Backported fixes for:

http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423 and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355 (also apparently known as SA62976)
author: tez <tez> 2015-02-25 22:28:58 +0000
committer: tez <tez> 2015-02-25 22:28:58 +0000
commit: a76509da91039e9fdec28b04ae95eeb6ce6ab067 (patch)
tree: fdbc6868634266a62b2e6f94fa65bca541d9a52c /security
parent: 0c81e79de214fd6ea823bd87d9894ae8b478942a (diff)
download: pkgsrc-a76509da91039e9fdec28b04ae95eeb6ce6ab067.tar.gz
5 files changed, 400 insertions, 3 deletions
diff --git a/security/mit-krb5/Makefile b/security/mit-krb5/Makefile
index 61a45bb4e12..8d9230ef6dd 100644
--- a/security/mit-krb5/Makefile
+++ b/security/mit-krb5/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.77 2014/11/25 23:40:49 tez Exp $
+# $NetBSD: Makefile,v 1.78 2015/02/25 22:28:58 tez Exp $
 
 DISTNAME=	krb5-1.10.7
 PKGNAME=	mit-${DISTNAME}
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	http://web.mit.edu/kerberos/dist/krb5/${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar
diff --git a/security/mit-krb5/distinfo b/security/mit-krb5/distinfo
index abeb8602a2c..e930913c19c 100644
--- a/security/mit-krb5/distinfo
+++ b/security/mit-krb5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2014/11/25 23:40:49 tez Exp $
+$NetBSD: distinfo,v 1.50 2015/02/25 22:28:58 tez Exp $
 
 SHA1 (2014-001-patch.txt) = 919402bf3b7c289e847e9adc03a7c30f26966769
 RMD160 (2014-001-patch.txt) = a39c8e12e79ab273d562b04c1e7811c414dd70e8
@@ -6,10 +6,13 @@ Size (2014-001-patch.txt) = 592 bytes
 SHA1 (krb5-1.10.7-signed.tar) = 982087d617d0b038676bbe8030047421683d508b
 RMD160 (krb5-1.10.7-signed.tar) = 16e3a2cdeb410d84d055431679eb81851ae685e9
 Size (krb5-1.10.7-signed.tar) = 11632640 bytes
+SHA1 (patch-2015-001-patch-r110) = 17343091958096cfb45caae490018e60c79430cf
 SHA1 (patch-CVE-2014-4341) = 97b316fb3c5dfc626827a13baa5dcf623d67da3c
 SHA1 (patch-CVE-2014-4343) = e7d4604d81671f71c9cd9461b65a9e87b5982baa
 SHA1 (patch-CVE-2014-4344) = b7ae530beaffcf1c095e6f94bdf608b7a140b064
 SHA1 (patch-CVE-2014-5351) = 2948e2a9f7adb97b8cb70bb8f0043c45e5822465
+SHA1 (patch-CVE-2014-5353) = 93217bb5f249b153b8dcb0be07a565ee8cca879a
+SHA1 (patch-CVE-2014-5355) = de4f540d079b88fcf2e0ecdc504d977d47d628ab
 SHA1 (patch-aa) = 941848a1773dfbe51dff3134d4b8504a850a958d
 SHA1 (patch-ad) = b56a7218007560470179dd811c84b8c690c966ac
 SHA1 (patch-ae) = c7395b9de5baf6612b8787fad55dbc051a680bfd
diff --git a/security/mit-krb5/patches/patch-2015-001-patch-r110 b/security/mit-krb5/patches/patch-2015-001-patch-r110
new file mode 100644
index 00000000000..072f58df850
--- /dev/null
+++ b/security/mit-krb5/patches/patch-2015-001-patch-r110
@@ -0,0 +1,312 @@
+$NetBSD: patch-2015-001-patch-r110,v 1.1 2015/02/25 22:28:58 tez Exp $
+
+Patch for MITKRB5-SA-2015-001.txt backported
+based on http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt
+Fixes:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
+
+
+--- ./kadmin/server/kadm_rpc_svc.c.orig	2015-02-25 19:03:47.134238800 +0000
++++ ./kadmin/server/kadm_rpc_svc.c
+@@ -4,7 +4,7 @@
+  *
+  */
+ 
+-#include <k5-platform.h>
++#include <k5-int.h>
+ #include <gssrpc/rpc.h>
+ #include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */
+ #include <syslog.h>
+@@ -301,14 +301,8 @@ check_rpcsec_auth(struct svc_req *rqstp)
