From patchwork Wed Jul 30 19:05:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67760 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CAB7C83F26 for ; Wed, 30 Jul 2025 19:05:53 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.43738.1753902343465292327 for ; Wed, 30 Jul 2025 12:05:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rigLZBMG; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2405c0c431cso1553885ad.1 for ; Wed, 30 Jul 2025 12:05:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902343; x=1754507143; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VmwFMbmN6y4yFpQZogvUI5WwMUsN2Lcyxg4jOXkf3K0=; b=rigLZBMGRrhpFibiALEzosKlvWEqaTTD9jhEea0T7bApExQjAVp+jAIMBCN/i7Mxnp DweWOeiODGWYy8PUXGrwimevdgo+1e1lnNXgLpB4P0PBpQJEWx8BNGBrBvP/8snrA7ZV nIUoycbAqYb/9u2fTvaOCipOKblcXYVihpnBFHGqZKPCvfqpeytuPuuBFnWOZI3DqIsz Eqr0376NQI+x0OVWj8RG5nlvG8e8Vi1zqmqHx3vkdHiUZqB7mbE34m3GgkzYpqG3guLQ 8RUQkiGhykghs4AFhyJuikUJ4NnkyKTGToV4l4HXqDl8zYRA/Hmz6+g08onCfaA6cBu1 wWTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902343; x=1754507143; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VmwFMbmN6y4yFpQZogvUI5WwMUsN2Lcyxg4jOXkf3K0=; b=r8sa3GPZz6DWQvDCAQGMbp20Q+0IossO/lQC8Q70LfMsZcc3uPPIC3QKuv0cNfLxkq KNpNVkuLPhrEiroAs62dBDeztcorgWsgwVclLVTM1i5CNvmaiZd5vcHanIFHBIAGRpIc cLLIjn9g6Onu6EJctqQZtuo5sXkVXiUGyJuIDYsA5lUVwODBj9v/LyL2hZUnVzrh/k7O VnW8ZzIMEXrsnoczPoyN/CDJqmISLSn995WcvsNeUosnMUbXLI3GUUdYiTZcFPIvUfq8 YACkPQdn3i0PPjgMFFmBsKhUnYly30HzqoqdY5sGB9+jHPnggdmY9/rxsPkUmG8ofXMF oGSQ== X-Gm-Message-State: AOJu0YztKqHlPxjmejoC4bfdbIgELoJjG0RqWcTiB0SXnU5YunjgFOCX 0R4XgVl+lgG6JQauvd/wSiLQXmlqYX8f3H6bKVuYu628F13jHzyr3sx62n258FlrBOM0KTqITAi OPS1s X-Gm-Gg: ASbGnctCwGxqCXht9/NoV5GqWTZzC2Ms7Refx3HMUaUZZFWUuadHhu7/TReuU2mtv/t CQS7xGSo9dx6GMLx3IG65ozlrpoteudIVESn6TwBdmxki3Iwih91Cal3H8DTZMAoegjNUoqitO9 /rYMu6gP6C3xGh5B+eURneVITlSTdTOA1ulTSKm2+rD7W+UgM7ClFXXEpEDBQHwu5gW9S0aFM5x nqvqYq567bNxf/7+11k0KL0lNGgmXEDBu8Tu/P5Lf7niSXBU2BLKdOxEDBNSWECeiUG6+q2zi+4 abz4fGILH/xnNFDS9V4d1ez5fF9IggO0qUep3Z0oCCxBN32bMyEcQt+AofsRckfssUFDkQH2cn8 MAC34XyAdviH6 X-Google-Smtp-Source: AGHT+IFO2av5deoJijaQFI7bwyVSWgnfz1YMMSnmllYAvhX8eOe+nuzLlxxvzmoegq+YWzzDbhoEIg== X-Received: by 2002:a17:902:cf43:b0:23f:ecc1:ed75 with SMTP id d9443c01a7336-24096a4f6d8mr63448355ad.2.1753902342249; Wed, 30 Jul 2025 12:05:42 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:41 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] dropbear: patch CVE-2025-47203 Date: Wed, 30 Jul 2025 12:05:25 -0700 Message-ID: <91eeffaf14917c7c994a8de794b915231e69c5d6.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:05:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221139 From: Peter Marko CVE patch [1] as mentioned in [2] relies on several patches not yet available in version 2020.81 we have in kirkstone. The good folks from Debian did the hard work identifying them as they have the same version in bullseye release. The commits were picked from [3] and they have their references to dropbear upstream commits. [1] https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b [2] https://security-tracker.debian.org/tracker/CVE-2025-47203 [3] https://salsa.debian.org/debian/dropbear/-/commit/7f48e75892c40cfc6336137d62581d2c4ca7d84c Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-core/dropbear/dropbear.inc | 3 + ..._snprintf-that-won-t-return-negative.patch | 48 +++ ...-length-paths-and-commands-in-multih.patch | 126 +++++++ .../dropbear/dropbear/CVE-2025-47203.patch | 344 ++++++++++++++++++ 4 files changed, 521 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Add-m_snprintf-that-won-t-return-negative.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index a32242949b..94059df258 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -31,6 +31,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://CVE-2021-36369.patch \ file://CVE-2023-36328.patch \ file://CVE-2023-48795.patch \ + file://0001-Add-m_snprintf-that-won-t-return-negative.patch \ + file://0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch \ + file://CVE-2025-47203.patch \ " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/0001-Add-m_snprintf-that-won-t-return-negative.patch b/meta/recipes-core/dropbear/dropbear/0001-Add-m_snprintf-that-won-t-return-negative.patch new file mode 100644 index 0000000000..ec75fcbc61 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-Add-m_snprintf-that-won-t-return-negative.patch @@ -0,0 +1,48 @@ +From ac2433cb8daa1279d14f8b2cd4c7e1f3405787d4 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Fri, 1 Apr 2022 12:10:48 +0800 +Subject: [PATCH] Add m_snprintf() that won't return negative + +Origin: https://github.com/mkj/dropbear/commit/ac2433cb8daa1279d14f8b2cd4c7e1f3405787d4 + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/ac2433cb8daa1279d14f8b2cd4c7e1f3405787d4] +Signed-off-by: Peter Marko +--- + dbutil.c | 13 +++++++++++++ + dbutil.h | 2 ++ + 2 files changed, 15 insertions(+) + +diff --git a/dbutil.c b/dbutil.c +index 5af6330..d4c3298 100644 +--- a/dbutil.c ++++ b/dbutil.c +@@ -691,3 +691,16 @@ void fsync_parent_dir(const char* fn) { + m_free(fn_dir); + #endif + } ++ ++int m_snprintf(char *str, size_t size, const char *format, ...) { ++ va_list param; ++ int ret; ++ ++ va_start(param, format); ++ ret = vsnprintf(str, size, format, param); ++ va_end(param); ++ if (ret < 0) { ++ dropbear_exit("snprintf failed"); ++ } ++ return ret; ++} +diff --git a/dbutil.h b/dbutil.h +index 2a1c82c..71cffe8 100644 +--- a/dbutil.h ++++ b/dbutil.h +@@ -70,6 +70,8 @@ void m_close(int fd); + void setnonblocking(int fd); + void disallow_core(void); + int m_str_to_uint(const char* str, unsigned int *val); ++/* The same as snprintf() but exits rather than returning negative */ ++int m_snprintf(char *str, size_t size, const char *format, ...); + + /* Used to force mp_ints to be initialised */ + #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} diff --git a/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch b/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch new file mode 100644 index 0000000000..dbc457209d --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch @@ -0,0 +1,126 @@ +From fe15c36664a984de9e1b2386ac52d4b8577cac93 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Mon, 1 Apr 2024 11:50:26 +0800 +Subject: [PATCH] Handle arbitrary length paths and commands in + multihop_passthrough_args() + +Origin: https://github.com/mkj/dropbear/commit/7894254afa9b1d3a836911b7ccea1fe18391b881 +Origin: https://github.com/mkj/dropbear/commit/2f1177e55f33afd676e08c9449ab7ab517fc3b30 +Origin: https://github.com/mkj/dropbear/commit/697b1f86c0b2b0caf12e9e32bab29161093ab5d4 +Origin: https://github.com/mkj/dropbear/commit/dd03da772bfad6174425066ff9752b60e25ed183 +Origin: https://github.com/mkj/dropbear/commit/d59436a4d56de58b856142a5d489a4a8fc7382ed + +Upstream-Status: Backport [see commits above] +Signed-off-by: Peter Marko +--- + cli-runopts.c | 63 +++++++++++++++++++++------------------------------ + 1 file changed, 26 insertions(+), 37 deletions(-) + +diff --git a/cli-runopts.c b/cli-runopts.c +index 255b47e..9798f62 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -523,61 +523,50 @@ static void loadidentityfile(const char* filename, int warnfail) { + + #if DROPBEAR_CLI_MULTIHOP + +-static char* +-multihop_passthrough_args() { +- char *ret; +- int total; +- unsigned int len = 0; ++/* Fill out -i, -y, -W options that make sense for all ++ * the intermediate processes */ ++static char* multihop_passthrough_args(void) { ++ char *args = NULL; ++ unsigned int len, total; ++#if DROPBEAR_CLI_PUBKEY_AUTH + m_list_elem *iter; +- /* Fill out -i, -y, -W options that make sense for all +- * the intermediate processes */ ++#endif ++ /* Sufficient space for non-string args */ ++ len = 100; ++ ++ /* String arguments have arbitrary length, so determine space required */ + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; +- len += 3 + strlen(key->filename); ++ len += 4 + strlen(key->filename); + } +-#endif /* DROPBEAR_CLI_PUBKEY_AUTH */ ++#endif + +- len += 30; /* space for -W , terminator. */ +- ret = m_malloc(len); ++ args = m_malloc(len); + total = 0; + +- if (cli_opts.no_hostkey_check) +- { +- int written = snprintf(ret+total, len-total, "-y -y "); +- total += written; +- } +- else if (cli_opts.always_accept_key) +- { +- int written = snprintf(ret+total, len-total, "-y "); +- total += written; ++ /* Create new argument string */ ++ ++ if (cli_opts.no_hostkey_check) { ++ total += m_snprintf(args+total, len-total, "-y -y "); ++ } else if (cli_opts.always_accept_key) { ++ total += m_snprintf(args+total, len-total, "-y "); + } + +- if (opts.recv_window != DEFAULT_RECV_WINDOW) +- { +- int written = snprintf(ret+total, len-total, "-W %u ", opts.recv_window); +- total += written; ++ if (opts.recv_window != DEFAULT_RECV_WINDOW) { ++ total += m_snprintf(args+total, len-total, "-W %u ", opts.recv_window); + } + + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; +- const size_t size = len - total; +- int written = snprintf(ret+total, size, "-i %s ", key->filename); +- dropbear_assert((unsigned int)written < size); +- total += written; ++ total += m_snprintf(args+total, len-total, "-i %s ", key->filename); + } + #endif /* DROPBEAR_CLI_PUBKEY_AUTH */ + +- /* if args were passed, total will be not zero, and it will have a space at the end, so remove that */ +- if (total > 0) +- { +- total--; +- } +- +- return ret; ++ return args; + } + + /* Sets up 'onion-forwarding' connections. This will spawn +@@ -608,7 +597,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + && strchr(cli_opts.username, '@')) { + unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2; + hostbuf = m_malloc(len); +- snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg); ++ m_snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg); + } else { + hostbuf = m_strdup(orighostarg); + } +@@ -642,7 +631,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + + strlen(passthrough_args) + + 30; + cli_opts.proxycmd = m_malloc(cmd_len); +- snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", ++ m_snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", + argv0, cli_opts.remotehost, cli_opts.remoteport, + passthrough_args, remainder); + #ifndef DISABLE_ZLIB diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch new file mode 100644 index 0000000000..3a51927cfe --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch @@ -0,0 +1,344 @@ +From e5a0ef27c227f7ae69d9a9fec98a056494409b9b Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Mon, 5 May 2025 23:14:19 +0800 +Subject: [PATCH] Execute multihop commands directly, no shell + +This avoids problems with shell escaping if arguments contain special +characters. + +Origin: https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b +Bug: https://www.openwall.com/lists/oss-security/2025/05/13/1 +Bug-Debian: https://deb.freexian.com/extended-lts/tracker/CVE-2025-47203 + +CVE: CVE-2025-47203 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b] +Signed-off-by: Peter Marko +--- + cli-main.c | 60 ++++++++++++++++++++++++++++-------------- + cli-runopts.c | 84 +++++++++++++++++++++++++++++++++++------------------------ + dbutil.c | 9 +++++-- + dbutil.h | 1 + + runopts.h | 5 ++++ + 5 files changed, 104 insertions(+), 55 deletions(-) + +diff --git a/cli-main.c b/cli-main.c +index 7f455d1..53c55c1 100644 +--- a/cli-main.c ++++ b/cli-main.c +@@ -73,9 +73,8 @@ int main(int argc, char ** argv) { + + pid_t proxy_cmd_pid = 0; + #if DROPBEAR_CLI_PROXYCMD +- if (cli_opts.proxycmd) { ++ if (cli_opts.proxycmd || cli_opts.proxyexec) { + cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid); +- m_free(cli_opts.proxycmd); + if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR || + signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR || + signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) { +@@ -96,7 +95,8 @@ int main(int argc, char ** argv) { + } + #endif /* DBMULTI stuff */ + +-static void exec_proxy_cmd(const void *user_data_cmd) { ++#if DROPBEAR_CLI_PROXYCMD ++static void shell_proxy_cmd(const void *user_data_cmd) { + const char *cmd = user_data_cmd; + char *usershell; + +@@ -105,40 +105,62 @@ static void exec_proxy_cmd(const void *user_data_cmd) { + dropbear_exit("Failed to run '%s'\n", cmd); + } + +-#if DROPBEAR_CLI_PROXYCMD ++static void exec_proxy_cmd(const void *unused) { ++ (void)unused; ++ run_command(cli_opts.proxyexec[0], cli_opts.proxyexec, ses.maxfd); ++ dropbear_exit("Failed to run '%s'\n", cli_opts.proxyexec[0]); ++} ++ + static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) { +- char * ex_cmd = NULL; +- size_t ex_cmdlen; ++ char * cmd_arg = NULL; ++ void (*exec_fn)(const void *user_data) = NULL; + int ret; + ++ /* exactly one of cli_opts.proxycmd or cli_opts.proxyexec should be set */ ++ + /* File descriptor "-j &3" */ +- if (*cli_opts.proxycmd == '&') { ++ if (cli_opts.proxycmd && *cli_opts.proxycmd == '&') { + char *p = cli_opts.proxycmd + 1; + int sock = strtoul(p, &p, 10); + /* must be a single number, and not stdin/stdout/stderr */ + if (sock > 2 && sock < 1024 && *p == '\0') { + *sock_in = sock; + *sock_out = sock; +- return; ++ goto cleanup; + } + } + +- /* Normal proxycommand */ +- +- /* So that spawn_command knows which shell to run */ +- fill_passwd(cli_opts.own_user); +- +- ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ +- ex_cmd = m_malloc(ex_cmdlen); +- snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd); ++ if (cli_opts.proxycmd) { ++ /* Normal proxycommand */ ++ size_t shell_cmdlen; ++ /* So that spawn_command knows which shell to run */ ++ fill_passwd(cli_opts.own_user); ++ ++ shell_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ ++ cmd_arg = m_malloc(shell_cmdlen); ++ snprintf(cmd_arg, shell_cmdlen, "exec %s", cli_opts.proxycmd); ++ exec_fn = shell_proxy_cmd; ++ } else { ++ /* No shell */ ++ exec_fn = exec_proxy_cmd; ++ } + +- ret = spawn_command(exec_proxy_cmd, ex_cmd, +- sock_out, sock_in, NULL, pid_out); +- m_free(ex_cmd); ++ ret = spawn_command(exec_fn, cmd_arg, sock_out, sock_in, NULL, pid_out); + if (ret == DROPBEAR_FAILURE) { + dropbear_exit("Failed running proxy command"); + *sock_in = *sock_out = -1; + } ++ ++cleanup: ++ m_free(cli_opts.proxycmd); ++ m_free(cmd_arg); ++ if (cli_opts.proxyexec) { ++ char **a = NULL; ++ for (a = cli_opts.proxyexec; *a; a++) { ++ m_free_direct(*a); ++ } ++ m_free(cli_opts.proxyexec); ++ } + } + + static void kill_proxy_sighandler(int UNUSED(signo)) { +diff --git a/cli-runopts.c b/cli-runopts.c +index 9798f62..0f3dcd0 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -525,47 +525,69 @@ static void loadidentityfile(const char* filename, int warnfail) { + + /* Fill out -i, -y, -W options that make sense for all + * the intermediate processes */ +-static char* multihop_passthrough_args(void) { +- char *args = NULL; +- unsigned int len, total; ++static char** multihop_args(const char* argv0, const char* prior_hops) { ++ /* null terminated array */ ++ char **args = NULL; ++ size_t max_args = 14, pos = 0, len; + #if DROPBEAR_CLI_PUBKEY_AUTH + m_list_elem *iter; + #endif +- /* Sufficient space for non-string args */ +- len = 100; + +- /* String arguments have arbitrary length, so determine space required */ + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { +- sign_key * key = (sign_key*)iter->item; +- len += 4 + strlen(key->filename); ++ /* "-i file" for each */ ++ max_args += 2; + } + #endif + +- args = m_malloc(len); +- total = 0; ++ args = m_malloc(sizeof(char*) * max_args); ++ pos = 0; + +- /* Create new argument string */ ++ args[pos] = m_strdup(argv0); ++ pos++; + + if (cli_opts.no_hostkey_check) { +- total += m_snprintf(args+total, len-total, "-y -y "); ++ args[pos] = m_strdup("-y"); ++ pos++; ++ args[pos] = m_strdup("-y"); ++ pos++; + } else if (cli_opts.always_accept_key) { +- total += m_snprintf(args+total, len-total, "-y "); ++ args[pos] = m_strdup("-y"); ++ pos++; + } + + if (opts.recv_window != DEFAULT_RECV_WINDOW) { +- total += m_snprintf(args+total, len-total, "-W %u ", opts.recv_window); ++ args[pos] = m_strdup("-W"); ++ pos++; ++ args[pos] = m_malloc(11); ++ m_snprintf(args[pos], 11, "%u", opts.recv_window); ++ pos++; + } + + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; +- total += m_snprintf(args+total, len-total, "-i %s ", key->filename); ++ args[pos] = m_strdup("-i"); ++ pos++; ++ args[pos] = m_strdup(key->filename); ++ pos++; + } + #endif /* DROPBEAR_CLI_PUBKEY_AUTH */ + ++ /* last hop */ ++ args[pos] = m_strdup("-B"); ++ pos++; ++ len = strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport) + 2; ++ args[pos] = m_malloc(len); ++ snprintf(args[pos], len, "%s:%s", cli_opts.remotehost, cli_opts.remoteport); ++ pos++; ++ ++ /* hostnames of prior hops */ ++ args[pos] = m_strdup(prior_hops); ++ pos++; ++ + return args; + } + +@@ -585,7 +607,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + char *userhostarg = NULL; + char *hostbuf = NULL; + char *last_hop = NULL; +- char *remainder = NULL; ++ char *prior_hops = NULL; + + /* both scp and rsync parse a user@host argument + * and turn it into "-l user host". This breaks +@@ -603,6 +625,8 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + } + userhostarg = hostbuf; + ++ /* Split off any last hostname and use that as remotehost/remoteport. ++ * That is used for authorized_keys checking etc */ + last_hop = strrchr(userhostarg, ','); + if (last_hop) { + if (last_hop == userhostarg) { +@@ -610,36 +634,28 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + } + *last_hop = '\0'; + last_hop++; +- remainder = userhostarg; ++ prior_hops = userhostarg; + userhostarg = last_hop; + } + ++ /* Update cli_opts.remotehost and cli_opts.remoteport */ + parse_hostname(userhostarg); + +- if (last_hop) { +- /* Set up the proxycmd */ +- unsigned int cmd_len = 0; +- char *passthrough_args = multihop_passthrough_args(); ++ /* Construct any multihop proxy command. Use proxyexec to ++ * avoid worrying about shell escaping. */ ++ if (prior_hops) { ++ cli_opts.proxyexec = multihop_args(argv0, prior_hops); ++ /* Any -J argument has been copied to proxyexec */ + if (cli_opts.proxycmd) { + dropbear_exit("-J can't be used with multihop mode"); + } +- if (cli_opts.remoteport == NULL) { +- cli_opts.remoteport = "22"; +- } +- cmd_len = strlen(argv0) + strlen(remainder) +- + strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport) +- + strlen(passthrough_args) +- + 30; +- cli_opts.proxycmd = m_malloc(cmd_len); +- m_snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", +- argv0, cli_opts.remotehost, cli_opts.remoteport, +- passthrough_args, remainder); ++ + #ifndef DISABLE_ZLIB +- /* The stream will be incompressible since it's encrypted. */ ++ /* This outer stream will be incompressible since it's encrypted. */ + opts.compress_mode = DROPBEAR_COMPRESS_OFF; + #endif +- m_free(passthrough_args); + } ++ + m_free(hostbuf); + } + #endif /* !DROPBEAR_CLI_MULTIHOP */ +diff --git a/dbutil.c b/dbutil.c +index d4c3298..a51c1f9 100644 +--- a/dbutil.c ++++ b/dbutil.c +@@ -347,7 +347,6 @@ int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, + void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + char * argv[4]; + char * baseshell = NULL; +- unsigned int i; + + baseshell = basename(usershell); + +@@ -369,6 +368,12 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + argv[1] = NULL; + } + ++ run_command(usershell, argv, maxfd); ++} ++ ++void run_command(const char* argv0, char** args, unsigned int maxfd) { ++ unsigned int i; ++ + /* Re-enable SIGPIPE for the executed process */ + if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) { + dropbear_exit("signal() error"); +@@ -380,7 +385,7 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + m_close(i); + } + +- execv(usershell, argv); ++ execv(argv0, args); + } + + #if DEBUG_TRACE +diff --git a/dbutil.h b/dbutil.h +index 71cffe8..5d86485 100644 +--- a/dbutil.h ++++ b/dbutil.h +@@ -60,6 +60,7 @@ char * stripcontrol(const char * text); + int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, + int *writefd, int *readfd, int *errfd, pid_t *pid); + void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); ++void run_command(const char* argv0, char** args, unsigned int maxfd); + #if ENABLE_CONNECT_UNIX + int connect_unix(const char* addr); + #endif +diff --git a/runopts.h b/runopts.h +index 01201d2..b49dc13 100644 +--- a/runopts.h ++++ b/runopts.h +@@ -179,7 +179,12 @@ typedef struct cli_runopts { + unsigned int netcat_port; + #endif + #if DROPBEAR_CLI_PROXYCMD ++ /* A proxy command to run via the user's shell */ + char *proxycmd; ++#endif ++#if DROPBEAR_CLI_MULTIHOP ++ /* Similar to proxycmd, but is arguments for execve(), not shell */ ++ char **proxyexec; + #endif + char *bind_address; + char *bind_port; From patchwork Wed Jul 30 19:05:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67763 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9051CC87FD2 for ; Wed, 30 Jul 2025 19:05:53 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web10.43857.1753902345081270528 for ; Wed, 30 Jul 2025 12:05:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xJKS/DL7; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-24014cd385bso2454485ad.0 for ; Wed, 30 Jul 2025 12:05:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902344; x=1754507144; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QvLVub/tn66Hr3fHuC56nhQWArLNK5GOz/8W3+b8uq8=; b=xJKS/DL7rU7PgDOBFbXeqvEbwCyDNxVH/b0PpVuiFcqfbd6qmjZvK9wdsPMwurpqlO K658LzerDsCwj8vcqL5ldFRtKwZ03VBdHgt+V+d6hpbOlv9I8c0wf+bZTJLcIyl5nrkI jKI+PMNES3ISMa8qu7BOidPApmuopieKesODhPGpSHrXGrqSkIbS7mhosT7ORv4rZY5d p6dUPOFO9curcNYDSW7bMn7F0oGtIEinJL9IujCdq6HefNwwCbeAtL0M/6dMTy2+Kyhd R0JCr2TQPfWVb+4DgMN6ulmQXigc4VKd7akugj9GV41kZFS4EBD4HK4cO0SIQ40DmtVg qYlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902344; x=1754507144; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QvLVub/tn66Hr3fHuC56nhQWArLNK5GOz/8W3+b8uq8=; b=t7i0rd0NLDtzzSrp3SkIJ9ginGn28WoU5q2QlzaF5phhBhLqHS74T/4efruOw633Ra NaSf4dTp66RRvuvsgdgiKYrG54rhe2Bt+aWx2tlWno9hPrcUcCyTAhOSGqkRfvW+RTQt LPJgwrGHX29kJPe8aPrZe5ZUvmOSfsNrLi6Wwn+2Ufu70y1OHdx2tftvfVdROB933C8F hTTTd6uIlnLMMxVN5/Q0oqwZ5itfXa7jo4870kpa1ekjlLO3PeloouljN05XoaVFWon/ JnFNVBTPObIw9qfdXuuoY3nSD3hfVQtzoPpItlTMkNgZ7uqg/oQLUIfMKVVXT0NACDUc JhdQ== X-Gm-Message-State: AOJu0YwsotDufYyIDYwFa5HFiZ8l2FFuQdm0rsQhI68dIR3aRM/h0WRj CNc4hy4v1BsbunEFXvpCuzUmPtjxUBZwFdSVFNlaOqvppBY0IacxYK7go0nRmIfNN6igwNNZNUw o5EBo X-Gm-Gg: ASbGncsdr/Q0PR9IDO+Uw43D0ML3m68ecONd04VBK4NOEbYmFiKZ6BUBLjjd0K7K9Vh FMNYXggsGopz8e45ovEHKJ0zNQdJ/mk0Z8YuTLc5JGHGvSe9aQzjYW1h9WCfbcWcuxMTypn5lNj /sIGbwtdrcL2z/bs2wSCS5FlHuMyV2fiof4+LXOBJzCvJludtRO3f9Rjzf6piT8F7P4W7u8Nllg UxWPdlFUt1b0hBFuQ85O74hmN6iDpYy4BxUF+sCrCuCgReXdIvA/+gJwPmOGh4YUkeIgaRpHyGS Mej+tpjfIQ3HxLJRBuwx+NTNjop7AfWa4ilU6jRI/MFBloMc9p6GrcgCDi/aPglT2bdOzHcfbzq WAgmK6ym/7JqL X-Google-Smtp-Source: AGHT+IENDrNEAz200oG6YQvvwUlaBHTFjicffcfJb8DtP5wtBuoPHr8U+AxhDVmjy+ZlY/NZpVZD+A== X-Received: by 2002:a17:903:41c2:b0:240:aa0:1584 with SMTP id d9443c01a7336-24096b68210mr78490355ad.38.1753902344080; Wed, 30 Jul 2025 12:05:44 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:43 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] gnutls: patch CVE-2025-32989 Date: Wed, 30 Jul 2025 12:05:26 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:05:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221140 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../04939b75417cc95b7372c6f208c4bda4579bdc34 | Bin 0 -> 1782 bytes .../gnutls/gnutls/CVE-2025-32989.patch | 50 ++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.4.bb | 6 +++ 3 files changed, 56 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/04939b75417cc95b7372c6f208c4bda4579bdc34 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32989.patch diff --git a/meta/recipes-support/gnutls/gnutls/04939b75417cc95b7372c6f208c4bda4579bdc34 b/meta/recipes-support/gnutls/gnutls/04939b75417cc95b7372c6f208c4bda4579bdc34 new file mode 100644 index 0000000000000000000000000000000000000000..ffcfe23e99d4b353f07192729a86ffb5a249bbde GIT binary patch literal 1782 zcmZuxX;c$e6rPz(Mj*t1i7X-}tO`naVX?