diff --git a/.gitignore b/.gitignore deleted file mode 100644 index e7a97cd..0000000 --- a/.gitignore +++ /dev/null @@ -1,60 +0,0 @@ -openvpn-2.1.1.tar.gz -openvpn-2.1.1.tar.gz.asc -openvpn-2.1.2.tar.gz -openvpn-2.1.2.tar.gz.asc -/openvpn-2.1.3.tar.gz -/openvpn-2.1.3.tar.gz.asc -/openvpn-2.1.4.tar.gz -/openvpn-2.1.4.tar.gz.asc -/openvpn-2.2.0.tar.gz -/openvpn-2.2.0.tar.gz.asc -/openvpn-2.2.1.tar.gz -/openvpn-2.2.1.tar.gz.asc -/openvpn-2.2.2.tar.gz -/openvpn-2.2.2.tar.gz.asc -/openvpn-2.3.0.tar.gz -/openvpn-2.3.0.tar.gz.asc -/openvpn-2.3.1.tar.gz -/openvpn-2.3.1.tar.gz.asc -/openvpn-2.3.2.tar.gz -/openvpn-2.3.2.tar.gz.asc -/openvpn-2.3.3.tar.gz -/openvpn-2.3.3.tar.gz.asc -/openvpn-2.3.4.tar.gz -/openvpn-2.3.4.tar.gz.asc -/openvpn-2.3.5.tar.gz -/openvpn-2.3.5.tar.gz.asc -/openvpn-2.3.6.tar.gz -/openvpn-2.3.6.tar.gz.asc -/openvpn-2.3.7.tar.gz -/openvpn-2.3.7.tar.gz.asc -/openvpn-2.3.8.tar.gz -/openvpn-2.3.8.tar.gz.asc -/openvpn-2.3.9.tar.gz -/openvpn-2.3.9.tar.gz.asc -/openvpn-2.3.10.tar.gz -/openvpn-2.3.10.tar.gz.asc -/openvpn-2.3.11.tar.gz -/openvpn-2.3.11.tar.gz.asc -/openvpn-2.3.12.tar.gz -/openvpn-2.3.12.tar.gz.asc -/openvpn-2.3.13.tar.gz -/openvpn-2.3.13.tar.gz.asc -/openvpn-2.3.14.tar.gz -/openvpn-2.3.14.tar.gz.asc -/openvpn-2.4.0.tar.gz -/openvpn-2.4.0.tar.gz.asc -/openvpn-2.4.1.tar.xz -/openvpn-2.4.1.tar.xz.asc -/openvpn-2.4.2.tar.xz -/openvpn-2.4.2.tar.xz.asc -/openvpn-2.4.3.tar.xz.asc -/openvpn-2.4.3.tar.xz -/openvpn-2.4.4.tar.xz -/openvpn-2.4.4.tar.xz.asc -/openvpn-2.4.5.tar.xz -/openvpn-2.4.5.tar.xz.asc -/openvpn-2.4.6.tar.xz -/openvpn-2.4.6.tar.xz.asc -/openvpn-2.4.7.tar.xz -/openvpn-2.4.7.tar.xz.asc diff --git a/.rpmlint b/.rpmlint deleted file mode 100644 index 04c5cff..0000000 --- a/.rpmlint +++ /dev/null @@ -1,11 +0,0 @@ -addFilter("E: non-standard-dir-perm /etc/openvpn/client 0750L") -addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") -addFilter("E: non-standard-dir-perm /run/openvpn-client 0750L") -addFilter("E: non-standard-dir-perm /run/openvpn-server 0750L") -addFilter("E: non-standard-dir-perm /var/lib/openvpn 0770L") -addFilter("W: non-standard-gid /etc/openvpn/client openvpn") -addFilter("W: non-standard-gid /etc/openvpn/server openvpn") -addFilter("W: non-standard-gid /run/openvpn-client openvpn") -addFilter("W: non-standard-gid /run/openvpn-server openvpn") -addFilter("W: non-standard-gid /var/lib/openvpn openvpn") -addFilter("W: non-standard-uid /var/lib/openvpn openvpn") diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch deleted file mode 100644 index 7e11fe8..0000000 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b56d52fa409c62720791e189e501efb86df0aff4 Mon Sep 17 00:00:00 2001 -From: David Sommerseth -Date: Tue, 4 Jul 2017 16:06:24 +0200 -Subject: [PATCH] Change the default cipher to AES-256-GCM for server - configurations - -This change makes the server use AES-256-GCM instead of BF-CBC as the default -cipher for the VPN tunnel. To avoid breaking existing running configurations -defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains -the BF-CBC in addition to AES-CBC. This makes it possible to migrate -existing older client configurations one-by-one to use at least AES-CBC unless -the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically) ---- - distro/systemd/openvpn-server@.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in -index 9a8a2c7..0ecda08 100644 ---- a/distro/systemd/openvpn-server@.service.in -+++ b/distro/systemd/openvpn-server@.service.in -@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO - Type=notify - PrivateTmp=true - WorkingDirectory=/etc/openvpn/server --ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf - CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE - LimitNPROC=10 - DeviceAllow=/dev/null rw --- -2.11.0 - diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..a72aec0 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +epel8-playground decommissioned : https://pagure.io/epel/issue/136 diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg deleted file mode 100644 index 0bb85fb..0000000 Binary files a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg and /dev/null differ diff --git a/openvpn-2.4-change-tmpfiles-permissions.patch b/openvpn-2.4-change-tmpfiles-permissions.patch deleted file mode 100644 index 8adb700..0000000 --- a/openvpn-2.4-change-tmpfiles-permissions.