From e8ce0b704a3d51be58fe91a345d077326ae1801f Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Wed, 10 Jul 2024 16:36:31 +0200 Subject: [PATCH] Rebase to 0.25.5 Resolves: RHEL-46898 Signed-off-by: Zoltan Fridrich --- .gitignore | 2 + p11-kit-0.25.3-generate-keypair-eddsa.patch | 59 ---- p11-kit-0.25.3-import-object.patch | 109 ------- p11-kit-0.25.3-list-tokens-message.patch | 37 --- p11-kit-0.25.3-static-analysis.patch | 298 -------------------- p11-kit.spec | 6 +- sources | 4 +- 7 files changed, 5 insertions(+), 510 deletions(-) delete mode 100644 p11-kit-0.25.3-generate-keypair-eddsa.patch delete mode 100644 p11-kit-0.25.3-import-object.patch delete mode 100644 p11-kit-0.25.3-list-tokens-message.patch delete mode 100644 p11-kit-0.25.3-static-analysis.patch diff --git a/.gitignore b/.gitignore index 7b351bd..6db1df5 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,5 @@ /p11-kit-0.25.2.tar.xz.sig /p11-kit-0.25.3.tar.xz /p11-kit-0.25.3.tar.xz.sig +/p11-kit-0.25.5.tar.xz +/p11-kit-0.25.5.tar.xz.sig diff --git a/p11-kit-0.25.3-generate-keypair-eddsa.patch b/p11-kit-0.25.3-generate-keypair-eddsa.patch deleted file mode 100644 index 4b2c8b6..0000000 --- a/p11-kit-0.25.3-generate-keypair-eddsa.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --color -ruNp a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml ---- a/doc/manual/p11-kit.xml 2023-10-26 11:56:44.000000000 +0200 -+++ b/doc/manual/p11-kit.xml 2024-05-15 16:49:22.058423419 +0200 -@@ -211,7 +211,7 @@ $ p11-kit generate-keypair --type=algori - - - Specify the type of keys to generate. -- Supported values are rsa, ecdsa and ed25519. -+ Supported values are rsa, ecdsa and eddsa. - This option is required. - - -diff --color -ruNp a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c ---- a/p11-kit/generate-keypair.c 2024-05-15 16:45:43.883280385 +0200 -+++ b/p11-kit/generate-keypair.c 2024-05-15 16:48:40.499637246 +0200 -@@ -84,8 +84,7 @@ get_mechanism (const char *type) - m.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - else if (p11_ascii_strcaseeq (type, "ecdsa")) - m.mechanism = CKM_ECDSA_KEY_PAIR_GEN; -- else if (p11_ascii_strcaseeq (type, "ed25519") || -- p11_ascii_strcaseeq (type, "ed448")) -+ else if (p11_ascii_strcaseeq (type, "eddsa")) - m.mechanism = CKM_EC_EDWARDS_KEY_PAIR_GEN; - - return m; -diff --color -ruNp a/p11-kit/test-generate-keypair.sh b/p11-kit/test-generate-keypair.sh ---- a/p11-kit/test-generate-keypair.sh 2023-10-31 09:47:26.000000000 +0100 -+++ b/p11-kit/test-generate-keypair.sh 2024-05-15 16:48:40.499637246 +0200 -@@ -42,8 +42,8 @@ test_generate_keypair_ecdsa() { - if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then - assert_fail "expected to fail: p11-kit generate-keypair" - fi -+ assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized" - done -- assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized" - - if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then - assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve" -@@ -54,16 +54,16 @@ test_generate_keypair_ecdsa() { - test_generate_keypair_eddsa() { - for curve in ed25519 ed448; do - if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then -- assert_fail "unable to run: p11-kit generate-keypair" -+ assert_fail "expected to fail: p11-kit generate-keypair" - fi -+ assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized" - done -- assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized" - -- if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo"; then -+ if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then - assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve" - fi - assert_contains err.out "unknown curve name: unknown" - } - - run test_generate_keypair_mock test_generate_keypair_rsa \ -- test_generate_keypair_ecdsa test_generate_keypair_ecdsa -+ test_generate_keypair_ecdsa test_generate_keypair_eddsa diff --git a/p11-kit-0.25.3-import-object.patch b/p11-kit-0.25.3-import-object.patch deleted file mode 100644 index 974e0cf..0000000 --- a/p11-kit-0.25.3-import-object.patch +++ /dev/null @@ -1,109 +0,0 @@ -From d49c92c8420db6ee4c88515bdb014f68f4d471d9 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sat, 2 Dec 2023 09:24:01 +0900 -Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The build fails when compiling for 32-bit platforms with --Werror=incompatible-pointer-types: - - CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build - setarch i686 -- meson compile -C _build -v - ... - - ../p11-kit/import-object.c: In function ‘add_attrs_pubkey_rsa’: - ../p11-kit/import-object.c:223:62: error: passing argument 3 of ‘p11_asn1_read’ from incompatible pointer type [-Werror=incompatible-pointer-types] - 223 | attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); - | ^~~~~~~~~~~~~~~~~~~~~~~~ - | | - | long unsigned int * - -Reported by Sam James in: -https://github.com/p11-glue/p11-kit/issues/608 - -Signed-off-by: Daiki Ueno ---- - p11-kit/import-object.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c -index feee076..fb47b96 100644 ---- a/p11-kit/import-object.c -+++ b/p11-kit/import-object.c -@@ -55,6 +55,7 @@ - #endif - - #include -+#include - #include - #include - #include -@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) }; - CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, }; - CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, }; -+ size_t len = 0; - - pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len); - if (pubkey == NULL) { -@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, - goto cleanup; - } - -- attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); -+ attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len); - if (attr_modulus.pValue == NULL) { - p11_message (_("failed to obtain modulus")); - goto cleanup; - } -+#if ULONG_MAX < SIZE_MAX -+ if (len > ULONG_MAX) { -+ p11_message (_("failed to obtain modulus")); -+ goto cleanup; -+ } -+#endif -+ attr_modulus.ulValueLen = len; - -- attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen); -+ attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len); - if (attr_exponent.pValue == NULL) { - p11_message (_("failed to obtain exponent")); - goto cleanup; - } -+#if ULONG_MAX < SIZE_MAX -+ if (len > ULONG_MAX) { -+ p11_message (_("failed to obtain exponent")); -+ goto cleanup; -+ } -+#endif -+ attr_exponent.ulValueLen = len; - - result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL); - if (result == NULL) { -@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) }; - CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, }; - CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, }; -+ size_t len = 0; - -- attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen); -+ attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len); - if (attr_ec_params.pValue == NULL) { - p11_message (_("failed to obtain EC parameters")); - goto cleanup; - } -+#if ULONG_MAX < SIZE_MAX -+ if (len > ULONG_MAX) { -+ p11_message (_("failed to obtain EC parameters")); -+ goto cleanup; -+ } -+#endif -+ attr_ec_params.ulValueLen = len; - - /* subjectPublicKey is read as BIT STRING value which contains - * EC point data. We need to DER encode this data as OCTET STRING. --- -2.43.0 - diff --git a/p11-kit-0.25.3-list-tokens-message.patch b/p11-kit-0.25.3-list-tokens-message.patch deleted file mode 100644 index 86eac29..0000000 --- a/p11-kit-0.25.3-list-tokens-message.