-wfC|xQltmHTVh9i+5R(WIl_e^&NWep} zD54ZCAQh_~g}4Maq$t4!MNo08fC~uXmV&6AHL^^_r34k?|$FhbAb|j2b9DI zB?JUU5VJW;c%PqjT-%jX(0{fg$Ep*MF=N;CfOH)hhDk&SB(q4s7$bzB7!?T#V%Y*4 zePBYR1#J@Z@bj)F`_`f#ViUg04Fdq#X8hkU8iflZ;Tq=m;zi45= zSp_doZ|~Zl`D$-o=Z>SDxoXyEU}{igO5_B;+E&4`29^c^re=aTp<*I4P9Db;#EY4N zIG}{>N4f_SA%YU7K={51qJ&}S_|}R9@ALjfQ_aJjD!ASaJq47MVA7>q1ABO8^fa&V zeQGMfRGo1sU2>#aEw?mw*}!>YpKT-Z?_OFeCJw6Y-)iiKNYC3U8REMB$Zby^=7i2z zbU=G?14n1q^uw*5DW@XcqW8C~UUjUtUal-HxXRvrV(j+&_5OEvI*=C-O%$0JDPo>=vsKWql}}ey_rdTjt|P zgR71cLntkI9ffwOse6rot}gGA2ut7B35r$(>OuyO#31<(95f5Q_U1hbld76$J*4z2 zetPzz_;t~9ZW*lDVgHsux`Gg32tK4FtN}_wxS@}1%~2W{qcm74A8Dn&<7}xY0w6G2 zzofwMHxwlx#1g>Q#|$(Kgo0%l7L{g-cQN1s2h3 zf_3^I`_Z!2x}N-)^uf=n4=n!VJ77^g@91FaQ}@*oNGDC?;f*iZ-D6 zwYoQ!iYuD1X%hE8KHM9hKX1HmnPx0v2erA1YPPg^%EN;>A==2JH55Dg% zD#W#Z2l?+4ddeAyOWKk#SMfs3a!_7-yL!(|vgHnKSh^}I|L)w|CQ(Pv@pzx>zJ1g4)?g3< z0&vCiAv;LBertJa8J950qS9wkd9=$#dgM4v(3dbKO0+~{!<&Z_pIhFOf{3~N%Jw(j zWO8`qPTt_*L-W)`x2v=pB2gd%+6eV7)YNRevG(jUUlIMcX9pq=QIgjjm$q$#>NaO4 zReZUwGZ?ML4cF6xxd?-|g}iiSneM{ZlElIcQSg+TtxLU}4w^e+ooB^8x!7lf;qkKi z?D6Kem$HkEm*=tuTiTr8iF=J^WO5XPMY`?-Q%4RVe1zje2!^a2K*3CApS9nM?QU&- z@R{84+CfF(vCr&nJA}=Trxkx1;~Y`-`b)}^eP7vkA74779r_r4bp7fVVJ2qeYLZ6emDr;4J&OX-3U#ti2+}|9^ygF-6TG=bH zb|$}L(|J`uP +Date: Mon, 7 Jul 2025 10:23:59 +0900 +Subject: [PATCH] x509: fix read buffer overrun in SCT timestamps + +Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct +when processing x509 Signed Certificate Timestamps with certain +malformed data. Spotted by oss-fuzz at: +https://issues.oss-fuzz.com/issues/42530513 + +Signed-off-by: Andrew Hamilton +Signed-off-by: Daiki Ueno + +CVE: CVE-2025-32989 +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2] +Signed-off-by: Peter Marko +--- + NEWS | 5 +++++ + lib/x509/x509_ext.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 85efb5680..025e05148 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,11 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. + Copyright (C) 2013-2019 Nikos Mavrogiannopoulos + See the end for copying conditions. + ++** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps ++ Spotted by oss-fuzz and reported by OpenAI Security Research Team, ++ and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, ++ CVSS: medium] [CVE-2025-32989] ++ + * Version 3.7.4 (released 2022-03-17) + + ** libgnutls: Fixed double free during verification of pkcs7 signatures. +diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c +index 064ca8357..05336a0c2 100644 +--- a/lib/x509/x509_ext.c ++++ b/lib/x509/x509_ext.c +@@ -3855,7 +3855,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext, gnutls_x509_ct_sct + } + + length = _gnutls_read_uint16(scts_content.data); +- if (length < 4) { ++ if (length < 4 || length > scts_content.size) { + gnutls_free(scts_content.data); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 5cd85c5996..48ddb269de 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -29,6 +29,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://CVE-2024-28834.patch \ file://CVE-2024-28835.patch \ file://CVE-2024-12243.patch \ + file://CVE-2025-32989.patch \ + file://04939b75417cc95b7372c6f208c4bda4579bdc34 \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" @@ -65,6 +67,10 @@ do_configure:prepend() { for dir in . lib; do rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 done + + # binary files cannot be delivered as diff + mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ + cp ${WORKDIR}/04939b75417cc95b7372c6f208c4bda4579bdc34 ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ } PACKAGES =+ "${PN}-openssl ${PN}-xx" From patchwork Wed Jul 30 19:05:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67762 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90554C87FD3 for ; Wed, 30 Jul 2025 19:05:53 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.43858.1753902346430830492 for ; Wed, 30 Jul 2025 12:05:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=BmHVm/0F; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-24009eeb2a7so1726265ad.0 for ; Wed, 30 Jul 2025 12:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902346; x=1754507146; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=d+lWBsUBEVpYlPKNlZ1J8s0+hWXlSPLm/XPy3blvBTo=; b=BmHVm/0FzyH14669dqULGCEFim7/GYIFyrkmLwQhOjpDT91hxFz7MJJoJ24tqAptte seSLg45THdtdwB503XinyZRz22dtha5JgcPKdpoMqPYojYbxhSdLroep4S6k7QZYi6gk gmq92JXrN47FNTDEq+jwe+4YT07hYrt0kCbE31GaWlzGPhCBT3D981I5PRrTFNrS9QvW WDYh7JgJo/2XqE87tnW9a6jsoGwzcpvHVHXYaqImH55FEiz08N+pDNaedp9pCZu42wq+ ImnjXL2RMfdbFnohpbPmSBfLQeeYd3Q9dd/Othd2FTUbJcA08Kkkm+u1RGxgTnUg7/oG l+CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902346; x=1754507146; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=d+lWBsUBEVpYlPKNlZ1J8s0+hWXlSPLm/XPy3blvBTo=; b=jukmMFBDl5fs7+C9bykCOx2zyfeR+bu+yLMWKZmVzaxZkaUDt9ziS3LOPRqDQqQ2WX B3LZvg1FAQTX/2yOUmk6xdiSRd9LiiaJ32o7iB87rcHH33dGOVb5R1sgrnc6OtL+l4Hu zqdWdPGTQ0NbQfE2KlEQUx63vsnrvBeYWfO0Wwft7ijLtdS98uhFwPs5W999jBtCQKad G/38eDYJ/Hq3vW3y/uLe7OOBIaom7Cj9Wn1XEWJlD5nwXTSzv/v/n70/OTL7lydSnzmi o8s67BZ5/UfY4UvlBwexQbfh3GxV85yOobTz1AHMfp75R3IIejLCW5JXRXvkeTyT4mrs rMMA== X-Gm-Message-State: AOJu0Yw1B2CDNZkQ9DE7wTE8BFybaeClMR/FlxMrlybhVtXjjB+9oyoa ki0EoNMSo0J5drTSaw4t1fyppfWoefMv3bltyR/qAPl64/Ygm69XJBKHP0x+WtAcRbWNN5E0PAt Kan6J X-Gm-Gg: ASbGnctHwhvxVnZopZ932/9SSri6UdUidBS3GD8yPXbnOuLwOz/8NHMZJSyNpYNF5Nq Hp/gfYEeODwh/NY+seFP9ZPVYbjGw1dKi9dmDd8ZN/2iQp+wgeaDIX3+/OQfOiJutlhDWH9HbSg K9GsgluHoTGFXYpvR2zixsSjuJFGjWEfV64cEySuHPlTCW4XOzJMblAOmIXoIsw9gYhzlgcrQfY uRiL1vSEDjxuZjAppL3XUqaiyu7qh8MO0G/x8BLbOaDAiig3sbFr8/6x465uMswjQUdA57iDI0o K/daBTzFXzWA3KQhDsCihpLLaAQxPRiJvv7NQXOT4yZAtscW5NSldwVBOLCeg2NUys8j4MQPJ0o xei3grRxFE6Qc X-Google-Smtp-Source: AGHT+IGncNfP4nJ50EucrlB7+Jbl0jp27Y4kRBRELwjWvrlXPeVD/WfxTIVdMVepxEgf6a+YS+ekiA== X-Received: by 2002:a17:903:1986:b0:23f:f39b:eaf6 with SMTP id d9443c01a7336-24096b4442dmr58250785ad.46.1753902345570; Wed, 30 Jul 2025 12:05:45 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] gnutls: patch read buffer overrun in the "pre_shared_key" extension Date: Wed, 30 Jul 2025 12:05:27 -0700 Message-ID: <33181e3e8c7427fc823f750e936732b69e247987.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:05:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221141 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. The ME contains referece to undiscoled issue, so any security relevant patch should be picked. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...fer-overrun-in-the-pre_shared_key-ex.patch | 34 ++++++++++++++++++ .../5477db1bb507a35e8833c758ce344f4b5b246d8e | Bin 0 -> 111 bytes meta/recipes-support/gnutls/gnutls_3.7.4.bb | 5 ++- 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch create mode 100644 meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e diff --git a/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch b/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch new file mode 100644 index 0000000000..ce78fe1c95 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch @@ -0,0 +1,34 @@ +From 208c6478d5c20b9d8a9f0a293e3808aa16ee091f Mon Sep 17 00:00:00 2001 +From: Andrew Hamilton +Date: Mon, 7 Jul 2025 10:31:55 +0900 +Subject: [PATCH] psk: fix read buffer overrun in the "pre_shared_key" + extension + +While processing the "pre_shared_key" extension in TLS 1.3, if there +are certain malformed data in the extension headers, then the code may +read uninitialized memory (2 bytes) beyond the received TLS extension +buffer. Spotted by oss-fuzz at: +https://issues.oss-fuzz.com/issues/42513990 + +Signed-off-by: Andrew Hamilton +Signed-off-by: Daiki Ueno + +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/208c6478d5c20b9d8a9f0a293e3808aa16ee091f] +Signed-off-by: Peter Marko +--- + lib/ext/pre_shared_key.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c +index 51c4891d5..2cb83e670 100644 +--- a/lib/ext/pre_shared_key.c ++++ b/lib/ext/pre_shared_key.c +@@ -839,6 +839,8 @@ static int _gnutls_psk_recv_params(gnutls_session_t session, + + if (session->security_parameters.entity == GNUTLS_CLIENT) { + if (session->internals.hsk_flags & HSK_PSK_KE_MODES_SENT) { ++ DECR_LEN(len, 2); ++ + uint16_t selected_identity = _gnutls_read_uint16(data); + + for (i=0;ikey.binders)/sizeof(session->key.binders[0]);i++) { diff --git a/meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e b/meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e new file mode 100644 index 0000000000000000000000000000000000000000..009d44c394fd08c5400fb63f837e468f1738522d GIT binary patch literal 111 zcmWe*R$$0tVqi#PW>$cL{|f(MOa+Di2(|!16v7f_VPMc>&}Lv_W>HXJK$nH+{f{t! IL6d<203r_)`v3p{ literal 0 HcmV?d00001 diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 48ddb269de..4929e44db3 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -31,6 +31,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://CVE-2024-12243.patch \ file://CVE-2025-32989.patch \ file://04939b75417cc95b7372c6f208c4bda4579bdc34 \ + file://0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch \ + file://5477db1bb507a35e8833c758ce344f4b5b246d8e \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" @@ -69,8 +71,9 @@ do_configure:prepend() { done # binary files cannot be delivered as diff - mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ + mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ cp ${WORKDIR}/04939b75417cc95b7372c6f208c4bda4579bdc34 ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ + cp ${WORKDIR}/5477db1bb507a35e8833c758ce344f4b5b246d8e ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ } PACKAGES =+ "${PN}-openssl ${PN}-xx" From patchwork Wed Jul 30 19:05:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67759 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83A97C87FCE for ; Wed, 30 Jul 2025 19:05:53 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.43741.1753902347950277745 for ; Wed, 30 Jul 2025 12:05:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NZmfaVg0; spf=softfail (domain: sakoman.com, ip: 209.85.215.177, mailfrom: steve@sakoman.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-b26f7d2c1f1so145097a12.0 for ; Wed, 30 Jul 2025 12:05:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902347; x=1754507147; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RmaHhfOo1mn6e87G5+kLVfTsGQzSV+IaSgV4ktU/sWo=; b=NZmfaVg0ATFdj4h9pRQDXK1EXG6wl6HnMoBVsIm96UmeAwV60K/Yxcol5nVPm+9WtN Y/W3x6/5+b/iUZ0EZpvt4cDWx7ZJkL0m+3p3WiXGLG8O/MoT5vqJwIU1akYaWKyT9+no 8PAeZ5QXYE4ueY0sN1dTArnGI0vXRPJqgY9HodqkiED/sEpuFEsyluJH/aG1Z6EgGxwQ QoFHr+AR5GAgUI6t7MsVs3xit9TBZyjS4h4yztdyp/qbBMOk5FhuezE99LaLeNgYppSh nnGwIekBa/6m0Nd9OiIUqIm8F0Z7klcXgIZ0uLozKgt5IA04SuPGK+QiDfWJkK49qXwO G/kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902347; x=1754507147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RmaHhfOo1mn6e87G5+kLVfTsGQzSV+IaSgV4ktU/sWo=; b=Dn7XJlsCcHJrhyY3zHAObpS0xt175lLQXinVLT87ub7oCT+9sszljkAvtDMZaB7kJe QeoxTHA+l1kN6isPaP6dXG1ayVM1L6w+8j+zDonOilsBeDnzBap6H2SrUYVi4EKQOn2G fFyUHehsWJ/sx+oxcA3NDbVcN3SH6IciX7E5oPBK8EVqBKCjgOAf9Nw4yYKrEBJwRGOy eDZPDH4tHSH7lfr+fv646JNwdSo6WiP9loeJiK8YpsVY+4whPyD255toHi56FZEcFPJB HHfPqRV2r9pmg5f4MM55leD0YvP2qjE7RI6YlRW5CZJJVkrdjqUIZ81qD0GW7yb0qalA NHlw== X-Gm-Message-State: AOJu0Yy/ePVWzWVNn5SOGoO73o+mJoUHrGuv7GRv0RC84Z19E82Yo4YN /pfe1RUgOqFZMp4T6miNEqZv3C8tYLjTyFmb/aB0nzijP2U75X26FlczIHpYYSTMktHwrNlRo+P DaDIJ X-Gm-Gg: ASbGncs0l+l2Aw75qjVYmPylTmIszEktEROFMSAEjuW+tPpT9m7/NhB3PHBG8sJwVgO aCdf3vJxLXUis5WT9E9TlXiN+/apcgNULggbovcY+8pnBBNqU9EN329IxPq1Rr0nnX1zWBHDCqB Kx4RQaYRXz9rNuNbz3OKYU+AWc4iVKnWyNdXeqxN5IJoXcYeSByNvXWQ3Gw1Ax8rkhU/RWXXXZY 88KnjEU2QpDunNUrtCLU1J4pPDH7PxZsPQowg5ipayAVCSCISKzJb43/9NPZ0lRfZPjR4rb5IBK mc/gWcEi+/2SmVZ/4r9mtdXTkDGr96mv6d4dUANi+uEYtmlTxJCS9nNxThopo9y5CG9z5FGGUcX PSIGUau3qqabDcCBf2M/wcgg= X-Google-Smtp-Source: AGHT+IGgH11hRftAQAvXk0zEbuJzKOMf+hQOtq0fUx2IA0wfrXIXAkdoMWxk/2fRjWjNRVYn5EH4nA== X-Received: by 2002:a17:903:22ca:b0:240:1831:eeeb with SMTP id d9443c01a7336-24096b55100mr56893305ad.40.1753902347039; Wed, 30 Jul 2025 12:05:47 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:46 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] gnutls: patch reject zero-length version in certificate request Date: Wed, 30 Jul 2025 12:05:28 -0700 Message-ID: <990bd6fab5c6004b9fbcdb9c76bcb3a96ba5887a.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:05:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221142 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. The MR contains referece to undiscoled issue, so any security relevant patch should be picked. Binary test file was added as separate file as binary diffs are not supported. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...-length-version-in-certificate-reque.patch | 37 ++++++++++++++++++ .../3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 | Bin 0 -> 830 bytes meta/recipes-support/gnutls/gnutls_3.7.4.bb | 5 ++- 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch create mode 100644 meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 diff --git a/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch b/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch new file mode 100644 index 0000000000..6351bf4559 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch @@ -0,0 +1,37 @@ +From 61c0505634a6faacf9fa0723843408aa0d3fb90a Mon Sep 17 00:00:00 2001 +From: Andrew Hamilton +Date: Mon, 7 Jul 2025 10:35:54 +0900 +Subject: [PATCH] x509: reject zero-length version in certificate request + +Ensure zero size asn1 values are considered invalid in +gnutls_x509_crq_get_version, this ensures crq version is not used +uninitialized. Spotted by oss-fuzz at: +https://issues.oss-fuzz.com/issues/42536706 + +Signed-off-by: Andrew Hamilton +Signed-off-by: Daiki Ueno + +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/61c0505634a6faacf9fa0723843408aa0d3fb90a] +Signed-off-by: Peter Marko +--- + lib/x509/crq.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lib/x509/crq.c b/lib/x509/crq.c +index 19e13623c..9e9801d2b 100644 +--- a/lib/x509/crq.c ++++ b/lib/x509/crq.c +@@ -635,6 +635,13 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq) + return _gnutls_asn2err(result); + } + ++ /* Note that asn1_read_value can return success with */ ++ /* len set to zero (without setting the data) in some */ ++ /* conditions. */ ++ if (unlikely(len <= 0)) { ++ return gnutls_assert_val(GNUTLS_E_ASN1_VALUE_NOT_VALID); ++ } ++ + return (int) version[0] + 1; + } + diff --git a/meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 b/meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 new file mode 100644 index 0000000000000000000000000000000000000000..23ff09c4be5ece2b2aae278f48b3a24543256e8e GIT binary patch literal 830 zcmXqLVzx49Vp`19$Y4-yC~6?g#;gDYJRkxF48;vZA;NqxAqZ_KWFP>M;Dk#U@*D6% z#Mq#UxD7ZV0!#`DV57L;iWL;tp=^W3`9OULV-y&e8+(z|4Lox}6JxDG6JsTkBMqAv zvxsmQ(BDLW7_gfE|Nj%AmUJaSq-!ClgBPy~G=HFR!CFzpKs@B6!4EYarV1l{G~%_N LG)b5xr0D_xkf?K@ literal 0 HcmV?d00001 diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 4929e44db3..65e42c00c2 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -33,6 +33,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://04939b75417cc95b7372c6f208c4bda4579bdc34 \ file://0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch \ file://5477db1bb507a35e8833c758ce344f4b5b246d8e \ + file://0001-x509-reject-zero-length-version-in-certificate-reque.patch \ + file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" @@ -71,9 +73,10 @@ do_configure:prepend() { done # binary files cannot be delivered as diff - mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ + mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ ${S}/fuzz/gnutls_x509_crq_parser_fuzzer.repro/ cp ${WORKDIR}/04939b75417cc95b7372c6f208c4bda4579bdc34 ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ cp ${WORKDIR}/5477db1bb507a35e8833c758ce344f4b5b246d8e ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ + cp ${WORKDIR}/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 ${S}/fuzz/gnutls_x509_crq_parser_fuzzer.repro/ } PACKAGES =+ "${PN}-openssl ${PN}-xx" From patchwork Wed Jul 30 19:05:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67761 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 808E5C87FCC for ; Wed, 30 Jul 2025 19:05:53 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.43743.1753902349671487222 for ; Wed, 30 Jul 2025 12:05:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KxSjSObw; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7494999de5cso95239b3a.3 for ; Wed, 30 Jul 2025 12:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902349; x=1754507149; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=er24vtki4ItXF4CSr93WSfIudYdIMdJE2HKmJiEwv8E=; b=KxSjSObwfsrefTG236RCuOy2/lA8H8ykE5B2xTU9VHgVcOaZVF5jWj3e2+w2FgiNQc A420MLyQofGjW6Lf7CYfLS43hPNbQlwto7Dpm6gyPsD7wwuT+qhAH0ns7byv8QRfGhcB +alwB69Gc934IXa9SutGWvaJiK9dJB1ukkVDPp+6QIHE1UiNSXNDWBcoppWO6Ao5HBe/ s4WKytGOFCfrT7wgpfl2WaAAf0O3O3Brhvb+i7zQ8IveEzqrhkrkdPiFd4QFTxRSCWTP Ms40MBtIbav0HPhVhSFrP691oKk8+4aWuRMweZwswFHd5CMuOhhVR6WASKD/fW/AylV1 jOpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902349; x=1754507149; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=er24vtki4ItXF4CSr93WSfIudYdIMdJE2HKmJiEwv8E=; b=g1C4oEM78CiuaJDB3I0vfvS8kt64b85+LwkmJta2wswyh2wNO7asSmpBYE6ZV13mkC LFSCFZ1V9HaHCyV36PrnIAeTZAGjfV+fcvJfG0CvYrnvCY+SMKw3VB/CYJnxeW5HmpDo mZAEXeC/I0Ywx6NNXqTF5sHPPY+fAgmCUqKYY/pDnCvw35W+L/uqrbzrLHgmQANGINxM 35xAQeWL7LiC62uoBO4e4xZnPGgcEsau61PsJJjYR7+ZUO+e63KaH57pGBIl4c0vfy+z HByrtumekOjJknGyQm2JtbQMM6DeloJZrKFL9qMNTDOXDGJArVdmVWuovv0JrgPTSMQJ hNww== X-Gm-Message-State: AOJu0YzeHmN4SwCEgQ64XCeD/k8/rBtY2cTkVPMq3UU2wXaOhx4HQgii Kz9UsAMkCk8kAUIVWCARdnWVm3nBbCzbIGwgXl+Kx2lGpw1OuEkWWYeut5QWk/CXF26RHw4Rlyb nD0Cs X-Gm-Gg: ASbGncuxryPQ7rdKvMiUCxhdXknG9xPSYT6xIxwg32K1avzoW7O+ibJWwOfqY5xW8ZR Cqkp2TdIL1ef+k7NvrkgpNAMpwntkMS0X43DvhLRAa3bPSeb0+VKuXfe79b3XVmXp72OZFGtj/s 1AgvcMXV/xwZo4WwB+9Q7OS4NU9gp3+sd2N5Q6NPrmyM9W25RyjxsNqg4NAcd9J8L4od+P9WSWD gt8HWmGJNUspU6USv1OiliP8DG+9PmLwvzHz4jELlSxqN2RYung7vvo7pPS/w6BRfluM1SAS1wU m3mTfxHsSlE7R2w0jnfAdVlXTUi7+IiPfArR3HfzUgIDbIF2NquYwp5OqAXMfwxZv2gA2pTDiB7 TsNmdrWOyrFyV X-Google-Smtp-Source: AGHT+IGQsMCzcot5Nnx7wnCbMT6NDMFN4TfFRtqN7smMYloEl0Hxn1P58fCehaZxESAYzTEo6Qfozg== X-Received: by 2002:a17:903:e91:b0:240:63a9:30c9 with SMTP id d9443c01a7336-24096a6f7e3mr43377955ad.17.1753902348543; Wed, 30 Jul 2025 12:05:48 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:48 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] gnutls: patch CVE-2025-32988 Date: Wed, 30 Jul 2025 12:05:29 -0700 Message-ID: <3600752d06c14fcfa0bc1b96222cc6a164955bb5.