From owner-freebsd-security@freebsd.org Sat Aug 7 15:06:53 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A80566CB4A for ; Sat, 7 Aug 2021 15:06:53 +0000 (UTC) (envelope-from kmcmi046@uottawa.ca) Received: from mx98.uottawa.ca (mx98.uottawa.ca [137.122.9.241]) by mx1.freebsd.org (Postfix) with ESMTP id 4Ghm0D2cd8z3n3Z for ; Sat, 7 Aug 2021 15:06:52 +0000 (UTC) (envelope-from kmcmi046@uottawa.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-to1can01lp2051.outbound.protection.outlook.com [104.47.61.51]) by mx98.uottawa.ca (Postfix) with ESMTPS id B6B1820316 for ; Sat, 7 Aug 2021 11:06:46 -0400 (EDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jZi2oOfzYueyL5ziPRsBg+urtIhdcyPl+Ifp0vSmsITR3QyQPLKr/i2dDeJTQjuzTbcz63CPAvqxyNYgohdyu55vMTCcDG1XsV/jpRFviwstYnPFsHScji/s+rQeP0l4tQ55B+0sn1Y+t75yu810ooiWF2qZnYtjnSKDyp4s9ad1sqSR5WJZ/hQ2UHB9rVm0guDRm0rnzHD7tNEKO1ro4bj9CVlFGTgSczpCj4Bvn5ZsjSHeqeAQsmJbkPV3KjgdAyt3YN6NKVcjkbNP22SgyBQHyZ16nlPCnMxxAwScC3EdnjO82O8s+Hs4ysmk2wdLtekoFROMwmiDFe9kJzSirw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6YMubLPksWUnl9yO6EkScM2aMR/xdbfK9QR5supi60=; b=G27VNHpMdS5P2VrpDti/Mk7EsWuSTQwYZkdy/q06v8UMY1nhbT6OYiHRdytqMvt3zUCiOlAkLIbQBLUpDgjyuOLWqq64JfOySoPJt1hgk3dse2GT3KTEuLmSn4FEVzHW7XyI+yuQp8FWyikLEg9irW8gQd1pEaqNYBkfUUZZK3crkaG9AbT+0RUkAfOccMAa/OpBZunZgt2iTWcSeqBnjAlLvti3ht6t7zCvKg1+NltvDL05qy5huH2r6MMFeNPEsuosGRMhFHS1eZt2Y8rmE05tKF2sj7Ln+iLFBH3M+PavwIKR0y7a9dOMFUEeXr+/pEKSWDPbrzFdOdNaylCNPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uottawa.ca; dmarc=pass action=none header.from=uottawa.ca; dkim=pass header.d=uottawa.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uottawa.onmicrosoft.com; s=selector2-uottawa-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L6YMubLPksWUnl9yO6EkScM2aMR/xdbfK9QR5supi60=; b=S/NT6uJCveNx2x3L+OdbvVu9xrgfgJgaYzZZ438vgywG1bWSNm/ibk/0+vez7ZFCcivAqozZrgrm3Q4+ZQmj+qOUVu0b+/yVvxbFYbqHDplI5ThsRV/JLgUuzGkQBZ5cs+UZhNP1zJRg/5gNREMr353ANQcM+T1+h1vaCjHQoPw= Received: from YTXPR0101MB1229.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b00:10::29) by YTXPR0101MB1519.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b00:a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.19; Sat, 7 Aug 2021 15:06:45 +0000 Received: from YTXPR0101MB1229.CANPRD01.PROD.OUTLOOK.COM ([fe80::283e:e96c:e8ee:8048]) by YTXPR0101MB1229.CANPRD01.PROD.OUTLOOK.COM ([fe80::283e:e96c:e8ee:8048%6]) with mapi id 15.20.4394.021; Sat, 7 Aug 2021 15:06:45 +0000 From: Katherine Mcmillan To: "freebsd-security@freebsd.org" Subject: Re: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Thread-Topic: bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances) Thread-Index: AQHXi53WYlqHuDhB5E6AaNSnfh7+5g== Date: Sat, 7 Aug 2021 15:06:45 +0000 Message-ID: References: <20210807015102.ea4f5immh2l5ku4n@sym.noone.org> , In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fdfc9623-b34a-432a-de14-08d959b4f8fe x-ms-traffictypediagnostic: YTXPR0101MB1519: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:901; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: g/9dgJNsYuWw5iRqCPsz9UeyzLa0TDK9qxn8UeQvyuYrvMV5PNXhnWF7P9qmX9G5KyNU1LiLq/iviWdZIGwliFUwo8ii7Q1auw/lsd+4202AEerevpHXOEqNjG1BFgO+W4EA39Ic3/zebKeq5hnbdTR6y9tMWyfIfLXYuxeCq8wnuQfkubrP+1ceEzQ4GmhK8OYSzfqrkI8X58rcPSalZIMk6MrEtoav5i4fXmEzJPMomMCKljAdyJ2BlWOO7t560N64UJhdJ9NlwnYEyw0aoljHOQdA2xcsXgfWBiCf4CFIMZdTGdzUWdTZZfs023OZeHJokBo1EIok4olx6UZOaN3U1UrBjLm76JDjsX+xi/2X4mc3YnOhPYHfJFnBxMoWo3PtZXQePKvipQuWxSkwK6QYPHGh6WnMjKIS+w+knD7bFY7nIyltcka9URYf4qEUp3Y05Nhg387ur33IwEMrXr/w/vxw9AMOBp//bMSBSfmnG7V3rES4zskbqmsApX9OvborEMEDD4TxHbOnD7LiY9paiFii/rUScyYTLjW1nf35S3ggdPyI8Xmtp7wYIRTfh83Iq7VahyNwMaY+iEB+gtzdO3blbV/Dvfto62mrlw1RPvpvMNQWcNlgG+WUTmROxQYi5UjNmgtVKpQcGTWMlRftX+1Fz/vCYrsg6C9xFONIX1sBgHxQVkN0wwGwSb689mYt+93qXqxE8snjvEIbbFy1K3MDqa1iNyx38CYEwBjZEyDK7G6Y6qDS3ZOhGAA1E4RIWq7couTBepyk6mnAY4JBVQk9qivE6cl296YpPDE= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YTXPR0101MB1229.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(366004)(136003)(376002)(346002)(6916009)(83380400001)(19627405001)(38100700002)(2906002)(64756008)(7696005)(66446008)(99936003)(66946007)(66556008)(166002)(122000001)(66576008)(66476007)(55016002)(86362001)(9686003)(76116006)(5660300002)(316002)(786003)(52536014)(71200400001)(53546011)(6506007)(8936002)(186003)(8676002)(40265005)(38070700005)(478600001)(33656002)(26005)(31884003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?s2bVblVtQoUqoE9fSCXh35fq1JNhLjKFxMI8++nc8Rc58AhBuB0t56st?= =?Windows-1252?Q?KSG/iAjbqru8tIZrgkopuviuTAZCe4oCjKfgxcvpLhXOYu/BFtZZin7w?= =?Windows-1252?Q?D8zTt/9yTLynpUrZKYCWJd5v62WhdoK5XPrE2FjvxMzL5oqtdst6XLCf?= =?Windows-1252?Q?8wtU53ovdjPjWVAcBBx+iYwAgFbz5UX32YBrJbPcpbUJuUIgaBlpmjhb?= =?Windows-1252?Q?/tck5JgZBBsSqLJ0yz5010agRJgKvv+I2cdd5QA58vraq2FiNeVeK9Sg?= =?Windows-1252?Q?GvJu0sMCzySX6WB9A7PRjtX2OZkTc1FNYIaQ+2C0AaVN//uH2BSoAsiC?= =?Windows-1252?Q?vblz6n635sqY83w18bjqlMQDYZIYFqdQcgEBEGH4ORRBHbPo3VXAQYBI?= =?Windows-1252?Q?Tf5Ged3PRRPx6qCd2LVTkBrUHnvdcL/XBP3jIgs6IbS4GOAJGdFqZbJB?= =?Windows-1252?Q?0DZQzvQPzqp0xsDCmFRdWVfCDoIx0bfUsOomqAdxU13EMNFR6hvGfSBi?= =?Windows-1252?Q?HUHuaheDQxMn9UQADwpryu47RW/4PRiqGbi4iwFbMTKYQDeffiUjbA62?= =?Windows-1252?Q?LrYsplL1YM8OmiIGeriRG4QdDU1SNEvREyJRYfDEIUIamq385wySfN/7?