rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'f28' into f27

Browse Source
This commit is contained in:
Joe Orton 2018-03-29 17:00:55 +01:00
commit 5bd4fb47d6
9 changed files with 170 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
00-proxy.conf
View File

@ -14,4 +14,5 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

1
01-md.conf Normal file
View File

@ -0,0 +1 @@
LoadModule md_module modules/mod_md.so

8
httpd-2.4.4-export.patch → httpd-2.4.33-export.patch
View File

@ -6,12 +6,12 @@ Upstream-HEAD: needed
Upstream-2.0: omit
Upstream-Status: EXPORT_DIRS change is conditional on using shared apr
--- httpd-2.4.4/server/Makefile.in.export
+++ httpd-2.4.4/server/Makefile.in
@@ -57,9 +57,6 @@ export_files:
( for dir in $(EXPORT_DIRS); do \
--- httpd-2.4.33/server/Makefile.in.export
+++ httpd-2.4.33/server/Makefile.in
@@ -60,9 +60,6 @@
ls $$dir/*.h ; \
done; \
echo "$(top_srcdir)/server/mpm_fdqueue.h"; \
- for dir in $(EXPORT_DIRS_APR); do \
- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \
- done; \

21
httpd-2.4.33-mddefault.patch Normal file
View File

@ -0,0 +1,21 @@
Override default.
--- httpd-2.4.33/modules/md/mod_md_config.c.mddefault
+++ httpd-2.4.33/modules/md/mod_md_config.c
@@ -54,10 +54,14 @@
#define DEF_VAL (-1)
+#ifndef MD_DEFAULT_STORE_DIR
+#define MD_DEFAULT_STORE_DIR "state/md"
+#endif
+
/* Default settings for the global conf */
static md_mod_conf_t defmc = {
NULL,
- "md",
+ MD_DEFAULT_STORE_DIR,
NULL,
NULL,
80,

133
httpd-2.4.25-r1738878.patch → httpd-2.4.33-r1738878.patch
View File

@ -1,28 +1,9 @@
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
index c119a7e..267150a 100644
--- a/modules/proxy/ajp.h
+++ b/modules/proxy/ajp.h
@@ -413,12 +413,14 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
* @param sock backend socket
* @param r current request
* @param buffsize max size of the AJP packet.
+ * @param secret authentication secret
* @param uri requested uri
* @return APR_SUCCESS or error
*/
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
apr_size_t buffsize,
- apr_uri_t *uri);
+ apr_uri_t *uri,
+ const char *secret);
/**
* Read the ajp message and return the type of the message.
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index 67353a7..680a8f3 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
diff -uap httpd-2.4.33/modules/proxy/ajp_header.c.r1738878 httpd-2.4.33/modules/proxy/ajp_header.c
--- httpd-2.4.33/modules/proxy/ajp_header.c.r1738878
+++ httpd-2.4.33/modules/proxy/ajp_header.c
@@ -213,7 +213,8 @@
static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
request_rec *r,
@ -32,7 +13,7 @@ index 67353a7..680a8f3 100644
{
int method;
apr_uint32_t i, num_headers = 0;
@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
@@ -293,17 +294,15 @@
i, elts[i].key, elts[i].val);
}
@ -53,7 +34,7 @@ index 67353a7..680a8f3 100644
if (r->user) {
if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
@@ -671,7 +670,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
@@ -671,7 +670,8 @@
apr_status_t ajp_send_header(apr_socket_t *sock,
request_rec *r,
apr_size_t buffsize,
@ -63,7 +44,7 @@ index 67353a7..680a8f3 100644
{
ajp_msg_t *msg;
apr_status_t rc;
@@ -683,7 +683,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
@@ -683,7 +683,7 @@
return rc;
}
@ -72,48 +53,29 @@ index 67353a7..680a8f3 100644
if (rc != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
"ajp_send_header: ajp_marshal_into_msgb failed");
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index f6fb473..f693f63 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -314,6 +314,12 @@ static const char *set_worker_param(apr_pool_t *p,
(int)sizeof(worker->s->upgrade));
}
}
+ else if (!strcasecmp(key, "secret")) {
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
+ return apr_psprintf(p, "Secret length must be < %d characters",
+ (int)sizeof(worker->s->secret));
+ }
+ }
else {
if (set_worker_hc_param_f) {
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 8a0ad10..f92c185 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -352,6 +352,7 @@ PROXY_WORKER_HC_FAIL )
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
diff -uap httpd-2.4.33/modules/proxy/ajp.h.r1738878 httpd-2.4.33/modules/proxy/ajp.h
--- httpd-2.4.33/modules/proxy/ajp.h.r1738878
+++ httpd-2.4.33/modules/proxy/ajp.h
@@ -413,12 +413,14 @@
* @param sock backend socket
* @param r current request
* @param buffsize max size of the AJP packet.
+ * @param secret authentication secret
* @param uri requested uri
* @return APR_SUCCESS or error
*/
apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
apr_size_t buffsize,
- apr_uri_t *uri);
+ apr_uri_t *uri,
+ const char *secret);
/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
* dotted together(?) this would fit the below size (+ trailing NUL).
@@ -443,6 +444,7 @@ typedef struct {
hcmethod_t method; /* method to use for health check */
apr_interval_time_t interval;
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
} proxy_worker_shared;
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 051724e..e706518 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -193,6 +193,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
/**
* Read the ajp message and return the type of the message.
diff -uap httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
--- httpd-2.4.33/modules/proxy/mod_proxy_ajp.c.r1738878
+++ httpd-2.4.33/modules/proxy/mod_proxy_ajp.c
@@ -193,6 +193,7 @@
apr_off_t content_length = 0;
int original_status = r->status;
const char *original_status_line = r->status_line;
@ -121,7 +83,7 @@ index 051724e..e706518 100644
if (psf->io_buffer_size_set)
maxsize = psf->io_buffer_size;
@@ -202,12 +203,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
@@ -202,12 +203,15 @@
maxsize = AJP_MSG_BUFFER_SZ;
maxsize = APR_ALIGN(maxsize, 1024);
@ -138,3 +100,38 @@ index 051724e..e706518 100644
if (status != APR_SUCCESS) {
conn->close = 1;
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.c
--- httpd-2.4.33/modules/proxy/mod_proxy.c.r1738878
+++ httpd-2.4.33/modules/proxy/mod_proxy.c
@@ -318,6 +318,12 @@
(int)sizeof(worker->s->upgrade));
}
}
+ else if (!strcasecmp(key, "secret")) {
+ if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
+ return apr_psprintf(p, "Secret length must be < %d characters",
+ (int)sizeof(worker->s->secret));
+ }
+ }
else {
if (set_worker_hc_param_f) {
return set_worker_hc_param_f(p, s, worker, key, val, NULL);
diff -uap httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878 httpd-2.4.33/modules/proxy/mod_proxy.h
--- httpd-2.4.33/modules/proxy/mod_proxy.h.r1738878
+++ httpd-2.4.33/modules/proxy/mod_proxy.h
@@ -353,6 +353,7 @@
#define PROXY_WORKER_MAX_HOSTNAME_SIZE 64
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+#define PROXY_WORKER_MAX_SECRET_SIZE 64
#define PROXY_RFC1035_HOSTNAME_SIZE 256
@@ -447,6 +448,7 @@
apr_interval_time_t interval;
char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */
char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */
+ char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
} proxy_worker_shared;
#define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))

