1NZUy4gIFNvbWUgZnVuY3Rpb25zIGFyZSBh
Y3R1YWxseSBuYW1lZAogICAgc29tZXRoaW5nIHN0YXJ0aW5nIHdpdGggX18gYW5kIHRoZSBub3Jt
YWwgbmFtZSBpcyBhbiBhbGlhcy4gICovCiNpZiBkZWZpbmVkIChfX3N0dWJfdXRtcHhuYW1lKSB8
fCBkZWZpbmVkIChfX3N0dWJfX191dG1weG5hbWUpCmNob2tlIG1lCiNlbHNlCmYgPSB1dG1weG5h
bWU7CiNlbmRpZgoKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjc0MDk6IHJlc3VsdDogbm8K
Y29uZmlndXJlOjc0MTI6IGNoZWNraW5nIGZvciBkYWVtb24KY29uZmlndXJlOjc0NzM6IGdjYyAt
byBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXpl
ZCAgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICA+JjUKY29uZmlndXJlOjc0NzM6ICQ/ID0gMApjb25m
aWd1cmU6NzQ3MzogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6NzQ3MzogJD8gPSAwCmNvbmZp
Z3VyZTo3NDc0OiByZXN1bHQ6IHllcwpjb25maWd1cmU6NzU0ODogY2hlY2tpbmcgZm9yIGdldHBh
Z2VzaXplCmNvbmZpZ3VyZTo3NjA5OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9p
bnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgPiY1
CmNvbmZpZ3VyZTo3NjA5OiAkPyA9IDAKY29uZmlndXJlOjc2MDk6IHRlc3QgLXMgY29uZnRlc3QK
Y29uZmlndXJlOjc2MDk6ICQ/ID0gMApjb25maWd1cmU6NzYxMDogcmVzdWx0OiB5ZXMKY29uZmln
dXJlOjc3MzM6IGNoZWNraW5nIHdoZXRoZXIgc25wcmludGYgY29ycmVjdGx5IHRlcm1pbmF0ZXMg
bG9uZyBzdHJpbmdzCmNvbmZpZ3VyZTo3NzMzOiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxs
IC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1s
eiAgPiY1CmNvbmZpZ3VyZTo3NzMzOiAkPyA9IDAKY29uZmlndXJlOjc3MzM6IC4vY29uZnRlc3QK
Y29uZmlndXJlOjc3MzM6ICQ/ID0gMApjb25maWd1cmU6NzczMzogcmVzdWx0OiB5ZXMKY29uZmln
dXJlOjc3MzU6IGNoZWNraW5nIHdoZXRoZXIgZ2V0cGdycCByZXF1aXJlcyB6ZXJvIGFyZ3VtZW50
cwpjb25maWd1cmU6Nzc3OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVdu
by11bmluaXRpYWxpemVkICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6IEluIGZ1bmN0aW9uIGBt
YWluJzoKY29uZmlndXJlOjc4MjM6IHRvbyBtYW55IGFyZ3VtZW50cyB0byBmdW5jdGlvbiBgZ2V0
cGdycCcKY29uZmlndXJlOjc3Nzk6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdh
czoKI2xpbmUgNzc3OSAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKI2luY2x1ZGUg
PHN0ZGlvLmg+CiNpZiBIQVZFX1NZU19UWVBFU19ICiMgaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNl
bmRpZgojaWYgSEFWRV9TWVNfU1RBVF9ICiMgaW5jbHVkZSA8c3lzL3N0YXQuaD4KI2VuZGlmCiNp
ZiBTVERDX0hFQURFUlMKIyBpbmNsdWRlIDxzdGRsaWIuaD4KIyBpbmNsdWRlIDxzdGRkZWYuaD4K
I2Vsc2UKIyBpZiBIQVZFX1NURExJQl9ICiMgIGluY2x1ZGUgPHN0ZGxpYi5oPgojIGVuZGlmCiNl
bmRpZgojaWYgSEFWRV9TVFJJTkdfSAojIGlmICFTVERDX0hFQURFUlMgJiYgSEFWRV9NRU1PUllf
SAojICBpbmNsdWRlIDxtZW1vcnkuaD4KIyBlbmRpZgojIGluY2x1ZGUgPHN0cmluZy5oPgojZW5k
aWYKI2lmIEhBVkVfU1RSSU5HU19ICiMgaW5jbHVkZSA8c3RyaW5ncy5oPgojZW5kaWYKI2lmIEhB
VkVfSU5UVFlQRVNfSAojIGluY2x1ZGUgPGludHR5cGVzLmg+CiNlbHNlCiMgaWYgSEFWRV9TVERJ
TlRfSAojICBpbmNsdWRlIDxzdGRpbnQuaD4KIyBlbmRpZgojZW5kaWYKI2lmIEhBVkVfVU5JU1RE
X0gKIyBpbmNsdWRlIDx1bmlzdGQuaD4KI2VuZGlmCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBp
ZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1N
WV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewpnZXRwZ3JwICgwKTsK
ICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjc3ODA6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZTo4
MjI4OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVu
aW5pdGlhbGl6ZWQgICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1Ci91c3IvaTU4
Ni1wYy1saW51eC1nbnVsaWJjMS9iaW4vbGQ6IGNhbm5vdCBvcGVuIC1sY3J5cHRvOiBObyBzdWNo
IGZpbGUgb3IgZGlyZWN0b3J5CmNvbGxlY3QyOiBsZCByZXR1cm5lZCAxIGV4aXQgc3RhdHVzCmNv
bmZpZ3VyZTo4MjI4OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5l
IDgxNDcgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCgovKiBPdmVycmlkZSBhbnkg
Z2NjMiBpbnRlcm5hbCBwcm90b3R5cGUgdG8gYXZvaWQgYW4gZXJyb3IuICAqLwojaWZkZWYgX19j
cGx1c3BsdXMKZXh0ZXJuICJDIgojZW5kaWYKLyogV2UgdXNlIGNoYXIgYmVjYXVzZSBpbnQgbWln
aHQgbWF0Y2ggdGhlIHJldHVybiB0eXBlIG9mIGEgZ2NjMgogICBidWlsdGluIGFuZCB0aGVuIGl0
cyBhcmd1bWVudCBwcm90b3R5cGUgd291bGQgc3RpbGwgYXBwbHkuICAqLwpjaGFyIFJBTkRfYWRk
ICgpOwojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRl
cm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2Vu
ZGlmCmludAptYWluICgpCnsKUkFORF9hZGQgKCk7CiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3Vy
ZTo4MjI4OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25v
LXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICAtTC91c3IvbG9jYWwvc3Ns
L2xpYiAgY29uZnRlc3QuYyAtbGJzZCAtbHogIC1sY3J5cHRvID4mNQpjb25maWd1cmU6ODIyODog
JD8gPSAwCmNvbmZpZ3VyZTo4MjI4OiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZTo4MjI4OiAk
PyA9IDAKY29uZmlndXJlOjgyMzM6IGNoZWNraW5nIHdoZXRoZXIgT3BlblNTTCdzIGhlYWRlcnMg
bWF0Y2ggdGhlIGxpYnJhcnkKY29uZmlndXJlOjgyNzk6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3Ns
L2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxj
cnlwdG8gPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpjb25maWd1cmU6ODI4Mzog
d2FybmluZzogaW1wbGljaXQgZGVjbGFyYXRpb24gb2YgZnVuY3Rpb24gYFNTTGVheScKY29uZmln
dXJlOjgyNzk6ICQ/ID0gMApjb25maWd1cmU6ODI3OTogLi9jb25mdGVzdApjb25maWd1cmU6ODI3
OTogJD8gPSAwCmNvbmZpZ3VyZTo4Mjc5OiByZXN1bHQ6IHllcwpjb25maWd1cmU6ODM0MzogY2hl
Y2tpbmcgZm9yIGNyeXB0IGluIC1sY3J5cHQKY29uZmlndXJlOjgzNDM6IGdjYyAtbyBjb25mdGVz
dCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3Iv
bG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1sY3J5
cHQgIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1Ci91c3IvaTU4Ni1wYy1saW51eC1nbnVsaWJjMS9i
aW4vbGQ6IGNhbm5vdCBvcGVuIC1sY3J5cHQ6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29s
bGVjdDI6IGxkIHJldHVybmVkIDEgZXhpdCBzdGF0dXMKY29uZmlndXJlOjgzNDM6ICQ/ID0gMQpj
b25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgODM0MyAiY29uZmlndXJlIgojaW5j
bHVkZSAiY29uZmRlZnMuaCIKCi8qIE92ZXJyaWRlIGFueSBnY2MyIGludGVybmFsIHByb3RvdHlw
ZSB0byBhdm9pZCBhbiBlcnJvci4gICovCiNpZmRlZiBfX2NwbHVzcGx1cwpleHRlcm4gIkMiCiNl
bmRpZgovKiBXZSB1c2UgY2hhciBiZWNhdXNlIGludCBtaWdodCBtYXRjaCB0aGUgcmV0dXJuIHR5
cGUgb2YgYSBnY2MyCiAgIGJ1aWx0aW4gYW5kIHRoZW4gaXRzIGFyZ3VtZW50IHByb3RvdHlwZSB3
b3VsZCBzdGlsbCBhcHBseS4gICovCmNoYXIgY3J5cHQgKCk7CiNpZmRlZiBGNzdfRFVNTVlfTUFJ
TgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3
N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewpjcnlwdCAo
KTsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjgzNDM6IHJlc3VsdDogbm8KY29uZmlndXJl
OjgzNDk6IGNoZWNraW5nIHdoZXRoZXIgT3BlblNTTCdzIFBSTkcgaXMgaW50ZXJuYWxseSBzZWVk
ZWQKY29uZmlndXJlOjgzOTY6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVy
LWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vz
ci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZp
Z3VyZTo4Mzk2OiAkPyA9IDAKY29uZmlndXJlOjgzOTY6IC4vY29uZnRlc3QKY29uZmlndXJlOjgz
OTY6ICQ/ID0gMApjb25maWd1cmU6ODM5NjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjg1ODk6IGNo
ZWNraW5nIGZvciBscwpjb25maWd1cmU6ODYxNTogZm91bmQgL2Jpbi9scwpjb25maWd1cmU6ODYy
NDogcmVzdWx0OiAvYmluL2xzCmNvbmZpZ3VyZTo4NjM0OiBjaGVja2luZyBmb3IgbmV0c3RhdApj
b25maWd1cmU6ODY2MDogZm91bmQgL2Jpbi9uZXRzdGF0CmNvbmZpZ3VyZTo4NjY5OiByZXN1bHQ6
IC9iaW4vbmV0c3RhdApjb25maWd1cmU6ODY3OTogY2hlY2tpbmcgZm9yIGFycApjb25maWd1cmU6
ODcwNTogZm91bmQgL3NiaW4vYXJwCmNvbmZpZ3VyZTo4NzE0OiByZXN1bHQ6IC9zYmluL2FycApj
b25maWd1cmU6ODcyNDogY2hlY2tpbmcgZm9yIGlmY29uZmlnCmNvbmZpZ3VyZTo4NzUwOiBmb3Vu
ZCAvc2Jpbi9pZmNvbmZpZwpjb25maWd1cmU6ODc1OTogcmVzdWx0OiAvc2Jpbi9pZmNvbmZpZwpj
b25maWd1cmU6ODc2OTogY2hlY2tpbmcgZm9yIGpzdGF0CmNvbmZpZ3VyZTo4ODA0OiByZXN1bHQ6
IG5vCmNvbmZpZ3VyZTo4ODE0OiBjaGVja2luZyBmb3IgcHMKY29uZmlndXJlOjg4NDA6IGZvdW5k
IC9iaW4vcHMKY29uZmlndXJlOjg4NDk6IHJlc3VsdDogL2Jpbi9wcwpjb25maWd1cmU6ODg1OTog
Y2hlY2tpbmcgZm9yIHNhcgpjb25maWd1cmU6ODg5NDogcmVzdWx0OiBubwpjb25maWd1cmU6ODkw
NDogY2hlY2tpbmcgZm9yIHcKY29uZmlndXJlOjg5MzA6IGZvdW5kIC91c3IvYmluL3cKY29uZmln
dXJlOjg5Mzk6IHJlc3VsdDogL3Vzci9iaW4vdwpjb25maWd1cmU6ODk0OTogY2hlY2tpbmcgZm9y
IHdobwpjb25maWd1cmU6ODk3NTogZm91bmQgL3Vzci9iaW4vd2hvCmNvbmZpZ3VyZTo4OTg0OiBy
ZXN1bHQ6IC91c3IvYmluL3dobwpjb25maWd1cmU6ODk5NDogY2hlY2tpbmcgZm9yIGxhc3QKY29u
ZmlndXJlOjkwMjA6IGZvdW5kIC91c3IvYmluL2xhc3QKY29uZmlndXJlOjkwMjk6IHJlc3VsdDog
L3Vzci9iaW4vbGFzdApjb25maWd1cmU6OTAzOTogY2hlY2tpbmcgZm9yIGxhc3Rsb2cKY29uZmln
dXJlOjkwNjU6IGZvdW5kIC91c3Ivc2Jpbi9sYXN0bG9nCmNvbmZpZ3VyZTo5MDc0OiByZXN1bHQ6
IC91c3Ivc2Jpbi9sYXN0bG9nCmNvbmZpZ3VyZTo5MDg0OiBjaGVja2luZyBmb3IgZGYKY29uZmln
dXJlOjkxMTA6IGZvdW5kIC9iaW4vZGYKY29uZmlndXJlOjkxMTk6IHJlc3VsdDogL2Jpbi9kZgpj
b25maWd1cmU6OTEyOTogY2hlY2tpbmcgZm9yIHZtc3RhdApjb25maWd1cmU6OTE1NTogZm91bmQg
L3Vzci9iaW4vdm1zdGF0CmNvbmZpZ3VyZTo5MTY0OiByZXN1bHQ6IC91c3IvYmluL3Ztc3RhdApj
b25maWd1cmU6OTE3NDogY2hlY2tpbmcgZm9yIHVwdGltZQpjb25maWd1cmU6OTIwMDogZm91bmQg
L3Vzci9iaW4vdXB0aW1lCmNvbmZpZ3VyZTo5MjA5OiByZXN1bHQ6IC91c3IvYmluL3VwdGltZQpj
b25maWd1cmU6OTIxOTogY2hlY2tpbmcgZm9yIGlwY3MKY29uZmlndXJlOjkyNDU6IGZvdW5kIC91
c3IvYmluL2lwY3MKY29uZmlndXJlOjkyNTQ6IHJlc3VsdDogL3Vzci9iaW4vaXBjcwpjb25maWd1
cmU6OTI2NDogY2hlY2tpbmcgZm9yIHRhaWwKY29uZmlndXJlOjkyOTA6IGZvdW5kIC91c3IvYmlu
L3RhaWwKY29uZmlndXJlOjkyOTk6IHJlc3VsdDogL3Vzci9iaW4vdGFpbApjb25maWd1cmU6OTMz
MTogY2hlY2tpbmcgZm9yIGNoYXIKY29uZmlndXJlOjkzNzY6IGdjYyAtYyAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1
ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTo5Mzc2OiAkPyA9IDAKY29uZmlndXJlOjkzNzY6
IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6OTM3NjogJD8gPSAwCmNvbmZpZ3VyZTo5Mzc3
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6OTM4MDogY2hlY2tpbmcgc2l6ZSBvZiBjaGFyCmNvbmZp
Z3VyZTo5Njg1OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAt
V25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICAtTC91c3IvbG9jYWwv
c3NsL2xpYiAgY29uZnRlc3QuYyAtbGJzZCAtbHogIC1sY3J5cHRvID4mNQpjb25maWd1cmU6OTY4
NTogJD8gPSAwCmNvbmZpZ3VyZTo5Njg1OiAuL2NvbmZ0ZXN0CmNvbmZpZ3VyZTo5Njg1OiAkPyA9
IDAKY29uZmlndXJlOjk2ODY6IHJlc3VsdDogMQpjb25maWd1cmU6OTY5MzogY2hlY2tpbmcgZm9y
IHNob3J0IGludApjb25maWd1cmU6OTczODogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXIt
YXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRl
c3QuYyA+JjUKY29uZmlndXJlOjk3Mzg6ICQ/ID0gMApjb25maWd1cmU6OTczODogdGVzdCAtcyBj
b25mdGVzdC5vCmNvbmZpZ3VyZTo5NzM4OiAkPyA9IDAKY29uZmlndXJlOjk3Mzk6IHJlc3VsdDog
eWVzCmNvbmZpZ3VyZTo5NzQyOiBjaGVja2luZyBzaXplIG9mIHNob3J0IGludApjb25maWd1cmU6
MTAwNDc6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8t
dW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wv
bGliICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZToxMDA0Nzog
JD8gPSAwCmNvbmZpZ3VyZToxMDA0NzogLi9jb25mdGVzdApjb25maWd1cmU6MTAwNDc6ICQ/ID0g
MApjb25maWd1cmU6MTAwNDg6IHJlc3VsdDogMgpjb25maWd1cmU6MTAwNTU6IGNoZWNraW5nIGZv
ciBpbnQKY29uZmlndXJlOjEwMTAwOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0
aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5j
ID4mNQpjb25maWd1cmU6MTAxMDA6ICQ/ID0gMApjb25maWd1cmU6MTAxMDA6IHRlc3QgLXMgY29u
ZnRlc3Qubwpjb25maWd1cmU6MTAxMDA6ICQ/ID0gMApjb25maWd1cmU6MTAxMDE6IHJlc3VsdDog
eWVzCmNvbmZpZ3VyZToxMDEwNDogY2hlY2tpbmcgc2l6ZSBvZiBpbnQKY29uZmlndXJlOjEwNDA5
OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5p
dGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICAtTC91c3IvbG9jYWwvc3NsL2xpYiAg
Y29uZnRlc3QuYyAtbGJzZCAtbHogIC1sY3J5cHRvID4mNQpjb25maWd1cmU6MTA0MDk6ICQ/ID0g
MApjb25maWd1cmU6MTA0MDk6IC4vY29uZnRlc3QKY29uZmlndXJlOjEwNDA5OiAkPyA9IDAKY29u
ZmlndXJlOjEwNDEwOiByZXN1bHQ6IDQKY29uZmlndXJlOjEwNDE3OiBjaGVja2luZyBmb3IgbG9u
ZyBpbnQKY29uZmlndXJlOjEwNDYyOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0
aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5j
ID4mNQpjb25maWd1cmU6MTA0NjI6ICQ/ID0gMApjb25maWd1cmU6MTA0NjI6IHRlc3QgLXMgY29u
ZnRlc3Qubwpjb25maWd1cmU6MTA0NjI6ICQ/ID0gMApjb25maWd1cmU6MTA0NjM6IHJlc3VsdDog
eWVzCmNvbmZpZ3VyZToxMDQ2NjogY2hlY2tpbmcgc2l6ZSBvZiBsb25nIGludApjb25maWd1cmU6
MTA3NzE6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8t
dW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wv
bGliICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZToxMDc3MTog
JD8gPSAwCmNvbmZpZ3VyZToxMDc3MTogLi9jb25mdGVzdApjb25maWd1cmU6MTA3NzE6ICQ/ID0g
MApjb25maWd1cmU6MTA3NzI6IHJlc3VsdDogNApjb25maWd1cmU6MTA3Nzk6IGNoZWNraW5nIGZv
ciBsb25nIGxvbmcgaW50CmNvbmZpZ3VyZToxMDgyNDogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3Bv
aW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAg
Y29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEwODI0OiAkPyA9IDAKY29uZmlndXJlOjEwODI0OiB0
ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjEwODI0OiAkPyA9IDAKY29uZmlndXJlOjEwODI1
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTA4Mjg6IGNoZWNraW5nIHNpemUgb2YgbG9uZyBsb25n
IGludApjb25maWd1cmU6MTExMzM6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2lu
dGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1M
L3Vzci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNv
bmZpZ3VyZToxMTEzMzogJD8gPSAwCmNvbmZpZ3VyZToxMTEzMzogLi9jb25mdGVzdApjb25maWd1
cmU6MTExMzM6ICQ/ID0gMApjb25maWd1cmU6MTExMzQ6IHJlc3VsdDogOApjb25maWd1cmU6MTEx
NDg6IGNoZWNraW5nIGZvciB1X2ludCB0eXBlCmNvbmZpZ3VyZToxMTE5MzogZ2NjIC1jIC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9z
c2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjExMTkzOiAkPyA9IDAKY29uZmln
dXJlOjExMTkzOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjExMTkzOiAkPyA9IDAKY29u
ZmlndXJlOjExMTk0OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTEyMDQ6IGNoZWNraW5nIGZvciBp
bnRYWF90IHR5cGVzCmNvbmZpZ3VyZToxMTI0OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50
ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29u
ZnRlc3QuYyA+JjUKY29uZmlndXJlOjExMjQ5OiAkPyA9IDAKY29uZmlndXJlOjExMjQ5OiB0ZXN0
IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjExMjQ5OiAkPyA9IDAKY29uZmlndXJlOjExMjUwOiBy
ZXN1bHQ6IHllcwpjb25maWd1cmU6MTEzMTM6IGNoZWNraW5nIGZvciBpbnQ2NF90IHR5cGUKY29u
ZmlndXJlOjExMzU4OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVu
aW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25m
aWd1cmU6MTEzNTg6ICQ/ID0gMApjb25maWd1cmU6MTEzNTg6IHRlc3QgLXMgY29uZnRlc3Qubwpj
b25maWd1cmU6MTEzNTg6ICQ/ID0gMApjb25maWd1cmU6MTEzNTk6IHJlc3VsdDogeWVzCmNvbmZp
Z3VyZToxMTQ3MTogY2hlY2tpbmcgZm9yIHVfaW50WFhfdCB0eXBlcwpjb25maWd1cmU6MTE1MTY6
IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAt
SS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZToxMTUxNjog
JD8gPSAwCmNvbmZpZ3VyZToxMTUxNjogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZToxMTUx
NjogJD8gPSAwCmNvbmZpZ3VyZToxMTUxNzogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjExNTc4OiBj
aGVja2luZyBmb3IgdV9pbnQ2NF90IHR5cGVzCmNvbmZpZ3VyZToxMTYyMzogZ2NjIC1jIC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9z
c2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjExNjIzOiAkPyA9IDAKY29uZmln
dXJlOjExNjIzOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjExNjIzOiAkPyA9IDAKY29u
ZmlndXJlOjExNjI0OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTE3OTM6IGNoZWNraW5nIGZvciB1
aW50WFhfdCB0eXBlcyBpbiBzdGRpbnQuaApjb25maWd1cmU6MTE3OTM6IGdjYyAtYyAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3Ns
L2luY2x1ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZToxMTc5NDogc3RkaW50Lmg6IE5vIHN1
Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjExNzkzOiAkPyA9IDEKY29uZmlndXJlOiBm
YWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDExNzkzICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25m
ZGVmcy5oIgogI2luY2x1ZGUgPHN0ZGludC5oPgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZk
ZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlf
TUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKIHVpbnQ4X3QgYTsgdWlu
dDE2X3QgYjsgdWludDMyX3QgYzsgYSA9IGIgPSBjID0gMTsKICA7CiAgcmV0dXJuIDA7Cn0KY29u
ZmlndXJlOjExNzkzOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMTg1OTogY2hlY2tpbmcgZm9yIHVf
Y2hhcgpjb25maWd1cmU6MTE5MDY6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRo
IC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIGNvbmZ0ZXN0LmMg
PiY1CmNvbmZpZ3VyZToxMTkwNjogJD8gPSAwCmNvbmZpZ3VyZToxMTkwNjogdGVzdCAtcyBjb25m
dGVzdC5vCmNvbmZpZ3VyZToxMTkwNjogJD8gPSAwCmNvbmZpZ3VyZToxMTkwNzogcmVzdWx0OiB5
ZXMKY29uZmlndXJlOjExOTE3OiBjaGVja2luZyBmb3Igc29ja2xlbl90CmNvbmZpZ3VyZToxMTk2
NDogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVk
IC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBm
dW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxMTk3NzogYHNvY2tsZW5fdCcgdW5kZWNsYXJlZCAo
Zmlyc3QgdXNlIHRoaXMgZnVuY3Rpb24pCmNvbmZpZ3VyZToxMTk3NzogKEVhY2ggdW5kZWNsYXJl
ZCBpZGVudGlmaWVyIGlzIHJlcG9ydGVkIG9ubHkgb25jZQpjb25maWd1cmU6MTE5Nzc6IGZvciBl
YWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMgaW4uKQpjb25maWd1cmU6MTE5Nzc6IHBhcnNlIGVycm9y
IGJlZm9yZSBgKScKY29uZmlndXJlOjExOTY0OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJv
Z3JhbSB3YXM6CiNsaW5lIDExOTY0ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoj
aW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CgojaWZkZWYgRjc3
X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlm
CiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgp
CnsKaWYgKChzb2NrbGVuX3QgKikgMCkKICByZXR1cm4gMDsKaWYgKHNpemVvZiAoc29ja2xlbl90
KSkKICByZXR1cm4gMDsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjExOTY1OiByZXN1bHQ6
IG5vCmNvbmZpZ3VyZToxMjA0NzogY2hlY2tpbmcgZm9yIHNvY2tsZW5fdCBlcXVpdmFsZW50CmNv
bmZpZ3VyZToxMjA0NzogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11
bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29u
ZmlndXJlOjEyMDQ3OiAkPyA9IDAKY29uZmlndXJlOjEyMDQ3OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8K
Y29uZmlndXJlOjEyMDQ3OiAkPyA9IDAKY29uZmlndXJlOjEyMDQ3OiBnY2MgLWMgLWcgLU8yIC1X
YWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9p
bmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MTIwNTI6IGNvbmZsaWN0aW5nIHR5cGVz
IGZvciBgZ2V0cGVlcm5hbWUnCi91c3IvaW5jbHVkZS9zeXMvc29ja2V0Lmg6Nzg6IHByZXZpb3Vz
IGRlY2xhcmF0aW9uIG9mIGBnZXRwZWVybmFtZScKY29uZmlndXJlOjEyMDQ3OiAkPyA9IDEKY29u
ZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEyMDQ3ICJjb25maWd1cmUiCiNpbmNs
dWRlICJjb25mZGVmcy5oIgoKCQkgICNpbmNsdWRlIDxzeXMvdHlwZXMuaD4KCQkgICNpbmNsdWRl
IDxzeXMvc29ja2V0Lmg+CgoJCSAgaW50IGdldHBlZXJuYW1lIChpbnQsIHZvaWQgKiwgaW50ICop
OwoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJu
ICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRp
ZgppbnQKbWFpbiAoKQp7CgoJCSAgaW50IGxlbjsKCQkgIGdldHBlZXJuYW1lKDAsMCwmbGVuKTsK
CiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxMjA0NzogZ2NjIC1jIC1nIC1PMiAtV2FsbCAt
V3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVk
ZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEyMDUyOiBjb25mbGljdGluZyB0eXBlcyBmb3Ig
YGdldHBlZXJuYW1lJwovdXNyL2luY2x1ZGUvc3lzL3NvY2tldC5oOjc4OiBwcmV2aW91cyBkZWNs
YXJhdGlvbiBvZiBgZ2V0cGVlcm5hbWUnCmNvbmZpZ3VyZToxMjA0NzogJD8gPSAxCmNvbmZpZ3Vy
ZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSAxMjA0NyAiY29uZmlndXJlIgojaW5jbHVkZSAi
Y29uZmRlZnMuaCIKCgkJICAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CgkJICAjaW5jbHVkZSA8c3lz
L3NvY2tldC5oPgoKCQkgIGludCBnZXRwZWVybmFtZSAoaW50LCB2b2lkICosIHNpemVfdCAqKTsK
CiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAi
QyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYK
aW50Cm1haW4gKCkKewoKCQkgIHNpemVfdCBsZW47CgkJICBnZXRwZWVybmFtZSgwLDAsJmxlbik7
CgogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6MTIwNDc6IGdjYyAtYyAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1
ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZToxMjA1MjogY29uZmxpY3RpbmcgdHlwZXMgZm9y
IGBnZXRwZWVybmFtZScKL3Vzci9pbmNsdWRlL3N5cy9zb2NrZXQuaDo3ODogcHJldmlvdXMgZGVj
bGFyYXRpb24gb2YgYGdldHBlZXJuYW1lJwpjb25maWd1cmU6MTIwNDc6ICQ/ID0gMQpjb25maWd1
cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgMTIwNDcgImNvbmZpZ3VyZSIKI2luY2x1ZGUg
ImNvbmZkZWZzLmgiCgoJCSAgI2luY2x1ZGUgPHN5cy90eXBlcy5oPgoJCSAgI2luY2x1ZGUgPHN5
cy9zb2NrZXQuaD4KCgkJICBpbnQgZ2V0cGVlcm5hbWUgKGludCwgdm9pZCAqLCB1bnNpZ25lZCAq
KTsKCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVy
biAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5k
aWYKaW50Cm1haW4gKCkKewoKCQkgIHVuc2lnbmVkIGxlbjsKCQkgIGdldHBlZXJuYW1lKDAsMCwm
bGVuKTsKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxMjA0NzogZ2NjIC1jIC1nIC1PMiAt
V2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wv
aW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEyMDUyOiBjb25mbGljdGluZyB0eXBl
cyBmb3IgYGdldHBlZXJuYW1lJwovdXNyL2luY2x1ZGUvc3lzL3NvY2tldC5oOjc4OiBwcmV2aW91
cyBkZWNsYXJhdGlvbiBvZiBgZ2V0cGVlcm5hbWUnCmNvbmZpZ3VyZToxMjA0NzogJD8gPSAxCmNv
bmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSAxMjA0NyAiY29uZmlndXJlIgojaW5j
bHVkZSAiY29uZmRlZnMuaCIKCgkJICAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CgkJICAjaW5jbHVk
ZSA8c3lzL3NvY2tldC5oPgoKCQkgIGludCBnZXRwZWVybmFtZSAoaW50LCB2b2lkICosIGxvbmcg
Kik7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRl
cm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2Vu
ZGlmCmludAptYWluICgpCnsKCgkJICBsb25nIGxlbjsKCQkgIGdldHBlZXJuYW1lKDAsMCwmbGVu
KTsKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxMjA0NzogZ2NjIC1jIC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5j
bHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEyMDUyOiBjb25mbGljdGluZyB0eXBlcyBm
b3IgYGdldHBlZXJuYW1lJwovdXNyL2luY2x1ZGUvc3lzL3NvY2tldC5oOjc4OiBwcmV2aW91cyBk
ZWNsYXJhdGlvbiBvZiBgZ2V0cGVlcm5hbWUnCmNvbmZpZ3VyZToxMjA0NzogJD8gPSAxCmNvbmZp
Z3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSAxMjA0NyAiY29uZmlndXJlIgojaW5jbHVk
ZSAiY29uZmRlZnMuaCIKCgkJICAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CgkJICAjaW5jbHVkZSA8
c3lzL3NvY2tldC5oPgoKCQkgIGludCBnZXRwZWVybmFtZSAoaW50LCB2b2lkICosIHVuc2lnbmVk
IGxvbmcgKik7CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAg
ICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7
IH0KI2VuZGlmCmludAptYWluICgpCnsKCgkJICB1bnNpZ25lZCBsb25nIGxlbjsKCQkgIGdldHBl
ZXJuYW1lKDAsMCwmbGVuKTsKCiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxMjA0NzogcmVz
dWx0OiBpbnQKY29uZmlndXJlOjEyMDUxOiBjaGVja2luZyBmb3Igc2lnX2F0b21pY190CmNvbmZp
Z3VyZToxMjA5NzogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmlu
aXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmln
dXJlOjEyMDk3OiAkPyA9IDAKY29uZmlndXJlOjEyMDk3OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29u
ZmlndXJlOjEyMDk3OiAkPyA9IDAKY29uZmlndXJlOjEyMDk4OiByZXN1bHQ6IHllcwpjb25maWd1
cmU6MTIxMTA6IGNoZWNraW5nIGZvciBzaXplX3QKY29uZmlndXJlOjEyMTU3OiBnY2MgLWMgLWcg
LU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2Fs
L3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MTIxNTc6ICQ/ID0gMApjb25m
aWd1cmU6MTIxNTc6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6MTIxNTc6ICQ/ID0gMApj
b25maWd1cmU6MTIxNTg6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxMjE2NzogY2hlY2tpbmcgZm9y
IHNzaXplX3QKY29uZmlndXJlOjEyMjE0OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1h
cml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVz
dC5jID4mNQpjb25maWd1cmU6MTIyMTQ6ICQ/ID0gMApjb25maWd1cmU6MTIyMTQ6IHRlc3QgLXMg
Y29uZnRlc3Qubwpjb25maWd1cmU6MTIyMTQ6ICQ/ID0gMApjb25maWd1cmU6MTIyMTU6IHJlc3Vs
dDogeWVzCmNvbmZpZ3VyZToxMjIyNDogY2hlY2tpbmcgZm9yIGNsb2NrX3QKY29uZmlndXJlOjEy
MjcxOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6
ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MTIy
NzE6ICQ/ID0gMApjb25maWd1cmU6MTIyNzE6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6
MTIyNzE6ICQ/ID0gMApjb25maWd1cmU6MTIyNzI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxMjI4
MTogY2hlY2tpbmcgZm9yIHNhX2ZhbWlseV90CmNvbmZpZ3VyZToxMjM3MDogZ2NjIC1jIC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9z
c2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6
CmNvbmZpZ3VyZToxMjM4NDogYHNhX2ZhbWlseV90JyB1bmRlY2xhcmVkIChmaXJzdCB1c2UgdGhp
cyBmdW5jdGlvbikKY29uZmlndXJlOjEyMzg0OiAoRWFjaCB1bmRlY2xhcmVkIGlkZW50aWZpZXIg
aXMgcmVwb3J0ZWQgb25seSBvbmNlCmNvbmZpZ3VyZToxMjM4NDogZm9yIGVhY2ggZnVuY3Rpb24g
aXQgYXBwZWFycyBpbi4pCmNvbmZpZ3VyZToxMjM4NDogcGFyc2UgZXJyb3IgYmVmb3JlIGBmb28n
CmNvbmZpZ3VyZToxMjM4NDogYGZvbycgdW5kZWNsYXJlZCAoZmlyc3QgdXNlIHRoaXMgZnVuY3Rp
b24pCmNvbmZpZ3VyZToxMjM3MDogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2Fz
OgojbGluZSAxMjM3MCAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKCiNpbmNsdWRl
IDxzeXMvdHlwZXMuaD4KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KCiNpZmRlZiBGNzdfRFVNTVlf
TUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50
IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewogc2Ff
ZmFtaWx5X3QgZm9vOyBmb28gPSAxMjM1OwogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6MTIz
NzA6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXpl
ZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTogSW4g
ZnVuY3Rpb24gYG1haW4nOgpjb25maWd1cmU6MTIzODU6IGBzYV9mYW1pbHlfdCcgdW5kZWNsYXJl
ZCAoZmlyc3QgdXNlIHRoaXMgZnVuY3Rpb24pCmNvbmZpZ3VyZToxMjM4NTogKEVhY2ggdW5kZWNs
YXJlZCBpZGVudGlmaWVyIGlzIHJlcG9ydGVkIG9ubHkgb25jZQpjb25maWd1cmU6MTIzODU6IGZv
ciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMgaW4uKQpjb25maWd1cmU6MTIzODU6IHBhcnNlIGVy
cm9yIGJlZm9yZSBgZm9vJwpjb25maWd1cmU6MTIzODU6IGBmb28nIHVuZGVjbGFyZWQgKGZpcnN0
IHVzZSB0aGlzIGZ1bmN0aW9uKQpjb25maWd1cmU6MTIzNzA6ICQ/ID0gMQpjb25maWd1cmU6IGZh
aWxlZCBwcm9ncmFtIHdhczoKI2xpbmUgMTIzNzAgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZk
ZWZzLmgiCgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CiNp
bmNsdWRlIDxuZXRpbmV0L2luLmg+CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19j
cGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigp
IHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKIHNhX2ZhbWlseV90IGZvbzsgZm9v
ID0gMTIzNTsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjEyMzcxOiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZToxMjM4MDogY2hlY2tpbmcgZm9yIHBpZF90CmNvbmZpZ3VyZToxMjQyNzogZ2NjIC1j
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9s
b2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEyNDI3OiAkPyA9IDAK
Y29uZmlndXJlOjEyNDI3OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjEyNDI3OiAkPyA9
IDAKY29uZmlndXJlOjEyNDI4OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTI0Mzc6IGNoZWNraW5n
IGZvciBtb2RlX3QKY29uZmlndXJlOjEyNDg0OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25m
dGVzdC5jID4mNQpjb25maWd1cmU6MTI0ODQ6ICQ/ID0gMApjb25maWd1cmU6MTI0ODQ6IHRlc3Qg
LXMgY29uZnRlc3Qubwpjb25maWd1cmU6MTI0ODQ6ICQ/ID0gMApjb25maWd1cmU6MTI0ODU6IHJl
c3VsdDogeWVzCmNvbmZpZ3VyZToxMjQ5NTogY2hlY2tpbmcgZm9yIHN0cnVjdCBzb2NrYWRkcl9z
dG9yYWdlCmNvbmZpZ3VyZToxMjU0MzogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJp
dGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3Qu
YyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxMjU1Nzogc3Rv
cmFnZSBzaXplIG9mIGBzJyBpc24ndCBrbm93bgpjb25maWd1cmU6MTI1NTc6IHdhcm5pbmc6IHVu
dXNlZCB2YXJpYWJsZSBgcycKY29uZmlndXJlOjEyNTQzOiAkPyA9IDEKY29uZmlndXJlOiBmYWls
ZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEyNTQzICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVm
cy5oIgoKI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgoKI2lm
ZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgoj
ICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQK
bWFpbiAoKQp7CiBzdHJ1Y3Qgc29ja2FkZHJfc3RvcmFnZSBzOwogIDsKICByZXR1cm4gMDsKfQpj
b25maWd1cmU6MTI1NDQ6IHJlc3VsdDogbm8KY29uZmlndXJlOjEyNTUzOiBjaGVja2luZyBmb3Ig
c3RydWN0IHNvY2thZGRyX2luNgpjb25maWd1cmU6MTI2MDE6IGdjYyAtYyAtZyAtTzIgLVdhbGwg
LVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1
ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZToxMjYwMTogJD8gPSAwCmNvbmZpZ3VyZToxMjYw
MTogdGVzdCAtcyBjb25mdGVzdC5vCmNvbmZpZ3VyZToxMjYwMTogJD8gPSAwCmNvbmZpZ3VyZTox
MjYwMjogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjEyNjExOiBjaGVja2luZyBmb3Igc3RydWN0IGlu
Nl9hZGRyCmNvbmZpZ3VyZToxMjY1OTogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJp
dGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3Qu
YyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxMjY3Mzogc3Rv
cmFnZSBzaXplIG9mIGBzJyBpc24ndCBrbm93bgpjb25maWd1cmU6MTI2NzM6IHdhcm5pbmc6IHVu
dXNlZCB2YXJpYWJsZSBgcycKY29uZmlndXJlOjEyNjU5OiAkPyA9IDEKY29uZmlndXJlOiBmYWls
ZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEyNjU5ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVm
cy5oIgoKI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPgoKI2lm
ZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgoj
ICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQK
bWFpbiAoKQp7CiBzdHJ1Y3QgaW42X2FkZHIgczsgcy5zNl9hZGRyWzBdID0gMDsKICA7CiAgcmV0
dXJuIDA7Cn0KY29uZmlndXJlOjEyNjYwOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMjY2OTogY2hl
Y2tpbmcgZm9yIHN0cnVjdCBhZGRyaW5mbwpjb25maWd1cmU6MTI3MTg6IGdjYyAtYyAtZyAtTzIg
LVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3Ns
L2luY2x1ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpj
b25maWd1cmU6MTI3MzM6IHN0b3JhZ2Ugc2l6ZSBvZiBgcycgaXNuJ3Qga25vd24KY29uZmlndXJl
OjEyNzMzOiBgQUlfUEFTU0lWRScgdW5kZWNsYXJlZCAoZmlyc3QgdXNlIHRoaXMgZnVuY3Rpb24p
CmNvbmZpZ3VyZToxMjczMzogKEVhY2ggdW5kZWNsYXJlZCBpZGVudGlmaWVyIGlzIHJlcG9ydGVk
IG9ubHkgb25jZQpjb25maWd1cmU6MTI3MzM6IGZvciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMg
aW4uKQpjb25maWd1cmU6MTI3MzM6IHdhcm5pbmc6IHVudXNlZCB2YXJpYWJsZSBgcycKY29uZmln
dXJlOjEyNzE4OiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEy
NzE4ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKI2luY2x1ZGUgPHN5cy90eXBl
cy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8bmV0ZGIuaD4KCiNpZmRlZiBG
NzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5k
aWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4g
KCkKewogc3RydWN0IGFkZHJpbmZvIHM7IHMuYWlfZmxhZ3MgPSBBSV9QQVNTSVZFOwogIDsKICBy
ZXR1cm4gMDsKfQpjb25maWd1cmU6MTI3MTk6IHJlc3VsdDogbm8KY29uZmlndXJlOjEyNzI4OiBj
aGVja2luZyBmb3Igc3RydWN0IHRpbWV2YWwKY29uZmlndXJlOjEyNzczOiBnY2MgLWMgLWcgLU8y
IC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3Nz
bC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MTI3NzM6ICQ/ID0gMApjb25maWd1
cmU6MTI3NzM6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6MTI3NzM6ICQ/ID0gMApjb25m
aWd1cmU6MTI3NzQ6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxMjg0OTogZ2NjIC1vIGNvbmZ0ZXN0
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9s
b2NhbC9zc2wvaW5jbHVkZSAgLUwvdXNyL2xvY2FsL3NzbC9saWIgIGNvbmZ0ZXN0LmMgLWxic2Qg
LWx6ICAtbGNyeXB0byA+JjUKY29uZmlndXJlOjEyODU1OiB3YXJuaW5nOiByZXR1cm4tdHlwZSBk
ZWZhdWx0cyB0byBgaW50Jwpjb25maWd1cmU6MTI4NDk6ICQ/ID0gMApjb25maWd1cmU6MTI4NDk6
IC4vY29uZnRlc3QKY29uZmlndXJlOjEyODQ5OiAkPyA9IDAKY29uZmlndXJlOjEyODU2OiBjaGVj
a2luZyBmb3IgdXRfaG9zdCBmaWVsZCBpbiB1dG1wLmgKY29uZmlndXJlOjEyODkxOiByZXN1bHQ6
IHllcwpjb25maWd1cmU6MTI4OTc6IGNoZWNraW5nIGZvciB1dF9ob3N0IGZpZWxkIGluIHV0bXB4
LmgKY29uZmlndXJlOjEyOTE4OiB1dG1weC5oOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CmNv
bmZpZ3VyZToxMjkzMjogcmVzdWx0OiBubwpjb25maWd1cmU6MTI5Mzg6IGNoZWNraW5nIGZvciBz
eXNsZW4gZmllbGQgaW4gdXRtcHguaApjb25maWd1cmU6MTI5NTk6IHV0bXB4Lmg6IE5vIHN1Y2gg
ZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjEyOTczOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZTox
Mjk3OTogY2hlY2tpbmcgZm9yIHV0X3BpZCBmaWVsZCBpbiB1dG1wLmgKY29uZmlndXJlOjEzMDE0
OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTMwMjA6IGNoZWNraW5nIGZvciB1dF90eXBlIGZpZWxk
IGluIHV0bXAuaApjb25maWd1cmU6MTMwNTU6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxMzA2MTog
Y2hlY2tpbmcgZm9yIHV0X3R5cGUgZmllbGQgaW4gdXRtcHguaApjb25maWd1cmU6MTMwODI6IHV0
bXB4Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjEzMDk2OiByZXN1bHQ6
IG5vCmNvbmZpZ3VyZToxMzEwMjogY2hlY2tpbmcgZm9yIHV0X3R2IGZpZWxkIGluIHV0bXAuaApj
b25maWd1cmU6MTMxMzc6IHJlc3VsdDogbm8KY29uZmlndXJlOjEzMTQzOiBjaGVja2luZyBmb3Ig
dXRfaWQgZmllbGQgaW4gdXRtcC5oCmNvbmZpZ3VyZToxMzE3ODogcmVzdWx0OiB5ZXMKY29uZmln
dXJlOjEzMTg0OiBjaGVja2luZyBmb3IgdXRfaWQgZmllbGQgaW4gdXRtcHguaApjb25maWd1cmU6
MTMyMDU6IHV0bXB4Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjEzMjE5
OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzIyNTogY2hlY2tpbmcgZm9yIHV0X2FkZHIgZmllbGQg
aW4gdXRtcC5oCmNvbmZpZ3VyZToxMzI2MDogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjEzMjY2OiBj
aGVja2luZyBmb3IgdXRfYWRkciBmaWVsZCBpbiB1dG1weC5oCmNvbmZpZ3VyZToxMzI4NzogdXRt
cHguaDogTm8gc3VjaCBmaWxlIG9yIGRpcmVjdG9yeQpjb25maWd1cmU6MTMzMDE6IHJlc3VsdDog
bm8KY29uZmlndXJlOjEzMzA3OiBjaGVja2luZyBmb3IgdXRfYWRkcl92NiBmaWVsZCBpbiB1dG1w
LmgKY29uZmlndXJlOjEzMzQyOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzM0ODogY2hlY2tpbmcg
Zm9yIHV0X2FkZHJfdjYgZmllbGQgaW4gdXRtcHguaApjb25maWd1cmU6MTMzNjk6IHV0bXB4Lmg6
IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjEzMzgzOiByZXN1bHQ6IG5vCmNv
bmZpZ3VyZToxMzM4OTogY2hlY2tpbmcgZm9yIHV0X2V4aXQgZmllbGQgaW4gdXRtcC5oCmNvbmZp
Z3VyZToxMzQyNDogcmVzdWx0OiBubwpjb25maWd1cmU6MTM0MzA6IGNoZWNraW5nIGZvciB1dF90
aW1lIGZpZWxkIGluIHV0bXAuaApjb25maWd1cmU6MTM0NjU6IHJlc3VsdDogeWVzCmNvbmZpZ3Vy
ZToxMzQ3MTogY2hlY2tpbmcgZm9yIHV0X3RpbWUgZmllbGQgaW4gdXRtcHguaApjb25maWd1cmU6
MTM0OTI6IHV0bXB4Lmg6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKY29uZmlndXJlOjEzNTA2
OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzUxMjogY2hlY2tpbmcgZm9yIHV0X3R2IGZpZWxkIGlu
IHV0bXB4LmgKY29uZmlndXJlOjEzNTMzOiB1dG1weC5oOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0
b3J5CmNvbmZpZ3VyZToxMzU0NzogcmVzdWx0OiBubwpjb25maWd1cmU6MTM1NTA6IGNoZWNraW5n
IGZvciBzdHJ1Y3Qgc3RhdC5zdF9ibGtzaXplCmNvbmZpZ3VyZToxMzU5NDogZ2NjIC1jIC1nIC1P
MiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9z
c2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOjEzNTk0OiAkPyA9IDAKY29uZmln
dXJlOjEzNTk0OiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjEzNTk0OiAkPyA9IDAKY29u
ZmlndXJlOjEzNTk1OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTM2MDc6IGNoZWNraW5nIGZvciBz
c19mYW1pbHkgZmllbGQgaW4gc3RydWN0IHNvY2thZGRyX3N0b3JhZ2UKY29uZmlndXJlOjEzNjU0
OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQg
LUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6IEluIGZ1
bmN0aW9uIGBtYWluJzoKY29uZmlndXJlOjEzNjY4OiBzdG9yYWdlIHNpemUgb2YgYHMnIGlzbid0
IGtub3duCmNvbmZpZ3VyZToxMzY2ODogd2FybmluZzogdW51c2VkIHZhcmlhYmxlIGBzJwpjb25m
aWd1cmU6MTM2NTQ6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFtIHdhczoKI2xpbmUg
MTM2NTQgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCgojaW5jbHVkZSA8c3lzL3R5
cGVzLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAg
aWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVN
TVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKIHN0cnVjdCBzb2Nr
YWRkcl9zdG9yYWdlIHM7IHMuc3NfZmFtaWx5ID0gMTsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmln
dXJlOjEzNjU1OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzY2NDogY2hlY2tpbmcgZm9yIF9fc3Nf
ZmFtaWx5IGZpZWxkIGluIHN0cnVjdCBzb2NrYWRkcl9zdG9yYWdlCmNvbmZpZ3VyZToxMzcxMjog
Z2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1J
L3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBmdW5j
dGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxMzcyNjogc3RvcmFnZSBzaXplIG9mIGBzJyBpc24ndCBr
bm93bgpjb25maWd1cmU6MTM3MjY6IHdhcm5pbmc6IHVudXNlZCB2YXJpYWJsZSBgcycKY29uZmln
dXJlOjEzNzEyOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEz
NzEyICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKI2luY2x1ZGUgPHN5cy90eXBl
cy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlm
ZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1Z
X01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CiBzdHJ1Y3Qgc29ja2Fk
ZHJfc3RvcmFnZSBzOyBzLl9fc3NfZmFtaWx5ID0gMTsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmln
dXJlOjEzNzEzOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzcyMjogY2hlY2tpbmcgZm9yIHB3X2Ns
YXNzIGZpZWxkIGluIHN0cnVjdCBwYXNzd2QKY29uZmlndXJlOjEzNzY5OiBnY2MgLWMgLWcgLU8y
IC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3Nz
bC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6IEluIGZ1bmN0aW9uIGBtYWluJzoK
Y29uZmlndXJlOjEzNzgyOiBzdHJ1Y3R1cmUgaGFzIG5vIG1lbWJlciBuYW1lZCBgcHdfY2xhc3Mn
CmNvbmZpZ3VyZToxMzc2OTogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgoj
bGluZSAxMzc2OSAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKCiNpbmNsdWRlIDxw
d2QuaD4KCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1cwogICAgIGV4
dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1cm4gMTsgfQoj
ZW5kaWYKaW50Cm1haW4gKCkKewogc3RydWN0IHBhc3N3ZCBwOyBwLnB3X2NsYXNzID0gMDsKICA7
CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjEzNzcwOiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzc3
OTogY2hlY2tpbmcgZm9yIHB3X2V4cGlyZSBmaWVsZCBpbiBzdHJ1Y3QgcGFzc3dkCmNvbmZpZ3Vy
ZToxMzgyNjogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRp
YWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJl
OiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxMzgzOTogc3RydWN0dXJlIGhhcyBubyBt
ZW1iZXIgbmFtZWQgYHB3X2V4cGlyZScKY29uZmlndXJlOjEzODI2OiAkPyA9IDEKY29uZmlndXJl
OiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEzODI2ICJjb25maWd1cmUiCiNpbmNsdWRlICJj
b25mZGVmcy5oIgoKI2luY2x1ZGUgPHB3ZC5oPgoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlm
ZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1Z
X01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CiBzdHJ1Y3QgcGFzc3dk
IHA7IHAucHdfZXhwaXJlID0gMDsKICA7CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjEzODI3OiBy
ZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzgzNjogY2hlY2tpbmcgZm9yIHB3X2NoYW5nZSBmaWVsZCBp
biBzdHJ1Y3QgcGFzc3dkCmNvbmZpZ3VyZToxMzg4MzogZ2NjIC1jIC1nIC1PMiAtV2FsbCAtV3Bv
aW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAg
Y29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZTox
Mzg5Njogc3RydWN0dXJlIGhhcyBubyBtZW1iZXIgbmFtZWQgYHB3X2NoYW5nZScKY29uZmlndXJl
OjEzODgzOiAkPyA9IDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNsaW5lIDEzODgz
ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKI2luY2x1ZGUgPHB3ZC5oPgoKI2lm
ZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9fY3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgoj
ICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4oKSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQK
bWFpbiAoKQp7CiBzdHJ1Y3QgcGFzc3dkIHA7IHAucHdfY2hhbmdlID0gMDsKICA7CiAgcmV0dXJu
IDA7Cn0KY29uZmlndXJlOjEzODg0OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzg5MzogY2hlY2tp
bmcgZm9yIG1zZ19hY2NyaWdodHMgZmllbGQgaW4gc3RydWN0IG1zZ2hkcgpjb25maWd1cmU6MTM5
NDQ6IGdjYyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGli
ICBjb25mdGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rp
b24gYG1haW4nOgpjb25maWd1cmU6MTM5NTQ6IHN0cnVjdHVyZSBoYXMgbm8gbWVtYmVyIG5hbWVk
IGBtc2dfYWNjcmlnaHRzJwpjb25maWd1cmU6MTM5NDQ6ICQ/ID0gMQpjb25maWd1cmU6IHByb2dy
YW0gZXhpdGVkIHdpdGggc3RhdHVzIDEKY29uZmlndXJlOiBmYWlsZWQgcHJvZ3JhbSB3YXM6CiNs
aW5lIDEzOTQ0ICJjb25maWd1cmUiCiNpbmNsdWRlICJjb25mZGVmcy5oIgoKI2luY2x1ZGUgPHN5
cy90eXBlcy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8c3lzL3Vpby5oPgpp
bnQgbWFpbigpIHsKI2lmZGVmIG1zZ19hY2NyaWdodHMKZXhpdCgxKTsKI2VuZGlmCnN0cnVjdCBt
c2doZHIgbTsKbS5tc2dfYWNjcmlnaHRzID0gMDsKZXhpdCgwKTsKfQoKY29uZmlndXJlOjEzOTQ1
OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxMzk1NDogY2hlY2tpbmcgZm9yIG1zZ19jb250cm9sIGZp
ZWxkIGluIHN0cnVjdCBtc2doZHIKY29uZmlndXJlOjE0MDA1OiBnY2MgLW8gY29uZnRlc3QgLWcg
LU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2Fs
L3NzbC9pbmNsdWRlICAtTC91c3IvbG9jYWwvc3NsL2xpYiAgY29uZnRlc3QuYyAtbGJzZCAtbHog
IC1sY3J5cHRvID4mNQpjb25maWd1cmU6MTQwMDU6ICQ/ID0gMApjb25maWd1cmU6MTQwMDU6IC4v
Y29uZnRlc3QKY29uZmlndXJlOjE0MDA1OiAkPyA9IDAKY29uZmlndXJlOjE0MDA2OiByZXN1bHQ6
IHllcwpjb25maWd1cmU6MTQwMTU6IGNoZWNraW5nIGlmIGxpYmMgZGVmaW5lcyBfX3Byb2duYW1l
CmNvbmZpZ3VyZToxNDA2MDogZ2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXIt
YXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgLUwvdXNy
L2xvY2FsL3NzbC9saWIgIGNvbmZ0ZXN0LmMgLWxic2QgLWx6ICAtbGNyeXB0byA+JjUKY29uZmln
dXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZpZ3VyZToxNDA3MTogd2FybmluZzogaW1wbGlj
aXQgZGVjbGFyYXRpb24gb2YgZnVuY3Rpb24gYHByaW50ZicKY29uZmlndXJlOjE0MDYwOiAkPyA9
IDAKY29uZmlndXJlOjE0MDYwOiB0ZXN0IC1zIGNvbmZ0ZXN0CmNvbmZpZ3VyZToxNDA2MDogJD8g
PSAwCmNvbmZpZ3VyZToxNDA2MTogcmVzdWx0OiB5ZXMKY29uZmlndXJlOjE0MDcwOiBjaGVja2lu
ZyB3aGV0aGVyIGdjYyBpbXBsZW1lbnRzIF9fRlVOQ1RJT05fXwpjb25maWd1cmU6MTQxMTc6IGdj
YyAtbyBjb25mdGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFs
aXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGliICBjb25m
dGVzdC5jIC1sYnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZToxNDExNzogJD8gPSAwCmNv
bmZpZ3VyZToxNDExNzogdGVzdCAtcyBjb25mdGVzdApjb25maWd1cmU6MTQxMTc6ICQ/ID0gMApj
b25maWd1cmU6MTQxMTg6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxNDEyNzogY2hlY2tpbmcgd2hl
dGhlciBnY2MgaW1wbGVtZW50cyBfX2Z1bmNfXwpjb25maWd1cmU6MTQxNzQ6IGdjYyAtbyBjb25m
dGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91
c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1s
YnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpjb25m
aWd1cmU6MTQxODc6IGBfX2Z1bmNfXycgdW5kZWNsYXJlZCAoZmlyc3QgdXNlIHRoaXMgZnVuY3Rp
b24pCmNvbmZpZ3VyZToxNDE4NzogKEVhY2ggdW5kZWNsYXJlZCBpZGVudGlmaWVyIGlzIHJlcG9y
dGVkIG9ubHkgb25jZQpjb25maWd1cmU6MTQxODc6IGZvciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVh
cnMgaW4uKQpjb25maWd1cmU6MTQxNzQ6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFt
IHdhczoKI2xpbmUgMTQxNzQgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCgojaW5j
bHVkZSA8c3RkaW8uaD4KCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBfX2NwbHVzcGx1
cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlOKCkgeyByZXR1
cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewogcHJpbnRmKCIlcyIsIF9fZnVuY19fKTsKICA7
CiAgcmV0dXJuIDA7Cn0KY29uZmlndXJlOjE0MTc1OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxNDE4
NDogY2hlY2tpbmcgd2hldGhlciBnZXRvcHQgaGFzIG9wdHJlc2V0IHN1cHBvcnQKY29uZmlndXJl
OjE0MjMxOiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25v
LXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICAtTC91c3IvbG9jYWwvc3Ns
L2xpYiAgY29uZnRlc3QuYyAtbGJzZCAtbHogIC1sY3J5cHRvID4mNQovdG1wL2NjYTI2OTk1MS5v
OiBJbiBmdW5jdGlvbiBgbWFpbic6Ci90b29scy9vcGVuc3NoLTMuNHAxL2NvbmZpZ3VyZToxNDI0
NDogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgb3B0cmVzZXQnCmNvbGxlY3QyOiBsZCByZXR1cm5l
ZCAxIGV4aXQgc3RhdHVzCmNvbmZpZ3VyZToxNDIzMTogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVk
IHByb2dyYW0gd2FzOgojbGluZSAxNDIzMSAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMu
aCIKCiNpbmNsdWRlIDxnZXRvcHQuaD4KCiNpZmRlZiBGNzdfRFVNTVlfTUFJTgojICBpZmRlZiBf
X2NwbHVzcGx1cwogICAgIGV4dGVybiAiQyIKIyAgZW5kaWYKICAgaW50IEY3N19EVU1NWV9NQUlO
KCkgeyByZXR1cm4gMTsgfQojZW5kaWYKaW50Cm1haW4gKCkKewogZXh0ZXJuIGludCBvcHRyZXNl
dDsgb3B0cmVzZXQgPSAwOwogIDsKICByZXR1cm4gMDsKfQpjb25maWd1cmU6MTQyMzI6IHJlc3Vs
dDogbm8KY29uZmlndXJlOjE0MjQxOiBjaGVja2luZyBpZiBsaWJjIGRlZmluZXMgc3lzX2Vycmxp
c3QKY29uZmlndXJlOjE0Mjg2OiBnY2MgLW8gY29uZnRlc3QgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICAtTC91
c3IvbG9jYWwvc3NsL2xpYiAgY29uZnRlc3QuYyAtbGJzZCAtbHogIC1sY3J5cHRvID4mNQpjb25m
aWd1cmU6IEluIGZ1bmN0aW9uIGBtYWluJzoKY29uZmlndXJlOjE0Mjk3OiB3YXJuaW5nOiBpbXBs
aWNpdCBkZWNsYXJhdGlvbiBvZiBmdW5jdGlvbiBgcHJpbnRmJwpjb25maWd1cmU6MTQyODY6ICQ/
ID0gMApjb25maWd1cmU6MTQyODY6IHRlc3QgLXMgY29uZnRlc3QKY29uZmlndXJlOjE0Mjg2OiAk
PyA9IDAKY29uZmlndXJlOjE0Mjg3OiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTQyOTc6IGNoZWNr
aW5nIGlmIGxpYmMgZGVmaW5lcyBzeXNfbmVycgpjb25maWd1cmU6MTQzNDI6IGdjYyAtbyBjb25m
dGVzdCAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5pbml0aWFsaXplZCAtSS91
c3IvbG9jYWwvc3NsL2luY2x1ZGUgIC1ML3Vzci9sb2NhbC9zc2wvbGliICBjb25mdGVzdC5jIC1s
YnNkIC1seiAgLWxjcnlwdG8gPiY1CmNvbmZpZ3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpjb25m
aWd1cmU6MTQzNTM6IHdhcm5pbmc6IGltcGxpY2l0IGRlY2xhcmF0aW9uIG9mIGZ1bmN0aW9uIGBw
cmludGYnCmNvbmZpZ3VyZToxNDM0MjogJD8gPSAwCmNvbmZpZ3VyZToxNDM0MjogdGVzdCAtcyBj
b25mdGVzdApjb25maWd1cmU6MTQzNDI6ICQ/ID0gMApjb25maWd1cmU6MTQzNDM6IHJlc3VsdDog
eWVzCmNvbmZpZ3VyZToxNTM3OTogY2hlY2tpbmcgZm9yIHhhdXRoCmNvbmZpZ3VyZToxNTM3OTog
Zm91bmQgL3Vzci9YMTFSNi9iaW4veGF1dGgKY29uZmlndXJlOjE1Mzc5OiByZXN1bHQ6IC91c3Iv
WDExUjYvYmluL3hhdXRoCmNvbmZpZ3VyZToxNTQzNDogY2hlY2tpbmcgZm9yICIvZGV2L3B0YyIK
Y29uZmlndXJlOjE1NDQ5OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxNTUzNjogY2hlY2tpbmcgZm9y
IG5yb2ZmCmNvbmZpZ3VyZToxNTUzNjogZm91bmQgL3Vzci9iaW4vbnJvZmYKY29uZmlndXJlOjE1
NTM2OiByZXN1bHQ6IC91c3IvYmluL25yb2ZmCmNvbmZpZ3VyZToxNTYzNzogY2hlY2tpbmcgaWYg
dGhlIHN5c3RlbXMgaGFzIGV4cGlyZSBzaGFkb3cgaW5mb3JtYXRpb24KY29uZmlndXJlOjE1NjM3
OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQg
LUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6MTU2Mzc6
ICQ/ID0gMApjb25maWd1cmU6MTU2Mzc6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6MTU2
Mzc6ICQ/ID0gMApjb25maWd1cmU6MTU2Mzc6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxNTc3MDog
Z2NjIC1vIGNvbmZ0ZXN0IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRp
YWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5jbHVkZSAgLUwvdXNyL2xvY2FsL3NzbC9saWIgIGNv
bmZ0ZXN0LmMgLWxic2QgLWx6ICAtbGNyeXB0byAgID4mNQpjb25maWd1cmU6MTU3ODY6IHdhcm5p
bmc6IHJldHVybi10eXBlIGRlZmF1bHRzIHRvIGBpbnQnCmNvbmZpZ3VyZToxNTc3MDogJD8gPSAw
CmNvbmZpZ3VyZToxNTc3MDogLi9jb25mdGVzdApjb25maWd1cmU6MTU3NzA6ICQ/ID0gMApjb25m
aWd1cmU6MTU3NzA6IHJlc3VsdDogQWRkaW5nIC91c3IvbG9jYWwvYmluIHRvIFVTRVJfUEFUSCBz
byBzY3Agd2lsbCB3b3JrCmNvbmZpZ3VyZToxNTgxNTogY2hlY2tpbmcgaWYgd2UgbmVlZCB0byBj
b252ZXJ0IElQdjQgaW4gSVB2Ni1tYXBwZWQgYWRkcmVzc2VzCmNvbmZpZ3VyZToxNTg1MjogcmVz
dWx0OiB5ZXMgKGRlZmF1bHQpCmNvbmZpZ3VyZToxNTk5NDogY2hlY2tpbmcgaWYgeW91ciBzeXN0
ZW0gZGVmaW5lcyBMQVNUTE9HX0ZJTEUKY29uZmlndXJlOjE2MTAxOiBnY2MgLWMgLWcgLU8yIC1X
YWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9p
bmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6IEluIGZ1bmN0aW9uIGBtYWluJzoKY29u
ZmlndXJlOjE2MDQ4OiBgTEFTVExPR19GSUxFJyB1bmRlY2xhcmVkIChmaXJzdCB1c2UgdGhpcyBm
dW5jdGlvbikKY29uZmlndXJlOjE2MDQ4OiAoRWFjaCB1bmRlY2xhcmVkIGlkZW50aWZpZXIgaXMg
cmVwb3J0ZWQgb25seSBvbmNlCmNvbmZpZ3VyZToxNjA0ODogZm9yIGVhY2ggZnVuY3Rpb24gaXQg
YXBwZWFycyBpbi4pCmNvbmZpZ3VyZToxNjA0ODogd2FybmluZzogdW51c2VkIHZhcmlhYmxlIGBs
YXN0bG9nJwpjb25maWd1cmU6MTYxMDE6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBwcm9ncmFt
IHdhczoKI2xpbmUgMTYwMjUgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgiCgojaW5j
bHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDx1dG1wLmg+CiNpZmRlZiBIQVZFX0xBU1RMT0df
SAojICBpbmNsdWRlIDxsYXN0bG9nLmg+CiNlbmRpZgojaWZkZWYgSEFWRV9QQVRIU19ICiMgIGlu
Y2x1ZGUgPHBhdGhzLmg+CiNlbmRpZgojaWZkZWYgSEFWRV9MT0dJTl9ICiMgaW5jbHVkZSA8bG9n
aW4uaD4KI2VuZGlmCgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMK
ICAgICBleHRlcm4gIkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJu
IDE7IH0KI2VuZGlmCmludAptYWluICgpCnsKIGNoYXIgKmxhc3Rsb2cgPSBMQVNUTE9HX0ZJTEU7
CiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxNjEwMTogcmVzdWx0OiBubwpjb25maWd1cmU6
MTYxMDE6IGNoZWNraW5nIGlmIHlvdXIgc3lzdGVtIGRlZmluZXMgX1BBVEhfTEFTVExPRwpjb25m
aWd1cmU6MTYxMDE6IGdjYyAtYyAtZyAtTzIgLVdhbGwgLVdwb2ludGVyLWFyaXRoIC1Xbm8tdW5p
bml0aWFsaXplZCAtSS91c3IvbG9jYWwvc3NsL2luY2x1ZGUgIGNvbmZ0ZXN0LmMgPiY1CmNvbmZp
Z3VyZTogSW4gZnVuY3Rpb24gYG1haW4nOgpjb25maWd1cmU6MTYxMjE6IHdhcm5pbmc6IHVudXNl
ZCB2YXJpYWJsZSBgbGFzdGxvZycKY29uZmlndXJlOjE2MTAxOiAkPyA9IDAKY29uZmlndXJlOjE2
MTAxOiB0ZXN0IC1zIGNvbmZ0ZXN0Lm8KY29uZmlndXJlOjE2MTAxOiAkPyA9IDAKY29uZmlndXJl
OjE2MTAxOiByZXN1bHQ6IHllcwpjb25maWd1cmU6MTYxMjU6IGNoZWNraW5nIGlmIHlvdXIgc3lz
dGVtIGRlZmluZXMgVVRNUF9GSUxFCmNvbmZpZ3VyZToxNjE3MjogZ2NjIC1jIC1nIC1PMiAtV2Fs
bCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9sb2NhbC9zc2wvaW5j
bHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBgbWFpbic6CmNvbmZp
Z3VyZToxNjE2Nzogd2FybmluZzogdW51c2VkIHZhcmlhYmxlIGB1dG1wJwpjb25maWd1cmU6MTYx
NzI6ICQ/ID0gMApjb25maWd1cmU6MTYxNzI6IHRlc3QgLXMgY29uZnRlc3Qubwpjb25maWd1cmU6
MTYxNzI6ICQ/ID0gMApjb25maWd1cmU6MTYxNzI6IHJlc3VsdDogeWVzCmNvbmZpZ3VyZToxNjE5
NjogY2hlY2tpbmcgaWYgeW91ciBzeXN0ZW0gZGVmaW5lcyBXVE1QX0ZJTEUKY29uZmlndXJlOjE2
MjQzOiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRlci1hcml0aCAtV25vLXVuaW5pdGlhbGl6
ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25mdGVzdC5jID4mNQpjb25maWd1cmU6IElu
IGZ1bmN0aW9uIGBtYWluJzoKY29uZmlndXJlOjE2MjM4OiB3YXJuaW5nOiB1bnVzZWQgdmFyaWFi
bGUgYHd0bXAnCmNvbmZpZ3VyZToxNjI0MzogJD8gPSAwCmNvbmZpZ3VyZToxNjI0MzogdGVzdCAt
cyBjb25mdGVzdC5vCmNvbmZpZ3VyZToxNjI0MzogJD8gPSAwCmNvbmZpZ3VyZToxNjI0MzogcmVz
dWx0OiB5ZXMKY29uZmlndXJlOjE2MjY4OiBjaGVja2luZyBpZiB5b3VyIHN5c3RlbSBkZWZpbmVz
IFVUTVBYX0ZJTEUKY29uZmlndXJlOjE2MzE4OiBnY2MgLWMgLWcgLU8yIC1XYWxsIC1XcG9pbnRl
ci1hcml0aCAtV25vLXVuaW5pdGlhbGl6ZWQgLUkvdXNyL2xvY2FsL3NzbC9pbmNsdWRlICBjb25m
dGVzdC5jID4mNQpjb25maWd1cmU6IEluIGZ1bmN0aW9uIGBtYWluJzoKY29uZmlndXJlOjE2MzE2
OiBgVVRNUFhfRklMRScgdW5kZWNsYXJlZCAoZmlyc3QgdXNlIHRoaXMgZnVuY3Rpb24pCmNvbmZp
Z3VyZToxNjMxNjogKEVhY2ggdW5kZWNsYXJlZCBpZGVudGlmaWVyIGlzIHJlcG9ydGVkIG9ubHkg
b25jZQpjb25maWd1cmU6MTYzMTY6IGZvciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMgaW4uKQpj
b25maWd1cmU6MTYzMTY6IHdhcm5pbmc6IHVudXNlZCB2YXJpYWJsZSBgdXRtcHgnCmNvbmZpZ3Vy
ZToxNjMxODogJD8gPSAxCmNvbmZpZ3VyZTogZmFpbGVkIHByb2dyYW0gd2FzOgojbGluZSAxNjI5
NiAiY29uZmlndXJlIgojaW5jbHVkZSAiY29uZmRlZnMuaCIKCiNpbmNsdWRlIDxzeXMvdHlwZXMu
aD4KI2luY2x1ZGUgPHV0bXAuaD4KI2lmZGVmIEhBVkVfVVRNUFhfSAojaW5jbHVkZSA8dXRtcHgu
aD4KI2VuZGlmCiNpZmRlZiBIQVZFX1BBVEhTX0gKIyAgaW5jbHVkZSA8cGF0aHMuaD4KI2VuZGlm
CgojaWZkZWYgRjc3X0RVTU1ZX01BSU4KIyAgaWZkZWYgX19jcGx1c3BsdXMKICAgICBleHRlcm4g
IkMiCiMgIGVuZGlmCiAgIGludCBGNzdfRFVNTVlfTUFJTigpIHsgcmV0dXJuIDE7IH0KI2VuZGlm
CmludAptYWluICgpCnsKIGNoYXIgKnV0bXB4ID0gVVRNUFhfRklMRTsKICA7CiAgcmV0dXJuIDA7
Cn0KY29uZmlndXJlOjE2MzE4OiByZXN1bHQ6IG5vCmNvbmZpZ3VyZToxNjMzNDogY2hlY2tpbmcg
aWYgeW91ciBzeXN0ZW0gZGVmaW5lcyBXVE1QWF9GSUxFCmNvbmZpZ3VyZToxNjM4NDogZ2NjIC1j
IC1nIC1PMiAtV2FsbCAtV3BvaW50ZXItYXJpdGggLVduby11bmluaXRpYWxpemVkIC1JL3Vzci9s
b2NhbC9zc2wvaW5jbHVkZSAgY29uZnRlc3QuYyA+JjUKY29uZmlndXJlOiBJbiBmdW5jdGlvbiBg
bWFpbic6CmNvbmZpZ3VyZToxNjM4MjogYFdUTVBYX0ZJTEUnIHVuZGVjbGFyZWQgKGZpcnN0IHVz
ZSB0aGlzIGZ1bmN0aW9uKQpjb25maWd1cmU6MTYzODI6IChFYWNoIHVuZGVjbGFyZWQgaWRlbnRp
ZmllciBpcyByZXBvcnRlZCBvbmx5IG9uY2UKY29uZmlndXJlOjE2MzgyOiBmb3IgZWFjaCBmdW5j
dGlvbiBpdCBhcHBlYXJzIGluLikKY29uZmlndXJlOjE2MzgyOiB3YXJuaW5nOiB1bnVzZWQgdmFy
aWFibGUgYHd0bXB4Jwpjb25maWd1cmU6MTYzODQ6ICQ/ID0gMQpjb25maWd1cmU6IGZhaWxlZCBw
cm9ncmFtIHdhczoKI2xpbmUgMTYzNjIgImNvbmZpZ3VyZSIKI2luY2x1ZGUgImNvbmZkZWZzLmgi
CgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDx1dG1wLmg+CiNpZmRlZiBIQVZFX1VU
TVBYX0gKI2luY2x1ZGUgPHV0bXB4Lmg+CiNlbmRpZgojaWZkZWYgSEFWRV9QQVRIU19ICiMgIGlu
Y2x1ZGUgPHBhdGhzLmg+CiNlbmRpZgoKI2lmZGVmIEY3N19EVU1NWV9NQUlOCiMgIGlmZGVmIF9f
Y3BsdXNwbHVzCiAgICAgZXh0ZXJuICJDIgojICBlbmRpZgogICBpbnQgRjc3X0RVTU1ZX01BSU4o
KSB7IHJldHVybiAxOyB9CiNlbmRpZgppbnQKbWFpbiAoKQp7CiBjaGFyICp3dG1weCA9IFdUTVBY
X0ZJTEU7CiAgOwogIHJldHVybiAwOwp9CmNvbmZpZ3VyZToxNjM4NDogcmVzdWx0OiBubwpjb25m
aWd1cmU6MTY0OTg6IGNyZWF0aW5nIC4vY29uZmlnLnN0YXR1cwoKIyMgLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLSAjIwojIyBSdW5uaW5nIGNvbmZpZy5zdGF0dXMuICMjCiMjIC0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0gIyMKClRoaXMgZmlsZSB3YXMgZXh0ZW5kZWQgYnkgY29uZmlnLnN0YXR1cywgd2hp
Y2ggd2FzCmdlbmVyYXRlZCBieSBHTlUgQXV0b2NvbmYgMi41My4gIEludm9jYXRpb24gY29tbWFu
ZCBsaW5lIHdhcwoKICBDT05GSUdfRklMRVMgICAgPSAKICBDT05GSUdfSEVBREVSUyAgPSAKICBD
T05GSUdfTElOS1MgICAgPSAKICBDT05GSUdfQ09NTUFORFMgPSAKICAkIC4vY29uZmlnLnN0YXR1
cyAKCm9uIHBvc3QKCmNvbmZpZy5zdGF0dXM6NjkwOiBjcmVhdGluZyBNYWtlZmlsZQpjb25maWcu
c3RhdHVzOjY5MDogY3JlYXRpbmcgb3BlbmJzZC1jb21wYXQvTWFrZWZpbGUKY29uZmlnLnN0YXR1
czo2OTA6IGNyZWF0aW5nIHNjYXJkL01ha2VmaWxlCmNvbmZpZy5zdGF0dXM6NjkwOiBjcmVhdGlu
ZyBzc2hfcHJuZ19jbWRzCmNvbmZpZy5zdGF0dXM6MTE2NzogY3JlYXRpbmcgY29uZmlnLmgKCiMj
IC0tLS0tLS0tLS0tLS0tLS0gIyMKIyMgQ2FjaGUgdmFyaWFibGVzLiAjIwojIyAtLS0tLS0tLS0t
LS0tLS0tICMjCgphY19jdl9idWlsZD0naTQ4Ni1wYy1saW51eC1nbnVsaWJjMScKYWNfY3ZfYnVp
bGRfYWxpYXM9J2k0ODYtcGMtbGludXgtZ251bGliYzEnCmFjX2N2X2NfYmlnZW5kaWFuPSdubycK
YWNfY3ZfY19jb21waWxlcl9nbnU9J3llcycKYWNfY3ZfY19pbmxpbmU9J2lubGluZScKYWNfY3Zf
Y2NfaW1wbGVtZW50c19fX0ZVTkNUSU9OX189J3llcycKYWNfY3ZfY2NfaW1wbGVtZW50c19fX2Z1
bmNfXz0nbm8nCmFjX2N2X2Vudl9DQ19zZXQ9JycKYWNfY3ZfZW52X0NDX3ZhbHVlPScnCmFjX2N2
X2Vudl9DRkxBR1Nfc2V0PScnCmFjX2N2X2Vudl9DRkxBR1NfdmFsdWU9JycKYWNfY3ZfZW52X0NQ
UEZMQUdTX3NldD0nJwphY19jdl9lbnZfQ1BQRkxBR1NfdmFsdWU9JycKYWNfY3ZfZW52X0NQUF9z
ZXQ9JycKYWNfY3ZfZW52X0NQUF92YWx1ZT0nJwphY19jdl9lbnZfTERGTEFHU19zZXQ9JycKYWNf
Y3ZfZW52X0xERkxBR1NfdmFsdWU9JycKYWNfY3ZfZW52X2J1aWxkX2FsaWFzX3NldD0nJwphY19j
dl9lbnZfYnVpbGRfYWxpYXNfdmFsdWU9JycKYWNfY3ZfZW52X2hvc3RfYWxpYXNfc2V0PScnCmFj
X2N2X2Vudl9ob3N0X2FsaWFzX3ZhbHVlPScnCmFjX2N2X2Vudl90YXJnZXRfYWxpYXNfc2V0PScn
CmFjX2N2X2Vudl90YXJnZXRfYWxpYXNfdmFsdWU9JycKYWNfY3ZfZXhlZXh0PScnCmFjX2N2X2Zp
bGVfX19kZXZfcHRjXz0nbm8nCmFjX2N2X2Z1bmNfX19iNjRfbnRvcD0nbm8nCmFjX2N2X2Z1bmNf
X2dldHB0eT0nbm8nCmFjX2N2X2Z1bmNfYXJjNHJhbmRvbT0nbm8nCmFjX2N2X2Z1bmNfYjY0X250
b3A9J25vJwphY19jdl9mdW5jX2Jjb3B5PSd5ZXMnCmFjX2N2X2Z1bmNfYmluZHJlc3Zwb3J0X3Nh
PSdubycKYWNfY3ZfZnVuY19jbG9jaz0neWVzJwphY19jdl9mdW5jX2RhZW1vbj0neWVzJwphY19j
dl9mdW5jX2Rpcm5hbWU9J25vJwphY19jdl9mdW5jX2VuZHV0ZW50PSd5ZXMnCmFjX2N2X2Z1bmNf
ZW5kdXR4ZW50PSdubycKYWNfY3ZfZnVuY19mY2htb2Q9J3llcycKYWNfY3ZfZnVuY19mY2hvd249
J3llcycKYWNfY3ZfZnVuY19mcmVlYWRkcmluZm89J25vJwphY19jdl9mdW5jX2Z1dGltZXM9J25v
JwphY19jdl9mdW5jX2dhaV9zdHJlcnJvcj0nbm8nCmFjX2N2X2Z1bmNfZ2V0YWRkcmluZm89J25v
JwphY19jdl9mdW5jX2dldGN3ZD0neWVzJwphY19jdl9mdW5jX2dldGdyb3VwbGlzdD0nbm8nCmFj
X2N2X2Z1bmNfZ2V0bmFtZWluZm89J25vJwphY19jdl9mdW5jX2dldG9wdD0neWVzJwphY19jdl9m
dW5jX2dldHBhZ2VzaXplPSd5ZXMnCmFjX2N2X2Z1bmNfZ2V0cGdycF92b2lkPSd5ZXMnCmFjX2N2
X2Z1bmNfZ2V0cmxpbWl0PSd5ZXMnCmFjX2N2X2Z1bmNfZ2V0cnVzYWdlPSd5ZXMnCmFjX2N2X2Z1
bmNfZ2V0c3BuYW09J3llcycKYWNfY3ZfZnVuY19nZXR0aW1lb2ZkYXk9J3llcycKYWNfY3ZfZnVu
Y19nZXR0dHllbnQ9J25vJwphY19jdl9mdW5jX2dldHV0ZW50PSd5ZXMnCmFjX2N2X2Z1bmNfZ2V0
dXRpZD0neWVzJwphY19jdl9mdW5jX2dldHV0bGluZT0neWVzJwphY19jdl9mdW5jX2dldHV0eGVu
dD0nbm8nCmFjX2N2X2Z1bmNfZ2V0dXR4aWQ9J25vJwphY19jdl9mdW5jX2dldHV0eGxpbmU9J25v
JwphY19jdl9mdW5jX2dsb2I9J3llcycKYWNfY3ZfZnVuY19pbmV0X2F0b249J3llcycKYWNfY3Zf
ZnVuY19pbmV0X250b2E9J3llcycKYWNfY3ZfZnVuY19pbmV0X250b3A9J25vJwphY19jdl9mdW5j
X2lubmV0Z3I9J3llcycKYWNfY3ZfZnVuY19sb2dpbl9nZXRjYXBib29sPSdubycKYWNfY3ZfZnVu
Y19sb2dvdXQ9J3llcycKYWNfY3ZfZnVuY19sb2d3dG1wPSd5ZXMnCmFjX2N2X2Z1bmNfbWQ1X2Ny
eXB0PSdubycKYWNfY3ZfZnVuY19tZW1tb3ZlPSd5ZXMnCmFjX2N2X2Z1bmNfbWtkdGVtcD0nbm8n
CmFjX2N2X2Z1bmNfbW1hcD0neWVzJwphY19jdl9mdW5jX25nZXRhZGRyaW5mbz0nbm8nCmFjX2N2
X2Z1bmNfb2dldGFkZHJpbmZvPSdubycKYWNfY3ZfZnVuY19vcGVucHR5PSd5ZXMnCmFjX2N2X2Z1
bmNfcHV0dXRsaW5lPSd5ZXMnCmFjX2N2X2Z1bmNfcHV0dXR4bGluZT0nbm8nCmFjX2N2X2Z1bmNf
cmVhZHBhc3NwaHJhc2U9J25vJwphY19jdl9mdW5jX3JlYWxwYXRoPSd5ZXMnCmFjX2N2X2Z1bmNf
cmVjdm1zZz0neWVzJwphY19jdl9mdW5jX3JyZXN2cG9ydF9hZj0nbm8nCmFjX2N2X2Z1bmNfc2Vu
ZG1zZz0neWVzJwphY19jdl9mdW5jX3NldGR0YWJsZXNpemU9J25vJwphY19jdl9mdW5jX3NldGVn
aWQ9J3llcycKYWNfY3ZfZnVuY19zZXRlbnY9J3llcycKYWNfY3ZfZnVuY19zZXRldWlkPSd5ZXMn
CmFjX2N2X2Z1bmNfc2V0Z3JvdXBzPSd5ZXMnCmFjX2N2X2Z1bmNfc2V0bG9naW49J25vJwphY19j
dl9mdW5jX3NldHBjcmVkPSdubycKYWNfY3ZfZnVuY19zZXRwcm9jdGl0bGU9J25vJwphY19jdl9m
dW5jX3NldHJlc2dpZD0neWVzJwphY19jdl9mdW5jX3NldHJldWlkPSd5ZXMnCmFjX2N2X2Z1bmNf
c2V0cmxpbWl0PSd5ZXMnCmFjX2N2X2Z1bmNfc2V0c2lkPSd5ZXMnCmFjX2N2X2Z1bmNfc2V0c29j
a29wdD0neWVzJwphY19jdl9mdW5jX3NldHV0ZW50PSd5ZXMnCmFjX2N2X2Z1bmNfc2V0dXR4ZW50
PSdubycKYWNfY3ZfZnVuY19zZXR2YnVmPSd5ZXMnCmFjX2N2X2Z1bmNfc2lnYWN0aW9uPSd5ZXMn
CmFjX2N2X2Z1bmNfc2lndmVjPSdubycKYWNfY3ZfZnVuY19zbnByaW50Zj0neWVzJwphY19jdl9m
dW5jX3NvY2tldHBhaXI9J3llcycKYWNfY3ZfZnVuY19zdHJjYXNlY21wPSd5ZXMnCmFjX2N2X2Z1
bmNfc3RyZXJyb3I9J3llcycKYWNfY3ZfZnVuY19zdHJmdGltZT0neWVzJwphY19jdl9mdW5jX3N0
cmxjYXQ9J25vJwphY19jdl9mdW5jX3N0cmxjcHk9J25vJwphY19jdl9mdW5jX3N0cm1vZGU9J25v
JwphY19jdl9mdW5jX3N0cnNlcD0neWVzJwphY19jdl9mdW5jX3N5c2NvbmY9J3llcycKYWNfY3Zf
ZnVuY190Y2dldHBncnA9J3llcycKYWNfY3ZfZnVuY190aW1lPSd5ZXMnCmFjX2N2X2Z1bmNfdHJ1
bmNhdGU9J3llcycKYWNfY3ZfZnVuY191cGR3dG1wPSdubycKYWNfY3ZfZnVuY191dGltZXM9J3ll
cycKYWNfY3ZfZnVuY191dG1wbmFtZT0neWVzJwphY19jdl9mdW5jX3V0bXB4bmFtZT0nbm8nCmFj
X2N2X2Z1bmNfdmhhbmd1cD0neWVzJwphY19jdl9mdW5jX3ZzbnByaW50Zj0neWVzJwphY19jdl9m
dW5jX3dhaXRwaWQ9J3llcycKYWNfY3ZfZnVuY195cF9tYXRjaD0neWVzJwphY19jdl9oYXZlX19f
c3NfZmFtaWx5X2luX3N0cnVjdF9zcz0nbm8nCmFjX2N2X2hhdmVfYWNjcmlnaHRzX2luX21zZ2hk
cj0nbm8nCmFjX2N2X2hhdmVfY2xvY2tfdD0neWVzJwphY19jdl9oYXZlX2NvbnRyb2xfaW5fbXNn
aGRyPSd5ZXMnCmFjX2N2X2hhdmVfZ2V0b3B0X29wdHJlc2V0PSdubycKYWNfY3ZfaGF2ZV9pbnQ2
NF90PSd5ZXMnCmFjX2N2X2hhdmVfaW50eHhfdD0neWVzJwphY19jdl9oYXZlX21vZGVfdD0neWVz
JwphY19jdl9oYXZlX3BpZF90PSd5ZXMnCmFjX2N2X2hhdmVfcHdfY2hhbmdlX2luX3N0cnVjdF9w
YXNzd2Q9J25vJwphY19jdl9oYXZlX3B3X2NsYXNzX2luX3N0cnVjdF9wYXNzd2Q9J25vJwphY19j
dl9oYXZlX3B3X2V4cGlyZV9pbl9zdHJ1Y3RfcGFzc3dkPSdubycKYWNfY3ZfaGF2ZV9zYV9mYW1p
bHlfdD0nbm8nCmFjX2N2X2hhdmVfc2l6ZV90PSd5ZXMnCmFjX2N2X2hhdmVfc3NfZmFtaWx5X2lu
X3N0cnVjdF9zcz0nbm8nCmFjX2N2X2hhdmVfc3NpemVfdD0neWVzJwphY19jdl9oYXZlX3N0cnVj
dF9hZGRyaW5mbz0nbm8nCmFjX2N2X2hhdmVfc3RydWN0X2luNl9hZGRyPSdubycKYWNfY3ZfaGF2
ZV9zdHJ1Y3Rfc29ja2FkZHJfaW42PSd5ZXMnCmFjX2N2X2hhdmVfc3RydWN0X3NvY2thZGRyX3N0
b3JhZ2U9J25vJwphY19jdl9oYXZlX3N0cnVjdF90aW1ldmFsPSd5ZXMnCmFjX2N2X2hhdmVfdV9j
aGFyPSd5ZXMnCmFjX2N2X2hhdmVfdV9pbnQ9J3llcycKYWNfY3ZfaGF2ZV91X2ludDY0X3Q9J3ll
cycKYWNfY3ZfaGF2ZV91X2ludHh4X3Q9J3llcycKYWNfY3ZfaGVhZGVyX2JzdHJpbmdfaD0neWVz
JwphY19jdl9oZWFkZXJfY3J5cHRfaD0nbm8nCmFjX2N2X2hlYWRlcl9lbmRpYW5faD0neWVzJwph
Y19jdl9oZWFkZXJfZmxvYXRpbmdwb2ludF9oPSdubycKYWNfY3ZfaGVhZGVyX2dldG9wdF9oPSd5
ZXMnCmFjX2N2X2hlYWRlcl9nbG9iX2g9J3llcycKYWNfY3ZfaGVhZGVyX2ludHR5cGVzX2g9J25v
JwphY19jdl9oZWFkZXJfbGFzdGxvZ19oPSd5ZXMnCmFjX2N2X2hlYWRlcl9saWJ1dGlsX2g9J25v
JwphY19jdl9oZWFkZXJfbGltaXRzX2g9J3llcycKYWNfY3ZfaGVhZGVyX2xvZ2luX2NhcF9oPSdu
bycKYWNfY3ZfaGVhZGVyX2xvZ2luX2g9J25vJwphY19jdl9oZWFkZXJfbWFpbGxvY2tfaD0nbm8n
CmFjX2N2X2hlYWRlcl9tZW1vcnlfaD0neWVzJwphY19jdl9oZWFkZXJfbmV0ZGJfaD0neWVzJwph
Y19jdl9oZWFkZXJfbmV0Z3JvdXBfaD0nbm8nCmFjX2N2X2hlYWRlcl9uZXRpbmV0X2luX3N5c3Rt
X2g9J3llcycKYWNfY3ZfaGVhZGVyX3BhdGhzX2g9J3llcycKYWNfY3ZfaGVhZGVyX3B0eV9oPSdu
bycKYWNfY3ZfaGVhZGVyX3JlYWRwYXNzcGhyYXNlX2g9J25vJwphY19jdl9oZWFkZXJfcnBjX3R5
cGVzX2g9J3llcycKYWNfY3ZfaGVhZGVyX3NlY3VyaXR5X3BhbV9hcHBsX2g9J25vJwphY19jdl9o
ZWFkZXJfc2hhZG93X2g9J3llcycKYWNfY3ZfaGVhZGVyX3N0ZGM9J3llcycKYWNfY3ZfaGVhZGVy
X3N0ZGRlZl9oPSd5ZXMnCmFjX2N2X2hlYWRlcl9zdGRpbnRfaD0nbm8nCmFjX2N2X2hlYWRlcl9z
dGRsaWJfaD0neWVzJwphY19jdl9oZWFkZXJfc3RyaW5nX2g9J3llcycKYWNfY3ZfaGVhZGVyX3N0
cmluZ3NfaD0neWVzJwphY19jdl9oZWFkZXJfc3lzX2JpdHlwZXNfaD0neWVzJwphY19jdl9oZWFk
ZXJfc3lzX2JzZHR0eV9oPSdubycKYWNfY3ZfaGVhZGVyX3N5c19jZGVmc19oPSd5ZXMnCmFjX2N2
X2hlYWRlcl9zeXNfbW1hbl9oPSd5ZXMnCmFjX2N2X2hlYWRlcl9zeXNfc2VsZWN0X2g9J25vJwph
Y19jdl9oZWFkZXJfc3lzX3N0YXRfaD0neWVzJwphY19jdl9oZWFkZXJfc3lzX3N0cm9wdHNfaD0n
bm8nCmFjX2N2X2hlYWRlcl9zeXNfc3lzbWFjcm9zX2g9J3llcycKYWNfY3ZfaGVhZGVyX3N5c190
aW1lX2g9J3llcycKYWNfY3ZfaGVhZGVyX3N5c190eXBlc19oPSd5ZXMnCmFjX2N2X2hlYWRlcl9z
eXNfdW5faD0neWVzJwphY19jdl9oZWFkZXJfdGltZV9oPSd5ZXMnCmFjX2N2X2hlYWRlcl90dHll
bnRfaD0nbm8nCmFjX2N2X2hlYWRlcl91bmlzdGRfaD0neWVzJwphY19jdl9oZWFkZXJfdXNlcnNl
Y19oPSdubycKYWNfY3ZfaGVhZGVyX3V0aWxfaD0nbm8nCmFjX2N2X2hlYWRlcl91dGltZV9oPSd5
ZXMnCmFjX2N2X2hlYWRlcl91dG1wX2g9J3llcycKYWNfY3ZfaGVhZGVyX3V0bXB4X2g9J25vJwph
Y19jdl9ob3N0PSdpNDg2LXBjLWxpbnV4LWdudWxpYmMxJwphY19jdl9ob3N0X2FsaWFzPSdpNDg2
LXBjLWxpbnV4LWdudWxpYmMxJwphY19jdl9saWJfY3J5cHRfY3J5cHQ9J25vJwphY19jdl9saWJf
Z2VuX2Rpcm5hbWU9J25vJwphY19jdl9saWJfel9kZWZsYXRlPSd5ZXMnCmFjX2N2X2xpYmNfZGVm
aW5lc19fX3Byb2duYW1lPSd5ZXMnCmFjX2N2X2xpYmNfZGVmaW5lc19zeXNfZXJybGlzdD0neWVz
JwphY19jdl9saWJjX2RlZmluZXNfc3lzX25lcnI9J3llcycKYWNfY3ZfbWVtYmVyX3N0cnVjdF9z
dGF0X3N0X2Jsa3NpemU9J3llcycKYWNfY3Zfb2JqZXh0PSdvJwphY19jdl9wYXRoX0FSPScvdXNy
L2Jpbi9hcicKYWNfY3ZfcGF0aF9MT0dJTl9QUk9HUkFNX0ZBTExCQUNLPScvYmluL2xvZ2luJwph
Y19jdl9wYXRoX05ST0ZGPScvdXNyL2Jpbi9ucm9mZicKYWNfY3ZfcGF0aF9QRVJMPScvdXNyL2Jp
bi9wZXJsJwphY19jdl9wYXRoX1BST0dfQVJQPScvc2Jpbi9hcnAnCmFjX2N2X3BhdGhfUFJPR19E
Rj0nL2Jpbi9kZicKYWNfY3ZfcGF0aF9QUk9HX0lGQ09ORklHPScvc2Jpbi9pZmNvbmZpZycKYWNf
Y3ZfcGF0aF9QUk9HX0lQQ1M9Jy91c3IvYmluL2lwY3MnCmFjX2N2X3BhdGhfUFJPR19MQVNUPScv
dXNyL2Jpbi9sYXN0JwphY19jdl9wYXRoX1BST0dfTEFTVExPRz0nL3Vzci9zYmluL2xhc3Rsb2cn
CmFjX2N2X3BhdGhfUFJPR19MUz0nL2Jpbi9scycKYWNfY3ZfcGF0aF9QUk9HX05FVFNUQVQ9Jy9i
aW4vbmV0c3RhdCcKYWNfY3ZfcGF0aF9QUk9HX1BTPScvYmluL3BzJwphY19jdl9wYXRoX1BST0df
VEFJTD0nL3Vzci9iaW4vdGFpbCcKYWNfY3ZfcGF0aF9QUk9HX1VQVElNRT0nL3Vzci9iaW4vdXB0
aW1lJwphY19jdl9wYXRoX1BST0dfVk1TVEFUPScvdXNyL2Jpbi92bXN0YXQnCmFjX2N2X3BhdGhf
UFJPR19XPScvdXNyL2Jpbi93JwphY19jdl9wYXRoX1BST0dfV0hPPScvdXNyL2Jpbi93aG8nCmFj
X2N2X3BhdGhfU0g9Jy9iaW4vc2gnCmFjX2N2X3BhdGhfVEVTVF9NSU5VU19TX1NIPScvdXNyL2Jp
bi9iYXNoJwphY19jdl9wYXRoX2luc3RhbGw9Jy91c3IvYmluL2dpbnN0YWxsIC1jJwphY19jdl9w
YXRoX3hhdXRoX3BhdGg9Jy91c3IvWDExUjYvYmluL3hhdXRoJwphY19jdl9wcm9nX0NQUD0nZ2Nj
IC1FJwphY19jdl9wcm9nX2FjX2N0X0NDPSdnY2MnCmFjX2N2X3Byb2dfYWNfY3RfUkFOTElCPSdy
YW5saWInCmFjX2N2X3Byb2dfY2NfZz0neWVzJwphY19jdl9wcm9nX2NjX3N0ZGM9JycKYWNfY3Zf
c2VhcmNoX2xvZ2luPSctbGJzZCcKYWNfY3Zfc2l6ZW9mX2NoYXI9JzEnCmFjX2N2X3NpemVvZl9p
bnQ9JzQnCmFjX2N2X3NpemVvZl9sb25nX2ludD0nNCcKYWNfY3Zfc2l6ZW9mX2xvbmdfbG9uZ19p
bnQ9JzgnCmFjX2N2X3NpemVvZl9zaG9ydF9pbnQ9JzInCmFjX2N2X3N5c19maWxlX29mZnNldF9i
aXRzPSdubycKYWNfY3Zfc3lzX2xhcmdlX2ZpbGVzPSdubycKYWNfY3Zfc3lzX2xhcmdlZmlsZV9D
Qz0nbm8nCmFjX2N2X3R5cGVfY2hhcj0neWVzJwphY19jdl90eXBlX2ludD0neWVzJwphY19jdl90
eXBlX2xvbmdfaW50PSd5ZXMnCmFjX2N2X3R5cGVfbG9uZ19sb25nX2ludD0neWVzJwphY19jdl90
eXBlX3Nob3J0X2ludD0neWVzJwphY19jdl90eXBlX3NpZ19hdG9taWNfdD0neWVzJwphY19jdl90
eXBlX3NvY2tsZW5fdD0nbm8nCmN1cmxfY3Zfc29ja2xlbl90X2VxdWl2PSdpbnQnCm9zc2hfY3Zf
dXRtcF9oX2hhc191dF9hZGRyPSd5ZXMnCm9zc2hfY3ZfdXRtcF9oX2hhc191dF9hZGRyX3Y2PSdu
bycKb3NzaF9jdl91dG1wX2hfaGFzX3V0X2V4aXQ9J25vJwpvc3NoX2N2X3V0bXBfaF9oYXNfdXRf
aG9zdD0neWVzJwpvc3NoX2N2X3V0bXBfaF9oYXNfdXRfaWQ9J3llcycKb3NzaF9jdl91dG1wX2hf
aGFzX3V0X3BpZD0neWVzJwpvc3NoX2N2X3V0bXBfaF9oYXNfdXRfdGltZT0neWVzJwpvc3NoX2N2
X3V0bXBfaF9oYXNfdXRfdHY9J25vJwpvc3NoX2N2X3V0bXBfaF9oYXNfdXRfdHlwZT0neWVzJwpv
c3NoX2N2X3V0bXB4X2hfaGFzX3N5c2xlbj0nbm8nCm9zc2hfY3ZfdXRtcHhfaF9oYXNfdXRfYWRk
cj0nbm8nCm9zc2hfY3ZfdXRtcHhfaF9oYXNfdXRfYWRkcl92Nj0nbm8nCm9zc2hfY3ZfdXRtcHhf
aF9oYXNfdXRfaG9zdD0nbm8nCm9zc2hfY3ZfdXRtcHhfaF9oYXNfdXRfaWQ9J25vJwpvc3NoX2N2
X3V0bXB4X2hfaGFzX3V0X3RpbWU9J25vJwpvc3NoX2N2X3V0bXB4X2hfaGFzX3V0X3R2PSdubycK
b3NzaF9jdl91dG1weF9oX2hhc191dF90eXBlPSdubycKCiMjIC0tLS0tLS0tLS0tICMjCiMjIGNv
bmZkZWZzLmguICMjCiMjIC0tLS0tLS0tLS0tICMjCgojZGVmaW5lIFBBQ0tBR0VfTkFNRSAiIgoj
ZGVmaW5lIFBBQ0tBR0VfVEFSTkFNRSAiIgojZGVmaW5lIFBBQ0tBR0VfVkVSU0lPTiAiIgojZGVm
aW5lIFBBQ0tBR0VfU1RSSU5HICIiCiNkZWZpbmUgUEFDS0FHRV9CVUdSRVBPUlQgIiIKI2RlZmlu
ZSBMT0dJTl9QUk9HUkFNX0ZBTExCQUNLICIvYmluL2xvZ2luIgojZGVmaW5lIERPTlRfVFJZX09U
SEVSX0FGIDEKI2RlZmluZSBQQU1fVFRZX0tMVURHRSAxCiNkZWZpbmUgU1REQ19IRUFERVJTIDEK
I2RlZmluZSBIQVZFX1NZU19UWVBFU19IIDEKI2RlZmluZSBIQVZFX1NZU19TVEFUX0ggMQojZGVm
aW5lIEhBVkVfU1RETElCX0ggMQojZGVmaW5lIEhBVkVfU1RSSU5HX0ggMQojZGVmaW5lIEhBVkVf
TUVNT1JZX0ggMQojZGVmaW5lIEhBVkVfU1RSSU5HU19IIDEKI2RlZmluZSBIQVZFX1VOSVNURF9I
IDEKI2RlZmluZSBIQVZFX0JTVFJJTkdfSCAxCiNkZWZpbmUgSEFWRV9FTkRJQU5fSCAxCiNkZWZp
bmUgSEFWRV9HRVRPUFRfSCAxCiNkZWZpbmUgSEFWRV9HTE9CX0ggMQojZGVmaW5lIEhBVkVfTEFT
VExPR19IIDEKI2RlZmluZSBIQVZFX0xJTUlUU19IIDEKI2RlZmluZSBIQVZFX05FVERCX0ggMQoj
ZGVmaW5lIEhBVkVfTkVUSU5FVF9JTl9TWVNUTV9IIDEKI2RlZmluZSBIQVZFX1BBVEhTX0ggMQoj
ZGVmaW5lIEhBVkVfUlBDX1RZUEVTX0ggMQojZGVmaW5lIEhBVkVfU0hBRE9XX0ggMQojZGVmaW5l
IEhBVkVfU1REREVGX0ggMQojZGVmaW5lIEhBVkVfU1RSSU5HU19IIDEKI2RlZmluZSBIQVZFX1NZ
U19CSVRZUEVTX0ggMQojZGVmaW5lIEhBVkVfU1lTX0NERUZTX0ggMQojZGVmaW5lIEhBVkVfU1lT
X01NQU5fSCAxCiNkZWZpbmUgSEFWRV9TWVNfU1RBVF9IIDEKI2RlZmluZSBIQVZFX1NZU19TWVNN
QUNST1NfSCAxCiNkZWZpbmUgSEFWRV9TWVNfVElNRV9IIDEKI2RlZmluZSBIQVZFX1NZU19VTl9I
IDEKI2RlZmluZSBIQVZFX1RJTUVfSCAxCiNkZWZpbmUgSEFWRV9VVElNRV9IIDEKI2RlZmluZSBI
QVZFX1VUTVBfSCAxCiNkZWZpbmUgSEFWRV9MSUJaIDEKI2RlZmluZSBIQVZFX0xPR0lOIDEKI2Rl
ZmluZSBIQVZFX0xPR09VVCAxCiNkZWZpbmUgSEFWRV9MT0dXVE1QIDEKI2RlZmluZSBIQVZFX1NU
UkZUSU1FIDEKI2RlZmluZSBIQVZFX0JDT1BZIDEKI2RlZmluZSBIQVZFX0NMT0NLIDEKI2RlZmlu
ZSBIQVZFX0ZDSE1PRCAxCiNkZWZpbmUgSEFWRV9GQ0hPV04gMQojZGVmaW5lIEhBVkVfR0VUQ1dE
IDEKI2RlZmluZSBIQVZFX0dFVE9QVCAxCiNkZWZpbmUgSEFWRV9HRVRSTElNSVQgMQojZGVmaW5l
IEhBVkVfR0VUUlVTQUdFIDEKI2RlZmluZSBIQVZFX0dMT0IgMQojZGVmaW5lIEhBVkVfSU5FVF9B
VE9OIDEKI2RlZmluZSBIQVZFX0lORVRfTlRPQSAxCiNkZWZpbmUgSEFWRV9JTk5FVEdSIDEKI2Rl
ZmluZSBIQVZFX01FTU1PVkUgMQojZGVmaW5lIEhBVkVfTU1BUCAxCiNkZWZpbmUgSEFWRV9PUEVO
UFRZIDEKI2RlZmluZSBIQVZFX1JFQUxQQVRIIDEKI2RlZmluZSBIQVZFX1JFQ1ZNU0cgMQojZGVm
aW5lIEhBVkVfU0VORE1TRyAxCiNkZWZpbmUgSEFWRV9TRVRFR0lEIDEKI2RlZmluZSBIQVZFX1NF
VEVOViAxCiNkZWZpbmUgSEFWRV9TRVRFVUlEIDEKI2RlZmluZSBIQVZFX1NFVEdST1VQUyAxCiNk
ZWZpbmUgSEFWRV9TRVRSRVNHSUQgMQojZGVmaW5lIEhBVkVfU0VUUkVVSUQgMQojZGVmaW5lIEhB
VkVfU0VUUkxJTUlUIDEKI2RlZmluZSBIQVZFX1NFVFNJRCAxCiNkZWZpbmUgSEFWRV9TRVRWQlVG
IDEKI2RlZmluZSBIQVZFX1NJR0FDVElPTiAxCiNkZWZpbmUgSEFWRV9TTlBSSU5URiAxCiNkZWZp
bmUgSEFWRV9TT0NLRVRQQUlSIDEKI2RlZmluZSBIQVZFX1NUUkVSUk9SIDEKI2RlZmluZSBIQVZF
X1NUUlNFUCAxCiNkZWZpbmUgSEFWRV9TWVNDT05GIDEKI2RlZmluZSBIQVZFX1RDR0VUUEdSUCAx
CiNkZWZpbmUgSEFWRV9UUlVOQ0FURSAxCiNkZWZpbmUgSEFWRV9VVElNRVMgMQojZGVmaW5lIEhB
VkVfVkhBTkdVUCAxCiNkZWZpbmUgSEFWRV9WU05QUklOVEYgMQojZGVmaW5lIEhBVkVfV0FJVFBJ
RCAxCiNkZWZpbmUgSEFWRV9HRVRUSU1FT0ZEQVkgMQojZGVmaW5lIEhBVkVfVElNRSAxCiNkZWZp
bmUgSEFWRV9FTkRVVEVOVCAxCiNkZWZpbmUgSEFWRV9HRVRVVEVOVCAxCiNkZWZpbmUgSEFWRV9H
RVRVVElEIDEKI2RlZmluZSBIQVZFX0dFVFVUTElORSAxCiNkZWZpbmUgSEFWRV9QVVRVVExJTkUg
MQojZGVmaW5lIEhBVkVfU0VUVVRFTlQgMQojZGVmaW5lIEhBVkVfVVRNUE5BTUUgMQojZGVmaW5l
IEhBVkVfREFFTU9OIDEKI2RlZmluZSBIQVZFX0dFVFBBR0VTSVpFIDEKI2RlZmluZSBHRVRQR1JQ
X1ZPSUQgMQojZGVmaW5lIEhBVkVfT1BFTlNTTCAxCiNkZWZpbmUgT1BFTlNTTF9QUk5HX09OTFkg
MQojZGVmaW5lIEVOVFJPUFlfVElNRU9VVF9NU0VDIDIwMAojZGVmaW5lIFNTSF9QUklWU0VQX1VT
RVIgInNzaGQiCiNkZWZpbmUgU0laRU9GX0NIQVIgMQojZGVmaW5lIFNJWkVPRl9TSE9SVF9JTlQg
MgojZGVmaW5lIFNJWkVPRl9JTlQgNAojZGVmaW5lIFNJWkVPRl9MT05HX0lOVCA0CiNkZWZpbmUg
U0laRU9GX0xPTkdfTE9OR19JTlQgOAojZGVmaW5lIEhBVkVfVV9JTlQgMQojZGVmaW5lIEhBVkVf
SU5UWFhfVCAxCiNkZWZpbmUgSEFWRV9JTlQ2NF9UIDEKI2RlZmluZSBIQVZFX1VfSU5UWFhfVCAx
CiNkZWZpbmUgSEFWRV9VX0lOVDY0X1QgMQojZGVmaW5lIEhBVkVfVV9DSEFSIDEKI2RlZmluZSBz
b2NrbGVuX3QgaW50CiNkZWZpbmUgSEFWRV9TSUdfQVRPTUlDX1QgMQojZGVmaW5lIEhBVkVfU0la
RV9UIDEKI2RlZmluZSBIQVZFX1NTSVpFX1QgMQojZGVmaW5lIEhBVkVfQ0xPQ0tfVCAxCiNkZWZp
bmUgSEFWRV9QSURfVCAxCiNkZWZpbmUgSEFWRV9NT0RFX1QgMQojZGVmaW5lIEhBVkVfU1RSVUNU
X1NPQ0tBRERSX0lONiAxCiNkZWZpbmUgSEFWRV9TVFJVQ1RfVElNRVZBTCAxCiNkZWZpbmUgSEFW
RV9IT1NUX0lOX1VUTVAgMQojZGVmaW5lIEhBVkVfUElEX0lOX1VUTVAgMQojZGVmaW5lIEhBVkVf
VFlQRV9JTl9VVE1QIDEKI2RlZmluZSBIQVZFX0lEX0lOX1VUTVAgMQojZGVmaW5lIEhBVkVfQURE
Ul9JTl9VVE1QIDEKI2RlZmluZSBIQVZFX1RJTUVfSU5fVVRNUCAxCiNkZWZpbmUgSEFWRV9TVFJV
Q1RfU1RBVF9TVF9CTEtTSVpFIDEKI2RlZmluZSBIQVZFX0NPTlRST0xfSU5fTVNHSERSIDEKI2Rl
ZmluZSBIQVZFX19fUFJPR05BTUUgMQojZGVmaW5lIEhBVkVfX19GVU5DVElPTl9fIDEKI2RlZmlu
ZSBIQVZFX1NZU19FUlJMSVNUIDEKI2RlZmluZSBIQVZFX1NZU19ORVJSIDEKI2RlZmluZSBYQVVU
SF9QQVRIICIvdXNyL1gxMVI2L2Jpbi94YXV0aCIKI2RlZmluZSBNQUlMX0RJUkVDVE9SWSAiL3Zh
ci9zcG9vbC9tYWlsIgojZGVmaW5lIEhBU19TSEFET1dfRVhQSVJFIDEKI2RlZmluZSBVU0VSX1BB
VEggIi91c3IvYmluOi9iaW46L3Vzci9zYmluOi9zYmluOi91c3IvbG9jYWwvYmluIgojZGVmaW5l
IElQVjRfSU5fSVBWNiAxCiNkZWZpbmUgX1BBVEhfU1NIX1BJRERJUiAiL3Zhci9ydW4iCiNkZWZp
bmUgRElTQUJMRV9VVE1QWCAxCiNkZWZpbmUgRElTQUJMRV9XVE1QWCAxCgpjb25maWd1cmU6IGV4
aXQgMAo=