+      c1 = krb5_princ_component(kctx, princ, 0);
+      c2 = krb5_princ_component(kctx, princ, 1);
+      realm = krb5_princ_realm(kctx, princ);
+-     if (strncmp(handle->params.realm, realm->data, realm->length) == 0
+-	 && strncmp("kadmin", c1->data, c1->length) == 0) {
+-
+-	  if (strncmp("history", c2->data, c2->length) == 0)
+-	       goto fail_princ;
+-	  else
+-	       success = 1;
+-     }
++     success = data_eq_string(*realm, handle->params.realm) &&
++            data_eq_string(*c1, "kadmin") && !data_eq_string(*c2, "history");
+ 
+ fail_princ:
+      if (!success) {
+
+--- ./lib/gssapi/krb5/context_time.c.orig	2015-02-25 19:49:12.558472400 +0000
++++ ./lib/gssapi/krb5/context_time.c
+@@ -40,7 +40,7 @@ krb5_gss_context_time(minor_status, cont
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ 
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+
+--- ./lib/gssapi/krb5/export_sec_context.c.orig	2015-02-25 20:12:11.511021400 +0000
++++ ./lib/gssapi/krb5/export_sec_context.c
+@@ -45,6 +45,11 @@ krb5_gss_export_sec_context(minor_status
+     *minor_status = 0;
+ 
+     ctx = (krb5_gss_ctx_id_t) *context_handle;
++    if (ctx->terminated) {
++        *minor_status = KG_CTX_INCOMPLETE;
++        return (GSS_S_NO_CONTEXT);
++    }
++
+     context = ctx->k5_context;
+     kret = krb5_gss_ser_init(context);
+     if (kret)
+
+--- ./lib/gssapi/krb5/gssapiP_krb5.h.orig	2015-02-25 20:13:50.580912000 +0000
++++ ./lib/gssapi/krb5/gssapiP_krb5.h
+@@ -202,6 +202,7 @@ typedef struct _krb5_gss_ctx_id_rec {
+     unsigned int big_endian : 1;
+     unsigned int have_acceptor_subkey : 1;
+     unsigned int seed_init : 1;  /* XXX tested but never actually set */
++    unsigned int terminated : 1;
+     OM_uint32 gss_flags;
+     unsigned char seed[16];
+     krb5_gss_name_t here;
+
+--- ./lib/gssapi/krb5/gssapi_krb5.c.orig	2015-02-25 20:15:28.221874100 +0000
++++ ./lib/gssapi/krb5/gssapi_krb5.c
+@@ -369,7 +369,7 @@ krb5_gss_inquire_sec_context_by_oid (OM_
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ 
+-    if (!ctx->established)
++    if (ctx->terminated || !ctx->established)
+         return GSS_S_NO_CONTEXT;
+ 
+     for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
+
+--- ./lib/gssapi/krb5/inq_context.c.orig	2015-02-25 20:17:05.258340000 +0000
++++ ./lib/gssapi/krb5/inq_context.c
+@@ -105,7 +105,7 @@ krb5_gss_inquire_context(minor_status, c
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ 
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+
+--- ./lib/gssapi/krb5/k5seal.c.orig	2015-02-25 20:18:07.402899400 +0000
++++ ./lib/gssapi/krb5/k5seal.c
+@@ -347,7 +347,7 @@ kg_seal(minor_status, context_handle, co
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ 
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+
+--- ./lib/gssapi/krb5/k5sealiov.c.orig	2015-02-25 20:19:26.092234800 +0000
++++ ./lib/gssapi/krb5/k5sealiov.c
+@@ -285,7 +285,7 @@ kg_seal_iov(OM_uint32 *minor_status,
+     }
+ 
+     ctx = (krb5_gss_ctx_id_rec *)context_handle;
+-    if (!ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return GSS_S_NO_CONTEXT;
+     }
+
+--- ./lib/gssapi/krb5/k5unseal.c.orig	2013-11-06 20:52:23.000000000 +0000
++++ ./lib/gssapi/krb5/k5unseal.c
+@@ -487,7 +487,7 @@ kg_unseal(minor_status, context_handle,
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+ 
