X Strike Force XFree86 SVN commit: r2217 - in trunk/debian: . patches

To: debian-x@lists.debian.org
Subject: X Strike Force XFree86 SVN commit: r2217 - in trunk/debian: . patches
From: X Strike Force SVN Repository Admin <branden+svnadmin@deadbeast.net>
Date: Sun, 13 Mar 2005 01:55:42 -0500 (EST)
Message-id: <[🔎] 20050313065542.145CF5C05D@necrotic.deadbeast.net>
Reply-to: debian-x@lists.debian.org
Author: branden
Date: 2005-03-13 01:55:39 -0500 (Sun, 13 Mar 2005)
New Revision: 2217

Modified:
   trunk/debian/CHANGESETS
   trunk/debian/TODO
   trunk/debian/changelog
   trunk/debian/patches/087_SECURITY_libXpm_vulnerabilities.diff
Log:
Fix CAN-2005-0605: libxpm4's scan.c file may allow attackers to execute
arbitrary code via a negative bitmap_unit value that leads to a buffer
overflow.  (Closes: #299272)


Modified: trunk/debian/CHANGESETS
===================================================================
--- trunk/debian/CHANGESETS	2005-03-10 22:13:29 UTC (rev 2216)
+++ trunk/debian/CHANGESETS	2005-03-13 06:55:39 UTC (rev 2217)
@@ -12,4 +12,9 @@
 Fernández-Sanguino Peña).  (Closes: #298538)
     2207
 
+Fix CAN-2005-0605: libxpm4's scan.c file may allow attackers to execute
+arbitrary code via a negative bitmap_unit value that leads to a buffer
+overflow.  (Closes: #299272)
+    2217
+
 vim:set ai et sts=4 sw=4 tw=80:

Modified: trunk/debian/TODO
===================================================================
--- trunk/debian/TODO	2005-03-10 22:13:29 UTC (rev 2216)
+++ trunk/debian/TODO	2005-03-13 06:55:39 UTC (rev 2217)
@@ -16,7 +16,6 @@
 
 4.3.0.dfsg.1-13
 ---------------
-* Fix CAN-2005-0605 (Debian #298939).
 * Update FAQ:
   + Nuke references to ViewCVS.
   + Fix URLs to point to Apache-served SVN repositories.

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-03-10 22:13:29 UTC (rev 2216)
+++ trunk/debian/changelog	2005-03-13 06:55:39 UTC (rev 2217)
@@ -1,12 +1,20 @@
-xfree86 (4.3.0.dfsg.1-12+SVN) unstable; urgency=low
+xfree86 (4.3.0.dfsg.1-12+SVN) unstable; urgency=high
 
+  Urgency set to high due to fix for security flaw CAN-2005-0605 (see below).
+
   Changes by Denis Barbier:
 
   * Update Spanish debconf template translations (thanks, Javier
     Fernández-Sanguino Peña).  (Closes: #298538)
 
- -- Branden Robinson <branden@debian.org>  Sat, 19 Feb 2005 02:28:21 -0500
+  Changes by Branden Robinson:
 
+  * Fix CAN-2005-0605: libxpm4's scan.c file may allow attackers to execute
+    arbitrary code via a negative bitmap_unit value that leads to a buffer
+    overflow.  (Closes: #299272)
+
+ -- Branden Robinson <branden@debian.org>  Sun, 13 Mar 2005 01:51:58 -0500
+
 xfree86 (4.3.0.dfsg.1-12) unstable; urgency=medium
 
   * Urgency set to medium due to fix for release-critical bug #295175

Modified: trunk/debian/patches/087_SECURITY_libXpm_vulnerabilities.diff
===================================================================
--- trunk/debian/patches/087_SECURITY_libXpm_vulnerabilities.diff	2005-03-10 22:13:29 UTC (rev 2216)
+++ trunk/debian/patches/087_SECURITY_libXpm_vulnerabilities.diff	2005-03-13 06:55:39 UTC (rev 2217)
@@ -1,8 +1,10 @@
 $Id$
 
 Fix several security flaws in the Xpm library.  Resolves CAN-2004-0687 (libXpm
-stack overflows), CAN-2004-0688 (libXpm integer overflows), and
-CAN-2004-0914 (more integer overflows).
+stack overflows), CAN-2004-0688 (libXpm integer overflows), CAN-2004-0914
+(more integer overflows), and CAN-2005-0605 (scan.c may allow attackers to
+execute arbitrary code via a negative bitmap_unit value that leads to a
+buffer overflow).
 
 The following text is by Chris Evans.
 