------------102196104183A44AE--




From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.25.1162419635.11741.openssh-unix-dev@mindrot.org>

requiring the user to do anything special.  i.e. when they run "ssh gate -p 22" 
it just works and when they run "ssh gate -p 1022" it just works.  Having to 
tell everyone who will remotely access our system (i.e. employees, contractors, 
customers, etc) that they have to go setup special configurations with special 
options in order to access our network just isn't practical.

The tool is suppose to work for the user, not the other way around.

As for disk space, each line in these files is a little over 200 bytes.  if 
your file system is so tight that you can't put a couple extra KB on your disk, 
you've got bigger problems.

As for the statement that the entries in the known_hosts file are suppose to 
represent "real" ssh servers, that is also not true.  As an IT Manager, I 
explicitly want to control how my network appears to the outside world.  The 
only points of contact (and knowledge) that the outside world has about my 
network are defined through my firewalls.  Everything that the outside world 
knows about my network must be related the defined entry points to my network, 
not the internals of my network.

As for verifying every IP:Port pair, the simple answer is "YES".  Again, since 
every IP:Port pair could map to a completely separate system you actually have 
to verify each IP:Port pair because making the assumption that all ports on a 
particular IP go to a single host is simply wrong.

Tell you what, if I patch up the code and send it to you, will you roll it into 
the next release?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.26.1162419661.11741.openssh-unix-dev@mindrot.org>

"clearing sensitive information such as encryption keys from memory may
not work as expected because an optimising compiler removes the memset()
if it decides it's redundant."

"When compiled with any level of optimisation using gcc, the key
clearing call goes away because of dead code elimination."

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.27.1162419662.11741.openssh-unix-dev@mindrot.org>

Attachment Details:-

Attachment Name: N/A
File: Infected.msg
Infected? No
Repaired? No
Blocked? Yes
Deleted? No
Virus Name:







From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.28.1162419665.11741.openssh-unix-dev@mindrot.org>

simplify and clean it up dead wood (if it is broken it is dead wood).
Remember NeXT has no direct maintianer any more unless someone from the
community wishes to step up and claim it.

So if you value your platform.  I suggest you get involved.  NeXT is
living on borrowed time. =)

Remember you need autoconf 2.5x and above for rebuilding the ./configure
file.

- Ben

Index: configure.ac
===================================================================
RCS file: /var/cvs/openssh/configure.ac,v
retrieving revision 1.89.2.2
diff -u -r1.89.2.2 configure.ac
--- configure.ac	16 Oct 2002 00:25:40 -0000	1.89.2.2
+++ configure.ac	25 Oct 2002 14:08:43 -0000
@@ -601,12 +601,15 @@
 	getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
 	getrlimit getrusage getttyent glob inet_aton inet_ntoa \
 	inet_ntop innetgr login_getcapbool md5_crypt memmove \
-	mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
+	mkdtemp ngetaddrinfo openpty ogetaddrinfo readpassphrase \
 	realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
 	setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
 	setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
 	socketpair strerror strlcat strlcpy strmode sysconf tcgetpgrp \
 	truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+
+dnl Make sure that mmap prototype is defined before defining HAVE_MMAP
+AC_CHECK_DECL(mmap, [AC_CHECK_FUNCS(mmap)])

 dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.29.1162419673.11741.openssh-unix-dev@mindrot.org>

A value of 0 is returned when the end of the file has been reached. (For
information about communication files, see the ioctl and termio files.)

The read is returning zero for something other than EOF.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
--------------4DF905CE3C59C616D5F4AA6C
Content-Type: text/plain; charset=us-ascii;
 name="openssh-3.5p1-aix_zerowrite.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="openssh-3.5p1-aix_zerowrite.patch"

diff -ru openssh-3.5p1.orig/channels.c openssh-3.5p1/channels.c
--- openssh-3.5p1.orig/channels.c	Thu Sep 19 11:54:55 2002
+++ openssh-3.5p1/channels.c	Wed Dec 11 15:28:51 2002
@@ -1246,8 +1246,8 @@
 		len = read(c->rfd, buf, sizeof(buf));
 		if (len < 0 && (errno == EINTR || errno == EAGAIN))
 			return 1;
-		if (len <= 0) {
-			debug("channel %d: read<=0 rfd %d len %d",
+		if (len < 0) {
+			debug("channel %d: read<0 rfd %d len %d",
 			    c->self, c->rfd, len);
 			if (c->type != SSH_CHANNEL_OPEN) {
 				debug("channel %d: not open", c->self);

--------------4DF905CE3C59C616D5F4AA6C--



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.30.1162419676.11741.openssh-unix-dev@mindrot.org>

I_PUSH
     Pushes the module whose name is pointed to by arg onto
     the  top  of the current stream, just below the STREAM
     head. If the STREAM is a  pipe,  the  module  will  be
     inserted  between the stream heads of both ends of the
     pipe. It then calls the open  routine  of  the  newly-
     pushed  module. On failure, errno is set to one of the
     following values:

Want to bet it's the "open routine" that acquires the controlling tty? If that's 
so the the only way I can see to fix it is push the STREAMS modules *after* 
forking to run the shell.

That cure might be worse than the disease.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.31.1162419695.11741.openssh-unix-dev@mindrot.org>

been yet documented in scp.1 manpage.  I assume that was forgotten?

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.32.1162419700.11741.openssh-unix-dev@mindrot.org>



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.33.1162419719.11741.openssh-unix-dev@mindrot.org>

From: Ward Wouts <ward at wizeazz.nl>
To: bugs at openbsd.org
Subject: problem with sftp
Date: Tue, 18 Mar 2003 10:26:03 +0100

Hello,

I'm seeing a problem with sftp where it's not possible to transfer files
with both 's and "s and spaces in the name. I think it's a problem with
the way get_pathname in sftp-int.c works, but my C is nowhere near good
enough to fix this. To reproduce try transfering a file named:

this"is' asillyname

with sftp.

Ward



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.34.1162419721.11741.openssh-unix-dev@mindrot.org>

of the remotely connected socket is in in monitor_read(). The easiest way to 
pass them in would be to add fields to the Authctxt structure, which gets 
passed down into auth_krb5_password(), although possibly not the best. Perhaps
using a prompter isn't the best way to go, either, I'm not sure.

Ultimately, I'm simply looking for any pointers as to the best way to proceed, 
even if it's "read the code" :->

Thanks,

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------

"Given a choice between a complex, difficult-to-understand, disconcerting
 explanation and a simplistic, comforting one, many prefer simplistic
 comfort if it's remotely plausible, especially if it involves blaming
 someone else for their problems."
                                                -- Bob Lewis, _Infoworld_



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.35.1162419725.11741.openssh-unix-dev@mindrot.org>

some_host$ ssh -R 20022:my_other_host:22 user at my_host

when I tried to connect to forwarded port from another computer, like this:

some_host$ ssh -p 20022 my_host

i got the message:

Connection refused.

When I tried to conect from the host my_host where the port was forwarded from 
like this:

my_host$ ssh -p 20022 localhost

it worked O.K. When I did it from the same my_host like this:

my_host$ ssh -p 20022 my_host

it failed again.

Forwarding of local ports form my_host works O.K. So by doing

my_host$ ssh -gL 20022:my_other_host:22 user at some_host

forwarding of port 20022 on my_host worked.

I should mention that my_host has a firewall installed, but the port 20022 was 
permitted. We tested it with putting sshd to listen on 20022:

my_host$ sshd -p 2002

and connecting to port 20022 from outside:

some_host$ ssh -p 20022

and it worked. So the firewall probably isn't the problem.

Port forwarding worked O.K. for other versions of SSH, only with OpenSSH it 
didn't.

The OS is:

FreeBSD 4.8-RELEASE #6

on:

i386 AMD Athlon(tm) Processor

The OpenSSH version is:

OpenSSH_3.5p1 FreeBSD-20030201



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.36.1162419729.11741.openssh-unix-dev@mindrot.org>

 sshd[31829]: error: ioctl(TIOCSCTTY): Operation not permitted
 sshd[31829]: error: ioctl(TIOCSCTTY): Operation not permitte
 sshd[31829]: error: open /dev/tty failed - could not set controlling tty: No
such device or address
 sshd[31829]: error: open /dev/tty failed - could not set controlling tty: No
such device or address

Now the process tree looks like:
 2173  ?  S    0:00 sshd: root at ttyp5 
 2175  p5 S    0:00  \_ -bash 
 2247  p5 S    0:00      \_ openssh-3.6.1p1/sshd -D 
 2248  p5 S    0:00          \_ sshd: root at ttyp4        
 2250  p4 S    0:00              \_ -bash 
 2256  p4 R    0:00                  \_ ps fx 


*** This bug has been marked as a duplicate of 536 ***



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.37.1162419737.11741.openssh-unix-dev@mindrot.org>

to something else in a rather nasty and incorrect way.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



From bogus@does.not.exist.com  Thu Nov  2 09:08:48 2006
From: bogus@does.not.exist.com ()
Date: Wed, 01 Nov 2006 22:08:48 -0000
Subject: No subject
Message-ID: <mailman.38.1162419752.11741.openssh-unix-dev@mindrot.org>

	"Doing the right thing is too hard, so we'll
implement the easy, but incorrect solution."

- Would you accept that line of reasoning in any other
section of SSH?

- Booker C. Bense



From ray at cyth.net  Fri Nov  3 07:21:54 2006
From: ray at cyth.net (Ray Lai)
Date: Thu, 2 Nov 2006 15:20:54 -0501
Subject: ssh strlen fixes
Message-ID: <20061102202117.GP8070@cybertron.cyth.net>

The following diffs fix negative index array accesses.  For the
path_append diff, if the first path is empty the second path is
just duplicated without a '/'.  Is this correct?

-Ray-

Index: misc.c
===================================================================
RCS file: /home/ray/openbsd/src/usr.bin/ssh/misc.c,v
retrieving revision 1.64
diff -u -p -r1.64 misc.c
--- misc.c	3 Aug 2006 03:34:42 -0000	1.64
+++ misc.c	2 Nov 2006 20:05:41 -0000
@@ -604,11 +604,15 @@ read_keyfile_line(FILE *f, const char *f
 {
 	while (fgets(buf, bufsz, f) != NULL) {
 		(*lineno)++;
-		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+		if (buf[0] != '\0' && buf[strlen(buf) - 1] == '\n' || feof(f)) {
 			return 0;
 		} else {
-			debug("%s: %s line %lu exceeds size limit", __func__,
-			    filename, *lineno);
+			if (buf[0] != '\0')
+				debug("%s: %s line %lu exceeds size limit",
+				    __func__, filename, *lineno);
+			else
+				debug("%s: %s line %lu contains a NUL character",
+				    __func__, filename, *lineno);
 			/* discard remainder of line */
 			while (fgetc(f) != '\n' && !feof(f))
 				;	/* nothing */
Index: sftp.c
===================================================================
RCS file: /home/ray/openbsd/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.93
diff -u -p -r1.93 sftp.c
--- sftp.c	30 Sep 2006 17:48:22 -0000	1.93
+++ sftp.c	2 Nov 2006 20:14:58 -0000
@@ -286,11 +286,11 @@ static char *
 path_append(char *p1, char *p2)
 {
 	char *ret;
-	int len = strlen(p1) + strlen(p2) + 2;
+	size_t len = strlen(p1) + strlen(p2) + 2;
 
 	ret = xmalloc(len);
 	strlcpy(ret, p1, len);
-	if (p1[strlen(p1) - 1] != '/')
+	if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
 		strlcat(ret, "/", len);
 	strlcat(ret, p2, len);
 

From js at cell.de  Sat Nov  4 00:24:19 2006
From: js at cell.de (Joerg Schneider)
Date: Fri, 03 Nov 2006 14:24:19 +0100
Subject: a strange behavior on a small memory system with tun0
Message-ID: <454B4303.2020800@cell.de>

Hello

I am using openssh as vpn on a router with freewrt.org and rsync to sync my local data to a remote server.
Everything works fine for me so far.