12
httpd-2.4.17-sslciphdefault.patch → httpd-2.4.33-sslciphdefault.patch
View File

@ -3,9 +3,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1109119
Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
--- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault
+++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
@@ -758,8 +758,10 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@ -18,9 +18,9 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
if (cmd->path) {
dc->szCipherSuite = arg;
@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
@@ -1502,8 +1504,10 @@
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
@ -29,5 +29,5 @@ Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
+ if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
sc->proxy->auth.cipher_suite = arg;
dc->proxy->auth.cipher_suite = arg;

14
httpd.service.xml
View File

@ -166,6 +166,20 @@ Wants=network-online.target</programlisting>
--kill-who=main --signal=HUP httpd</command>.</para>
</refsect2>
<refsect2>
<title>Automated service restarts</title>
<para>System packages (including the httpd package itself) may
restart the httpd service automatically after packages are
upgraded, installed, or removed. This is done using the
<command>systemctl reload httpd.service</command>, which
produces a <emphasis>graceful</emphasis> restart by default as
described above.</para>
<para>To suppress automatic reloads entirely, create the file
<filename>/etc/sysconfig/httpd-disable-posttrans</filename>.</para>
</refsect2>
<refsect2>
<title>Changing the default MPM (Multi-Processing Module)</title>

72
httpd.spec
View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.29
Release: 2%{?dist}
Version: 2.4.33
Release: 1%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@ -42,6 +42,7 @@ Source25: 01-session.conf
Source26: 10-listen443.conf
Source27: httpd.socket
Source28: 00-optional.conf
Source29: 01-md.conf
# Documentation
Source30: README.confd
Source31: README.confmod
@ -59,7 +60,7 @@ Patch6: httpd-2.4.3-apctl-systemd.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.25-detect-systemd.patch
# Features/functional changes
Patch23: httpd-2.4.4-export.patch
Patch23: httpd-2.4.33-export.patch
Patch24: httpd-2.4.1-corelimit.patch
Patch25: httpd-2.4.25-selinux.patch
Patch26: httpd-2.4.4-r1337344+.patch
@ -68,15 +69,16 @@ Patch29: httpd-2.4.27-systemd.patch
Patch30: httpd-2.4.4-cachehardmax.patch
Patch31: httpd-2.4.18-sslmultiproxy.patch
Patch34: httpd-2.4.17-socket-activation.patch
Patch35: httpd-2.4.17-sslciphdefault.patch
Patch35: httpd-2.4.33-sslciphdefault.patch
# Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch58: httpd-2.4.25-r1738878.patch
Patch58: httpd-2.4.33-r1738878.patch
# Security fixes
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel
BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
@ -160,6 +162,19 @@ The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.
%package -n mod_md
Group: System Environment/Daemons
Summary: Certificate provisioning using ACME for the Apache HTTP Server
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
BuildRequires: jansson-devel, libcurl-devel
%description -n mod_md
This module manages common properties of domains for one or more
virtual hosts. Specifically it can use the ACME protocol (RFC Draft)
to automate certificate provisioning. These will be configured for
managed domains and their virtual hosts automatically. This includes
renewal of certificates before they expire.
%package -n mod_proxy_html
Group: System Environment/Daemons
Summary: HTML and XML content filters for the Apache HTTP Server
@ -208,7 +223,7 @@ interface for storing and accessing per-user session data.
%patch27 -p1 -b .icons
%patch29 -p1 -b .systemd
%patch30 -p1 -b .cachehardmax
%patch31 -p1 -b .sslmultiproxy
#patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation
%patch35 -p1 -b .sslciphdefault
%patch58 -p1 -b .r1738878
@ -313,7 +328,8 @@ install -m 644 $RPM_SOURCE_DIR/README.confmod \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/README
