update to 2013.2.3

Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2014-04-06 06:01:59 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2014-04-06 06:01:59 +0000
commit: 93b19d6388a64d9b0cf470437a4dc4a28cfe99bc (patch)
tree: 373ab72e2019991f54d634bb6de6cc95381d1f97 /sys-auth
parent: more security (diff)
download: historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.tar.gz
historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.tar.bz2
historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.zip
4 files changed, 25 insertions, 203 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index c80e8339e4d8..20c6e3844dbc 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/keystone
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.63 2014/04/06 05:32:54 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.64 2014/04/06 06:01:38 prometheanfire Exp $
+
+*keystone-2013.2.3 (06 Apr 2014)
+
+  06 Apr 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +keystone-2013.2.3.ebuild, -files/2013.2.2-CVE-2014-2237.patch,
+  -keystone-2013.2.2-r1.ebuild:
+  update to 2013.2.3
 
   06 Apr 2014; Matthew Thode <prometheanfire@gentoo.org>
   -keystone-2013.1.5.ebuild, -keystone-2013.1.9999.ebuild,
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
index 392aa4ee0b30..e40e7cca8ba8 100644
--- a/sys-auth/keystone/Manifest
+++ b/sys-auth/keystone/Manifest
@@ -1,30 +1,29 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-AUX 2013.2.2-CVE-2014-2237.patch 8412 SHA256 4039b420f5f8225b6a916a87b0c3cf068c2f25afd782705a2d803b2935d5be63 SHA512 75c947d631941a4a4faadfdf8cf3ddd8b7e443485a561321999fcf73b24c8c9c4994e9e4ebf4463b57b25401948cb99096fbefdbe3b22c181473053636771b2e WHIRLPOOL 96afe8f9b3365863978507f7018a9df70d956c20c15c2e6cbf5fdfbd4cae20685ddaf7a7a99e5d93b083603ca3da7d0c7b543dfc0ebb49645b463be01c67c6cc
 AUX keystone.confd 124 SHA256 50daa09c5922190a6663e36a32e9b6e5c512672e5be776fcc9b0805da40b6e8d SHA512 1cf50ddcd55421481f8b34f91f35787299b2f9044bcc0a63c70ffff372d740cb84c399d31e52d708fdacad3455d77867d02b438ec2fb39b35ac2e106a2c9e0ad WHIRLPOOL e6c2b76131846cd0ce86e8d766d3f5bbd0d8cd0643de9100d7946afa44c3f13500719feca3ee4ea49644f6881fa34bdc17c08d65a001841ae8f40fc820d334fc
 AUX keystone.initd 674 SHA256 fc556365de7198de035ebf083b10f59043aa3266270d3ab708d613311f1a719a SHA512 10066c2197973aeee2444ae1bff0ffc3d2a7360a632b55b9c2f66bf064285491e698721ec1525a22b18c0b74a8a6c5c4b84d2cf73812a0f93b2dbfffba799718 WHIRLPOOL 7969003cec68ca8017de003e6a5cfb4bd239a149b06dd9304c9ba8200b4fedfe8ae7e8d3c443e741d1c19cedc5d67150f1d236eef565685a64aa4a998c1ec509