@@ -118,11 +120,28 @@
 https://bugs.freedesktop.org/show_bug.cgi?id=1924 > for more information.
 (It's up to the invoking application to validate filespec strings.)
 
+Chris Gilbert noticed the problem identified as CAN-2005-0605:
+
+  Having just looked at the 6.8.2 release, there's a couple of issues with
+  the patch.  In a few places the code does:
+
+  unsigned int i;
+
+  for (i = nbytes; --i >=0;)
+     *dst++ = *src++;
+
+  The compiler obviously says that i is unsigned, so i is never negative,
+  and so --i>=0 will wrap i to UINT_MAX, so is always true.
+
+  The two places are create.c PutImagePixels and scan.c GetImagePixels.
+
+  ( https://bugs.freedesktop.org/show_bug.cgi?id=1920 )
+
 This patch by Matthieu Herrb and others.
 
-diff -urN xc-old/extras/Xpm/lib/Attrib.c xc/extras/Xpm/lib/Attrib.c
---- xc-old/extras/Xpm/lib/Attrib.c	1999-01-11 13:23:09.000000000 +0000
-+++ xc/extras/Xpm/lib/Attrib.c	2004-11-19 10:54:10.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/Attrib.c xc/extras/Xpm/lib/Attrib.c
+--- xc~/extras/Xpm/lib/Attrib.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/Attrib.c	2005-03-13 01:34:39.000000000 -0500
 @@ -32,13 +32,15 @@
  *  Developed by Arnaud Le Hors                                                *
  \*****************************************************************************/
@@ -179,9 +198,9 @@
  	for (i = 0, ext = extensions; i < nextensions; i++, ext++) {
  	    if (ext->name)
  		XpmFree(ext->name);
-diff -urN xc-old/extras/Xpm/lib/CrBufFrI.c xc/extras/Xpm/lib/CrBufFrI.c
---- xc-old/extras/Xpm/lib/CrBufFrI.c	2001-10-28 03:32:09.000000000 +0000
-+++ xc/extras/Xpm/lib/CrBufFrI.c	2004-11-19 10:54:49.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/CrBufFrI.c xc/extras/Xpm/lib/CrBufFrI.c
+--- xc~/extras/Xpm/lib/CrBufFrI.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/CrBufFrI.c	2005-03-13 01:34:39.000000000 -0500
 @@ -31,6 +31,9 @@
  *                                                                             *
  *  Developed by Arnaud Le Hors                                                *
@@ -486,9 +505,9 @@
      if (info->hints_cmt)
  	size += 5 + strlen(info->hints_cmt);
  
-diff -urN xc-old/extras/Xpm/lib/CrDatFrI.c xc/extras/Xpm/lib/CrDatFrI.c
---- xc-old/extras/Xpm/lib/CrDatFrI.c	2001-10-28 03:32:09.000000000 +0000
-+++ xc/extras/Xpm/lib/CrDatFrI.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/CrDatFrI.c xc/extras/Xpm/lib/CrDatFrI.c
+--- xc~/extras/Xpm/lib/CrDatFrI.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/CrDatFrI.c	2005-03-13 01:34:39.000000000 -0500
 @@ -33,13 +33,16 @@
  \*****************************************************************************/
  /* $XFree86: xc/extras/Xpm/lib/CrDatFrI.c,v 1.2 2001/10/28 03:32:09 tsi Exp $ */
@@ -717,9 +736,9 @@
  	for (y = 0, line = ext->lines; y < b; y++, line++) {
  	    strcpy(*dataptr, *line);
  	    a++;
-diff -urN xc-old/extras/Xpm/lib/Imakefile xc/extras/Xpm/lib/Imakefile
---- xc-old/extras/Xpm/lib/Imakefile	1999-01-11 13:23:08.000000000 +0000
-+++ xc/extras/Xpm/lib/Imakefile	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/Imakefile xc/extras/Xpm/lib/Imakefile
+--- xc~/extras/Xpm/lib/Imakefile	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/Imakefile	2005-03-13 01:34:39.000000000 -0500
 @@ -104,13 +104,15 @@
  	 CrBufFrI.c CrDatFrP.c CrPFrBuf.c RdFToI.c WrFFrI.c \
  	 CrBufFrP.c CrIFrBuf.c CrPFrDat.c RdFToP.c WrFFrP.c \
@@ -738,9 +757,9 @@
  
