rpms/iproute
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase package on top of iproute2-4.16.0

Browse Source
This commit is contained in:
Phil Sutter 2018-06-01 16:19:54 +02:00
parent 56a5d45dbb
commit ec833118f5
15 changed files with 281 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@
/iproute2-4.13.0.tar.xz
/iproute2-4.14.1.tar.xz
/iproute2-4.15.0.tar.xz
/iproute2-4.16.0.tar.xz

6
0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch
View File

@ -1,7 +1,7 @@
From 2d6460e474e96c4ee474fc7b5b55ab04eeac4984 Mon Sep 17 00:00:00 2001
From d0a7e6eaa550dc7930ea53268637ff2186c7ddc6 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 17 Mar 2017 22:47:27 +0100
Subject: [PATCH 1/6] Add cbq.8 as an alias to tc-cbq.8
Subject: [PATCH] Add cbq.8 as an alias to tc-cbq.8
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
@ -17,5 +17,5 @@ index 0000000000000..bef35201f4eab
@@ -0,0 +1 @@
+.so man8/tc-cbq.8
--
2.15.1
2.17.0

37
0002-rdma-Ignore-unknown-netlink-attributes.patch Normal file
View File

@ -0,0 +1,37 @@
From 1264732c29782e314d02ac3fb494909d8815fa02 Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Tue, 3 Apr 2018 10:28:42 +0300
Subject: [PATCH] rdma: Ignore unknown netlink attributes
The check if netlink attributes supplied more than maximum supported
is to strict and may lead to backward compatibility issues with old
application with a newer kernel that supports new attribute.
CC: Steve Wise <swise@opengridcomputing.com>
Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit fda0a61dde744abe69d4227f62b66238460c9011)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rdma/utils.c b/rdma/utils.c
index f9460162ce369..910b3800eade5 100644
--- a/rdma/utils.c
+++ b/rdma/utils.c
@@ -383,7 +383,8 @@ int rd_attr_cb(const struct nlattr *attr, void *data)
int type;
if (mnl_attr_type_valid(attr, RDMA_NLDEV_ATTR_MAX) < 0)
- return MNL_CB_ERROR;
+ /* We received uknown attribute */
+ return MNL_CB_OK;
type = mnl_attr_get_type(attr);
--
2.17.0

46
0002-rdma-Reduce-scope-of-_dev_map_lookup-call.patch
View File

@ -1,46 +0,0 @@
From 8e8e7113d680fd344181dbaeafa5f7c4bae4805b Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Wed, 27 Dec 2017 09:57:50 +0200
Subject: [PATCH 2/6] rdma: Reduce scope of _dev_map_lookup call
There is no external users of _dev_map_lookup function,
so let's limit its scope to be local.
Fixes: 40df8263a0f0 ("rdma: Add dev object")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
(cherry picked from commit 0fc8c30b4e3ef4c6fc1c3142f9d906ec71d46ab8)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/rdma.h | 1 -
rdma/utils.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/rdma/rdma.h b/rdma/rdma.h
index d551eb2966e11..c07493c912423 100644
--- a/rdma/rdma.h
+++ b/rdma/rdma.h
@@ -78,7 +78,6 @@ int rd_exec_cmd(struct rd *rd, const struct rd_cmd *c, const char *str);
*/
void rd_free_devmap(struct rd *rd);
struct dev_map *dev_map_lookup(struct rd *rd, bool allow_port_index);
-struct dev_map *_dev_map_lookup(struct rd *rd, const char *dev_name);
/*
* Netlink
diff --git a/rdma/utils.c b/rdma/utils.c
index eb4377cf2e185..6ce1fd70e058f 100644
--- a/rdma/utils.c
+++ b/rdma/utils.c
@@ -236,7 +236,7 @@ int rd_recv_msg(struct rd *rd, mnl_cb_t callback, void *data, unsigned int seq)
return ret;
}
-struct dev_map *_dev_map_lookup(struct rd *rd, const char *dev_name)
+static struct dev_map *_dev_map_lookup(struct rd *rd, const char *dev_name)
{
struct dev_map *dev_map;
--
2.15.1