 AUX no_admin_token_auth-paste.ini 2646 SHA256 f98d9151f222d2143820bdc98727ce0cf3f4450a4dbdc54f1fb6e36bb63bf2df SHA512 c855dd2bb05e765c6594359f55b76f7f6e0649c8e8f4517b274c7432f136e51c408168ec24e0074f4ebc49eb641d658acfda205aef97fe68fe8fc016be4cb08d WHIRLPOOL faad0f98d0684cf206e2f2afb5fba6c6aab73f97bcf63e38038be49a2ae1303e8cb5434d8fab34492888c666462dcd751c678c04cd0039d9024fd42ddde30646
-DIST keystone-2013.2.2.tar.gz 1086908 SHA256 0fa6c3707d856062b27cc2563fd5af2fa43f08fabce563cfb6dde1ec9029d6b6 SHA512 265b8c90a0bada1a760aca3aa273b63e6dbe0618c7315baee7f37c12caab59f8a2c9736417b53fdfe675237436c82dbe8db41ec306fbb849ddf0c23565fbc2c9 WHIRLPOOL 2c26c72bd02d99f99e1147d696f9f32227641e876e9273072e4f41531d4dee8a554bf74aec5855161410dfcfd5275315a9fca9f4c000ae03dbda5f58c2c708ff
-EBUILD keystone-2013.2.2-r1.ebuild 4764 SHA256 1c34183d989b9ad7929d4e48b06c8d0360382ae3ff846885275d68dca614a0c1 SHA512 e549bcce7d3cad014afd60900a2e1ba95e210928d4f686c6d0dcb3de4cf124a2c0cf196d988377cabb8d4db9be04c8116f2a4d03bf928700414c04ca3fbbcb78 WHIRLPOOL 63fd1b255a70e65744f3ed108da9600350eeb5dc695ac6f52f893c8e16b14d682d2890cd66caab3edf4a0042302e10c40a973d83c563268479298e063332520b
+DIST keystone-2013.2.3.tar.gz 1093050 SHA256 0d27a32c6c211706f8b13aafe2fd51c7ddbea97897be90663fd8c2527ef56032 SHA512 ca86845d076f35732085604cfef36cbb7e6c565dbf125180aa4b7bf2c07e7f5996e891dde7d1094058cc8b4f55b3eb9e1879013a6e4510bb2da9864712a09c91 WHIRLPOOL b940acb76f7693fe81f3aa5a7d8bc46977423eb191b6befa56f91585029d40f2e01a0553c21327c4da77ae93769e8747d8610b4bbca3e95c028f8336bd353a2c
+EBUILD keystone-2013.2.3.ebuild 4716 SHA256 b42ad49a6474aaac84b7af633dde6e1281b75b185c40315c228a2d9276cf0bc4 SHA512 d44efe6fa545c0f76cd02427f908b949052e977eae149694633f267e1eb4352d10493e8b6651c4452d0a8dcafd8a9edaf1df8474e8f16f50e41e27f4dddaec7d WHIRLPOOL cd8de2fad10bf75fac3c3b550e23cd8b4b5dfd2ddfb4fd30cb25bd40adea47be7a6834327ed3dc7ff93f5b752151d246ed446f0ad4303543481bcc4b3fae7a2b
 EBUILD keystone-2013.2.9999.ebuild 4395 SHA256 5dbdee3a80720d89d6b9eb44801fd0bbca01aa77bd1005a5f05e6936792612e7 SHA512 6412b32640a29783ff8bb71b6e86243128b6fb4f49ddde187eff5468ed6e22154ee1645e8694c43c0b342e27a9a7c64cf89ff54bcd7a0e6d62f5a19954e0e274 WHIRLPOOL 30eb74991df263cd0afc8e84311bb008469a16afa8c248e00eda9c78a5cb9fe46d679b7cc3c7528157f0590b18ec6db25fe0187db41f3748e3dfa4d39919bdca
 EBUILD keystone-9999.ebuild 4381 SHA256 3e9891ca3f756591b3c7f68f0fb8e287c3eaf43ba3ab12cc5b92ed48d9915e9e SHA512 e8ca3d0568fbcbd5b567e6a25d851e4f19749735596261b448d2ed64e7035f586db5d3d5fbfa8b7ec58bf6656e2b958bd4b16db49814838d7d3739953a1ba260 WHIRLPOOL a9bb8b8b5566a9ab8889e4d3d7e20afba8ec31578da583ce6e2852ce6536de064f4ffcf2ec4cf60288d82ce95e0963d218d8b596f9d55a3c119e9066cab8c7e2
