You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by hw...@apache.org on 2010/11/09 21:07:45 UTC
svn commit: r1033188 - in /subversion/branches/1.6.x: ./
subversion/mod_dav_svn/ subversion/tests/cmdline/
Author: hwright
Date: Tue Nov 9 20:07:45 2010
New Revision: 1033188
URL: http://svn.apache.org/viewvc?rev=1033188&view=rev
Log:
Merge r996884 from trunk:
* r996884
Hide unreadable directory children in mod_dav_svn's GET response.
Justification:
We might as well be as tight security-wise as we can, even if
we've publicly stated for years that this was an expected leak of
information. Not showing unreadable subdirs, for example, prevents
folks from clicking that sucker in the browser only to get an authz
failure.
Votes:
+1: cmpilato, hwright, stsp
Modified:
subversion/branches/1.6.x/ (props changed)
subversion/branches/1.6.x/STATUS
subversion/branches/1.6.x/subversion/mod_dav_svn/authz.c
subversion/branches/1.6.x/subversion/mod_dav_svn/dav_svn.h
subversion/branches/1.6.x/subversion/mod_dav_svn/liveprops.c
subversion/branches/1.6.x/subversion/mod_dav_svn/lock.c
subversion/branches/1.6.x/subversion/mod_dav_svn/repos.c
subversion/branches/1.6.x/subversion/tests/cmdline/merge_tests.py (props changed)
Propchange: subversion/branches/1.6.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Nov 9 20:07:45 2010
@@ -93,4 +93,4 @@
/subversion/branches/tc_url_rev:874351-874483
/subversion/branches/tree-conflicts:868291-873154
/subversion/branches/tree-conflicts-notify:873926-874008
-/subversion/trunk:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614-876615,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,877437,877441-877442,877453,87745
9,877472,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878595,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,879293,879357,879375-879376,879403,
879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880082,880095,880105,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,895514,895653,896522,896915,898048,898963,899826,899828,900797,901304,901752,902093,904301,904394,904594,905303,905326,906256,906305,906587,908980-908981,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,939375-939376,944635,945350,946767,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964767,965405,965469,965508,979045,979429,980811,981449,981921,984928,984931,997457,997466,1000038,1000060,1000607,1000612,1001009,1002094
+/subversion/trunk:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614-876615,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,877437,877441-877442,877453,87745
9,877472,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878595,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,879293,879357,879375-879376,879403,
879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880082,880095,880105,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,895514,895653,896522,896915,898048,898963,899826,899828,900797,901304,901752,902093,904301,904394,904594,905303,905326,906256,906305,906587,908980-908981,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,939375-939376,944635,945350,946767,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964767,965405,965469,965508,979045,979429,980811,981449,981921,984928,984931,996884,997457,997466,1000038,1000060,1000607,1000612,1001009,1002094
Modified: subversion/branches/1.6.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/STATUS?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/STATUS (original)
+++ subversion/branches/1.6.x/STATUS Tue Nov 9 20:07:45 2010
@@ -346,17 +346,6 @@ Veto-blocked changes:
Approved changes:
=================
- * r996884
- Hide unreadable directory children in mod_dav_svn's GET response.
- Justification:
- We might as well be as tight security-wise as we can, even if
- we've publicly stated for years that this was an expected leak of
- information. Not showing unreadable subdirs, for example, prevents
- folks from clicking that sucker in the browser only to get an authz
- failure.
- Votes:
- +1: cmpilato, hwright, stsp
-
* r964349
Create fails.log files for test runs.
Justification:
Modified: subversion/branches/1.6.x/subversion/mod_dav_svn/authz.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/subversion/mod_dav_svn/authz.c?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/subversion/mod_dav_svn/authz.c (original)
+++ subversion/branches/1.6.x/subversion/mod_dav_svn/authz.c Tue Nov 9 20:07:45 2010
@@ -26,17 +26,12 @@
#include "dav_svn.h"
-/* Convert incoming REV and PATH from request R into a version-resource URI
- for REPOS and perform a GET subrequest on it. This will invoke any authz
- modules loaded into apache. Return TRUE if the subrequest succeeds, FALSE
- otherwise. If REV is SVN_INVALID_REVNUM, then we look at HEAD.
