From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] squidclamav: Remove package from IPFire as agreed in dev video call 3rd Jul 2023 Date: Sun, 09 Jul 2023 15:02:00 +0000 Message-ID: In-Reply-To: <20230704130819.2025526-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2953214928387353983==" List-Id: --===============2953214928387353983== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Peter M=C3=BCller > - Removal of lfs file > - Removal of rootfile > - Removal of backup includes file > - Removal of three patches > - Removal of paks files > - Adjustment of make.sh to remove squidclamav >=20 > Signed-off-by: Adolf Belka > --- > config/backup/includes/squidclamav | 1 - > config/rootfiles/packages/squidclamav | 14 -- > config/squidclamav/squidclamav.conf | 39 ---- > lfs/squidclamav | 95 --------- > make.sh | 1 - > src/paks/squidclamav/install.sh | 27 --- > src/paks/squidclamav/uninstall.sh | 28 --- > src/paks/squidclamav/update.sh | 53 ----- > .../squidclamav-5.11-dont_use_ipv6.patch | 13 -- > ...av-5.11-source-address-parsing-issue.patch | 13 -- > ...uidclamav-5.11-squid-helper-protocol.patch | 185 ------------------ > 11 files changed, 469 deletions(-) > delete mode 100644 config/backup/includes/squidclamav > delete mode 100644 config/rootfiles/packages/squidclamav > delete mode 100644 config/squidclamav/squidclamav.conf > delete mode 100644 lfs/squidclamav > delete mode 100644 src/paks/squidclamav/install.sh > delete mode 100644 src/paks/squidclamav/uninstall.sh > delete mode 100644 src/paks/squidclamav/update.sh > delete mode 100644 src/patches/squidclamav-5.11-dont_use_ipv6.patch > delete mode 100644 src/patches/squidclamav-5.11-source-address-parsing-iss= ue.patch > delete mode 100644 src/patches/squidclamav-5.11-squid-helper-protocol.patch >=20 > diff --git a/config/backup/includes/squidclamav b/config/backup/includes/sq= uidclamav > deleted file mode 100644 > index bacc23b67..000000000 > --- a/config/backup/includes/squidclamav > +++ /dev/null > @@ -1 +0,0 @@ > -/etc/squidclamav.conf > diff --git a/config/rootfiles/packages/squidclamav b/config/rootfiles/packa= ges/squidclamav > deleted file mode 100644 > index 5976a0c47..000000000 > --- a/config/rootfiles/packages/squidclamav > +++ /dev/null > @@ -1,14 +0,0 @@ > -etc/squidclamav.conf > -usr/bin/squidclamav > -#usr/libexec/squidclamav > -#usr/libexec/squidclamav/clwarn.cgi > -#usr/libexec/squidclamav/clwarn.cgi.de_DE > -#usr/libexec/squidclamav/clwarn.cgi.en_EN > -#usr/libexec/squidclamav/clwarn.cgi.fr_FR > -#usr/libexec/squidclamav/clwarn.cgi.pt_BR > -#usr/libexec/squidclamav/clwarn.cgi.ru_RU > -#usr/share/man/man1/squidclamav.1 > -#usr/share/squidclamav > -#usr/share/squidclamav/README > -var/ipfire/backup/addons/includes/squidclamav > -srv/web/ipfire/html/clwarn.cgi > diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squid= clamav.conf > deleted file mode 100644 > index 2b8f5dc02..000000000 > --- a/config/squidclamav/squidclamav.conf > +++ /dev/null > @@ -1,39 +0,0 @@ > -squid_ip 127.0.0.1 > -squid_port 800 > -# > -logfile /var/log/squid/squidclamav.log > -redirect http://127.0.0.1:81/clwarn.cgi > -# > -debug 0 > -stat 0 > -# > -clamd_local /var/run/clamav/clamd > -#clamd_ip 192.168.1.5 > -#clamd_port 3310 > -# > -maxsize 5000000 > -maxredir 30 > -timeout 60 > -trust_cache 1 > -# > -# Do not scan standard HTTP images > -abort ^.*\.(ico|gif|png|jpg)$ > -abortcontent ^image\/.*$ > -# > -# Do not scan text and javascript files > -abort ^.*\.(css|xml|xsl|js|html|jsp)$ > -abortcontent ^text\/.*$ > -abortcontent ^application\/x-javascript$ > -# > -# Do not scan streaming videos > -abortcontent ^video\/mp4$ > -abortcontent ^video\/x-flv$ > -# > -# Do not scan pdf and flash > -#abort ^.*\.(pdf|swf)$ > -# > -# Do not scan sequence of framed Microsoft Media Server (MMS) data packets > -abortcontent ^.*application\/x-mms-framed.*$ > -# > -# White list some sites > -whitelist .*\.clamav.net > diff --git a/lfs/squidclamav b/lfs/squidclamav > deleted file mode 100644 > index 06133c5de..000000000 > --- a/lfs/squidclamav > +++ /dev/null > @@ -1,95 +0,0 @@ > -##########################################################################= ##### > -# = # > -# IPFire.org - A linux based firewall = # > -# Copyright (C) 2007-2018 IPFire Team = # > -# = # > -# This program is free software: you can redistribute it and/or modify = # > -# it under the terms of the GNU General Public License as published by = # > -# the Free Software Foundation, either version 3 of the License, or = # > -# (at your option) any later version. = # > -# = # > -# This program is distributed in