-MISC ChangeLog 13943 SHA256 a3e4e93b6e8eb1b4c95728d32b52bc8b66d82aabb347456c99c64d0a72eb27bc SHA512 333ebc7f23de8f6508a201bde68468af9d8e15ae2fb88c75eda51ba03970e7fba7a27b10c0ce91fefec9d80afd32c2ce54a9b4a97745726ee7e1e3796720f2f2 WHIRLPOOL 74336a8db68e88b2e4473c42eb19f7e8c0cf5ae0738549646d1d5d692ed32f7341c11a078b4b23770fb208a5ade0411ff2831981796498431191790e293f3eb4
+MISC ChangeLog 14154 SHA256 df059db1b6bc9ff538405f96854a79b345edaebde3a6ff9cb78bff4bea3288a2 SHA512 63a7736c399f49002512d72393d612f2a07657db247a6bfa61f14fec00848a9e2c08b60d8992c50580019292e2a880df69a846c86905f51dddaf0fd1f0f73cfa WHIRLPOOL 0a9bc55ab5aae57eccb605ab49d96af670cbcb129df4b053d472842312c41b63aafbbe90c70f18b892b81151d32989fea0dc28aaae48570ce08b32c17ffab64d
 MISC metadata.xml 424 SHA256 c89c0232e90df5d811d17941c1594e4c4c45db48c2b6240a3c62b232caad4e84 SHA512 9d7fcca89a6f35a93f1a57790103249cdc25424cbdb374bf26b691e81b27182dc3380a8ff67b77e7aabf4ce944e4a813d619838d4bc97086b4208e5312d76f11 WHIRLPOOL 4ec9d4c5ff5c484c341b06fe77fcac8e6fdd0e0b651dbd58b6f2d5aecd05db5bf70218b94733eb749ced7436f9df5ba5c93496bae06c0ff9a62b91ecb53ab77a
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTQOdBAAoJECRx6z5ArFrDaa4QAIXR9tk8880Min8oy7GX8SV2
-M+3tfCdCsMcf1iT/Qn7023hmYZ5DvO0b215YD2+D/kHsUAFriyuLd9e0BaD8577n
-Dd1sRJuid275NacesmPEJLArJdXjtSJSIM/zkEZJbXIp4p4zGinIUQxCJtWhkb/Z
-+eN9yKg0f+QTn9XsJpYNqksjbPIlOrldZplSS2m2RL+oMjQ4MDfufv+5WTacEmvo
-+4I0Ri0PjAbGBogsumwKdj5TmhNql+67kIuv5cL+xbAKBK/tQput0EM/euhIkkhA
-j8E1pMzgK+ADguwQ0ms4rnOLWUE5yZzgcsjXcA5R2NCgr25p3hsLTimbQ0RYZaD2
-/oEGuOHOV5S565Zemzxz5laumnnCHYQaFEC9HxvR56KCQjHU2+0yoLVAA71qHqpT
-mn9XoKL5EV8MHh8EYZZIKJ0bacYOfyAyZ6i7pDW+zAy9mWUU47XLFIFnSEXrviEq
-OBOYYkWovIg3MPtM/bu5io5CzygrL19SxvwheTqQE/nsFgVOyaJghchDb1/Yhj48
-CeHGXkVp/nqRiE7vKaCc8TX4+qX8OEagn8Q176OS4pO456V64q8cMlwjds8BbAa8
-by+HrHv+kcea7bz80TVndHYooF3PSiMQhZ4LxZTMsdVzjpJO4tut1buuI9QBXjL5
-ZudJrtwk1RLGW0hVEMsy
-=ZOJY
+iQIcBAEBCAAGBQJTQO4HAAoJECRx6z5ArFrDB+4QAIWkExgkqaLw7wRMSEuAZLZi
+CSjdlagmplPdHc8eaNyE2teKW6C/nVCHDNKsPLkeZH64YZJrpWERjIsj0kZ9mC5k
+3/dw5jW4vuPkqeli+ZP2jvrb//F9YYk6bgWk05IC4dXmnI6VRC3ZMxVrwDQjqxLm
+bL5pNKo+6trNEfrp4V/1w+BoVLdEwLgdjaA8dFURT5DBFLv9WhfP8Cg8hMqbwpXf
+Ri3DJdP38tF+0iRtSTelG8BdOzNXObN7jNm7WLmlnoMV6sjHsXE4H5uc0+feiYD1
+MtAbEEjoVNangyusNsnv0itw/2vNtxfEEBxo4LKsbLKohfyvnETFrA+odV9EOPJR
+irpYPz85djkQrkde1A2FTqGU7xG4+j/0NxojWv2RqMF3RibdFYeavoXpa2bXEAfO
+v/cQs3R9G+U1FivFyW+/TJv+0Fe6RHxxyYfxOklBiwKUIDNHpU3uz/fC0Ce7lkVM