= =?Windows-1252?Q?j30SJfcuNV6bPJ9vwXIRWTUUy1phaC8m4oLKgONII8eln0IIx9DquIsx?= =?Windows-1252?Q?RJJDcUO66xdiCU5l/yhkh4jDosLh4NlxgHkbJGp8GxvQVbnKffv097WA?= =?Windows-1252?Q?ZHh/zsD6pIdg8LgctW+kM9tw3PijTnhCJ6SgzkmZq4TFFCIM/y7IWeY1?= =?Windows-1252?Q?HD/Uu/SX2dEICW+ARmg6HVbjIbu8lnD70Sz/p3Jr4jdoFbnMYdql/4f/?= =?Windows-1252?Q?HgrEOxQ7FlWrHjQpbnf93PJTrPQ3h7qrVmZoPOfnOL1DkGnI6k2T/kYW?= =?Windows-1252?Q?5+Tx1aSZTli/gkcpdcrH7iM7OOWGf6IGSigITVMuUvk2M4BAikYl3xwS?= =?Windows-1252?Q?H5LhfUFdzCZNNq5ZrHyTuQQo+bObupcfSPU81jJXF8DrAMvgyT/sEXmm?= =?Windows-1252?Q?GGv9pQDhTtfChznHb99VlBAQlCdlk1A3P741fFcZYcyqgpywfGZNP/eV?= =?Windows-1252?Q?vlzB2se2wtbbCEMiWYsNYwowzQzEqKkEbGrHRGv/40KKHoP2z5zXNVQ3?= =?Windows-1252?Q?LyuFs/i2D+gCOg4gS5hodDgsVoKLS3x+g7QIYtjtsLtHEFeOQ2yyY+O2?= =?Windows-1252?Q?MEjw3WkLL5cYx4G6xK8aUmHcFg093DtHHVNExfgrVsqATtUwJu+0RBwo?= =?Windows-1252?Q?OdYaR/6QpJtKt1hToADW3AJfbBORT24/Eb8VFbH9pKBBtDlXzlbEyCXJ?= =?Windows-1252?Q?dk8I5Q8eA4DLaKl9IAHFK005tt/cyJGzPVA=3D?= x-ms-exchange-transport-forked: True Content-Type: multipart/mixed; boundary="_005_YTXPR0101MB12291D09D7F6F1D597CB4956E8F49YTXPR0101MB1229_" MIME-Version: 1.0 X-OriginatorOrg: uottawa.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YTXPR0101MB1229.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: fdfc9623-b34a-432a-de14-08d959b4f8fe X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2021 15:06:45.4854 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d41fdab1-7e15-4cfd-b5fa-7200e54deb6b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rXTJTywlUv8PpYwFaClXSnooSajqKPNyrbaC5W7YN1wz3frgwqi762lrKy3qhVX+aA6EDCePPYEHC+WsWk94Wg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR0101MB1519 X-Rspamd-Queue-Id: 4Ghm0D2cd8z3n3Z X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uottawa.onmicrosoft.com header.s=selector2-uottawa-onmicrosoft-com header.b="S/NT6uJC"; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=none; spf=none (mx1.freebsd.org: domain of kmcmi046@uottawa.ca has no SPF policy when checking 137.122.9.241) smtp.mailfrom=kmcmi046@uottawa.ca X-Spamd-Result: default: False [-2.20 / 15.00]; HAS_ATTACHMENT(0.00)[]; MIME_BASE64_TEXT_BOGUS(1.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[uottawa.onmicrosoft.com:+]; MIME_BASE64_TEXT(0.10)[]; CTYPE_MIXED_BOGUS(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:+,5:+]; ASN(0.00)[asn:25826, ipnet:137.122.0.0/18, country:CA]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; RCVD_IN_DNSWL_LOW(-0.10)[104.47.61.51:received]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[uottawa.onmicrosoft.com:s=selector2-uottawa-onmicrosoft-com]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[uottawa.ca]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_EQ_ADDR_ALL(0.00)[]; R_SPF_NA(0.00)[no