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf -index bb79671e..9258f5c6 100644 ---- a/distro/systemd/tmpfiles-openvpn.conf -+++ b/distro/systemd/tmpfiles-openvpn.conf -@@ -1,2 +1,2 @@ --d /run/openvpn-client 0710 root root - --d /run/openvpn-server 0710 root root - -+d /run/openvpn-client 0750 root openvpn - -+d /run/openvpn-server 0750 root openvpn - diff --git a/openvpn.spec b/openvpn.spec deleted file mode 100644 index 7132c70..0000000 --- a/openvpn.spec +++ /dev/null @@ -1,282 +0,0 @@ -%define _hardened_build 1 -#define prerelease rc22 - -# Build conditionals -# tests_long - Enabled by default, enables long running tests in %%check -%bcond_without tests_long - -Name: openvpn -Version: 2.4.7 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} -Summary: A full-featured SSL VPN solution -URL: https://community.openvpn.net/ -Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz -Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc -Source2: roadwarrior-server.conf -Source3: roadwarrior-client.conf -# Upstream signing key -Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg -Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch -Patch50: openvpn-2.4-change-tmpfiles-permissions.patch -License: GPLv2 -BuildRequires: gnupg2 -BuildRequires: gcc -BuildRequires: systemd-devel -BuildRequires: lzo-devel -BuildRequires: lz4-devel -BuildRequires: openssl-devel -BuildRequires: pkcs11-helper-devel >= 1.11 -BuildRequires: pam-devel -BuildRequires: libselinux-devel -# For the perl_default_filter macro -BuildRequires: perl-macros -BuildRequires: systemd -%{?systemd_requires} -# For /sbin/ip. -BuildRequires: iproute -Requires: iproute -Requires(pre): /usr/sbin/useradd - -# Filter out the perl(Authen::PAM) dependency. -# No perl dependency is really needed at all. -%{?perl_default_filter} - -%description -OpenVPN is a robust and highly flexible tunneling application that uses all -of the encryption, authentication, and certification features of the -OpenSSL library to securely tunnel IP networks over a single UDP or TCP -port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library -for compression. - -%package devel -Summary: Development headers and examples for OpenVPN plug-ins - -%description devel -OpenVPN can be extended through the --plugin option, which provides -possibilities to add specialized authentication, user accounting, -packet filtering and related features. These plug-ins need to be -written in C and provides a more low-level and information rich access -to similar features as the various script-hooks. - - -%prep -gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} -%setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} -%patch1 -p1 -b .ch_default_cipher -%patch50 -p1 - -sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 - -# %%doc items shouldn't be executable. -find contrib sample -type f -perm /100 \ - -exec chmod a-x {} \; - -%build -%configure \ - --enable-iproute2 \ - --with-crypto-library=openssl \ - --enable-pkcs11 \ - --enable-selinux \ - --enable-systemd \ - --enable-x509-alt-username \ - --enable-async-push \ - --docdir=%{_pkgdocdir} \ - SYSTEMD_UNIT_DIR=%{_unitdir} \ - TMPFILES_DIR=%{_tmpfilesdir} \ - IPROUTE=/sbin/ip -%{__make} - -%check -# Test Crypto: -./src/openvpn/openvpn --genkey --secret key -./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key -./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key -./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key -./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key - -%if %{with tests_long} -# Randomize ports for tests to avoid conflicts on the build servers. -cport=$[ 50000 + ($RANDOM % 15534) ] -sport=$[ $cport + 1 ] -sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ - -e 's/^\(lport\) .*$/\1 '$cport'/' \ - < sample/sample-config-files/loopback-client \ - > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client -sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ - -e 's/^\(lport\) .