the hope that it will be useful, = # > -# but WITHOUT ANY WARRANTY; without even the implied warranty of = # > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # > -# GNU General Public License for more details. = # > -# = # > -# You should have received a copy of the GNU General Public License = # > -# along with this program. If not, see . = # > -# = # > -##########################################################################= ##### > - > -##########################################################################= ##### > -# Definitions > -##########################################################################= ##### > - > -include Config > - > -SUMMARY =3D Antivirus redirector for Squid based on ClamAv > - > -VER =3D 5.11 > - > -THISAPP =3D squidclamav-$(VER) > -DL_FILE =3D $(THISAPP).tar.gz > -DL_FROM =3D $(URL_IPFIRE) > -DIR_APP =3D $(DIR_SRC)/$(THISAPP) > -TARGET =3D $(DIR_INFO)/$(THISAPP) > -PROG =3D squidclamav > -PAK_VER =3D 22 > - > -DEPS =3D clamav > - > -SERVICES =3D > - > -##########################################################################= ##### > -# Top-level Rules > -##########################################################################= ##### > - > -objects =3D $(DL_FILE) > - > -$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > - > -$(DL_FILE)_BLAKE2 =3D 5f180f49685df355c1f142beac6f10161830b6e274cc9efac815= 64010f751edead9afce6118ddb5308297b6d3eb621f97a567b4f9cf096e08df833f70e03d24f > - > -install : $(TARGET) > - > -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) > - > -download :$(patsubst %,$(DIR_DL)/%,$(objects)) > - > -b2 : $(subst %,%_BLAKE2,$(objects)) > - > -dist: > - @$(PAK) > - > -##########################################################################= ##### > -# Downloading, checking, b2sum > -##########################################################################= ##### > - > -$(patsubst %,$(DIR_CHK)/%,$(objects)) : > - @$(CHECK) > - > -$(patsubst %,$(DIR_DL)/%,$(objects)) : > - @$(LOAD) > - > -$(subst %,%_BLAKE2,$(objects)) : > - @$(B2SUM) > - > -##########################################################################= ##### > -# Installation Details > -##########################################################################= ##### > - > -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > - @$(PREBUILD) > - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > - $(UPDATE_AUTOMAKE) > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-don= t_use_ipv6.patch > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-squ= id-helper-protocol.patch > - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-sou= rce-address-parsing-issue.patch > - cd $(DIR_APP) && ./configure --prefix=3D/usr > - cd $(DIR_APP) && make install > - install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclam= av.conf > - chown -v root:nobody /etc/squidclamav.conf > - install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfi= re/backup/addons/includes/squidclamav > - chmod 755 /srv/web/ipfire/html/clwarn.cgi > - @rm -rf $(DIR_APP) > - @$(POSTBUILD) > diff --git a/make.sh b/make.sh > index db9ee9a97..57b6c6f15 100755 > --- a/make.sh > +++ b/make.sh > @@ -1532,7 +1532,6 @@ buildipfire() { > lfsmake2 perl-Authen-SASL > lfsmake2 perl-MIME-Lite > lfsmake2 perl-Email-Date-Format > - lfsmake2 squidclamav > lfsmake2 vnstat > lfsmake2 iw > lfsmake2 wpa_supplicant > diff --git a/src/paks/squidclamav/install.sh b/src/paks/squidclamav/install= .sh > deleted file mode 100644 > index 42bd5ba36..000000000 > --- a/src/paks/squidclamav/install.sh > +++ /dev/null > @@ -1,27 +0,0 @@ > -#!/bin/bash > -##########################################################################= ## > -# = # > -# This file is part of the IPFire Firewall. = # > -# = # > -# IPFire is free software; you can redistribute it and/or modify = # > -# it under the terms of the GNU General Public License as published by = # > -# the Free Software Foundation; either version 2 of the License, or = # > -# (at your option) any later version. = # > -# = # > -# IPFire is distributed in the hope that it will be useful, = # > -# but WITHOUT ANY WARRANTY; without even the implied warranty of = # > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # > -# GNU General Public License for more details. = # > -# = # > -# You should have received a copy of the GNU General Public License = # > -# along with IPFire; if not, write to the Free Software = # > -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA= # > -# = # > -# Copyright (C) 2007 IPFire-Team . = # > -# = # > -##########################################################################= ## > -# > -. /opt/pakfire/lib/functions.sh > -extract_files > -restore_backup ${NAME} > -/etc/init.d/squid restart > diff --git a/src/paks/squidclamav/uninstall.sh b/src/paks/squidclamav/unins= tall.sh > deleted file mode 100644 > index d2aa435e3..000000000 > --- a/src/paks/squidclamav/uninstall.sh > +++ /dev/null > @@ -1,28 +0,0 @@ > -#!