SPF record]; RBL_AMI_RCVD_FAIL(0.00)[2603:10b6:b00:10::29:server fail,104.47.61.51:server fail]; MAILMAN_DEST(0.00)[freebsd-security] X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Aug 2021 15:06:53 -0000 --_005_YTXPR0101MB12291D09D7F6F1D597CB4956E8F49YTXPR0101MB1229_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable FYI ________________________________ From: Lynx-dev on behal= f of Ariadne Conill Sent: 07 August 2021 10:17 To: oss-security@lists.openwall.com Cc: Axel Beckert ; lynx-dev@nongnu.org ; security@debian.org ; 991971@bugs.debian.org <99197= 1@bugs.debian.org> Subject: Re: [Lynx-dev] [oss-security] Re: bug in Lynx' SSL certificate val= idation -> leaks password in clear text via SNI (under some circumstances) Attention : courriel externe | external email Hi, On Sat, 7 Aug 2021, Thorsten Glaser wrote: > Axel Beckert dixit: > >> This is more severe than it initially looked like: Due to TLS Server >> Name Indication (SNI) the hostname as parsed by Lynx (i.e with >> "user:pass@" included) is sent in _clear_ text over the wire even > > I *ALWAYS* SAID SNI IS A SHIT THING ONLY USED AS BAD EXCUSE FOR NAT > BY PEOPLE WHO ARE TOO STUPID TO CONFIGURE THEIR SERVERS RIGHT AND AS > BAD EXCUSE FOR LACKING IPv6 SUPPORT, AND THEN THE FUCKING IDIOTS WENT > AND MADE SNI *MANDATORY* FOR TLSv1.3, AND I FEEL *SO* VINDICATED RIGHT > NOW! IDIOTS IN CHARGE OF SECURITY, FUCKING IDIOTS=85 It turns out SNI is only marginally related to this issue. The issue itself is far more severe: HTParse() does not understand the authn part of the URI at all. And so, when you call: HTParse("https://foo:bar@example.com", "", PARSE_HOST) It returns: foo:bar@example.com Which is then handed directly to SSL_set_tlsext_host_name() or gnutls_server_name_set(). But it will also leak in the Host: header on unencrypted connections, and also probably SSL ones too. As a workaround, I taught HTParse() how to parse the authn part of URIs, but Lynx itself needs to actually properly support the authn part really. I have attached the patch Alpine is using to work around this infoleak. Ariadne --_005_YTXPR0101MB12291D09D7F6F1D597CB4956E8F49YTXPR0101MB1229_ Content-Type: text/plain; name="fix-auth-data-leaks.patch" Content-Description: fix-auth-data-leaks.patch Content-Disposition: attachment; filename="fix-auth-data-leaks.patch"; size=1480; creation-date="Sat, 07 Aug 2021 14:58:41 GMT"; modification-date="Sat, 07 Aug 2021 14:58:41 GMT" Content-ID: Content-Transfer-Encoding: base64 