32
0003-bridge-fix-typo-in-hairpin-error-message.patch Normal file
View File

@ -0,0 +1,32 @@
From c302ef700895f0808bb107a2fa560c14c8f3e643 Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Fri, 6 Apr 2018 13:33:49 +0200
Subject: [PATCH] bridge: fix typo in hairpin error message
No 'g' to hairpin.
Fixes: 64108901b737 ("bridge: Add support for setting bridge port attributes")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit ef3671781644bd1722e55db4ad9d31047da0e42d)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
bridge/link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bridge/link.c b/bridge/link.c
index 870ebe0504777..a19bc1097024e 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -304,7 +304,7 @@ static int brlink_modify(int argc, char **argv)
return -1;
} else if (strcmp(*argv, "hairpin") == 0) {
NEXT_ARG();
- if (!on_off("hairping", &hairpin, *argv))
+ if (!on_off("hairpin", &hairpin, *argv))
return -1;
} else if (strcmp(*argv, "fastleave") == 0) {
NEXT_ARG();
--
2.17.0

35
0003-rdma-Protect-dev_map_lookup-from-wrong-input.patch
View File

@ -1,35 +0,0 @@
From b171f889bdc8d4e11af8bc6ea947860536d7ade8 Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Wed, 27 Dec 2017 09:57:51 +0200
Subject: [PATCH 3/6] rdma: Protect dev_map_lookup from wrong input
Despite the fact that all callers to dev_map_lookup are ensuring that
there is always device name prior to call to that function, it is better
and safer to check that in the dev_map_lookup itself.
Fixes: 40df8263a0f0 ("rdma: Add dev object")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
(cherry picked from commit 99da90326e6af8e17400a01cf48bb60606dd22a6)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/utils.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/rdma/utils.c b/rdma/utils.c
index 6ce1fd70e058f..bb29fa1a2386e 100644
--- a/rdma/utils.c
+++ b/rdma/utils.c
@@ -253,6 +253,9 @@ struct dev_map *dev_map_lookup(struct rd *rd, bool allow_port_index)
char *dev_name;
char *slash;
+ if (rd_no_arg(rd))
+ return NULL;
+
dev_name = strdup(rd_argv(rd));
if (allow_port_index) {
slash = strrchr(dev_name, '/');
--
2.15.1

32
0004-rdma-Fix-misspelled-SYS_IMAGE_GUID.patch
View File

@ -1,32 +0,0 @@
From f17a763593248d354a3af9ffbba260fedb2a9eeb Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Wed, 27 Dec 2017 09:57:53 +0200
Subject: [PATCH 4/6] rdma: Fix misspelled SYS_IMAGE_GUID
SYS_IMAGE_GUIG is actually SYS_IMAGE_GUID.
Fixes: da990ab40a92 ("rdma: Add link object")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
(cherry picked from commit 4e2eb9fdf911971c8a6615e4b07656047ada0093)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rdma/link.c b/rdma/link.c
index 3a4b00bd533b1..f0eaccbb8be70 100644
--- a/rdma/link.c
+++ b/rdma/link.c
@@ -30,7 +30,7 @@ static const char *caps_to_str(uint32_t idx)
x(PKEY_NVRAM, 8) \
x(LED_INFO, 9) \
x(SM_DISABLED, 10) \
- x(SYS_IMAGE_GUIG, 11) \
+ x(SYS_IMAGE_GUID, 11) \
x(PKEY_SW_EXT_PORT_TRAP, 12) \
x(EXTENDED_SPEEDS, 14) \
x(CM, 16) \
--
2.15.1

49
0004-utils-Do-not-reset-family-for-default-any-all-addres.patch Normal file
View File