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8e46359a68deab9112a1e262d5384986ce87b5d8 Mon Sep 17 00:00:00 2001 -From: Zoltan Fridrich -Date: Thu, 16 Nov 2023 14:43:21 +0100 -Subject: [PATCH] Fix usage message in p11-kit list-tokens command - -Signed-off-by: Zoltan Fridrich ---- - p11-kit/list-tokens.c | 2 +- - p11-kit/test-list-tokens.sh | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/p11-kit/list-tokens.c b/p11-kit/list-tokens.c -index 48616cae..a9101945 100644 ---- a/p11-kit/list-tokens.c -+++ b/p11-kit/list-tokens.c -@@ -151,7 +151,7 @@ p11_kit_list_tokens (int argc, - }; - - p11_tool_desc usages[] = { -- { 0, "usage: p11-kit list-tokens" }, -+ { 0, "usage: p11-kit list-tokens [--only-uris] pkcs11:token" }, - { opt_verbose, "show verbose debug output", }, - { opt_quiet, "suppress command output", }, - { opt_only_urls, "only print token URIs", }, -diff --git a/p11-kit/test-list-tokens.sh b/p11-kit/test-list-tokens.sh -index f61e241d..f933792e 100755 ---- a/p11-kit/test-list-tokens.sh -+++ b/p11-kit/test-list-tokens.sh -@@ -21,7 +21,7 @@ teardown() { - - test_list_tokens_without_uri() { - cat > list.exp < -Date: Thu, 16 Nov 2023 10:12:14 +0100 -Subject: [PATCH] Fix issues found by static analysis - -Signed-off-by: Zoltan Fridrich ---- - common/frob-getprogname.c | 4 ++-- - common/test.c | 4 +--- - p11-kit/generate-keypair.c | 25 +++++++++---------------- - p11-kit/import-object.c | 22 +++++----------------- - p11-kit/lists.c | 1 + - p11-kit/print-config.c | 4 +++- - p11-kit/rpc-client.c | 6 ++++-- - p11-kit/test-uri.c | 4 ++-- - trust/test-trust.c | 2 +- - 9 files changed, 28 insertions(+), 44 deletions(-) - -diff --git a/common/frob-getprogname.c b/common/frob-getprogname.c -index ead658cc8..46e3b7fd3 100644 ---- a/common/frob-getprogname.c -+++ b/common/frob-getprogname.c -@@ -76,14 +76,14 @@ main (int argc, - execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args); - } else { - int status; -- char buffer[1024]; -+ char buffer[1024] = { 0 }; - size_t offset = 0; - ssize_t nread; - char *p; - - close (pfds[1]); - while (1) { -- nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset); -+ nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1); - if (nread < 0) { - perror ("read"); - exit (EXIT_FAILURE); -diff --git a/common/test.c b/common/test.c -index 3ed98da01..6cdbd1fa2 100644 ---- a/common/test.c -+++ b/common/test.c -@@ -272,7 +272,6 @@ p11_testx (void (* function) (void *), - test_item item = { TEST, }; - va_list va; - -- item.type = TEST; - item.x.test.func = function; - item.x.test.argument = argument; - -@@ -287,9 +286,8 @@ void - p11_fixture (void (* setup) (void *), - void (* teardown) (void *)) - { -- test_item item; -+ test_item item = { FIXTURE, }; - -- item.type = FIXTURE; - item.x.fix.setup = setup; - item.x.fix.teardown = teardown; - -diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c -index 49dc11830..695103d1d 100644 ---- a/p11-kit/generate-keypair.c -+++ b/p11-kit/generate-keypair.c -@@ -351,7 +351,7 @@ int - p11_kit_generate_keypair (int argc, - char *argv[]) - { -- int opt, ret = 2; -+ int opt, ret; - char *label = NULL; - CK_ULONG bits = 0; - const uint8_t *ec_params = NULL; -@@ -396,31 +396,27 @@ p11_kit_generate_keypair (int argc, - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_label: -- label = strdup (optarg); -- if (label == NULL) { -- p11_message (_("failed to allocate memory")); -- goto cleanup; -- } -+ label = optarg; - break; - case opt_type: - mechanism = get_mechanism (optarg); - if (mechanism.mechanism == CKA_INVALID) { - p11_message (_("unknown mechanism type: %s"), optarg); -- goto cleanup; -+ return 2; - } - break; - case opt_bits: - bits = strtol (optarg, NULL, 10); - if (bits == 0) { - p11_message (_("failed to parse bits value: %s"), optarg); -- goto cleanup; -+ return 2; - } - break; - case opt_curve: - ec_params = get_ec_params (optarg, &ec_params_len); - if (ec_params == NULL) { - p11_message (_("unknown curve name: %s"), optarg); -- goto cleanup; -+ return 2; - } - break; - case opt_login: -@@ -434,10 +430,9 @@ p11_kit_generate_keypair (int argc, - break; - case opt_help: - p11_tool_usage (usages, options); -- ret = 0; -- goto cleanup; -+ return 0; - case '?': -- goto cleanup; -+ return 2; - default: - assert_not_reached (); - break; -@@ -449,11 +444,11 @@ p11_kit_generate_keypair (int argc, - - if (argc != 1) { - p11_tool_usage (usages, options); -- goto cleanup; -+ return 2; - } - - if (!check_args (mechanism.mechanism, bits, ec_params)) -- goto cleanup; -+ return 2; - - #ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. -@@ -464,11 +459,9 @@ p11_kit_generate_keypair (int argc, - - ret = generate_keypair (*argv, label, mechanism, bits, ec_params, ec_params_len, login); - --cleanup: - #ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); - #endif -- free (label); - - return ret; - } -diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c -index 270a0e027..feee07659 100644 ---- a/p11-kit/import-object.c -+++ b/p11-kit/import-object.c -@@ -500,7 +500,7 @@ int - p11_kit_import_object (int argc, - char *argv[]) - { -- int opt, ret = 2; -+ int opt, ret; - char *label = NULL; - char *file = NULL; - bool login = false; -@@ -536,18 +536,10 @@ p11_kit_import_object (int argc, - while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { - switch (opt) { - case opt_label: -- label = strdup (optarg); -- if (label == NULL) { -- p11_message (_("failed to allocate memory")); -- goto cleanup; -- } -+ label = optarg; - break; - case opt_file: -- file = strdup (optarg); -- if (file == NULL) { -- p11_message (_("failed to allocate memory")); -- goto cleanup; -- } -+ file = optarg; - break; - case opt_login: - login = true; -@@ -574,12 +566,12 @@ p11_kit_import_object (int argc, - - if (argc != 1) { - p11_tool_usage (usages, options); -- goto cleanup; -+ return 2; - } - - if (file == NULL) { - p11_message (_("no file specified")); -- goto cleanup; -+ return 2; - } - - #ifdef OS_UNIX -@@ -595,10 +587,6 @@ p11_kit_import_object (int argc, - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); - #endif - --cleanup: -- free (label); -- free (file); -- - return ret; - } - -diff --git a/p11-kit/lists.c b/p11-kit/lists.c -index df58beb3f..007bb0f12 100644 ---- a/p11-kit/lists.c -+++ b/p11-kit/lists.c -@@ -295,6 +295,7 @@ print_modules (void) - if (rv != CKR_OK) { - p11_message (_("couldn't load module info: %s"), - p11_kit_strerror (rv)); -+ p11_kit_modules_finalize_and_release (module_list); - return 1; - } - -diff --git a/p11-kit/print-config.c b/p11-kit/print-config.c -index 173b55feb..29daf3871 100644 ---- a/p11-kit/print-config.c -+++ b/p11-kit/print-config.c -@@ -74,8 +74,10 @@ print_config (void) - P11_PACKAGE_CONFIG_MODULES, - P11_SYSTEM_CONFIG_MODULES, - P11_USER_CONFIG_MODULES); -- if (modules_conf == NULL) -+ if (modules_conf == NULL) { -+ p11_dict_free (global_conf); - return 1; -+ } - - printf ("[global]\n"); - p11_dict_iterate (global_conf, &i); -diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c -index fb39103eb..19b628b1a 100644 ---- a/p11-kit/rpc-client.c -+++ b/p11-kit/rpc-client.c -@@ -173,6 +173,8 @@ call_done (rpc_client *module, - p11_rpc_message *msg, - CK_RV ret) - { -+ p11_buffer *buf; -+ - assert (module != NULL); - assert (msg != NULL); - -@@ -189,9 +191,9 @@ call_done (rpc_client *module, - - /* We used the same buffer for input/output, so this frees both */ - assert (msg->input == msg->output); -- p11_rpc_buffer_free (msg->input); -- -+ buf = msg->input; - p11_rpc_message_clear (msg); -+ p11_rpc_buffer_free (buf); - - return ret; - } -diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c -index 32e8da703..18b7a108a 100644 ---- a/p11-kit/test-uri.c -+++ b/p11-kit/test-uri.c -@@ -1019,7 +1019,7 @@ test_uri_get_set_unrecognized (void) - static void - test_uri_match_token (void) - { -- CK_TOKEN_INFO token; -+ CK_TOKEN_INFO token = { 0 }; - P11KitUri *uri; - int ret; - -@@ -1056,7 +1056,7 @@ test_uri_match_token (void) - static void - test_uri_match_module (void) - { -- CK_INFO info; -+ CK_INFO info = { 0 }; - P11KitUri *uri; - int ret; - -diff --git a/trust/test-trust.c b/trust/test-trust.c -index 29b2797b5..3b27a1f31 100644 ---- a/trust/test-trust.c -+++ b/trust/test-trust.c -@@ -258,7 +258,7 @@ test_check_symlink_msg (const char *file, - if (asprintf (&filename, "%s/%s", directory, name) < 0) - assert_not_reached (); - -- if (readlink (filename, buf, sizeof (buf)) < 0) -+ if (readlink (filename, buf, sizeof (buf) - 1) < 0) - p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); - - if (strcmp (destination, buf) != 0) diff --git a/p11-kit.spec b/p11-kit.spec index 1dab67d..21546ad 100644 --- a/p11-kit.spec +++ b/p11-kit.spec @@ -1,5 +1,5 @@ # This spec file has been automatically updated -Version: 0.25.3 +Version: 0.25.5 Release: %{?autorelease}%{!?autorelease:1%{?dist}} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -11,10 +11,6 @@ Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version} Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyring.gpg Source3: trust-extract-compat Source4: p11-kit-client.service -Patch: p11-kit-0.25.3-import-object.patch -Patch: p11-kit-0.25.3-list-tokens-message.patch -Patch: p11-kit-0.25.3-static-analysis.patch -Patch: p11-kit-0.25.3-generate-keypair-eddsa.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 diff --git a/sources b/sources index ca61d94..bed7eca 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (p11-kit-0.25.3.tar.xz) = ad2d393bf122526cbba18dc9d5a13f2c1cad7d70125ec90ffd02059dfa5ef30ac59dfc0bb9bc6380c8f317e207c9e87e895f1945634f56ddf910c2958868fb4c -SHA512 (p11-kit-0.25.3.tar.xz.sig) = 189a40b12e40818daff4aa6869d7e0fa342a42f3901d85fc52bb40f7023bb17790967be5ab9a183473fe8bb3e335a0d4d8c2b6345ccf811e90f8495009c085b8 +SHA512 (p11-kit-0.25.5.tar.xz) = 177ec6ff5eb891901078306dce2bf3f5c1a0e5c2a8c493bdf5a08ae1ff1240fdf6952961e973c373f80ac3d1d5a9927e07f4da49e4ff92269d992e744889fc94 +SHA512 (p11-kit-0.25.5.tar.xz.sig) = 2be5aa4ccbb889e32aed88fc1f7926c3ccaadc90cc6b15a187358c812eee4ce1712068d1f271766ac51366112c0619aad46cff345ed2edd009fb2fe7fb804493 SHA512 (p11-kit-release-keyring.gpg) = 9a832a8ac3a139cbbf1ecb66573f0709847ebfef4975777cf82b4dca09af1ad8e6400f0af0bcdb92860e7ed4fc05082ba1edda0238a21fe24d49555a1069e881