/bin/bash > -##########################################################################= ## > -# = # > -# This file is part of the IPFire Firewall. = # > -# = # > -# IPFire is free software; you can redistribute it and/or modify = # > -# it under the terms of the GNU General Public License as published by = # > -# the Free Software Foundation; either version 2 of the License, or = # > -# (at your option) any later version. = # > -# = # > -# IPFire is distributed in the hope that it will be useful, = # > -# but WITHOUT ANY WARRANTY; without even the implied warranty of = # > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # > -# GNU General Public License for more details. = # > -# = # > -# You should have received a copy of the GNU General Public License = # > -# along with IPFire; if not, write to the Free Software = # > -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA= # > -# = # > -# Copyright (C) 2007 IPFire-Team . = # > -# = # > -##########################################################################= ## > -# > -. /opt/pakfire/lib/functions.sh > -/etc/init.d/squid stop > -make_backup ${NAME} > -remove_files > -/etc/init.d/squid start > diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh > deleted file mode 100644 > index 43760856c..000000000 > --- a/src/paks/squidclamav/update.sh > +++ /dev/null > @@ -1,53 +0,0 @@ > -#!/bin/bash > -##########################################################################= ## > -# = # > -# This file is part of the IPFire Firewall. = # > -# = # > -# IPFire is free software; you can redistribute it and/or modify = # > -# it under the terms of the GNU General Public License as published by = # > -# the Free Software Foundation; either version 2 of the License, or = # > -# (at your option) any later version. = # > -# = # > -# IPFire is distributed in the hope that it will be useful, = # > -# but WITHOUT ANY WARRANTY; without even the implied warranty of = # > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # > -# GNU General Public License for more details. = # > -# = # > -# You should have received a copy of the GNU General Public License = # > -# along with IPFire; if not, write to the Free Software = # > -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA= # > -# = # > -# Copyright (C) 2010 IPFire-Team . = # > -# = # > -##########################################################################= ## > -# > -. /opt/pakfire/lib/functions.sh > -./uninstall.sh > -extract_files > - > -VERSION=3D$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release = | cut -d" " -f2) > - > -if [ "$VERSION" -gt "10" ]; then > - restore_backup ${NAME} > -fi > - > -if [ "$VERSION" -lt "11" ]; then > - sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidc= lamav.conf > -fi > - > -if [ "$VERSION" -lt "16" ]; then > - sed -i /etc/squidclamav.conf \ > - -e "s/proxy none//g" \ > - -e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \ > - -e "s/^#squid_port 3128/squid_port 800/g" \ > - -e "s/^#trust_cache 1/trust_cache 1/g" > - > - # Fix permissions. > - chmod 664 /etc/squidclamav.conf > - chown root.nobody /etc/squidclamav.conf > - > - # Regenerate configuration files. > - perl /srv/web/ipfire/cgi-bin/proxy.cgi > -fi > -=20 > -/etc/init.d/squid restart > diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches= /squidclamav-5.11-dont_use_ipv6.patch > deleted file mode 100644 > index 45889625f..000000000 > --- a/src/patches/squidclamav-5.11-dont_use_ipv6.patch > +++ /dev/null > @@ -1,13 +0,0 @@ > -diff -Nur a/src/squidclamav.c b/src/squidclamav.c > ---- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 > -+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 > -@@ -413,6 +413,9 @@ > - /* Suppress error: SSL certificate problem, verify that the CA cert is= OK */ > - curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); > - curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); > -+ > -+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ > -+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); > - } > - } > - /* create a squidguard child process and setup pipes */ > diff --git a/src/patches/squidclamav-5.11-source-address-parsing-issue.patc= h b/src/patches/squidclamav-5.11-source-address-parsing-issue.patch > deleted file mode 100644 > index 4031c733d..000000000 > --- a/src/patches/squidclamav-5.11-source-address-parsing-issue.patch > +++ /dev/null > @@ -1,13 +0,0 @@ > ---- squidclamav-5.11/src/pattern.c~ 2014-10-29 13:08:05.658143495 +0000 > -+++ squidclamav-5.11/src/pattern.c 2014-10-29 13:08:20.964642365 +0000 > -@@ -151,10 +151,6 @@ > - return 1; > - } > - =20 > -- /* extract source ipaddress and source fqdn */ > -- if (parseSourceAddress(in_buff.src_address, "/") !