-*/
-static svn_boolean_t
-allow_read(request_rec *r,
- const dav_svn_repos *repos,
- const char *path,
- svn_revnum_t rev,
- apr_pool_t *pool)
+svn_boolean_t
+dav_svn__allow_read(request_rec *r,
+ const dav_svn_repos *repos,
+ const char *path,
+ svn_revnum_t rev,
+ apr_pool_t *pool)
{
const char *uri;
request_rec *subreq;
@@ -170,7 +165,7 @@ authz_read(svn_boolean_t *allowed,
}
/* We have a (rev, path) pair to check authorization on. */
- *allowed = allow_read(arb->r, arb->repos, revpath, rev, pool);
+ *allowed = dav_svn__allow_read(arb->r, arb->repos, revpath, rev, pool);
return SVN_NO_ERROR;
}
@@ -189,10 +184,10 @@ dav_svn__authz_read_func(dav_svn__authz_
svn_boolean_t
-dav_svn__allow_read(const dav_resource *resource,
- svn_revnum_t rev,
- apr_pool_t *pool)
+dav_svn__allow_read_resource(const dav_resource *resource,
+ svn_revnum_t rev,
+ apr_pool_t *pool)
{
- return allow_read(resource->info->r, resource->info->repos,
- resource->info->repos_path, rev, pool);
+ return dav_svn__allow_read(resource->info->r, resource->info->repos,
+ resource->info->repos_path, rev, pool);
}
Modified: subversion/branches/1.6.x/subversion/mod_dav_svn/dav_svn.h
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/subversion/mod_dav_svn/dav_svn.h?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/subversion/mod_dav_svn/dav_svn.h (original)
+++ subversion/branches/1.6.x/subversion/mod_dav_svn/dav_svn.h Tue Nov 9 20:07:45 2010
@@ -587,17 +587,32 @@ typedef struct
} dav_svn__authz_read_baton;
-/* Convert incoming RESOURCE and revision REV into a version-resource URI and
- perform a GET subrequest on it. This will invoke any authz modules loaded
- into apache. Return TRUE if the subrequest succeeds, FALSE otherwise.
+/* Return TRUE iff the current user (as determined by Apache's
+ authentication system) has permission to read PATH in REPOS at REV
+ (where an invalid REV means "HEAD"). This will invoke any authz
+ modules loaded into Apache unless this Subversion location has been
+ configured to bypass those in favor of a direct lookup in the
+ Subversion authz subsystem. Use POOL for any temporary allocation.
+*/
+svn_boolean_t
+dav_svn__allow_read(request_rec *r,
+ const dav_svn_repos *repos,
+ const char *path,
+ svn_revnum_t rev,
+ apr_pool_t *pool);
- If REV is SVN_INVALID_REVNUM, then we look at HEAD.
- Use POOL for any temporary allocation.
+/* Return TRUE iff the current user (as determined by Apache's
+ authentication system) has permission to read RESOURCE in REV
+ (where an invalid REV means "HEAD"). This will invoke any authz
+ modules loaded into Apache unless this Subversion location has been
+ configured to bypass those in favor of a direct lookup in the
+ Subversion authz subsystem. Use POOL for any temporary allocation.
*/
svn_boolean_t
-dav_svn__allow_read(const dav_resource *resource,
- svn_revnum_t rev,
- apr_pool_t *pool);
+dav_svn__allow_read_resource(const dav_resource *resource,
+ svn_revnum_t rev,
+ apr_pool_t *pool);
+
/* If authz is enabled in the specified BATON, return a read authorization
function. Otherwise, return NULL. */
Modified: subversion/branches/1.6.x/subversion/mod_dav_svn/liveprops.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/subversion/mod_dav_svn/liveprops.c?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/subversion/mod_dav_svn/liveprops.c (original)
+++ subversion/branches/1.6.x/subversion/mod_dav_svn/liveprops.c Tue Nov 9 20:07:45 2010
@@ -139,7 +139,7 @@ get_path_revprop(svn_string_t **propval,
{
*propval = NULL;
- if (! dav_svn__allow_read(resource, committed_rev, pool))
+ if (! dav_svn__allow_read_resource(resource, committed_rev, pool))
return SVN_NO_ERROR;
/* Get the property of the created revision. The authz is already
Modified: subversion/branches/1.6.x/subversion/mod_dav_svn/lock.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/subversion/mod_dav_svn/lock.c?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/subversion/mod_dav_svn/lock.c (original)
+++ subversion/branches/1.6.x/subversion/mod_dav_svn/lock.c Tue Nov 9 20:07:45 2010
@@ -453,7 +453,8 @@ get_locks(dav_lockdb *lockdb,
/* If the resource's fs path is unreadable, we don't want to say
anything about locks attached to it.*/
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
@@ -513,7 +514,8 @@ find_lock(dav_lockdb *lockdb,
/* If the resource's fs path is unreadable, we don't want to say
anything about locks attached to it.*/
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
@@ -591,7 +593,8 @@ has_locks(dav_lockdb *lockdb, const dav_
/* If the resource's fs path is unreadable, we don't want to say
anything about locks attached to it.*/
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
@@ -634,7 +637,8 @@ append_locks(dav_lockdb *lockdb,