for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \
00-proxy.conf 00-ssl.conf 01-ldap.conf 00-proxyhtml.conf \
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf; do
01-ldap.conf 00-systemd.conf 01-session.conf 00-optional.conf \
01-md.conf; do
install -m 644 -p $RPM_SOURCE_DIR/$f \
$RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f
done
@ -361,6 +377,7 @@ install -m 644 -p $RPM_SOURCE_DIR/httpd.tmpfiles \
# Other directories
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav \
$RPM_BUILD_ROOT%{_localstatedir}/lib/httpd \
$RPM_BUILD_ROOT/run/httpd/htcacheclean
# Substitute in defaults which are usually done (badly) by "make install"
@ -420,6 +437,7 @@ ln -s ../../pixmaps/poweredby.png \
# symlinks for /etc/httpd
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
@ -539,9 +557,6 @@ done
set -x
exit $rv
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
@ -550,6 +565,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/httpd/modules
%{_sysconfdir}/httpd/logs
%{_sysconfdir}/httpd/state
%{_sysconfdir}/httpd/run
%dir %{_sysconfdir}/httpd/conf
%config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
@ -587,6 +603,7 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod*.so
%exclude %{_libdir}/httpd/modules/mod_auth_form.so
%exclude %{_libdir}/httpd/modules/mod_ssl.so
%exclude %{_libdir}/httpd/modules/mod_md.so
%exclude %{_libdir}/httpd/modules/mod_*ldap.so
%exclude %{_libdir}/httpd/modules/mod_proxy_html.so
%exclude %{_libdir}/httpd/modules/mod_xml2enc.so
@ -605,6 +622,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
%attr(0700,root,root) %dir %{_localstatedir}/log/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
%attr(0700,apache,apache) %dir %{_localstatedir}/lib/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd
%attr(0700,apache,apache) %dir %{_localstatedir}/cache/httpd/proxy
@ -669,6 +687,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/modules/mod_auth_form.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-session.conf
%files -n mod_md
%defattr(-,root,root)
%{_libdir}/httpd/modules/mod_md.so
%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/01-md.conf
%files devel
%defattr(-,root,root)
%{_includedir}/httpd
@ -680,6 +703,29 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Mar 28 2018 Joe Orton <jorton@redhat.com> - 2.4.33-1
- rebase to 2.4.33 (#1560174)
- add mod_md subpackage; load mod_proxy_uwsgi by default
* Mon Mar 05 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.29-8
- Rebuilt with brotli 1.0.3
* Mon Feb 26 2018 Joe Orton <jorton@redhat.com> - 2.4.29-7
- simplify liblua detection in configure
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.29-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 27 2018 Joe Orton <jorton@redhat.com> - 2.4.29-5
- link mod_lua against -lcrypt (#1538992)
* Fri Jan 26 2018 Paul Howarth <paul@city-fan.org> - 2.4.29-4
- Rebuild with updated flags to work around compiler issues on i686
(#1538648, #1538693)
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.29-3
- Rebuilt for switch to libxcrypt
* Thu Nov 23 2017 Joe Orton <jorton@redhat.com> - 2.4.29-2
- build and load mod_brotli
@ -716,12 +762,8 @@ rm -rf $RPM_BUILD_ROOT
- use sscg defaults; append CA cert to generated cert
- document httpd-init.service in httpd-init.service(8)
* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-8
- Address CVE-2017-9798 by applying patch from upstream (#1490344)
* Wed Sep 20 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-8.1
- Generate SSL certificates on service start, not %%posttrans
- Generate SSL certificates on service start, not %%posttrans
* Tue Sep 19 2017 Joe Orton <jorton@redhat.com> - 2.4.27-8
- move httpd.service.d, httpd.socket.d dirs to -filesystem

2
sources
View File

@ -1 +1 @@
SHA512 (httpd-2.4.29.tar.bz2) = 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a
SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269