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+
+--- ./lib/gssapi/krb5/k5unsealiov.c.orig	2013-11-06 20:52:23.000000000 +0000
++++ ./lib/gssapi/krb5/k5unsealiov.c
+@@ -628,7 +628,7 @@ kg_unseal_iov(OM_uint32 *minor_status,
+     OM_uint32 code;
+ 
+     ctx = (krb5_gss_ctx_id_rec *)context_handle;
+-    if (!ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return GSS_S_NO_CONTEXT;
+     }
+
+--- ./lib/gssapi/krb5/lucid_context.c.orig	2015-02-25 20:27:11.529478500 +0000
++++ ./lib/gssapi/krb5/lucid_context.c
+@@ -75,6 +75,11 @@ gss_krb5int_export_lucid_sec_context(
+     *minor_status = 0;
+     *data_set = GSS_C_NO_BUFFER_SET;
+ 
++    if (ctx->terminated || !ctx->established) {
++        *minor_status = KG_CTX_INCOMPLETE;
++        return GSS_S_NO_CONTEXT;
++    }
++
+     retval = generic_gss_oid_decompose(minor_status,
+                                        GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+                                        GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+
+--- ./lib/gssapi/krb5/prf.c.orig	2015-02-25 20:28:38.970661400 +0000
++++ ./lib/gssapi/krb5/prf.c
+@@ -60,6 +60,10 @@ krb5_gss_pseudo_random(OM_uint32 *minor_
+     ns.data = NULL;
+ 
+     ctx = (krb5_gss_ctx_id_t)context;
++    if (ctx->terminated || !ctx->established) {
++        *minor_status = KG_CTX_INCOMPLETE;
++        return GSS_S_NO_CONTEXT;
++    }
+ 
+     switch (prf_key) {
+     case GSS_C_PRF_KEY_FULL:
+
+--- ./lib/gssapi/krb5/process_context_token.c.orig	2015-02-25 20:29:45.187213100 +0000
++++ ./lib/gssapi/krb5/process_context_token.c
+@@ -39,11 +39,18 @@ krb5_gss_process_context_token(minor_sta
+ 
+     ctx = (krb5_gss_ctx_id_t) context_handle;
+ 
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+ 
++    /* We only support context deletion tokens for now, and RFC 4121 does not
++     * define a context deletion token. */
++    if (ctx->proto) {
++        *minor_status = 0;
++        return(GSS_S_DEFECTIVE_TOKEN);
++    }
++
+     /* "unseal" the token */
+ 
+     if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle,
+@@ -52,8 +59,8 @@ krb5_gss_process_context_token(minor_sta
+                                      KG_TOK_DEL_CTX)))
+         return(majerr);
+ 
+-    /* that's it.  delete the context */
+-
+-    return(krb5_gss_delete_sec_context(minor_status, &context_handle,
+-                                       GSS_C_NO_BUFFER));
++    /* Mark the context as terminated, but do not delete it (as that would
++     * leave the caller with a dangling context handle). */
++    ctx->terminated = 1;
++    return(GSS_S_COMPLETE);
+ }
+
+--- ./lib/gssapi/krb5/wrap_size_limit.c.orig	2015-02-25 20:32:00.325325300 +0000
++++ ./lib/gssapi/krb5/wrap_size_limit.c
+@@ -95,7 +95,7 @@ krb5_gss_wrap_size_limit(minor_status, c
+     }
+ 
+     ctx = (krb5_gss_ctx_id_rec *) context_handle;
+-    if (! ctx->established) {
++    if (ctx->terminated || !ctx->established) {
+         *minor_status = KG_CTX_INCOMPLETE;
+         return(GSS_S_NO_CONTEXT);
+     }
+
+--- ./lib/kadm5/kadm_rpc_xdr.c.orig	2015-02-25 20:48:14.376390200 +0000
++++ ./lib/kadm5/kadm_rpc_xdr.c
+@@ -320,6 +320,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_
+ 	       free(tl);
+ 	       tl = tl2;
+ 	  }
++          *tl_data_head = NULL;