@ -0,0 +1,49 @@
From 0c0499e4ff787ae76f9b1e5e8cb104794c9b8826 Mon Sep 17 00:00:00 2001
From: David Ahern <dsahern@gmail.com>
Date: Fri, 13 Apr 2018 09:36:33 -0700
Subject: [PATCH] utils: Do not reset family for default, any, all addresses
Thomas reported a change in behavior with respect to autodectecting
address families. Specifically, 'ip ro add default via fe80::1'
syntax was failing to treat fe80::1 as an IPv6 address as it did in
prior releases. The root causes appears to be a change in family when
the default keyword is parsed.
'default', 'any' and 'all' are relevant outside of AF_INET. Leave the
family arg as is for these when setting addr.
Fixes: 93fa12418dc6 ("utils: Always specify family and ->bytelen in get_prefix_1()")
Reported-by: Thomas Deutschmann <whissi@gentoo.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Serhey Popovych <serhe.popovych@gmail.com>
(cherry picked from commit d42c7891d26e4d5616a55aac9fe10813767fcf9c)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index b9e9a6caaf548..803bcc45f2f24 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -566,7 +566,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
if (strcmp(name, "default") == 0) {
if ((family == AF_DECnet) || (family == AF_MPLS))
return -1;
- addr->family = (family != AF_UNSPEC) ? family : AF_INET;
+ addr->family = family;
addr->bytelen = af_byte_len(addr->family);
addr->bitlen = -2;
addr->flags |= PREFIXLEN_SPECIFIED;
@@ -577,7 +577,7 @@ static int __get_addr_1(inet_prefix *addr, const char *name, int family)
strcmp(name, "any") == 0) {
if ((family == AF_DECnet) || (family == AF_MPLS))
return -1;
- addr->family = AF_UNSPEC;
+ addr->family = family;
addr->bytelen = 0;
addr->bitlen = -2;
return 0;
--
2.17.0

38
0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch Normal file
View File

@ -0,0 +1,38 @@
From fa55117da22086855061d9dd87fae15fdbec58e6 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Wed, 18 Apr 2018 11:06:07 -0700
Subject: [PATCH] iplink_geneve: correct size of message to avoid spurious
errors
Commit 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
inadvertently changed the parameter to addattr_l() resulting in:
addattr_l ERROR: message exceeded bound of 4
when remote is specified.
Fixes: 6c4b672738ac ("iplink_geneve: Get rid of inet_get_addr()")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
(cherry picked from commit f5393225f947f76523571d6205198112dc4a8e09)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
ip/iplink_geneve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c
index c66607267f7d1..e49a9adda1072 100644
--- a/ip/iplink_geneve.c
+++ b/ip/iplink_geneve.c
@@ -199,7 +199,7 @@ static int geneve_parse_opt(struct link_util *lu, int argc, char **argv,
if (is_addrtype_inet(&daddr)) {
int type = (daddr.family == AF_INET) ? IFLA_GENEVE_REMOTE :
IFLA_GENEVE_REMOTE6;
- addattr_l(n, sizeof(1024), type, daddr.data, daddr.bytelen);
+ addattr_l(n, 1024, type, daddr.data, daddr.bytelen);
}
if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_LABEL))
addattr32(n, 1024, IFLA_GENEVE_LABEL, label);
--
2.17.0

35
0005-rdma-Check-that-port-index-exists-before-operate-on-.patch
View File

@ -1,35 +0,0 @@
From bde8ace828708b5d49ce650163c6a411065dafb4 Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Wed, 27 Dec 2017 09:57:54 +0200
Subject: [PATCH 5/6] rdma: Check that port index exists before operate on link
layer
Link layer operates on port layer, hence it should check
it existence before execution commands.
Fixes: da990ab40a92 ("rdma: Add link object")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
(cherry picked from commit e3dee3c81f7fba93ae8c84f6c2fb5009c0764d65)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/link.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/rdma/link.c b/rdma/link.c
index f0eaccbb8be70..d93922890bb7f 100644
--- a/rdma/link.c
+++ b/rdma/link.c
@@ -277,6 +277,9 @@ static int link_one_show(struct rd *rd)
{ 0 }
};
+ if (!rd->port_idx)
+ return 0;
+
return rd_exec_cmd(rd, cmds, "parameter");
}
--
2.15.1