         INCLUDES = -I.
         LINTLIBS = $(LINTXTOLL) $(LINTXLIB) 
-diff -urN xc-old/extras/Xpm/lib/RdFToBuf.c xc/extras/Xpm/lib/RdFToBuf.c
---- xc-old/extras/Xpm/lib/RdFToBuf.c	1999-01-11 13:23:10.000000000 +0000
-+++ xc/extras/Xpm/lib/RdFToBuf.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/RdFToBuf.c xc/extras/Xpm/lib/RdFToBuf.c
+--- xc~/extras/Xpm/lib/RdFToBuf.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/RdFToBuf.c	2005-03-13 01:34:39.000000000 -0500
 @@ -37,6 +37,8 @@
   * HeDu (hedu@cul-ipn.uni-kiel.de) 4/94
   */
@@ -769,8 +788,9 @@
      ptr = (char *) XpmMalloc(len + 1);
      if (!ptr) {
  	fclose(fp);
---- xc/extras/Xpm~/lib/RdFToI.c	2005-01-21 13:39:11.000000000 -0500
-+++ xc/extras/Xpm/lib/RdFToI.c	2005-01-21 13:41:42.000000000 -0500
+diff -urN xc~/extras/Xpm/lib/RdFToI.c xc/extras/Xpm/lib/RdFToI.c
+--- xc~/extras/Xpm/lib/RdFToI.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/RdFToI.c	2005-03-13 01:34:39.000000000 -0500
 @@ -33,6 +33,8 @@
  \*****************************************************************************/
  /* $XFree86: xc/extras/Xpm/lib/RdFToI.c,v 1.2 2001/10/28 03:32:09 tsi Exp $ */
@@ -854,9 +874,9 @@
  	break;
  #endif
      }
-diff -urN xc-old/extras/Xpm/lib/WrFFrBuf.c xc/extras/Xpm/lib/WrFFrBuf.c
---- xc-old/extras/Xpm/lib/WrFFrBuf.c	1999-01-11 13:23:10.000000000 +0000
-+++ xc/extras/Xpm/lib/WrFFrBuf.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/WrFFrBuf.c xc/extras/Xpm/lib/WrFFrBuf.c
+--- xc~/extras/Xpm/lib/WrFFrBuf.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/WrFFrBuf.c	2005-03-13 01:34:39.000000000 -0500
 @@ -32,6 +32,8 @@
  *  Developed by Arnaud Le Hors                                                *
  \*****************************************************************************/
@@ -875,8 +895,9 @@
  
      return XpmSuccess;
  }
---- xc/extras/Xpm~/lib/WrFFrI.c	2005-01-21 13:39:11.000000000 -0500
-+++ xc/extras/Xpm/lib/WrFFrI.c	2005-01-21 13:40:39.000000000 -0500
+diff -urN xc~/extras/Xpm/lib/WrFFrI.c xc/extras/Xpm/lib/WrFFrI.c
+--- xc~/extras/Xpm/lib/WrFFrI.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/WrFFrI.c	2005-03-13 01:34:39.000000000 -0500
 @@ -38,6 +38,8 @@
   * Lorens Younes (d93-hyo@nada.kth.se) 4/96
   */
@@ -971,9 +992,9 @@
  	break;
  #endif
      }
-diff -urN xc-old/extras/Xpm/lib/XpmI.h xc/extras/Xpm/lib/XpmI.h
---- xc-old/extras/Xpm/lib/XpmI.h	2002-01-07 19:40:23.000000000 +0000
-+++ xc/extras/Xpm/lib/XpmI.h	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/XpmI.h xc/extras/Xpm/lib/XpmI.h
+--- xc~/extras/Xpm/lib/XpmI.h	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/XpmI.h	2005-03-13 01:34:39.000000000 -0500
 @@ -49,8 +49,10 @@
   * lets try to solve include files
   */
@@ -1017,9 +1038,9 @@
      xpmHashAtom *atomTable;
  }      xpmHashTable;
  
-diff -urN xc-old/extras/Xpm/lib/create.c xc/extras/Xpm/lib/create.c
---- xc-old/extras/Xpm/lib/create.c	2002-01-07 19:40:49.000000000 +0000
-+++ xc/extras/Xpm/lib/create.c	2004-11-19 10:56:54.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/create.c xc/extras/Xpm/lib/create.c
+--- xc~/extras/Xpm/lib/create.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/create.c	2005-03-13 01:39:04.000000000 -0500
 @@ -1,3 +1,4 @@
 +/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
  /*
@@ -1107,16 +1128,19 @@
      return 0;
  }
  