+ 	  break;
+ 
+      case XDR_ENCODE:
+@@ -1067,6 +1068,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_princ
+     case XDR_FREE:
+ 	if(*objp != NULL)
+ 	    krb5_free_principal(context, *objp);
++        *objp = NULL;
+ 	break;
+     }
+     return TRUE;
+
+--- ./lib/rpc/auth_gssapi_misc.c.orig	2015-02-25 20:51:31.250618000 +0000
++++ ./lib/rpc/auth_gssapi_misc.c
+@@ -321,7 +321,6 @@ bool_t auth_gssapi_unwrap_data(
+      if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) {
+ 	  PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n"));
+ 	  gss_release_buffer(minor, &out_buf);
+-	  xdr_free(xdr_func, xdr_ptr);
+ 	  XDR_DESTROY(&temp_xdrs);
+ 	  return FALSE;
+      }
+
+--- ./lib/rpc/svc_auth_gss.c.orig	2015-02-25 20:52:40.715734700 +0000
++++ ./lib/rpc/svc_auth_gss.c
+@@ -68,16 +68,6 @@ extern const gss_OID_desc * const gss_me
+ 
+ extern SVCAUTH svc_auth_none;
+ 
+-/*
+- * from mit-krb5-1.2.1 mechglue/mglueP.h:
+- * Array of context IDs typed by mechanism OID
+- */
+-typedef struct gss_union_ctx_id_t {
+-  gss_OID     mech_type;
+-  gss_ctx_id_t    internal_ctx_id;
+-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+-
+-
+ static auth_gssapi_log_badauth_func log_badauth = NULL;
+ static caddr_t log_badauth_data = NULL;
+ static auth_gssapi_log_badverf_func log_badverf = NULL;
+@@ -235,16 +225,8 @@ svcauth_gss_accept_sec_context(struct sv
+ 		gd->ctx = GSS_C_NO_CONTEXT;
+ 		goto errout;
+ 	}
+-	/*
+-	 * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
+-	 * one to the mechanism oid, one to the internal_ctx_id
+-	 */
+-	if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) {
+-		fprintf(stderr, "svcauth_gss_accept_context: out of memory\n");
+-		goto errout;
+-	}
+-	memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc));
+-	gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc);
++	gr->gr_ctx.value = "xxxx";
++        gr->gr_ctx.length = 4;
+ 
+ 	/* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version...  */
+ 	gr->gr_win = sizeof(gd->seqmask) * 8;
+@@ -516,8 +498,6 @@ gssrpc__svcauth_gss(struct svc_req *rqst
+ 
+ 		if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+ 			gss_release_buffer(&min_stat, &gr.gr_token);
+-			mem_free(gr.gr_ctx.value,
+-				 sizeof(gss_union_ctx_id_desc));
+ 			ret_freegc (AUTH_FAILED);
+ 		}
+ 		*no_dispatch = TRUE;
+@@ -527,7 +507,6 @@ gssrpc__svcauth_gss(struct svc_req *rqst
+ 
+ 		gss_release_buffer(&min_stat, &gr.gr_token);
+ 		gss_release_buffer(&min_stat, &gd->checksum);
+-		mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc));
+ 		if (!call_stat)
+ 			ret_freegc (AUTH_FAILED);
+ 
diff --git a/security/mit-krb5/patches/patch-CVE-2014-5353 b/security/mit-krb5/patches/patch-CVE-2014-5353
new file mode 100644
index 00000000000..52d8e266697
--- /dev/null
+++ b/security/mit-krb5/patches/patch-CVE-2014-5353
@@ -0,0 +1,29 @@
+$NetBSD: patch-CVE-2014-5353,v 1.1 2015/02/25 22:28:58 tez Exp $
+
+Fix for CVE-2014-5353 from:
+https://github.com/krb5/krb5/commit/5fbb56c4624df9e6b0d0a80f46e5ad37eb79c6c0
+
+
+--- plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.orig	2015-02-25 18:57:47.261119800 +0000
++++ plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+@@ -261,9 +261,9 @@ krb5_ldap_get_password_policy_from_dn(kr
+ #endif /**************** END IFDEF'ed OUT *******************************/