*$/\1 '$sport'/' \ - < sample/sample-config-files/loopback-server \ - > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server - -pushd sample -# Test SSL/TLS negotiations (runs for 2 minutes): -../src/openvpn/openvpn --config \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -../src/openvpn/openvpn --config \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -wait -popd - -rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -%endif - -%install -%{__make} install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f -mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server -cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ - -# Create some directories the OpenVPN package should own -mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} -mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} - -# Package installs into %%{_pkgdocdir} directly -# Add various additional files -cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir} - -# Remove some files which does not really belong here -rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} -rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch -rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys - -%pre -getent group openvpn &>/dev/null || groupadd -r openvpn -getent passwd openvpn &>/dev/null || \ - /usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \ - -d /etc/openvpn openvpn - -%post -%systemd_post openvpn-client@\*.service -%systemd_post openvpn-server@\*.service - -%preun -%systemd_preun openvpn-client@\*.service -%systemd_preun openvpn-server@\*.service - -%postun -%systemd_postun_with_restart openvpn-client@\*.service -%systemd_postun_with_restart openvpn-server@\*.service -%systemd_postun_with_restart openvpn@\*.service - -%files -%{_pkgdocdir} -%exclude %{_pkgdocdir}/README.IPv6 -%exclude %{_pkgdocdir}/README.mbedtls -%exclude %{_pkgdocdir}/sample/sample-plugins -%{_mandir}/man8/%{name}.8* -%{_sbindir}/%{name} -%{_libdir}/%{name}/ -%{_unitdir}/%{name}-client@.service -%{_unitdir}/%{name}-server@.service -%{_tmpfilesdir}/%{name}.conf -%config %dir %{_sysconfdir}/%{name}/ -%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client -%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server -%attr(0750,-,openvpn) %{_rundir}/%{name}-client -%attr(0750,-,openvpn) %{_rundir}/%{name}-server -%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name} - -%files devel -%{_pkgdocdir}/sample/sample-plugins -%{_includedir}/openvpn-plugin.h -%{_includedir}/openvpn-msg.h - - -%changelog -* Wed Feb 20 2019 David Sommerseth - 2.4.7-1 -- Updating to upstream OpenVPN 2.4.7 - -* Fri Feb 01 2019 Fedora Release Engineering - 2.4.6-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sat Oct 6 2018 David Sommerseth - 2.4.6-3 -- Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends - -* Fri Jul 13 2018 Fedora Release Engineering - 2.4.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Thu Apr 26 2018 David Sommerseth - 2.4.6-1 -- Updating to upstream, openvpn-2.4.6 - -* Thu Mar 1 2018 David Sommerseth - 2.4.5-1 -- Updating to upstream, openvpn-2.4.5 -- Package upstream ChangeLog, which contains a bit more details than Changes.rst -- Cleaned up spec file further, removed Group: tag, trimmed changelog section, - added gcc to BuildRequires. -- Excluded not relevant file, README.mbedtls -- Package upstream version of README.systemd -- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743) -- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated) -- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn - -* Thu Feb 08 2018 Fedora Release Engineering - 2.4.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Jan 25 2018 Igor Gnatenko - 2.4.4-2 -- Fix systemd executions/requirements - -* Tue Sep 26 2017 David Sommerseth - 2.4.4-1 -- Update to upstream openvpn-2.4.4 -- Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} - -* Fri Aug 4 2017 David Sommerseth - 2.4.3-4 -- Change to AES-GCM as the default cipher for server configurations (rhbz#1479270) - -* Thu Aug 03 2017 Fedora Release Engineering - 2.4.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 2.4.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Jun 21 2017 David Sommerseth - 2.4.3-1 -- Updating to upstream openvpn-2.4.3 -- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} -- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-7520} -- Fix potential double-free in --x509-alt-username {CVE-2017-7521} -- Fix remote-triggerable memory leaks {CVE-2017-7521} -- Ensure OpenVPN systemd services are restarted upon upgrades -- Verify PGP signature of source tarball as part of package building -- Build against system lz4 library - -* Fri May 12 2017 David Sommerseth - 2.4.2-2 -- Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601) -- Install and take ownership of /var/lib/openvpn (rhbz#922786) - -* Thu May 11 2017 David Sommerseth - 2.4.2-1 -- Updating to upstream openvpn-2.4.2 -- Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468) -- Re-enabling --enable-x509-alt-username (rhbz#1443942) -- Add --enable-selinux -- Build with lz4 library from Fedora - -* Wed Mar 29 2017 David Sommerseth - 2.4.1-3 -- Splitting out -devel files into a separate package -- Removed several contrib and sample files which makes is not - strictly needed in this package. -- build: Enable tests runs by default, long running tests can - be disabled with "--without tests_long" -- build: Removed defined %%{plugins} macro not in use - -* Fri Mar 24 2017 David Sommerseth - 2.4.1-2 -- Various cleanups -- Use systemd-rpm macros (rhbz #850257) -- Removed the deprecated openvpn@.service unit. Replaced by openvpn-{client,server}@.service -- Added README.systemd describing new systemd unit files - -* Thu Mar 23 2017 David Sommerseth - 2.4.1-1 -- Updating to upstream release, v2.4.1 -- Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1 - and RIPE-160 hasing algorithms (based on OpenVPN 3 legacy profile) -- Removed no-functional ./configure options -- Use upstream tmfiles.d/openvpn -- Package newer openvpn-client/server@.service unit files - -* Thu Feb 09 2017 Jon Ciesla 2.4.0-2 -- Move to mbedtls to resolve FTBFS. -- Dropped, re-add once openvpn supports openssl 1.1.x -- --enable-pkcs11 \ -- --enable-x509-alt-username \ - -* Tue Dec 27 2016 Jon Ciesla 2.4.0-1 -- 2.4.0. - diff --git a/roadwarrior-client.conf b/roadwarrior-client.conf deleted file mode 100644 index dd12fdb..0000000 --- a/roadwarrior-client.conf +++ /dev/null @@ -1,38 +0,0 @@ -######################################### -# Sample client-side OpenVPN config file -# for connecting to multi-client server. -# -# Adapted from http://openvpn.sourceforge.net/20notes.html -# -# The server can be pinged at 10.8.0.1. -# -# This configuration can be used by multiple -# clients, however each client should have -# its own cert and key files. -# -# tun-style tunnel - -port 1194 -dev tun -remote [my server hostname or IP address] - -# TLS parms - -tls-client -ca sample-keys/tmp-ca.crt -cert sample-keys/client.crt -key sample-keys/client.key - -# This parm is required for connecting -# to a multi-client server. It tells -# the client to accept options which -# the server pushes to us. -pull - -# Scripts can be used to do various -# things (change nameservers, for -# example. -#up scripts/ifup-post -#down scripts/ifdown-post - -verb 4 diff --git a/roadwarrior-server.conf b/roadwarrior-server.conf deleted file mode 100644 index be3db15..0000000 --- a/roadwarrior-server.conf +++ /dev/null @@ -1,67 +0,0 @@ -######################################## -# Sample OpenVPN config file for -# 2.0-style multi-client udp server -# -# Adapted from http://openvpn.sourceforge.net/20notes.html -# -# tun-style tunnel - -port 1194 -dev tun - -# Use "local" to set the source address on multi-homed hosts -#local [IP address] - -# TLS parms -tls-server -ca sample-keys/tmp-ca.crt -cert sample-keys/server.crt -key sample-keys/server.key -dh sample-keys/dh1024.pem - -# Tell OpenVPN to be a multi-client udp server -mode server - -# The server's virtual endpoints -ifconfig 10.8.0.1 10.8.0.2 - -# Pool of /30 subnets to be allocated to clients. -# When a client connects, an --ifconfig command -# will be automatically generated and pushed back to -# the client. -ifconfig-pool 10.8.0.4 10.8.0.255 - -# Push route to client to bind it to our local -# virtual endpoint. -push "route 10.8.0.1 255.255.255.255" - -# Push any routes the client needs to get in -# to the local network. -push "route 192.168.0.0 255.255.255.0" - -# Push DHCP options to Windows clients. -push "dhcp-option DOMAIN example.com" -push "dhcp-option DNS 192.168.0.1" -push "dhcp-option WINS 192.168.0.1" - -# Client should attempt reconnection on link -# failure. -keepalive 10 60 - -# Delete client instances after some period -# of inactivity. -inactive 600 - -# Route the --ifconfig pool range into the -# OpenVPN server. -route 10.8.0.0 255.255.255.0 - -# The server doesn't need privileges -user openvpn -group openvpn - -# Keep TUN devices and keys open across restarts. -persist-tun -persist-key - -verb 4 diff --git a/sources b/sources deleted file mode 100644 index 0459ec9..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (openvpn-2.4.7.tar.xz) = 5398084ad0002b3ed34871375888a1ec5d4d0f0dbc7c979ab12fc16b00559613c0654f1760e84bea77d4fe7284bce25e2e9d3d309fe85ffd1060ced10978ff95 -SHA512 (openvpn-2.4.7.tar.xz.asc) = 4d2097291b46bd521f8a8bfcd3bf94fb334cccb13ee1391b434004068a4754d7e55afff99562487b296c02a24d18c495b69854c9e7d4042e04ba0a079c34cc4c