The only problem is that the channel-1 (tun0) goes down on the router after 50-200MB transfered via tun0
or after 5-20 hours only with a ping to the server . Channel-0 is still working.
Tcpdump shows that a ping from the router to the server via tun0 reaches the server
but the replay from Server doesn't the router. The tunnel goes unidirectional.

So far I think that must be e memory out problem on the router. What i did try till now is:

-I replaced the router from Linksys 16MB ram to Asus 32MB ram (24MB free), no change.

-I added 512MB swap via external usb harddrive (swap isn't even used when tun0 goes down!), no change.

-I switched from openssh 4.3p2 to 4.4p1 and chiper=blowfish, no difference.

-I switched from openwrt.org to freewrt.org, no difference.

-I tried the HPNPatch (www.psc.edu/networking/projects/hpn-ssh) and tested with HPNBufferSize=512kb, NoChiper=yes on server and router, not better.

-I tried with openvpn, works fine but i would prefer openssh for my backup solution.

-I changed for testing in channels.c:
        debug2("channel %d: rcvd adjust %u", id, adjust); to
        debug2("channel %d: rcvd adjust %u is_now: %u", id, adjust, c->remote_window);

debug on router shows:
..
..
..
Nov  3 12:26:51 (none) user.info : debug2: channel 1: rcvd adjust 1049336 is_now: 705152^M
Nov  3 12:26:59 (none) user.info : debug2: channel 1: rcvd adjust 1048663 is_now: 698457^M
Nov  3 12:27:01 (none) user.info : debug2: channel 1: window 108432 sent adjust 108524^M
Nov  3 12:27:06 (none) user.info : debug2: channel 1: rcvd adjust 1049535 is_now: 693233^M
Nov  3 12:27:14 (none) user.info : debug2: channel 1: rcvd adjust 1048580 is_now: 697384^M
Nov  3 12:27:22 (none) user.info : debug2: channel 1: rcvd adjust 1049529 is_now: 695099^M
Nov  3 12:28:30 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
............
tun0 (channel-1) is unidirectional now and I close channel-0 manualy for testing:
............
Nov  3 12:28:33 (none) user.info : debug2: channel 0: rcvd ext data 22^M
Nov  3 12:28:33 (none) user.info : netmask: Unknown host
Nov  3 12:28:33 (none) user.info : debug2: channel 0: written 22 to efd 6^M
Nov  3 12:28:33 (none) user.info : debug1: client_input_channel_req: channel 0 rtype exit-status reply 0^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: rcvd eof^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: output open -> drain^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: rcvd close^M
Nov  3 12:28:33 (none) user.info : debug3: channel 0: will not send data after close^M
Nov  3 12:28:33 (none) user.info : debug3: channel 0: will not send data after close^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: obuf empty^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: close_write^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: output drain -> closed^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: almost dead^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: gc: notify user^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: gc: user detached^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: send close^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: is dead^M
Nov  3 12:28:33 (none) user.info : debug2: channel 0: garbage collecting^M
Nov  3 12:28:33 (none) user.info : debug1: channel 0: free: client-session, nchannels 2^M
Nov  3 12:28:33 (none) user.info : debug3: channel 0: status: The following connections are open:^M
Nov  3 12:28:33 (none) user.info :   #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)^M
Nov  3 12:28:33 (none) user.info :   #1 tun (t4 r1 i0/0 o0/0 fd 7/7 cfd -1)^M
Nov  3 12:31:19 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
Nov  3 12:31:34 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
Nov  3 12:31:49 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
Nov  3 12:32:04 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
Nov  3 12:32:19 (none) user.info : debug1: client_input_channel_req: channel 1 rtype keepalive at openssh.com reply 1^M
..
..
..
no reply from server.....


top:
Mem: 17476K used, 12760K free, 0K shrd, 0K buff, 2708K cached
Load average: 0.00, 0.00, 0.07    (State: S=sleeping R=running, W=waiting)

   PID USER     STATUS   RSS  PPID %CPU %MEM COMMAND
11303 root     R        412 11294  2.9  1.3 top
   252 root     S        616     1  0.0  2.0 ssh
11293 root     S        572   185  0.0  1.8 dropbear
11294 root     S        472 11293  0.0  1.5 sh
  3462 root     S        420     1  0.0  1.3 hbc_sync.sh
11292 root     S        412  3462  0.0  1.3 rsync
  3383 root     S        388     1  0.0  1.2 crond
    84 root     S        352     1  0.0  1.1 syslogd
    73 root     S        340     1  0.0  1.1 logger
     1 root     S        320     0  0.0  1.0 init
   185 root     S        296     1  0.0  0.9 dropbear
   200 root     S        296     1  0.0  0.9 httpd
    87 root     S        288     1  0.0  0.9 klogd
    77 root     S        288     1  0.0  0.9 init
     4 root     SW         0     1  0.0  0.0 kswapd
     3 root     SWN        0     1  0.0  0.0 ksoftirqd_CPU0
   158 root     SW         0     1  0.0  0.0 usb-storage-0
    95 root     SW         0     1  0.0  0.0 khubd
     5 root     SW         0     1  0.0  0.0 bdflush
     2 root     SW         0     1  0.0  0.0 keventd
   160 root     SW         0     1  0.0  0.0 scsi_eh_0
    37 root     SWN        0     1  0.0  0.0 jffs2_gcd_mtd2
     6 root     SW         0     1  0.0  0.0 kupdated
     7 root     SW         0     1  0.0  0.0 cifsoplockd
    10 root     SW         0     1  0.0  0.0 mtdblockd


My router's logfile (<-- means message from server via channel-0):
Sat Jan 1 01:00:08 CET 2000  -->  client start up...
Sat Jan 1 01:00:08 CET 2000  -->  storing server key
Sat Jan 1 01:00:08 CET 2000  -->  storing remote-config
Sat Jan 1 01:00:08 CET 2000  -->  storing DNS config
Sat Jan 1 01:00:08 CET 2000  -->  creating partition_key
Sat Jan 1 01:00:08 CET 2000  -->  starting tunnel tun0
     ssh -vvv -w $TUN_ID:$TUN_ID root@$SERVER_IP -i /etc/ssh/id_rsa -o Cipher=blowfish -o Compression=no -o HPNBufferSize=512 -f /root/$REMOTE_CMD >> 
/tmp/hbc_log
Sat Jan 1 01:00:15 CET 2000  -->  ping to server
Sat Jan 1 01:00:15 CET 2000  -->  PING 172.27.0.1 (172.27.0.1): 56 data bytes 84 bytes from 172.27.0.1: icmp_seq=0 ttl=64 time=32.8 ms --- 172.27.0.1 
ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 32.8/32.8/32.8 ms
Sat Jan 1 01:00:15 CET 2000  -->  storing crontabs
Sat Jan 1 01:00:15 CET 2000  -->  restarting cron
Sat Jan 1 01:00:15 CET 2000  -->  getting systime from server 172.27.0.1
Sat Jan 1 01:00:15 CET 2000  -->  creating rsync_key
Fri Nov 3 11:47:00 CET 2006  -->  creating rsync_exclude
Fri Nov 3 11:47:00 CET 2006  -->  activating swap
Fri Nov 3 11:47:00 CET 2006  -->  swap is activated ( 249976 kb)!
Fri Nov 3 11:47:00 CET 2006  -->  client is ready and waiting for cron_start!
Fri Nov 3 11:46:59 CET 2006  <--  Unlock partition ---  key slot 0 unlocked.
Fri Nov 3 11:47:01 CET 2006  <--  Server route to 192.168.3.0 255.255.255.0 via tun0
Fri Nov 3 11:47:01 CET 2006  <--  Server is ready for user: backup0
Fri Nov 3 11:52:12 CET 2006  <--  VPN is alive ---
Fri Nov 3 11:56:38 CET 2006  -->  rsync start up...!
Fri Nov 3 11:56:38 CET 2006  -->  free memory   :  21004 kb
Fri Nov 3 11:56:38 CET 2006  -->  free swap     :  249976 kb
Fri Nov 3 11:56:38 CET 2006  -->  tun0 statistic:  RX bytes:68808 (67.1 KiB) TX bytes:69034 (67.4 KiB)
Fri Nov 3 11:56:38 CET 2006  -->  eth0 statistic:  RX bytes:242241 (236.5 KiB) TX bytes:192526 (188.0 KiB)
Fri Nov 3 11:56:38 CET 2006  -->  mounting CIFS 1 ...
Fri Nov 3 11:56:38 CET 2006  -->  mount.cifs //192.168.3.65/admin /tmp/mnt/SAMBA
Fri Nov 3 11:56:38 CET 2006  -->  rsync CIFS_PATH1-1
Fri Nov 3 11:56:38 CET 2006  -->  rsync -az --delete /tmp/mnt/SAMBA/samba backup0 at 172.27.0.1::backup0
Fri Nov 3 11:56:54 CET 2006  -->  free memory   :  15908 kb
Fri Nov 3 11:56:54 CET 2006  -->  free swap     :  249976 kb
Fri Nov 3 11:56:55 CET 2006  -->  tun0 statistic:  RX bytes:96641 (94.3 KiB) TX bytes:512489 (500.4 KiB)
Fri Nov 3 11:56:55 CET 2006  -->  eth0 statistic:  RX bytes:3029525 (2.8 MiB) TX bytes:844158 (824.3 KiB)
Fri Nov 3 12:02:44 CET 2006  <--  VPN is alive ---  rsync 29736 backup0 7u REG 253,5 0 3604516 
/home/backup0/daily.0/profiles/Anwendungsdaten/Thunderbird/Profiles/uemq90yi.default/Mail/Local Folders/.Inbox.jgORXx
Fri Nov 3 12:08:02 CET 2006  <--  VPN is alive ---  rsync 29736 backup0 7u REG 253,5 0 3604522 
/home/backup0/daily.0/profiles/Anwendungsdaten/Thunderbird/Profiles/uemq90yi.default/Mail/Local Folders/.Trash.F8Nsbv
Fri Nov 3 12:12:41 CET 2006  -->  free memory   :  5012 kb
Fri Nov 3 12:12:41 CET 2006  -->  free swap     :  248832 kb
Fri Nov 3 12:12:41 CET 2006  -->  tun0 statistic:  RX bytes:817137 (797.9 KiB) TX bytes:9740160 (9.2 MiB)
Fri Nov 3 12:12:41 CET 2006  -->  eth0 statistic:  RX bytes:592136574 (564.7 MiB) TX bytes:37319118 (35.5 MiB)
Fri Nov 3 12:12:41 CET 2006  -->  unmounting CIFS 1 ...
Fri Nov 3 12:12:42 CET 2006  -->  mounting CIFS 2 ...
Fri Nov 3 12:12:42 CET 2006  -->  mount.cifs //192.168.3.65/home_admin /tmp/mnt/HOME
Fri Nov 3 12:12:42 CET 2006  -->  rsync CIFS_PATH2-1
Fri Nov 3 12:12:42 CET 2006  -->  rsync -az --delete /tmp/mnt/HOME backup0 at 172.27.0.1::backup0
Fri Nov 3 12:13:23 CET 2006  <--  VPN is alive ---  rsync 2255 backup0 7u REG 253,5 7340032 3342346 /home/backup0/daily.0/HOME/.backup1.tar.eoRhST
Fri Nov 3 12:18:55 CET 2006  <--  VPN is alive ---  rsync 2255 backup0 7u REG 253,5 37486592 3342358 /home/backup0/daily.0/HOME/.backup2.tar.jqlgVH
Fri Nov 3 12:24:29 CET 2006  <--  VPN is alive ---  rsync 2255 backup0 7u REG 253,5 81002496 3342358 /home/backup0/daily.0/HOME/.backup2.tar.jqlgVH
Fri Nov 3 12:27:33 CET 2006  <--  !!! VPN is offline (count:1) !!!
Fri Nov 3 12:27:35 CET 2006  <--  !!! VPN is offline (count:2) !!!
Fri Nov 3 12:27:37 CET 2006  <--  !!! VPN is offline (count:3) !!!
Fri Nov 3 12:27:39 CET 2006  <--  !!! VPN is offline (count:4) !!!
Fri Nov 3 12:27:41 CET 2006  <--  !!! VPN is offline (count:5) !!!
Fri Nov 3 12:27:43 CET 2006  <--  !!! VPN is offline (count:6) !!!
Fri Nov 3 12:27:45 CET 2006  <--  !!! VPN is offline (count:7) !!!
Fri Nov 3 12:27:47 CET 2006  <--  !!! VPN is offline (count:8) !!!
Fri Nov 3 12:27:49 CET 2006  <--  !!! VPN is offline (count:9) !!!
Fri Nov 3 12:27:51 CET 2006  <--  !!! VPN is offline (count:10) !!!
Client backup0 is down!
Fri Nov 3 12:28:33 CET 2006  <--  killing process id: 2137 for user: backup0
Fri Nov 3 12:28:33 CET 2006  <--  killing process id: 2255 for user: backup0
Fri Nov 3 12:28:33 CET 2006  <--  Server shutdown for user: backup0 completed!
Fri Nov 3 12:30:01 CET 2006  -->  free memory   :  5154 kb
Fri Nov 3 12:30:01 CET 2006  -->  free swap     :  248832 kb
Fri Nov 3 12:30:01 CET 2006  -->  tun0 statistic:  RX bytes:2653208 (2.5 MiB) TX bytes:123763582 (118.0 MiB)
Fri Nov 3 12:30:01 CET 2006  -->  eth0 statistic:  RX bytes:732883585 (698.9 MiB)  TX bytes:170591978 (162.6 MiB)


The server is gentoo on AMD with 1024kb RAM and only for my backups at my ISP.
I don't know what to do next....any Idea?

Many thanks in advanced
Joerg Schneider


From dtucker at zip.com.au  Tue Nov  7 18:51:45 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Tue, 7 Nov 2006 18:51:45 +1100
Subject: Requirement for sshd account since 4.4p1
In-Reply-To: <20061027122900.GE8323@calimero.vinschen.de>
References: <20061027083659.GA4721@calimero.vinschen.de>
	<20061027110016.GA5243@gate.dtucker.net>
	<20061027122900.GE8323@calimero.vinschen.de>
Message-ID: <20061107075145.GA29943@gate.dtucker.net>

Hi there.

On Fri, Oct 27, 2006 at 02:29:00PM +0200, Corinna Vinschen wrote:
> On Oct 27 21:00, Darren Tucker wrote:
> > On Fri, Oct 27, 2006 at 10:36:59AM +0200, Corinna Vinschen wrote:
> > It's probably not just Solaris (any system where (seteuid(-1)) fails
> > would be affected) but that's where it was reported.
[...]
> > Maybe we could only load privsep_pw if we're running privileged?
> > set*uid is not going to work if we're not.
> 
> Here's the problem:  Right now there's no way to figure out whether sshd
> is running under a privileged account or not on Cygwin.  The problem is
> that being privileged is bound to testing uid 0 in OpenSSH throughout.
> 
> I'm asking for some years now to replace the inflexible tests for uid 0
> by a system specific function call along the lines of a
> 
>   bool privileged_user(uid)

I think we have discussed that in the past and I think it's a reasonable
idea (although I'd probably model it after POSIX capabilities to include
things like binding to low ports since POSIX is our nominal target)
but never had the time to pursue.

[...]
> As a short term solution I would suggest that sshd doesn't exit
> prematurely when it can't find the sshd account, but only later if it
> finds that the sshd account is required for operation, like, for instance,
> GSSAPI on Solaris, or if privilege separation is actually requested.

We ended up going with the patch below.

[...]
> > Always having the privsep uid available is useful in other cases too
> > (eg PAM, bug #1215).
> 
> I see, but not all systems use PAM either ;)

That's true, but I suspect the majority do (the survey data backs me up;
54% have PAM headers and --with-pam is the second most common compile-time
option (14%) after tcpwrappers (29%) not counting path setting ones :-).


diff -u -p -r1.359 sshd.c
--- sshd.c	18 Oct 2006 12:51:31 -0000	1.359
+++ sshd.c	7 Nov 2006 00:27:29 -0000
@@ -1431,14 +1431,17 @@ main(int ac, char **av)
 
 	debug("sshd version %.100s", SSH_RELEASE);
 
-	/* Store privilege separation user for later use */
-	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-		fatal("Privilege separation user %s does not exist",
-		    SSH_PRIVSEP_USER);
-	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-	privsep_pw = pwcopy(privsep_pw);
-	xfree(privsep_pw->pw_passwd);
-	privsep_pw->pw_passwd = xstrdup("*");
+	/* Store privilege separation user for later use if required. */
+	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+		if (use_privsep || options.kerberos_authentication)
+			fatal("Privilege separation user %s does not exist",
+			    SSH_PRIVSEP_USER);
+	} else {
+		memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+		privsep_pw = pwcopy(privsep_pw);
+		xfree(privsep_pw->pw_passwd);
+		privsep_pw->pw_passwd = xstrdup("*");
+	}
 	endpwent();
 
 	/* load private host keys */

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From vinschen at redhat.com  Tue Nov  7 22:10:16 2006
From: vinschen at redhat.com (Corinna Vinschen)
Date: Tue, 7 Nov 2006 12:10:16 +0100
Subject: Requirement for sshd account since 4.4p1
In-Reply-To: <20061107075145.GA29943@gate.dtucker.net>
References: <20061027083659.GA4721@calimero.vinschen.de>
	<20061027110016.GA5243@gate.dtucker.net>
	<20061027122900.GE8323@calimero.vinschen.de>
	<20061107075145.GA29943@gate.dtucker.net>
Message-ID: <20061107111016.GB23484@calimero.vinschen.de>

Hi Darren,

On Nov  7 18:51, Darren Tucker wrote:
> On Fri, Oct 27, 2006 at 02:29:00PM +0200, Corinna Vinschen wrote:
> > On Oct 27 21:00, Darren Tucker wrote:
> > > Maybe we could only load privsep_pw if we're running privileged?
> > > set*uid is not going to work if we're not.
> > 
> > Here's the problem:  Right now there's no way to figure out whether sshd
> > is running under a privileged account or not on Cygwin.  The problem is
> > that being privileged is bound to testing uid 0 in OpenSSH throughout.
> > 
> > I'm asking for some years now to replace the inflexible tests for uid 0
> > by a system specific function call along the lines of a
> > 
> >   bool privileged_user(uid)
> 
> I think we have discussed that in the past and I think it's a reasonable
> idea (although I'd probably model it after POSIX capabilities to include
> things like binding to low ports since POSIX is our nominal target)
> but never had the time to pursue.

This sounds good to me (and yes, I remember some discussion in PM).
It would allow to create wrapper functions for platforms which don't
support POSIX capabilities natively while getting rid of #ifdef's in
the core code.

> We ended up going with the patch below.

Thanks!

> [...]
> > > Always having the privsep uid available is useful in other cases too
> > > (eg PAM, bug #1215).
> > 
> > I see, but not all systems use PAM either ;)
> 
> That's true, but I suspect the majority do (the survey data backs me up;
> 54% have PAM headers and --with-pam is the second most common compile-time
> option (14%) after tcpwrappers (29%) not counting path setting ones :-).

Oh well, looks like not many Cygwin users participate in the ssh mailing
lists ;)


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

From djm at cvs.openbsd.org  Wed Nov  8 05:40:36 2006
From: djm at cvs.openbsd.org (Damien Miller)
Date: Tue, 7 Nov 2006 11:40:36 -0700 (MST)
Subject: Announce: OpenSSH 4.5 released
Message-ID: <200611071840.kA7IeafS019100@cvs.openbsd.org>

OpenSSH 4.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots and purchased
T-shirts or posters.

T-shirt, poster and CD sales directly support the project. Pictures
and more information can be found at:
        http://www.openbsd.org/tshirts.html and
	http://www.openbsd.org/orders.html

For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu

Changes since OpenSSH 4.4:
============================

This is a bugfix only release. No new features have been added.

Security bugs resolved in this release:

 * Fix a bug in the sshd privilege separation monitor that weakened its
   verification of successful authentication. This bug is not known to
   be exploitable in the absence of additional vulnerabilities.
 
This release includes the following non-security fixes:

 * Several compilation fixes for portable OpenSSH

 * Fixes to Solaris SMF/process contract support (bugzilla #1255)

Thanks to everyone who has contributed patches, reported bugs and
tested releases.

Checksums:
==========

- SHA1 (openssh-4.5.tar.gz) = def3de1557181062d788695b9371d02635af39fb
- SHA1 (openssh-4.5p1.tar.gz) = 2eefcbbeb9e4fa16fa4500dec107d1a09d3d02d7

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.


From Chris.Bertrand at baesystems.com  Thu Nov  9 21:25:14 2006
From: Chris.Bertrand at baesystems.com (Bertrand, Chris J (UK))
Date: Thu, 9 Nov 2006 10:25:14 -0000
Subject: Debug Level 3 Error
Message-ID: <D0C670DD4398514DBBDAA89370F1A17D011AE437@glkms2121.GREENLNK.NET>


Hi there,
First can I say what a great job you guys are doing!

The problem I have is when I run up sshd under debug, I get the
following output :

% sshd -ddd
debug1: sshd version OpenSSH_3.4p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: setgroups() failed: Function not implemented
debug1: Bind to port 22 on x.x.x.x.
Server listening on x.x.x.x port 22.
Generating 768 bit RSA key.
RSA key generation complete.

So it seems to me that it is doing the majority of what it should - but
when I go onto out client machine (Fedora Core 5)
and try "ssh -l admin <host>, it doesn't except the password.  The
server is Linux Kernal 2.6.

Hope I have provided sufficient info!  Let me know if you need any more
to help me solve this one.

Many thanks,
Chris Bertrand
Software Engineer
Christchurch
Bae Systems Integrated Systems Technologies (Insyte)
Xchrch (gnet 615) 4204
(01202) 404204



********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

From pascal.henri at alcatel.fr  Fri Nov 10 00:30:18 2006
From: pascal.henri at alcatel.fr (Pascal Henri)
Date: Thu, 09 Nov 2006 14:30:18 +0100
Subject: openssh with radius server unreachable
Message-ID: <45532D6A.9050303@alcatel.fr>

  Hello,

I think to have find a small pb with openssh when a Radius server is 
unreachable.
I use radius authentication with pam my system-auth is the following

auth [success=done auth_err=die default=ignore] 
/lib/security/pam_radius_auth.so try_first_pass debug
auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so 
file=/etc/raddb/radiusfailure
auth        required    /lib/security/pam_unix.so likeauth nullok md5 shadow
auth        required    /lib/security/pam_tally.so deny=2 per_user 
no_magic_root even_deny_root_account
account     required    /lib/security/pam_unix.so
account     required    /lib/security/pam_tally.so reset no_magic_root
password    required    /lib/security/pam_cracklib.so retry=3
password    sufficient  /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    required    /lib/security/pam_deny.so
session     required    /lib/security/pam_unix.so

when radius server is unreachable, we display contents of file 
radiusfailure "RADIUS servers are unreachable, need local password.".
with telnet this contents is display on client between each 
authentication try but not when i use ssh client.
With ssh, i have the following sequence

debug1: Doing password authentication.
pascal at clin5207's password:
Permission denied, please try again.
pascal at clin5207's password:
Permission denied, please try again.
pascal at clin5207's password:
Permission denied.

I have no indication that radius server is not reachable. Is it possible 
to fix the problem ?
-- 

-------------------------
Pascal h.



-------------------------

From pascal.henri at alcatel.fr  Fri Nov 10 00:21:15 2006
From: pascal.henri at alcatel.fr (Pascal Henri)
Date: Thu, 09 Nov 2006 14:21:15 +0100
Subject: openssh with radius server unreachable
Message-ID: <45532B4B.8000708@alcatel.fr>


   Hello,
   I think to have find a small pb with openssh when a Radius server is
   unreachable.
   I use radius authentication with pam my system-auth is the following
   auth [success=done auth_err=die default=ignore]
   /lib/security/pam_radius_auth.so try_first_pass debug
   auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so
   file=/etc/raddb/radiusfailure
   auth        required    /lib/security/pam_unix.so likeauth nullok md5
   shadow
   auth        required    /lib/security/pam_tally.so deny=2 per_user
   no_magic_root even_deny_root_account
   account     required    /lib/security/pam_unix.so
   account     required    /lib/security/pam_tally.so reset no_magic_root
   password    required    /lib/security/pam_cracklib.so retry=3
   password    sufficient  /lib/security/pam_unix.so nullok use_authtok
   md5 shadow
   password    required    /lib/security/pam_deny.so
   session     required    /lib/security/pam_unix.so
   when radius server is unreachable, we display contents of file
   radiusfailure "RADIUS servers are unreachable, need local password.".
   with telnet this contents is display on client between each
   authentication try but not when i use ssh client.
   With ssh, i have the following sequence
   debug1: Doing password authentication.
   pascal at clin5207's password:
   Permission denied, please try again.
   pascal at clin5207's password:
   Permission denied, please try again.
   pascal at clin5207's password:
   Permission denied.
   I have no indication that radius server is not reachable. Is it
   possible to fix the problem ?

   --
   -------------------------
   Pascal h.
   Bureau C2080, colombes
   where is the hammer
   -------------------------

From doug at safeport.com  Thu Nov  9 16:22:33 2006
From: doug at safeport.com (doug at safeport.com)
Date: Thu, 9 Nov 2006 00:22:33 -0500 (EST)
Subject: sshd_config question.
Message-ID: <20061109001233.B82908@pemaquid.safeport.com>

I want to allow a single host root access via ssh. If the order of processing
DenyUsers, AllowUsers were reversed this cold be done in a straight forward
manner.

My question, is would adding an Apache-like derective Order Deny,Allow violate
any standards or be a security problem?



_____
Douglas Denault
http://www.safeport.com
doug at safeport.com


From stuge-openssh-unix-dev at cdy.org  Fri Nov 10 03:41:18 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Thu, 9 Nov 2006 17:41:18 +0100
Subject: sshd_config question.
In-Reply-To: <20061109001233.B82908@pemaquid.safeport.com>
References: <20061109001233.B82908@pemaquid.safeport.com>
Message-ID: <20061109164118.12215.qmail@cdy.org>

On Thu, Nov 09, 2006 at 12:22:33AM -0500, doug at safeport.com wrote:
> I want to allow a single host root access via ssh. If the order of
> processing DenyUsers, AllowUsers were reversed this cold be done in
> a straight forward manner.
> 
> My question, is would adding an Apache-like derective Order
> Deny,Allow violate any standards or be a security problem?

Couldn't you use the Match keyword (new in 4.4 IIRC) to do this in an
even more straight forward manner? :)


//Peter

From jam_man at sbcglobal.net  Sat Nov 11 14:40:04 2006
From: jam_man at sbcglobal.net (James Maniotis)
Date: Fri, 10 Nov 2006 21:40:04 -0600
Subject: known plaintext attack
Message-ID: <45554614.7050300@sbcglobal.net>

Does the OpenSSH authentication process between the client and server
make it vulnerable to a known plain text attack?

From the.omprakash at gmail.com  Sun Nov 12 17:14:20 2006
From: the.omprakash at gmail.com (om)
Date: 12 Nov 2006 06:14:20 -0000
Subject: om invites you to join Zorpia
Message-ID: <20061112061420.32572.qmail@zorpia.com>


   
Hi openssh-unix-dev at mindrot.org!
Your friend om from  , just invited you to his online photo albums and journals at Zorpia.com.



So what is Zorpia?
It is an online community that allows you to upload unlimited amount of photos, write journals and make friends. We also have a variety of skins in store for you so that you can customize your homepage freely.

Join now for free! Please click the following link to join Zorpia:
http://signup.zorpia.com/signup?invitation_key=6b46ff7342956ae56799ece750b15971&referral=theomprakash73

This message was delivered with the om's initiation.

If you wish to discontinue receiving invitations from us, please click the following link:
http://signup.zorpia.com/email/optout/openssh-unix-dev at mindrot.org


From vincenzo.sciarra at gmail.com  Sun Nov 12 19:35:38 2006
From: vincenzo.sciarra at gmail.com (Vincenzo Sciarra)
Date: Sun, 12 Nov 2006 09:35:38 +0100
Subject: Client options to server
Message-ID: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>

Hi,

I'm using openssh 4.4

I'm trying to develop a new SSH appliance, but I need some parameters
from client.

In client I setup new record in the structure options that I think are
passed to server.
Where is the structure of the server where stored client options?


Thanks


-- 
Vincenzo Sciarra

From dtucker at zip.com.au  Sun Nov 12 20:23:17 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Sun, 12 Nov 2006 20:23:17 +1100
Subject: Client options to server
In-Reply-To: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
Message-ID: <20061112092317.GA24196@gate.dtucker.net>

On Sun, Nov 12, 2006 at 09:35:38AM +0100, Vincenzo Sciarra wrote:
> I'm using openssh 4.4
> 
> I'm trying to develop a new SSH appliance, but I need some parameters
> from client.
> 
> In client I setup new record in the structure options that I think are
> passed to server.
> Where is the structure of the server where stored client options?

There's no C-level structure that's passed directly from client to
server.  You will need to fit the data that you want to pass into the
protocol somewhere, and exactly where will depend on what you're trying
to pass.

Do you need the parameters pre-authentication?  In that case you might
want to create a custom auth method.  Is the parameter data keyword-value
pairs?  You might be able to pass the parameters in environment variable
requests.  Otherwise, you might need a custom channel request type.
It depends on exactly what you're trying to do.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From vincenzo.sciarra at gmail.com  Sun Nov 12 20:49:47 2006
From: vincenzo.sciarra at gmail.com (Vincenzo Sciarra)
Date: Sun, 12 Nov 2006 10:49:47 +0100
Subject: Client options to server
In-Reply-To: <20061112094204.GA24800@gate.dtucker.net>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
Message-ID: <199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>

Very cool.

Thanks!!!!!!

If I want to modify the code, how I can do equivalent of SendEnv and AcceptEnv?






2006/11/12, Darren Tucker <dtucker at zip.com.au>:
> On Sun, Nov 12, 2006 at 10:28:08AM +0100, Vincenzo Sciarra wrote:
> > Thanks for reply.
>
> You might also want to cc: the list as you might get more/better feedback.
>
> > I'm trying to pass a remote path @ the login-time.
>
> In that case, you don't actually need it until after authentication,
> so I suggest you use an environment request.  You don't need to modify
> the code, just use the existing SendEnv and AcceptEnv options.
>
> > Something like "ssh -l user host -p port -K remote_path".
> >
> > The sample -K option should pass a remote path to server and the
> > server will download the file @ the location.
>
> So that would be something like:
>
> DESTPATH=remote_path ssh -l user host -p port -oSendEnv=DESTDIR
>
> If necessary you could add a command-line shortcut for to ssh for that.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>


-- 
Vincenzo Sciarra

From chrivers at iversen-net.dk  Sun Nov 12 21:23:04 2006
From: chrivers at iversen-net.dk (Christian Iversen)
Date: Sun, 12 Nov 2006 11:23:04 +0100
Subject: Client options to server
In-Reply-To: <199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
Message-ID: <200611121123.04992.chrivers@iversen-net.dk>

On 12. November 2006 10:49, Vincenzo Sciarra wrote:
> Very cool.
>
> Thanks!!!!!!
>
> If I want to modify the code, how I can do equivalent of SendEnv and
> AcceptEnv?

Are you sure you couldn't _use_ environment variables? That would mean your 
program could work with an unmodified ssh package.

-- 
Mvh
Christian Iversen

From dtucker at zip.com.au  Sun Nov 12 21:42:48 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Sun, 12 Nov 2006 21:42:48 +1100
Subject: Client options to server
In-Reply-To: <199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
Message-ID: <20061112104248.GA25640@gate.dtucker.net>

On Sun, Nov 12, 2006 at 10:49:47AM +0100, Vincenzo Sciarra wrote:
> Very cool.
> 
> Thanks!!!!!!
> 
> If I want to modify the code, how I can do equivalent of SendEnv and 
> AcceptEnv?

On the server side, just set AcceptEnv in the config file and use the
environment variable in your program/shell/whatever.

On the client side if you really want a command-line option then get your
directory from getopt() and putenv() it and update options->send_env
and options->num_send_env (see the oSendEnv case in readconf.c for
an example).  Are you sure you want to do that, though?  You'll have
to maintain a modified client.  Alternatively you might just write a
wrapper script that execs ssh with the appropriate SendEnv option.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From dtucker at zip.com.au  Sun Nov 12 21:47:33 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Sun, 12 Nov 2006 21:47:33 +1100
Subject: Client options to server
In-Reply-To: <20061112104248.GA25640@gate.dtucker.net>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
Message-ID: <20061112104733.GA25953@gate.dtucker.net>

On Sun, Nov 12, 2006 at 09:42:48PM +1100, Darren Tucker wrote:
> On Sun, Nov 12, 2006 at 10:49:47AM +0100, Vincenzo Sciarra wrote:
> > Very cool.
> > 
> > Thanks!!!!!!
> > 
> > If I want to modify the code, how I can do equivalent of SendEnv and 
> > AcceptEnv?
> 
> On the server side, just set AcceptEnv in the config file and use the
> environment variable in your program/shell/whatever.

Also, if you wanted to do it in sshd for some reason, you
can add a special-case to the environment handling code in
session.c:session_env_req().

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From vincenzo.sciarra at gmail.com  Mon Nov 13 02:37:01 2006
From: vincenzo.sciarra at gmail.com (Vincenzo Sciarra)
Date: Sun, 12 Nov 2006 16:37:01 +0100
Subject: Client options to server
In-Reply-To: <20061112104248.GA25640@gate.dtucker.net>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
Message-ID: <199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>

I need to modify source code.
I modified options structure in client.

Now I don't know how openssh pass this structure to the server.

How can I modify server?


2006/11/12, Darren Tucker <dtucker at zip.com.au>:
> On Sun, Nov 12, 2006 at 10:49:47AM +0100, Vincenzo Sciarra wrote:
> > Very cool.
> >
> > Thanks!!!!!!
> >
> > If I want to modify the code, how I can do equivalent of SendEnv and
> > AcceptEnv?
>
> On the server side, just set AcceptEnv in the config file and use the
> environment variable in your program/shell/whatever.
>
> On the client side if you really want a command-line option then get your
> directory from getopt() and putenv() it and update options->send_env
> and options->num_send_env (see the oSendEnv case in readconf.c for
> an example).  Are you sure you want to do that, though?  You'll have
> to maintain a modified client.  Alternatively you might just write a
> wrapper script that execs ssh with the appropriate SendEnv option.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>


-- 
Vincenzo Sciarra

From stuge-openssh-unix-dev at cdy.org  Mon Nov 13 11:20:25 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Mon, 13 Nov 2006 01:20:25 +0100
Subject: Client options to server
In-Reply-To: <199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
	<199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
Message-ID: <20061113002025.5775.qmail@cdy.org>

On Sun, Nov 12, 2006 at 04:37:01PM +0100, Vincenzo Sciarra wrote:
> I need to modify source code.

It's a good idea to try hard to avoid that.


> I modified options structure in client.
> 
> Now I don't know how openssh pass this structure to the server.

See previous posts. It doesn't. The options structure is used in the
client code to control the client as it connects to the server.
The clients uses the options, not the server.
Some options may be sent to the server, according to the SSH
protocol.

I would suggest investigating the option of running your own protocol
as a subsystem. It's very easy, just talk on stdio.


//Peter

From Simon.Richter at hogyros.de  Sat Nov 11 23:30:04 2006
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Sat, 11 Nov 2006 13:30:04 +0100
Subject: tunneling through stdin/stdout, source routing
Message-ID: <4555C24C.7000007@hogyros.de>

Hi,

quite often I find myself using commands like

$ ssh foo nc bar 12345

to connect to another host behind a firewall, and I also have a lot of
these commands in my ssh config file. Since this relies on the server
having netcat available (which a lot don't, or in some really old
version that will not shut down properly) it breaks often, and I wonder
whether it would make sense to have an option in the ssh client that
told it to connect to the server, then open a tunneled connection and
connect that to stdin/stdout.

As an extension, there could also be a source routing option in the
config file that would take care of setting up a chain of ssh
connections if I need multiple hops.

As far as I can see this requires no special support from the server, so
should be easy to implement; I'm not sure though how I would go about
implementing such a thing in OpenSSH because of the development model
that would effectively require me to run OpenBSD to test my patches
before submitting them.

Any ideas?

   Simon

From vincenzo.sciarra at gmail.com  Tue Nov 14 05:01:01 2006
From: vincenzo.sciarra at gmail.com (Vincenzo Sciarra)
Date: Mon, 13 Nov 2006 19:01:01 +0100
Subject: Client options to server
In-Reply-To: <199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
	<199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
Message-ID: <199b4dc20611131001i2a37f082qf25bf6b5fb0dcea0@mail.gmail.com>

How can pass a argument from client to server?

More explicit :

ssh -K www.foo.it/baar server_host

Server will parse the -K argument and will connect to www.foo.it and
get baar for example.
How can I pass the -K argument from client to server?


Thanks



2006/11/12, Vincenzo Sciarra <vincenzo.sciarra at gmail.com>:
> I need to modify source code.
> I modified options structure in client.
>
> Now I don't know how openssh pass this structure to the server.
>
> How can I modify server?
>
>
> 2006/11/12, Darren Tucker <dtucker at zip.com.au>:
> > On Sun, Nov 12, 2006 at 10:49:47AM +0100, Vincenzo Sciarra wrote:
> > > Very cool.
> > >
> > > Thanks!!!!!!
> > >
> > > If I want to modify the code, how I can do equivalent of SendEnv and
> > > AcceptEnv?
> >
> > On the server side, just set AcceptEnv in the config file and use the
> > environment variable in your program/shell/whatever.
> >
> > On the client side if you really want a command-line option then get your
> > directory from getopt() and putenv() it and update options->send_env
> > and options->num_send_env (see the oSendEnv case in readconf.c for
> > an example).  Are you sure you want to do that, though?  You'll have
> > to maintain a modified client.  Alternatively you might just write a
> > wrapper script that execs ssh with the appropriate SendEnv option.
> >
> > --
> > Darren Tucker (dtucker at zip.com.au)
> > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
> >    Good judgement comes with experience. Unfortunately, the experience
> > usually comes from bad judgement.
> >
>
>
> --
> Vincenzo Sciarra
>


-- 
Vincenzo Sciarra

From stuge-openssh-unix-dev at cdy.org  Tue Nov 14 06:00:35 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Mon, 13 Nov 2006 20:00:35 +0100
Subject: Client options to server
In-Reply-To: <199b4dc20611131001i2a37f082qf25bf6b5fb0dcea0@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
	<199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
	<199b4dc20611131001i2a37f082qf25bf6b5fb0dcea0@mail.gmail.com>
Message-ID: <20061113190035.31025.qmail@cdy.org>

On Mon, Nov 13, 2006 at 07:01:01PM +0100, Vincenzo Sciarra wrote:
> How can pass a argument from client to server?
> 
> More explicit :
> 
> ssh -K www.foo.it/baar server_host
> 
> Server will parse the -K argument and will connect to www.foo.it
> and get baar for example.
> How can I pass the -K argument from client to server?

This example requires a HTTP client. There are many availble, some
examples are wget, curl and snarf. Using curl you would do this:

ssh server_host "curl http://www.foo.it/baar"

This effectively executes the curl command on server_host, so curl
will need to be installed there.

You can run any application or script over the network this way and
there is full duplex communication.


//Peter

From djm at mindrot.org  Tue Nov 14 06:57:46 2006
From: djm at mindrot.org (Damien Miller)
Date: Tue, 14 Nov 2006 06:57:46 +1100 (EST)
Subject: known plaintext attack
In-Reply-To: <45554614.7050300@sbcglobal.net>
References: <45554614.7050300@sbcglobal.net>
Message-ID: <Pine.BSO.4.64.0611140657290.23738@fuyu.mindrot.org>

On Fri, 10 Nov 2006, James Maniotis wrote:

> Does the OpenSSH authentication process between the client and server
> make it vulnerable to a known plain text attack?