+ 
+     ent=ldap_first_entry(ld, result);
+-    if (ent != NULL) {
+-        if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
+-            goto cleanup;
++    if (ent == NULL) {
++        st = KRB5_KDB_NOENTRY;
++        goto cleanup;
+ #if 0 /************** Begin IFDEF'ed OUT *******************************/
+         krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
+         krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
+@@ -279,6 +279,7 @@ krb5_ldap_get_password_policy_from_dn(kr
+                                             ld);
+ #endif /**************** END IFDEF'ed OUT *******************************/
+     }
++    st = populate_policy(context, ld, ent, pol_name, *policy);
+ 
+ cleanup:
+     ldap_msgfree(result);
diff --git a/security/mit-krb5/patches/patch-CVE-2014-5355 b/security/mit-krb5/patches/patch-CVE-2014-5355
new file mode 100644
index 00000000000..b4bb8c4cb81
--- /dev/null
+++ b/security/mit-krb5/patches/patch-CVE-2014-5355
@@ -0,0 +1,53 @@
+$NetBSD: patch-CVE-2014-5355,v 1.1 2015/02/25 22:28:58 tez Exp $
+
+Patch for CVE-2014-5355 from:
+https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
+
+
+--- ./appl/user_user/server.c.orig	2015-02-25 21:22:16.608302700 +0000
++++ ./appl/user_user/server.c
+@@ -113,8 +113,10 @@ int main(argc, argv)
+     }
+ #endif
+ 
++    /* principal name must be sent null-terminated. */
+     retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
+-    if (retval) {
++    if (retval || pname_data.length == 0 ||
++        pname_data.data[pname_data.length - 1] != '\0') {
+         com_err ("uu-server", retval, "reading pname");
+         return 2;
+     }
+
+--- ./lib/krb5/krb/recvauth.c.orig	2015-02-25 21:24:52.754211700 +0000
++++ ./lib/krb5/krb/recvauth.c
+@@ -59,6 +59,7 @@ recvauth_common(krb5_context context,
+     krb5_rcache           rcache = 0;
+     krb5_octet            response;
+     krb5_data             null_server;
++    krb5_data             d;
+     int                   need_error_free = 0;
+     int                   local_rcache = 0, local_authcon = 0;
+ 
+@@ -77,7 +78,8 @@ recvauth_common(krb5_context context,
+          */
+         if ((retval = krb5_read_message(context, fd, &inbuf)))
+             return(retval);
+-        if (strcmp(inbuf.data, sendauth_version)) {
++        d = make_data((char *)sendauth_version, strlen(sendauth_version) + 1);
++        if (!data_eq(inbuf, d)) {
+             problem = KRB5_SENDAUTH_BADAUTHVERS;
+             response = 1;
+         }
+@@ -93,8 +95,9 @@ recvauth_common(krb5_context context,
+      */
+     if ((retval = krb5_read_message(context, fd, &inbuf)))
+         return(retval);
+-    if (appl_version && strcmp(inbuf.data, appl_version)) {
+-        if (!problem) {
++    if (appl_version != NULL && !problem) {
++        d = make_data(appl_version, strlen(appl_version) + 1);
++        if (!data_eq(inbuf, d)) {
+             problem = KRB5_SENDAUTH_BADAPPLVERS;
+             response = 2;
+         }
author	tez <tez>	2015-02-25 22:28:58 +0000
committer	tez <tez>	2015-02-25 22:28:58 +0000
commit	a76509da91039e9fdec28b04ae95eeb6ce6ab067 (patch)
tree	fdbc6868634266a62b2e6f94fa65bca541d9a52c /security
parent	0c81e79de214fd6ea823bd87d9894ae8b478942a (diff)
download	pkgsrc-a76509da91039e9fdec28b04ae95eeb6ce6ab067.tar.gz