+NkYx3Il73aSxiM8yOlQ6sVLN8G7GjyLnaHj+6lnbVOsDm61a+GazPOimee54mUil
+unVzG5+1fF3hZ2D540YCuMpAXnPUiw6j2KCSHeXEcE4n3ypOu7siTDYvFXvHxwWH
+jFYnPJ2/PacxA3RZ1wyftKYCt4Zbqj0A1yGiUJtq3gDy4bBcpaMqknDR5CXwfSby
+4nleo1wf0s3Nr8O03HZJ
+=LKOu
 -----END PGP SIGNATURE-----
diff --git a/sys-auth/keystone/files/2013.2.2-CVE-2014-2237.patch b/sys-auth/keystone/files/2013.2.2-CVE-2014-2237.patch
deleted file mode 100644
index a19d9440258f..000000000000
--- a/sys-auth/keystone/files/2013.2.2-CVE-2014-2237.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From b6f0e26da0e2ab0892a5658da281a065e668637b Mon Sep 17 00:00:00 2001
-From: Morgan Fainberg <m@metacloud.com>
-Date: Fri, 21 Feb 2014 21:33:25 +0000
-Subject: Ensure tokens are added to both Trustor and Trustee indexes
-
-Tokens are now added to both the Trustor and Trustee user-token-index
-so that bulk token revocations (e.g. password change) of the trustee
-will work as expected. This is a backport of the basic code that was
-used in the Icehouse-vintage Dogpile Token KVS backend that resolves
-this issue by merging the handling of memcache and KVS backends into
-the same logic.
-
-Change-Id: I3e19e4a8fc1e11cef6db51d364e80061e97befa7
-Closes-Bug: #1260080
----
-diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py
-index e0e81ca..1e926c8 100644
---- a/keystone/tests/test_backend.py
-+++ b/keystone/tests/test_backend.py
-@@ -25,6 +25,7 @@ from keystone import exception
- from keystone.openstack.common import timeutils
- from keystone import tests
- from keystone.tests import default_fixtures
-+from keystone.token import provider
- 
- 
- CONF = config.CONF
-@@ -2645,7 +2646,8 @@ class TokenTests(object):
-                           self.token_api.delete_token, token_id)
- 
-     def create_token_sample_data(self, tenant_id=None, trust_id=None,
--                                 user_id="testuserid"):
-+                                 user_id='testuserid',
-+                                 trustee_user_id='testuserid2'):
-         token_id = self._create_token_id()
-         data = {'id': token_id, 'a': 'b',
-                 'user': {'id': user_id}}
-@@ -2655,6 +2657,15 @@ class TokenTests(object):
-             data['tenant'] = None
-         if trust_id is not None:
-             data['trust_id'] = trust_id
-+            data.setdefault('access', {}).setdefault('trust', {})
-+            # Testuserid2 is used here since a trustee will be different in
-+            # the cases of impersonation and therefore should not match the
-+            # token's user_id.