/* If the resource's fs path is unreadable, we don't allow a lock to
be created on it. */
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
@@ -801,7 +805,8 @@ remove_lock(dav_lockdb *lockdb,
/* If the resource's fs path is unreadable, we don't allow a lock to
be removed from it. */
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
@@ -886,7 +891,8 @@ refresh_locks(dav_lockdb *lockdb,
/* If the resource's fs path is unreadable, we don't want to say
anything about locks attached to it.*/
- if (! dav_svn__allow_read(resource, SVN_INVALID_REVNUM, resource->pool))
+ if (! dav_svn__allow_read_resource(resource, SVN_INVALID_REVNUM,
+ resource->pool))
return dav_new_error(resource->pool, HTTP_FORBIDDEN,
DAV_ERR_LOCK_SAVE_LOCK,
"Path is not accessible.");
Modified: subversion/branches/1.6.x/subversion/mod_dav_svn/repos.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.6.x/subversion/mod_dav_svn/repos.c?rev=1033188&r1=1033187&r2=1033188&view=diff
==============================================================================
--- subversion/branches/1.6.x/subversion/mod_dav_svn/repos.c (original)
+++ subversion/branches/1.6.x/subversion/mod_dav_svn/repos.c Tue Nov 9 20:07:45 2010
@@ -2840,6 +2840,7 @@ deliver(const dav_resource *resource, ap
apr_hash_t *entries;
apr_pool_t *entry_pool;
apr_array_header_t *sorted;
+ svn_revnum_t dir_rev = SVN_INVALID_REVNUM;
int i;
/* XML schema for the directory index if xslt_uri is set:
@@ -2916,6 +2917,7 @@ deliver(const dav_resource *resource, ap
}
else
{
+ dir_rev = svn_fs_revision_root_revision(resource->info->root.root);
serr = svn_fs_dir_entries(&entries, resource->info->root.root,
resource->info->repos_path, resource->pool);
if (serr != NULL)
@@ -3022,9 +3024,31 @@ deliver(const dav_resource *resource, ap
const char *name = item->key;
const char *href = name;
svn_boolean_t is_dir = (entry->kind == svn_node_dir);
+ const char *repos_relpath = NULL;
svn_pool_clear(entry_pool);
+ /* DIR_REV is set to a valid revision if we're looking at
+ the entries of a versioned directory. Otherwise, we're
+ looking at a parent-path listing. */
+ if (SVN_IS_VALID_REVNUM(dir_rev))
+ {
+ repos_relpath = svn_path_join(resource->info->repos_path,
+ name, entry_pool);
+ if (! dav_svn__allow_read(resource->info->r,
+ resource->info->repos,
+ repos_relpath,
+ dir_rev,
+ entry_pool))
+ continue;
+ }
+ else
+ {
+ /* ### TODO: We could test for readability of the root
+ directory of each repository and hide those that
+ the user can't see. */
+ }
+
/* append a trailing slash onto the name for directories. we NEED
this for the href portion so that the relative reference will
descend properly. for the visible portion, it is just nice. */
Propchange: subversion/branches/1.6.x/subversion/tests/cmdline/merge_tests.py
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Nov 9 20:07:45 2010
@@ -93,4 +93,4 @@
/subversion/branches/tree-conflicts/subversion/tests/cmdline/merge_tests.py:868291-873154
/subversion/branches/tree-conflicts-notify/subversion/tests/cmdline/merge_tests.py:873926-874008
/subversion/trunk/subversion/tests/cmdline/merge_reintegrate_tests.py:953878
-/subversion/trunk/subversion/tests/cmdline/merge_tests.py:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,
877437,877441-877442,877453,877459,877472,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878595,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,87
9293,879357,879375-879376,879403,879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880082,880095,880105,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,895514,895653,896522,896915,898048,898963,899826,899828,900797,901304,901752,902093,904301,904394,904594,905303,905326,906256,906305,906587,908980-908981,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,944635,945350,946767,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964767,965405,965469,965508,979045,979429,981921,984928,984931,1000038,1000060,1000607,1000612,1001009,1002094
+/subversion/trunk/subversion/tests/cmdline/merge_tests.py:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,
877437,877441-877442,877453,877459,877472,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878595,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,87
9293,879357,879375-879376,879403,879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880082,880095,880105,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,895514,895653,896522,896915,898048,898963,899826,899828,900797,901304,901752,902093,904301,904394,904594,905303,905326,906256,906305,906587,908980-908981,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,944635,945350,946767,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964767,965405,965469,965508,979045,979429,981921,984928,984931,996884,1000038,1000060,1000607,1000612,1001009,1002094