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:05:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221143 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../gnutls/gnutls/CVE-2025-32988.patch | 58 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch b/meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch new file mode 100644 index 0000000000..4779787bc3 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch @@ -0,0 +1,58 @@ +From 608829769cbc247679ffe98841109fc73875e573 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 7 Jul 2025 10:44:12 +0900 +Subject: [PATCH] x509: avoid double free when exporting othernames in SAN + +Previously, the _gnutls_write_new_othername function, called by +gnutls_x509_ext_export_subject_alt_names to export "otherName" in a +certificate's SAN extension, freed the caller allocated ASN.1 +structure upon error, resulting in a potential double-free. + +Reported by OpenAI Security Research Team. + +Signed-off-by: Daiki Ueno + +CVE: CVE-2025-32988 +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573] +Signed-off-by: Peter Marko +--- + NEWS | 5 +++++ + lib/x509/extensions.c | 2 -- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index 025e05148..ff289fa75 100644 +--- a/NEWS ++++ b/NEWS +@@ -10,6 +10,11 @@ See the end for copying conditions. + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, + CVSS: medium] [CVE-2025-32989] + ++** libgnutls: Fix double-free upon error when exporting otherName in SAN ++ Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, ++ CVSS: low] [CVE-2025-32988] ++ ++ + * Version 3.7.4 (released 2022-03-17) + + ** libgnutls: Fixed double free during verification of pkcs7 signatures. +diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c +index 6c2da8fd1..e8be12eaf 100644 +--- a/lib/x509/extensions.c ++++ b/lib/x509/extensions.c +@@ -805,7 +805,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + result = asn1_write_value(ext, name2, oid, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); +- asn1_delete_structure(&ext); + return _gnutls_asn2err(result); + } + +@@ -814,7 +813,6 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + result = asn1_write_value(ext, name2, data, data_size); + if (result != ASN1_SUCCESS) { + gnutls_assert(); +- asn1_delete_structure(&ext); + return _gnutls_asn2err(result); + } + diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 65e42c00c2..33553e617e 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -35,6 +35,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://5477db1bb507a35e8833c758ce344f4b5b246d8e \ file://0001-x509-reject-zero-length-version-in-certificate-reque.patch \ file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \ + file://CVE-2025-32988.patch \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" From patchwork Wed Jul 30 19:05:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67768 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A57ABC87FCC for ; Wed, 30 Jul 2025 19:06:03 +0000 (UTC) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mx.groups.io with SMTP id smtpd.web10.43862.1753902354035102216 for ; Wed, 30 Jul 2025 12:05:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=0qKFgsnw; spf=softfail (domain: sakoman.com, ip: 209.85.215.178, mailfrom: steve@sakoman.com) Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-b34a8f69862so90449a12.2 for ; Wed, 30 Jul 2025 12:05:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902353; x=1754507153; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/DTJ8/AB6u1UdoWg4uKwIQaPk6ZGmAhidy7FRxH0l+Q=; b=0qKFgsnwS5sFkoxV3Z7Sc9FrWpCLA/MUc9bFOn/fqNrA1MuUf5Aulc/JNXiTeC/RuP IR1W8aX8ziKnuTD8a44MxF1L5pEhXBMHFX4iN684Fr8bog42mwoLmY7CCg1budoHBmmR XpMHxgJaBUjDefIYms/97GrZ19fS/VJjaTlx5PM3B6fC6AqpU0nKPl8qss+nIcGvoKQz 5oXl0jWIw8Y3O5UFZu+O3RGRc0VZGpV5mtgeO/mQhrkTqdXVFTH6Bi9tkrBZu6ZVPwhf bzp1LhQfPy3TsnhV0jYIYAM4NJNzESt9VaKfYh9Fkw/7aiVIfjMxT/aesxUwJPIljmOh opuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902353; x=1754507153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/DTJ8/AB6u1UdoWg4uKwIQaPk6ZGmAhidy7FRxH0l+Q=; b=VUBVcDC6taqNpwDbh8pAYBE3MTiK2D54XhAmxlMhZIU634wkdJaouohGmpZHTm+P6Z BleqHH1aLHawq6Y1cWHUa2J3bUNjt0wcoNLRSA3cE9il1epwK3t61xiovNDgAO8IOgQa NPEZbQjRGopa0oUdfCV4uuDws4iZ86q3fF2F+ZEmtaTzLQi405pigTzz7j/EoMf5xXsN ubiCwuQ8Y8z7jKxd+DJW/bn42Pwyc0iqwaCylC8aOmIgv3YJ5cwryeJ0cND8cH5M6ffQ Zlh420EW2gPG4p/muGvG/v8jAyeRDhd82CcvL7Zd7IxaVxKvMMKMjqmJUjJ5nDE1FAxP BiQg== X-Gm-Message-State: AOJu0YxvT7gN12J33ovybG4vTi2mLFATZ9JZXbBokvARnGjsr8H4MV2c fQv2+zWBVPx98kmnV7sU0XC+5CvRA+7QtbUPuXYJRRZgQUL0efIF+GGDDaLEIjGSNfVPkDTY2Yb MdKrD X-Gm-Gg: ASbGncuj1Ty4TNZgVqhdh4hQ7jnMQBJ34zzXb5D/khokXIdpYsArvi8/Xg922r5LuNZ Na+qDKUGzF4WvvaQBYqBjp7nh/yCL33KHBIXo5QunWm264hyupky5cv0mGZj+nHzfzZitXFJC4s UnQxLuvmcw/CRTcrMgfq7AXJJzuTyJEpmjNViFQtHreZriEANf5MOccjvlcjRzfMvl7gTZYq08y 9HNZkppF2ZWqT3qljTNY6KxIsB2lEhQPlcFVUY0HNNtB91Lal9KivsJ2M5/n4peJCsRRF7aVkP2 9oDxQSMhjJlPVaov/Xy2HxDk9tlk9WfkJYLR6nMJKkC5/x5FkyO5o5Eb9OcAcaXgceHp7Jw4NpQ zHteFlJFU337q X-Google-Smtp-Source: AGHT+IECZ5rj+Xws6SDH0lMiUqnz6dwbLqB1hUVzx+vUr0ysDn1Ya7iH0gwfsRg3w9akiVSbp2NIUQ== X-Received: by 2002:a17:903:46c8:b0:240:7247:f738 with SMTP id d9443c01a7336-24096ac5636mr65942435ad.1.1753902351160; Wed, 30 Jul 2025 12:05:51 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:50 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] gnutls: patch CVE-2025-32990 Date: Wed, 30 Jul 2025 12:05:30 -0700 Message-ID: <33634900586ba8c502c3dd6bb4767da929dfd0d1.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:06:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221144 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../gnutls/gnutls/CVE-2025-32990.patch | 2109 +++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 + 2 files changed, 2110 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32990.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-32990.patch b/meta/recipes-support/gnutls/gnutls/CVE-2025-32990.patch new file mode 100644 index 0000000000..8cb67dbef4 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-32990.patch @@ -0,0 +1,2109 @@ +From 408bed40c36a4cc98f0c94a818f682810f731f32 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 7 Jul 2025 10:57:10 +0900 +Subject: [PATCH] certtool: avoid 1-byte write buffer overrun when parsing + template + +Previously, when parsing a template file with a number of key value +pairs, certtool could write a NUL byte after the heap buffer, causing +a memory corruption. This fixes the issue by allocating the NUL byte. +Reported by David Aitel. + +Signed-off-by: Daiki Ueno + +CVE: CVE-2025-32990 +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/408bed40c36a4cc98f0c94a818f682810f731f32] +Signed-off-by: Peter Marko +--- + NEWS | 4 + + src/certtool-cfg.c | 4 +- + tests/cert-tests/Makefile.am | 3 +- + tests/cert-tests/template-test.sh | 13 + + .../template-too-many-othernames.tmpl | 2003 +++++++++++++++++ + 5 files changed, 2024 insertions(+), 3 deletions(-) + create mode 100644 tests/cert-tests/templates/template-too-many-othernames.tmpl + +diff --git a/NEWS b/NEWS +index ff289fa75..1334516c6 100644 +--- a/NEWS ++++ b/NEWS +@@ -14,6 +14,10 @@ See the end for copying conditions. + Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, + CVSS: low] [CVE-2025-32988] + ++** certtool: Fix 1-byte write buffer overrun when parsing template ++ Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, ++ CVSS: low] [CVE-2025-32990] ++ + + * Version 3.7.4 (released 2022-03-17) + +diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c +index 2d7a1dcaf..bce2390a8 100644 +--- a/src/certtool-cfg.c ++++ b/src/certtool-cfg.c +@@ -250,7 +250,7 @@ void cfg_init(void) + { \ + if (s_name == NULL) { \ + i = 0; \ +- s_name = malloc(sizeof(char*)*MAX_ENTRIES); \ ++ s_name = calloc(MAX_ENTRIES + 1, sizeof(char *)); \ + CHECK_MALLOC(s_name); \ + do { \ + if (val && strcmp(val->name, k_name)!=0) \ +@@ -272,7 +272,7 @@ void cfg_init(void) + char *p; \ + if (s_name == NULL) { \ + i = 0; \ +- s_name = malloc(sizeof(char*)*MAX_ENTRIES); \ ++ s_name = calloc(MAX_ENTRIES + 1, sizeof(char *)); \ + CHECK_MALLOC(s_name); \ + do { \ + if (val && strcmp(val->name, k_name)!=0) \ +diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am +index dac615fa5..7a68af199 100644 +--- a/tests/cert-tests/Makefile.am ++++ b/tests/cert-tests/Makefile.am +@@ -102,7 +102,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem + data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \ + templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \ + data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer \ +- templates/simple-policy.tmpl data/simple-policy.pem ++ templates/simple-policy.tmpl data/simple-policy.pem \ ++ templates/template-too-many-othernames.tmpl + + dist_check_SCRIPTS = pathlen.sh aki.sh invalid-sig.sh email.sh \ + pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh name-constraints.sh certtool-long-cn.sh crl.sh provable-privkey.sh \ +diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh +index 5d7410eb3..34e3027ae 100644 +--- a/tests/cert-tests/template-test.sh ++++ b/tests/cert-tests/template-test.sh +@@ -318,6 +318,19 @@ if test "${rc}" != "0"; then + exit ${rc} + fi + ++# Test generation with too many other names ++ ++"${CERTTOOL}" --generate-request \ ++ --load-privkey "${srcdir}/data/template-test.key" \ ++ --template "${srcdir}/templates/template-too-many-othernames.tmpl" \ ++ --outfile ${TMPFILE} 2>/dev/null ++rc=$? ++ ++if test "${rc}" != "0"; then ++ echo "Test with too many othernames failed" ++ exit ${rc} ++fi ++ + rm -f ${TMPFILE} + + exit 0 +diff --git a/tests/cert-tests/templates/template-too-many-othernames.tmpl b/tests/cert-tests/templates/template-too-many-othernames.tmpl +new file mode 100644 +index 000000000..5ef9a862b +--- /dev/null ++++ b/tests/cert-tests/templates/template-too-many-othernames.tmpl +@@ -0,0 +1,2003 @@ ++organization = "OpenAI" ++cn = "example.com" ++ ++other_name_utf8 = "1.2.3.4 testvalue0" ++other_name_utf8 = "1.2.3.4 testvalue1" ++other_name_utf8 = "1.2.3.4 testvalue2" ++other_name_utf8 = "1.2.3.4 testvalue3" ++other_name_utf8 = "1.2.3.4 testvalue4" ++other_name_utf8 = "1.2.3.4 testvalue5" ++other_name_utf8 = "1.2.3.4 testvalue6" ++other_name_utf8 = "1.2.3.4 testvalue7" ++other_name_utf8 = "1.2.3.4 testvalue8" ++other_name_utf8 = "1.2.3.4 testvalue9" ++other_name_utf8 = "1.2.3.4 testvalue10" ++other_name_utf8 = "1.2.3.4 testvalue11" ++other_name_utf8 = "1.2.3.4 testvalue12" ++other_name_utf8 = "1.2.3.4 testvalue13" ++other_name_utf8 = "1.2.3.4 testvalue14" ++other_name_utf8 = "1.2.3.4 testvalue15" ++other_name_utf8 = "1.2.3.4 testvalue16" ++other_name_utf8 = "1.2.3.4 testvalue17" ++other_name_utf8 = "1.2.3.4 testvalue18" ++other_name_utf8 = "1.2.3.4 testvalue19" ++other_name_utf8 = "1.2.3.4 testvalue20" ++other_name_utf8 = "1.2.3.4 testvalue21" ++other_name_utf8 = "1.2.3.4 testvalue22" ++other_name_utf8 = "1.2.3.4 testvalue23" ++other_name_utf8 = "1.2.3.4 testvalue24" ++other_name_utf8 = "1.2.3.4 testvalue25" ++other_name_utf8 = "1.2.3.4 testvalue26" ++other_name_utf8 = "1.2.3.4 testvalue27" ++other_name_utf8 = "1.2.3.4 testvalue28" ++other_name_utf8 = "1.2.3.4 testvalue29" ++other_name_utf8 = "1.2.3.4 testvalue30" ++other_name_utf8 = "1.2.3.4 testvalue31" ++other_name_utf8 = "1.2.3.4 testvalue32" ++other_name_utf8 = "1.2.3.4 testvalue33" ++other_name_utf8 = "1.2.3.4 testvalue34" ++other_name_utf8 = "1.2.3.4 testvalue35" ++other_name_utf8 = "1.2.3.4 testvalue36" ++other_name_utf8 = "1.2.3.4 testvalue37" ++other_name_utf8 = "1.2.3.4 testvalue38" ++other_name_utf8 = "1.2.3.4 testvalue39" ++other_name_utf8 = "1.2.3.4 testvalue40" ++other_name_utf8 = "1.2.3.4 testvalue41" ++other_name_utf8 = "1.2.3.4 testvalue42" ++other_name_utf8 = "1.2.3.4 testvalue43" ++other_name_utf8 = "1.2.3.4 testvalue44" ++other_name_utf8 = "1.2.3.4 testvalue45" ++other_name_utf8 = "1.2.3.4 testvalue46" ++other_name_utf8 = "1.2.3.4 testvalue47" ++other_name_utf8 = "1.2.3.4 testvalue48" ++other_name_utf8 = "1.2.3.4 testvalue49" ++other_name_utf8 = "1.2.3.4 testvalue50" ++other_name_utf8 = "1.2.3.4 testvalue51" ++other_name_utf8 = "1.2.3.4 testvalue52" ++other_name_utf8 = "1.2.3.4 testvalue53" ++other_name_utf8 = "1.2.3.4 testvalue54" ++other_name_utf8 = "1.2.3.4 testvalue55" ++other_name_utf8 = "1.2.3.4 testvalue56" ++other_name_utf8 = "1.2.3.4 testvalue57" ++other_name_utf8 = "1.2.3.4 testvalue58" ++other_name_utf8 = "1.2.3.4 testvalue59" ++other_name_utf8 = "1.2.3.4 testvalue60" ++other_name_utf8 = "1.2.3.4 testvalue61" ++other_name_utf8 = "1.2.3.4 testvalue62" ++other_name_utf8 = "1.2.3.4 testvalue63" ++other_name_utf8 = "1.2.3.4 testvalue64" ++other_name_utf8 = "1.2.3.4 testvalue65" ++other_name_utf8 = "1.2.3.4 testvalue66" ++other_name_utf8 = "1.2.3.4 testvalue67" ++other_name_utf8 = "1.2.3.4 testvalue68" ++other_name_utf8 = "1.2.3.4 testvalue69" ++other_name_utf8 = "1.2.3.4 testvalue70" ++other_name_utf8 = "1.2.3.4 testvalue71" ++other_name_utf8 = "1.2.3.4 testvalue72" ++other_name_utf8 = "1.2.3.4 testvalue73" ++other_name_utf8 = "1.2.3.4 testvalue74" ++other_name_utf8 = "1.2.3.4 testvalue75" ++other_name_utf8 = "1.2.3.4 testvalue76" ++other_name_utf8 = "1.2.3.4 testvalue77" ++other_name_utf8 = "1.2.3.4 testvalue78" ++other_name_utf8 = "1.2.3.4 testvalue79" ++other_name_utf8 = "1.2.3.4 testvalue80" ++other_name_utf8 = "1.2.3.4 testvalue81" ++other_name_utf8 = "1.2.3.4 testvalue82" ++other_name_utf8 = "1.2.3.4 testvalue83" ++other_name_utf8 = "1.2.3.4 testvalue84" ++other_name_utf8 = "1.2.3.4 testvalue85" ++other_name_utf8 = "1.2.3.4 testvalue86" ++other_name_utf8 = "1.2.3.4 testvalue87" ++other_name_utf8 = "1.2.3.4 testvalue88" ++other_name_utf8 = "1.2.3.4 testvalue89" ++other_name_utf8 = "1.2.3.4 testvalue90" ++other_name_utf8 = "1.2.3.4 testvalue91" ++other_name_utf8 = "1.2.3.4 testvalue92" ++other_name_utf8 = "1.2.3.4 testvalue93" ++other_name_utf8 = "1.2.3.4 testvalue94" ++other_name_utf8 = "1.2.3.4 testvalue95" ++other_name_utf8 = "1.2.3.4 testvalue96" ++other_name_utf8 = "1.2.3.4 testvalue97" ++other_name_utf8 = "1.2.3.4 testvalue98" ++other_name_utf8 = "1.2.3.4 testvalue99" ++other_name_utf8 = "1.2.3.4 testvalue100" ++other_name_utf8 = "1.2.3.4 testvalue101" ++other_name_utf8 = "1.2.3.4 testvalue102" ++other_name_utf8 = "1.2.3.4 testvalue103" ++other_name_utf8 = "1.2.3.4 testvalue104" ++other_name_utf8 = "1.2.3.4 testvalue105" ++other_name_utf8 = "1.2.3.4 testvalue106" ++other_name_utf8 = "1.2.3.4 testvalue107" ++other_name_utf8 = "1.2.3.4 testvalue108" ++other_name_utf8 = "1.2.3.4 testvalue109" ++other_name_utf8 = "1.2.3.4 testvalue110" ++other_name_utf8 = "1.2.3.4 testvalue111" ++other_name_utf8 = "1.2.3.4 testvalue112" ++other_name_utf8 = "1.2.3.4 testvalue113" ++other_name_utf8 = "1.2.3.4 testvalue114" ++other_name_utf8 = "1.2.3.4 testvalue115" ++other_name_utf8 = "1.2.3.4 testvalue116" ++other_name_utf8 = "1.2.3.4 testvalue117" ++other_name_utf8 = "1.2.3.4 testvalue118" ++other_name_utf8 = "1.2.3.4 testvalue119" ++other_name_utf8 = "1.2.3.4 testvalue120" ++other_name_utf8 = "1.2.3.4 testvalue121" ++other_name_utf8 = "1.2.3.4 testvalue122" ++other_name_utf8 = "1.2.3.4 testvalue123" ++other_name_utf8 = "1.2.3.4 testvalue124" ++other_name_utf8 = "1.2.3.4 testvalue125" ++other_name_utf8 = "1.2.3.4 testvalue126" ++other_name_utf8 = "1.2.3.4 testvalue127" ++other_name_utf8 = "1.2.3.4 testvalue128" ++other_name_utf8 = "1.2.3.4 testvalue129" ++other_name_utf8 = "1.2.3.4 testvalue130" ++other_name_utf8 = "1.2.3.4 testvalue131" ++other_name_utf8 = "1.2.3.4 testvalue132" ++other_name_utf8 = "1.2.3.4 testvalue133" ++other_name_utf8 = "1.2.3.4 testvalue134" ++other_name_utf8 = "1.2.3.4 testvalue135" ++other_name_utf8 = "1.2.3.4 testvalue136" ++other_name_utf8 = "1.2.3.4 testvalue137" ++other_name_utf8 = "1.2.3.4 testvalue138" ++other_name_utf8 = "1.2.3.4 testvalue139" ++other_name_utf8 = "1.2.3.4 testvalue140" ++other_name_utf8 = "1.2.3.4 testvalue141" ++other_name_utf8 = "1.2.3.4 testvalue142" ++other_name_utf8 = "1.2.3.4 testvalue143" ++other_name_utf8 = "1.2.3.4 testvalue144" ++other_name_utf8 = "1.2.3.4 testvalue145" ++other_name_utf8 = "1.2.3.4 testvalue146" ++other_name_utf8 = "1.2.3.4 testvalue147" ++other_name_utf8 = "1.2.3.4 testvalue148" ++other_name_utf8 = "1.2.3.4 testvalue149" ++other_name_utf8 = "1.2.3.4 testvalue150" ++other_name_utf8 = "1.2.3.4 testvalue151" ++other_name_utf8 = "1.2.3.4 testvalue152" ++other_name_utf8 = "1.2.3.4 testvalue153" ++other_name_utf8 = "1.2.3.4 testvalue154" ++other_name_utf8 = "1.2.3.4 testvalue155" ++other_name_utf8 = "1.2.3.4 testvalue156" ++other_name_utf8 = "1.2.3.4 testvalue157" ++other_name_utf8 = "1.2.3.4 testvalue158" ++other_name_utf8 = "1.2.3.4 testvalue159" ++other_name_utf8 = "1.2.3.4 testvalue160" ++other_name_utf8 = "1.2.3.4 testvalue161" ++other_name_utf8 = "1.2.3.4 testvalue162" ++other_name_utf8 = "1.2.3.4 testvalue163" ++other_name_utf8 = "1.2.3.4 testvalue164" ++other_name_utf8 = "1.2.3.4 testvalue165" ++other_name_utf8 = "1.2.3.4 testvalue166" ++other_name_utf8 = "1.2.3.4 testvalue167" ++other_name_utf8 = "1.2.3.4 testvalue168" ++other_name_utf8 = "1.2.3.4 testvalue169" ++other_name_utf8 = "1.2.3.4 testvalue170" ++other_name_utf8 = "1.2.3.4 testvalue171" ++other_name_utf8 = "1.2.3.4 testvalue172" ++other_name_utf8 = "1.2.3.4 testvalue173" ++other_name_utf8 = "1.2.3.4 testvalue174" ++other_name_utf8 = "1.2.3.4 testvalue175" ++other_name_utf8 = "1.2.3.4 testvalue176" ++other_name_utf8 = "1.2.3.4 testvalue177" ++other_name_utf8 = "1.2.3.4 testvalue178" ++other_name_utf8 = "1.2.3.4 testvalue179" ++other_name_utf8 = "1.2.3.4 testvalue180" ++other_name_utf8 = "1.2.3.4 testvalue181" ++other_name_utf8 = "1.2.3.4 testvalue182" ++other_name_utf8 = "1.2.3.4 testvalue183" ++other_name_utf8 = "1.2.3.4 testvalue184" ++other_name_utf8 = "1.2.3.4 testvalue185" ++other_name_utf8 = "1.2.3.4 testvalue186" ++other_name_utf8 = "1.2.3.4 testvalue187" ++other_name_utf8 = "1.2.3.4 testvalue188" ++other_name_utf8 = "1.2.3.4 testvalue189" ++other_name_utf8 = "1.2.3.4 testvalue190" ++other_name_utf8 = "1.2.3.4 testvalue191" ++other_name_utf8 = "1.2.3.4 testvalue192" ++other_name_utf8 = "1.2.3.4 testvalue193" ++other_name_utf8 = "1.2.3.4 testvalue194" ++other_name_utf8 = "1.2.3.4 testvalue195" ++other_name_utf8 = "1.2.3.4 testvalue196" ++other_name_utf8 = "1.2.3.4 testvalue197" ++other_name_utf8 = "1.2.3.4 testvalue198" ++other_name_utf8 = "1.2.3.4 testvalue199" ++other_name_utf8 = "1.2.3.4 testvalue200" ++other_name_utf8 = "1.2.3.4 testvalue201" ++other_name_utf8 = "1.2.3.4 testvalue202" ++other_name_utf8 = "1.2.3.4 testvalue203" ++other_name_utf8 = "1.2.3.4 testvalue204" ++other_name_utf8 = "1.2.3.4 testvalue205" ++other_name_utf8 = "1.2.3.4 testvalue206" ++other_name_utf8 = "1.2.3.4 testvalue207" ++other_name_utf8 = "1.2.3.4 testvalue208" ++other_name_utf8 = "1.2.3.4 testvalue209" ++other_name_utf8 = "1.2.3.4 testvalue210" ++other_name_utf8 = "1.2.3.4 testvalue211" ++other_name_utf8 = "1.2.3.4 testvalue212" ++other_name_utf8 = "1.2.3.4 testvalue213" ++other_name_utf8 = "1.2.3.4 testvalue214" ++other_name_utf8 = "1.2.3.4 testvalue215" ++other_name_utf8 = "1.2.3.4 testvalue216" ++other_name_utf8 = "1.2.3.4 testvalue217" ++other_name_utf8 = "1.2.3.4 testvalue218" ++other_name_utf8 = "1.2.3.4 testvalue219" ++other_name_utf8 = "1.2.3.4 testvalue220" ++other_name_utf8 = "1.2.3.4 testvalue221" ++other_name_utf8 = "1.2.3.4 testvalue222" ++other_name_utf8 = "1.2.3.4 testvalue223" ++other_name_utf8 = "1.2.3.4 testvalue224" ++other_name_utf8 = "1.2.3.4 testvalue225" ++other_name_utf8 = "1.2.3.4 testvalue226" ++other_name_utf8 = "1.2.3.4 testvalue227" ++other_name_utf8 = "1.2.3.4 testvalue228" ++other_name_utf8 = "1.2.3.4 testvalue229" ++other_name_utf8 = "1.2.3.4 testvalue230" ++other_name_utf8 = "1.2.3.4 testvalue231" ++other_name_utf8 = "1.2.3.4 testvalue232" ++other_name_utf8 = "1.2.3.4 testvalue233" ++other_name_utf8 = "1.2.3.4 testvalue234" ++other_name_utf8 = "1.2.3.4 testvalue235" ++other_name_utf8 = "1.2.3.4 testvalue236" ++other_name_utf8 = "1.2.3.4 testvalue237" ++other_name_utf8 = "1.2.3.4 testvalue238" ++other_name_utf8 = "1.2.3.4 testvalue239" ++other_name_utf8 = "1.2.3.4 testvalue240" ++other_name_utf8 = "1.2.3.4 testvalue241" ++other_name_utf8 = "1.2.3.4 testvalue242" ++other_name_utf8 = "1.2.3.4 testvalue243" ++other_name_utf8 = "1.2.3.4 testvalue244" ++other_name_utf8 = "1.2.3.4 testvalue245" ++other_name_utf8 = "1.2.3.4 testvalue246" ++other_name_utf8 = "1.2.3.4 testvalue247" ++other_name_utf8 = "1.2.3.4 testvalue248" ++other_name_utf8 = "1.2.3.4 testvalue249" ++other_name_utf8 = "1.2.3.4 testvalue250" ++other_name_utf8 = "1.2.3.4 testvalue251" ++other_name_utf8 = "1.2.3.4 testvalue252" ++other_name_utf8 = "1.2.3.4 testvalue253" ++other_name_utf8 = "1.2.3.4 testvalue254" ++other_name_utf8 = "1.2.3.4 testvalue255" ++other_name_utf8 = "1.2.3.4 testvalue256" ++other_name_utf8 = "1.2.3.4 testvalue257" ++other_name_utf8 = "1.2.3.4 testvalue258" ++other_name_utf8 = "1.2.3.4 testvalue259" ++other_name_utf8 = "1.2.3.4 testvalue260" ++other_name_utf8 = "1.2.3.4 testvalue261" ++other_name_utf8 = "1.2.3.4 testvalue262" ++other_name_utf8 = "1.2.3.4 testvalue263" ++other_name_utf8 = "1.2.3.4 testvalue264" ++other_name_utf8 = "1.2.3.4 testvalue265" ++other_name_utf8 = "1.2.3.4 testvalue266" ++other_name_utf8 = "1.2.3.4 testvalue267" ++other_name_utf8 = "1.2.3.4 testvalue268" ++other_name_utf8 = "1.2.3.4 testvalue269" ++other_name_utf8 = "1.2.3.4 testvalue270" ++other_name_utf8 = "1.2.3.4 testvalue271" ++other_name_utf8 = "1.2.3.4 testvalue272" ++other_name_utf8 = "1.2.3.4 testvalue273" ++other_name_utf8 = "1.2.3.4 