LS0tIGx5bngyLjguOXJlbC4xLm9yaWcvV1dXL0xpYnJhcnkvSW1wbGVtZW50YXRpb24vSFRQYXJz ZS5jDQorKysgbHlueDIuOC45cmVsLjEvV1dXL0xpYnJhcnkvSW1wbGVtZW50YXRpb24vSFRQYXJz ZS5jDQpAQCAtMzEsNiArMzEsNyBAQA0KIA0KIHN0cnVjdCBzdHJ1Y3RfcGFydHMgew0KICAgICBj aGFyICphY2Nlc3M7DQorICAgIGNoYXIgKmF1dGg7DQogICAgIGNoYXIgKmhvc3Q7DQogICAgIGNo YXIgKmFic29sdXRlOw0KICAgICBjaGFyICpyZWxhdGl2ZTsNCkBAIC0xMjEsNiArMTIyLDE4IEBA DQogICAgIH0NCiANCiAgICAgLyoNCisgICAgICogU2NhbiBsZWZ0LXRvLXJpZ2h0IGZvciBhbiBh dXRoZW50aWNhdGlvbiB1c2VybmFtZS9wYXNzd29yZCBjb21iaW5hdGlvbiAoYXV0aCkuDQorICAg ICAqLw0KKyAgICBmb3IgKHAgPSBhZnRlcl9hY2Nlc3M7ICpwOyBwKyspIHsNCisgICAgICAgaWYg KCpwID09ICdAJykgew0KKyAgICAgICAgICAgcGFydHMtPmF1dGggPSBhZnRlcl9hY2Nlc3M7DQor ICAgICAgICAgICAqcCA9ICdcMCc7DQorICAgICAgICAgICBhZnRlcl9hY2Nlc3MgPSAocCArIDEp OyAvKiBhZHZhbmNlIGJhc2UgcG9pbnRlciBmb3J3YXJkICovDQorICAgICAgICAgICBicmVhazsN CisgICAgICAgfQ0KKyAgICB9DQorDQorICAgIC8qDQogICAgICAqIFNjYW4gbGVmdC10by1yaWdo dCBmb3IgYSBmcmFnbWVudCAoYW5jaG9yKS4NCiAgICAgICovDQogICAgIGZvciAocCA9IGFmdGVy X2FjY2VzczsgKnA7IHArKykgew0KQEAgLTEzNSwxMCArMTQ4LDE0IEBADQogICAgICAqIFNjYW4g bGVmdC10by1yaWdodCBmb3IgYSBob3N0IG9yIGFic29sdXRlIHBhdGguDQogICAgICAqLw0KICAg ICBwID0gYWZ0ZXJfYWNjZXNzOw0KLSAgICBpZiAoKnAgPT0gJy8nKSB7DQotCWlmIChwWzFdID09 ICcvJykgew0KLQkgICAgcGFydHMtPmhvc3QgPSAocCArIDIpOwkvKiBob3N0IGhhcyBiZWVuIHNw ZWNpZmllZCAgICAqLw0KLQkgICAgKnAgPSAnXDAnOwkJLyogVGVybWluYXRlIGFjY2VzcyAgICAg ICAgICAgKi8NCisgICAgaWYgKCpwID09ICcvJyB8fCBwYXJ0cy0+YXV0aCkgew0KKwlpZiAocFsx XSA9PSAnLycgfHwgcGFydHMtPmF1dGgpIHsNCisgICAgICAgICAgICBpZiAoIXBhcnRzLT5hdXRo KSB7DQorCSAgICAgICAgIHBhcnRzLT5ob3N0ID0gKHAgKyAyKTsJLyogaG9zdCBoYXMgYmVlbiBz cGVjaWZpZWQgICAgKi8NCisJICAgICAgICAgKnAgPSAnXDAnOwkJLyogVGVybWluYXRlIGFjY2Vz cyAgICAgICAgICAgKi8NCisgICAgICAgICAgICB9IGVsc2Ugew0KKyAgICAgICAgICAgICAgICBw YXJ0cy0+aG9zdCA9IHA7DQorICAgICAgICAgICAgfQ0KIAkgICAgcCA9IFN0ckNocihwYXJ0cy0+ aG9zdCwgJy8nKTsJLyogbG9vayBmb3IgZW5kIG9mIGhvc3QgbmFtZSBpZiBhbnkgKi8NCiAJICAg IGlmIChwICE9IE5VTEwpIHsNCiAJCSpwID0gJ1wwJzsJLyogVGVybWluYXRlIGhvc3QgKi8NCg== --_005_YTXPR0101MB12291D09D7F6F1D597CB4956E8F49YTXPR0101MB1229_ Content-Type: text/plain; name="ATT00001.txt" Content-Description: ATT00001.txt Content-Disposition: attachment; filename="ATT00001.txt"; size=141; creation-date="Sat, 07 Aug 2021 14:58:41 GMT"; modification-date="Sat, 07 Aug 2021 14:58:41 GMT" Content-ID: <116A56E9982C424386FF09982B278E63@CANPRD01.PROD.OUTLOOK.COM> Content-Transfer-Encoding: base64 X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KTHlueC1kZXYg bWFpbGluZyBsaXN0Ckx5bngtZGV2QG5vbmdudS5vcmcKaHR0cHM6Ly9saXN0cy5ub25nbnUub3Jn L21haWxtYW4vbGlzdGluZm8vbHlueC1kZXYK --_005_YTXPR0101MB12291D09D7F6F1D597CB4956E8F49YTXPR0101MB1229_--