76
0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch Normal file
View File

@ -0,0 +1,76 @@
From 4264c8481a025fa7b413be1e892d30235237348b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 11 May 2018 13:39:56 +0100
Subject: [PATCH] ip: do not drop capabilities if net_admin=i is set
Users have reported a regression due to ip now dropping capabilities
unconditionally.
zerotier-one VPN and VirtualBox use ambient capabilities in their
binary and then fork out to ip to set routes and links, and this
does not work anymore.
As a workaround, do not drop caps if CAP_NET_ADMIN (the most common
capability used by ip) is set with the INHERITABLE flag.
Users that want ip vrf exec to work do not need to set INHERITABLE,
which will then only set when the calling program had privileges to
give itself the ambient capability.
Fixes: ba2fc55b99f8 ("Drop capabilities if not running ip exec vrf with libcap")
Signed-off-by: Luca Boccassi <bluca@debian.org>
(cherry picked from commit 9b13cc98f5952f62b825461727c8170d37a4037d)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 15 ++++++++++++---
man/man8/ip-vrf.8 | 4 ++++
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index 803bcc45f2f24..7d3fe9c91d3df 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1492,14 +1492,23 @@ void drop_cap(void)
/* don't harmstring root/sudo */
if (getuid() != 0 && geteuid() != 0) {
cap_t capabilities;
+ cap_value_t net_admin = CAP_NET_ADMIN;
+ cap_flag_t inheritable = CAP_INHERITABLE;
+ cap_flag_value_t is_set;
capabilities = cap_get_proc();
if (!capabilities)
exit(EXIT_FAILURE);
- if (cap_clear(capabilities) != 0)
- exit(EXIT_FAILURE);
- if (cap_set_proc(capabilities) != 0)
+ if (cap_get_flag(capabilities, net_admin, inheritable,
+ &is_set) != 0)
exit(EXIT_FAILURE);
+ /* apps with ambient caps can fork and call ip */
+ if (is_set == CAP_CLEAR) {
+ if (cap_clear(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ if (cap_set_proc(capabilities) != 0)
+ exit(EXIT_FAILURE);
+ }
cap_free(capabilities);
}
#endif
diff --git a/man/man8/ip-vrf.8 b/man/man8/ip-vrf.8
index 1a42cebe1aef4..c1c9b958f6800 100644
--- a/man/man8/ip-vrf.8
+++ b/man/man8/ip-vrf.8
@@ -70,6 +70,10 @@ This command also requires to be ran as root or with the CAP_SYS_ADMIN,
CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities. If built with libcap and if
capabilities are added to the ip binary program via setcap, the program will
drop them as the first thing when invoked, unless the command is vrf exec.
+.br
+NOTE: capabilities will NOT be dropped if CAP_NET_ADMIN is set to INHERITABLE
+to avoid breaking programs with ambient capabilities that call ip.
+Do not set the INHERITABLE flag on the ip binary itself.
.TP
.B ip vrf identify [PID] - Report VRF association for process
--
2.17.0

32
0006-rdma-Check-return-value-of-strdup-call.patch
View File

@ -1,32 +0,0 @@
From cda8da1af7517ee2fffb5bbedcf7488701ba332e Mon Sep 17 00:00:00 2001
From: Leon Romanovsky <leonro@mellanox.com>
Date: Wed, 31 Jan 2018 10:11:56 +0200
Subject: [PATCH 6/6] rdma: Check return value of strdup call
Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit 5f8265536f6f511ec62d3a0ee7e1324a8720f7e3)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
rdma/utils.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/rdma/utils.c b/rdma/utils.c
index bb29fa1a2386e..47ca2969706fb 100644
--- a/rdma/utils.c
+++ b/rdma/utils.c
@@ -67,6 +67,10 @@ static struct dev_map *dev_map_alloc(const char *dev_name)
if (!dev_map)
return NULL;
dev_map->dev_name = strdup(dev_name);
+ if (!dev_map->dev_name) {
+ free(dev_map);
+ return NULL;
+ }
return dev_map;
}
--
2.15.1