testvalue274" ++other_name_utf8 = "1.2.3.4 testvalue275" ++other_name_utf8 = "1.2.3.4 testvalue276" ++other_name_utf8 = "1.2.3.4 testvalue277" ++other_name_utf8 = "1.2.3.4 testvalue278" ++other_name_utf8 = "1.2.3.4 testvalue279" ++other_name_utf8 = "1.2.3.4 testvalue280" ++other_name_utf8 = "1.2.3.4 testvalue281" ++other_name_utf8 = "1.2.3.4 testvalue282" ++other_name_utf8 = "1.2.3.4 testvalue283" ++other_name_utf8 = "1.2.3.4 testvalue284" ++other_name_utf8 = "1.2.3.4 testvalue285" ++other_name_utf8 = "1.2.3.4 testvalue286" ++other_name_utf8 = "1.2.3.4 testvalue287" ++other_name_utf8 = "1.2.3.4 testvalue288" ++other_name_utf8 = "1.2.3.4 testvalue289" ++other_name_utf8 = "1.2.3.4 testvalue290" ++other_name_utf8 = "1.2.3.4 testvalue291" ++other_name_utf8 = "1.2.3.4 testvalue292" ++other_name_utf8 = "1.2.3.4 testvalue293" ++other_name_utf8 = "1.2.3.4 testvalue294" ++other_name_utf8 = "1.2.3.4 testvalue295" ++other_name_utf8 = "1.2.3.4 testvalue296" ++other_name_utf8 = "1.2.3.4 testvalue297" ++other_name_utf8 = "1.2.3.4 testvalue298" ++other_name_utf8 = "1.2.3.4 testvalue299" ++other_name_utf8 = "1.2.3.4 testvalue300" ++other_name_utf8 = "1.2.3.4 testvalue301" ++other_name_utf8 = "1.2.3.4 testvalue302" ++other_name_utf8 = "1.2.3.4 testvalue303" ++other_name_utf8 = "1.2.3.4 testvalue304" ++other_name_utf8 = "1.2.3.4 testvalue305" ++other_name_utf8 = "1.2.3.4 testvalue306" ++other_name_utf8 = "1.2.3.4 testvalue307" ++other_name_utf8 = "1.2.3.4 testvalue308" ++other_name_utf8 = "1.2.3.4 testvalue309" ++other_name_utf8 = "1.2.3.4 testvalue310" ++other_name_utf8 = "1.2.3.4 testvalue311" ++other_name_utf8 = "1.2.3.4 testvalue312" ++other_name_utf8 = "1.2.3.4 testvalue313" ++other_name_utf8 = "1.2.3.4 testvalue314" ++other_name_utf8 = "1.2.3.4 testvalue315" ++other_name_utf8 = "1.2.3.4 testvalue316" ++other_name_utf8 = "1.2.3.4 testvalue317" ++other_name_utf8 = "1.2.3.4 testvalue318" ++other_name_utf8 = "1.2.3.4 testvalue319" ++other_name_utf8 = "1.2.3.4 testvalue320" ++other_name_utf8 = "1.2.3.4 testvalue321" ++other_name_utf8 = "1.2.3.4 testvalue322" ++other_name_utf8 = "1.2.3.4 testvalue323" ++other_name_utf8 = "1.2.3.4 testvalue324" ++other_name_utf8 = "1.2.3.4 testvalue325" ++other_name_utf8 = "1.2.3.4 testvalue326" ++other_name_utf8 = "1.2.3.4 testvalue327" ++other_name_utf8 = "1.2.3.4 testvalue328" ++other_name_utf8 = "1.2.3.4 testvalue329" ++other_name_utf8 = "1.2.3.4 testvalue330" ++other_name_utf8 = "1.2.3.4 testvalue331" ++other_name_utf8 = "1.2.3.4 testvalue332" ++other_name_utf8 = "1.2.3.4 testvalue333" ++other_name_utf8 = "1.2.3.4 testvalue334" ++other_name_utf8 = "1.2.3.4 testvalue335" ++other_name_utf8 = "1.2.3.4 testvalue336" ++other_name_utf8 = "1.2.3.4 testvalue337" ++other_name_utf8 = "1.2.3.4 testvalue338" ++other_name_utf8 = "1.2.3.4 testvalue339" ++other_name_utf8 = "1.2.3.4 testvalue340" ++other_name_utf8 = "1.2.3.4 testvalue341" ++other_name_utf8 = "1.2.3.4 testvalue342" ++other_name_utf8 = "1.2.3.4 testvalue343" ++other_name_utf8 = "1.2.3.4 testvalue344" ++other_name_utf8 = "1.2.3.4 testvalue345" ++other_name_utf8 = "1.2.3.4 testvalue346" ++other_name_utf8 = "1.2.3.4 testvalue347" ++other_name_utf8 = "1.2.3.4 testvalue348" ++other_name_utf8 = "1.2.3.4 testvalue349" ++other_name_utf8 = "1.2.3.4 testvalue350" ++other_name_utf8 = "1.2.3.4 testvalue351" ++other_name_utf8 = "1.2.3.4 testvalue352" ++other_name_utf8 = "1.2.3.4 testvalue353" ++other_name_utf8 = "1.2.3.4 testvalue354" ++other_name_utf8 = "1.2.3.4 testvalue355" ++other_name_utf8 = "1.2.3.4 testvalue356" ++other_name_utf8 = "1.2.3.4 testvalue357" ++other_name_utf8 = "1.2.3.4 testvalue358" ++other_name_utf8 = "1.2.3.4 testvalue359" ++other_name_utf8 = "1.2.3.4 testvalue360" ++other_name_utf8 = "1.2.3.4 testvalue361" ++other_name_utf8 = "1.2.3.4 testvalue362" ++other_name_utf8 = "1.2.3.4 testvalue363" ++other_name_utf8 = "1.2.3.4 testvalue364" ++other_name_utf8 = "1.2.3.4 testvalue365" ++other_name_utf8 = "1.2.3.4 testvalue366" ++other_name_utf8 = "1.2.3.4 testvalue367" ++other_name_utf8 = "1.2.3.4 testvalue368" ++other_name_utf8 = "1.2.3.4 testvalue369" ++other_name_utf8 = "1.2.3.4 testvalue370" ++other_name_utf8 = "1.2.3.4 testvalue371" ++other_name_utf8 = "1.2.3.4 testvalue372" ++other_name_utf8 = "1.2.3.4 testvalue373" ++other_name_utf8 = "1.2.3.4 testvalue374" ++other_name_utf8 = "1.2.3.4 testvalue375" ++other_name_utf8 = "1.2.3.4 testvalue376" ++other_name_utf8 = "1.2.3.4 testvalue377" ++other_name_utf8 = "1.2.3.4 testvalue378" ++other_name_utf8 = "1.2.3.4 testvalue379" ++other_name_utf8 = "1.2.3.4 testvalue380" ++other_name_utf8 = "1.2.3.4 testvalue381" ++other_name_utf8 = "1.2.3.4 testvalue382" ++other_name_utf8 = "1.2.3.4 testvalue383" ++other_name_utf8 = "1.2.3.4 testvalue384" ++other_name_utf8 = "1.2.3.4 testvalue385" ++other_name_utf8 = "1.2.3.4 testvalue386" ++other_name_utf8 = "1.2.3.4 testvalue387" ++other_name_utf8 = "1.2.3.4 testvalue388" ++other_name_utf8 = "1.2.3.4 testvalue389" ++other_name_utf8 = "1.2.3.4 testvalue390" ++other_name_utf8 = "1.2.3.4 testvalue391" ++other_name_utf8 = "1.2.3.4 testvalue392" ++other_name_utf8 = "1.2.3.4 testvalue393" ++other_name_utf8 = "1.2.3.4 testvalue394" ++other_name_utf8 = "1.2.3.4 testvalue395" ++other_name_utf8 = "1.2.3.4 testvalue396" ++other_name_utf8 = "1.2.3.4 testvalue397" ++other_name_utf8 = "1.2.3.4 testvalue398" ++other_name_utf8 = "1.2.3.4 testvalue399" ++other_name_utf8 = "1.2.3.4 testvalue400" ++other_name_utf8 = "1.2.3.4 testvalue401" ++other_name_utf8 = "1.2.3.4 testvalue402" ++other_name_utf8 = "1.2.3.4 testvalue403" ++other_name_utf8 = "1.2.3.4 testvalue404" ++other_name_utf8 = "1.2.3.4 testvalue405" ++other_name_utf8 = "1.2.3.4 testvalue406" ++other_name_utf8 = "1.2.3.4 testvalue407" ++other_name_utf8 = "1.2.3.4 testvalue408" ++other_name_utf8 = "1.2.3.4 testvalue409" ++other_name_utf8 = "1.2.3.4 testvalue410" ++other_name_utf8 = "1.2.3.4 testvalue411" ++other_name_utf8 = "1.2.3.4 testvalue412" ++other_name_utf8 = "1.2.3.4 testvalue413" ++other_name_utf8 = "1.2.3.4 testvalue414" ++other_name_utf8 = "1.2.3.4 testvalue415" ++other_name_utf8 = "1.2.3.4 testvalue416" ++other_name_utf8 = "1.2.3.4 testvalue417" ++other_name_utf8 = "1.2.3.4 testvalue418" ++other_name_utf8 = "1.2.3.4 testvalue419" ++other_name_utf8 = "1.2.3.4 testvalue420" ++other_name_utf8 = "1.2.3.4 testvalue421" ++other_name_utf8 = "1.2.3.4 testvalue422" ++other_name_utf8 = "1.2.3.4 testvalue423" ++other_name_utf8 = "1.2.3.4 testvalue424" ++other_name_utf8 = "1.2.3.4 testvalue425" ++other_name_utf8 = "1.2.3.4 testvalue426" ++other_name_utf8 = "1.2.3.4 testvalue427" ++other_name_utf8 = "1.2.3.4 testvalue428" ++other_name_utf8 = "1.2.3.4 testvalue429" ++other_name_utf8 = "1.2.3.4 testvalue430" ++other_name_utf8 = "1.2.3.4 testvalue431" ++other_name_utf8 = "1.2.3.4 testvalue432" ++other_name_utf8 = "1.2.3.4 testvalue433" ++other_name_utf8 = "1.2.3.4 testvalue434" ++other_name_utf8 = "1.2.3.4 testvalue435" ++other_name_utf8 = "1.2.3.4 testvalue436" ++other_name_utf8 = "1.2.3.4 testvalue437" ++other_name_utf8 = "1.2.3.4 testvalue438" ++other_name_utf8 = "1.2.3.4 testvalue439" ++other_name_utf8 = "1.2.3.4 testvalue440" ++other_name_utf8 = "1.2.3.4 testvalue441" ++other_name_utf8 = "1.2.3.4 testvalue442" ++other_name_utf8 = "1.2.3.4 testvalue443" ++other_name_utf8 = "1.2.3.4 testvalue444" ++other_name_utf8 = "1.2.3.4 testvalue445" ++other_name_utf8 = "1.2.3.4 testvalue446" ++other_name_utf8 = "1.2.3.4 testvalue447" ++other_name_utf8 = "1.2.3.4 testvalue448" ++other_name_utf8 = "1.2.3.4 testvalue449" ++other_name_utf8 = "1.2.3.4 testvalue450" ++other_name_utf8 = "1.2.3.4 testvalue451" ++other_name_utf8 = "1.2.3.4 testvalue452" ++other_name_utf8 = "1.2.3.4 testvalue453" ++other_name_utf8 = "1.2.3.4 testvalue454" ++other_name_utf8 = "1.2.3.4 testvalue455" ++other_name_utf8 = "1.2.3.4 testvalue456" ++other_name_utf8 = "1.2.3.4 testvalue457" ++other_name_utf8 = "1.2.3.4 testvalue458" ++other_name_utf8 = "1.2.3.4 testvalue459" ++other_name_utf8 = "1.2.3.4 testvalue460" ++other_name_utf8 = "1.2.3.4 testvalue461" ++other_name_utf8 = "1.2.3.4 testvalue462" ++other_name_utf8 = "1.2.3.4 testvalue463" ++other_name_utf8 = "1.2.3.4 testvalue464" ++other_name_utf8 = "1.2.3.4 testvalue465" ++other_name_utf8 = "1.2.3.4 testvalue466" ++other_name_utf8 = "1.2.3.4 testvalue467" ++other_name_utf8 = "1.2.3.4 testvalue468" ++other_name_utf8 = "1.2.3.4 testvalue469" ++other_name_utf8 = "1.2.3.4 testvalue470" ++other_name_utf8 = "1.2.3.4 testvalue471" ++other_name_utf8 = "1.2.3.4 testvalue472" ++other_name_utf8 = "1.2.3.4 testvalue473" ++other_name_utf8 = "1.2.3.4 testvalue474" ++other_name_utf8 = "1.2.3.4 testvalue475" ++other_name_utf8 = "1.2.3.4 testvalue476" ++other_name_utf8 = "1.2.3.4 testvalue477" ++other_name_utf8 = "1.2.3.4 testvalue478" ++other_name_utf8 = "1.2.3.4 testvalue479" ++other_name_utf8 = "1.2.3.4 testvalue480" ++other_name_utf8 = "1.2.3.4 testvalue481" ++other_name_utf8 = "1.2.3.4 testvalue482" ++other_name_utf8 = "1.2.3.4 testvalue483" ++other_name_utf8 = "1.2.3.4 testvalue484" ++other_name_utf8 = "1.2.3.4 testvalue485" ++other_name_utf8 = "1.2.3.4 testvalue486" ++other_name_utf8 = "1.2.3.4 testvalue487" ++other_name_utf8 = "1.2.3.4 testvalue488" ++other_name_utf8 = "1.2.3.4 testvalue489" ++other_name_utf8 = "1.2.3.4 testvalue490" ++other_name_utf8 = "1.2.3.4 testvalue491" ++other_name_utf8 = "1.2.3.4 testvalue492" ++other_name_utf8 = "1.2.3.4 testvalue493" ++other_name_utf8 = "1.2.3.4 testvalue494" ++other_name_utf8 = "1.2.3.4 testvalue495" ++other_name_utf8 = "1.2.3.4 testvalue496" ++other_name_utf8 = "1.2.3.4 testvalue497" ++other_name_utf8 = "1.2.3.4 testvalue498" ++other_name_utf8 = "1.2.3.4 testvalue499" ++other_name_utf8 = "1.2.3.4 testvalue500" ++other_name_utf8 = "1.2.3.4 testvalue501" ++other_name_utf8 = "1.2.3.4 testvalue502" ++other_name_utf8 = "1.2.3.4 testvalue503" ++other_name_utf8 = "1.2.3.4 testvalue504" ++other_name_utf8 = "1.2.3.4 testvalue505" ++other_name_utf8 = "1.2.3.4 testvalue506" ++other_name_utf8 = "1.2.3.4 testvalue507" ++other_name_utf8 = "1.2.3.4 testvalue508" ++other_name_utf8 = "1.2.3.4 testvalue509" ++other_name_utf8 = "1.2.3.4 testvalue510" ++other_name_utf8 = "1.2.3.4 testvalue511" ++other_name_utf8 = "1.2.3.4 testvalue512" ++other_name_utf8 = "1.2.3.4 testvalue513" ++other_name_utf8 = "1.2.3.4 testvalue514" ++other_name_utf8 = "1.2.3.4 testvalue515" ++other_name_utf8 = "1.2.3.4 testvalue516" ++other_name_utf8 = "1.2.3.4 testvalue517" ++other_name_utf8 = "1.2.3.4 testvalue518" ++other_name_utf8 = "1.2.3.4 testvalue519" ++other_name_utf8 = "1.2.3.4 testvalue520" ++other_name_utf8 = "1.2.3.4 testvalue521" ++other_name_utf8 = "1.2.3.4 testvalue522" ++other_name_utf8 = "1.2.3.4 testvalue523" ++other_name_utf8 = "1.2.3.4 testvalue524" ++other_name_utf8 = "1.2.3.4 testvalue525" ++other_name_utf8 = "1.2.3.4 testvalue526" ++other_name_utf8 = "1.2.3.4 testvalue527" ++other_name_utf8 = "1.2.3.4 testvalue528" ++other_name_utf8 = "1.2.3.4 testvalue529" ++other_name_utf8 = "1.2.3.4 testvalue530" ++other_name_utf8 = "1.2.3.4 testvalue531" ++other_name_utf8 = "1.2.3.4 testvalue532" ++other_name_utf8 = "1.2.3.4 testvalue533" ++other_name_utf8 = "1.2.3.4 testvalue534" ++other_name_utf8 = "1.2.3.4 testvalue535" ++other_name_utf8 = "1.2.3.4 testvalue536" ++other_name_utf8 = "1.2.3.4 testvalue537" ++other_name_utf8 = "1.2.3.4 testvalue538" ++other_name_utf8 = "1.2.3.4 testvalue539" ++other_name_utf8 = "1.2.3.4 testvalue540" ++other_name_utf8 = "1.2.3.4 testvalue541" ++other_name_utf8 = "1.2.3.4 testvalue542" ++other_name_utf8 = "1.2.3.4 testvalue543" ++other_name_utf8 = "1.2.3.4 testvalue544" ++other_name_utf8 = "1.2.3.4 testvalue545" ++other_name_utf8 = "1.2.3.4 testvalue546" ++other_name_utf8 = "1.2.3.4 testvalue547" ++other_name_utf8 = "1.2.3.4 testvalue548" ++other_name_utf8 = "1.2.3.4 testvalue549" ++other_name_utf8 = "1.2.3.4 testvalue550" ++other_name_utf8 = "1.2.3.4 testvalue551" ++other_name_utf8 = "1.2.3.4 testvalue552" ++other_name_utf8 = "1.2.3.4 testvalue553" ++other_name_utf8 = "1.2.3.4 testvalue554" ++other_name_utf8 = "1.2.3.4 testvalue555" ++other_name_utf8 = "1.2.3.4 testvalue556" ++other_name_utf8 = "1.2.3.4 testvalue557" ++other_name_utf8 = "1.2.3.4 testvalue558" ++other_name_utf8 = "1.2.3.4 testvalue559" ++other_name_utf8 = "1.2.3.4 testvalue560" ++other_name_utf8 = "1.2.3.4 testvalue561" ++other_name_utf8 = "1.2.3.4 testvalue562" ++other_name_utf8 = "1.2.3.4 testvalue563" ++other_name_utf8 = "1.2.3.4 testvalue564" ++other_name_utf8 = "1.2.3.4 testvalue565" ++other_name_utf8 = "1.2.3.4 testvalue566" ++other_name_utf8 = "1.2.3.4 testvalue567" ++other_name_utf8 = "1.2.3.4 testvalue568" ++other_name_utf8 = "1.2.3.4 testvalue569" ++other_name_utf8 = "1.2.3.4 testvalue570" ++other_name_utf8 = "1.2.3.4 testvalue571" ++other_name_utf8 = "1.2.3.4 testvalue572" ++other_name_utf8 = "1.2.3.4 testvalue573" ++other_name_utf8 = "1.2.3.4 testvalue574" ++other_name_utf8 = "1.2.3.4 testvalue575" ++other_name_utf8 = "1.2.3.4 testvalue576" ++other_name_utf8 = "1.2.3.4 testvalue577" ++other_name_utf8 = "1.2.3.4 testvalue578" ++other_name_utf8 = "1.2.3.4 testvalue579" ++other_name_utf8 = "1.2.3.4 testvalue580" ++other_name_utf8 = "1.2.3.4 testvalue581" ++other_name_utf8 = "1.2.3.4 testvalue582" ++other_name_utf8 = "1.2.3.4 testvalue583" ++other_name_utf8 = "1.2.3.4 testvalue584" ++other_name_utf8 = "1.2.3.4 testvalue585" ++other_name_utf8 = "1.2.3.4 testvalue586" ++other_name_utf8 = "1.2.3.4 testvalue587" ++other_name_utf8 = "1.2.3.4 testvalue588" ++other_name_utf8 = "1.2.3.4 testvalue589" ++other_name_utf8 = "1.2.3.4 testvalue590" ++other_name_utf8 = "1.2.3.4 testvalue591" ++other_name_utf8 = "1.2.3.4 testvalue592" ++other_name_utf8 = "1.2.3.4 testvalue593" ++other_name_utf8 = "1.2.3.4 testvalue594" ++other_name_utf8 = "1.2.3.4 testvalue595" ++other_name_utf8 = "1.2.3.4 testvalue596" ++other_name_utf8 = "1.2.3.4 testvalue597" ++other_name_utf8 = "1.2.3.4 testvalue598" ++other_name_utf8 = "1.2.3.4 testvalue599" ++other_name_utf8 = "1.2.3.4 testvalue600" ++other_name_utf8 = "1.2.3.4 testvalue601" ++other_name_utf8 = "1.2.3.4 testvalue602" ++other_name_utf8 = "1.2.3.4 testvalue603" ++other_name_utf8 = "1.2.3.4 testvalue604" ++other_name_utf8 = "1.2.3.4 testvalue605" ++other_name_utf8 = "1.2.3.4 testvalue606" ++other_name_utf8 = "1.2.3.4 testvalue607" ++other_name_utf8 = "1.2.3.4 testvalue608" ++other_name_utf8 = "1.2.3.4 testvalue609" ++other_name_utf8 = "1.2.3.4 testvalue610" ++other_name_utf8 = "1.2.3.4 testvalue611" ++other_name_utf8 = "1.2.3.4 testvalue612" ++other_name_utf8 = "1.2.3.4 testvalue613" ++other_name_utf8 = "1.2.3.4 testvalue614" ++other_name_utf8 = "1.2.3.4 testvalue615" ++other_name_utf8 = "1.2.3.4 testvalue616" ++other_name_utf8 = "1.2.3.4 testvalue617" ++other_name_utf8 = "1.2.3.4 testvalue618" ++other_name_utf8 = "1.2.3.4 testvalue619" ++other_name_utf8 = "1.2.3.4 testvalue620" ++other_name_utf8 = "1.2.3.4 testvalue621" ++other_name_utf8 = "1.2.3.4 testvalue622" ++other_name_utf8 = "1.2.3.4 testvalue623" ++other_name_utf8 = "1.2.3.4 testvalue624" ++other_name_utf8 = "1.2.3.4 testvalue625" ++other_name_utf8 = "1.2.3.4 testvalue626" ++other_name_utf8 = "1.2.3.4 testvalue627" ++other_name_utf8 = "1.2.3.4 testvalue628" ++other_name_utf8 = "1.2.3.4 testvalue629" ++other_name_utf8 = "1.2.3.4 testvalue630" ++other_name_utf8 = "1.2.3.4 testvalue631" ++other_name_utf8 = "1.2.3.4 testvalue632" ++other_name_utf8 = "1.2.3.4 testvalue633" ++other_name_utf8 = "1.2.3.4 testvalue634" ++other_name_utf8 = "1.2.3.4 testvalue635" ++other_name_utf8 = "1.2.3.4 testvalue636" ++other_name_utf8 = "1.2.3.4 testvalue637" ++other_name_utf8 = "1.2.3.4 testvalue638" ++other_name_utf8 = "1.2.3.4 testvalue639" ++other_name_utf8 = "1.2.3.4 testvalue640" ++other_name_utf8 = "1.2.3.4 testvalue641" ++other_name_utf8 = "1.2.3.4 testvalue642" ++other_name_utf8 = "1.2.3.4 testvalue643" ++other_name_utf8 = "1.2.3.4 testvalue644" ++other_name_utf8 = "1.2.3.4 testvalue645" ++other_name_utf8 = "1.2.3.4 testvalue646" ++other_name_utf8 = "1.2.3.4 testvalue647" ++other_name_utf8 = "1.2.3.4 testvalue648" ++other_name_utf8 = "1.2.3.4 testvalue649" ++other_name_utf8 = "1.2.3.4 testvalue650" ++other_name_utf8 = "1.2.3.4 testvalue651" ++other_name_utf8 = "1.2.3.4 testvalue652" ++other_name_utf8 = "1.2.3.4 testvalue653" ++other_name_utf8 = "1.2.3.4 testvalue654" ++other_name_utf8 = "1.2.3.4 testvalue655" ++other_name_utf8 = "1.2.3.4 testvalue656" ++other_name_utf8 = "1.2.3.4 testvalue657" ++other_name_utf8 = "1.2.3.4 testvalue658" ++other_name_utf8 = "1.2.3.4 testvalue659" ++other_name_utf8 = "1.2.3.4 testvalue660" ++other_name_utf8 = "1.2.3.4 testvalue661" ++other_name_utf8 = "1.2.3.4 testvalue662" ++other_name_utf8 = "1.2.3.4 testvalue663" ++other_name_utf8 = "1.2.3.4 testvalue664" ++other_name_utf8 = "1.2.3.4 testvalue665" ++other_name_utf8 = "1.2.3.4 testvalue666" ++other_name_utf8 = "1.2.3.4 testvalue667" ++other_name_utf8 = "1.2.3.4 testvalue668" ++other_name_utf8 = "1.2.3.4 testvalue669" ++other_name_utf8 = "1.2.3.4 testvalue670" ++other_name_utf8 = "1.2.3.4 testvalue671" ++other_name_utf8 = "1.2.3.4 testvalue672" ++other_name_utf8 = "1.2.3.4 testvalue673" ++other_name_utf8 = "1.2.3.4 testvalue674" ++other_name_utf8 = "1.2.3.4 testvalue675" ++other_name_utf8 = "1.2.3.4 testvalue676" ++other_name_utf8 = "1.2.3.4 testvalue677" ++other_name_utf8 = "1.2.3.4 testvalue678" ++other_name_utf8 = "1.2.3.4 testvalue679" ++other_name_utf8 = "1.2.3.4 testvalue680" ++other_name_utf8 = "1.2.3.4 testvalue681" ++other_name_utf8 = "1.2.3.4 testvalue682" ++other_name_utf8 = "1.2.3.4 testvalue683" ++other_name_utf8 = "1.2.3.4 testvalue684" ++other_name_utf8 = "1.2.3.4 testvalue685" ++other_name_utf8 = "1.2.3.4 testvalue686" ++other_name_utf8 = "1.2.3.4 testvalue687" ++other_name_utf8 = "1.2.3.4 testvalue688" ++other_name_utf8 = "1.2.3.4 testvalue689" ++other_name_utf8 = "1.2.3.4 testvalue690" ++other_name_utf8 = "1.2.3.4 testvalue691" ++other_name_utf8 = "1.2.3.4 testvalue692" ++other_name_utf8 = "1.2.3.4 testvalue693" ++other_name_utf8 = "1.2.3.4 testvalue694" ++other_name_utf8 = "1.2.3.4 testvalue695" ++other_name_utf8 = "1.2.3.4 testvalue696" ++other_name_utf8 = "1.2.3.4 testvalue697" ++other_name_utf8 = "1.2.3.4 testvalue698" ++other_name_utf8 = "1.2.3.4 testvalue699" ++other_name_utf8 = "1.2.3.4 testvalue700" ++other_name_utf8 = "1.2.3.4 testvalue701" ++other_name_utf8 = "1.2.3.4 testvalue702" ++other_name_utf8 = "1.2.3.4 testvalue703" ++other_name_utf8 = "1.2.3.4 testvalue704" ++other_name_utf8 = "1.2.3.4 testvalue705" ++other_name_utf8 = "1.2.3.4 testvalue706" ++other_name_utf8 = "1.2.3.4 testvalue707" ++other_name_utf8 = "1.2.3.4 testvalue708" ++other_name_utf8 = "1.2.3.4 testvalue709" ++other_name_utf8 = "1.2.3.4 testvalue710" ++other_name_utf8 = "1.2.3.4 testvalue711" ++other_name_utf8 = "1.2.3.4 testvalue712" ++other_name_utf8 = "1.2.3.4 testvalue713" ++other_name_utf8 = "1.2.3.4 testvalue714" ++other_name_utf8 = "1.2.3.4 testvalue715" ++other_name_utf8 = "1.2.3.4 testvalue716" ++other_name_utf8 = "1.2.3.4 testvalue717" ++other_name_utf8 = "1.2.3.4 testvalue718" ++other_name_utf8 = "1.2.3.4 testvalue719" ++other_name_utf8 = "1.2.3.4 testvalue720" ++other_name_utf8 = "1.2.3.4 testvalue721" ++other_name_utf8 = "1.2.3.4 testvalue722" ++other_name_utf8 = "1.2.3.4 testvalue723" ++other_name_utf8 = "1.2.3.4 testvalue724" ++other_name_utf8 = "1.2.3.4 testvalue725" ++other_name_utf8 = "1.2.3.4 testvalue726" ++other_name_utf8 = "1.2.3.4 testvalue727" ++other_name_utf8 = "1.2.3.4 testvalue728" ++other_name_utf8 = "1.2.3.4 testvalue729" ++other_name_utf8 = "1.2.3.4 testvalue730" ++other_name_utf8 = "1.2.3.4 testvalue731" ++other_name_utf8 = "1.2.3.4 testvalue732" ++other_name_utf8 = "1.2.3.4 testvalue733" ++other_name_utf8 = "1.2.3.4 testvalue734" ++other_name_utf8 = "1.2.3.4 testvalue735" ++other_name_utf8 = "1.2.3.4 testvalue736" ++other_name_utf8 = "1.2.3.4 testvalue737" ++other_name_utf8 = "1.2.3.4 testvalue738" ++other_name_utf8 = "1.2.3.4 testvalue739" ++other_name_utf8 = "1.2.3.4 testvalue740" ++other_name_utf8 = "1.2.3.4 testvalue741" ++other_name_utf8 = "1.2.3.4 testvalue742" ++other_name_utf8 = "1.2.3.4 testvalue743" ++other_name_utf8 = "1.2.3.4 testvalue744" ++other_name_utf8 = "1.2.3.4 testvalue745" ++other_name_utf8 = "1.2.3.4 testvalue746" ++other_name_utf8 = "1.2.3.4 testvalue747" ++other_name_utf8 = "1.2.3.4 testvalue748" ++other_name_utf8 = "1.2.3.4 testvalue749" ++other_name_utf8 = "1.2.3.4 testvalue750" ++other_name_utf8 = "1.2.3.4 testvalue751" ++other_name_utf8 = "1.2.3.4 testvalue752" ++other_name_utf8 = "1.2.3.4 testvalue753" ++other_name_utf8 = "1.2.3.4 testvalue754" ++other_name_utf8 = "1.2.3.4 testvalue755" ++other_name_utf8 = "1.2.3.4 testvalue756" ++other_name_utf8 = "1.2.3.4 testvalue757" ++other_name_utf8 = "1.2.3.4 testvalue758" ++other_name_utf8 = "1.2.3.4 testvalue759" ++other_name_utf8 = "1.2.3.4 testvalue760" ++other_name_utf8 = "1.2.3.4 testvalue761" ++other_name_utf8 = "1.2.3.4 testvalue762" ++other_name_utf8 = "1.2.3.4 testvalue763" ++other_name_utf8 = "1.2.3.4 testvalue764" ++other_name_utf8 = "1.2.3.4 testvalue765" ++other_name_utf8 = "1.2.3.4 testvalue766" ++other_name_utf8 = "1.2.3.4 testvalue767" ++other_name_utf8 = "1.2.3.4 testvalue768" ++other_name_utf8 = "1.2.3.4 testvalue769" ++other_name_utf8 = "1.2.3.4 testvalue770" ++other_name_utf8 = "1.2.3.4 testvalue771" ++other_name_utf8 = "1.2.3.4 testvalue772" ++other_name_utf8 = "1.2.3.4 