Not to our knowledge.

-d

From Jefferson.Ogata at noaa.gov  Tue Nov 14 05:09:32 2006
From: Jefferson.Ogata at noaa.gov (Jefferson Ogata)
Date: Mon, 13 Nov 2006 18:09:32 +0000
Subject: Client options to server
In-Reply-To: <199b4dc20611131001i2a37f082qf25bf6b5fb0dcea0@mail.gmail.com>
References: <199b4dc20611120035y7674f067g11b6c4262644fbb5@mail.gmail.com>
	<20061112092317.GA24196@gate.dtucker.net>
	<199b4dc20611120128p61f36d74xb8031a911f6df389@mail.gmail.com>
	<20061112094204.GA24800@gate.dtucker.net>
	<199b4dc20611120149j301f1217y82a7f0266c1db5fa@mail.gmail.com>
	<20061112104248.GA25640@gate.dtucker.net>
	<199b4dc20611120737m11acd84dj31c8457d0059ffb@mail.gmail.com>
	<199b4dc20611131001i2a37f082qf25bf6b5fb0dcea0@mail.gmail.com>
Message-ID: <4558B4DC.5030306@noaa.gov>

On 2006-11-13 18:01, Vincenzo Sciarra wrote:
> How can pass a argument from client to server?
> 
> More explicit :
> 
> ssh -K www.foo.it/baar server_host
> 
> Server will parse the -K argument and will connect to www.foo.it and
> get baar for example.
> How can I pass the -K argument from client to server?

Uh, so you want ssh to be wget/curl now?

How about you do this:

ssh server_host "wget -O - http://www.foo.it/baar"

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service

From johnpell at gmail.com  Tue Nov 14 11:14:10 2006
From: johnpell at gmail.com (John Davidorff Pell)
Date: Mon, 13 Nov 2006 16:14:10 -0800
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <4555C24C.7000007@hogyros.de>
References: <4555C24C.7000007@hogyros.de>
Message-ID: <65838274-0AFC-41A4-A96D-C94C218228CA@gmail.com>

couldn't some carefully constructed host directives in the config  
file do this?

e.g.:
host cookie
	hostname monster
	ProxyCommand ssh -t -l ralph monster ssh -t -l root cookie


Whadayathink?

JP

On Nov 11, 2006, at 4:30 AM, Simon Richter wrote:

> Hi,
>
> quite often I find myself using commands like
>
> $ ssh foo nc bar 12345
>
> to connect to another host behind a firewall, and I also have a lot of
> these commands in my ssh config file. Since this relies on the server
> having netcat available (which a lot don't, or in some really old
> version that will not shut down properly) it breaks often, and I  
> wonder
> whether it would make sense to have an option in the ssh client that
> told it to connect to the server, then open a tunneled connection and
> connect that to stdin/stdout.
>
> As an extension, there could also be a source routing option in the
> config file that would take care of setting up a chain of ssh
> connections if I need multiple hops.
>
> As far as I can see this requires no special support from the  
> server, so
> should be easy to implement; I'm not sure though how I would go about
> implementing such a thing in OpenSSH because of the development model
> that would effectively require me to run OpenBSD to test my patches
> before submitting them.
>
> Any ideas?
>
>    Simon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2520 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061113/a2f97256/attachment.bin 

From bob at proulx.com  Tue Nov 14 18:13:45 2006
From: bob at proulx.com (Bob Proulx)
Date: Tue, 14 Nov 2006 00:13:45 -0700
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <4555C24C.7000007@hogyros.de>
References: <4555C24C.7000007@hogyros.de>
Message-ID: <20061114071345.GA25414@dementia.proulx.com>

Simon Richter wrote:
> to connect to another host behind a firewall, and I also have a lot of
> these commands in my ssh config file. Since this relies on the server
> having netcat available (which a lot don't, or in some really old
> version that will not shut down properly) it breaks often,

When I was doing that it I would always find that it left a lot of
netcat processes hanging around that did not terminate appropriately.
I assume that is your problem too?  Instead let me recommend the
'connect' code.

  http://www.imasy.or.jp/~gotoh/ssh/connect.html

Having switched to connect I stopped having problems such as
described.  It was the difference between night and day.

Bob

From bob at proulx.com  Tue Nov 14 18:19:59 2006
From: bob at proulx.com (Bob Proulx)
Date: Tue, 14 Nov 2006 00:19:59 -0700
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <65838274-0AFC-41A4-A96D-C94C218228CA@gmail.com>
References: <4555C24C.7000007@hogyros.de>
	<65838274-0AFC-41A4-A96D-C94C218228CA@gmail.com>
Message-ID: <20061114071959.GB25414@dementia.proulx.com>

John Davidorff Pell wrote:
> couldn't some carefully constructed host directives in the config  
> file do this?
> 
> e.g.:
> host cookie
> 	hostname monster
> 	ProxyCommand ssh -t -l ralph monster ssh -t -l root cookie

That does not work because ssh expects the ProxyCommand to connect it
to another sshd port 22.  The above does not do that but instead tries
to start an interactive shell.

Also beware of using -t to force ttys.  That won't be 8bit clean.  In
particular you probably don't want that in your config.

You probably do want -qq in the option list though.

  Host proxy.example.com
    ProxyCommand none

  Host *.example.com
    ProxyCommand ssh -qq proxy.example.com connect %h %p

Note that the ordering is important.

Bob

From David.Leonard at quest.com  Tue Nov 14 18:50:57 2006
From: David.Leonard at quest.com (David Leonard)
Date: Tue, 14 Nov 2006 17:50:57 +1000
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <20061114071345.GA25414@dementia.proulx.com>
References: <4555C24C.7000007@hogyros.de>
	<20061114071345.GA25414@dementia.proulx.com>
Message-ID: <45597561.8030204@quest.com>

Bob Proulx wrote:
> Simon Richter wrote:
>   
>> to connect to another host behind a firewall, and I also have a lot of
>> these commands in my ssh config file. Since this relies on the server
>> having netcat available (which a lot don't, or in some really old
>> version that will not shut down properly) it breaks often,
>>     
>
> When I was doing that it I would always find that it left a lot of
> netcat processes hanging around that did not terminate appropriately.
> I assume that is your problem too?  Instead let me recommend the
> 'connect' code.
>
>   http://www.imasy.or.jp/~gotoh/ssh/connect.html
>   

Seems to have moved:
http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html

> Having switched to connect I stopped having problems such as
> described.  It was the difference between night and day.
>
> Bob
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>   


From markb at ordern.com  Wed Nov 15 07:19:06 2006
From: markb at ordern.com (Mark Burton)
Date: Tue, 14 Nov 2006 20:19:06 +0000 (GMT)
Subject: sshd behaviour when people are trying to break in
Message-ID: <20061114.201906.1045956004.markb@ordern.com>


Hi,

When people try and break into my system from the internet I get lots
of messages like:

Nov 14 19:08:13 rook sshd[6333]: Failed password for invalid user guest from 210.83.48.238 port 40811 ssh2
Nov 14 19:08:19 rook sshd[6338]: Invalid user admin from 210.83.48.238
Nov 14 19:08:19 rook sshd[6338]: Failed password for invalid user admin from 210.83.48.238 port 40920 ssh2
Nov 14 19:08:24 rook sshd[6342]: Invalid user admin from 210.83.48.238
Nov 14 19:08:24 rook sshd[6342]: Failed password for invalid user admin from 210.83.48.238 port 40994 ssh2
Nov 14 19:08:29 rook sshd[6346]: Invalid user user from 210.83.48.238
Nov 14 19:08:29 rook sshd[6346]: Failed password for invalid user user from 210.83.48.238 port 41070 ssh2
Nov 14 19:08:35 rook sshd[6351]: Failed password for root from 210.83.48.238 port 41137 ssh2
Nov 14 19:08:40 rook sshd[6355]: Failed password for root from 210.83.48.238 port 41204 ssh2
Nov 14 19:08:45 rook sshd[6359]: Failed password for root from 210.83.48.238 port 41279 ssh2

It would be good if sshd could detect such break in attempts and
simply not accept the connections. I can imagine having a simple
mechanism that counts the number of login attempts from a given IP
address and if so many are attempted in a short time period, that IP
address is blacklisted for a while.

Is something like that possible?

Thanks,

Mark

From rapier at psc.edu  Wed Nov 15 07:52:00 2006
From: rapier at psc.edu (Chris Rapier)
Date: Tue, 14 Nov 2006 15:52:00 -0500
Subject: HPN Patch for 4.5p1 Released
Message-ID: <455A2C70.4010904@psc.edu>

Just so you know the HPN-SSH patch for 4.5p1 has been released at 
http://www.psc.edu/networking/projects/hpn-ssh

The 4.4p1 patch also works against 4.5p1. The 4.5p1 patch just addresses 
some line moves for a cleaner patch.


From dcole at keysoftsys.com  Wed Nov 15 08:26:36 2006
From: dcole at keysoftsys.com (Darren Cole)
Date: Tue, 14 Nov 2006 13:26:36 -0800
Subject: sshd behaviour when people are trying to break in
In-Reply-To: <20061114.201906.1045956004.markb@ordern.com>
References: <20061114.201906.1045956004.markb@ordern.com>
Message-ID: <E2DAC1CE-0FD3-4F0F-B066-1394D865DAE6@keysoftsys.com>


	This has been discussed before.  It can be implemented by monitoring  
the logs, and firewall rules.  That said it is a denial of service  
once that monitoring and locking start happening.

	Here are some threads:

		"How to use SSH with Failed Login attempts and locking  
accounts" (though it starts with locking accounts on the MP-RAS  
system it generally applies)<http://marc.theaimsgroup.com/?l=openssh- 
unix-dev&m=115265219510067&w=2>, I think this is the same thread but  
good explaination <http://marc.theaimsgroup.com/?l=openssh-unix- 
dev&m=115268028704882&w=2>
		"Automatic blacklist of IP-addresses."<http:// 
marc.theaimsgroup.com/?l=openssh-unix-dev&m=113485372712488&w=2>
		 "Blacklisting repeated login tries" <http://marc.theaimsgroup.com/? 
l=openssh-unix-dev&m=111633631229109&w=2>

	I stuck the quoted subject line and a link to each thread.  Using  
the subject should make finding the thread easier if you the above  
links stop working someday.

	The problem with automatic locking is that you will probably block a  
legitimate user out.  If you are just going to block an ip for a  
limited time it will annoy the legitimate user who fell within that  
ip (ip of homes users are often nat'd or use dhcp).  If you  
permanently block the ip it is of course worse since the user can no  
longer connect.  If you lock the given account after some number of  
failed logins you will probably lose access to the machine and have  
to login through the physical console connected to the box.  (a big  
hassle if you box is colocated somewhere)

	I run several servers on the net with ssh open to the world, and see  
failed login attempts a lot.  What I have generally done is ignore  
it.  If I see the same ip a whole lot (like several hours at a time,  
over a few days, and enough that my mail is filling up, or the  
machine is noticeably slowing down) I have been known to block the  
offending ip completely after making sure that none of my users are  
likely to come from that ip.  In general I limit ssh logins only to  
users who need them and do require secure passwords.  I encourage all  
users to use secure passwords for all their accounts.  Finally on one  
box I got tired of all the junk in my logs so I did move ssh to  
listen on another port, be aware this does not make the machine any  
more secure (security through obscurity does not work. Go find and  
read " The Inevitability of Failure: The Flawed Assumption of  
Security in Modern Computing Environments"  and related articles).

	Hopefully this will help end discussions on locking accounts due to  
a failed login, failed password, or too many failed attempts from a  
given ip.

Darren

On Nov 14, 2006, at 12:19 , Mark Burton wrote:
> Hi,
>
> When people try and break into my system from the internet I get lots
> of messages like:
>
> Nov 14 19:08:13 rook sshd[6333]: Failed password for invalid user  
> guest from 210.83.48.238 port 40811 ssh2
> Nov 14 19:08:19 rook sshd[6338]: Invalid user admin from 210.83.48.238
> Nov 14 19:08:19 rook sshd[6338]: Failed password for invalid user  
> admin from 210.83.48.238 port 40920 ssh2
> Nov 14 19:08:24 rook sshd[6342]: Invalid user admin from 210.83.48.238
> Nov 14 19:08:24 rook sshd[6342]: Failed password for invalid user  
> admin from 210.83.48.238 port 40994 ssh2
> Nov 14 19:08:29 rook sshd[6346]: Invalid user user from 210.83.48.238
> Nov 14 19:08:29 rook sshd[6346]: Failed password for invalid user  
> user from 210.83.48.238 port 41070 ssh2
> Nov 14 19:08:35 rook sshd[6351]: Failed password for root from  
> 210.83.48.238 port 41137 ssh2
> Nov 14 19:08:40 rook sshd[6355]: Failed password for root from  
> 210.83.48.238 port 41204 ssh2
> Nov 14 19:08:45 rook sshd[6359]: Failed password for root from  
> 210.83.48.238 port 41279 ssh2
>
> It would be good if sshd could detect such break in attempts and
> simply not accept the connections. I can imagine having a simple
> mechanism that counts the number of login attempts from a given IP
> address and if so many are attempted in a short time period, that IP
> address is blacklisted for a while.
>
> Is something like that possible?
>
> Thanks,
>
> Mark

From dkg-openssh.com at fifthhorseman.net  Wed Nov 15 07:55:42 2006
From: dkg-openssh.com at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 14 Nov 2006 15:55:42 -0500
Subject: sshd behaviour when people are trying to break in
In-Reply-To: <20061114.201906.1045956004.markb@ordern.com>
References: <20061114.201906.1045956004.markb@ordern.com>
Message-ID: <17754.11598.604055.615378@squeak.fifthhorseman.net>

hi Mark--

On November 14, markb at ordern.com said:

> It would be good if sshd could detect such break in attempts and
> simply not accept the connections. I can imagine having a simple
> mechanism that counts the number of login attempts from a given IP
> address and if so many are attempted in a short time period, that IP
> address is blacklisted for a while.

I don't think this functionality belongs in openssh.

This sort of policy has been implemented in a more generalized way
than ssh could do on it's own.  There are programs which read
logfiles, and block IP addresses based on the contents.  One such
implementation is fail2ban:

  http://fail2ban.sourceforge.net/

which comes with a standard set of rules for dealing with openssh
logs, and blocking IPs using the linux netfilter rulesets.  I'm sure
it's adaptable to pf or whatever other filtering setup you are already
using.

hth,

	--dkg

From Simon.Richter at hogyros.de  Wed Nov 15 10:47:49 2006
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Wed, 15 Nov 2006 00:47:49 +0100
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <65838274-0AFC-41A4-A96D-C94C218228CA@gmail.com>
References: <4555C24C.7000007@hogyros.de>
	<65838274-0AFC-41A4-A96D-C94C218228CA@gmail.com>
Message-ID: <455A55A5.2090806@hogyros.de>

Hi,

John Davidorff Pell wrote:

> couldn't some carefully constructed host directives in the config file 
> do this?

> e.g.:
> host cookie
>     hostname monster
>     ProxyCommand ssh -t -l ralph monster ssh -t -l root cookie

Not quite; that would talk SSH protocol to the shell on cookie.

    Simon

From Simon.Richter at hogyros.de  Wed Nov 15 10:54:06 2006
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Wed, 15 Nov 2006 00:54:06 +0100
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <20061114071345.GA25414@dementia.proulx.com>
References: <4555C24C.7000007@hogyros.de>
	<20061114071345.GA25414@dementia.proulx.com>
Message-ID: <455A571E.6010105@hogyros.de>

Hi,

Bob Proulx schrieb:

> When I was doing that it I would always find that it left a lot of
> netcat processes hanging around that did not terminate appropriately.
> I assume that is your problem too?  Instead let me recommend the
> 'connect' code.

Exactly, and it requires the remote machine to have netcat or something 
similar around. Even a better tool like "connect" would only partially 
solve the problem, as I still need to make it run on the other box.

In the particularly nasty setup I am facing here this is extra 
difficult, as the same home directory is shared over multiple machines 
of different architectures (and with different runtime libraries 
installed), so I'd have to have the tool once for each architecture, and 
find a way to properly switch on the architecture of the machine I'm 
connecting to.

That's why I'd think a client-only solution would be the best solution 
here. My client can always ask for a port forward, the server doesn't 
care where it comes from.

    Simon

From rapier at psc.edu  Wed Nov 15 10:44:01 2006
From: rapier at psc.edu (chris rapier)
Date: Tue, 14 Nov 2006 18:44:01 -0500
Subject: sshd behaviour when people are trying to break in
In-Reply-To: <17754.11598.604055.615378@squeak.fifthhorseman.net>
References: <20061114.201906.1045956004.markb@ordern.com>
	<17754.11598.604055.615378@squeak.fifthhorseman.net>
Message-ID: <455A54C1.5060603@psc.edu>



Daniel Kahn Gillmor wrote:
> hi Mark--
> 
> On November 14, markb at ordern.com said:
> 
> 
>>It would be good if sshd could detect such break in attempts and
>>simply not accept the connections. I can imagine having a simple
>>mechanism that counts the number of login attempts from a given IP
>>address and if so many are attempted in a short time period, that IP
>>address is blacklisted for a while.
> 
> 
> I don't think this functionality belongs in openssh.

I agree. I don't want to see SSH start taking on rolls that really 
aren't a part of its core functionality. An IDS is really much better 
suited for this sort of job.

Chris


From daniel at benzedrine.cx  Thu Nov 16 01:28:20 2006
From: daniel at benzedrine.cx (Daniel Hartmeier)
Date: Wed, 15 Nov 2006 15:28:20 +0100
Subject: OpenSSH Certkey (PKI)
Message-ID: <20061115142820.GB14649@insomnia.benzedrine.cx>

This patch against OpenBSD -current adds a simple form of PKI to
OpenSSH. We'll be using it at work. See README.certkey (the first chunk
of the patch) for details.

Everything below is BSD licensed, sponsored by Allamanda Networks AG.

Daniel


--- /dev/null	Wed Nov 15 15:14:20 2006
+++ README.certkey	Wed Nov 15 15:13:45 2006
@@ -0,0 +1,176 @@
+OpenSSH Certkey
+
+INTRODUCTION
+
+Certkey allows OpenSSH to transmit certificates from server to client for host
+authentication and from client to server for user authentication. Certificates
+are basically signatures made by a certificate authority (CA) private key.
+
+A host certificate is a guarantee made by the CA that a host public key is
+valid. When a host public key carries a valid certificate, the client can
+use the host public key without asking the user to confirm the fingerprint
+manually and through out-of-band communication the first time. The CA takes
+the responsibility of verifying host keys, and users do no longer need to
+maintain known_hosts files of their own.
+
+A user certificate is an authorization made by the CA that the holder of a
+specific private key may login to the server as a specific user, without the
+need of an authorized_keys file being present. The CA gains the power to grant
+individual users access to the server, and users do no longer need to maintain
+authorized_keys files of their own.
+
+Functionally, the CA assumes responsibility and control over users' known_hosts
+and authorized_keys files.
+
+Certkey does not involve online verfication, the CA is not contacted by either
+client or server. Instead, the CA generates certificates which are (once)
+distributed to hosts and users. Any subsequent logins take place without the
+involvment of the CA, based solely on the certificates provided between client
+and server.
+
+For example, a company sets up a new host where many existing users need to
+login. Traditionally, every one of those users will have to verify the new
+host's key the first time they login. Also, each user will have to authorize
+their public key on the new host. With Certkey enabled in this case (and
+assuming the users have already been certified), this procedure is reduced to
+the CA generating a certificate for the new host and installing the
+certificate on the new host.
+
+
+SECURITY IMPLICATIONS
+
+The CA, specifically the holder of the CA private key (and its password, if it
+is password encrypted), holds broad control over hosts and user accounts set
+up in this way. Should the CA private key become compromised, all user
+accounts become compromised.
+
+There is no way to revoke a certificate once it has been published, the
+certificate is valid until it reaches the expiry date set by the CA.
+
+
+CONFIGURATION
+
+The feature is enabled through the following two options in the client and
+server configurations:
+
+  CertkeyAuthentication yes
+  CAKeyFile /etc/ssh/ca.pub
+
+
+USAGE
+
+(1) Generating a CA key pair
+
+    # ssh-keygen
+    Generating public/private rsa key pair.
+    Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/ca
+    Enter passphrase (empty for no passphrase): 
+    Enter same passphrase again: 
+    Your identification has been saved in /root/.ssh/ca.
+    Your public key has been saved in /root/.ssh/ca.pub.
+    The key fingerprint is:
+    f2:c7:5c:a9:48:d8:8c:82:24:d5:2a:d6:75:48:ab:3d root at host
+
+(2) Generating a host certificate
+
+    # ssh-keygen -s
+    Enter file in which the CA key is (/root/.ssh/id_rsa): /root/.ssh/ca
+    CA key fingerprint f2:c7:5c:a9:48:d8:8c:82:24:d5:2a:d6:75:48:ab:3d
+    Enter file in which the user/host key is: /etc/ssh/ssh_host_rsa_key.pub
+    host/user key fingerprint 68:8c:25:e3:b1:17:8a:7f:0c:19:fa:0d:f7:12:6f:8a
+    CA name    : benzedrine.cx
+    identity   : lenovo.benzedrine.cx
+    options    : 
+    valid from : 0
+    valid until: 20061231
+    Certificate has been saved in /etc/ssh/ssh_host_rsa_key.cert.
+
+    # cp /root/.ssh/ca.pub /etc/ssh/ca.pub
+
+(3) Generating a user certificate
+
+    # ssh-keygen -s
+    Enter file in which the CA key is (/root/.ssh/id_rsa): /root/.ssh/ca
+    CA key fingerprint f2:c7:5c:a9:48:d8:8c:82:24:d5:2a:d6:75:48:ab:3d
+    Enter file in which the user/host key is: /home/dhartmei/.ssh/id_dsa.pub
+    host/user key fingerprint 86:c8:52:3e:b1:17:8a:7f:0c:19:fa:0d:f7:12:f6:a8
+    CA name    : benzedrine.cx
+    identity   : dhartmei
+    options    : 
+    valid from : 20061101
+    valid until: 20071231
+    Certificate has been saved in /home/dhartmei/.ssh/id_dsa.cert.
+
+
+IMPLEMENTATION
+
+Host and user certificates are introduced into the transport layer and
+authentication protocol by addition of a new method respectively.
+
+Transport Layer Protocol
+
+An additional key exchange method "diffie-hellman-group-exchange-cert" has
+been added. This method is completely identical to the existing method
+"diffie-hellman-group-exchange-sha1", except for one additional string
+(the host certificate), placed at the end of the message, after the signature.
+
+Authentication Protocol
+
+An additional authentication method "certkey" has been added. This method is
+completely identical to the existing method "publickey", except for one
+additional string (the user certificate), placed at the end of the message,
+after the signature.
+
+Certificate format
+
+Both host and user certificates share the same format. They consist of a single
+string, containing values separated by semi-colons, in the following order
+
+  fingerprint;caname;identity;options;validfrom;validto;algorithm;signature
+
+Values must not contain semi-colons or NUL bytes, but may be empty.
+
+'fingerprint' is the SSH_FP_MD5 SSH_FP_HEX fingerprint of the RSA key signing
+the certificate (the CA key), e.g. the output of ssh-keygen -l for
+/etc/ssh/ca.pub.
+
+'caname' is the name of the CA. This can be used to associate certificates with
+CAs. The format is not defined, though using domain names is suggested.
+
+'identity' is the identity being certified by the CA with this certificate.
+For user certificates, this is the user name the certifcate grants login to.
+For host certificates, the format is not defined, though using the host's
+fully-qualified domain name is suggested.
+
+'options' may contain additional options, in form of key=value pairs separated
+by pipes '|', like 'foo=bar|src=10/8,*.networx.ch|dst=192.168/16'. keys and
+values must not contain semi-colons, pipes, '=' or NUL bytes. The meaning of
+options is not currently defined, though keys 'src' and 'dst' are reserved for
+later implementation of restrictions based on client/server addresses.
+
+'validfrom' and 'validto' are timestamps (UNIX Epoch time) defining the time
+frame the certificate is valid in. When, upon certificate verification, the
+current time is outside this period, the certificate is not valid. If zero is
+used as value for 'validto', the certificate is valid indefinitely after
+'validfrom'.
+
+'algorithm' defines the hash algorithm used for the signature. Currently, the
+only legal value is 'ripemd160'.
+
+'signature' is the signature itself in hex without colons. The data being
+signed consists of
+
+  fingerprint;caname;identity;options;validfrom;validto
+
+where 'fingerprint' is the SSH_FP_MD5 SSH_FP_HEX fingerprint of the user or
+host key (not the CA key).
+
+Example:
+
+  f2:c7:5c:a9:48:d8:8c:82:24:d5:2a:d6:75:48:ab:3d;networx.ch;dhartmei;;
+  1136070000;1451602800;ripemd160;dbd33e932d80b5612...5a0b4759bee451
+
+Note that the certificate does not contain any newline characters, it's
+wrapped onto two lines here to improve readability.
+
+$OpenBSD$
Index: auth.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth.h,v
retrieving revision 1.58
diff -u -r1.58 auth.h
--- auth.h	18 Aug 2006 09:15:20 -0000	1.58
+++ auth.h	15 Nov 2006 14:14:32 -0000
@@ -115,6 +115,7 @@
 int	 auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
 int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 int	 user_key_allowed(struct passwd *, Key *);
+int	 user_cert_key_allowed(struct passwd *, Key *);
 
 #ifdef KRB5
 int	auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
Index: auth2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.113
diff -u -r1.113 auth2.c
--- auth2.c	3 Aug 2006 03:34:41 -0000	1.113
+++ auth2.c	15 Nov 2006 14:14:32 -0000
@@ -55,6 +55,7 @@
 /* methods */
 
 extern Authmethod method_none;
+extern Authmethod method_certkey;
 extern Authmethod method_pubkey;
 extern Authmethod method_passwd;
 extern Authmethod method_kbdint;
@@ -65,6 +66,7 @@
 
 Authmethod *authmethods[] = {
 	&method_none,
+	&method_certkey,
 	&method_pubkey,
 #ifdef GSSAPI
 	&method_gssapi,
Index: authfile.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.76
diff -u -r1.76 authfile.c
--- authfile.c	3 Aug 2006 03:34:41 -0000	1.76
+++ authfile.c	15 Nov 2006 14:14:33 -0000
@@ -302,6 +302,43 @@
 	return pub;
 }
 
+static void
+key_try_load_cert(Key *key, const char *filename)
+{
+	char fn[MAXPATHLEN];
+	int fd;
+	ssize_t r;
+
+	if (key->cert) {
+		xfree(key->cert);
+		key->cert = NULL;
+	}
+	if (strlen(filename) > 4 && strlen(filename) < sizeof(fn) &&
+	    !strcmp(filename + strlen(filename) - 4, ".pub"))
+		strlcpy(fn, filename, strlen(filename) - 3);
+	else
+		strlcpy(fn, filename, sizeof(fn));
+	strlcat(fn, ".cert", sizeof(fn));
+
+	fd = open(fn, O_RDONLY);
+	if (fd >= 0) {
+		key->cert = xmalloc(8192);
+		if (key->cert) {
+			r = read(fd, key->cert, 8192);
+			if (r > 0) {
+				if (key->cert[r - 1] == '\n')
+					key->cert[r - 1] = 0;
+				else
+					key->cert[r] = 0;
+			} else {
+				xfree(key->cert);
+				key->cert = NULL;
+			}
+		}
+		close(fd);
+	}
+}
+
 /* load public key from private-key file, works only for SSH v1 */
 Key *
 key_load_public_type(int type, const char *filename, char **commentp)
@@ -315,6 +352,8 @@
 			return NULL;
 		pub = key_load_public_rsa1(fd, filename, commentp);
 		close(fd);
+		if (pub != NULL)
+			key_try_load_cert(pub, filename);
 		return pub;
 	}
 	return NULL;
@@ -604,6 +643,8 @@
 		/* closes fd */
 		prv = key_load_private_rsa1(fd, filename, passphrase, NULL);
 	}
+	if (prv != NULL)
+		key_try_load_cert(prv, filename);
 	return prv;
 }
 
@@ -634,6 +675,7 @@
 					if (commentp)
 						*commentp=xstrdup(filename);
 					fclose(f);
+					key_try_load_cert(k, filename);
 					return 1;
 				}
 			}
Index: kex.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.76
diff -u -r1.76 kex.c
--- kex.c	3 Aug 2006 03:34:42 -0000	1.76
+++ kex.c	15 Nov 2006 14:14:33 -0000
@@ -312,6 +312,9 @@
 	} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
 		k->kex_type = KEX_DH_GEX_SHA256;
 		k->evp_md = evp_ssh_sha256();
+	} else if (strcmp(k->name, KEX_DHGEX_CERT) == 0) {
+		k->kex_type = KEX_DH_GEX_CERT;
+		k->evp_md = EVP_sha1();
 	} else
 		fatal("bad kex alg %s", k->name);
 }
Index: kex.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kex.h,v
retrieving revision 1.44
diff -u -r1.44 kex.h
--- kex.h	3 Aug 2006 03:34:42 -0000	1.44
+++ kex.h	15 Nov 2006 14:14:33 -0000
@@ -32,6 +32,7 @@
 #define	KEX_DH14		"diffie-hellman-group14-sha1"
 #define	KEX_DHGEX_SHA1		"diffie-hellman-group-exchange-sha1"
 #define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
+#define	KEX_DHGEX_CERT		"diffie-hellman-group-exchange-cert"
 
 #define COMP_NONE	0
 #define COMP_ZLIB	1
@@ -62,6 +63,7 @@
 	KEX_DH_GRP14_SHA1,
 	KEX_DH_GEX_SHA1,
 	KEX_DH_GEX_SHA256,
+	KEX_DH_GEX_CERT,
 	KEX_MAX
 };
 
Index: kexgexc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v
retrieving revision 1.11
diff -u -r1.11 kexgexc.c
--- kexgexc.c	6 Nov 2006 21:25:28 -0000	1.11
+++ kexgexc.c	15 Nov 2006 14:14:33 -0000
@@ -124,8 +124,6 @@
 		fatal("type mismatch for decoded server_host_key_blob");
 	if (kex->verify_host_key == NULL)
 		fatal("cannot verify server_host_key");
-	if (kex->verify_host_key(server_host_key) == -1)
-		fatal("server_host_key verification failed");
 
 	/* DH parameter f, server public DH key */
 	if ((dh_server_pub = BN_new()) == NULL)
@@ -141,7 +139,20 @@
 
 	/* signed H */
 	signature = packet_get_string(&slen);
+	if (kex->kex_type == KEX_DH_GEX_CERT) {
+		u_char *cert;
+		u_int len;
+
+		cert = packet_get_string(&len);
+		if (cert != NULL) {
+			server_host_key->cert = xstrdup(cert);
+			xfree(cert);
+		}
+	}
 	packet_check_eom();
+
+	if (kex->verify_host_key(server_host_key) == -1)
+		fatal("server_host_key verification failed");
 
 	if (!dh_pub_is_valid(dh, dh_server_pub))
 		packet_disconnect("bad server public DH value");
Index: kexgexs.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kexgexs.c,v
retrieving revision 1.10
diff -u -r1.10 kexgexs.c
--- kexgexs.c	6 Nov 2006 21:25:28 -0000	1.10
+++ kexgexs.c	15 Nov 2006 14:14:33 -0000
@@ -183,6 +183,13 @@
 	packet_put_string(server_host_key_blob, sbloblen);
 	packet_put_bignum2(dh->pub_key);	/* f */
 	packet_put_string(signature, slen);
+	if (kex->kex_type == KEX_DH_GEX_CERT) {
+		if (server_host_key->cert != NULL)
+			packet_put_string(server_host_key->cert,
+			    strlen(server_host_key->cert));
+		else
+			packet_put_string("", 0);
+	}
 	packet_send();
 
 	xfree(signature);
Index: key.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/key.c,v
retrieving revision 1.68
diff -u -r1.68 key.c
--- key.c	6 Nov 2006 21:25:28 -0000	1.68
+++ key.c	15 Nov 2006 14:14:33 -0000
@@ -57,6 +57,7 @@
 	k->type = type;
 	k->dsa = NULL;
 	k->rsa = NULL;
+	k->cert = NULL;
 	switch (k->type) {
 	case KEY_RSA1:
 	case KEY_RSA:
@@ -145,6 +146,9 @@
 		fatal("key_free: bad key type %d", k->type);
 		break;
 	}
+	if (k->cert != NULL)
+		xfree(k->cert);
+	k->cert = NULL;
 	xfree(k);
 }
 
@@ -833,6 +837,7 @@
 	pk->flags = k->flags;
 	pk->dsa = NULL;
 	pk->rsa = NULL;
+	pk->cert = k->cert ? xstrdup(k->cert) : NULL;
 
 	switch (k->type) {
 	case KEY_RSA1:
@@ -862,4 +867,100 @@
 	}
 
 	return (pk);
+}
+
+static void
+cert_token(const u_char **c, u_char *buf, int len)
+{
+	int i = 0;
+
+	while (**c && **c != ';' && i + 1 < len)
+		buf[i++] = *(*c)++;
+	if (**c == ';')
+		(*c)++;
+	buf[i] = 0;
+}
+
+/* check whether certificate is valid and signature correct */
+int
+cert_verify(const u_char *cert, const Key *ca_key, const Key *key,
+    const u_char *identity)
+{
+	u_char ca_fp[128], ca_name[128], ca_id[128], ca_opts[512];
+	u_char ca_vf[16], ca_vt[16], ca_alg[64], ca_sig[1024];
+	u_char sigbuf[1024], datbuf[2048], c, *fp;
+	unsigned long vf, vt, now = time(NULL);
+	u_int siglen, i;
+
+	if (cert == NULL || ca_key == NULL || ca_key->type != KEY_RSA ||
+	    ca_key->rsa == NULL || key == NULL) {
+		debug2("cert_verify: invalid arguments");
+		return 0;
+	}
+
+	cert_token(&cert, ca_fp, sizeof(ca_fp));
+	cert_token(&cert, ca_name, sizeof(ca_name));
+	cert_token(&cert, ca_id, sizeof(ca_id));
+	cert_token(&cert, ca_opts, sizeof(ca_opts));
+	cert_token(&cert, ca_vf, sizeof(ca_vf));
+	vf = strtoul(ca_vf, NULL, 10);
+	cert_token(&cert, ca_vt, sizeof(ca_vt));
+	vt = strtoul(ca_vt, NULL, 10);
+	cert_token(&cert, ca_alg, sizeof(ca_alg));
+	cert_token(&cert, ca_sig, sizeof(ca_sig));
+
+	if (strcmp(ca_alg, "ripemd160")) {
+		debug2("cert_verify: unsupported alg '%s'\n", ca_alg);
+		return 0;
+	}
+
+	siglen = 0;
+	for (i = 0; ca_sig[i]; ++i) {
+		if (ca_sig[i] >= '0' && ca_sig[i] <= '9')
+			c = ca_sig[i] - '0';
+		else if (ca_sig[i] >= 'a' && ca_sig[i] <= 'f')
+			c = ca_sig[i] - 'a' + 10;
+		else
+			break;
+		if ((i % 2) == 0)
+			sigbuf[siglen] = c << 4;
+		else
+			sigbuf[siglen++] |= c;
+	}
+
+	fp = key_fingerprint(ca_key, SSH_FP_MD5, SSH_FP_HEX);
+	if (strcmp(fp, ca_fp)) {
+		debug2("cert_verify: CA key fingerprint mismatch ('%s' != '%s')",
+		    fp, ca_fp);
+		xfree(fp);
+		return 0;
+	}
+	xfree(fp);
+
+	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+	snprintf(datbuf, sizeof(datbuf), "%s;%s;%s;%s;%lu;%lu",
+	    fp, ca_name, ca_id, ca_opts, vf, vt);
+	xfree(fp);
+
+	if (RSA_verify(NID_ripemd160, datbuf, strlen(datbuf), sigbuf, siglen,
+	    ca_key->rsa) != 1) {
+		debug2("cert_verify: signature not valid ('%s')", ca_sig);
+		return 0;
+	}
+	if (vf && vf > now) {
+		debug2("cert_verify: certificate is not yet valid (%lu > %lu)",
+		    vf, now);
+		return 0;
+	}
+	if (vt && vt < now) {
+		debug2("cert_verify: certificate has expired (%lu < %lu)",
+		    vt, now);
+		return 0;
+	}
+	if (identity != NULL && strcmp(identity, ca_id)) {
+		debug2("cert_verify: identity mismatches ('%s' != '%s')",
+		    identity, ca_id);
+		return 0;
+	}
+	return 1;
 }
Index: key.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/key.h,v
retrieving revision 1.26
diff -u -r1.26 key.h
--- key.h	3 Aug 2006 03:34:42 -0000	1.26
+++ key.h	15 Nov 2006 14:14:33 -0000
@@ -53,6 +53,7 @@
 	int	 flags;
 	RSA	*rsa;
 	DSA	*dsa;
+	u_char	*cert;
 };
 
 Key		*key_new(int);
@@ -83,5 +84,7 @@
 int	 ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 int	 ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
 int	 ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+
+int	 cert_verify(const u_char *cert, const Key *, const Key *, const u_char *);
 
 #endif
Index: monitor.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor.c,v
retrieving revision 1.89
diff -u -r1.89 monitor.c
--- monitor.c	7 Nov 2006 10:31:31 -0000	1.89
+++ monitor.c	15 Nov 2006 14:14:35 -0000
@@ -797,6 +797,17 @@
 
 	if (key != NULL && authctxt->valid) {
 		switch (type) {
+		case MM_CERTKEY: {
+			u_char *cert;
+			u_int clen;
+
+			cert = buffer_get_string(m, &clen);
+			key->cert = xstrdup(cert);
+			allowed = options.certkey_authentication &&
+			    user_cert_key_allowed(authctxt->pw, key);
+			auth_method = "certkey";
+			break;
+		}
 		case MM_USERKEY:
 			allowed = options.pubkey_authentication &&
 			    user_key_allowed(authctxt->pw, key);
@@ -859,7 +870,7 @@
 }
 
 static int
-monitor_valid_userblob(u_char *data, u_int datalen)
+monitor_valid_userblob(u_char *data, u_int datalen, u_char *name)
 {
 	Buffer b;
 	char *p;
@@ -900,7 +911,7 @@
 			fail++;
 	} else {
 		p = buffer_get_string(&b, NULL);
-		if (strcmp("publickey", p) != 0)
+		if (strcmp(name, p) != 0)
 			fail++;
 		xfree(p);
 		if (!buffer_get_char(&b))
@@ -992,8 +1003,11 @@
 		fatal("%s: bad public key blob", __func__);
 
 	switch (key_blobtype) {
+	case MM_CERTKEY:
+		valid_data = monitor_valid_userblob(data, datalen, "certkey");
+		break;
 	case MM_USERKEY:
-		valid_data = monitor_valid_userblob(data, datalen);
+		valid_data = monitor_valid_userblob(data, datalen, "publickey");
 		break;
 	case MM_HOSTKEY:
 		valid_data = monitor_valid_hostbasedblob(data, datalen,
@@ -1015,7 +1029,12 @@
 	xfree(signature);
 	xfree(data);
 
-	auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
+	if (key_blobtype == MM_CERTKEY)
+		auth_method = "certkey";
+	else if (key_blobtype == MM_USERKEY)
+		auth_method = "publickey";
+	else
+		auth_method = "hostbased";
 
 	monitor_reset_key_state();
 
Index: monitor_wrap.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
retrieving revision 1.54
diff -u -r1.54 monitor_wrap.c
--- monitor_wrap.c	12 Aug 2006 20:46:46 -0000	1.54
+++ monitor_wrap.c	15 Nov 2006 14:14:35 -0000
@@ -295,6 +295,12 @@
 }
 
 int
+mm_user_cert_key_allowed(struct passwd *pw, Key *key)
+{
+	return (mm_key_allowed(MM_CERTKEY, NULL, NULL, key));
+}
+
+int
 mm_user_key_allowed(struct passwd *pw, Key *key)
 {
 	return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
@@ -351,6 +357,8 @@
 	buffer_put_cstring(&m, user ? user : "");
 	buffer_put_cstring(&m, host ? host : "");
 	buffer_put_string(&m, blob, len);
+	if (type == MM_CERTKEY && key && key->cert)
+		buffer_put_string(&m, key->cert, strlen(key->cert));
 	xfree(blob);
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
Index: monitor_wrap.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.h,v
retrieving revision 1.20
diff -u -r1.20 monitor_wrap.h
--- monitor_wrap.h	3 Aug 2006 03:34:42 -0000	1.20
+++ monitor_wrap.h	15 Nov 2006 14:14:35 -0000
@@ -31,7 +31,7 @@
 extern int use_privsep;
 #define PRIVSEP(x)	(use_privsep ? mm_##x : x)
 
-enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY};
+enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_CERTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY};
 
 struct monitor;
 struct mm_master;
@@ -46,6 +46,7 @@
 int mm_auth_password(struct Authctxt *, char *);
 int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
 int mm_user_key_allowed(struct passwd *, Key *);
+int mm_user_cert_key_allowed(struct passwd *, Key *);
 int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
 int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
 int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
Index: myproposal.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v
retrieving revision 1.21
diff -u -r1.21 myproposal.h
--- myproposal.h	25 Mar 2006 22:22:43 -0000	1.21
+++ myproposal.h	15 Nov 2006 14:14:35 -0000
@@ -24,6 +24,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #define KEX_DEFAULT_KEX		\
+	"diffie-hellman-group-exchange-cert," \
 	"diffie-hellman-group-exchange-sha256," \
 	"diffie-hellman-group-exchange-sha1," \
 	"diffie-hellman-group14-sha1," \
Index: pathnames.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/pathnames.h,v
retrieving revision 1.16
diff -u -r1.16 pathnames.h
--- pathnames.h	25 Mar 2006 22:22:43 -0000	1.16
+++ pathnames.h	15 Nov 2006 14:14:35 -0000
@@ -36,6 +36,7 @@
 #define _PATH_DH_MODULI			ETCDIR "/moduli"
 /* Backwards compatibility */
 #define _PATH_DH_PRIMES			ETCDIR "/primes"
+#define	_PATH_CA_KEY_FILE		SSHDIR "/ca.pub"
 
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
 
Index: readconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.159
diff -u -r1.159 readconf.c
--- readconf.c	3 Aug 2006 03:34:42 -0000	1.159
+++ readconf.c	15 Nov 2006 14:14:36 -0000
@@ -117,7 +117,8 @@
 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
 	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
 	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
-	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
+	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oCertkeyAuthentication,
+	oCAKeyFile, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
@@ -148,6 +149,8 @@
 	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
 	{ "kbdinteractivedevices", oKbdInteractiveDevices },
 	{ "rsaauthentication", oRSAAuthentication },
+	{ "certkeyauthentication", oCertkeyAuthentication },
+	{ "cakeyfile", oCAKeyFile },
 	{ "pubkeyauthentication", oPubkeyAuthentication },
 	{ "dsaauthentication", oPubkeyAuthentication },		    /* alias */
 	{ "rhostsrsaauthentication", oRhostsRSAAuthentication },
@@ -412,6 +415,10 @@
 		charptr = &options->kbd_interactive_devices;
 		goto parse_string;
 
+	case oCertkeyAuthentication:
+		intptr = &options->certkey_authentication;
+		goto parse_flag;
+
 	case oPubkeyAuthentication:
 		intptr = &options->pubkey_authentication;
 		goto parse_flag;
@@ -560,6 +567,10 @@
 			*charptr = xstrdup(arg);
 		break;
 
+	case oCAKeyFile:
+		charptr = &options->ca_key_file;
+		goto parse_string;
+
 	case oGlobalKnownHostsFile:
 		charptr = &options->system_hostfile;
 		goto parse_string;
@@ -1002,6 +1013,8 @@
 	options->gateway_ports = -1;
 	options->use_privileged_port = -1;
 	options->rsa_authentication = -1;
+	options->certkey_authentication = -1;
+	options->ca_key_file = NULL;
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
 	options->gss_authentication = -1;
@@ -1088,6 +1101,10 @@
 		options->use_privileged_port = 0;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
+	if (options->certkey_authentication == -1)
+		options->certkey_authentication = 0;
+	if (options->ca_key_file == NULL)
+		options->ca_key_file = _PATH_CA_KEY_FILE;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
 	if (options->challenge_response_authentication == -1)
Index: readconf.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.h,v
retrieving revision 1.71
diff -u -r1.71 readconf.h
--- readconf.h	3 Aug 2006 03:34:42 -0000	1.71
+++ readconf.h	15 Nov 2006 14:14:36 -0000
@@ -39,6 +39,8 @@
 	int     rhosts_rsa_authentication;	/* Try rhosts with RSA
 						 * authentication. */
 	int     rsa_authentication;	/* Try RSA authentication. */
+	int     certkey_authentication;	/* Try ssh2 certkey authentication. */
+	char   *ca_key_file;		/* File containing CA key. */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
 	int     challenge_response_authentication;
Index: servconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.165
diff -u -r1.165 servconf.c
--- servconf.c	14 Aug 2006 12:40:25 -0000	1.165
+++ servconf.c	15 Nov 2006 14:14:37 -0000
@@ -56,6 +56,7 @@
 	options->listen_addrs = NULL;
 	options->address_family = -1;
 	options->num_host_key_files = 0;
+	options->ca_key_file = NULL;
 	options->pid_file = NULL;
 	options->server_key_bits = -1;
 	options->login_grace_time = -1;
@@ -77,6 +78,7 @@
 	options->hostbased_authentication = -1;
 	options->hostbased_uses_name_from_packet_only = -1;
 	options->rsa_authentication = -1;
+	options->certkey_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->kerberos_authentication = -1;
 	options->kerberos_or_local_passwd = -1;
@@ -134,6 +136,8 @@
 			    _PATH_HOST_DSA_KEY_FILE;
 		}
 	}
+	if (options->ca_key_file == NULL)
+		options->ca_key_file = _PATH_CA_KEY_FILE;
 	if (options->num_ports == 0)
 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
 	if (options->listen_addrs == NULL)
@@ -180,6 +184,8 @@
 		options->hostbased_uses_name_from_packet_only = 0;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
+	if (options->certkey_authentication == -1)
+		options->certkey_authentication = 0;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
 	if (options->kerberos_authentication == -1)
@@ -259,9 +265,9 @@
 	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
-	sMaxStartups, sMaxAuthTries,
+	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sCAKeyFile,
+	sGatewayPorts, sCertkeyAuthentication, sPubkeyAuthentication, sXAuthLocation,
+	sSubsystem, sMaxStartups, sMaxAuthTries,
 	sBanner, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@@ -282,6 +288,7 @@
 	u_int flags;
 } keywords[] = {
 	{ "port", sPort, SSHCFG_GLOBAL },
+	{ "cakeyfile", sCAKeyFile, SSHCFG_GLOBAL },
 	{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
 	{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },		/* alias */
 	{ "pidfile", sPidFile, SSHCFG_GLOBAL },
@@ -296,6 +303,7 @@
 	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL },
 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
 	{ "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL },
+	{ "certkeyauthentication", sCertkeyAuthentication, SSHCFG_GLOBAL },
 	{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },
 	{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
 #ifdef KRB5
@@ -738,6 +746,10 @@
 		}
 		break;
 
+	case sCAKeyFile:
+		charptr = &options->ca_key_file;
+		goto parse_filename;
+
 	case sPidFile:
 		charptr = &options->pid_file;
 		goto parse_filename;
@@ -803,6 +815,10 @@
 
 	case sRSAAuthentication:
 		intptr = &options->rsa_authentication;
+		goto parse_flag;
+
+	case sCertkeyAuthentication:
+		intptr = &options->certkey_authentication;
 		goto parse_flag;
 
 	case sPubkeyAuthentication:
Index: servconf.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
retrieving revision 1.79
diff -u -r1.79 servconf.h
--- servconf.h	14 Aug 2006 12:40:25 -0000	1.79
+++ servconf.h	15 Nov 2006 14:14:37 -0000
@@ -43,6 +43,7 @@
 	char   *listen_addr;		/* Address on which the server listens. */
 	struct addrinfo *listen_addrs;	/* Addresses on which the server listens. */
 	int     address_family;		/* Address family used by the server. */
+	char   *ca_key_file;		/* File containing CA key. */
 	char   *host_key_files[MAX_HOSTKEYS];	/* Files containing host keys. */
 	int     num_host_key_files;     /* Number of files for host keys. */
 	char   *pid_file;	/* Where to put our pid */
@@ -75,6 +76,7 @@
 	int     hostbased_uses_name_from_packet_only; /* experimental */
 	int     rsa_authentication;	/* If true, permit RSA authentication. */
 	int     pubkey_authentication;	/* If true, permit ssh2 pubkey authentication. */
+	int     certkey_authentication;	/* If true, permit ssh2 certkey authentication. */
 	int     kerberos_authentication;	/* If true, permit Kerberos
 						 * authentication. */
 	int     kerberos_or_local_passwd;	/* If true, permit kerberos
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.156
diff -u -r1.156 ssh-keygen.c
--- ssh-keygen.c	14 Nov 2006 19:41:04 -0000	1.156
+++ ssh-keygen.c	15 Nov 2006 14:14:37 -0000
@@ -94,6 +94,8 @@
 int print_public = 0;
 int print_generic = 0;
 
+int sign_host_key = 0;
+
 char *key_type_name = NULL;
 
 /* argv0 */
@@ -494,6 +496,142 @@
 #endif /* SMARTCARD */
 
 static void
+ask_string(const char *question, char *buf, int len)
+{
+	printf("%s", question);
+	if (fgets(buf, len, stdin) == NULL)
+		exit(1);
+	buf[len - 1] = 0;
+	len = strlen(buf);
+	if (len > 0 && buf[len - 1] == '\n')
+		buf[len - 1] = 0;
+}
+
+static unsigned long
+ask_date(const char *question)
+{
+	char buf[64];
+	int len;
+	unsigned year, mon = 1, mday = 1, hour = 0, min = 0, sec = 0;
+	struct tm tm;
+
+	printf("%s", question);
+	if (fgets(buf, sizeof(buf), stdin) == NULL)
+		exit(1);
+	buf[sizeof(buf) - 1] = 0;
+	len = strlen(buf);
+	if (len > 0 && buf[len - 1] == '\n')
+		buf[len - 1] = 0;
+	if (sscanf(buf, "%4u%2u%2u%2u%2u%2u",
+	    &year, &mon, &mday, &hour, &min, &sec) < 1) {
+		error("invalid date");
+		exit(1);	
+	}
+	if (!year)
+		return 0;
+	memset(&tm, 0, sizeof(tm));
+	tm.tm_year = year - 1900;
+	tm.tm_mon = mon - 1;
+	tm.tm_mday = mday;
+	tm.tm_hour = hour;
+	tm.tm_min = min;
+	tm.tm_sec = sec;
+	return timegm(&tm);
+}
+
+static void
+do_sign_host_key(struct passwd *pw)
+{
+	struct stat st;
+	u_char ca_name[128], ca_id[128], ca_opts[512];
+	u_char dat[8192], sig[8192], key_fn[1024], cert_fn[1024];
+	unsigned long valid_from, valid_to;
+	u_int slen;
+	Key *ca_key, *host_key;
+	char *ca_fp, *host_fp;
+	FILE *f;
+	int i;
+
+	if (!have_identity)
+		ask_filename(pw, "Enter file in which the CA key is");
+	if (stat(identity_file, &st) < 0) {
+		perror(identity_file);
+		exit(1);
+	}
+	ca_key = load_identity(identity_file);
+	if (ca_key == NULL) {
+		error("load failed");
+		exit(1);
+	}
+	if (ca_key->type != KEY_RSA || ca_key->rsa == NULL) {
+		error("key invalid");
+		exit(1);
+	}
+	ca_fp = key_fingerprint(ca_key, SSH_FP_MD5, SSH_FP_HEX);
+	printf("CA key fingerprint %s\n", ca_fp);
+
+	ask_string("Enter file in which the user/host key is: ", key_fn, sizeof(key_fn));
+	if (stat(key_fn, &st) < 0) {
+		perror(key_fn);
+		exit(1);
+	}
+	host_key = key_load_public(key_fn, NULL);
+	if (host_key == NULL) {
+		error("load failed");
+		exit(1);
+	}
+	strlcpy(cert_fn, key_fn, sizeof(cert_fn));
+	if (strlen(cert_fn) > 4 && !strcmp(cert_fn + strlen(cert_fn) - 4, ".pub"))
+		cert_fn[strlen(cert_fn) - 4] = 0;
+	strlcat(cert_fn, ".cert", sizeof(cert_fn));
+	host_fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+	printf("host/user key fingerprint %s\n", host_fp);
+
+	ask_string("CA name    : ", ca_name, sizeof(ca_name));
+	if (!ca_name[0] || strchr(ca_name, ';')) {
+		error("invalid CA name");
+		exit(1);
+	}
+	ask_string("identity   : ", ca_id, sizeof(ca_id));
+	if (!ca_id[0] || strchr(ca_id, ';')) {
+		error("invalid identity");
+		exit(1);
+	}
+	ask_string("options    : ", ca_opts, sizeof(ca_opts));
+	if (strchr(ca_opts, ';')) {
+		error("invalid options");
+		exit(1);
+	}
+	valid_from = ask_date("valid from : ");
+	valid_to = ask_date("valid until: ");
+
+	snprintf(dat, sizeof(dat), "%s;%s;%s;%s;%lu;%lu",
+	    host_fp, ca_name, ca_id, ca_opts, valid_from, valid_to);
+	if (RSA_sign(NID_ripemd160, dat, strlen(dat), sig, &slen, ca_key->rsa) != 1 || !slen) {
+		fprintf(stderr, "RSA_sign() failed\n");
+		exit(1);
+	}
+	if (RSA_verify(NID_ripemd160, dat, strlen(dat), sig, slen, ca_key->rsa) != 1) {
+		fprintf(stderr, "RSA_verify() failed\n");
+		exit(1);
+	}
+
+	snprintf(dat, sizeof(dat), "%s;%s;%s;%s;%lu;%lu;ripemd160;",
+	    ca_fp, ca_name, ca_id, ca_opts, valid_from, valid_to);
+	for (i = 0; i < slen; ++i)
+		snprintf(dat + strlen(dat), sizeof(dat) - strlen(dat), "%.2x", sig[i]);
+	f = fopen(cert_fn, "w");
+	if (f == NULL) {
+		fprintf(stderr, "fopen: %s: %s\n", cert_fn, strerror(errno));
+		exit(1);
+	}
+	fprintf(f, "%s", dat);
+	fclose(f);
+	printf("Certificate has been saved in %s.\n", cert_fn);
+	exit(0);
+}
+
+static void
 do_fingerprint(struct passwd *pw)
 {
 	FILE *f;
@@ -1026,6 +1164,7 @@
 	fprintf(stderr, "  -R hostname Remove host from known_hosts file.\n");
 	fprintf(stderr, "  -r hostname Print DNS resource record.\n");
 	fprintf(stderr, "  -S start    Start point (hex) for generating DH-GEX moduli.\n");
+	fprintf(stderr, "  -s          Generate certificate for user/host key using CA key.\n");
 	fprintf(stderr, "  -T file     Screen candidates for DH-GEX moduli.\n");
 	fprintf(stderr, "  -t type     Specify type of key to create.\n");
 #ifdef SMARTCARD
@@ -1079,7 +1218,7 @@
 	}
 
 	while ((opt = getopt(argc, argv,
-	    "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
+	    "degiqpsclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
 		switch (opt) {
 		case 'b':
 			bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
@@ -1156,6 +1295,9 @@
 		case 'U':
 			reader_id = optarg;
 			break;
+		case 's':
+			sign_host_key = 1;
+			break;
 		case 'v':
 			if (log_level == SYSLOG_LEVEL_INFO)
 				log_level = SYSLOG_LEVEL_DEBUG1;
@@ -1221,6 +1363,8 @@
 		printf("Can only have one of -p and -c.\n");
 		usage();
 	}
+	if (sign_host_key)
+		do_sign_host_key(pw);
 	if (delete_host || hash_hosts || find_host)
 		do_known_hosts(pw, rr_hostname);
 	if (print_fingerprint || print_bubblebabble)
Index: ssh_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.97
diff -u -r1.97 ssh_config.5
--- ssh_config.5	27 Jul 2006 08:00:50 -0000	1.97
+++ ssh_config.5	15 Nov 2006 14:14:38 -0000
@@ -145,6 +145,15 @@
 .Cm UsePrivilegedPort
 is set to
 .Dq yes .
+.It Cm CAKeyFile
+Specifies a file containing a public CA key.
+The default is
+.Pa /etc/ssh/ca.pub .
+.It Cm CertkeyAuthentication
+Specifies whether certified key authentication is allowed.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
 .It Cm ChallengeResponseAuthentication
 Specifies whether to use challenge-response authentication.
 The argument to this keyword must be
Index: sshconnect.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v
retrieving revision 1.200
diff -u -r1.200 sshconnect.c
--- sshconnect.c	10 Oct 2006 10:12:45 -0000	1.200
+++ sshconnect.c	15 Nov 2006 14:14:39 -0000
@@ -21,6 +21,7 @@
 
 #include <netinet/in.h>
 
+#include <openssl/objects.h>
 #include <ctype.h>
 #include <errno.h>
 #include <netdb.h>
@@ -48,6 +49,7 @@
 #include "misc.h"
 #include "dns.h"
 #include "version.h"
+#include "authfile.h"
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
@@ -884,6 +886,19 @@
 {
 	struct stat st;
 	int flags = 0;
+
+	if (options.certkey_authentication && host_key->cert != NULL) {
+		Key *ca_key;
+		int verified;
+
+		ca_key = key_load_public(options.ca_key_file, NULL);
+		if (ca_key != NULL) {
+			verified = cert_verify(host_key->cert, ca_key, host_key, NULL);
+			key_free(ca_key);
+			if (verified)
+				return 0;
+		}
+	}
 
 	if (options.verify_host_key_dns &&
 	    verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
Index: sshconnect2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.162
diff -u -r1.162 sshconnect2.c
--- sshconnect2.c	30 Aug 2006 00:06:51 -0000	1.162
+++ sshconnect2.c	15 Nov 2006 14:14:40 -0000
@@ -133,6 +133,7 @@
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+	kex->kex[KEX_DH_GEX_CERT] = kexgex_client;
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
 	kex->verify_host_key=&verify_host_key_callback;
@@ -168,6 +169,7 @@
 	Key	*key;			/* public/private key */
 	char	*filename;		/* comment for agent-only keys */
 	int	tried;
+	int	triedcert;
 	int	isprivate;		/* key points to the private key */
 };
 TAILQ_HEAD(idlist, identity);
@@ -206,6 +208,7 @@
 void	input_userauth_passwd_changereq(int, u_int32_t, void *);
 
 int	userauth_none(Authctxt *);
+int	userauth_certkey(Authctxt *);
 int	userauth_pubkey(Authctxt *);
 int	userauth_passwd(Authctxt *);
 int	userauth_kbdint(Authctxt *);
@@ -224,6 +227,7 @@
 void	userauth(Authctxt *, char *);
 
 static int sign_and_send_pubkey(Authctxt *, Identity *);
+static int sign_and_send_certkey(Authctxt *, Identity *);
 static void pubkey_prepare(Authctxt *);
 static void pubkey_cleanup(Authctxt *);
 static Key *load_identity_file(char *);
@@ -243,6 +247,10 @@
 		userauth_hostbased,
 		&options.hostbased_authentication,
 		NULL},
+	{"certkey",
+		userauth_certkey,
+		&options.certkey_authentication,
+		NULL},
 	{"publickey",
 		userauth_pubkey,
 		&options.pubkey_authentication,
@@ -472,7 +480,11 @@
 	 */
 	TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
 		if (key_equal(key, id->key)) {
-			sent = sign_and_send_pubkey(authctxt, id);
+			if (!strcmp(authctxt->method->name, "certkey")) {
+				if (id->key->cert != NULL)
+					sent = sign_and_send_certkey(authctxt, id);
+			} else
+				sent = sign_and_send_pubkey(authctxt, id);
 			break;
 		}
 	}
@@ -851,6 +863,93 @@
 }
 
 static int
+sign_and_send_certkey(Authctxt *authctxt, Identity *id)
+{
+	Buffer b;
+	u_char *blob, *signature;
+	u_int bloblen, slen;
+	u_int skip = 0;
+	int ret = -1;
+	int have_sig = 1;
+
+	debug3("sign_and_send_certkey");
+
+	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
+		/* we cannot handle this key */
+		debug3("sign_and_send_certkey: cannot handle key");
+		return 0;
+	}
+	/* data to be signed */
+	buffer_init(&b);
+	if (datafellows & SSH_OLD_SESSIONID) {
+		buffer_append(&b, session_id2, session_id2_len);
+		skip = session_id2_len;
+	} else {
+		buffer_put_string(&b, session_id2, session_id2_len);
+		skip = buffer_len(&b);
+	}
+	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+	buffer_put_cstring(&b, authctxt->server_user);
+	buffer_put_cstring(&b,
+	    datafellows & SSH_BUG_PKSERVICE ?
+	    "ssh-userauth" :
+	    authctxt->service);
+	if (datafellows & SSH_BUG_PKAUTH) {
+		buffer_put_char(&b, have_sig);
+	} else {
+		buffer_put_cstring(&b, authctxt->method->name);
+		buffer_put_char(&b, have_sig);
+		buffer_put_cstring(&b, key_ssh_name(id->key));
+	}
+	buffer_put_string(&b, blob, bloblen);
+
+	/* generate signature */
+	ret = identity_sign(id, &signature, &slen,
+	    buffer_ptr(&b), buffer_len(&b));
+	if (ret == -1) {
+		xfree(blob);
+		buffer_free(&b);
+		return 0;
+	}
+#ifdef DEBUG_PK
+	buffer_dump(&b);
+#endif
+	if (datafellows & SSH_BUG_PKSERVICE) {
+		buffer_clear(&b);
+		buffer_append(&b, session_id2, session_id2_len);
+		skip = session_id2_len;
+		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+		buffer_put_cstring(&b, authctxt->server_user);
+		buffer_put_cstring(&b, authctxt->service);
+		buffer_put_cstring(&b, authctxt->method->name);
+		buffer_put_char(&b, have_sig);
+		if (!(datafellows & SSH_BUG_PKAUTH))
+			buffer_put_cstring(&b, key_ssh_name(id->key));
+		buffer_put_string(&b, blob, bloblen);
+	}
+	xfree(blob);
+
+	/* append signature */
+	buffer_put_string(&b, signature, slen);
+	xfree(signature);
+
+	buffer_put_string(&b, id->key->cert, strlen(id->key->cert));
+
+	/* skip session id and packet type */
+	if (buffer_len(&b) < skip + 1)
+		fatal("userauth_pubkey: internal error");
+	buffer_consume(&b, skip + 1);
+
+	/* put remaining data from buffer into packet */
+	packet_start(SSH2_MSG_USERAUTH_REQUEST);
+	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
+	buffer_free(&b);
+	packet_send();
+
+	return 1;
+}
+
+static int
 sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 {
 	Buffer b;
@@ -936,6 +1035,31 @@
 }
 
 static int
+send_certkey_test(Authctxt *authctxt, Identity *id)
+{
+	u_char *blob;
+	u_int bloblen, have_sig = 0;
+
+	if (key_to_blob(id->key, &blob, &bloblen) == 0)
+		return 0;
+	/* register callback for USERAUTH_PK_OK message */
+	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
+
+	packet_start(SSH2_MSG_USERAUTH_REQUEST);
+	packet_put_cstring(authctxt->server_user);
+	packet_put_cstring(authctxt->service);
+	packet_put_cstring(authctxt->method->name);
+	packet_put_char(have_sig);
+	if (!(datafellows & SSH_BUG_PKAUTH))
+		packet_put_cstring(key_ssh_name(id->key));
+	packet_put_string(blob, bloblen);
+	xfree(blob);
+	packet_put_string(id->key->cert, strlen(id->key->cert));
+	packet_send();
+	return 1;
+}
+
+static int
 send_pubkey_test(Authctxt *authctxt, Identity *id)
 {
 	u_char *blob;
@@ -1095,6 +1219,42 @@
 			xfree(id->filename);
 		xfree(id);
 	}
+}
+
+int
+userauth_certkey(Authctxt *authctxt)
+{
+	Identity *id;
+	int sent = 0;
+
+	while ((id = TAILQ_FIRST(&authctxt->keys))) {
+		if (id->triedcert++)
+			return (0);
+		/* move key to the end of the queue */
+		TAILQ_REMOVE(&authctxt->keys, id, next);
+		TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
+		/*
+		 * send a test message if we have the public key. for
+		 * encrypted keys we cannot do this and have to load the
+		 * private key instead
+		 */
+		if (id->key && id->key->cert && id->key->type != KEY_RSA1) {
+			debug("Offering public key: %s", id->filename);
+			sent = send_certkey_test(authctxt, id);
+		} else if (id->key == NULL) {
+			debug("Trying private key: %s", id->filename);
+			id->key = load_identity_file(id->filename);
+			if (id->key != NULL && id->key->cert != NULL) {
+				id->isprivate = 1;
+				sent = sign_and_send_certkey(authctxt, id);
+				key_free(id->key);
+				id->key = NULL;
+			}
+		}
+		if (sent)
+			return (sent);
+	}
+	return (0);
 }
 
 int
Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.348
diff -u -r1.348 sshd.c
--- sshd.c	6 Nov 2006 21:25:28 -0000	1.348
+++ sshd.c	15 Nov 2006 14:14:40 -0000
@@ -1999,6 +1999,7 @@
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+	kex->kex[KEX_DH_GEX_CERT] = kexgex_server;
 	kex->server = 1;
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
Index: sshd_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.70
diff -u -r1.70 sshd_config.5
--- sshd_config.5	21 Aug 2006 08:14:01 -0000	1.70
+++ sshd_config.5	15 Nov 2006 14:14:41 -0000
@@ -167,6 +167,15 @@
 authentication is allowed.
 This option is only available for protocol version 2.
 By default, no banner is displayed.
+.It Cm CAKeyFile
+Specifies a file containing a public CA key.
+The default is
+.Pa /etc/ssh/ca.pub .
+.It Cm CertkeyAuthentication
+Specifies whether certified key authentication is allowed.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed.
 All authentication styles from
Index: sshd/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd/Makefile,v
retrieving revision 1.64
diff -u -r1.64 Makefile
--- sshd/Makefile	23 Aug 2004 14:26:39 -0000	1.64
+++ sshd/Makefile	15 Nov 2006 14:14:41 -0000
@@ -14,7 +14,7 @@
 	auth.c auth1.c auth2.c auth-options.c session.c \
 	auth-chall.c auth2-chall.c groupaccess.c \
 	auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
-	auth2-none.c auth2-passwd.c auth2-pubkey.c \
+	auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-certkey.c \
 	monitor_mm.c monitor.c monitor_wrap.c \
 	kexdhs.c kexgexs.c
 
--- /dev/null	Wed Nov 15 15:14:51 2006
+++ auth2-certkey.c	Wed Nov 15 11:07:56 2006
@@ -0,0 +1,196 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "ssh.h"
+#include "ssh2.h"
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "pathnames.h"
+#include "uidswap.h"
+#include "auth-options.h"
+#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "misc.h"
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern u_int session_id2_len;
+
+static int
+userauth_certkey(Authctxt *authctxt)
+{
+	Buffer b;
+	Key *key = NULL;
+	char *pkalg;
+	u_char *pkblob, *sig, *cert;
+	u_int alen, blen, slen, clen;
+	int have_sig, pktype;
+	int authenticated = 0;
+
+	if (!authctxt->valid) {
+		debug2("userauth_certkey: disabled because of invalid user");
+		return 0;
+	}
+	have_sig = packet_get_char();
+	if (datafellows & SSH_BUG_PKAUTH) {
+		debug2("userauth_certkey: SSH_BUG_PKAUTH");
+		/* no explicit pkalg given */
+		pkblob = packet_get_string(&blen);
+		buffer_init(&b);
+		buffer_append(&b, pkblob, blen);
+		/* so we have to extract the pkalg from the pkblob */
+		pkalg = buffer_get_string(&b, &alen);
+		buffer_free(&b);
+	} else {
+		pkalg = packet_get_string(&alen);
+		pkblob = packet_get_string(&blen);
+	}
+	pktype = key_type_from_name(pkalg);
+	if (pktype == KEY_UNSPEC) {
+		/* this is perfectly legal */
+		logit("userauth_certkey: unsupported public key algorithm: %s",
+		    pkalg);
+		goto done;
+	}
+	key = key_from_blob(pkblob, blen);
+	if (key == NULL) {
+		error("userauth_certkey: cannot decode key: %s", pkalg);
+		goto done;
+	}
+	if (key->type != pktype) {
+		error("userauth_certkey: type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
+		goto done;
+	}
+	if (have_sig) {
+		sig = packet_get_string(&slen);
+		cert = packet_get_string(&clen);
+		if (!cert || clen <= 0) {
+			error("userauth_certkey: no cert");
+			goto done;
+		}
+		key->cert = xstrdup(cert);
+		packet_check_eom();
+		buffer_init(&b);
+		if (datafellows & SSH_OLD_SESSIONID) {
+			buffer_append(&b, session_id2, session_id2_len);
+		} else {
+			buffer_put_string(&b, session_id2, session_id2_len);
+		}
+		/* reconstruct packet */
+		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+		buffer_put_cstring(&b, authctxt->user);
+		buffer_put_cstring(&b,
+		    datafellows & SSH_BUG_PKSERVICE ?
+		    "ssh-userauth" :
+		    authctxt->service);
+		if (datafellows & SSH_BUG_PKAUTH) {
+			buffer_put_char(&b, have_sig);
+		} else {
+			buffer_put_cstring(&b, "certkey");
+			buffer_put_char(&b, have_sig);
+			buffer_put_cstring(&b, pkalg);
+		}
+                buffer_put_string(&b, pkblob, blen);
+#ifdef DEBUG_PK
+		buffer_dump(&b);
+#endif
+		/* test for correct signature */
+		authenticated = 0;
+		if (PRIVSEP(user_cert_key_allowed(authctxt->pw, key)) &&
+		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
+		    buffer_len(&b))) == 1)
+			authenticated = 1;
+		buffer_free(&b);
+		xfree(sig);
+	} else {
+		debug("test whether pkalg/pkblob are acceptable");
+		cert = packet_get_string(&clen);
+		if (!cert || clen <= 0) {
+			error("userauth_certkey: no cert");
+			goto done;
+		}
+		key->cert = xstrdup(cert);
+		packet_check_eom();
+
+		if (PRIVSEP(user_cert_key_allowed(authctxt->pw, key))) {
+			packet_start(SSH2_MSG_USERAUTH_PK_OK);
+			packet_put_string(pkalg, alen);
+			packet_put_string(pkblob, blen);
+			packet_send();
+			packet_write_wait();
+			authctxt->postponed = 1;
+		}
+	}
+	if (authenticated != 1)
+		auth_clear_options();
+done:
+	debug2("userauth_certkey: authenticated %d pkalg %s", authenticated, pkalg);
+	if (key != NULL)
+		key_free(key);
+	xfree(pkalg);
+	xfree(pkblob);
+	return authenticated;
+}
+
+/* check whether given key is signed by certificate */
+int
+user_cert_key_allowed(struct passwd *pw, Key *key)
+{
+	int allowed = 0;
+	Key *ca_key;
+
+	temporarily_use_uid(pw);
+	ca_key = key_load_public(options.ca_key_file, NULL);
+	restore_uid();
+	allowed = cert_verify(key->cert, ca_key, key, pw->pw_name);
+	if (ca_key != NULL)
+		key_free(ca_key);
+	return allowed;
+}
+
+Authmethod method_certkey = {
+	"certkey",
+	userauth_certkey,
+	&options.certkey_authentication
+};

From dwmw2 at infradead.org  Thu Nov 16 01:27:51 2006
From: dwmw2 at infradead.org (David Woodhouse)
Date: Wed, 15 Nov 2006 22:27:51 +0800
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <455A571E.6010105@hogyros.de>
References: <4555C24C.7000007@hogyros.de>
	<20061114071345.GA25414@dementia.proulx.com>
	<455A571E.6010105@hogyros.de>
Message-ID: <1163600871.3396.196.camel@shinybook.infradead.org>

On Wed, 2006-11-15 at 00:54 +0100, Simon Richter wrote:
> In the particularly nasty setup I am facing here this is extra 
> difficult, as the same home directory is shared over multiple machines 
> of different architectures (and with different runtime libraries 
> installed), so I'd have to have the tool once for each architecture, and 
> find a way to properly switch on the architecture of the machine I'm 
> connecting to.
> 
> That's why I'd think a client-only solution would be the best solution 
> here. My client can always ask for a port forward, the server doesn't 
> care where it comes from.

That or a perl script to make a TCP connection?

If you also use multiple _clients_ then you still have the problem of
needing it compiled and installed for all machines.

-- 
dwmw2


From andre at freebsd.org  Thu Nov 16 01:52:20 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Wed, 15 Nov 2006 15:52:20 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061115142820.GB14649@insomnia.benzedrine.cx>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
Message-ID: <455B29A4.3000601@freebsd.org>

Daniel Hartmeier wrote:
> This patch against OpenBSD -current adds a simple form of PKI to
> OpenSSH. We'll be using it at work. See README.certkey (the first chunk
> of the patch) for details.
> 
> Everything below is BSD licensed, sponsored by Allamanda Networks AG.

As the one who assigned this work to Daniel Hartmeier I can add the
rationale for this simple and easy PKI functionality in OpenSSH.

Rationale for PKI in OpenSSH:

  Managing a large m:n relationship of users and hosts in OpenSSH is
  tedious and requires the use of scripting and rsync distribution
  methods for known_hosts and authorized_keys with all associated
  failure modes.

  Users tend not to verify server pubkey fingerprints out of band
  upon the first connection attempt which weakens the strong theoretic
  security of SSHs public key system.

  Known_hosts and authorized_keys do not contain any validity or
  expiration information.  Reality shows that a lot of cruft and
  old information tends to remain.  This tends to accidentally
  leave once granted privileges to users or hosts which should no
  longer posses them.  It requires strict discipline to properly
  clean up and stay up to date on n hosts.

What does OpenSSH PKI do:

  It does three things:

  a) It adds a certificate to the public key of a ssh server so the
  ssh client can verify the authenticity of a server pubkey without
  having to rely on other unspecified out of band methods (on first
  connection) or the known_hosts file (on subsequent connections).

  b) It adds a certificate to the public key of a ssh user so the ssh
  server can verify the authenticity of a users pubkey without having
  to have a pre-populated authorized_keys file in each users home
  directory on all machines this user has access to.

  c) It adds a number of optional fields in the certificate which can
  specify additional constrains on the hosts and users.  The constrains
  include lists of IP addresses or networks which limit where the clients
  or server can connect to/from.  This way hosts with a number of interfaces
  can be handled as one entity.  Moving/copying of server pub/privkeys to
  a different IP address is prevented.  Users may be restricted to be
  able to login only from defined list of IP addresses/networks specified
  in the certificate.

What are the advantages:

  Only the CA's public key has to be distributed once to all hosts.
   -> Can be rolled into the host setup procedure/automation.
  The CA has to sign each host or user public key once.
  None of the user or host keys have to be distributed (copied) to
  all other hosts.
   -> Instant acceptance by all hosts with the same CA pubkey.
  The addition of any users or hosts is controlled by the CA.
   -> Single point of entry and control.
  The CA specifies the expiry date of any user and host certificate
  thus a policy can regularly timeout any of them.
   -> Any old cruft and temporary privileges expire by itself w/o
  having to individually check all hosts for them.

Who is it for:

  Centrally managed organizations or collections of hosts which trust
  a single master role (the CA certification authority, a.k.a 'root').
  Many real world deployments do resemble the single trust model of
  a CA.

What are the risks:

  All trust and authentication/authorization is vested in the operator
  of the CA and the strength and secrecy of the CA private key.  If the
  CA operator or the CA private key are compromised all doors are open.
  The CA operator is equal to 'root' which is trusted anyway.  He can do
  everything root can do (that is reading/modifying each users private
  keys and authorized keys files).

  Less severe incidents include lost or compromised user keys.  OpenSSH
  PKI gives two methods to deal with this.  First it allows to specify
  an expiry date for all certificates.  If set sufficiently short all
  certs lose their usefulness quickly.  All users have to be re-certified
  in intervals and the re-certification can be tied to any number of
  administrative criteria.  For immediate reactions any number of public
  key fingerprints can be blacklisted on the ssh server.  This is a simple
  file based certificate revocation.  Online revocation checks could
  optionally be implemented as well.  The operator then has to specify
  whether to fail open or close depending on priorities and risk
  assessments.

Why not implement/use X.509 or OpenPGP PKI methods:

  The goal is to use only basic and non-complex cryptographic methods
  which are widely available and do *not* require the installation of
  additional software libraries (eg. OpenPGP SDK or OpenSSL for OpenBSD)
  and a simple and modular certificate binary format (no ASN.1 or such).
  It should work out of the box on all currently supported OpenSSH
  platforms without any external dependencies.


This OpenSSH PKI system is very simple and easy to use.  All programs
and functions necessary to use it to its full extent are included with
the base OpenSSH distribution.

-- 
Andre

From chort at smtps.net  Thu Nov 16 05:45:49 2006
From: chort at smtps.net (Brian Keefer)
Date: Wed, 15 Nov 2006 10:45:49 -0800
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061115174747.GE26418@bofh.cns.ualberta.ca>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<455B29A4.3000601@freebsd.org>
	<20061115174747.GE26418@bofh.cns.ualberta.ca>
Message-ID: <E0A2D765-DFB2-4EF2-B201-149E578B5A6F@smtps.net>


On Nov 15, 2006, at 9:47 AM, Bob Beck wrote:

> 	In other words, I have to maintain a pre-populated "un-authorized"
> keys file  because in any real deployment you are GOING to have these.
> and quite frequently with any sizable deployment. So I still have
> to maintain a file.
>
> 	"authorized keys" -> anything that is not allowed is denied.
> 	"un-authorized keys" -> anything that is not denied is allowed.
>
> 	NOT being prepared to maintain a file when doing this
> is pretty much akin to "Don't worry, I'll pull out before I cum".  
> Everything's
> great until there a problem and then it's a fuckshow.
>
<snip>
> 	Don't get me wrong, I think this is possibly useful, but I don't
> think it should go in incomplete like this. In my view it is complete
> where when turning it on you specify a set of (possibly other) ssh
> server(s) the server itself will connect to and use as a CRL when
> presented with a key. - i.e. we should make it decently doable and
> document how to use a CRL in this case.
>
<snip>
>
> 	-Bob
>

That sounds very much like OCSP.  The objections to CRL distribution  
style revocation are pretty valid, IMO.

Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"




From andre at freebsd.org  Thu Nov 16 09:32:48 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Wed, 15 Nov 2006 23:32:48 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061115174747.GE26418@bofh.cns.ualberta.ca>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<455B29A4.3000601@freebsd.org>
	<20061115174747.GE26418@bofh.cns.ualberta.ca>
Message-ID: <455B9590.3050104@freebsd.org>

Bob Beck wrote:
> 	Sigh. My objections to this are my objections to PKI implementations
> in general.  In my experience PKI methods are implemented and deployed
> the same way people deploy half done raid drivers - we'll make the
> disk work, but we won't worry about how to monitor and fix it when it
> gets fucked up.  "that'll be implemented later/left as an exercise for
> the deployer to hack up something disgusting"

Well, we post these patches to solicit valuable input and to refine it
based on all the smart brains choosing to care.

In our primary application we exactly want offline mode (the ability to
login even if half or most of the network is down).  We actually are the
network we want to bring up again.  Here we had to make a tradeoff and
traded the ability to revoke a certificate against not being able to
recover the network.  Yeah, this is an easy one to make. ;-)

Nonetheless we want to feed back a useful solution to the community and
I've assigned some more developer time (Daniel Hartmeier) to address your
concerns.

>>  b) It adds a certificate to the public key of a ssh user so the ssh
>>  server can verify the authenticity of a users pubkey without having
>>  to have a pre-populated authorized_keys file in each users home
>>  directory on all machines this user has access to.
>>  keys and authorized keys files).
> 
> 	I maintain it does NOT do this - and here is why :
> 
>>  Less severe incidents include lost or compromised user keys.  OpenSSH
>>  PKI gives two methods to deal with this.  First it allows to specify
>>  an expiry date for all certificates.  If set sufficiently short all
>>  certs lose their usefulness quickly.  All users have to be re-certified
>>  in intervals and the re-certification can be tied to any number of
>>  administrative criteria.  For immediate reactions any number of public
>>  key fingerprints can be blacklisted on the ssh server.  This is a simple
>>  file based certificate revocation.  Online revocation checks could
>>  optionally be implemented as well.  The operator then has to specify
>>  whether to fail open or close depending on priorities and risk
>>  assessments.
> 
> 	In other words, I have to maintain a pre-populated "un-authorized"
> keys file  because in any real deployment you are GOING to have these. 
> and quite frequently with any sizable deployment. So I still have
> to maintain a file. 
> 
> 	"authorized keys" -> anything that is not allowed is denied. 
> 	"un-authorized keys" -> anything that is not denied is allowed.
> 
> 	NOT being prepared to maintain a file when doing this
> is pretty much akin to "Don't worry, I'll pull out before I cum". Everything's
> great until there a problem and then it's a fuckshow.  

Well, step 1 is to have something that is better than reality shows
today while requiring the same effort or dealing with the same laziness.
There are way too many people out there who handle the security OpenSSH
could provide in a very ineffective and dangerous way.  If we can lift
them up to the next practical security level while maintaining the same
ease of use (or inappropriate practices) and laziness I call it a first
success.