-+            data['access']['trust']['trustee_user_id'] = trustee_user_id
-+        data['token_version'] = provider.V2
-+        # Issue token stores a copy of all token data at token['token_data'].
-+        # This emulates that assumption as part of the test.
-+        data['token_data'] = copy.deepcopy(data)
-         new_token = self.token_api.create_token(token_id, data)
-         return new_token['id']
- 
-@@ -2907,6 +2918,39 @@ class TokenTests(object):
-         for t in self.token_api.list_revoked_tokens():
-             self.assertIn('expires', t)
- 
-+    def test_token_in_trustee_and_trustor_token_list(self):
-+        self.opt_in_group('trust',
-+                          enabled=True)
-+        trustor = self.user_foo
-+        trustee = self.user_two
-+        trust_id = uuid.uuid4().hex
-+        trust_info = {'trustor_user_id': trustor['id'],
-+                      'trustee_user_id': trustee['id'],
-+                      'project_id': self.tenant_bar['id'],
-+                      'expires_at': timeutils.
-+                      parse_isotime('2031-02-18T18:10:00Z'),
-+                      'impersonation': True}
-+        self.trust_api.create_trust(trust_id, trust_info,
-+                                    roles=[{'id': 'member'},
-+                                           {'id': 'other'},
-+                                           {'id': 'browser'}])
-+
-+        token_id = self.create_token_sample_data(
-+            tenant_id=self.tenant_bar['id'],
-+            trust_id=trust_id,
-+            user_id=trustor['id'],
-+            trustee_user_id=trustee['id'])
-+
-+        # Ensure the token id exists in both the trustor and trustee token
-+        # lists
-+
-+        self.assertIn(token_id,
-+                      self.token_api.list_tokens(self.user_two['id'],
-+                                                 trust_id=trust_id))
-+        self.assertIn(token_id,
-+                      self.token_api.list_tokens(self.user_foo['id'],
-+                                                 trust_id=trust_id))
-+
- 
- class TokenCacheInvalidation(object):
-     def _create_test_data(self):
-diff --git a/keystone/tests/test_backend_kvs.py b/keystone/tests/test_backend_kvs.py
-index ac9df71..a23882c 100644
---- a/keystone/tests/test_backend_kvs.py
-+++ b/keystone/tests/test_backend_kvs.py
-@@ -70,6 +70,7 @@ class KvsToken(tests.TestCase, test_backend.TokenTests):
-         identity.CONF.identity.driver = (
-             'keystone.identity.backends.kvs.Identity')
-         self.load_backends()
-+        self.load_fixtures(default_fixtures)
- 
- 
- class KvsTrust(tests.TestCase, test_backend.TrustTests):
-diff --git a/keystone/tests/test_backend_memcache.py b/keystone/tests/test_backend_memcache.py
-index 964d5b4..c99a6a3 100644
---- a/keystone/tests/test_backend_memcache.py
-+++ b/keystone/tests/test_backend_memcache.py
-@@ -26,6 +26,7 @@ from keystone import exception
- from keystone.openstack.common import jsonutils
- from keystone.openstack.common import timeutils
- from keystone import tests
-+from keystone.tests import default_fixtures
- from keystone.tests import test_backend
- from keystone.tests import test_utils
- from keystone import token
-@@ -115,6 +116,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests):
-     def setUp(self):
-         super(MemcacheToken, self).setUp()
-         self.load_backends()
-+        self.load_fixtures(default_fixtures)
-         fake_client = MemcacheClient()
-         self.token_man = token.Manager()
-         self.token_man.driver = token_memcache.Token(client=fake_client)
-diff --git a/keystone/token/backends/kvs.py b/keystone/token/backends/kvs.py
-index b3f991a..c0d6e36 100644
---- a/keystone/token/backends/kvs.py
-+++ b/keystone/token/backends/kvs.py
-@@ -150,5 +150,7 @@ class Token(kvs.Base, token.Driver):
-     def flush_expired_tokens(self):
-         now = timeutils.utcnow()
-         for token, token_ref in self.db.items():
-+            if not token.startswith('revoked-token-'):
-+                continue
-             if self.is_expired(now, token_ref):
-                 self.db.delete(token)
-diff --git a/keystone/token/backends/memcache.py b/keystone/token/backends/memcache.py
-index a6fe826..08c1c40 100644
---- a/keystone/token/backends/memcache.py
-+++ b/keystone/token/backends/memcache.py
-@@ -83,12 +83,33 @@ class Token(token.Driver):
-             expires_ts = utils.unixtime(data_copy['expires'])
-             kwargs['time'] = expires_ts
-         self.client.set(ptk, data_copy, **kwargs)
--        if 'id' in data['user']:
--            user_id = data['user']['id']
--            user_key = self._prefix_user_id(user_id)
--            # Append the new token_id to the token-index-list stored in the
--            # user-key within memcache.