-@@ -1204,7 +1218,7 @@
+@@ -1204,18 +1218,18 @@
      register char *src;
      register char *dst;
      register unsigned int *iptr;
 -    register int x, y, i;
-+    register unsigned int x, y, i;
++    register unsigned int x, y;
      register char *data;
      Pixel pixel, px;
-     int nbytes, depth, ibu, ibpp;
-@@ -1214,8 +1228,8 @@
+-    int nbytes, depth, ibu, ibpp;
++    int nbytes, depth, ibu, ibpp, i;
+ 
+     data = image->data;
+     iptr = pixelindex;
      depth = image->depth;
      if (depth == 1) {
  	ibu = image->bitmap_unit;
@@ -1367,9 +1391,9 @@
  	    buf[cpp] = '\0';
  	    if (USE_HASHTABLE) {
  		xpmHashAtom *slot;
-diff -urN xc-old/extras/Xpm/lib/data.c xc/extras/Xpm/lib/data.c
---- xc-old/extras/Xpm/lib/data.c	2002-01-07 19:40:49.000000000 +0000
-+++ xc/extras/Xpm/lib/data.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/data.c xc/extras/Xpm/lib/data.c
+--- xc~/extras/Xpm/lib/data.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/data.c	2005-03-13 01:34:39.000000000 -0500
 @@ -33,6 +33,8 @@
  \*****************************************************************************/
  /* $XFree86: xc/extras/Xpm/lib/data.c,v 1.4 2002/01/07 19:40:49 dawes Exp $ */
@@ -1409,9 +1433,9 @@
      int l, n = 0;
  
      if (data->type) {
-diff -urN xc-old/extras/Xpm/lib/hashtab.c xc/extras/Xpm/lib/hashtab.c
---- xc-old/extras/Xpm/lib/hashtab.c	1999-01-11 13:23:11.000000000 +0000
-+++ xc/extras/Xpm/lib/hashtab.c	2004-11-19 10:57:39.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/hashtab.c xc/extras/Xpm/lib/hashtab.c
+--- xc~/extras/Xpm/lib/hashtab.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/hashtab.c	2005-03-13 01:34:39.000000000 -0500
 @@ -135,15 +135,17 @@
      xpmHashTable *table;
  {
@@ -1441,9 +1465,9 @@
      atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable));
      if (!atomTable)
  	return (XpmNoMemory);
-diff -urN xc-old/extras/Xpm/lib/misc.c xc/extras/Xpm/lib/misc.c
---- xc-old/extras/Xpm/lib/misc.c	1999-01-11 13:23:11.000000000 +0000
-+++ xc/extras/Xpm/lib/misc.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/misc.c xc/extras/Xpm/lib/misc.c
+--- xc~/extras/Xpm/lib/misc.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/misc.c	2005-03-13 01:34:39.000000000 -0500
 @@ -44,7 +44,7 @@
      char *s1;
  {
@@ -1453,9 +1477,9 @@
  
      if (s2 = (char *) XpmMalloc(l))
  	strcpy(s2, s1);
-diff -urN xc-old/extras/Xpm/lib/parse.c xc/extras/Xpm/lib/parse.c
---- xc-old/extras/Xpm/lib/parse.c	2001-10-28 03:32:10.000000000 +0000
-+++ xc/extras/Xpm/lib/parse.c	2004-11-19 10:58:38.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/parse.c xc/extras/Xpm/lib/parse.c
+--- xc~/extras/Xpm/lib/parse.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/parse.c	2005-03-13 01:34:39.000000000 -0500
 @@ -1,3 +1,4 @@
 +/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
  /*
@@ -1727,9 +1751,9 @@
  