Step 2 is to make the theoretical perfect security a reality by maintaining
(almost) the same ease of use and laziness on part of the user.  For the
administrator it must mean only a very slight increase in inconvenience
and effort with the clear payoff of much increased security.

Step 1 we IMHO have mastered.  Lets work on Step 2.  See below.

> 	I.E. this is the same "it's really cool and we almost have it right"
> argument I've seen from everything pushing PKI and x509 goo as
> authentication. An expiry date for all the user certs? gimme a break.
> even setting it to a month (which would be a pita to have users
> constantly re-certed) means someone gets a month to fuck around. Even
> suggesting that certificate expiry times should be used to mitigate
> this is irresponsible. You have to be able to nail something you know
> is compromised quickly. The only thing expiry times to is A) make
> money for commercial CA's, B) make stuff not have to stay forever in
> your CRL if you have one. 

The latter is our main motivator. ;-)

> 	Don't get me wrong, I think this is possibly useful, but I don't
> think it should go in incomplete like this. In my view it is complete
> where when turning it on you specify a set of (possibly other) ssh
> server(s) the server itself will connect to and use as a CRL when
> presented with a key. - i.e. we should make it decently doable and
> document how to use a CRL in this case. I feel quite strongly that
> without tying the last piece together, we're handing people an
> incomplete thing with enough rope to hang themselves - "Here's a nice
> thing for a centralized deployment but oops if a luser loses a key you
> have to run around and do a panty raid to all your servers, because we
> left that as an exercise just like every other fucktard that
> implements this stuff does instead of giving you the tools to do it
> right"
> 
> 	So, My two cents, make it complete first. Making an archetecture
> for ssh that makes it easy to add trust centrally WITHOUT MAKING IT EASY
> TO REMOVE IT is irresponsible.

Ok, I've devised a way to easily configure and run a secure CAL
(Certificate Authorization List) that can just as easily be distributed
to multiple redundant CAL Servers.  We'll implement it tomorrow (after
some internal discussion with claudio&dhartmei) and post it here for
review as an updated OpenSSH PKI patch.

-- 
Andre


From andre at freebsd.org  Thu Nov 16 09:38:58 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Wed, 15 Nov 2006 23:38:58 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <E0A2D765-DFB2-4EF2-B201-149E578B5A6F@smtps.net>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<455B29A4.3000601@freebsd.org>
	<20061115174747.GE26418@bofh.cns.ualberta.ca>
	<E0A2D765-DFB2-4EF2-B201-149E578B5A6F@smtps.net>
Message-ID: <455B9702.7000103@freebsd.org>

Brian Keefer wrote:
> 
> On Nov 15, 2006, at 9:47 AM, Bob Beck wrote:
> 
>>     In other words, I have to maintain a pre-populated "un-authorized"
>> keys file  because in any real deployment you are GOING to have these.
>> and quite frequently with any sizable deployment. So I still have
>> to maintain a file.
>>
>>     "authorized keys" -> anything that is not allowed is denied.
>>     "un-authorized keys" -> anything that is not denied is allowed.
>>
>>     NOT being prepared to maintain a file when doing this
>> is pretty much akin to "Don't worry, I'll pull out before I cum". 
>> Everything's
>> great until there a problem and then it's a fuckshow.
>>
> <snip>
>>     Don't get me wrong, I think this is possibly useful, but I don't
>> think it should go in incomplete like this. In my view it is complete
>> where when turning it on you specify a set of (possibly other) ssh
>> server(s) the server itself will connect to and use as a CRL when
>> presented with a key. - i.e. we should make it decently doable and
>> document how to use a CRL in this case.
>>
> <snip>
>>
>>     -Bob
>>
> 
> That sounds very much like OCSP.  The objections to CRL distribution 
> style revocation are pretty valid, IMO.

Mind you we (OpenSSH) provide tools, not policy.  The tools however
should easily accommodate the largest subset of sound policies.  There
are enough valid cases and policies where a simple blacklist is sufficient.

As per reply to Bob we will provide an automatic system for live CERT
validation too.

-- 
Andre


From wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com  Thu Nov 16 11:53:55 2006
From: wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com (Wolfgang S. Rupprecht)
Date: Wed, 15 Nov 2006 16:53:55 -0800
Subject: OpenSSH Certkey (PKI)
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
Message-ID: <87odr8i53w.fsf@arbol.wsrcc.com>


Daniel Hartmeier <daniel at benzedrine.cx> writes:
> This patch against OpenBSD -current adds a simple form of PKI to
> OpenSSH. We'll be using it at work.

Sounds like something that was needed for a while.

> +A host certificate is a guarantee made by the CA that a host public key is
> +valid. When a host public key carries a valid certificate, the client can
> +use the host public key without asking the user to confirm the fingerprint
> +manually and through out-of-band communication the first time. The CA takes
> +the responsibility of verifying host keys, and users do no longer need to
> +maintain known_hosts files of their own.

This confuses the whole authentication vs. authorization concepts.

authentication - "May I please see your drivers license?"

authorization - "That's a valid license but I don't see your name on
                 the list to go in."

I would hate to have my ssh allow anyone in just because we used the
same CA.  I still see the authorized_keys file as having a very
important role even if the first layer defense is to check if the
certificate is signed by a CA I trust.

> +The CA, specifically the holder of the CA private key (and its password, if it
> +is password encrypted), holds broad control over hosts and user accounts set
> +up in this way. Should the CA private key become compromised, all user
> +accounts become compromised.
> +
> +There is no way to revoke a certificate once it has been published, the
> +certificate is valid until it reaches the expiry date set by the CA.

This fix is in the bag once authorized_keys gets consulted even for
certificates.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/


From pak76_ml at yahoo.co.uk  Thu Nov 16 23:33:09 2006
From: pak76_ml at yahoo.co.uk (Pawel Krupinski)
Date: Thu, 16 Nov 2006 12:33:09 +0000 (GMT)
Subject: ssh-decrypt
Message-ID: <20061116123309.49448.qmail@web23005.mail.ird.yahoo.com>

Hi,
 
One of the problems we are facing is secure storage of
passwords (database, bestcrypt, other
applications/systems, 
) and availability within
users' scripts (perl, python, ...) or applications
(Java, C, 
). I'm sure that there are quite a few
people who are facing the same issue and there are
quite a few home made solutions, such as password
obfuscators and/or solutions based on the access
control lists. 
 
As OpenSSH is currently a standard for us, I have an
idea how to solve this problem without introducing
other products or implementing home made solutions.
Instead I would like to use the ssh agent. 
 
I'm using ssh agent currently just to manage my keys
and practically they are used only to provide me with
SSO to other ssh based systems. Why not use these keys
(or a separate ssh key pair) to protect passwords to
things such as database? 
 
To put it simple the way I see it is as follow. Your
passwords (apart from your main ssh password) will be
stored encrypted using your ssh public key. After
logon, ssh-agent will be started and relevant key(s)
added. When a script will require access to a
password, it will:
1. Retrieve the data from somewhere (outside the
scope);
2. Decrypt using the ssh utlity (ssh-decrypt(?)) -
using ssh-agent or a file.
3. Provide credentials back to script. Or will create
the establised connection to the database. Or

(anyway, I think it is outside the scope ;-)).
 
The bit that cannot be done currently is number 2 -
OpenSSH doesn't provide ssh-decrypt functionality, but
it is relatively easy to change it - I've played with
OpenSSH 4.4/4.4p1 and it took me one evening (sorry -
it was my first approach to OpenSSH as a developer
;-)) and 50 lines of code to implement it (based on
the ssh-add tool using ssh-agent for decryption). In
my solution, ssh-decrypt tool sends encrypted secret
to the ssh-agent, which decrypts it (without sending
any keys to the ssh-decrypt tool) and sends back just
an error information or the plaintext password. 
 
>From the cryptography perspective this approach would
be definitely better than password obfuscation and if
someone wants he may still implement whatever access
control lists he wants, but even root access won't
automatically give you access to users' keys. You need
to:
1. Obtain encrypted key material;
2. Have access to user's ssh private key - so access
to a file + passphrase is required (eventually ability
to talk to the ssh-agent, so root account)
I don't think it would weakened ssh-agent. If I'm
wrong, please let me know.
 
If it is something of interest for you, I can do all
the development and provide you with all the code.
 
Comments and feedback welcome,
 
Cheers,
pak76
 
PS1. Above I'm talking about passwords, but as a
matter of fact it can be anything that can be saved as
a string. Of course RSA puts limits on the data that
can be encrypted, so probably scenario: secrets
encrypted with a symmetric cipher, a symmetric key
encrypted with the public key is more applicable.
Again this is outside the scope - whichever project
will be building SSH-SAFE will have to deal with this.
PS 2. Just to clarify - I suggest the ssh-decrypt
name, as ability to decrypt encrypted data using
private key - either from file or ssh-agent - is
crucial. Encryption can be done without ssh-agent -
public key is not a secret. 
PS3. It is not a problem to setup two pairs of keys -
one for authentication and one for password
encryption/decryption.
PS4. Depending on individual requirements
(authentication/authorization/accountability/scalability/
)
different groups may use ssh-decrypt for different
purpose - password safe is just one of the examples.
It maybe a good idea for a separate project (or even
several projects :-)).


		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

From openssh at lakedaemon.net  Fri Nov 17 02:10:50 2006
From: openssh at lakedaemon.net (Jason)
Date: Thu, 16 Nov 2006 10:10:50 -0500
Subject: ssh-decrypt
In-Reply-To: <20061116123309.49448.qmail@web23005.mail.ird.yahoo.com>
References: <20061116123309.49448.qmail@web23005.mail.ird.yahoo.com>
Message-ID: <455C7F7A.9080908@lakedaemon.net>

Pawel Krupinski wrote:
[snip]
> I'm using ssh agent currently just to manage my keys
> and practically they are used only to provide me with
> SSO to other ssh based systems. Why not use these keys
> (or a separate ssh key pair) to protect passwords to
> things such as database? 

TrueCrypt/dmcrypt volumes?

> To put it simple the way I see it is as follow. Your
> passwords (apart from your main ssh password) will be
> stored encrypted using your ssh public key. After
> logon, ssh-agent will be started and relevant key(s)
> added. When a script will require access to a
> password, it will:
> 1. Retrieve the data from somewhere (outside the
> scope);
> 2. Decrypt using the ssh utlity (ssh-decrypt(?)) -
> using ssh-agent or a file.
> 3. Provide credentials back to script. Or will create
> the establised connection to the database. Or
> ?(anyway, I think it is outside the scope ;-)).
>  
> The bit that cannot be done currently is number 2 -
> OpenSSH doesn't provide ssh-decrypt functionality, but
> it is relatively easy to change it - I've played with
> OpenSSH 4.4/4.4p1 and it took me one evening (sorry -
> it was my first approach to OpenSSH as a developer
> ;-)) and 50 lines of code to implement it (based on
> the ssh-add tool using ssh-agent for decryption). In
> my solution, ssh-decrypt tool sends encrypted secret
> to the ssh-agent, which decrypts it (without sending
> any keys to the ssh-decrypt tool) and sends back just
> an error information or the plaintext password. 
[snip]

> If it is something of interest for you, I can do all
> the development and provide you with all the code.

Could you please email me the diff?

thx,

Jason.

From wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com  Fri Nov 17 03:43:20 2006
From: wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com (Wolfgang S. Rupprecht)
Date: Thu, 16 Nov 2006 08:43:20 -0800
Subject: OpenSSH Certkey (PKI)
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<87odr8i53w.fsf@arbol.wsrcc.com>
	<20061116135627.GA26343@tortuga.leo.org>
Message-ID: <87ac2rjqaf.fsf@arbol.wsrcc.com>


Daniel Lang <dl at leo.org> writes:
> Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?

Oops. I quoted the wrong section.  I had meant to quote the section
about the user_certificates.  This is what I meant to cite:

     +A user certificate is an authorization made by the CA that the
     +holder of a specific private key may login to the server as a
     +specific user, without the need of an authorized_keys file being
     +present. The CA gains the power to grant individual users access
     +to the server, and users do no longer need to maintain
     +authorized_keys files of their own.

I don't see a problem with the host certificates methodology.  (In
fact I'd love to see the known_hosts files fade away as more hosts
transition to using host certificates.)

Thanks,

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/


From andre at freebsd.org  Fri Nov 17 04:55:43 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Thu, 16 Nov 2006 18:55:43 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <87ac2rjqaf.fsf@arbol.wsrcc.com>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>	<87odr8i53w.fsf@arbol.wsrcc.com>	<20061116135627.GA26343@tortuga.leo.org>
	<87ac2rjqaf.fsf@arbol.wsrcc.com>
Message-ID: <455CA61F.4060900@freebsd.org>

Wolfgang S. Rupprecht wrote:
> Daniel Lang <dl at leo.org> writes:
> 
>>Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?
> 
> 
> Oops. I quoted the wrong section.  I had meant to quote the section
> about the user_certificates.  This is what I meant to cite:
> 
>      +A user certificate is an authorization made by the CA that the
>      +holder of a specific private key may login to the server as a
>      +specific user, without the need of an authorized_keys file being
>      +present. The CA gains the power to grant individual users access
>      +to the server, and users do no longer need to maintain
>      +authorized_keys files of their own.
> 
> I don't see a problem with the host certificates methodology.  (In
> fact I'd love to see the known_hosts files fade away as more hosts
> transition to using host certificates.)

Host certificate verification is separate from user authentication/authorization
through certificates.  You you can use one without using and enabling the other.

-- 
Andre


From pak76_ml at yahoo.co.uk  Fri Nov 17 04:27:27 2006
From: pak76_ml at yahoo.co.uk (Pawel Krupinski)
Date: Thu, 16 Nov 2006 17:27:27 +0000 (GMT)
Subject: ssh-decrypt
In-Reply-To: <455C7F7A.9080908@lakedaemon.net>
Message-ID: <20061116172727.50746.qmail@web23011.mail.ird.yahoo.com>

Seems that *.zip files are not accepted...
Let's try again.

Hi Jason,

Here you are. Actually there are two things there: 
1. Three PoC files are:
- ssh-encrypt.c - copy of ssh-add.c with an extra
functionality
- diff.txt - differences in other files
- diffmake.txt - differences in the Makefile

Note: Please remember I wrote it as PoC, so please
don't shout too loud on the quality of my C!!!! Didn't
have time to make it properly. It was a quick check to
prove it can be done ;-)))
Definitely I will have to rewrite it. 

2. file-ssh-encrypt.c & myssh.h are the first draft
version for encrypting secrets using ssh keys.
Currently they are using OpenSSH, but are not
integrated (different error handling etc). I
use it to encrypt secrets using keys from files. 
I'm sending it as is - it is under development as we
speak, but hopefully quality is a bit better ;-)))

Give me a shout what you think, please.

Thanks,
- pak76


--- Jason <openssh at lakedaemon.net> wrote:

> Pawel Krupinski wrote:
> [snip]
> > I'm using ssh agent currently just to manage my
> keys
> > and practically they are used only to provide me
> with
> > SSO to other ssh based systems. Why not use these
> keys
> > (or a separate ssh key pair) to protect passwords
> to
> > things such as database? 
> 
> TrueCrypt/dmcrypt volumes?
> 
> > To put it simple the way I see it is as follow.
> Your
> > passwords (apart from your main ssh password) will
> be
> > stored encrypted using your ssh public key. After
> > logon, ssh-agent will be started and relevant
> key(s)
> > added. When a script will require access to a
> > password, it will:
> > 1. Retrieve the data from somewhere (outside the
> > scope);
> > 2. Decrypt using the ssh utlity (ssh-decrypt(?)) -
> > using ssh-agent or a file.
> > 3. Provide credentials back to script. Or will
> create
> > the establised connection to the database. Or
> > 
(anyway, I think it is outside the scope ;-)).
> >  
> > The bit that cannot be done currently is number 2
> -
> > OpenSSH doesn't provide ssh-decrypt functionality,
> but
> > it is relatively easy to change it - I've played
> with
> > OpenSSH 4.4/4.4p1 and it took me one evening
> (sorry -
> > it was my first approach to OpenSSH as a developer
> > ;-)) and 50 lines of code to implement it (based
> on
> > the ssh-add tool using ssh-agent for decryption).
> In
> > my solution, ssh-decrypt tool sends encrypted
> secret
> > to the ssh-agent, which decrypts it (without
> sending
> > any keys to the ssh-decrypt tool) and sends back
> just
> > an error information or the plaintext password. 
> [snip]
> 
> > If it is something of interest for you, I can do
> all
> > the development and provide you with all the code.
> 
> Could you please email me the diff?
> 
> thx,
> 
> Jason.
> 


Send instant messages to your online friends http://uk.messenger.yahoo.com 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file-ssh-encrypt.c
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/611317af/attachment-0002.c 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: myssh.h
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/611317af/attachment-0001.h 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diffmake.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/611317af/attachment-0002.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ssh-encrypt.c
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/611317af/attachment-0003.c 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff.txt
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/611317af/attachment-0003.txt 

From nbender at gmail.com  Fri Nov 17 07:12:58 2006
From: nbender at gmail.com (Nick Bender)
Date: Thu, 16 Nov 2006 15:12:58 -0500
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061115142820.GB14649@insomnia.benzedrine.cx>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
Message-ID: <bf04f2850611161212t439d5ce4r59a8bb1fa3cf24@mail.gmail.com>

> +SECURITY IMPLICATIONS
> +
> +The CA, specifically the holder of the CA private key (and its password, if it
> +is password encrypted), holds broad control over hosts and user accounts set
> +up in this way. Should the CA private key become compromised, all user
> +accounts become compromised.
> +
> +There is no way to revoke a certificate once it has been published, the
> +certificate is valid until it reaches the expiry date set by the CA.
> +

After spending a good part of a night locking down a network when an
admin "left" this leaves me feeling cold.

I think the addition of CAL gives you at least a prayer of addressing
this in a timely manner. In the event that you need to reauthorize
from the top:

 1. Shutdown your CAL servers.
 2. Generate and distribute new CA cert.
 3. Generate and distribute new host certs.
 4. Startup CAL servers.
 5. Generate and distribute new user certs.

Did I miss anything?

The vulnerability window is now time from compromise to time of shutdown
of CAL servers.

Note that there is one other time where the same procedure is required
but without the time pressure - at CA cert expiry time.

I think the procedure should at least be included in the documentation
if not supported in some way by software...

-N

From andre at freebsd.org  Fri Nov 17 07:58:00 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Thu, 16 Nov 2006 21:58:00 +0100
Subject: OpenSSH Certkey (PKI) adding CAL (online verification)
In-Reply-To: <455CC70D.4010607@pi.net>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<455B29A4.3000601@freebsd.org>
	<20061115174747.GE26418@bofh.cns.ualberta.ca>
	<20061116180141.GH14649@insomnia.benzedrine.cx>
	<455CC70D.4010607@pi.net>
Message-ID: <455CD0D8.6070404@freebsd.org>

chefren wrote:
> On 11/16/06 19:01, Daniel Hartmeier wrote:
>  > On Wed, Nov 15, 2006 at 10:47:47AM -0700, Bob Beck wrote:
>  >
>  >>So, My two cents, make it complete first. Making an archetecture
>  >>for ssh that makes it easy to add trust centrally WITHOUT MAKING IT
>  >>EASY TO REMOVE IT is irresponsible.
>  >
>  > Thank you for the rant ;)
>  >
>  > Here's the result. Adding a simple daemon that the OpenSSH servers
>  > can query (over UDP port 22) to check user keys. See the first patch
>  > chunk for details.
>  >
>  > Is this what you had in mind?
>  >
>  > Daniel
> 
> Gentlemen,
> 
> I fully agree with the concerns of Bob Beck and I'm happy with the 
> attention of Daniel Hartmeier. And while everything is better than SSL...
> 
> The security and thus revocation should always be on, by default.

As soon as you configure the CAL server it is enabled.  If you don't,
well...  UNIX and especially the *BSD's are about tools, not policy.
We provide good tools to implement a wide range of sound policies.
It's up to each admin to weight the tradeoffs and implement what is
actually the most appropriate approach for their situation.

> So it's a certificate system with off-line use of certificates with 
> inherent bad revocation since you cannot revoke a certificate without 
> being on-line with the authorizing server.

If you configure online certificate verification it will fail closed.
So if there is no response, the users will be denied access.

> Or it should be an on-line (might of course be local) system where the 
> authorizing server (and hopefully a well designed backup...) is at least 
> always asked if access is OK at the beginning of a session (hopefully 
> possible to limit with time or amount of traffic or packets or or... 
> (but don't rebuild SSL!)).

Have ever tried to read the patch Daniel posted with the message you
are replying to?  Apparently not so, it would have answered all that.

> Please drop the classic "off-line" PKI scheme and present us an elegant 
> and robust on-line system.

I don't think you are in the position to make any demands here... and
most certainly not ridiculous ones.  If you really want this, then do
it yourself and post the patch.  Sounds fair, doesn't it?

-- 
Andre

From daniel at benzedrine.cx  Fri Nov 17 08:03:56 2006
From: daniel at benzedrine.cx (Daniel Hartmeier)
Date: Thu, 16 Nov 2006 22:03:56 +0100
Subject: OpenSSH Certkey (PKI) adding CAL (online verification)
In-Reply-To: <20061116180141.GH14649@insomnia.benzedrine.cx>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<455B29A4.3000601@freebsd.org>
	<20061115174747.GE26418@bofh.cns.ualberta.ca>
	<20061116180141.GH14649@insomnia.benzedrine.cx>
Message-ID: <20061116210356.GL14649@insomnia.benzedrine.cx>

On Thu, Nov 16, 2006 at 07:01:41PM +0100, Daniel Hartmeier wrote:

> +When Certkey user authentication fails either because no CAL server can be
> +reached or because one CAL server delivers a valid reply marking the user key
> +as invalid, the user key can still be used with other authentication methods
> +(publickey) to gain access (if found in authorized_keys).

Maybe it should be possible to enable CAL even for the traditional
publickey authentication. That would enforce an online check even if
Certkey isn't used. You could then revoke user keys and they wouldn't
work even if they're present in the traditional authorized_keys files.

Of course, if you do that and the CALs go down, the only way to login is
using passwords. You don't expect CALs to disable these, too, I hope ;)

Daniel

From sfrost at snowman.net  Fri Nov 17 08:50:52 2006
From: sfrost at snowman.net (Stephen Frost)
Date: Thu, 16 Nov 2006 16:50:52 -0500
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061115142820.GB14649@insomnia.benzedrine.cx>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
Message-ID: <20061116215052.GI24675@kenobi.snowman.net>

Greetings,

Overall I'd like to see OpenSSH support PKI in addition to the existing
methods.  I'm more keen on it being used for host authentication than
for user certificates, personally.  I did want to comment on this
though:

* Daniel Hartmeier (daniel at benzedrine.cx) wrote:
> +Certkey does not involve online verfication, the CA is not contacted by either
> +client or server. Instead, the CA generates certificates which are (once)
> +distributed to hosts and users. Any subsequent logins take place without the
> +involvment of the CA, based solely on the certificates provided between client
> +and server.

Would you consider adding support for OCSP?  I saw alot of
discussion regarding CRLs (and some of their rather well known
downsides) but only once saw mention of OCSP, and that with no response.
While CRLs are useful in some circumstances I believe OCSP is generally
a better approach.  Ideally, both would be supported.  If I had to pick
one I'd rather see OCSP than CRL support though.

	Thanks,

		Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20061116/ee3257d3/attachment.bin 

From dtucker at zip.com.au  Fri Nov 17 09:27:59 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Fri, 17 Nov 2006 09:27:59 +1100
Subject: ssh-decrypt
In-Reply-To: <20061116123309.49448.qmail@web23005.mail.ird.yahoo.com>
References: <20061116123309.49448.qmail@web23005.mail.ird.yahoo.com>
Message-ID: <455CE5EF.9080407@zip.com.au>

Pawel Krupinski wrote:
> One of the problems we are facing is secure storage of
> passwords (database, bestcrypt, other
> applications/systems, ?) and availability within
[...]
> I'm using ssh agent currently just to manage my keys
> and practically they are used only to provide me with
> SSO to other ssh based systems. Why not use these keys
> (or a separate ssh key pair) to protect passwords to
> things such as database? 

Don't forget that the agent functionality is available on any host that 
you have logged onto with agent forwarding enabled, so anyone 
controlling any one of those hosts can use your agent to decrypt your stuff.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From pak76_ml at yahoo.co.uk  Fri Nov 17 19:55:56 2006
From: pak76_ml at yahoo.co.uk (Pawel Krupinski)
Date: Fri, 17 Nov 2006 08:55:56 +0000 (GMT)
Subject: ssh-decrypt
In-Reply-To: <455CE5EF.9080407@zip.com.au>
Message-ID: <20061117085556.55624.qmail@web23013.mail.ird.yahoo.com>

> Don't forget that the agent functionality is
> available on any host that 
> you have logged onto with agent forwarding enabled,
> so anyone 
> controlling any one of those hosts can use your
> agent to decrypt your stuff.

Thanks for pointing it out. There are several things
that mitigate (to certain extent) this risk:
1. One of the important features of the password safe
(as I call it) I have in mind will be accountability,
so I can say who, when and which secret was accessed.
2. In the enterprise envrionment, we have control over
each and every box where ssh agent will run on (we
don't allow out-going ssh connections).
3. Most of the root operations are done via sudo. In
cases where someone requires root logon, we are
logging all his operations.
4. All above will generate logs. We want to have log
correlation tuned up to pick up activities where an
administrator abused his rights. 

It is not 100% secure, but still better then scrambled
passwords.

Cheers,
- pak76
--- Darren Tucker <dtucker at zip.com.au> wrote:

> Pawel Krupinski wrote:
> > One of the problems we are facing is secure
> storage of
> > passwords (database, bestcrypt, other
> > applications/systems, 
) and availability within
> [...]
> > I'm using ssh agent currently just to manage my
> keys
> > and practically they are used only to provide me
> with
> > SSO to other ssh based systems. Why not use these
> keys
> > (or a separate ssh key pair) to protect passwords
> to
> > things such as database? 
> 
> Don't forget that the agent functionality is
> available on any host that 
> you have logged onto with agent forwarding enabled,
> so anyone 
> controlling any one of those hosts can use your
> agent to decrypt your stuff.
> 
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9
> C982 80C7 8FF4 FA69
>      Good judgement comes with experience.
> Unfortunately, the experience
> usually comes from bad judgement.
> 



		
___________________________________________________________ 
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" ? The Wall Street Journal 
http://uk.docs.yahoo.com/nowyoucan.html

From andre at freebsd.org  Sat Nov 18 00:02:38 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Fri, 17 Nov 2006 14:02:38 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061116204921.GX26418@bofh.cns.ualberta.ca>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>	<bf04f2850611161212t439d5ce4r59a8bb1fa3cf24@mail.gmail.com>
	<20061116204921.GX26418@bofh.cns.ualberta.ca>
Message-ID: <455DB2EE.8010804@freebsd.org>

Bob Beck wrote:
> 
> 	I would think it would be nice if "CAL" had a way of
> saying "these are the ones to be revoked" so no shutdown, just
> propagate the bad one - but I'm talking to daniel offline about it..

That's easy.  echo "ab:cd:ef..." > /etc/ssh/blacklist

Or use a prediodic rsync to do that.  Every pubkey fingerprint listed in it is
denied access.

-- 
Andre

From andre at freebsd.org  Sat Nov 18 00:09:59 2006
From: andre at freebsd.org (Andre Oppermann)
Date: Fri, 17 Nov 2006 14:09:59 +0100
Subject: OpenSSH Certkey (PKI)
In-Reply-To: <20061116215052.GI24675@kenobi.snowman.net>
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<20061116215052.GI24675@kenobi.snowman.net>
Message-ID: <455DB4A7.60200@freebsd.org>

Stephen Frost wrote:
> Greetings,
> 
> Overall I'd like to see OpenSSH support PKI in addition to the existing
> methods.  I'm more keen on it being used for host authentication than
> for user certificates, personally.  I did want to comment on this
> though:

Like I said in another email the PKI support for host authentication is
separate from accepting certificates for user authentication/authorization.

> * Daniel Hartmeier (daniel at benzedrine.cx) wrote:
> 
>>+Certkey does not involve online verfication, the CA is not contacted by either
>>+client or server. Instead, the CA generates certificates which are (once)
>>+distributed to hosts and users. Any subsequent logins take place without the
>>+involvment of the CA, based solely on the certificates provided between client
>>+and server.
> 
> 
> Would you consider adding support for OCSP?  I saw alot of
> discussion regarding CRLs (and some of their rather well known
> downsides) but only once saw mention of OCSP, and that with no response.
> While CRLs are useful in some circumstances I believe OCSP is generally
> a better approach.  Ideally, both would be supported.  If I had to pick
> one I'd rather see OCSP than CRL support though.

Nothing precludes an OCSP implementation and it can be easily inserted should
someone write it.  We don't do it because the goal of our OpenSSH PKI is to be
completely self-contained w/o any external dependencies.  Working right out of
the box with minimal configuration effort.  Only security that is easy to use
will get used in a safe way.

-- 
Andre


From wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com  Sat Nov 18 07:02:37 2006
From: wolfgang+gnus200611 at dailyplanet.dontspam.wsrcc.com (Wolfgang S. Rupprecht)
Date: Fri, 17 Nov 2006 12:02:37 -0800
Subject: OpenSSH Certkey (PKI)
References: <20061115142820.GB14649@insomnia.benzedrine.cx>
	<87odr8i53w.fsf@arbol.wsrcc.com>
	<20061116135627.GA26343@tortuga.leo.org>
	<87ac2rjqaf.fsf@arbol.wsrcc.com>
	<20061117132956.GB26343@tortuga.leo.org>
Message-ID: <87ejs1c04i.fsf@arbol.wsrcc.com>


Daniel Lang <dl at leo.org> writes:
> In fact, it would mean, that you could abandon the authorized_keys
> file, but you would still need an "authorized_users" file, that 
> would need to contain the DN (or a similar identifier) of the user
> that matches the certificate. So not a lot is saved, but things
> may become less transparent....

The advantage of splitting the authorization / authentication is it
opens up the possibility of a single certificate being used to
identify a user over quite a large range of non-cooperating
organizations.  That way a potential user can approach the system
admin with their company-wide (or Internet-wide) certificate and the
system admin can enter that certificate into the a user's list (or
into the user's authorized_keys file etc).

I'd much rather they use the whole certificate as the test instead of
just the DN it contains.  That way, the only aspect of the PKI they
need to trust is that the key is strong enough to resist breaking.
They don't really need to trust that the DN is their true name or that
there won't be a DN name-clash a few months down the road.  They just
need to trust that the PKI works.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/


From Simon.Richter at hogyros.de  Sat Nov 18 10:42:25 2006
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Sat, 18 Nov 2006 00:42:25 +0100
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <1163600871.3396.196.camel@shinybook.infradead.org>
References: <4555C24C.7000007@hogyros.de>	
	<20061114071345.GA25414@dementia.proulx.com>
	<455A571E.6010105@hogyros.de>
	<1163600871.3396.196.camel@shinybook.infradead.org>
Message-ID: <455E48E1.3020205@hogyros.de>

Hello,

David Woodhouse wrote:

>> That's why I'd think a client-only solution would be the best solution 
>> here. My client can always ask for a port forward, the server doesn't 
>> care where it comes from.

> If you also use multiple _clients_ then you still have the problem of
> needing it compiled and installed for all machines.

Sure, but in general I have more control over the client than I have
over the machines in the DMZ at my university. In another setup I'd like
to be able to give people access to machines inside the internal network
without giving them a working shell in the passwd. If I require them to
run a command in order to hop to the next host I need to do that.

My point is that there is an use case for the feature I'm suggesting;
availability of only slightly less annoying ways to implement that does
not invalidate my use case.

I'd even be interested in contributing code, however I'm not sure on how
to do that in this case.

   Simon

From stuge-openssh-unix-dev at cdy.org  Sat Nov 18 16:28:35 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Sat, 18 Nov 2006 06:28:35 +0100
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <455E48E1.3020205@hogyros.de>
References: <4555C24C.7000007@hogyros.de>
	<20061114071345.GA25414@dementia.proulx.com>
	<455A571E.6010105@hogyros.de>
	<1163600871.3396.196.camel@shinybook.infradead.org>
	<455E48E1.3020205@hogyros.de>
Message-ID: <20061118052835.24180.qmail@cdy.org>

On Sat, Nov 18, 2006 at 12:42:25AM +0100, Simon Richter wrote:
> I'd even be interested in contributing code, however I'm not sure
> on how to do that in this case.

I would work with -portable so I could test and then move the code
over to the upstream codebase to make the final patch. I think this
functionality would be easy to move over.


//Peter

From alainfabry at belgacom.net  Sun Nov 19 04:04:14 2006
From: alainfabry at belgacom.net (Alain G. Fabry)
Date: Sat, 18 Nov 2006 18:04:14 +0100
Subject: PEM_read_PrivateKey failed issue
Message-ID: <20061118170414.GA45903@ducati-748.3rdrock.kicks-ass.net>


Hello,

I'm having a problem with my ssh client, on FreeBSD 5.4 and 6.1 the same issue.

OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004

but also same problem with OpenSSH_4.3

When I make a key, everything goes fine. When I try to change the password on the key
it give me the 'PEM_read_PrivateKey failed' problem, this also prevents me from connecting
to another host.

Below small debug of creation of keys + trying to change the password. I'm sure that I type
in the password correct, even though it indicates it is not !!

1. Creation of key (afterward I perform a - chmod 600 test* )

afabry at ducati-748 21:18 % ssh-keygen -t dsa -b 1024
Generating public/private dsa key pair.
Enter file in which to save the key (/home/afabry/.ssh/id_dsa): /home/afabry/.ssh/test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/afabry/.ssh/test.
Your public key has been saved in /home/afabry/.ssh/test.pub.
The key fingerprint is:
1c:45:31:f9:f4:62:ad:d1:66:5d:9c:8a:4c:1b:48:d6 afabry at ducati-748.3rdrock.kicks-ass.net

2. Changing the password

afabry at ducati-748 21:20 % ssh-keygen -v -p -f .ssh/test.pub
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter old passphrase:
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Bad passphrase.


I'm hoping you can help me with this problem. I've already googled like crazy but haven't
+found a
solution anywhere.

Many thanks in advance.

Alain


From matt.anderson at malloc.org  Sun Nov 19 09:06:59 2006
From: matt.anderson at malloc.org (Matt Anderson)
Date: Sat, 18 Nov 2006 17:06:59 -0500
Subject: Problem accessing anoncvs2.at.openbsd.org
Message-ID: <20061118220659.GF90093@eris.discordians.net>

I was following the instructions at http://www.openssh.com/portable.html

export CVSROOT=anoncvs at anoncvs2.at.openbsd.org:/openssh
export CVS_RSH=/usr/bin/ssh
cvs get openssh_cvs

and I got the following error:

cvs server: cannot find module `openssh' - ignored
cvs [checkout aborted]: cannot expand modules


Using the mindrot server worked just fine, but I wanted to report the
problem.

-matt

From stuge-openssh-unix-dev at cdy.org  Sun Nov 19 17:07:31 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Sun, 19 Nov 2006 07:07:31 +0100
Subject: PEM_read_PrivateKey failed issue
In-Reply-To: <20061118170414.GA45903@ducati-748.3rdrock.kicks-ass.net>
References: <20061118170414.GA45903@ducati-748.3rdrock.kicks-ass.net>
Message-ID: <20061119060731.28252.qmail@cdy.org>

On Sat, Nov 18, 2006 at 06:04:14PM +0100, Alain G. Fabry wrote:
> When I try to change the password on the key it give me the
> 'PEM_read_PrivateKey failed' problem, this also prevents me from
> connecting to another host.

[..]

> 2. Changing the password
> 
> afabry at ducati-748 21:20 % ssh-keygen -v -p -f .ssh/test.pub

-f takes the private key file as argument. Drop .pub


> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter old passphrase:
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Bad passphrase.

The error message could be more informative I suppose.

ssh-keygen tries to do what you told it - read a private key from
test.pub, and it reads a key of type <unknown>.

It asks for the passphrase and tries to use the passphrase to decrypt
the private key read from the file, in order to get a key of a known
type.

Since decrypting with the passphrase produced a key of type <unknown>
ssh-keygen assumes that the incorrect passphrase was given.

Needless to say this does not work when the input is not a key of the
correct format. I don't think it is possible to recognize an
encrypted private key, hence ssh-keygen can't tell when it gets the
wrong input. (Or can it?)


//Peter

From asingh61 at csc.com  Tue Nov 21 07:55:19 2006
From: asingh61 at csc.com (Aman D Singh)
Date: Tue, 21 Nov 2006 02:25:19 +0530
Subject: Fw: need help
Message-ID: <OF1094A9ED.84240FE7-ON6525722C.006C8D3F-6525722C.0072EDC6@csc.com>


Hi,

Please find the mail appended below. I need some help on SSH installation.

The machine is running on AIX 4.3.2.0. It is a production machine and has
some known vulnerable issues with current version of SSH installed.

Current SSH version is openSSH_3.7p1

I need to know the highest version of SSH which can be installed on this
machine.

Please be so kind to send me this info.



Regards,

Aman D Singh

System Administrator
IBM P-Series/AIX-OS
Managed Computing Services (GIS)
Computer Sciences Corporation
C-24, Sector - 58, NOIDA
Uttar Pradesh ? 201301

| India : +91-120-258-2323 x2588 | U.S : +1-302-781-1010 x2588 | Denmark :
+45-7010-0024 x2588 | Australia : 1800-137-784 x2588 | Hand phone :
+91-9899-006-626 |

| Electronic Mail : asingh61 at csc.com | Sametime : Aman D Singh/GIS/CSC |
Fax : +91-120-391-3091| On - Call : +91-9999-016-696 |



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


----- Forwarded by Aman D Singh/GIS/CSC on 11/21/2006 01:15 AM -----
                                                                           
             Darren Tucker                                                 
             <dtucker at zip.com.                                             
             au>                                                        To 
                                       Aman D Singh/GIS/CSC at CSC            
             11/20/2006 08:51                                           cc 
             AM                        www at openbsd.org                     
                                                                   Subject 
                                       Re: need help                       
             Please respond to                                             
             dtucker at zip.com.a                                             
                     u                                                     
                                                                           
                                                                           
                                                                           




On Sat, Nov 18, 2006 at 06:49:30AM +0530, Aman D Singh wrote:
> Hi,
>
> Could you please tell me what is the highest SSH version AIX 4.3 and AIX
> 4.2 may run.

For future reference, questions such as this one would be better directed
to the OpenSSH mailing list (openssh-unix-dev at mindrot.org).

OpenSSH 4.5p1 is known to work on at least 4.2.1 and 4.3.3.  It will
probably work on the other versions in the range you specify.

> Could you please be so kind to send me the compatibility chart.

There is no compatibility chart.  As long as folks are willing to do
the work then newer versions will probably continue to function on
older platforms (as long as that work does not adversely impact on
current systems).

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From dtucker at zip.com.au  Tue Nov 21 23:53:29 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Tue, 21 Nov 2006 23:53:29 +1100
Subject: Fw: need help
In-Reply-To: <OF1094A9ED.84240FE7-ON6525722C.006C8D3F-6525722C.0072EDC6@csc.com>
References: <OF1094A9ED.84240FE7-ON6525722C.006C8D3F-6525722C.0072EDC6@csc.com>
Message-ID: <20061121125329.GA27009@gate.dtucker.net>

On Tue, Nov 21, 2006 at 02:25:19AM +0530, Aman D Singh wrote:
> The machine is running on AIX 4.3.2.0. It is a production machine and has
> some known vulnerable issues with current version of SSH installed.
> 
> Current SSH version is openSSH_3.7p1
> 
> I need to know the highest version of SSH which can be installed on this
> machine.

As I said in my original reply: OpenSSH 4.5p1 will probably work but
you'll just have to try it; I don't know of any places still running
4.3.2 (it's years past EOL) and I've not heard of anyone who has tried
it.

Ideally you would build OpenSSH and its prerequisites after verifying
the signatures on the box in question.  Alternatively, you could use
my precompiled .bff packages from here:
http://www.zip.com.au/~dtucker/openssh/

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From apb at cequrux.com  Wed Nov 22 02:54:45 2006
From: apb at cequrux.com (Alan Barrett)
Date: Tue, 21 Nov 2006 17:54:45 +0200
Subject: tunneling through stdin/stdout, source routing
In-Reply-To: <4555C24C.7000007@hogyros.de>
References: <4555C24C.7000007@hogyros.de>
Message-ID: <20061121155445.GE985@apb-laptoy.apb.alt.za>

On Sat, 11 Nov 2006, Simon Richter wrote:
> quite often I find myself using commands like
> 
> $ ssh foo nc bar 12345
  [...]
> I wonder whether it would make sense to have an option in the ssh
> client that told it to connect to the server, then open a tunneled
> connection and connect that to stdin/stdout.