--            self._update_user_list_with_cas(user_key, token_id, data_copy)
-+        user_id = data['user']['id']
-+        user_key = self._prefix_user_id(user_id)
-+        # Append the new token_id to the token-index-list stored in the
-+        # user-key within memcache.
-+        self._update_user_list_with_cas(user_key, token_id, data_copy)
-+        if CONF.trust.enabled and data.get('trust_id'):
-+            # NOTE(morganfainberg): If trusts are enabled and this is a trust
-+            # scoped token, we add the token to the trustee list as well.  This
-+            # allows password changes of the trustee to also expire the token.
-+            # There is no harm in placing the token in multiple lists, as
-+            # _list_tokens is smart enough to handle almost any case of
-+            # valid/invalid/expired for a given token.
-+            token_data = data_copy['token_data']
-+            if data_copy['token_version'] == token.provider.V2:
-+                trustee_user_id = token_data['access']['trust'][
-+                    'trustee_user_id']
-+            elif data_copy['token_version'] == token.provider.V3:
-+                trustee_user_id = token_data['OS-TRUST:trust'][
-+                    'trustee_user_id']
-+            else:
-+                raise token.provider.UnsupportedTokenVersionException(
-+                    _('Unknown token version %s') %
-+                    data_copy.get('token_version'))
-+
-+            trustee_key = self._prefix_user_id(trustee_user_id)
-+            self._update_user_list_with_cas(trustee_key, token_id, data_copy)
-+
-         return copy.deepcopy(data_copy)
- 
-     def _convert_user_index_from_json(self, token_list, user_key):
---
-cgit v0.9.2
diff --git a/sys-auth/keystone/keystone-2013.2.2-r1.ebuild b/sys-auth/keystone/keystone-2013.2.3.ebuild
index ab74a474bf9d..f2f23f5f790f 100644
--- a/sys-auth/keystone/keystone-2013.2.2-r1.ebuild
+++ b/sys-auth/keystone/keystone-2013.2.3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.2-r1.ebuild,v 1.1 2014/03/16 19:54:35 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.3.ebuild,v 1.1 2014/04/06 06:01:38 prometheanfire Exp $
 
 EAPI=5
 
@@ -73,7 +73,6 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
 	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
 
 PATCHES=(
-		"${FILESDIR}/2013.2.2-CVE-2014-2237.patch"
 )
 
 pkg_setup() {
author	Matt Thode <prometheanfire@gentoo.org>	2014-04-06 06:01:59 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2014-04-06 06:01:59 +0000
commit	93b19d6388a64d9b0cf470437a4dc4a28cfe99bc (patch)
tree	373ab72e2019991f54d634bb6de6cc95381d1f97 /sys-auth
parent	more security (diff)
download	historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.tar.gz historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.tar.bz2 historical-93b19d6388a64d9b0cf470437a4dc4a28cfe99bc.zip