  /*
   * This function parses an Xpm file or data and store the found informations
-diff -urN xc-old/extras/Xpm/lib/s_popen.c xc/extras/Xpm/lib/s_popen.c
---- xc-old/extras/Xpm/lib/s_popen.c	1970-01-01 00:00:00.000000000 +0000
-+++ xc/extras/Xpm/lib/s_popen.c	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/s_popen.c xc/extras/Xpm/lib/s_popen.c
+--- xc~/extras/Xpm/lib/s_popen.c	1969-12-31 19:00:00.000000000 -0500
++++ xc/extras/Xpm/lib/s_popen.c	2005-03-13 01:34:39.000000000 -0500
 @@ -0,0 +1,181 @@
 +/*
 + * Copyright (C) 2004 The X.Org fundation
@@ -1912,9 +1936,9 @@
 +  }
 +}
 +
-diff -urN xc-old/extras/Xpm/lib/scan.c xc/extras/Xpm/lib/scan.c
---- xc-old/extras/Xpm/lib/scan.c	2002-01-07 19:40:49.000000000 +0000
-+++ xc/extras/Xpm/lib/scan.c	2004-11-19 10:59:17.000000000 +0000
+diff -urN xc~/extras/Xpm/lib/scan.c xc/extras/Xpm/lib/scan.c
+--- xc~/extras/Xpm/lib/scan.c	2005-03-13 01:32:36.000000000 -0500
++++ xc/extras/Xpm/lib/scan.c	2005-03-13 01:39:04.000000000 -0500
 @@ -43,6 +43,8 @@
   * Lorens Younes (d93-hyo@nada.kth.se) 4/96
   */
@@ -2002,16 +2026,28 @@
      xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors);
      if (!xcolors)
  	return (XpmNoMemory);
-@@ -607,7 +621,7 @@
+@@ -607,8 +621,8 @@
      char *dst;
      unsigned int *iptr;
      char *data;
 -    int x, y, i;
-+    unsigned int x, y, i;
-     int bits, depth, ibu, ibpp, offset;
+-    int bits, depth, ibu, ibpp, offset;
++    unsigned int x, y;
++    int bits, depth, ibu, ibpp, offset, i;
      unsigned long lbt;
      Pixel pixel, px;
-@@ -709,7 +723,7 @@
+ 
+@@ -619,6 +633,9 @@
+     ibpp = image->bits_per_pixel;
+     offset = image->xoffset;
+ 
++    if (image->bitmap_unit < 0)
++	    return (XpmNoMemory);
++
+     if ((image->bits_per_pixel | image->depth) == 1) {
+ 	ibu = image->bitmap_unit;
+ 	for (y = 0; y < height; y++)
+@@ -709,7 +726,7 @@
      unsigned char *addr;
      unsigned char *data;
      unsigned int *iptr;
@@ -2020,7 +2056,7 @@
      unsigned long lbt;
      Pixel pixel;
      int depth;
-@@ -774,7 +788,7 @@
+@@ -774,7 +791,7 @@
      unsigned char *addr;
      unsigned char *data;
      unsigned int *iptr;
@@ -2029,7 +2065,7 @@
      unsigned long lbt;
      Pixel pixel;
      int depth;
-@@ -819,7 +833,7 @@
+@@ -819,7 +836,7 @@
  {
      unsigned int *iptr;
      unsigned char *data;
@@ -2038,7 +2074,7 @@
      unsigned long lbt;
      Pixel pixel;
      int depth;
-@@ -852,7 +866,7 @@
+@@ -852,7 +869,7 @@
      storeFuncPtr storeFunc;
  {
      unsigned int *iptr;
@@ -2047,7 +2083,7 @@
      char *data;
      Pixel pixel;
      int xoff, yoff, offset, bpl;
-@@ -888,11 +902,11 @@
+@@ -888,11 +905,11 @@
  # else /* AMIGA */
  
  #define CLEAN_UP(status) \
@@ -2061,7 +2097,7 @@
  
  static int
  AGetImagePixels (
-@@ -913,7 +927,7 @@
+@@ -913,7 +930,7 @@
      
      tmp_img = AllocXImage ((((width+15)>>4)<<4), 1, image->rp->BitMap->Depth);
      if (tmp_img == NULL)
@@ -2070,7 +2106,7 @@
      
      iptr = pmap->pixelindex;
      for (y = 0; y < height; ++y)
-@@ -922,11 +936,11 @@
+@@ -922,11 +939,11 @@
  	for (x = 0; x < width; ++x, ++iptr)
  	{
  	    if ((*storeFunc) (pixels[x], pmap, iptr))
@@ -2084,9 +2120,9 @@
  }
  
  #undef CLEAN_UP
-diff -urN xc-old/lib/Xpm/Imakefile xc/lib/Xpm/Imakefile
---- xc-old/lib/Xpm/Imakefile	2000-09-19 12:46:06.000000000 +0000
-+++ xc/lib/Xpm/Imakefile	2004-11-19 10:52:29.000000000 +0000
+diff -urN xc~/lib/Xpm/Imakefile xc/lib/Xpm/Imakefile
+--- xc~/lib/Xpm/Imakefile	2005-03-13 01:32:36.000000000 -0500
++++ xc/lib/Xpm/Imakefile	2005-03-13 01:34:39.000000000 -0500
 @@ -42,11 +42,24 @@
  SPRINTFDEF = -DVOID_SPRINTF
  #endif
Reply to:
Prev by Date: Processed: cloning another copy of #298939 for xfree86 4.3
Next by Date: Processed: tagging 299272
Previous by thread: Processed: cloning another copy of #298939 for xfree86 4.3
Next by thread: Processed: tagging 299272
Index(es):
- Date
- Thread