That would be nice.  Syntax wise, I suggest an extension of the "-L"
or "LocalForward" option to let it interpret "-" in the local port number
position as a request to forward stdin/stdout instead of a TCP port.
So this:

    ssh -N -L -:bar:12345 foo

would make an ssh connection to foo, ask foo to forward a channel to
bar:12345, amd connect the local stdin/stdout to the forwarded channel.

I append a proof of concept wrapper script that can be used as

    sshconnect foo bar 12345

to do much the same thing, through a combination of "ssh -N -L
localhost:localport:bar:12345 foo" and "connect localhost localport",
where localport is a dynamically allocated port.  It works without any
support from the server, but requires perl and connect on the client.

> As an extension, there could also be a source routing option in
> the config file that would take care of setting up a chain of ssh
> connections if I need multiple hops.

I'd suggest using "ProxyCommand some_clever_script %h %p".  Let the
clever script have knowledge of which hosts can see which other hosts,
which firewall you are behind today, etc.

--apb (Alan Barrett)

#!/usr/bin/perl -w
#
# sshconnect - connect stdin/stdout to a distant host and port,
#              via ssh port forwarding through a nearby host.
#
# Placed in the public domain by A P Barrett, November 2006.
#
# usage: sshconnect [-sshoptions] [user@]nearby distanthost distantport
#
# usage in .ssh/config file:
#	ProxyCommand sshconnect [-sshoptions] [user@]nearby %h %p
#
# What it does:
#  1.  Find an available local port number;
#  2.  Use ssh to connect to the nearby host, and set up
#      port forwarding from the local port allocated above to the
#      desired distant host and port.
#  3.  Use the "connect" program to connect stdin/stdout to the
#      local port allocated above.  This will cause the local
#      ssh client to ask the nearby ssh server to forward the connection
#      to the distant destination.
#

# returns a local port number that is not currently in use.
# XXX: There is a race between choosing the port here,
# and using the port elsewhere.
sub choose_port
{
    my (@netstat_lines) = `netstat -an -f inet`;
    foreach my $port (2048..3000) {
	if (! grep /\.\Q${port}\E\s/, @netstat_lines) {
	    #print STDERR "Chose port $port\n";
	    return $port;
	}
    }
    return undef;
}

# sleep for a specified (possibly fractional) number of seconds
sub fracsleep
{
    my ($delay) = @_;
    select(undef, undef, undef, $delay);
}

# really kill a process, by sending SIGTERM immediately,
# and SIGKILL after a short delay if the process doesn't exit by itelf.
sub really_kill
{
    my ($pid) = @_;
    kill TERM, $pid;
    foreach my $delay (((0.1) x 5, (0.5) x 4)) {
	return unless kill 0, $pid;
	fracsleep $delay;
    }
    kill KILL, $pid;
}

sub main
{
    my (@ARGV) = @_;
    my $localhost = "127.0.0.1";
    my $localport = choose_port();
    my (@delays) = ((0.2) x 5, (0.5) x 6, (1) x 10, (2) x 60);
    my $connect_command = "connect";
    my $connect_status = undef;
    my $childpid = undef;
    my $sighandler = sub {
		    #print STDERR "CAUGHT SIGNAL\n";
		    really_kill($childpid) if defined $childpid;
		    exit(1);
		};
    local $SIG{INT} = $sighandler;

    die "Can't assign local port\n" unless defined $localport;

    $childpid = fork();

    die "Can't fork\n" unless defined $childpid;

    if ($childpid == 0) {
	# This is the child.
	# Run ssh, asking it to set up port forwarding.

	my ($distant_port) = pop(@ARGV);
	my ($distant_host) = pop(@ARGV);
	my ($user_at_nearby_host) = pop(@ARGV);
	my (@ssh_options) = @ARGV;
	push @ssh_options, (
		# no login or command
		"-N",
		# port forwarding does not play nicely with
		# session multiplexing, so disable session multiplexing.
		"-o", "ControlPath=none",
		"-o", "ControlMaster=no",
		# forward the local port to the distant port
		"-o", "ExitOnForwardFailure=yes",
		"-L", "localhost:${localport}:${distant_host}:${distant_port}",
		);

	exec ("ssh", @ssh_options, $user_at_nearby_host);

	exit(0);

    } else {
	# This is the parent.
	# Connect sdin/stdout to the TCP port that ssh will forward.

	# Wait until netstat shows that $localport is listening,
	# or the child dies.
	$ok = 0;
	foreach my $delay (@delays) {
	    @netstat_lines = `netstat -an -f inet`;
	    $ok = 1 if (grep /\s\Q${localhost}.${localport}\E\s.*LISTEN/,
		    @netstat_lines);

	    if ($ok) {
		#print STDERR "OK\n";
		last;
	    }

	    if (kill(0, $childpid) != 1) {
		#print STDERR "ssh died\n";
		last;
	    }

	    #print STDERR "SLEEP $delay\n";
	    fracsleep $delay;
	}

	if (! $ok) {
	    #print STDERR "Could not forward port\n";
	}
	
	# Connect.  This will run until EOF or network error.
	if ($ok) {
	    #print STDERR "CONNECTING to port $localport\n";
	    $connect_status = system($connect_command, $localhost, $localport);
	    #print STDERR "CONNECT STATUS $connect_status\n";
	}

	# Kill the child and exit.
	#print STDERR "KILL $childpid\n";
	really_kill($childpid);

	if (defined($connect_status)) {
	    exit($connect_status);
	} else {
	    exit(1);
	}
    }
}

main @ARGV;

From pak76_ml at yahoo.co.uk  Wed Nov 22 22:17:47 2006
From: pak76_ml at yahoo.co.uk (Pawel Krupinski)
Date: Wed, 22 Nov 2006 11:17:47 +0000 (GMT)
Subject: ssh-decrypt
In-Reply-To: <455C7F7A.9080908@lakedaemon.net>
Message-ID: <321869.32436.qm@web23013.mail.ird.yahoo.com>

Hi,

Not sure if you had time to go through the code.
Changes I did to OpenSSH are rather limited - OpenSSH
is written in such a way that I didn't have to change
communication channel between applications and
ssh-agent. Implementation of the ssh-decrypt was as
easy as establishing a new message, search the keys
and decrypting using the private key.

As I said it was just a very quick PoC, but if it is
of interest to OpenSSH, I can develop it correctly
over the next few days and have it up and ready on
Monday.

One question regarding the interface. As ssh-agent can
have multiple keys, what would be the best way to
determine which one to use ? Sending the public part?
Currently I'm trying out all keys and it is not the
best possible option...

Thanks,
pak76

--- Jason <openssh at lakedaemon.net> wrote:

> Pawel Krupinski wrote:
> [snip]
> > I'm using ssh agent currently just to manage my
> keys
> > and practically they are used only to provide me
> with
> > SSO to other ssh based systems. Why not use these
> keys
> > (or a separate ssh key pair) to protect passwords
> to
> > things such as database? 
> 
> TrueCrypt/dmcrypt volumes?
> 
> > To put it simple the way I see it is as follow.
> Your
> > passwords (apart from your main ssh password) will
> be
> > stored encrypted using your ssh public key. After
> > logon, ssh-agent will be started and relevant
> key(s)
> > added. When a script will require access to a
> > password, it will:
> > 1. Retrieve the data from somewhere (outside the
> > scope);
> > 2. Decrypt using the ssh utlity (ssh-decrypt(?)) -
> > using ssh-agent or a file.
> > 3. Provide credentials back to script. Or will
> create
> > the establised connection to the database. Or
> > 
(anyway, I think it is outside the scope ;-)).
> >  
> > The bit that cannot be done currently is number 2
> -
> > OpenSSH doesn't provide ssh-decrypt functionality,
> but
> > it is relatively easy to change it - I've played
> with
> > OpenSSH 4.4/4.4p1 and it took me one evening
> (sorry -
> > it was my first approach to OpenSSH as a developer
> > ;-)) and 50 lines of code to implement it (based
> on
> > the ssh-add tool using ssh-agent for decryption).
> In
> > my solution, ssh-decrypt tool sends encrypted
> secret
> > to the ssh-agent, which decrypts it (without
> sending
> > any keys to the ssh-decrypt tool) and sends back
> just
> > an error information or the plaintext password. 
> [snip]
> 
> > If it is something of interest for you, I can do
> all
> > the development and provide you with all the code.
> 
> Could you please email me the diff?
> 
> thx,
> 
> Jason.
> 



		
___________________________________________________________ 
All New Yahoo! Mail ? Tired of Vi at gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html

From rac at tenzing.org  Thu Nov 23 03:44:44 2006
From: rac at tenzing.org (Roger Cornelius)
Date: Wed, 22 Nov 2006 11:44:44 -0500
Subject: sshd startup error on SCO SR6
Message-ID: <20061122164444.GA15218@tenzing.org>

Openssh 4.4p1 and 4.5p1
SCO Openserver 6 w/mp1, mp2

While installing v4.5p1, I noticed this sshd syslog error which began
appearing when I upgraded from v4.3p2 to v4.4p1:

  Sep  1 17:54:41 tenzing sshd[12837]: error: Bind to port 22 on :: failed: \
  Network is unreachable.

sshd -d reports:

  debug1: Bind to port 22 on ::.
  Bind to port 22 on :: failed: Network is unreachable.
  debug1: Bind to port 22 on 0.0.0.0.
  Server listening on 0.0.0.0 port 22.

This comes from server_listen() in sshd.c (introduced in v4.4p1) and is
apparently due to getnameinfo() not returning a valid numeric host
address.

Should I be concerned?  sshd seems to be functioning OK.

FTR, this problem does not occur on SCO Openserver 5.0.7.

Feature request: Could the sshd version number be added to its startup
syslog message?
-- 
Roger Cornelius        rac at tenzing.org

From jeff.sadowski at gmail.com  Thu Nov 23 07:25:53 2006
From: jeff.sadowski at gmail.com (Jeff Sadowski)
Date: Wed, 22 Nov 2006 13:25:53 -0700
Subject: Pawel Krupinski's ssh-decrypt ssh-encrypt proposal
Message-ID: <259313d70611221225y3bf4e868qc81946debc1f78a@mail.gmail.com>

This sounded extremely interesting to me.

one suggestion I would have is to use uuencoding first on encryption
and uudecode on decryption to take care of the problem you mentioned
"Of course RSA puts limits on the data that
can be encrypted" that should take care of that.

I was looking for a way of using ssh-agent to be used to allow certain
applications to get passwords.
Example:
I use wpa_supplicant to connect to my wireless network. I would like a
way of not leaving the password in the file unencrypted. If there was
a way to have it ask ssh-agent for the private key to unencrypt the
password to send it then I could have just the password for my private
key to type in.

From philip at yarra.no-ip.org  Thu Nov 23 09:47:52 2006
From: philip at yarra.no-ip.org (philip at yarra.no-ip.org)
Date: Thu, 23 Nov 2006 09:47:52 +1100
Subject: sshd startup error on SCO SR6
In-Reply-To: <20061122164444.GA15218@tenzing.org>
References: <20061122164444.GA15218@tenzing.org>
Message-ID: <4564d398.MdW8y5QFj+XndFC8%philip@yarra.no-ip.org>

Roger Cornelius <rac at tenzing.org> wrote:

> Openssh 4.4p1 and 4.5p1
> SCO Openserver 6 w/mp1, mp2
>
> While installing v4.5p1, I noticed this sshd syslog error which began
> appearing when I upgraded from v4.3p2 to v4.4p1:
>
>   Sep  1 17:54:41 tenzing sshd[12837]: error: Bind to port 22 on :: failed: \
>   Network is unreachable.
>
> sshd -d reports:
>
>   debug1: Bind to port 22 on ::.
>   Bind to port 22 on :: failed: Network is unreachable.
>   debug1: Bind to port 22 on 0.0.0.0.
>   Server listening on 0.0.0.0 port 22.
>
> This comes from server_listen() in sshd.c (introduced in v4.4p1) and is
> apparently due to getnameinfo() not returning a valid numeric host
> address.
>
> Should I be concerned?  sshd seems to be functioning OK.
>
> FTR, this problem does not occur on SCO Openserver 5.0.7.
>
> Feature request: Could the sshd version number be added to its startup
> syslog message?
> -- 
> Roger Cornelius        rac at tenzing.org
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Roger, that looks like you're getting errors trying to bind to all IPv6 addresses (::) and none when you try to bind to 
all IPv4 addresses(0.0.0.0). Perhaps you don't have any IPv6 addresses configured? I'm pretty sure that the defaults
these days are to try to bind to IPv6 addresses. Try adding "ListenAddress 0.0.0.0" to sshd_config and start sshd again.

Regards, Philip.


From dtucker at zip.com.au  Thu Nov 23 09:57:31 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Thu, 23 Nov 2006 09:57:31 +1100
Subject: sshd startup error on SCO SR6
In-Reply-To: <4564d398.MdW8y5QFj+XndFC8%philip@yarra.no-ip.org>
References: <20061122164444.GA15218@tenzing.org>
	<4564d398.MdW8y5QFj+XndFC8%philip@yarra.no-ip.org>
Message-ID: <4564D5DB.1090903@zip.com.au>

philip at yarra.no-ip.org wrote:
> Roger Cornelius <rac at tenzing.org> wrote:
[...]
>>   debug1: Bind to port 22 on ::.
>>   Bind to port 22 on :: failed: Network is unreachable.
>>   debug1: Bind to port 22 on 0.0.0.0.
>>   Server listening on 0.0.0.0 port 22.
[...]
> Perhaps you don't have any IPv6 addresses
> configured? I'm pretty sure that the defaults these days are to try
> to bind to IPv6 addresses. Try adding "ListenAddress 0.0.0.0" to
> sshd_config and start sshd again.

You can also tell sshd to ignore IPv6 addresses ("AddressFamily inet" in 
sshd_config or start ssh with the "-4" command line option).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From stuge-openssh-unix-dev at cdy.org  Thu Nov 23 10:32:30 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Thu, 23 Nov 2006 00:32:30 +0100
Subject: Pawel Krupinski's ssh-decrypt ssh-encrypt proposal
In-Reply-To: <259313d70611221225y3bf4e868qc81946debc1f78a@mail.gmail.com>
References: <259313d70611221225y3bf4e868qc81946debc1f78a@mail.gmail.com>
Message-ID: <20061122233230.30737.qmail@cdy.org>

On Wed, Nov 22, 2006 at 01:25:53PM -0700, Jeff Sadowski wrote:
> This sounded extremely interesting to me.

http://www.gentoo.org/proj/en/keychain/ may also be interesting.

As for ssh-agent, I'm not sure I want it to do any tricks. I trust it
with my keys so I want it to be REALLY simple.


//Peter

From rac at tenzing.org  Thu Nov 23 13:46:09 2006
From: rac at tenzing.org (Roger Cornelius)
Date: Wed, 22 Nov 2006 21:46:09 -0500
Subject: sshd startup error on SCO SR6
In-Reply-To: <4564D5DB.1090903@zip.com.au>
References: <20061122164444.GA15218@tenzing.org>
	<4564d398.MdW8y5QFj+XndFC8%philip@yarra.no-ip.org>
	<4564D5DB.1090903@zip.com.au>
Message-ID: <20061123024609.GA6958@tenzing.org>

On 11/23/2006 09:57, Darren Tucker wrote:
> philip at yarra.no-ip.org wrote:
> > Roger Cornelius <rac at tenzing.org> wrote:
> [...]
> >>   debug1: Bind to port 22 on ::.
> >>   Bind to port 22 on :: failed: Network is unreachable.
> >>   debug1: Bind to port 22 on 0.0.0.0.
> >>   Server listening on 0.0.0.0 port 22.
> [...]
> > Perhaps you don't have any IPv6 addresses
> > configured? I'm pretty sure that the defaults these days are to try
> > to bind to IPv6 addresses. Try adding "ListenAddress 0.0.0.0" to
> > sshd_config and start sshd again.
> 
> You can also tell sshd to ignore IPv6 addresses ("AddressFamily inet" in 
> sshd_config or start ssh with the "-4" command line option).

Thanks to you both.  This was indeed the problem.

I guess IPv6 is not supported on Openserver 5 which would explain why 
I don't see the message there.  Is that correct?
-- 
Roger Cornelius        rac at tenzing.org

From pak76_ml at yahoo.co.uk  Thu Nov 23 20:14:01 2006
From: pak76_ml at yahoo.co.uk (Pawel Krupinski)
Date: Thu, 23 Nov 2006 09:14:01 +0000 (GMT)
Subject: Pawel Krupinski's ssh-decrypt ssh-encrypt proposal
Message-ID: <241414.33126.qm@web23002.mail.ird.yahoo.com>

Hi Peter,

> http://www.gentoo.org/proj/en/keychain/ may also be
interesting.

It is interesting and actually it is something I have
in my mind as a backup solution... 

In my case: we are using OpenSSH, so we have
infrastructure to support OpenSSH based solution. With
gpg we would have to create a new infrastrcuture from
scratch and the purpose of this infrastructure would
be exactly the same - cryptographic solution capable
to perform private/public key operations; therefore we
think it is just better for us to stick to OpenSSH -
we like to keep things simple.

If I fail to convince you, we either:
1. Support this solution internally (hopefully you are
not changing ssh-agent interface too often ;-)));
2. We will look into alternative solutions, such as
gpg based.

One question regarding keychain. Quoting the keychain
page: "It acts as a front-end to ssh-agent". Do you
guys work with them to make sure that patches/changes
to the API don't affect their solution? This is the
only thing that puts us off from the internal support,
so wondering how others handling it. 

> As for ssh-agent, I'm not sure I want it to do any 
> tricks. I trust it
> with my keys so I want it to be REALLY simple.

Well, not sure if I called it a trick - "give
passphrase once, use private key multiple times" is
what ssh-agent is for ;-)))
Currently there is another tool ssh-sign and using the
configuration file you can turn it on and off. The
same can be applied to ssh-{en|de}crypt.
If this change would require changes to API etc, I
wouldn't have put forward this solution, but as these
changes seems pretty easy, I think it is worth it.

Cheers,
- pak76



It seems there were some maintenance things going on
yesterday with the server, so I will repost my
yesterday's e-mail:

Hi,

Not sure if you had time to go through the code.
Changes I did to OpenSSH are rather limited - OpenSSH
is written in such a way that I didn't have to change
communication channel between applications and
ssh-agent. Implementation of the ssh-decrypt was as
easy as establishing a new message, search the keys
and decrypting using the private key.

As I said it was just a very quick PoC, but if it is
of interest to OpenSSH, I can develop it correctly
over the next few days and have it up and ready on
Monday.

One question regarding the interface. As ssh-agent can
have multiple keys, what would be the best way to
determine which one to use ? Sending the public part?
Currently I'm trying out all keys and it is not the
best possible option...

Thanks,
pak76


Send instant messages to your online friends http://uk.messenger.yahoo.com 

From philip at yarra.no-ip.org  Thu Nov 23 22:23:57 2006
From: philip at yarra.no-ip.org (Philip Yarra)
Date: Thu, 23 Nov 2006 22:23:57 +1100
Subject: sshd startup error on SCO SR6
In-Reply-To: <20061123024609.GA6958@tenzing.org>
References: <20061122164444.GA15218@tenzing.org> <4564D5DB.1090903@zip.com.au>
	<20061123024609.GA6958@tenzing.org>
Message-ID: <200611232223.58112.philip@yarra.no-ip.org>

On Thu, 23 Nov 2006 01:46 pm, Roger Cornelius wrote:
> Thanks to you both.  This was indeed the problem.

Happy to help. 

> I guess IPv6 is not supported on Openserver 5 which would explain why
> I don't see the message there.  Is that correct?

Hmmm... sorry, my last dealings with a SCO OS were UnixWare, and that was 
years back, so I really couldn't say. What does ifconfig (or is it ifconfig 
-a) show you in the way of configured interfaces?

I've seen the same error message on a Linux box recently - though it has IPv6 
support (i.e. in libraries and so on) there were no IPv6 interfaces 
configured, so trying to bind to :: failed.

Regards, Philip.

From LEEJHK at stgeorge.com.au  Fri Nov 24 17:39:53 2006
From: LEEJHK at stgeorge.com.au (Jeffrey Lee)
Date: Fri, 24 Nov 2006 17:39:53 +1100
Subject: ssh bug on Reflection X.
Message-ID: <45672E6E.B1D7.0042.0@stgeorge.com.au>

Dear admin,
 
I am working in St George Bank, Australia. I have installed Openssh
4.0p1 and 4.5p1 on our Sun Solaris 8 unix servers. We experience some
bug when we launch a window on PC using ReflectionX by method Openssh to
any of our Solaris 8 servers, there is no update login and logout
information about users on /var/adm/wtmpx. Simply said when we using
Reflection X to login a Solaris 8 server via Openssh. We did command
"last" on the Solaris 8 server, we couldn't find any update records in
the /var/adm/wtmpx file but it would be updated if we logged in using
Rlogin or other method. Do you think it is a bug or do you have any
resolution?
 
 
Regards.
 
Jeffrey Lee
 
St George Bank, Australia.

**********************************************************************
*****   IMPORTANT INFORMATION    *****
This document should be read only by those persons to whom it is 
addressed and its content is not intended for use by any other 
persons.  If you have received this message in error, please notify 
us immediately.  Please also destroy and delete the message from 
your computer.  Any unauthorised form of reproduction of this message 
is strictly prohibited.

St George Bank Limited AFSL 240997, Advance Asset Management Limited 
AFSL 240902,  St George Life Limited AFSL 240900, ASGARD Capital Management Limited 
AFSL 240695 and Securitor Financial Group Limited AFSL 240687 is not liable for 
the proper and complete transmission of the information contained in 
this communication, nor for any delay in its receipt.
**********************************************************************


From jochen.kirn at gmail.com  Sat Nov 25 02:53:34 2006
From: jochen.kirn at gmail.com (Jochen Kirn)
Date: Fri, 24 Nov 2006 16:53:34 +0100
Subject: fail to exit shell after issuing 'ssh -f .... targethost.foo.bar
	sleep 500000'
Message-ID: <4bd05a460611240753t19f4564q30dfeff38d482e1@mail.gmail.com>

Hi,

Software in use:
OpenSSH-Version: 4.5p1
OpenSSL-Version: 0.98d
zlib-Version: 1.2.3
OS-Platform: AIX 5.3 ML4


Problem:

when issuing following command on an AIX host:
$ ssh -2 -n -f -x -L6666:localhost:6666 -o BatchMode=yes targethost sleep
500000
$ exit

the shell is waiting for the finish of issued command (sleep).

The expected behaviour of above command should be, that the shell would
close immediately
and the issued command (... sleep) still would run as a backgroud process.

On Solaris (tested on 5.9, 5.10) and Linux (SuSE SLES 9) above commands
perform as
expected

When looking at the config.log i can see that configure cannot find a
platform daemon function on AIX and thus uses the openbsd-compat version of
the daemon function.

Anyone an idea how to fix this ?


thanks

From rajashri_bhor at yahoo.com  Sat Nov 25 16:02:12 2006
From: rajashri_bhor at yahoo.com (rajashri bhor)
Date: Fri, 24 Nov 2006 21:02:12 -0800 (PST)
Subject: Openssh in multithreading environment.
Message-ID: <20061125050212.10084.qmail@web32514.mail.mud.yahoo.com>


 hi, 



i have queries regarding openssh. 



1. Openssh code is not multithread safe. 

scenario : 

       - using solaris 8 for compilation & running application. 

       - at many places fork & exec* functions are used along with other non multithread safe functions. 

       - I have created a shared library of openssh & using it in other process 

       - when i want to sftp something separate ssh process is created. 

       - i have replaced some of the non multithread safe functions by MT safe functions. 



questions : 

       - How to avoid use of Fork() & execvp or exec* functions from openssh code ? 

       - Or anybody has done the some thing to avoid use non Multithread safe functions? 



Thanks, 

Rbhor. 







 
____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited

From stuge-openssh-unix-dev at cdy.org  Sun Nov 26 14:52:06 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Sun, 26 Nov 2006 04:52:06 +0100
Subject: Pawel Krupinski's ssh-decrypt ssh-encrypt proposal
In-Reply-To: <241414.33126.qm@web23002.mail.ird.yahoo.com>
References: <241414.33126.qm@web23002.mail.ird.yahoo.com>
Message-ID: <20061126035206.731.qmail@cdy.org>

On Thu, Nov 23, 2006 at 09:14:01AM +0000, Pawel Krupinski wrote:
> > http://www.gentoo.org/proj/en/keychain/ may also be
> interesting.
> 
> It is interesting and actually it is something I have
> in my mind as a backup solution... 
> 
> In my case: we are using OpenSSH, so we have
> infrastructure to support OpenSSH based solution. With
> gpg

Keychain linked to above is not for use with GnuPG.


> If I fail to convince you, we either:
> 1. Support this solution internally (hopefully you are
> not changing ssh-agent interface too often ;-)));

I'm not sure if it has ever changed, except when support for
SSH2 was added. It is quite stable.


> One question regarding keychain. Quoting the keychain
> page: "It acts as a front-end to ssh-agent". Do you
> guys work with them to make sure that patches/changes
> to the API don't affect their solution? This is the
> only thing that puts us off from the internal support,
> so wondering how others handling it. 

Not at all.


> > As for ssh-agent, I'm not sure I want it to do any 
> > tricks. I trust it
> > with my keys so I want it to be REALLY simple.
> 
> Well, not sure if I called it a trick -

What I mean by that is that I personally don't want ssh-agent to do
anything but the least neccessary for forwarded ssh authentication
needs, ie. sign a challenge with my key. I see the agent as a
critical component. Adding code to it must be done with caution, for
a good reason.


> "give passphrase once, use private key multiple times" is
> what ssh-agent is for ;-)))

Not really that generically, no. It's only for using the private key
to authenticate a user through a forwarded channel.

This is my point: The private key is used to authenticate the user
(perform a signature) but I would like to stay there and not allow
any other use of the key. Even if it theoretically boils down to the
same mathematical operation for RSA it's a different code path so a
little different in practise, and maybe a lot different for other
algorithms, subjecting my keys to even greater risk.


> Currently there is another tool ssh-sign

I couldn't find it, but since signing is what the agent does I assume
ssh-sign works without modifications in the agent.


> and using the configuration file you can turn it on and off.
> The same can be applied to ssh-{en|de}crypt.

You could probably sell me a compile-time option. But I'm not sure
what opinion the OpenSSH developers have on this. There are a lot of
options already.


> If this change would require changes to API etc, I
> wouldn't have put forward this solution,

It does. But don't let that stop you! If you like it, maybe someone
else will too. I am by no means a single OpenSSH authority, only when
it comes to what I want running on my systems. :)


> but as these changes seems pretty easy, I think it is worth it.

To be honest I think no change (as in broader API, added
functionality) to ssh-agent is worth this increase in risk.


> It seems there were some maintenance things going on
> yesterday with the server, so I will repost my
> yesterday's e-mail:

I got it, but maybe it was delayed.


> As I said it was just a very quick PoC, but if it is
> of interest to OpenSSH, I can develop it correctly
> over the next few days and have it up and ready on
> Monday.

I would interpret the limited response to mean that there
isn't great interest.


> One question regarding the interface. As ssh-agent can
> have multiple keys, what would be the best way to
> determine which one to use ? Sending the public part?
> Currently I'm trying out all keys and it is not the
> best possible option...

The user should probably select which key to use. You could use
SSH2_AGENTC_REQUEST_IDENTITIES to get a list from the agent. See
what ssh-add -l does. Beware of inconsistencies between selection
time and decryption time if you intend to use an index for selection.

Anyway, nothing is of course stopping you from maintaining this
functionality separately. I would be very surprised if you had to
update the authfd.[ch]/ssh-agent.c patch even once a year.

Oh, and for future reference, please always send unified diffs with a
few context lines. diff -u produces this output, it is much more
readable to most, plus the context is good to not make a complete
mess if the file to be patched has changed since the patch was
produced. Thanks!


//Peter

From dtucker at zip.com.au  Mon Nov 27 12:06:54 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Mon, 27 Nov 2006 12:06:54 +1100
Subject: sshd_config question.
In-Reply-To: <20061109164118.12215.qmail@cdy.org>
References: <20061109001233.B82908@pemaquid.safeport.com>
	<20061109164118.12215.qmail@cdy.org>
Message-ID: <456A3A2E.9010204@zip.com.au>

Peter Stuge wrote:
> On Thu, Nov 09, 2006 at 12:22:33AM -0500, doug at safeport.com wrote:
>> I want to allow a single host root access via ssh. If the order of
>> processing DenyUsers, AllowUsers were reversed this cold be done in
>> a straight forward manner.
>>
>> My question, is would adding an Apache-like derective Order
>> Deny,Allow violate any standards or be a security problem?
> 
> Couldn't you use the Match keyword (new in 4.4 IIRC) to do this in an
> even more straight forward manner? :)

You can't (yet), because PermitRootLogin isn't supported by Match (yet).

Anyway, Match is an attempt to solve "how do I make sshd do X on a per-Y 
basis?" for most values of X and Y) and the order is significant (unlike 
AllowUsers and friends, where the order is hardcoded).  So once it's 
supported this would simply be:

PermitRootLogin no
Match Host rootallowed.example.com
	PermitRootLogin yes

Now if only the slacker responsible would finish the job (oh, wait, 
that's me :-).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From dtucker at zip.com.au  Mon Nov 27 15:01:12 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Mon, 27 Nov 2006 15:01:12 +1100
Subject: openssh with radius server unreachable
In-Reply-To: <45532D6A.9050303@alcatel.fr>
References: <45532D6A.9050303@alcatel.fr>
Message-ID: <456A6308.4050901@zip.com.au>

Pascal Henri wrote:
> I think to have find a small pb with openssh when a Radius server is 
> unreachable.
> I use radius authentication with pam my system-auth is the following
[...]
> when radius server is unreachable, we display contents of file 
> radiusfailure "RADIUS servers are unreachable, need local password.".
> with telnet this contents is display on client between each 
> authentication try but not when i use ssh client.

Which version of OpenSSH are you using?  There were some changes a while 
back (maybe 4.2p1 or so) whereby the messages returned by PAM were sent 
to the client as SSH2 banner packets, which should include situations 
such as this.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From dtucker at zip.com.au  Mon Nov 27 15:15:41 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Mon, 27 Nov 2006 15:15:41 +1100
Subject: fail to exit shell after issuing 'ssh -f .... targethost.foo.bar
	sleep 500000'
In-Reply-To: <4bd05a460611240753t19f4564q30dfeff38d482e1@mail.gmail.com>
References: <4bd05a460611240753t19f4564q30dfeff38d482e1@mail.gmail.com>
Message-ID: <456A666D.3090309@zip.com.au>

Jochen Kirn wrote:
> when issuing following command on an AIX host:
> $ ssh -2 -n -f -x -L6666:localhost:6666 -o BatchMode=yes targethost sleep
> 500000
> $ exit
> 
[...]

I suspect this is an instance of this bug:
http://bugzilla.mindrot.org/show_bug.cgi?id=52

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From pascal.henri at alcatel.fr  Mon Nov 27 21:12:02 2006
From: pascal.henri at alcatel.fr (Pascal Henri)
Date: Mon, 27 Nov 2006 11:12:02 +0100
Subject: openssh with radius server unreachable
In-Reply-To: <456A6308.4050901@zip.com.au>
References: <45532D6A.9050303@alcatel.fr> <456A6308.4050901@zip.com.au>
Message-ID: <456AB9F2.3030506@alcatel.fr>

Darren Tucker wrote:
> Pascal Henri wrote:
> 
>> I think to have find a small pb with openssh when a Radius server is 
>> unreachable.
>> I use radius authentication with pam my system-auth is the following
> 
> [...]
> 
>> when radius server is unreachable, we display contents of file 
>> radiusfailure "RADIUS servers are unreachable, need local password.".
>> with telnet this contents is display on client between each 
>> authentication try but not when i use ssh client.
> 
> 
> Which version of OpenSSH are you using?  There were some changes a while 
> back (maybe 4.2p1 or so) whereby the messages returned by PAM were sent 
> to the client as SSH2 banner packets, which should include situations 
> such as this.
> 

I use openssh in 3.9p2 currently. So if i use a 4.4 with ssh2 protocol, 
will it run ?

-- 

-------------------------
Pascal h.
Bureau C2080, colombes


-------------------------

From dtucker at zip.com.au  Mon Nov 27 21:27:01 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Mon, 27 Nov 2006 21:27:01 +1100
Subject: openssh with radius server unreachable
In-Reply-To: <456AB9F2.3030506@alcatel.fr>
References: <45532D6A.9050303@alcatel.fr> <456A6308.4050901@zip.com.au>
	<456AB9F2.3030506@alcatel.fr>
Message-ID: <456ABD75.1040408@zip.com.au>

Pascal Henri wrote:
> Darren Tucker wrote:
>> Pascal Henri wrote:
[...]
>>> when radius server is unreachable, we display contents of file 
>>> radiusfailure "RADIUS servers are unreachable, need local password.".
>>> with telnet this contents is display on client between each 
>>> authentication try but not when i use ssh client.
>>
>> Which version of OpenSSH are you using?  There were some changes a while 
>> back (maybe 4.2p1 or so) whereby the messages returned by PAM were sent 
>> to the client as SSH2 banner packets, which should include situations 
>> such as this.
>>
> 
> I use openssh in 3.9p2 currently. So if i use a 4.4 with ssh2 protocol, 
> will it run ?

It depends on exactly what the PAM module does but, yes, it will 
probably give you the messages you want when using SSH protocol 2 
connections (which is the default for most implementations these days).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From jochen.kirn at gmail.com  Mon Nov 27 21:45:09 2006
From: jochen.kirn at gmail.com (Jochen Kirn)
Date: Mon, 27 Nov 2006 11:45:09 +0100
Subject: fail to exit shell after issuing 'ssh -f .... targethost.foo.bar
	sleep 500000' [SOLVED]
Message-ID: <4bd05a460611270245p3c41d3fds810fc0b3878869c3@mail.gmail.com>

**Hi Darren,

thanks for the information.
I've applied the mentioned patch for openssh 4.5p1

the patch itself contains a minor typo (closing bracket) for line 1455 (I've
attached a corrected version of
your patch to bug http://bugzilla.mindrot.org/show_bug.cgi?id=52).

The patch itself resolves the issue of hang-on-exit on AIX when executing a
'ssh -f ...'

thanks for your great help :-)

--
Jochen

2006/11/27, Darren Tucker <dtucker at zip.com.au>:
>
> Jochen Kirn wrote:
> > when issuing following command on an AIX host:
> > $ ssh -2 -n -f -x -L6666:localhost:6666 -o BatchMode=yes targethost
> sleep
> > 500000
> > $ exit
> >
> [...]
>
> I suspect this is an instance of this bug:
> http://bugzilla.mindrot.org/show_bug.cgi?id=52
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>

From jerome.michot at jrc.nl  Wed Nov 29 01:19:06 2006
From: jerome.michot at jrc.nl (jerome michot)
Date: Tue, 28 Nov 2006 15:19:06 +0100
Subject: memory leak problem using openssh 3.4p1-263 ons Suse (SLES 8)
Message-ID: <00c501c712f8$2a6bdd90$38cabf8b@d01rp0500245>

Hello,

 

Whenever copying files using ssh (scp) from SLES 8 (openssh 3.4p1-263) to another box (e.g SLES 8, Solaris 8, Windows XP), the memory of the initial SLES 8 box gets depleted. To make sure this is true I use the free command whilst copying and see that the used memory reaches 90 / 100%. After the copying is finished this memory is never released. No memory tool can tell me what happened to it? Does anyone have an idea?

 

Kind regards, / Met vriendelijke groet,

 

????????????????????????????????

J?r?me Michot

JRC - European Commission

P.O. Box 2

1755 ZG Petten, The Netherlands

E-Mail: jerome.michot at jrc.nl

Tel: +31 224 565471

Fax: +31 224 565632

WWW: http://www.jrc.cec.eu.int <http://www.jrc.cec.eu.int/> 

????????????????????????????????

 


From dtucker at zip.com.au  Wed Nov 29 19:56:40 2006
From: dtucker at zip.com.au (Darren Tucker)
Date: Wed, 29 Nov 2006 19:56:40 +1100
Subject: memory leak problem using openssh 3.4p1-263 ons Suse (SLES 8)
In-Reply-To: <00c501c712f8$2a6bdd90$38cabf8b@d01rp0500245>
References: <00c501c712f8$2a6bdd90$38cabf8b@d01rp0500245>
Message-ID: <456D4B48.6010405@zip.com.au>

jerome michot wrote:
> Whenever copying files using ssh (scp) from SLES 8 (openssh
> 3.4p1-263) to another box (e.g SLES 8, Solaris 8, Windows XP), the
> memory of the initial SLES 8 box gets depleted. To make sure this is
> true I use the free command whilst copying and see that the used
> memory reaches 90 / 100%. After the copying is finished this memory
> is never released. No memory tool can tell me what happened to it?
> Does anyone have an idea?

Sounds like the memory just ends up in the buffer cache.  Does your free 
command have "buffers" and "cached" columns?  If so, what do they show 
before and afterward?

If the scp and ssh processes are gone (and it sound like they are) then 
there's nothing ssh or scp can do to leak memory (short of operating 
system bugs, but we can't help you with those).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

From stuge-openssh-unix-dev at cdy.org  Wed Nov 29 20:17:28 2006
From: stuge-openssh-unix-dev at cdy.org (Peter Stuge)
Date: Wed, 29 Nov 2006 10:17:28 +0100
Subject: memory leak problem using openssh 3.4p1-263 ons Suse (SLES 8)
In-Reply-To: <00c501c712f8$2a6bdd90$38cabf8b@d01rp0500245>
References: <00c501c712f8$2a6bdd90$38cabf8b@d01rp0500245>
Message-ID: <20061129091728.32607.qmail@cdy.org>

Hi Jerome,

On Tue, Nov 28, 2006 at 03:19:06PM +0100, jerome michot wrote:
> Whenever copying files using ssh (scp) from SLES 8 (openssh
> 3.4p1-263) to another box (e.g SLES 8, Solaris 8, Windows XP), the
> memory of the initial SLES 8 box gets depleted. To make sure this
> is true I use the free command whilst copying and see that the used
> memory reaches 90 / 100%. After the copying is finished this memory
> is never released. No memory tool can tell me what happened to
> it??? Does anyone have an idea?

It is used by Linux for caching pages. Please read
http://sourcefrog.net/weblog/software/linux-kernel/free-mem.html
and possibly also
http://sourcefrog.net/weblog/software/linux-kernel/swap.html

Since the ssh process has exited it can not leak memory. Please do
report any leaks if you find them, however. The characteristics to
look for are that a process uses memory with no relation to the work
being done.

For example; copying a file with scp should not require the entire
file to be buffered, instead chunks of the file are sent after each
other. So if scp uses an amount of memory roughly the size of the
file (test with large files so the overhead is neglectable) right
before it exits, something is wrong.


//Peter

From Veena.Nedunchezhian.Consultant at ACNielsen.com  Thu Nov 30 11:00:02 2006
From: Veena.Nedunchezhian.Consultant at ACNielsen.com (Nedunchezhian,
	Veena (TCS Consultant))
Date: Wed, 29 Nov 2006 18:00:02 -0600
Subject: Issue while Running SSH from a Windows Service
Message-ID: <B2035F68439A1047A5B6CB69DE20026D03365DEC@vnu001schmsx01.enterprisenet.org>

Hi All - 
 
It seems to be an odd scenario. I have a simple ssh command which
establishes connection with a UNIX machine and executes some commands
over there. When I ran the command from command window, I was able to
successfully run them. In reality I wanted the ssh command to be invoked
by a windows 2003 service. I tried to debug the ssh command while
running from a service and I get the below log
 
C:\WINDOWS\system32>ssh -v -i c:\id_rsa -i c:\known_hosts -l stwdadmin
10.14.34.211 "ls -rt /export/stwd/staged/ondemand/sqa/outbound/*.mf |
sed 's/\/export\/stwd\/staged\/ondemand\/sqa\/outbound\///g'>
/export/stwd/staged/ondemand/sqa/outbound/EXT5mflist.txt" 
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Connecting to 10.14.34.211 [10.14.34.211] port 22.
debug1: Connection established.
debug1: identity file c:\\id_rsa type 1
debug1: identity file c:\\known_hosts type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

 
After the above line, SSH hungs. Not sure where the problem is. I am
currently using SSH 3.8.1p1-1 version. 
 
Your support will be appreciated. !!!
 
 
Thanks!

Veena Nedunchezhian
Business Solutions Delivery - ACNielsen Retail Systems 
Phone: 847-605-5225 Mobile : 847-340-4051

Veena.Nedunchezhian.consultant at acnielsen.com
<blocked::mailto:Veena.Nedunchezhian.consultant at acnielsen.com>