testvalue773" ++other_name_utf8 = "1.2.3.4 testvalue774" ++other_name_utf8 = "1.2.3.4 testvalue775" ++other_name_utf8 = "1.2.3.4 testvalue776" ++other_name_utf8 = "1.2.3.4 testvalue777" ++other_name_utf8 = "1.2.3.4 testvalue778" ++other_name_utf8 = "1.2.3.4 testvalue779" ++other_name_utf8 = "1.2.3.4 testvalue780" ++other_name_utf8 = "1.2.3.4 testvalue781" ++other_name_utf8 = "1.2.3.4 testvalue782" ++other_name_utf8 = "1.2.3.4 testvalue783" ++other_name_utf8 = "1.2.3.4 testvalue784" ++other_name_utf8 = "1.2.3.4 testvalue785" ++other_name_utf8 = "1.2.3.4 testvalue786" ++other_name_utf8 = "1.2.3.4 testvalue787" ++other_name_utf8 = "1.2.3.4 testvalue788" ++other_name_utf8 = "1.2.3.4 testvalue789" ++other_name_utf8 = "1.2.3.4 testvalue790" ++other_name_utf8 = "1.2.3.4 testvalue791" ++other_name_utf8 = "1.2.3.4 testvalue792" ++other_name_utf8 = "1.2.3.4 testvalue793" ++other_name_utf8 = "1.2.3.4 testvalue794" ++other_name_utf8 = "1.2.3.4 testvalue795" ++other_name_utf8 = "1.2.3.4 testvalue796" ++other_name_utf8 = "1.2.3.4 testvalue797" ++other_name_utf8 = "1.2.3.4 testvalue798" ++other_name_utf8 = "1.2.3.4 testvalue799" ++other_name_utf8 = "1.2.3.4 testvalue800" ++other_name_utf8 = "1.2.3.4 testvalue801" ++other_name_utf8 = "1.2.3.4 testvalue802" ++other_name_utf8 = "1.2.3.4 testvalue803" ++other_name_utf8 = "1.2.3.4 testvalue804" ++other_name_utf8 = "1.2.3.4 testvalue805" ++other_name_utf8 = "1.2.3.4 testvalue806" ++other_name_utf8 = "1.2.3.4 testvalue807" ++other_name_utf8 = "1.2.3.4 testvalue808" ++other_name_utf8 = "1.2.3.4 testvalue809" ++other_name_utf8 = "1.2.3.4 testvalue810" ++other_name_utf8 = "1.2.3.4 testvalue811" ++other_name_utf8 = "1.2.3.4 testvalue812" ++other_name_utf8 = "1.2.3.4 testvalue813" ++other_name_utf8 = "1.2.3.4 testvalue814" ++other_name_utf8 = "1.2.3.4 testvalue815" ++other_name_utf8 = "1.2.3.4 testvalue816" ++other_name_utf8 = "1.2.3.4 testvalue817" ++other_name_utf8 = "1.2.3.4 testvalue818" ++other_name_utf8 = "1.2.3.4 testvalue819" ++other_name_utf8 = "1.2.3.4 testvalue820" ++other_name_utf8 = "1.2.3.4 testvalue821" ++other_name_utf8 = "1.2.3.4 testvalue822" ++other_name_utf8 = "1.2.3.4 testvalue823" ++other_name_utf8 = "1.2.3.4 testvalue824" ++other_name_utf8 = "1.2.3.4 testvalue825" ++other_name_utf8 = "1.2.3.4 testvalue826" ++other_name_utf8 = "1.2.3.4 testvalue827" ++other_name_utf8 = "1.2.3.4 testvalue828" ++other_name_utf8 = "1.2.3.4 testvalue829" ++other_name_utf8 = "1.2.3.4 testvalue830" ++other_name_utf8 = "1.2.3.4 testvalue831" ++other_name_utf8 = "1.2.3.4 testvalue832" ++other_name_utf8 = "1.2.3.4 testvalue833" ++other_name_utf8 = "1.2.3.4 testvalue834" ++other_name_utf8 = "1.2.3.4 testvalue835" ++other_name_utf8 = "1.2.3.4 testvalue836" ++other_name_utf8 = "1.2.3.4 testvalue837" ++other_name_utf8 = "1.2.3.4 testvalue838" ++other_name_utf8 = "1.2.3.4 testvalue839" ++other_name_utf8 = "1.2.3.4 testvalue840" ++other_name_utf8 = "1.2.3.4 testvalue841" ++other_name_utf8 = "1.2.3.4 testvalue842" ++other_name_utf8 = "1.2.3.4 testvalue843" ++other_name_utf8 = "1.2.3.4 testvalue844" ++other_name_utf8 = "1.2.3.4 testvalue845" ++other_name_utf8 = "1.2.3.4 testvalue846" ++other_name_utf8 = "1.2.3.4 testvalue847" ++other_name_utf8 = "1.2.3.4 testvalue848" ++other_name_utf8 = "1.2.3.4 testvalue849" ++other_name_utf8 = "1.2.3.4 testvalue850" ++other_name_utf8 = "1.2.3.4 testvalue851" ++other_name_utf8 = "1.2.3.4 testvalue852" ++other_name_utf8 = "1.2.3.4 testvalue853" ++other_name_utf8 = "1.2.3.4 testvalue854" ++other_name_utf8 = "1.2.3.4 testvalue855" ++other_name_utf8 = "1.2.3.4 testvalue856" ++other_name_utf8 = "1.2.3.4 testvalue857" ++other_name_utf8 = "1.2.3.4 testvalue858" ++other_name_utf8 = "1.2.3.4 testvalue859" ++other_name_utf8 = "1.2.3.4 testvalue860" ++other_name_utf8 = "1.2.3.4 testvalue861" ++other_name_utf8 = "1.2.3.4 testvalue862" ++other_name_utf8 = "1.2.3.4 testvalue863" ++other_name_utf8 = "1.2.3.4 testvalue864" ++other_name_utf8 = "1.2.3.4 testvalue865" ++other_name_utf8 = "1.2.3.4 testvalue866" ++other_name_utf8 = "1.2.3.4 testvalue867" ++other_name_utf8 = "1.2.3.4 testvalue868" ++other_name_utf8 = "1.2.3.4 testvalue869" ++other_name_utf8 = "1.2.3.4 testvalue870" ++other_name_utf8 = "1.2.3.4 testvalue871" ++other_name_utf8 = "1.2.3.4 testvalue872" ++other_name_utf8 = "1.2.3.4 testvalue873" ++other_name_utf8 = "1.2.3.4 testvalue874" ++other_name_utf8 = "1.2.3.4 testvalue875" ++other_name_utf8 = "1.2.3.4 testvalue876" ++other_name_utf8 = "1.2.3.4 testvalue877" ++other_name_utf8 = "1.2.3.4 testvalue878" ++other_name_utf8 = "1.2.3.4 testvalue879" ++other_name_utf8 = "1.2.3.4 testvalue880" ++other_name_utf8 = "1.2.3.4 testvalue881" ++other_name_utf8 = "1.2.3.4 testvalue882" ++other_name_utf8 = "1.2.3.4 testvalue883" ++other_name_utf8 = "1.2.3.4 testvalue884" ++other_name_utf8 = "1.2.3.4 testvalue885" ++other_name_utf8 = "1.2.3.4 testvalue886" ++other_name_utf8 = "1.2.3.4 testvalue887" ++other_name_utf8 = "1.2.3.4 testvalue888" ++other_name_utf8 = "1.2.3.4 testvalue889" ++other_name_utf8 = "1.2.3.4 testvalue890" ++other_name_utf8 = "1.2.3.4 testvalue891" ++other_name_utf8 = "1.2.3.4 testvalue892" ++other_name_utf8 = "1.2.3.4 testvalue893" ++other_name_utf8 = "1.2.3.4 testvalue894" ++other_name_utf8 = "1.2.3.4 testvalue895" ++other_name_utf8 = "1.2.3.4 testvalue896" ++other_name_utf8 = "1.2.3.4 testvalue897" ++other_name_utf8 = "1.2.3.4 testvalue898" ++other_name_utf8 = "1.2.3.4 testvalue899" ++other_name_utf8 = "1.2.3.4 testvalue900" ++other_name_utf8 = "1.2.3.4 testvalue901" ++other_name_utf8 = "1.2.3.4 testvalue902" ++other_name_utf8 = "1.2.3.4 testvalue903" ++other_name_utf8 = "1.2.3.4 testvalue904" ++other_name_utf8 = "1.2.3.4 testvalue905" ++other_name_utf8 = "1.2.3.4 testvalue906" ++other_name_utf8 = "1.2.3.4 testvalue907" ++other_name_utf8 = "1.2.3.4 testvalue908" ++other_name_utf8 = "1.2.3.4 testvalue909" ++other_name_utf8 = "1.2.3.4 testvalue910" ++other_name_utf8 = "1.2.3.4 testvalue911" ++other_name_utf8 = "1.2.3.4 testvalue912" ++other_name_utf8 = "1.2.3.4 testvalue913" ++other_name_utf8 = "1.2.3.4 testvalue914" ++other_name_utf8 = "1.2.3.4 testvalue915" ++other_name_utf8 = "1.2.3.4 testvalue916" ++other_name_utf8 = "1.2.3.4 testvalue917" ++other_name_utf8 = "1.2.3.4 testvalue918" ++other_name_utf8 = "1.2.3.4 testvalue919" ++other_name_utf8 = "1.2.3.4 testvalue920" ++other_name_utf8 = "1.2.3.4 testvalue921" ++other_name_utf8 = "1.2.3.4 testvalue922" ++other_name_utf8 = "1.2.3.4 testvalue923" ++other_name_utf8 = "1.2.3.4 testvalue924" ++other_name_utf8 = "1.2.3.4 testvalue925" ++other_name_utf8 = "1.2.3.4 testvalue926" ++other_name_utf8 = "1.2.3.4 testvalue927" ++other_name_utf8 = "1.2.3.4 testvalue928" ++other_name_utf8 = "1.2.3.4 testvalue929" ++other_name_utf8 = "1.2.3.4 testvalue930" ++other_name_utf8 = "1.2.3.4 testvalue931" ++other_name_utf8 = "1.2.3.4 testvalue932" ++other_name_utf8 = "1.2.3.4 testvalue933" ++other_name_utf8 = "1.2.3.4 testvalue934" ++other_name_utf8 = "1.2.3.4 testvalue935" ++other_name_utf8 = "1.2.3.4 testvalue936" ++other_name_utf8 = "1.2.3.4 testvalue937" ++other_name_utf8 = "1.2.3.4 testvalue938" ++other_name_utf8 = "1.2.3.4 testvalue939" ++other_name_utf8 = "1.2.3.4 testvalue940" ++other_name_utf8 = "1.2.3.4 testvalue941" ++other_name_utf8 = "1.2.3.4 testvalue942" ++other_name_utf8 = "1.2.3.4 testvalue943" ++other_name_utf8 = "1.2.3.4 testvalue944" ++other_name_utf8 = "1.2.3.4 testvalue945" ++other_name_utf8 = "1.2.3.4 testvalue946" ++other_name_utf8 = "1.2.3.4 testvalue947" ++other_name_utf8 = "1.2.3.4 testvalue948" ++other_name_utf8 = "1.2.3.4 testvalue949" ++other_name_utf8 = "1.2.3.4 testvalue950" ++other_name_utf8 = "1.2.3.4 testvalue951" ++other_name_utf8 = "1.2.3.4 testvalue952" ++other_name_utf8 = "1.2.3.4 testvalue953" ++other_name_utf8 = "1.2.3.4 testvalue954" ++other_name_utf8 = "1.2.3.4 testvalue955" ++other_name_utf8 = "1.2.3.4 testvalue956" ++other_name_utf8 = "1.2.3.4 testvalue957" ++other_name_utf8 = "1.2.3.4 testvalue958" ++other_name_utf8 = "1.2.3.4 testvalue959" ++other_name_utf8 = "1.2.3.4 testvalue960" ++other_name_utf8 = "1.2.3.4 testvalue961" ++other_name_utf8 = "1.2.3.4 testvalue962" ++other_name_utf8 = "1.2.3.4 testvalue963" ++other_name_utf8 = "1.2.3.4 testvalue964" ++other_name_utf8 = "1.2.3.4 testvalue965" ++other_name_utf8 = "1.2.3.4 testvalue966" ++other_name_utf8 = "1.2.3.4 testvalue967" ++other_name_utf8 = "1.2.3.4 testvalue968" ++other_name_utf8 = "1.2.3.4 testvalue969" ++other_name_utf8 = "1.2.3.4 testvalue970" ++other_name_utf8 = "1.2.3.4 testvalue971" ++other_name_utf8 = "1.2.3.4 testvalue972" ++other_name_utf8 = "1.2.3.4 testvalue973" ++other_name_utf8 = "1.2.3.4 testvalue974" ++other_name_utf8 = "1.2.3.4 testvalue975" ++other_name_utf8 = "1.2.3.4 testvalue976" ++other_name_utf8 = "1.2.3.4 testvalue977" ++other_name_utf8 = "1.2.3.4 testvalue978" ++other_name_utf8 = "1.2.3.4 testvalue979" ++other_name_utf8 = "1.2.3.4 testvalue980" ++other_name_utf8 = "1.2.3.4 testvalue981" ++other_name_utf8 = "1.2.3.4 testvalue982" ++other_name_utf8 = "1.2.3.4 testvalue983" ++other_name_utf8 = "1.2.3.4 testvalue984" ++other_name_utf8 = "1.2.3.4 testvalue985" ++other_name_utf8 = "1.2.3.4 testvalue986" ++other_name_utf8 = "1.2.3.4 testvalue987" ++other_name_utf8 = "1.2.3.4 testvalue988" ++other_name_utf8 = "1.2.3.4 testvalue989" ++other_name_utf8 = "1.2.3.4 testvalue990" ++other_name_utf8 = "1.2.3.4 testvalue991" ++other_name_utf8 = "1.2.3.4 testvalue992" ++other_name_utf8 = "1.2.3.4 testvalue993" ++other_name_utf8 = "1.2.3.4 testvalue994" ++other_name_utf8 = "1.2.3.4 testvalue995" ++other_name_utf8 = "1.2.3.4 testvalue996" ++other_name_utf8 = "1.2.3.4 testvalue997" ++other_name_utf8 = "1.2.3.4 testvalue998" ++other_name_utf8 = "1.2.3.4 testvalue999" ++other_name_utf8 = "1.2.3.4 testvalue1000" ++other_name_utf8 = "1.2.3.4 testvalue1001" ++other_name_utf8 = "1.2.3.4 testvalue1002" ++other_name_utf8 = "1.2.3.4 testvalue1003" ++other_name_utf8 = "1.2.3.4 testvalue1004" ++other_name_utf8 = "1.2.3.4 testvalue1005" ++other_name_utf8 = "1.2.3.4 testvalue1006" ++other_name_utf8 = "1.2.3.4 testvalue1007" ++other_name_utf8 = "1.2.3.4 testvalue1008" ++other_name_utf8 = "1.2.3.4 testvalue1009" ++other_name_utf8 = "1.2.3.4 testvalue1010" ++other_name_utf8 = "1.2.3.4 testvalue1011" ++other_name_utf8 = "1.2.3.4 testvalue1012" ++other_name_utf8 = "1.2.3.4 testvalue1013" ++other_name_utf8 = "1.2.3.4 testvalue1014" ++other_name_utf8 = "1.2.3.4 testvalue1015" ++other_name_utf8 = "1.2.3.4 testvalue1016" ++other_name_utf8 = "1.2.3.4 testvalue1017" ++other_name_utf8 = "1.2.3.4 testvalue1018" ++other_name_utf8 = "1.2.3.4 testvalue1019" ++other_name_utf8 = "1.2.3.4 testvalue1020" ++other_name_utf8 = "1.2.3.4 testvalue1021" ++other_name_utf8 = "1.2.3.4 testvalue1022" ++other_name_utf8 = "1.2.3.4 testvalue1023" ++other_name_utf8 = "1.2.3.4 testvalue1024" ++other_name_utf8 = "1.2.3.4 testvalue1025" ++other_name_utf8 = "1.2.3.4 testvalue1026" ++other_name_utf8 = "1.2.3.4 testvalue1027" ++other_name_utf8 = "1.2.3.4 testvalue1028" ++other_name_utf8 = "1.2.3.4 testvalue1029" ++other_name_utf8 = "1.2.3.4 testvalue1030" ++other_name_utf8 = "1.2.3.4 testvalue1031" ++other_name_utf8 = "1.2.3.4 testvalue1032" ++other_name_utf8 = "1.2.3.4 testvalue1033" ++other_name_utf8 = "1.2.3.4 testvalue1034" ++other_name_utf8 = "1.2.3.4 testvalue1035" ++other_name_utf8 = "1.2.3.4 testvalue1036" ++other_name_utf8 = "1.2.3.4 testvalue1037" ++other_name_utf8 = "1.2.3.4 testvalue1038" ++other_name_utf8 = "1.2.3.4 testvalue1039" ++other_name_utf8 = "1.2.3.4 testvalue1040" ++other_name_utf8 = "1.2.3.4 testvalue1041" ++other_name_utf8 = "1.2.3.4 testvalue1042" ++other_name_utf8 = "1.2.3.4 testvalue1043" ++other_name_utf8 = "1.2.3.4 testvalue1044" ++other_name_utf8 = "1.2.3.4 testvalue1045" ++other_name_utf8 = "1.2.3.4 testvalue1046" ++other_name_utf8 = "1.2.3.4 testvalue1047" ++other_name_utf8 = "1.2.3.4 testvalue1048" ++other_name_utf8 = "1.2.3.4 testvalue1049" ++other_name_utf8 = "1.2.3.4 testvalue1050" ++other_name_utf8 = "1.2.3.4 testvalue1051" ++other_name_utf8 = "1.2.3.4 testvalue1052" ++other_name_utf8 = "1.2.3.4 testvalue1053" ++other_name_utf8 = "1.2.3.4 testvalue1054" ++other_name_utf8 = "1.2.3.4 testvalue1055" ++other_name_utf8 = "1.2.3.4 testvalue1056" ++other_name_utf8 = "1.2.3.4 testvalue1057" ++other_name_utf8 = "1.2.3.4 testvalue1058" ++other_name_utf8 = "1.2.3.4 testvalue1059" ++other_name_utf8 = "1.2.3.4 testvalue1060" ++other_name_utf8 = "1.2.3.4 testvalue1061" ++other_name_utf8 = "1.2.3.4 testvalue1062" ++other_name_utf8 = "1.2.3.4 testvalue1063" ++other_name_utf8 = "1.2.3.4 testvalue1064" ++other_name_utf8 = "1.2.3.4 testvalue1065" ++other_name_utf8 = "1.2.3.4 testvalue1066" ++other_name_utf8 = "1.2.3.4 testvalue1067" ++other_name_utf8 = "1.2.3.4 testvalue1068" ++other_name_utf8 = "1.2.3.4 testvalue1069" ++other_name_utf8 = "1.2.3.4 testvalue1070" ++other_name_utf8 = "1.2.3.4 testvalue1071" ++other_name_utf8 = "1.2.3.4 testvalue1072" ++other_name_utf8 = "1.2.3.4 testvalue1073" ++other_name_utf8 = "1.2.3.4 testvalue1074" ++other_name_utf8 = "1.2.3.4 testvalue1075" ++other_name_utf8 = "1.2.3.4 testvalue1076" ++other_name_utf8 = "1.2.3.4 testvalue1077" ++other_name_utf8 = "1.2.3.4 testvalue1078" ++other_name_utf8 = "1.2.3.4 testvalue1079" ++other_name_utf8 = "1.2.3.4 testvalue1080" ++other_name_utf8 = "1.2.3.4 testvalue1081" ++other_name_utf8 = "1.2.3.4 testvalue1082" ++other_name_utf8 = "1.2.3.4 testvalue1083" ++other_name_utf8 = "1.2.3.4 testvalue1084" ++other_name_utf8 = "1.2.3.4 testvalue1085" ++other_name_utf8 = "1.2.3.4 testvalue1086" ++other_name_utf8 = "1.2.3.4 testvalue1087" ++other_name_utf8 = "1.2.3.4 testvalue1088" ++other_name_utf8 = "1.2.3.4 testvalue1089" ++other_name_utf8 = "1.2.3.4 testvalue1090" ++other_name_utf8 = "1.2.3.4 testvalue1091" ++other_name_utf8 = "1.2.3.4 testvalue1092" ++other_name_utf8 = "1.2.3.4 testvalue1093" ++other_name_utf8 = "1.2.3.4 testvalue1094" ++other_name_utf8 = "1.2.3.4 testvalue1095" ++other_name_utf8 = "1.2.3.4 testvalue1096" ++other_name_utf8 = "1.2.3.4 testvalue1097" ++other_name_utf8 = "1.2.3.4 testvalue1098" ++other_name_utf8 = "1.2.3.4 testvalue1099" ++other_name_utf8 = "1.2.3.4 testvalue1100" ++other_name_utf8 = "1.2.3.4 testvalue1101" ++other_name_utf8 = "1.2.3.4 testvalue1102" ++other_name_utf8 = "1.2.3.4 testvalue1103" ++other_name_utf8 = "1.2.3.4 testvalue1104" ++other_name_utf8 = "1.2.3.4 testvalue1105" ++other_name_utf8 = "1.2.3.4 testvalue1106" ++other_name_utf8 = "1.2.3.4 testvalue1107" ++other_name_utf8 = "1.2.3.4 testvalue1108" ++other_name_utf8 = "1.2.3.4 testvalue1109" ++other_name_utf8 = "1.2.3.4 testvalue1110" ++other_name_utf8 = "1.2.3.4 testvalue1111" ++other_name_utf8 = "1.2.3.4 testvalue1112" ++other_name_utf8 = "1.2.3.4 testvalue1113" ++other_name_utf8 = "1.2.3.4 testvalue1114" ++other_name_utf8 = "1.2.3.4 testvalue1115" ++other_name_utf8 = "1.2.3.4 testvalue1116" ++other_name_utf8 = "1.2.3.4 testvalue1117" ++other_name_utf8 = "1.2.3.4 testvalue1118" ++other_name_utf8 = "1.2.3.4 testvalue1119" ++other_name_utf8 = "1.2.3.4 testvalue1120" ++other_name_utf8 = "1.2.3.4 testvalue1121" ++other_name_utf8 = "1.2.3.4 testvalue1122" ++other_name_utf8 = "1.2.3.4 testvalue1123" ++other_name_utf8 = "1.2.3.4 testvalue1124" ++other_name_utf8 = "1.2.3.4 testvalue1125" ++other_name_utf8 = "1.2.3.4 testvalue1126" ++other_name_utf8 = "1.2.3.4 testvalue1127" ++other_name_utf8 = "1.2.3.4 testvalue1128" ++other_name_utf8 = "1.2.3.4 testvalue1129" ++other_name_utf8 = "1.2.3.4 testvalue1130" ++other_name_utf8 = "1.2.3.4 testvalue1131" ++other_name_utf8 = "1.2.3.4 testvalue1132" ++other_name_utf8 = "1.2.3.4 testvalue1133" ++other_name_utf8 = "1.2.3.4 testvalue1134" ++other_name_utf8 = "1.2.3.4 testvalue1135" ++other_name_utf8 = "1.2.3.4 testvalue1136" ++other_name_utf8 = "1.2.3.4 testvalue1137" ++other_name_utf8 = "1.2.3.4 testvalue1138" ++other_name_utf8 = "1.2.3.4 testvalue1139" ++other_name_utf8 = "1.2.3.4 testvalue1140" ++other_name_utf8 = "1.2.3.4 testvalue1141" ++other_name_utf8 = "1.2.3.4 testvalue1142" ++other_name_utf8 = "1.2.3.4 testvalue1143" ++other_name_utf8 = "1.2.3.4 testvalue1144" ++other_name_utf8 = "1.2.3.4 testvalue1145" ++other_name_utf8 = "1.2.3.4 testvalue1146" ++other_name_utf8 = "1.2.3.4 testvalue1147" ++other_name_utf8 = "1.2.3.4 testvalue1148" ++other_name_utf8 = "1.2.3.4 testvalue1149" ++other_name_utf8 = "1.2.3.4 testvalue1150" ++other_name_utf8 = "1.2.3.4 testvalue1151" ++other_name_utf8 = "1.2.3.4 testvalue1152" ++other_name_utf8 = "1.2.3.4 testvalue1153" ++other_name_utf8 = "1.2.3.4 testvalue1154" ++other_name_utf8 = "1.2.3.4 testvalue1155" ++other_name_utf8 = "1.2.3.4 testvalue1156" ++other_name_utf8 = "1.2.3.4 testvalue1157" ++other_name_utf8 = "1.2.3.4 testvalue1158" ++other_name_utf8 = "1.2.3.4 testvalue1159" ++other_name_utf8 = "1.2.3.4 testvalue1160" ++other_name_utf8 = "1.2.3.4 testvalue1161" ++other_name_utf8 = "1.2.3.4 testvalue1162" ++other_name_utf8 = "1.2.3.4 testvalue1163" ++other_name_utf8 = "1.2.3.4 testvalue1164" ++other_name_utf8 = "1.2.3.4 testvalue1165" ++other_name_utf8 = "1.2.3.4 testvalue1166" ++other_name_utf8 = "1.2.3.4 testvalue1167" ++other_name_utf8 = "1.2.3.4 testvalue1168" ++other_name_utf8 = "1.2.3.4 testvalue1169" ++other_name_utf8 = "1.2.3.4 testvalue1170" ++other_name_utf8 = "1.2.3.4 testvalue1171" ++other_name_utf8 = "1.2.3.4 testvalue1172" ++other_name_utf8 = "1.2.3.4 testvalue1173" ++other_name_utf8 = "1.2.3.4 testvalue1174" ++other_name_utf8 = "1.2.3.4 testvalue1175" ++other_name_utf8 = "1.2.3.4 testvalue1176" ++other_name_utf8 = "1.2.3.4 testvalue1177" ++other_name_utf8 = "1.2.3.4 testvalue1178" ++other_name_utf8 = "1.2.3.4 testvalue1179" ++other_name_utf8 = "1.2.3.4 testvalue1180" ++other_name_utf8 = "1.2.3.4 testvalue1181" ++other_name_utf8 = "1.2.3.4 testvalue1182" ++other_name_utf8 = "1.2.3.4 testvalue1183" ++other_name_utf8 = "1.2.3.4 testvalue1184" ++other_name_utf8 = "1.2.3.4 testvalue1185" ++other_name_utf8 = "1.2.3.4 testvalue1186" ++other_name_utf8 = "1.2.3.4 testvalue1187" ++other_name_utf8 = "1.2.3.4 testvalue1188" ++other_name_utf8 = "1.2.3.4 testvalue1189" ++other_name_utf8 = "1.2.3.4 testvalue1190" ++other_name_utf8 = "1.2.3.4 testvalue1191" ++other_name_utf8 = "1.2.3.4 testvalue1192" ++other_name_utf8 = "1.2.3.4 testvalue1193" ++other_name_utf8 = "1.2.3.4 testvalue1194" ++other_name_utf8 = "1.2.3.4 testvalue1195" ++other_name_utf8 = "1.2.3.4 testvalue1196" ++other_name_utf8 = "1.2.3.4 testvalue1197" ++other_name_utf8 = "1.2.3.4 testvalue1198" ++other_name_utf8 = "1.2.3.4 testvalue1199" ++other_name_utf8 = "1.2.3.4 testvalue1200" ++other_name_utf8 = "1.2.3.4 testvalue1201" ++other_name_utf8 = "1.2.3.4 testvalue1202" ++other_name_utf8 = "1.2.3.4 testvalue1203" ++other_name_utf8 = "1.2.3.4 testvalue1204" ++other_name_utf8 = "1.2.3.4 testvalue1205" ++other_name_utf8 = "1.2.3.4 testvalue1206" ++other_name_utf8 = "1.2.3.4 testvalue1207" ++other_name_utf8 = "1.2.3.4 testvalue1208" ++other_name_utf8 = "1.2.3.4 testvalue1209" ++other_name_utf8 = "1.2.3.4 testvalue1210" ++other_name_utf8 = "1.2.3.4 testvalue1211" ++other_name_utf8 = "1.2.3.4 testvalue1212" ++other_name_utf8 = "1.2.3.4 testvalue1213" ++other_name_utf8 = "1.2.3.4 testvalue1214" ++other_name_utf8 = "1.2.3.4 testvalue1215" ++other_name_utf8 = "1.2.3.4 testvalue1216" ++other_name_utf8 = "1.2.3.4 testvalue1217" ++other_name_utf8 = "1.2.3.4 testvalue1218" ++other_name_utf8 = "1.2.3.4 testvalue1219" ++other_name_utf8 = "1.2.3.4 testvalue1220" ++other_name_utf8 = "1.2.3.4 testvalue1221" ++other_name_utf8 = "1.2.3.4 testvalue1222" ++other_name_utf8 = "1.2.3.4 testvalue1223" ++other_name_utf8 = "1.2.3.4 testvalue1224" ++other_name_utf8 = "1.2.3.4 testvalue1225" ++other_name_utf8 = "1.2.3.4 testvalue1226" ++other_name_utf8 = "1.2.3.4 testvalue1227" ++other_name_utf8 = "1.2.3.4 testvalue1228" ++other_name_utf8 = "1.2.3.4 testvalue1229" ++other_name_utf8 = "1.2.3.4 testvalue1230" ++other_name_utf8 = "1.2.3.4 testvalue1231" ++other_name_utf8 = "1.2.3.4 testvalue1232" ++other_name_utf8 = "1.2.3.4 testvalue1233" ++other_name_utf8 = "1.2.3.4 testvalue1234" ++other_name_utf8 = "1.2.3.4 testvalue1235" ++other_name_utf8 = "1.2.3.4 testvalue1236" ++other_name_utf8 = "1.2.3.4 testvalue1237" ++other_name_utf8 = "1.2.3.4 testvalue1238" ++other_name_utf8 = "1.2.3.4 testvalue1239" ++other_name_utf8 = "1.2.3.4 testvalue1240" ++other_name_utf8 = "1.2.3.4 testvalue1241" ++other_name_utf8 = "1.2.3.4 testvalue1242" ++other_name_utf8 = "1.2.3.4 testvalue1243" ++other_name_utf8 = "1.2.3.4 testvalue1244" ++other_name_utf8 = "1.2.3.4 testvalue1245" ++other_name_utf8 = "1.2.3.4 testvalue1246" ++other_name_utf8 = "1.2.3.4 testvalue1247" ++other_name_utf8 = "1.2.3.4 testvalue1248" ++other_name_utf8 = "1.2.3.4 testvalue1249" ++other_name_utf8 = "1.2.3.4 testvalue1250" ++other_name_utf8 = "1.2.3.4 testvalue1251" ++other_name_utf8 = "1.2.3.4 testvalue1252" ++other_name_utf8 = "1.2.3.4 testvalue1253" ++other_name_utf8 = "1.2.3.4 testvalue1254" ++other_name_utf8 = "1.2.3.4 testvalue1255" ++other_name_utf8 = "1.2.3.4 testvalue1256" ++other_name_utf8 = "1.2.3.4 testvalue1257" ++other_name_utf8 = "1.2.3.4 testvalue1258" ++other_name_utf8 = "1.2.3.4 testvalue1259" ++other_name_utf8 = "1.2.3.4 testvalue1260" ++other_name_utf8 = "1.2.3.4 testvalue1261" ++other_name_utf8 = "1.2.3.4 testvalue1262" ++other_name_utf8 = "1.2.3.4 testvalue1263" ++other_name_utf8 = "1.2.3.4 testvalue1264" ++other_name_utf8 = "1.2.3.4 testvalue1265" ++other_name_utf8 = "1.2.3.4 testvalue1266" ++other_name_utf8 = "1.2.3.4 testvalue1267" ++other_name_utf8 = "1.2.3.4 testvalue1268" ++other_name_utf8 = "1.2.3.4 testvalue1269" ++other_name_utf8 = "1.2.3.4 testvalue1270" ++other_name_utf8 = "1.2.3.4 testvalue1271" ++other_name_utf8 = "1.2.3.4 testvalue1272" ++other_name_utf8 = "1.2.3.4 testvalue1273" ++other_name_utf8 = "1.2.3.4 testvalue1274" ++other_name_utf8 = "1.2.3.4 testvalue1275" ++other_name_utf8 = "1.2.3.4 testvalue1276" ++other_name_utf8 = "1.2.3.4 testvalue1277" ++other_name_utf8 = "1.2.3.4 testvalue1278" ++other_name_utf8 = "1.2.3.4 testvalue1279" ++other_name_utf8 = "1.2.3.4 testvalue1280" ++other_name_utf8 = "1.2.3.4 testvalue1281" ++other_name_utf8 = "1.2.3.4 testvalue1282" ++other_name_utf8 = "1.2.3.4 testvalue1283" ++other_name_utf8 = "1.2.3.4 testvalue1284" ++other_name_utf8 = "1.2.3.4 testvalue1285" ++other_name_utf8 = "1.2.3.4 testvalue1286" ++other_name_utf8 = "1.2.3.4 testvalue1287" ++other_name_utf8 = "1.2.3.4 testvalue1288" ++other_name_utf8 = "1.2.3.4 testvalue1289" ++other_name_utf8 = "1.2.3.4 testvalue1290" ++other_name_utf8 = "1.2.3.4 testvalue1291" ++other_name_utf8 = "1.2.3.4 testvalue1292" ++other_name_utf8 = "1.2.3.4 testvalue1293" ++other_name_utf8 = "1.2.3.4 testvalue1294" ++other_name_utf8 = "1.2.3.4 testvalue1295" ++other_name_utf8 = "1.2.3.4 testvalue1296" ++other_name_utf8 = "1.2.3.4 testvalue1297" ++other_name_utf8 = "1.2.3.4 testvalue1298" ++other_name_utf8 = "1.2.3.4 testvalue1299" ++other_name_utf8 = "1.2.3.4 testvalue1300" ++other_name_utf8 = "1.2.3.4 testvalue1301" ++other_name_utf8 = "1.2.3.4 testvalue1302" ++other_name_utf8 = "1.2.3.4 testvalue1303" ++other_name_utf8 = "1.2.3.4 testvalue1304" ++other_name_utf8 = "1.2.3.4 testvalue1305" ++other_name_utf8 = "1.2.3.4 testvalue1306" ++other_name_utf8 = "1.2.3.4 testvalue1307" ++other_name_utf8 = "1.2.3.4 testvalue1308" ++other_name_utf8 = "1.2.3.4 testvalue1309" ++other_name_utf8 = "1.2.3.4 testvalue1310" ++other_name_utf8 = "1.2.3.4 testvalue1311" ++other_name_utf8 = "1.2.3.4 testvalue1312" ++other_name_utf8 = "1.2.3.4 testvalue1313" ++other_name_utf8 = "1.2.3.4 testvalue1314" ++other_name_utf8 = "1.2.3.4 testvalue1315" ++other_name_utf8 = "1.2.3.4 testvalue1316" ++other_name_utf8 = "1.2.3.4 testvalue1317" ++other_name_utf8 = "1.2.3.4 testvalue1318" ++other_name_utf8 = "1.2.3.4 testvalue1319" ++other_name_utf8 = "1.2.3.4 testvalue1320" ++other_name_utf8 = "1.2.3.4 testvalue1321" ++other_name_utf8 = "1.2.3.4 testvalue1322" ++other_name_utf8 = "1.2.3.4 testvalue1323" ++other_name_utf8 = "1.2.3.4 testvalue1324" ++other_name_utf8 = "1.2.3.4 testvalue1325" ++other_name_utf8 = "1.2.3.4 testvalue1326" ++other_name_utf8 = "1.2.3.4 testvalue1327" ++other_name_utf8 = "1.2.3.4 testvalue1328" ++other_name_utf8 = "1.2.3.4 testvalue1329" ++other_name_utf8 = "1.2.3.4 testvalue1330" ++other_name_utf8 = "1.2.3.4 testvalue1331" ++other_name_utf8 = "1.2.3.4 testvalue1332" ++other_name_utf8 = "1.2.3.4 testvalue1333" ++other_name_utf8 = "1.2.3.4 testvalue1334" ++other_name_utf8 = "1.2.3.4 testvalue1335" ++other_name_utf8 = "1.2.3.4 testvalue1336" ++other_name_utf8 = "1.2.3.4 testvalue1337" ++other_name_utf8 = "1.2.3.4 testvalue1338" ++other_name_utf8 = "1.2.3.4 testvalue1339" ++other_name_utf8 = "1.2.3.4 testvalue1340" ++other_name_utf8 = "1.2.3.4 testvalue1341" ++other_name_utf8 = "1.2.3.4 testvalue1342" ++other_name_utf8 = "1.2.3.4 testvalue1343" ++other_name_utf8 = "1.2.3.4 testvalue1344" ++other_name_utf8 = "1.2.3.4 testvalue1345" ++other_name_utf8 = "1.2.3.4 testvalue1346" ++other_name_utf8 = "1.2.3.4 testvalue1347" ++other_name_utf8 = "1.2.3.4 testvalue1348" ++other_name_utf8 = "1.2.3.4 testvalue1349" ++other_name_utf8 = "1.2.3.4 testvalue1350" ++other_name_utf8 = "1.2.3.4 testvalue1351" ++other_name_utf8 = "1.2.3.4 testvalue1352" ++other_name_utf8 = "1.2.3.4 testvalue1353" ++other_name_utf8 = "1.2.3.4 testvalue1354" ++other_name_utf8 = "1.2.3.4 testvalue1355" ++other_name_utf8 = "1.2.3.4 testvalue1356" ++other_name_utf8 = "1.2.3.4 testvalue1357" ++other_name_utf8 = "1.2.3.4 testvalue1358" ++other_name_utf8 = "1.2.3.4 testvalue1359" ++other_name_utf8 = "1.2.3.4 testvalue1360" ++other_name_utf8 = "1.2.3.4 testvalue1361" ++other_name_utf8 = "1.2.3.4 testvalue1362" ++other_name_utf8 = "1.2.3.4 testvalue1363" ++other_name_utf8 = "1.2.3.4 testvalue1364" ++other_name_utf8 = "1.2.3.4 testvalue1365" ++other_name_utf8 = "1.2.3.4 testvalue1366" ++other_name_utf8 = "1.2.3.4 testvalue1367" ++other_name_utf8 = "1.2.3.4 testvalue1368" ++other_name_utf8 = "1.2.3.4 testvalue1369" ++other_name_utf8 = "1.2.3.4 testvalue1370" ++other_name_utf8 = "1.2.3.4 testvalue1371" ++other_name_utf8 = "1.2.3.4 testvalue1372" ++other_name_utf8 = "1.2.3.4 testvalue1373" ++other_name_utf8 = "1.2.3.4 testvalue1374" ++other_name_utf8 = "1.2.3.4 testvalue1375" ++other_name_utf8 = "1.2.3.4 testvalue1376" ++other_name_utf8 = "1.2.3.4 testvalue1377" ++other_name_utf8 = "1.2.3.4 testvalue1378" ++other_name_utf8 = "1.2.3.4 testvalue1379" ++other_name_utf8 = "1.2.3.4 testvalue1380" ++other_name_utf8 = "1.2.3.4 testvalue1381" ++other_name_utf8 = "1.2.3.4 testvalue1382" ++other_name_utf8 = "1.2.3.4 testvalue1383" ++other_name_utf8 = "1.2.3.4 testvalue1384" ++other_name_utf8 = "1.2.3.4 testvalue1385" ++other_name_utf8 = "1.2.3.4 testvalue1386" ++other_name_utf8 = "1.2.3.4 testvalue1387" ++other_name_utf8 = "1.2.3.4 testvalue1388" ++other_name_utf8 = "1.2.3.4 testvalue1389" ++other_name_utf8 = "1.2.3.4 testvalue1390" ++other_name_utf8 = "1.2.3.4 testvalue1391" ++other_name_utf8 = "1.2.3.4 testvalue1392" ++other_name_utf8 = "1.2.3.4 testvalue1393" ++other_name_utf8 = "1.2.3.4 testvalue1394" ++other_name_utf8 = "1.2.3.4 testvalue1395" ++other_name_utf8 = "1.2.3.4 testvalue1396" ++other_name_utf8 = "1.2.3.4 testvalue1397" ++other_name_utf8 = "1.2.3.4 testvalue1398" ++other_name_utf8 = "1.2.3.4 testvalue1399" ++other_name_utf8 = "1.2.3.4 testvalue1400" ++other_name_utf8 = "1.2.3.4 testvalue1401" ++other_name_utf8 = "1.2.3.4 testvalue1402" ++other_name_utf8 = "1.2.3.4 testvalue1403" ++other_name_utf8 = "1.2.3.4 testvalue1404" ++other_name_utf8 = "1.2.3.4 testvalue1405" ++other_name_utf8 = "1.2.3.4 testvalue1406" ++other_name_utf8 = "1.2.3.4 testvalue1407" ++other_name_utf8 = "1.2.3.4 testvalue1408" ++other_name_utf8 = "1.2.3.4 testvalue1409" ++other_name_utf8 = "1.2.3.4 testvalue1410" ++other_name_utf8 = "1.2.3.4 testvalue1411" ++other_name_utf8 = "1.2.3.4 testvalue1412" ++other_name_utf8 = "1.2.3.4 testvalue1413" ++other_name_utf8 = "1.2.3.4 testvalue1414" ++other_name_utf8 = "1.2.3.4 testvalue1415" ++other_name_utf8 = "1.2.3.4 testvalue1416" ++other_name_utf8 = "1.2.3.4 testvalue1417" ++other_name_utf8 = "1.2.3.4 testvalue1418" ++other_name_utf8 = "1.2.3.4 testvalue1419" ++other_name_utf8 = "1.2.3.4 testvalue1420" ++other_name_utf8 = "1.2.3.4 testvalue1421" ++other_name_utf8 = "1.2.3.4 testvalue1422" ++other_name_utf8 = "1.2.3.4 testvalue1423" ++other_name_utf8 = "1.2.3.4 testvalue1424" ++other_name_utf8 = "1.2.3.4 testvalue1425" ++other_name_utf8 = "1.2.3.4 testvalue1426" ++other_name_utf8 = "1.2.3.4 testvalue1427" ++other_name_utf8 = "1.2.3.4 testvalue1428" ++other_name_utf8 = "1.2.3.4 testvalue1429" ++other_name_utf8 = "1.2.3.4 testvalue1430" ++other_name_utf8 = "1.2.3.4 testvalue1431" ++other_name_utf8 = "1.2.3.4 testvalue1432" ++other_name_utf8 = "1.2.3.4 testvalue1433" ++other_name_utf8 = "1.2.3.4 testvalue1434" ++other_name_utf8 = "1.2.3.4 testvalue1435" ++other_name_utf8 = "1.2.3.4 testvalue1436" ++other_name_utf8 = "1.2.3.4 testvalue1437" ++other_name_utf8 = "1.2.3.4 testvalue1438" ++other_name_utf8 = "1.2.3.4 testvalue1439" ++other_name_utf8 = "1.2.3.4 testvalue1440" ++other_name_utf8 = "1.2.3.4 testvalue1441" ++other_name_utf8 = "1.2.3.4 testvalue1442" ++other_name_utf8 = "1.2.3.4 testvalue1443" ++other_name_utf8 = "1.2.3.4 testvalue1444" ++other_name_utf8 = "1.2.3.4 testvalue1445" ++other_name_utf8 = "1.2.3.4 testvalue1446" ++other_name_utf8 = "1.2.3.4 testvalue1447" ++other_name_utf8 = "1.2.3.4 testvalue1448" ++other_name_utf8 = "1.2.3.4 testvalue1449" ++other_name_utf8 = "1.2.3.4 testvalue1450" ++other_name_utf8 = "1.2.3.4 testvalue1451" ++other_name_utf8 = "1.2.3.4 testvalue1452" ++other_name_utf8 = "1.2.3.4 testvalue1453" ++other_name_utf8 = "1.2.3.4 testvalue1454" ++other_name_utf8 = "1.2.3.4 testvalue1455" ++other_name_utf8 = "1.2.3.4 testvalue1456" ++other_name_utf8 = "1.2.3.4 testvalue1457" ++other_name_utf8 = "1.2.3.4 testvalue1458" ++other_name_utf8 = "1.2.3.4 testvalue1459" ++other_name_utf8 = "1.2.3.4 testvalue1460" ++other_name_utf8 = "1.2.3.4 testvalue1461" ++other_name_utf8 = "1.2.3.4 testvalue1462" ++other_name_utf8 = "1.2.3.4 testvalue1463" ++other_name_utf8 = "1.2.3.4 testvalue1464" ++other_name_utf8 = "1.2.3.4 testvalue1465" ++other_name_utf8 = "1.2.3.4 testvalue1466" ++other_name_utf8 = "1.2.3.4 testvalue1467" ++other_name_utf8 = "1.2.3.4 testvalue1468" ++other_name_utf8 = "1.2.3.4 testvalue1469" ++other_name_utf8 = "1.2.3.4 testvalue1470" ++other_name_utf8 = "1.2.3.4 testvalue1471" ++other_name_utf8 = "1.2.3.4 testvalue1472" ++other_name_utf8 = "1.2.3.4 testvalue1473" ++other_name_utf8 = "1.2.3.4 testvalue1474" ++other_name_utf8 = "1.2.3.4 testvalue1475" ++other_name_utf8 = "1.2.3.4 testvalue1476" ++other_name_utf8 = "1.2.3.4 testvalue1477" ++other_name_utf8 = "1.2.3.4 testvalue1478" ++other_name_utf8 = "1.2.3.4 testvalue1479" ++other_name_utf8 = "1.2.3.4 testvalue1480" ++other_name_utf8 = "1.2.3.4 testvalue1481" ++other_name_utf8 = "1.2.3.4 testvalue1482" ++other_name_utf8 = "1.2.3.4 testvalue1483" ++other_name_utf8 = "1.2.3.4 testvalue1484" ++other_name_utf8 = "1.2.3.4 testvalue1485" ++other_name_utf8 = "1.2.3.4 testvalue1486" ++other_name_utf8 = "1.2.3.4 testvalue1487" ++other_name_utf8 = "1.2.3.4 testvalue1488" ++other_name_utf8 = "1.2.3.4 testvalue1489" ++other_name_utf8 = "1.2.3.4 testvalue1490" ++other_name_utf8 = "1.2.3.4 testvalue1491" ++other_name_utf8 = "1.2.3.4 testvalue1492" ++other_name_utf8 = "1.2.3.4 testvalue1493" ++other_name_utf8 = "1.2.3.4 testvalue1494" ++other_name_utf8 = "1.2.3.4 testvalue1495" ++other_name_utf8 = "1.2.3.4 testvalue1496" ++other_name_utf8 = "1.2.3.4 testvalue1497" ++other_name_utf8 = "1.2.3.4 testvalue1498" ++other_name_utf8 = "1.2.3.4 testvalue1499" ++other_name_utf8 = "1.2.3.4 testvalue1500" ++other_name_utf8 = "1.2.3.4 testvalue1501" ++other_name_utf8 = "1.2.3.4 testvalue1502" ++other_name_utf8 = "1.2.3.4 testvalue1503" ++other_name_utf8 = "1.2.3.4 testvalue1504" ++other_name_utf8 = "1.2.3.4 testvalue1505" ++other_name_utf8 = "1.2.3.4 testvalue1506" ++other_name_utf8 = "1.2.3.4 testvalue1507" ++other_name_utf8 = "1.2.3.4 testvalue1508" ++other_name_utf8 = "1.2.3.4 testvalue1509" ++other_name_utf8 = "1.2.3.4 testvalue1510" ++other_name_utf8 = "1.2.3.4 testvalue1511" ++other_name_utf8 = "1.2.3.4 testvalue1512" ++other_name_utf8 = "1.2.3.4 testvalue1513" ++other_name_utf8 = "1.2.3.4 testvalue1514" ++other_name_utf8 = "1.2.3.4 testvalue1515" ++other_name_utf8 = "1.2.3.4 testvalue1516" ++other_name_utf8 = "1.2.3.4 testvalue1517" ++other_name_utf8 = "1.2.3.4 testvalue1518" ++other_name_utf8 = "1.2.3.4 testvalue1519" ++other_name_utf8 = "1.2.3.4 testvalue1520" ++other_name_utf8 = "1.2.3.4 testvalue1521" ++other_name_utf8 = "1.2.3.4 testvalue1522" ++other_name_utf8 = "1.2.3.4 testvalue1523" ++other_name_utf8 = "1.2.3.4 testvalue1524" ++other_name_utf8 = "1.2.3.4 testvalue1525" ++other_name_utf8 = "1.2.3.4 testvalue1526" ++other_name_utf8 = "1.2.3.4 testvalue1527" ++other_name_utf8 = "1.2.3.4 testvalue1528" ++other_name_utf8 = "1.2.3.4 testvalue1529" ++other_name_utf8 = "1.2.3.4 testvalue1530" ++other_name_utf8 = "1.2.3.4 testvalue1531" ++other_name_utf8 = "1.2.3.4 testvalue1532" ++other_name_utf8 = "1.2.3.4 testvalue1533" ++other_name_utf8 = "1.2.3.4 testvalue1534" ++other_name_utf8 = "1.2.3.4 testvalue1535" ++other_name_utf8 = "1.2.3.4 testvalue1536" ++other_name_utf8 = "1.2.3.4 testvalue1537" ++other_name_utf8 = "1.2.3.4 testvalue1538" ++other_name_utf8 = "1.2.3.4 testvalue1539" ++other_name_utf8 = "1.2.3.4 testvalue1540" ++other_name_utf8 = "1.2.3.4 testvalue1541" ++other_name_utf8 = "1.2.3.4 testvalue1542" ++other_name_utf8 = "1.2.3.4 testvalue1543" ++other_name_utf8 = "1.2.3.4 testvalue1544" ++other_name_utf8 = "1.2.3.4 testvalue1545" ++other_name_utf8 = "1.2.3.4 testvalue1546" ++other_name_utf8 = "1.2.3.4 testvalue1547" ++other_name_utf8 = "1.2.3.4 testvalue1548" ++other_name_utf8 = "1.2.3.4 testvalue1549" ++other_name_utf8 = "1.2.3.4 testvalue1550" ++other_name_utf8 = "1.2.3.4 testvalue1551" ++other_name_utf8 = "1.2.3.4 testvalue1552" ++other_name_utf8 = "1.2.3.4 testvalue1553" ++other_name_utf8 = "1.2.3.4 testvalue1554" ++other_name_utf8 = "1.2.3.4 testvalue1555" ++other_name_utf8 = "1.2.3.4 testvalue1556" ++other_name_utf8 = "1.2.3.4 testvalue1557" ++other_name_utf8 = "1.2.3.4 testvalue1558" ++other_name_utf8 = "1.2.3.4 testvalue1559" ++other_name_utf8 = "1.2.3.4 testvalue1560" ++other_name_utf8 = "1.2.3.4 testvalue1561" ++other_name_utf8 = "1.2.3.4 testvalue1562" ++other_name_utf8 = "1.2.3.4 testvalue1563" ++other_name_utf8 = "1.2.3.4 testvalue1564" ++other_name_utf8 = "1.2.3.4 testvalue1565" ++other_name_utf8 = "1.2.3.4 testvalue1566" ++other_name_utf8 = "1.2.3.4 testvalue1567" ++other_name_utf8 = "1.2.3.4 testvalue1568" ++other_name_utf8 = "1.2.3.4 testvalue1569" ++other_name_utf8 = "1.2.3.4 testvalue1570" ++other_name_utf8 = "1.2.3.4 testvalue1571" ++other_name_utf8 = "1.2.3.4 testvalue1572" ++other_name_utf8 = "1.2.3.4 testvalue1573" ++other_name_utf8 = "1.2.3.4 testvalue1574" ++other_name_utf8 = "1.2.3.4 testvalue1575" ++other_name_utf8 = "1.2.3.4 testvalue1576" ++other_name_utf8 = "1.2.3.4 testvalue1577" ++other_name_utf8 = "1.2.3.4 testvalue1578" ++other_name_utf8 = "1.2.3.4 testvalue1579" ++other_name_utf8 = "1.2.3.4 testvalue1580" ++other_name_utf8 = "1.2.3.4 testvalue1581" ++other_name_utf8 = "1.2.3.4 testvalue1582" ++other_name_utf8 = "1.2.3.4 testvalue1583" ++other_name_utf8 = "1.2.3.4 testvalue1584" ++other_name_utf8 = "1.2.3.4 testvalue1585" ++other_name_utf8 = "1.2.3.4 testvalue1586" ++other_name_utf8 = "1.2.3.4 testvalue1587" ++other_name_utf8 = "1.2.3.4 testvalue1588" ++other_name_utf8 = "1.2.3.4 testvalue1589" ++other_name_utf8 = "1.2.3.4 testvalue1590" ++other_name_utf8 = "1.2.3.4 testvalue1591" ++other_name_utf8 = "1.2.3.4 testvalue1592" ++other_name_utf8 = "1.2.3.4 testvalue1593" ++other_name_utf8 = "1.2.3.4 testvalue1594" ++other_name_utf8 = "1.2.3.4 testvalue1595" ++other_name_utf8 = "1.2.3.4 testvalue1596" ++other_name_utf8 = "1.2.3.4 testvalue1597" ++other_name_utf8 = "1.2.3.4 testvalue1598" ++other_name_utf8 = "1.2.3.4 testvalue1599" ++other_name_utf8 = "1.2.3.4 testvalue1600" ++other_name_utf8 = "1.2.3.4 testvalue1601" ++other_name_utf8 = "1.2.3.4 testvalue1602" ++other_name_utf8 = "1.2.3.4 testvalue1603" ++other_name_utf8 = "1.2.3.4 testvalue1604" ++other_name_utf8 = "1.2.3.4 testvalue1605" ++other_name_utf8 = "1.2.3.4 testvalue1606" ++other_name_utf8 = "1.2.3.4 testvalue1607" ++other_name_utf8 = "1.2.3.4 testvalue1608" ++other_name_utf8 = "1.2.3.4 testvalue1609" ++other_name_utf8 = "1.2.3.4 testvalue1610" ++other_name_utf8 = "1.2.3.4 testvalue1611" ++other_name_utf8 = "1.2.3.4 testvalue1612" ++other_name_utf8 = "1.2.3.4 testvalue1613" ++other_name_utf8 = "1.2.3.4 testvalue1614" ++other_name_utf8 = "1.2.3.4 testvalue1615" ++other_name_utf8 = "1.2.3.4 testvalue1616" ++other_name_utf8 = "1.2.3.4 testvalue1617" ++other_name_utf8 = "1.2.3.4 testvalue1618" ++other_name_utf8 = "1.2.3.4 testvalue1619" ++other_name_utf8 = "1.2.3.4 testvalue1620" ++other_name_utf8 = "1.2.3.4 testvalue1621" ++other_name_utf8 = "1.2.3.4 testvalue1622" ++other_name_utf8 = "1.2.3.4 testvalue1623" ++other_name_utf8 = "1.2.3.4 testvalue1624" ++other_name_utf8 = "1.2.3.4 testvalue1625" ++other_name_utf8 = "1.2.3.4 testvalue1626" ++other_name_utf8 = "1.2.3.4 testvalue1627" ++other_name_utf8 = "1.2.3.4 testvalue1628" ++other_name_utf8 = "1.2.3.4 testvalue1629" ++other_name_utf8 = "1.2.3.4 testvalue1630" ++other_name_utf8 = "1.2.3.4 testvalue1631" ++other_name_utf8 = "1.2.3.4 testvalue1632" ++other_name_utf8 = "1.2.3.4 testvalue1633" ++other_name_utf8 = "1.2.3.4 testvalue1634" ++other_name_utf8 = "1.2.3.4 testvalue1635" ++other_name_utf8 = "1.2.3.4 testvalue1636" ++other_name_utf8 = "1.2.3.4 testvalue1637" ++other_name_utf8 = "1.2.3.4 testvalue1638" ++other_name_utf8 = "1.2.3.4 testvalue1639" ++other_name_utf8 = "1.2.3.4 testvalue1640" ++other_name_utf8 = "1.2.3.4 testvalue1641" ++other_name_utf8 = "1.2.3.4 testvalue1642" ++other_name_utf8 = "1.2.3.4 testvalue1643" ++other_name_utf8 = "1.2.3.4 testvalue1644" ++other_name_utf8 = "1.2.3.4 testvalue1645" ++other_name_utf8 = "1.2.3.4 testvalue1646" ++other_name_utf8 = "1.2.3.4 testvalue1647" ++other_name_utf8 = "1.2.3.4 testvalue1648" ++other_name_utf8 = "1.2.3.4 testvalue1649" ++other_name_utf8 = "1.2.3.4 testvalue1650" ++other_name_utf8 = "1.2.3.4 testvalue1651" ++other_name_utf8 = "1.2.3.4 testvalue1652" ++other_name_utf8 = "1.2.3.4 testvalue1653" ++other_name_utf8 = "1.2.3.4 testvalue1654" ++other_name_utf8 = "1.2.3.4 testvalue1655" ++other_name_utf8 = "1.2.3.4 testvalue1656" ++other_name_utf8 = "1.2.3.4 testvalue1657" ++other_name_utf8 = "1.2.3.4 testvalue1658" ++other_name_utf8 = "1.2.3.4 testvalue1659" ++other_name_utf8 = "1.2.3.4 testvalue1660" ++other_name_utf8 = "1.2.3.4 testvalue1661" ++other_name_utf8 = "1.2.3.4 testvalue1662" ++other_name_utf8 = "1.2.3.4 testvalue1663" ++other_name_utf8 = "1.2.3.4 testvalue1664" ++other_name_utf8 = "1.2.3.4 testvalue1665" ++other_name_utf8 = "1.2.3.4 testvalue1666" ++other_name_utf8 = "1.2.3.4 testvalue1667" ++other_name_utf8 = "1.2.3.4 testvalue1668" ++other_name_utf8 = "1.2.3.4 testvalue1669" ++other_name_utf8 = "1.2.3.4 testvalue1670" ++other_name_utf8 = "1.2.3.4 testvalue1671" ++other_name_utf8 = "1.2.3.4 testvalue1672" ++other_name_utf8 = "1.2.3.4 testvalue1673" ++other_name_utf8 = "1.2.3.4 testvalue1674" ++other_name_utf8 = "1.2.3.4 testvalue1675" ++other_name_utf8 = "1.2.3.4 testvalue1676" ++other_name_utf8 = "1.2.3.4 testvalue1677" ++other_name_utf8 = "1.2.3.4 testvalue1678" ++other_name_utf8 = "1.2.3.4 testvalue1679" ++other_name_utf8 = "1.2.3.4 testvalue1680" ++other_name_utf8 = "1.2.3.4 testvalue1681" ++other_name_utf8 = "1.2.3.4 testvalue1682" ++other_name_utf8 = "1.2.3.4 testvalue1683" ++other_name_utf8 = "1.2.3.4 testvalue1684" ++other_name_utf8 = "1.2.3.4 testvalue1685" ++other_name_utf8 = "1.2.3.4 testvalue1686" ++other_name_utf8 = "1.2.3.4 testvalue1687" ++other_name_utf8 = "1.2.3.4 testvalue1688" ++other_name_utf8 = "1.2.3.4 testvalue1689" ++other_name_utf8 = "1.2.3.4 testvalue1690" ++other_name_utf8 = "1.2.3.4 testvalue1691" ++other_name_utf8 = "1.2.3.4 testvalue1692" ++other_name_utf8 = "1.2.3.4 testvalue1693" ++other_name_utf8 = "1.2.3.4 testvalue1694" ++other_name_utf8 = "1.2.3.4 testvalue1695" ++other_name_utf8 = "1.2.3.4 testvalue1696" ++other_name_utf8 = "1.2.3.4 testvalue1697" ++other_name_utf8 = "1.2.3.4 testvalue1698" ++other_name_utf8 = "1.2.3.4 testvalue1699" ++other_name_utf8 = "1.2.3.4 testvalue1700" ++other_name_utf8 = "1.2.3.4 testvalue1701" ++other_name_utf8 = "1.2.3.4 testvalue1702" ++other_name_utf8 = "1.2.3.4 testvalue1703" ++other_name_utf8 = "1.2.3.4 testvalue1704" ++other_name_utf8 = "1.2.3.4 testvalue1705" ++other_name_utf8 = "1.2.3.4 testvalue1706" ++other_name_utf8 = "1.2.3.4 testvalue1707" ++other_name_utf8 = "1.2.3.4 testvalue1708" ++other_name_utf8 = "1.2.3.4 testvalue1709" ++other_name_utf8 = "1.2.3.4 testvalue1710" ++other_name_utf8 = "1.2.3.4 testvalue1711" ++other_name_utf8 = "1.2.3.4 testvalue1712" ++other_name_utf8 = "1.2.3.4 testvalue1713" ++other_name_utf8 = "1.2.3.4 testvalue1714" ++other_name_utf8 = "1.2.3.4 testvalue1715" ++other_name_utf8 = "1.2.3.4 testvalue1716" ++other_name_utf8 = "1.2.3.4 testvalue1717" ++other_name_utf8 = "1.2.3.4 testvalue1718" ++other_name_utf8 = "1.2.3.4 testvalue1719" ++other_name_utf8 = "1.2.3.4 testvalue1720" ++other_name_utf8 = "1.2.3.4 testvalue1721" ++other_name_utf8 = "1.2.3.4 testvalue1722" ++other_name_utf8 = "1.2.3.4 testvalue1723" ++other_name_utf8 = "1.2.3.4 testvalue1724" ++other_name_utf8 = "1.2.3.4 testvalue1725" ++other_name_utf8 = "1.2.3.4 testvalue1726" ++other_name_utf8 = "1.2.3.4 testvalue1727" ++other_name_utf8 = "1.2.3.4 testvalue1728" ++other_name_utf8 = "1.2.3.4 testvalue1729" ++other_name_utf8 = "1.2.3.4 testvalue1730" ++other_name_utf8 = "1.2.3.4 testvalue1731" ++other_name_utf8 = "1.2.3.4 testvalue1732" ++other_name_utf8 = "1.2.3.4 testvalue1733" ++other_name_utf8 = "1.2.3.4 testvalue1734" ++other_name_utf8 = "1.2.3.4 testvalue1735" ++other_name_utf8 = "1.2.3.4 testvalue1736" ++other_name_utf8 = "1.2.3.4 testvalue1737" ++other_name_utf8 = "1.2.3.4 testvalue1738" ++other_name_utf8 = "1.2.3.4 testvalue1739" ++other_name_utf8 = "1.2.3.4 testvalue1740" ++other_name_utf8 = "1.2.3.4 testvalue1741" ++other_name_utf8 = "1.2.3.4 testvalue1742" ++other_name_utf8 = "1.2.3.4 testvalue1743" ++other_name_utf8 = "1.2.3.4 testvalue1744" ++other_name_utf8 = "1.2.3.4 testvalue1745" ++other_name_utf8 = "1.2.3.4 testvalue1746" ++other_name_utf8 = "1.2.3.4 testvalue1747" ++other_name_utf8 = "1.2.3.4 testvalue1748" ++other_name_utf8 = "1.2.3.4 testvalue1749" ++other_name_utf8 = "1.2.3.4 testvalue1750" ++other_name_utf8 = "1.2.3.4 testvalue1751" ++other_name_utf8 = "1.2.3.4 testvalue1752" ++other_name_utf8 = "1.2.3.4 testvalue1753" ++other_name_utf8 = "1.2.3.4 testvalue1754" ++other_name_utf8 = "1.2.3.4 testvalue1755" ++other_name_utf8 = "1.2.3.4 testvalue1756" ++other_name_utf8 = "1.2.3.4 testvalue1757" ++other_name_utf8 = "1.2.3.4 testvalue1758" ++other_name_utf8 = "1.2.3.4 testvalue1759" ++other_name_utf8 = "1.2.3.4 testvalue1760" ++other_name_utf8 = "1.2.3.4 testvalue1761" ++other_name_utf8 = "1.2.3.4 testvalue1762" ++other_name_utf8 = "1.2.3.4 testvalue1763" ++other_name_utf8 = "1.2.3.4 testvalue1764" ++other_name_utf8 = "1.2.3.4 testvalue1765" ++other_name_utf8 = "1.2.3.4 testvalue1766" ++other_name_utf8 = "1.2.3.4 testvalue1767" ++other_name_utf8 = "1.2.3.4 testvalue1768" ++other_name_utf8 = "1.2.3.4 testvalue1769" ++other_name_utf8 = "1.2.3.4 testvalue1770" ++other_name_utf8 = "1.2.3.4 testvalue1771" ++other_name_utf8 = "1.2.3.4 testvalue1772" ++other_name_utf8 = "1.2.3.4 testvalue1773" ++other_name_utf8 = "1.2.3.4 testvalue1774" ++other_name_utf8 = "1.2.3.4 testvalue1775" ++other_name_utf8 = "1.2.3.4 testvalue1776" ++other_name_utf8 = "1.2.3.4 testvalue1777" ++other_name_utf8 = "1.2.3.4 testvalue1778" ++other_name_utf8 = "1.2.3.4 testvalue1779" ++other_name_utf8 = "1.2.3.4 testvalue1780" ++other_name_utf8 = "1.2.3.4 testvalue1781" ++other_name_utf8 = "1.2.3.4 testvalue1782" ++other_name_utf8 = "1.2.3.4 testvalue1783" ++other_name_utf8 = "1.2.3.4 testvalue1784" ++other_name_utf8 = "1.2.3.4 testvalue1785" ++other_name_utf8 = "1.2.3.4 testvalue1786" ++other_name_utf8 = "1.2.3.4 testvalue1787" ++other_name_utf8 = "1.2.3.4 testvalue1788" ++other_name_utf8 = "1.2.3.4 testvalue1789" ++other_name_utf8 = "1.2.3.4 testvalue1790" ++other_name_utf8 = "1.2.3.4 testvalue1791" ++other_name_utf8 = "1.2.3.4 testvalue1792" ++other_name_utf8 = "1.2.3.4 testvalue1793" ++other_name_utf8 = "1.2.3.4 testvalue1794" ++other_name_utf8 = "1.2.3.4 testvalue1795" ++other_name_utf8 = "1.2.3.4 testvalue1796" ++other_name_utf8 = "1.2.3.4 testvalue1797" ++other_name_utf8 = "1.2.3.4 testvalue1798" ++other_name_utf8 = "1.2.3.4 testvalue1799" ++other_name_utf8 = "1.2.3.4 testvalue1800" ++other_name_utf8 = "1.2.3.4 testvalue1801" ++other_name_utf8 = "1.2.3.4 testvalue1802" ++other_name_utf8 = "1.2.3.4 testvalue1803" ++other_name_utf8 = "1.2.3.4 testvalue1804" ++other_name_utf8 = "1.2.3.4 testvalue1805" ++other_name_utf8 = "1.2.3.4 testvalue1806" ++other_name_utf8 = "1.2.3.4 testvalue1807" ++other_name_utf8 = "1.2.3.4 testvalue1808" ++other_name_utf8 = "1.2.3.4 testvalue1809" ++other_name_utf8 = "1.2.3.4 testvalue1810" ++other_name_utf8 = "1.2.3.4 testvalue1811" ++other_name_utf8 = "1.2.3.4 testvalue1812" ++other_name_utf8 = "1.2.3.4 testvalue1813" ++other_name_utf8 = "1.2.3.4 testvalue1814" ++other_name_utf8 = "1.2.3.4 testvalue1815" ++other_name_utf8 = "1.2.3.4 testvalue1816" ++other_name_utf8 = "1.2.3.4 testvalue1817" ++other_name_utf8 = "1.2.3.4 testvalue1818" ++other_name_utf8 = "1.2.3.4 testvalue1819" ++other_name_utf8 = "1.2.3.4 testvalue1820" ++other_name_utf8 = "1.2.3.4 testvalue1821" ++other_name_utf8 = "1.2.3.4 testvalue1822" ++other_name_utf8 = "1.2.3.4 testvalue1823" ++other_name_utf8 = "1.2.3.4 testvalue1824" ++other_name_utf8 = "1.2.3.4 testvalue1825" ++other_name_utf8 = "1.2.3.4 testvalue1826" ++other_name_utf8 = "1.2.3.4 testvalue1827" ++other_name_utf8 = "1.2.3.4 testvalue1828" ++other_name_utf8 = "1.2.3.4 testvalue1829" ++other_name_utf8 = "1.2.3.4 testvalue1830" ++other_name_utf8 = "1.2.3.4 testvalue1831" ++other_name_utf8 = "1.2.3.4 testvalue1832" ++other_name_utf8 = "1.2.3.4 testvalue1833" ++other_name_utf8 = "1.2.3.4 testvalue1834" ++other_name_utf8 = "1.2.3.4 testvalue1835" ++other_name_utf8 = "1.2.3.4 testvalue1836" ++other_name_utf8 = "1.2.3.4 testvalue1837" ++other_name_utf8 = "1.2.3.4 testvalue1838" ++other_name_utf8 = "1.2.3.4 testvalue1839" ++other_name_utf8 = "1.2.3.4 testvalue1840" ++other_name_utf8 = "1.2.3.4 testvalue1841" ++other_name_utf8 = "1.2.3.4 testvalue1842" ++other_name_utf8 = "1.2.3.4 testvalue1843" ++other_name_utf8 = "1.2.3.4 testvalue1844" ++other_name_utf8 = "1.2.3.4 testvalue1845" ++other_name_utf8 = "1.2.3.4 testvalue1846" ++other_name_utf8 = "1.2.3.4 testvalue1847" ++other_name_utf8 = "1.2.3.4 testvalue1848" ++other_name_utf8 = "1.2.3.4 testvalue1849" ++other_name_utf8 = "1.2.3.4 testvalue1850" ++other_name_utf8 = "1.2.3.4 testvalue1851" ++other_name_utf8 = "1.2.3.4 testvalue1852" ++other_name_utf8 = "1.2.3.4 testvalue1853" ++other_name_utf8 = "1.2.3.4 testvalue1854" ++other_name_utf8 = "1.2.3.4 testvalue1855" ++other_name_utf8 = "1.2.3.4 testvalue1856" ++other_name_utf8 = "1.2.3.4 testvalue1857" ++other_name_utf8 = "1.2.3.4 testvalue1858" ++other_name_utf8 = "1.2.3.4 testvalue1859" ++other_name_utf8 = "1.2.3.4 testvalue1860" ++other_name_utf8 = "1.2.3.4 testvalue1861" ++other_name_utf8 = "1.2.3.4 testvalue1862" ++other_name_utf8 = "1.2.3.4 testvalue1863" ++other_name_utf8 = "1.2.3.4 testvalue1864" ++other_name_utf8 = "1.2.3.4 testvalue1865" ++other_name_utf8 = "1.2.3.4 testvalue1866" ++other_name_utf8 = "1.2.3.4 testvalue1867" ++other_name_utf8 = "1.2.3.4 testvalue1868" ++other_name_utf8 = "1.2.3.4 testvalue1869" ++other_name_utf8 = "1.2.3.4 testvalue1870" ++other_name_utf8 = "1.2.3.4 testvalue1871" ++other_name_utf8 = "1.2.3.4 testvalue1872" ++other_name_utf8 = "1.2.3.4 testvalue1873" ++other_name_utf8 = "1.2.3.4 testvalue1874" ++other_name_utf8 = "1.2.3.4 testvalue1875" ++other_name_utf8 = "1.2.3.4 testvalue1876" ++other_name_utf8 = "1.2.3.4 testvalue1877" ++other_name_utf8 = "1.2.3.4 testvalue1878" ++other_name_utf8 = "1.2.3.4 testvalue1879" ++other_name_utf8 = "1.2.3.4 testvalue1880" ++other_name_utf8 = "1.2.3.4 testvalue1881" ++other_name_utf8 = "1.2.3.4 testvalue1882" ++other_name_utf8 = "1.2.3.4 testvalue1883" ++other_name_utf8 = "1.2.3.4 testvalue1884" ++other_name_utf8 = "1.2.3.4 testvalue1885" ++other_name_utf8 = "1.2.3.4 testvalue1886" ++other_name_utf8 = "1.2.3.4 testvalue1887" ++other_name_utf8 = "1.2.3.4 testvalue1888" ++other_name_utf8 = "1.2.3.4 testvalue1889" ++other_name_utf8 = "1.2.3.4 testvalue1890" ++other_name_utf8 = "1.2.3.4 testvalue1891" ++other_name_utf8 = "1.2.3.4 testvalue1892" ++other_name_utf8 = "1.2.3.4 testvalue1893" ++other_name_utf8 = "1.2.3.4 testvalue1894" ++other_name_utf8 = "1.2.3.4 testvalue1895" ++other_name_utf8 = "1.2.3.4 testvalue1896" ++other_name_utf8 = "1.2.3.4 testvalue1897" ++other_name_utf8 = "1.2.3.4 testvalue1898" ++other_name_utf8 = "1.2.3.4 testvalue1899" ++other_name_utf8 = "1.2.3.4 testvalue1900" ++other_name_utf8 = "1.2.3.4 testvalue1901" ++other_name_utf8 = "1.2.3.4 testvalue1902" ++other_name_utf8 = "1.2.3.4 testvalue1903" ++other_name_utf8 = "1.2.3.4 testvalue1904" ++other_name_utf8 = "1.2.3.4 testvalue1905" ++other_name_utf8 = "1.2.3.4 testvalue1906" ++other_name_utf8 = "1.2.3.4 testvalue1907" ++other_name_utf8 = "1.2.3.4 testvalue1908" ++other_name_utf8 = "1.2.3.4 testvalue1909" ++other_name_utf8 = "1.2.3.4 testvalue1910" ++other_name_utf8 = "1.2.3.4 testvalue1911" ++other_name_utf8 = "1.2.3.4 testvalue1912" ++other_name_utf8 = "1.2.3.4 testvalue1913" ++other_name_utf8 = "1.2.3.4 testvalue1914" ++other_name_utf8 = "1.2.3.4 testvalue1915" ++other_name_utf8 = "1.2.3.4 testvalue1916" ++other_name_utf8 = "1.2.3.4 testvalue1917" ++other_name_utf8 = "1.2.3.4 testvalue1918" ++other_name_utf8 = "1.2.3.4 testvalue1919" ++other_name_utf8 = "1.2.3.4 testvalue1920" ++other_name_utf8 = "1.2.3.4 testvalue1921" ++other_name_utf8 = "1.2.3.4 testvalue1922" ++other_name_utf8 = "1.2.3.4 testvalue1923" ++other_name_utf8 = "1.2.3.4 testvalue1924" ++other_name_utf8 = "1.2.3.4 testvalue1925" ++other_name_utf8 = "1.2.3.4 testvalue1926" ++other_name_utf8 = "1.2.3.4 testvalue1927" ++other_name_utf8 = "1.2.3.4 testvalue1928" ++other_name_utf8 = "1.2.3.4 testvalue1929" ++other_name_utf8 = "1.2.3.4 testvalue1930" ++other_name_utf8 = "1.2.3.4 testvalue1931" ++other_name_utf8 = "1.2.3.4 testvalue1932" ++other_name_utf8 = "1.2.3.4 testvalue1933" ++other_name_utf8 = "1.2.3.4 testvalue1934" ++other_name_utf8 = "1.2.3.4 testvalue1935" ++other_name_utf8 = "1.2.3.4 testvalue1936" ++other_name_utf8 = "1.2.3.4 testvalue1937" ++other_name_utf8 = "1.2.3.4 testvalue1938" ++other_name_utf8 = "1.2.3.4 testvalue1939" ++other_name_utf8 = "1.2.3.4 testvalue1940" ++other_name_utf8 = "1.2.3.4 testvalue1941" ++other_name_utf8 = "1.2.3.4 testvalue1942" ++other_name_utf8 = "1.2.3.4 testvalue1943" ++other_name_utf8 = "1.2.3.4 testvalue1944" ++other_name_utf8 = "1.2.3.4 testvalue1945" ++other_name_utf8 = "1.2.3.4 testvalue1946" ++other_name_utf8 = "1.2.3.4 testvalue1947" ++other_name_utf8 = "1.2.3.4 testvalue1948" ++other_name_utf8 = "1.2.3.4 testvalue1949" ++other_name_utf8 = "1.2.3.4 testvalue1950" ++other_name_utf8 = "1.2.3.4 testvalue1951" ++other_name_utf8 = "1.2.3.4 testvalue1952" ++other_name_utf8 = "1.2.3.4 testvalue1953" ++other_name_utf8 = "1.2.3.4 testvalue1954" ++other_name_utf8 = "1.2.3.4 testvalue1955" ++other_name_utf8 = "1.2.3.4 testvalue1956" ++other_name_utf8 = "1.2.3.4 testvalue1957" ++other_name_utf8 = "1.2.3.4 testvalue1958" ++other_name_utf8 = "1.2.3.4 testvalue1959" ++other_name_utf8 = "1.2.3.4 testvalue1960" ++other_name_utf8 = "1.2.3.4 testvalue1961" ++other_name_utf8 = "1.2.3.4 testvalue1962" ++other_name_utf8 = "1.2.3.4 testvalue1963" ++other_name_utf8 = "1.2.3.4 testvalue1964" ++other_name_utf8 = "1.2.3.4 testvalue1965" ++other_name_utf8 = "1.2.3.4 testvalue1966" ++other_name_utf8 = "1.2.3.4 testvalue1967" ++other_name_utf8 = "1.2.3.4 testvalue1968" ++other_name_utf8 = "1.2.3.4 testvalue1969" ++other_name_utf8 = "1.2.3.4 testvalue1970" ++other_name_utf8 = "1.2.3.4 testvalue1971" ++other_name_utf8 = "1.2.3.4 testvalue1972" ++other_name_utf8 = "1.2.3.4 testvalue1973" ++other_name_utf8 = "1.2.3.4 testvalue1974" ++other_name_utf8 = "1.2.3.4 testvalue1975" ++other_name_utf8 = "1.2.3.4 testvalue1976" ++other_name_utf8 = "1.2.3.4 testvalue1977" ++other_name_utf8 = "1.2.3.4 testvalue1978" ++other_name_utf8 = "1.2.3.4 testvalue1979" ++other_name_utf8 = "1.2.3.4 testvalue1980" ++other_name_utf8 = "1.2.3.4 testvalue1981" ++other_name_utf8 = "1.2.3.4 testvalue1982" ++other_name_utf8 = "1.2.3.4 testvalue1983" ++other_name_utf8 = "1.2.3.4 testvalue1984" ++other_name_utf8 = "1.2.3.4 testvalue1985" ++other_name_utf8 = "1.2.3.4 testvalue1986" ++other_name_utf8 = "1.2.3.4 testvalue1987" ++other_name_utf8 = "1.2.3.4 testvalue1988" ++other_name_utf8 = "1.2.3.4 testvalue1989" ++other_name_utf8 = "1.2.3.4 testvalue1990" ++other_name_utf8 = "1.2.3.4 testvalue1991" ++other_name_utf8 = "1.2.3.4 testvalue1992" ++other_name_utf8 = "1.2.3.4 testvalue1993" ++other_name_utf8 = "1.2.3.4 testvalue1994" ++other_name_utf8 = "1.2.3.4 testvalue1995" ++other_name_utf8 = "1.2.3.4 testvalue1996" ++other_name_utf8 = "1.2.3.4 testvalue1997" ++other_name_utf8 = "1.2.3.4 testvalue1998" ++other_name_utf8 = "1.2.3.4 testvalue1999" diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 33553e617e..30d4342d00 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -36,6 +36,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://0001-x509-reject-zero-length-version-in-certificate-reque.patch \ file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \ file://CVE-2025-32988.patch \ + file://CVE-2025-32990.patch \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" From patchwork Wed Jul 30 19:05:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67767 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7FC1C87FCE for ; Wed, 30 Jul 2025 19:06:03 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.43863.1753902354364279965 for ; Wed, 30 Jul 2025 12:05:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=IK/m9k3Q; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2402b5396cdso1317635ad.2 for ; Wed, 30 Jul 2025 12:05:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902354; x=1754507154; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=b56LONlfoU/cv08FEw8TXJbqncYEoe1+azs0knyIK7s=; b=IK/m9k3QYQWJ7IM3s1ctpVnlE5bsB+8qsDRCenMT1lmndsAd7kut97LbjVI/Yh5LRD MA6jq+944JQGhh36k/PgGq2UmHwZgPKsrG0rsBWp9b8mO/76JpSAZ6gTviTqkC1ueBfX T7uy/j5DgAZWIpTTprHnJhPyr4mBlL/Cyh3JOu2y0CjQg5MKUStV+wr3X1IrzR++Y65Y FeR/c0OaVNiYELWfQNS8gtclRFQZ+8WbSur+kLRH/lKZYrb9bcLihIvxE+AG/OFH/vRw PfWWdFsBeYvBezbnFUAQeNLL+EIsTp7t1tJikw4CiHye+JQSSa+yOmlrbZBoyXpK4U3m moQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902354; x=1754507154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b56LONlfoU/cv08FEw8TXJbqncYEoe1+azs0knyIK7s=; b=r7aBgNTFVCEtnk5PsDql2WvzD+aPILbiNujbLuo7IKwSpZ3s/OHDlbsPtXtU1l5H+C 79DdTe5ahDb7tlkvpXy7c1ByLQW1FtQpNRXQ9AdeIblaIIv8AFveFzU9veeN4I1+PE0+ KGrtW3qRIkn+j48GPHRSca4EgXJUt9tWj66PeG9pQWfy9bckp4+t4DBkhyqu54DFsJGi E+DvYc6iefm1o3W5sIy+YXcPLbf68pMiUxRIpjE+hAa+O9ptVo1rgoveFNKDF6/JVSQU Bri26DDJvW5jIca86qdUsC1Mq0Cqw+GQA74He6d0AZZ2eAdNNqsuWRwghjM1lQPpheyL 4c5Q== X-Gm-Message-State: AOJu0YwhP4pAx6/sq7hkVDCxcGy/Rbd9MK+92Hig72XVg7tRk17JFJEP sFpRTEWiiZLw/wd2wWVrY+/pPqzaJFRvIreA8G+P3AA3uNln+Kgg0e09ZldBImDb+6CwQDPvYog x2s6C X-Gm-Gg: ASbGncuHLVNvA34eWksrVeJlODVknZFo8O77HCFo0IfaD5yxz/R9UmLrpx3o4KUnQ9t 3I8ve6TA2zEd39tO0zrLVy8st4ADPypbvq/gRXaNiW/RQdkWeYR9Pvhk3b+9fPBs+0NTmLE68it sF1gn4zd6g74tZ4GIRG+g98iNSBCUXQ1rxrqOzWcvdoFcBQZdoIpay6cqJqFLYPe6zfcAS05xTl HS/MlP7sUlyi4a9bNMbkBEH0ZlAun7mJ2mLTB+h9z04narUSodqpLBurmzdpQdCyJtZOd74MdRR lJvwouHuzuxXh5jDVYkNP5fTtxVWkBOv/sX3TKdgHGrL0HhdCC0IzopzXFA6R9uweTUIlm1eSzw FbvKC6AQ96KDa X-Google-Smtp-Source: AGHT+IHaY/EzmLpV/0ZtmQs5fpsd+Y5+kYSdEgzs1vj/SCpilPL+Ck4DPisc6Q26BYHCSfNipOVwoA== X-Received: by 2002:a17:903:2290:b0:223:65dc:4580 with SMTP id d9443c01a7336-24096b480d3mr67794365ad.52.1753902353160; Wed, 30 Jul 2025 12:05:53 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] gnutls: patch CVE-2025-6395 Date: Wed, 30 Jul 2025 12:05:31 -0700 Message-ID: <3680d0e2021c609f624c2170b061e6696fd8254c.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:06:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221145 From: Peter Marko Pick relevant commit from 3.8.10 release MR [1]. [1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../gnutls/gnutls/CVE-2025-6395.patch | 299 ++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 + 2 files changed, 300 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch new file mode 100644 index 0000000000..9bc98ef6e4 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch @@ -0,0 +1,299 @@ +From 23135619773e6ec087ff2abc65405bd4d5676bad Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 7 Jul 2025 11:15:45 +0900 +Subject: [PATCH] handshake: clear HSK_PSK_SELECTED is when resetting + binders +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When a TLS 1.3 handshake involves HRR and resumption or PSK, and the +second Client Hello omits PSK, the server would result in a NULL +pointer dereference as the PSK binder information is cleared while the +HSK_PSK_SELECTED flag is still set. This makes sure that +HSK_PSK_SELECTED flag is always cleared when the PSK binders are +reset. This also makes it clear the HSK_PSK_SELECTED flag is valid +only during a handshake; after that, whether PSK is used can be +checked with gnutls_auth_client_get_type. + +Reported by Stefan Bühler. + +Signed-off-by: Daiki Ueno + +CVE: CVE-2025-6395 +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/23135619773e6ec087ff2abc65405bd4d5676bad] +Signed-off-by: Peter Marko +--- + NEWS | 4 + + lib/handshake.c | 25 +++- + lib/state.c | 4 +- + tests/Makefile.am | 2 + + tests/tls13/hello_retry_request_psk.c | 173 ++++++++++++++++++++++++++ + 5 files changed, 204 insertions(+), 4 deletions(-) + create mode 100644 tests/tls13/hello_retry_request_psk.c + +diff --git a/NEWS b/NEWS +index 1334516c6..d800e83b0 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,10 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. + Copyright (C) 2013-2019 Nikos Mavrogiannopoulos + See the end for copying conditions. + ++** libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK ++ Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] ++ [CVE-2025-6395] ++ + ** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps + Spotted by oss-fuzz and reported by OpenAI Security Research Team, + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, +diff --git a/lib/handshake.c b/lib/handshake.c +index 722307be7..489d02194 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -590,9 +590,28 @@ static int set_auth_types(gnutls_session_t session) + /* Under TLS1.3 this returns a KX which matches the negotiated + * groups from the key shares; if we are resuming then the KX seen + * here doesn't match the original session. */ +- if (!session->internals.resumed) +- kx = gnutls_kx_get(session); +- else ++ if (!session->internals.resumed) { ++ const gnutls_group_entry_st *group = get_group(session); ++ ++ if (session->internals.hsk_flags & HSK_PSK_SELECTED) { ++ if (group) { ++ kx = group->pk == GNUTLS_PK_DH ? ++ GNUTLS_KX_DHE_PSK : ++ GNUTLS_KX_ECDHE_PSK; ++ } else { ++ kx = GNUTLS_KX_PSK; ++ } ++ } else if (group) { ++ /* Not necessarily be RSA, but just to ++ * make _gnutls_map_kx_get_cred below ++ * work. ++ */ ++ kx = group->pk == GNUTLS_PK_DH ? ++ GNUTLS_KX_DHE_RSA : ++ GNUTLS_KX_ECDHE_RSA; ++ } else ++ kx = GNUTLS_KX_UNKNOWN; ++ } else + kx = GNUTLS_KX_UNKNOWN; + } else { + /* TLS1.2 or earlier, kx is associated with ciphersuite */ +diff --git a/lib/state.c b/lib/state.c +index ec514c0cd..10ec0eadb 100644 +--- a/lib/state.c ++++ b/lib/state.c +@@ -206,7 +206,8 @@ gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session) + const gnutls_group_entry_st *group = get_group(session); + + if (ver->tls13_sem) { +- if (session->internals.hsk_flags & HSK_PSK_SELECTED) { ++ if (gnutls_auth_client_get_type(session) == ++ GNUTLS_CRD_PSK) { + if (group) { + if (group->pk == GNUTLS_PK_DH) + return GNUTLS_KX_DHE_PSK; +@@ -357,6 +358,7 @@ void reset_binders(gnutls_session_t session) + _gnutls_free_temp_key_datum(&session->key.binders[0].psk); + _gnutls_free_temp_key_datum(&session->key.binders[1].psk); + memset(session->key.binders, 0, sizeof(session->key.binders)); ++ session->internals.hsk_flags &= ~HSK_PSK_SELECTED; + } + + /* Check whether certificate credentials of type @cert_type are set +diff --git a/tests/Makefile.am b/tests/Makefile.am +index c2d226a00..e43faf10f 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -128,6 +128,8 @@ ctests += tls13/hello_retry_request + + ctests += tls13/hello_retry_request_resume + ++ctests += tls13/hello_retry_request_psk ++ + ctests += tls13/psk-ext + + ctests += tls13/key_update +diff --git a/tests/tls13/hello_retry_request_psk.c b/tests/tls13/hello_retry_request_psk.c +new file mode 100644 +index 000000000..a20cb0d96 +--- /dev/null ++++ b/tests/tls13/hello_retry_request_psk.c +@@ -0,0 +1,173 @@ ++/* ++ * Copyright (C) 2017-2025 Red Hat, Inc. ++ * ++ * Author: Nikos Mavrogiannopoulos, Daiki Ueno ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this program. If not, see ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++ ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++#include "cert-common.h" ++#include "utils.h" ++#include "tls13/ext-parse.h" ++#include "eagain-common.h" ++ ++/* This program exercises the case where a TLS 1.3 handshake ends up ++ * with HRR, and the first CH includes PSK while the 2nd CH omits ++ * it */ ++ ++const char *testname = "hello entry request"; ++ ++const char *side = ""; ++ ++#define myfail(fmt, ...) fail("%s: " fmt, testname, ##__VA_ARGS__) ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s|<%d>| %s", side, level, str); ++} ++ ++struct ctx_st { ++ unsigned hrr_seen; ++ unsigned hello_counter; ++}; ++ ++static int pskfunc(gnutls_session_t session, const char *username, ++ gnutls_datum_t *key) ++{ ++ if (debug) ++ printf("psk: username %s\n", username); ++ key->data = gnutls_malloc(4); ++ key->data[0] = 0xDE; ++ key->data[1] = 0xAD; ++ key->data[2] = 0xBE; ++ key->data[3] = 0xEF; ++ key->size = 4; ++ return 0; ++} ++ ++static int hello_callback(gnutls_session_t session, unsigned int htype, ++ unsigned post, unsigned int incoming, ++ const gnutls_datum_t *msg) ++{ ++ struct ctx_st *ctx = gnutls_session_get_ptr(session); ++ assert(ctx != NULL); ++ ++ if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST) ++ ctx->hrr_seen = 1; ++ ++ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { ++ if (post == GNUTLS_HOOK_POST) ++ ctx->hello_counter++; ++ else { ++ /* Unset the PSK credential to omit the extension */ ++ gnutls_credentials_set(session, GNUTLS_CRD_PSK, NULL); ++ } ++ } ++ ++ return 0; ++} ++ ++void doit(void) ++{ ++ int sret, cret; ++ gnutls_psk_server_credentials_t scred; ++ gnutls_psk_client_credentials_t ccred; ++ gnutls_certificate_credentials_t ccred2; ++ gnutls_session_t server, client; ++ /* Need to enable anonymous KX specifically. */ ++ const gnutls_datum_t key = { (void *)"DEADBEEF", 8 }; ++ ++ struct ctx_st ctx; ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ global_init(); ++ ++ gnutls_global_set_log_function(tls_log_func); ++ if (debug) ++ gnutls_global_set_log_level(9); ++ ++ /* Init server */ ++ assert(gnutls_psk_allocate_server_credentials(&scred) >= 0); ++ gnutls_psk_set_server_credentials_function(scred, pskfunc); ++ ++ gnutls_init(&server, GNUTLS_SERVER); ++ ++ assert(gnutls_priority_set_direct( ++ server, ++ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+DHE-PSK", ++ NULL) >= 0); ++ ++ gnutls_credentials_set(server, GNUTLS_CRD_PSK, scred); ++ gnutls_transport_set_push_function(server, server_push); ++ gnutls_transport_set_pull_function(server, server_pull); ++ gnutls_transport_set_ptr(server, server); ++ ++ /* Init client */ ++ assert(gnutls_psk_allocate_client_credentials(&ccred) >= 0); ++ gnutls_psk_set_client_credentials(ccred, "test", &key, ++ GNUTLS_PSK_KEY_HEX); ++ assert(gnutls_certificate_allocate_credentials(&ccred2) >= 0); ++ ++ assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_KEY_SHARE_TOP) >= 0); ++ ++ gnutls_session_set_ptr(client, &ctx); ++ ++ cret = gnutls_priority_set_direct( ++ client, ++ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519:+DHE-PSK", ++ NULL); ++ if (cret < 0) ++ myfail("cannot set TLS 1.3 priorities\n"); ++ ++ gnutls_credentials_set(client, GNUTLS_CRD_PSK, ccred); ++ gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred2); ++ gnutls_transport_set_push_function(client, client_push); ++ gnutls_transport_set_pull_function(client, client_pull); ++ gnutls_transport_set_ptr(client, client); ++ ++ gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY, ++ GNUTLS_HOOK_BOTH, hello_callback); ++ ++ HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, ++ GNUTLS_E_INSUFFICIENT_CREDENTIALS); ++ ++ assert(ctx.hrr_seen != 0); ++ ++ gnutls_bye(client, GNUTLS_SHUT_WR); ++ gnutls_bye(server, GNUTLS_SHUT_WR); ++ ++ gnutls_deinit(client); ++ gnutls_deinit(server); ++ ++ gnutls_psk_free_server_credentials(scred); ++ gnutls_psk_free_client_credentials(ccred); ++ gnutls_certificate_free_credentials(ccred2); ++ ++ gnutls_global_deinit(); ++ reset_buffers(); ++} diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index 30d4342d00..8c8e08855b 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -37,6 +37,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \ file://CVE-2025-32988.patch \ file://CVE-2025-32990.patch \ + file://CVE-2025-6395.patch \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" From patchwork Wed Jul 30 19:05:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67766 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD326C87FD2 for ; Wed, 30 Jul 2025 19:06:03 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.43746.1753902355909264809 for ; Wed, 30 Jul 2025 12:05:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Za1RXj6G; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-23ffdea3575so1540665ad.2 for ; Wed, 30 Jul 2025 12:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902355; x=1754507155; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TA1DHbjYrWPBW4Z4LIb5UUWsenLccOCm1MBTLIo41Lc=; b=Za1RXj6GvXXLAS6a3efyPvDdnjHThFXvxII/h+OuanM0lUPZnoaNzD013H4c0ogHOp f4N6731XA+Mb6fpeWZ3kreXnz0hbLcvhZZs4m6WbiAF96twnsSt4bgedehVq0v5Kd6Ks C6XBRz5h3opS+OzYllE6NDVW91cbpN4x38aFiv+cE7zwnX8Dx+iGTL/N8UPKp7WW2A8i caJLypXy2xrgpwvTKKaCZ3seO/ohes7DtVBpRNbuh16LmUiNcFMkfBmc9AoNVHdOtCTu 4TS7HULfu6xXzb+Aux4+jrjVdfQXERWD6bCqB2sJUB6xW1VQ/nngrUV27DfBv/gQ8qns 02ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902355; x=1754507155; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TA1DHbjYrWPBW4Z4LIb5UUWsenLccOCm1MBTLIo41Lc=; b=mQGrMm1tMM6mnKCk2N1SV0CP0FDvp3//XchHNWu3JgyE0oE2uLQrPw/rhBZTeCcCNQ HU+atdlyt06YZWWatpT5KrRqxRdCvxOrc9UxqOT0omrv+DZyYGwD/NQ1CZYz2TpebpTr z5ZMsf6TDeQr0+yN9vS33/PfAVpmYxgen/VCJ+yn3bfhNtj8xjYVkLb2InEA5PAT9b+v jPSg3ABN13UAe6ZK7cQOBIOIMRA9KN1YeUPRSdmhz5q+PHiMlPvH83Un/Fw3ajiBgTnS lvFpK4HbMVq4/BUxS+kvQamG0GTHYSjp1wF5T5MJkWWBabTfTvDBu4M1BwECzT/ID/PL qVvA== X-Gm-Message-State: AOJu0Yz/pmgBiUcbQIY+gsbWad4qtqaLRkRqiqvTEcTPw6VIobNC5fUh nXhGlZkqI04Iyudwy5b3BHIwhda7UjGhn3Al2E8LK1KDzsGlB6GF/L88swWWRjU5/zTLWXH7rT6 B+SYa X-Gm-Gg: ASbGncsaZsaXj9ZiIQQZwdgFOt5g+ltDzAQ5FeqBPLE7Ajho3NPZCe3Zo0gqV4Zl3fJ vrcgxZb1e7UDHKsyiSNJAf+no0LXAp2s8d8KxdHXPvFopj+CvdP20NHO7B9JbjNBNgkcI0W5GZC fgR7ExLfYUxQTtvc+CQeltPGhDuEli7mSRb32j2/eqatne2ponnljOPAFajM786ag8C+OyXSVe9 sNIj/wRO+epqMLIsIUWqnI/RSmo9TQxBrG4tcBj0EjC5pAr+OqbctNyBQVBRpVGXzlwH18OUe8W NdTpcf0SzH073fHDqvRD93hMnFUx4plKJZeliMc9zh5G7p3L+DQLlvc1uXSk4I1yfwr28oO7rr/ XEjVUxqzZtN9p X-Google-Smtp-Source: AGHT+IEg9oM2Dr+lbA/ouVdQayeAc1WGXD6PqOOk+n8w/dr0yEeiEGX5ZGvvjd6hHC3JmKnK5acS+A== X-Received: by 2002:a17:903:2f05:b0:235:779:edfd with SMTP id d9443c01a7336-24096b24650mr61928245ad.39.1753902355073; Wed, 30 Jul 2025 12:05:55 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/10] libxml2: patch CVE-2025-6170 Date: Wed, 30 Jul 2025 12:05:32 -0700 Message-ID: <9418c88c964dffc21abe6a056db72c3c81e25137.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:06:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221146 From: Peter Marko Pick commit referencing this CVE from 2.13 branch. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-6170.patch | 103 ++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 + 2 files changed, 104 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-6170.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-6170.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-6170.patch new file mode 100644 index 0000000000..a63ae1cff7 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-6170.patch @@ -0,0 +1,103 @@ +From 5e9ec5c107d3f5b5179c3dbc19df43df041cd55b Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Fri, 20 Jun 2025 23:05:00 -0400 +Subject: [PATCH] [CVE-2025-6170] Fix potential buffer overflows of interactive + shell + +Fixes #941 + +CVE: CVE-2025-6170 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c107d3f5b5179c3dbc19df43df041cd55b] +Signed-off-by: Peter Marko +--- + debugXML.c | 15 ++++++++++----- + result/scripts/long_command | 8 ++++++++ + test/scripts/long_command.script | 6 ++++++ + test/scripts/long_command.xml | 1 + + 4 files changed, 25 insertions(+), 5 deletions(-) + create mode 100644 result/scripts/long_command + create mode 100644 test/scripts/long_command.script + create mode 100644 test/scripts/long_command.xml + +diff --git a/debugXML.c b/debugXML.c +index ed56b0f8..452b9573 100644 +--- a/debugXML.c ++++ b/debugXML.c +@@ -1050,6 +1050,10 @@ xmlCtxtDumpOneNode(xmlDebugCtxtPtr ctxt, xmlNodePtr node) + xmlCtxtGenericNodeCheck(ctxt, node); + } + ++#define MAX_PROMPT_SIZE 500 ++#define MAX_ARG_SIZE 400 ++#define MAX_COMMAND_SIZE 100 ++ + /** + * xmlCtxtDumpNode: + * @output: the FILE * for the output +@@ -2802,10 +2806,10 @@ void + xmlShell(xmlDocPtr doc, char *filename, xmlShellReadlineFunc input, + FILE * output) + { +- char prompt[500] = "/ > "; ++ char prompt[MAX_PROMPT_SIZE] = "/ > "; + char *cmdline = NULL, *cur; +- char command[100]; +- char arg[400]; ++ char command[MAX_COMMAND_SIZE]; ++ char arg[MAX_ARG_SIZE]; + int i; + xmlShellCtxtPtr ctxt; + xmlXPathObjectPtr list; +@@ -2863,7 +2867,8 @@ xmlShell(xmlDocPtr doc, char *filename, xmlShellReadlineFunc input, + cur++; + i = 0; + while ((*cur != ' ') && (*cur != '\t') && +- (*cur != '\n') && (*cur != '\r')) { ++ (*cur != '\n') && (*cur != '\r') && ++ (i < (MAX_COMMAND_SIZE - 1))) { + if (*cur == 0) + break; + command[i++] = *cur++; +@@ -2878,7 +2883,7 @@ xmlShell(xmlDocPtr doc, char *filename, xmlShellReadlineFunc input, + while ((*cur == ' ') || (*cur == '\t')) + cur++; + i = 0; +- while ((*cur != '\n') && (*cur != '\r') && (*cur != 0)) { ++ while ((*cur != '\n') && (*cur != '\r') && (*cur != 0) && (i < (MAX_ARG_SIZE-1))) { + if (*cur == 0) + break; + arg[i++] = *cur++; +diff --git a/result/scripts/long_command b/result/scripts/long_command +new file mode 100644 +index 00000000..e6f00708 +--- /dev/null ++++ b/result/scripts/long_command +@@ -0,0 +1,8 @@ ++/ > b > b > Object is a Node Set : ++Set contains 1 nodes: ++1 ELEMENT a:c ++b > Unknown command This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_comm ++b > b > Unknown command ess_currents_of_time_and_existence ++b > ++Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_prof ++b > +\ No newline at end of file +diff --git a/test/scripts/long_command.script b/test/scripts/long_command.script +new file mode 100644 +index 00000000..00f6df09 +--- /dev/null ++++ b/test/scripts/long_command.script +@@ -0,0 +1,6 @@ ++cd a/b ++set ++xpath //*[namespace-uri()="foo"] ++This_is_a_really_long_command_string_designed_to_test_the_limits_of_the_memory_that_stores_the_command_please_dont_crash foo ++set Navigating_the_labyrinthine_corridors_of_human_cognition_one_often_encounters_the_perplexing_paradox_that_the_more_we_delve_into_the_intricate_dance_of_neural_pathways_and_synaptic_firings_the_further_we_seem_to_stray_from_a_truly_holistic_understanding_of_consciousness_a_phenomenon_that_remains_as_elusive_as_a_moonbeam_caught_in_a_spiderweb_yet_undeniably_shapes_every_fleeting_thought_every_profound_emotion_and_every_grand_aspiration_that_propels_our_species_ever_onward_through_the_relentless_currents_of_time_and_existence ++save - +diff --git a/test/scripts/long_command.xml b/test/scripts/long_command.xml +new file mode 100644 +index 00000000..1ba44016 +--- /dev/null ++++ b/test/scripts/long_command.xml +@@ -0,0 +1 @@ ++ diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index baac155270..f34b0c25ca 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -41,6 +41,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2025-32415.patch \ file://CVE-2025-6021.patch \ file://CVE-2025-49794-CVE-2025-49796.patch \ + file://CVE-2025-6170.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" From patchwork Wed Jul 30 19:05:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67764 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A53DAC83F26 for ; Wed, 30 Jul 2025 19:06:03 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.43868.1753902357303964380 for ; Wed, 30 Jul 2025 12:05:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tNQ/pSHN; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-76b0724d64bso142931b3a.1 for ; Wed, 30 Jul 2025 12:05:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902356; x=1754507156; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FZMwTKaJUfPr30V1JXauloML0R8nso2bVJEmgcL/nzI=; b=tNQ/pSHNrUszIaQl+t93iVt75ltVREXnKzTH2T/3LrLiAAVlN2IByZuRvtAzL3Z2d7 uS36y0fbuj/yTzQE+wNDmptoh3cE8mArVvx8xrstRR5xrRZsgvcpfNpPcJFDQInrrBGY +84afEWf6z/W2yXa9W59BLEgB7NABMq9HJ/Slees/yKrX5bBJTb2VCi82AiUNabnDliu n0jyWHaoMc+XXMWpY/N4gxiYkIu5NluPPXfVHTIHkPOxn4jMHDlZQs88SSPwpwpQbjrt nrkId6B/sjT+va6RxyaRzEeXb/qgGzWBEpGT9Ywo3rzJjAS5x1ltj1Ij4aNBp5DtzRuP WIQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902356; x=1754507156; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FZMwTKaJUfPr30V1JXauloML0R8nso2bVJEmgcL/nzI=; b=hhkY9RH5iU4UqAxLqLdIJpjlvUNPS16QPJpyajXGJqTICZecTesNb2HRDj4hnJO80H nYxVYeEWzOuYYWVGKPpxiptrYJPe+mEcqexVgwRT1DDrpAlbBI+SxtqNY6Ag81rjl4hf kCHamyqVnecy8r8J2q4RdXLhuplGlh0Y5wSFphN+E1Gp825zAROW6FJ4DNYbPcrydNBn StyILdDjRuYD92FMzKU1PC4K4c4te7gq7pzkTL8p4c7PCcRNc1R4mDJD92iwG7Eyea0m uQTLwoWUznc5q0dts4XLmzcGrdgwUebAzfnRprsYqx2qK1XITCvv5enM/X4KuixuvPS0 AuBQ== X-Gm-Message-State: AOJu0Ywtq0mLsjbB/pz5Et3cXSW4ZDoRT6+9UR8A48MKxhSE6DmZwYyQ fjfa212NuG7RgTAabLUfq6R6WSgjxAq5fSTolh8zh4zPHQI3T/nefrEiQ1EjYwrZHmx0DRu87Ec w1g9Y X-Gm-Gg: ASbGnct9nLy/eqWnlO9L3mab9v3iAp8UcbwK/YjAVDjp9KtESypLirc2iSaaNz/w0dH RL4VEPDVM+rxuhRylj9i3NQQWrcpJyZ90vDWsLOiqpSCUJQs3CF/R3D3/Gev1vueq7gh9JwexHw jhrCcwXYrN4y6Xe0fMTenCkG/+hgzNu2bun77f9zCU/7SZcYMjuaNfzCVz1mdXLxrqySBKmakrI bWhqH9x78YFZ+q50sN0CJ4KmW6aV2+z7gvtRn/hwwuVh1nypESrNQgL9EkmTG97TYmgVwj4XXhD LF5t0n+Cr9Fas8Dmm1eU9UUBuVeENY0oc2xi2EAw4e4m7ur2eXSDblatnyhvNm17eboADVntgAV lGwZE9fDPdX1cyIHzpL1Faqo= X-Google-Smtp-Source: AGHT+IHf8Aob6Zxh47oB6jKzIuxebK83zGtE+VCA4CgLDJXgwxyfCRZO+Bnv3R2T/p8bhbPTqaXTdw== X-Received: by 2002:a17:903:986:b0:240:3584:6174 with SMTP id d9443c01a7336-24096a9da9bmr76293595ad.21.1753902356463; Wed, 30 Jul 2025 12:05:56 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/10] binutils: Fix CVE-2025-7545 Date: Wed, 30 Jul 2025 12:05:33 -0700 Message-ID: <4f461ed46b7694fc4815c7f0504b9cefe5da8e19.1753902181.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:06:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221147 From: Deepesh Varatharajan objcopy: Don't extend the output section size Since the output section contents are copied from the input, don't extend the output section size beyond the input section size. Backport a patch from upstream to fix CVE-2025-7545 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0043-CVE-2025-7545.patch | 39 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7545.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 4a460eb8d9..527334ccec 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -79,5 +79,6 @@ SRC_URI = "\ file://0041-CVE-2025-5244.patch \ file://0042-CVE-2025-5245.patch \ file://0043-CVE-2025-7546.patch \ + file://0043-CVE-2025-7545.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7545.patch new file mode 100644 index 0000000000..0019ac28de --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7545.patch @@ -0,0 +1,39 @@ +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:36:56 +0800 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944] +CVE: CVE-2025-7545 + +Since the output section contents are copied from the input, don't +extend the output section size beyond the input section size. + + PR binutils/33049 + * objcopy.c (copy_section): Don't extend the output section + size beyond the input section size. + +Signed-off-by: Deepesh Varatharajan + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index d53aa5c6..874f163b 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4444,6 +4444,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4463,6 +4464,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; From patchwork Wed Jul 30 19:05:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 67765 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A79ECC87FCB for ; Wed, 30 Jul 2025 19:06:03 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.43870.1753902358985192617 for ; Wed, 30 Jul 2025 12:05:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=P9+7z5KA; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2403ca0313aso1850485ad.0 for ; Wed, 30 Jul 2025 12:05:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1753902358; x=1754507158; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cKshnvBcMwwplFI6A5saBd1rEgq9MjDLLv3jZZuF/ws=; b=P9+7z5KA3e7ImeHu/71JY6K1Wc4giIULW+1NArMMEDmwqR4NruVTNqoWrEO2auAZKA TRqhPI15d3QAOeM31d7t8yy0kLf4W300EbWMzA2kuNz1bqbhVWdNaNmPchCXslzLMppj b8vq8BtXjFAuVVbpiqT6pt9fACVsGCGHuCCfToeIjRSlS1V6gMKMuOFdXpBH8TmKQ/xc 5ZF4PT1AbCJy2S0Q7tbwdU5bNNA10MROH4VPGZQkxBG+7I1qIYVs3fu0lTHTNMOoJIcc N9E7Rq/yP44GGBRRBMTreN2CQ+bsNYfnzaoOEfrwdFgehiBUGebxj5w5QCnnjm0AWDn7 5qoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753902358; x=1754507158; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cKshnvBcMwwplFI6A5saBd1rEgq9MjDLLv3jZZuF/ws=; b=jMgGiJx2uT9R0BC+zsVsj/gSpj/BxYstSSun+nI60TpoFK/W7mnc/B8s8Swqa0EmlU EvEz1icZn+jlo9R/ozDPleR6iJLZJv/dJIHWjH5EF/hwMuW8OW7iAitGMj9LQ4t/lPlL V79WSL94oUztUC+98tdrDGwxmdASM0i4T8Md01eU1i4HwLhU83Xaw95hQUZod58I9Wfb G52ojbW65XfKlOX3PqK6uzwGJSExyjijyzGtWjORoCeNHXZHJGDxBMExXnqwGljkCb+C 4ZOT5d5/Dwpx68tz7SFgWD0xdrZ2BW6CaOds2AXLrCo5EAGw6elJUu6M7U/oHlVPHoM1 23tA== X-Gm-Message-State: AOJu0YxmxGXSCw7Rwu7VN+zwfL3BpwURppvCCwv734xhWyH7gbScpS2C 4azusUZuSUEqOg1Er6SBGp4U0EDSgfGg7UHETssysbTi/hC5uk3Nuvg7+pgQtAMoQhsYjHH/GCl 7CpiG X-Gm-Gg: ASbGncsaMZXfGpoFGIGb1F8xLYqKJJ46MIdVPbedEBd4XNiW5It+esjkULZIocUh10J vB9gbFWuxTEPteBN1CDNj9Uk/SVPAjGXEMbfeWFuvVmIoCgd0K8xPRRkjz6JZ30Cxmi00ViYwJh AF7G1DqbJsHYpfzKmQ0/6ldHHUvzC0RBprayboLvf0T8VDJyNtAO0jNudciSDzwvbW4D8Pqg8kN vVFWp/alVIswNLlRYhIl/1VhW6Tu1sLiDyA9EMZHucI2WQUNANOmkOSlUDjNOfkv3+Zg8TtIckO aJHxNaJ/ZfPeRYSQSEjJXdvEtvE/d1mQuzeK21TqQztc90Psyi33dUsWOAGJobDJCNWxLlPPWsC yvKJTkJYMcliu X-Google-Smtp-Source: AGHT+IH1Suo/sC7k+FM029UVpYUjVdLggJfSC2z9fhciswD6dX1icj46KgOm9jyYfDD+qX6DuZqVOg== X-Received: by 2002:a17:903:298d:b0:23f:adfa:3a63 with SMTP id d9443c01a7336-24096aa431bmr64943315ad.16.1753902358039; Wed, 30 Jul 2025 12:05:58 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:58fd:da9:30d5:829a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-240a48b77d3sm22129025ad.117.2025.07.30.12.05.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Jul 2025 12:05:57 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/10] sqlite3: Fix CVE-2025-6965 Date: Wed, 30 Jul 2025 12:05:34 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Jul 2025 19:06:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221148 From: Vijay Anusuri Upstream-Status: Backport from https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703 Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../sqlite/files/CVE-2025-6965.patch | 115 ++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + 2 files changed, 116 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-6965.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2025-6965.patch b/meta/recipes-support/sqlite/files/CVE-2025-6965.patch new file mode 100644 index 0000000000..e3e087ed32 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2025-6965.patch @@ -0,0 +1,115 @@ +From c52e9d97d485a3eb168e3f8f3674a7bc4b419703 Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Fri, 27 Jun 2025 19:02:21 +0000 +Subject: [PATCH] Raise an error right away if the number of aggregate terms in + a query exceeds the maximum number of columns. + +FossilOrigin-Name: 5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 + +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/c52e9d97d485a3eb168e3f8f3674a7bc4b419703] +CVE: CVE-2025-6965 +Signed-off-by: Vijay Anusuri +--- + sqlite3.c | 31 +++++++++++++++++++++++++++---- + 1 file changed, 27 insertions(+), 4 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 27bea6f..19d0438 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -14354,6 +14354,14 @@ typedef INT16_TYPE LogEst; + #define LARGEST_UINT64 (0xffffffff|(((u64)0xffffffff)<<32)) + #define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64) + ++/* ++** Macro SMXV(n) return the maximum value that can be held in variable n, ++** assuming n is a signed integer type. UMXV(n) is similar for unsigned ++** integer types. ++*/ ++#define SMXV(n) ((((i64)1)<<(sizeof(n)*8-1))-1) ++#define UMXV(n) ((((i64)1)<<(sizeof(n)*8))-1) ++ + /* + ** Round up a number to the next larger multiple of 8. This is used + ** to force 8-byte alignment on 64-bit architectures. +@@ -17939,7 +17947,7 @@ struct AggInfo { + ** than the source table */ + int sortingIdx; /* Cursor number of the sorting index */ + int sortingIdxPTab; /* Cursor number of pseudo-table */ +- int nSortingColumn; /* Number of columns in the sorting index */ ++ u32 nSortingColumn; /* Number of columns in the sorting index */ + int mnReg, mxReg; /* Range of registers allocated for aCol and aFunc */ + ExprList *pGroupBy; /* The group by clause */ + struct AggInfo_col { /* For each column used in source tables */ +@@ -17947,8 +17955,8 @@ struct AggInfo { + Expr *pCExpr; /* The original expression */ + int iTable; /* Cursor number of the source table */ + int iMem; /* Memory location that acts as accumulator */ +- i16 iColumn; /* Column number within the source table */ +- i16 iSorterColumn; /* Column number in the sorting index */ ++ int iColumn; /* Column number within the source table */ ++ int iSorterColumn; /* Column number in the sorting index */ + } *aCol; + int nColumn; /* Number of used entries in aCol[] */ + int nAccumulator; /* Number of columns that show through to the output. +@@ -108641,6 +108649,9 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + ** is not an entry there already. + */ + int k; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; ++ ++ assert( mxTerm <= SMXV(i16) ); + pCol = pAggInfo->aCol; + for(k=0; knColumn; k++, pCol++){ + if( pCol->iTable==pExpr->iTable && +@@ -108648,6 +108659,10 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + break; + } + } ++ if( k>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ k = mxTerm; ++ } + if( (k>=pAggInfo->nColumn) + && (k = addAggInfoColumn(pParse->db, pAggInfo))>=0 + ){ +@@ -108685,6 +108700,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + ExprSetVVAProperty(pExpr, EP_NoReduce); + pExpr->pAggInfo = pAggInfo; + pExpr->op = TK_AGG_COLUMN; ++ assert( k <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)k; + break; + } /* endif pExpr->iTable==pItem->iCursor */ +@@ -108700,13 +108716,19 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + ** function that is already in the pAggInfo structure + */ + struct AggInfo_func *pItem = pAggInfo->aFunc; ++ int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN]; ++ assert( mxTerm <= SMXV(i16) ); + for(i=0; inFunc; i++, pItem++){ + if( pItem->pFExpr==pExpr ) break; + if( sqlite3ExprCompare(0, pItem->pFExpr, pExpr, -1)==0 ){ + break; + } + } +- if( i>=pAggInfo->nFunc ){ ++ if( i>mxTerm ){ ++ sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm); ++ i = mxTerm; ++ assert( inFunc ); ++ }else if( i>=pAggInfo->nFunc ){ + /* pExpr is original. Make a new entry in pAggInfo->aFunc[] + */ + u8 enc = ENC(pParse->db); +@@ -108731,6 +108753,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){ + */ + assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) ); + ExprSetVVAProperty(pExpr, EP_NoReduce); ++ assert( i <= SMXV(pExpr->iAgg) ); + pExpr->iAgg = (i16)i; + pExpr->pAggInfo = pAggInfo; + return WRC_Prune; +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index f47a9871e2..656e2d8bd8 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -9,6 +9,7 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2023-36191.patch \ file://CVE-2023-7104.patch \ file://CVE-2025-29088.patch \ + file://CVE-2025-6965.patch \ " SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"