34
0007-tc-allow-0-for-percent-options.patch Normal file
View File

@ -0,0 +1,34 @@
From 011d598dc86ad94c0560e1eb7921546daf4f81eb Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Thu, 17 May 2018 16:20:50 -0700
Subject: [PATCH] tc: allow 0% for percent options
Allowing 0% is sometimes useful for example in netem loss and drop
or perhaps dropping all traffic in a HTB bin.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199745
Reported-by: stuartmarsden@gmail.com
Fixes: 927e3cfb52b5 ("tc: B.W limits can now be specified in %.")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
(cherry picked from commit 405e0c4ffe7a410b09201db42955089fb0033776)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
lib/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils.c b/lib/utils.c
index 7d3fe9c91d3df..44ba237e63557 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -103,7 +103,7 @@ int parse_percent(double *val, const char *str)
*val = strtod(str, &p) / 100.;
if (*val == HUGE_VALF || *val == HUGE_VALL)
return 1;
- if (*val == 0.0 || (*p && strcmp(p, "%")))
+ if (*p && strcmp(p, "%"))
return -1;
return 0;
--
2.17.0

16
iproute.spec
View File

@ -1,7 +1,7 @@
%global cbq_version v0.7.3
Summary: Advanced IP routing and network device configuration tools
Name: iproute
Version: 4.15.0
Version: 4.16.0
Release: 1%{?dist}
Group: Applications/System
URL: http://kernel.org/pub/linux/utils/net/%{name}2/
@ -14,11 +14,12 @@ Source2: avpkt
# to tc-cbq.8.
Patch1: 0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch
# Suggested backports by Fixes: tag.
Patch2: 0002-rdma-Reduce-scope-of-_dev_map_lookup-call.patch
Patch3: 0003-rdma-Protect-dev_map_lookup-from-wrong-input.patch
Patch4: 0004-rdma-Fix-misspelled-SYS_IMAGE_GUID.patch
Patch5: 0005-rdma-Check-that-port-index-exists-before-operate-on-.patch
Patch6: 0006-rdma-Check-return-value-of-strdup-call.patch
Patch2: 0002-rdma-Ignore-unknown-netlink-attributes.patch
Patch3: 0003-bridge-fix-typo-in-hairpin-error-message.patch
Patch4: 0004-utils-Do-not-reset-family-for-default-any-all-addres.patch
Patch5: 0005-iplink_geneve-correct-size-of-message-to-avoid-spuri.patch
Patch6: 0006-ip-do-not-drop-capabilities-if-net_admin-i-is-set.patch
Patch7: 0007-tc-allow-0-for-percent-options.patch
License: GPLv2+ and Public Domain
BuildRequires: bison
@ -164,6 +165,9 @@ rm -rf '%{buildroot}%{_docdir}'
%{_includedir}/iproute2/bpf_elf.h
%changelog
* Fri Jun 01 2018 Phil Sutter <psutter@redhat.com> - 4.16.0-1
- New version 4.16.0
* Fri Feb 09 2018 Phil Sutter <psutter@redhat.com> - 4.15.0-1
- New version 4.15.0

2
sources
View File

@ -1 +1 @@
SHA512 (iproute2-4.15.0.tar.xz) = bcc54b8dc83d7b0e759a2de77eb38fed483d7f7f82698f482e0259000f2f55ba79c556b721730eb999e85c865ad136fd7549304ebe936545e02e848ba7f698bc
SHA512 (iproute2-4.16.0.tar.xz) = a8fbc92665a8d4ca6ee1e894bfb27373cf6b16dac9e2ab3831e418fcc9b895acc7d6fc64efa0b0e37b3affd4ef8eacf4dae5715536138d6a05c65ad49a2becad