=3D 0) { > -- } > -- =20 > - if (debug !=3D 0) > - logit(log_file, "DEBUG Parsed request: %s %s/%s %s %s\n", in_buff.url, i= n_buff.ipaddress, in_buff.fqdn, in_buff.ident, in_buff.method); > -=20 > diff --git a/src/patches/squidclamav-5.11-squid-helper-protocol.patch b/src= /patches/squidclamav-5.11-squid-helper-protocol.patch > deleted file mode 100644 > index e64bcafef..000000000 > --- a/src/patches/squidclamav-5.11-squid-helper-protocol.patch > +++ /dev/null > @@ -1,185 +0,0 @@ > -diff -Naur squidclamav-5.11.org/src/squidclamav.c squidclamav-5.11/src/squ= idclamav.c > ---- squidclamav-5.11.org/src/squidclamav.c 2012-10-29 09:46:06.000000000 += 0100 > -+++ squidclamav-5.11/src/squidclamav.c 2014-06-03 12:26:36.215696508 +0200 > -@@ -483,7 +483,7 @@ > - aren't appropriate, then just echo back the line from stdin */ > - if (buff_status =3D=3D 1) { > - logit(log_file, "DEBUG Invalid input buffer, aborting: %s\n", sbuff); > -- puts(""); > -+ puts("BH message=3D\"Invalid input buffer\""); > - fflush(stdout); > - continue; > - } > -@@ -496,7 +496,7 @@ > - logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTUSER= match) for user: %s\n", in_buff.ident); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"TRUSTUSER match\""); > - fflush(stdout); > - continue; > - } > -@@ -508,7 +508,7 @@ > - logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTCLIE= NT match) for address: %s/%s\n",in_buff.ipaddress, in_buff.fqdn); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"TRUSTCLIENT match\""); > - fflush(stdout); > - continue; > - } > -@@ -520,7 +520,7 @@ > - logit(log_file, "DEBUG No squidguard and no antivir check (WHITELIST= match) for url: %s\n", in_buff.url); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"WHITLIST match\""); > - fflush(stdout); > - continue; > - } > -@@ -536,7 +536,7 @@ > - if ((sockd =3D dconnect ()) < 0) > - { > - logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to = Squid.\n"); > -- puts(""); > -+ puts("BH message=3D\"Cannot connect to clamd\""); > - fflush(stdout); > - continue; > - } > -@@ -546,7 +546,7 @@ > - if (write (sockd, "zINSTREAM", 10) <=3D 0) > - { > - logit(log_file, "ERROR Can't write to Clamd socket.\n"); > -- puts(""); > -+ puts("BG message=3D\"Cannot write to clamd socket\""); > - fflush(stdout); > - continue; > - } > -@@ -614,8 +614,7 @@ > - logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url); > - } > - } > -- fprintf (stdout, "%s %s %s %s\n", urlredir, > -- in_buff.src_address, in_buff.ident, in_buff.method); > -+ fprintf (stdout, "OK rewrite-url=3D\"%s\"\n", urlredir); > - fflush(stdout); > - xfree(urlredir); > - if (debug !=3D 0) > -@@ -675,7 +674,7 @@ > - continue operation (so that Squid still works!), > - we simply echo stdin to stdout - i.e. "bridge mode" :-) */ > - if (bridge_mode =3D=3D 1) { > -- puts(""); > -+ puts("ERR message=3D\"brigde mode\""); > - fflush(stdout); > - continue; > - } > -@@ -685,7 +684,7 @@ > - if (buff_status =3D=3D -1) { > - if (debug > 2) > - logit(log_file, "DEBUG method is not GET skipping virus scan.\n"); > -- puts(""); > -+ puts("ERR message=3D\"method is not GET skipping virus scan\""); > - fflush(stdout); > - continue; > - } > -@@ -699,7 +698,7 @@ > - timeit(g_start, "Total"); > -=20 > - /* no replacement for the URL was found */ > -- puts(""); > -+ puts("ERR message=3D\"ABORT match\""); > - fflush(stdout); > - continue; > -=20 > -@@ -750,7 +749,7 @@ > - logit(log_file, "DEBUG HIT Cache found, trust cache enabled, skippin= g...\n"); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"cache hit found\""); > - fflush(stdout); > - continue; > - } > -@@ -762,7 +761,7 @@ > - logit(log_file, "ERROR No content length from url %s\n", in_buff.= url); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"no content length from URL\""); > - fflush(stdout); > - continue; > - } > -@@ -775,7 +774,7 @@ > - logit(log_file, "DEBUG No antivir check (Content length is upper = than maxsize): %'.2f > %'.2f\n", usize, maxsize); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"content length is upper than maxsize\""); > - fflush(stdout); > - continue; > - } > -@@ -787,7 +786,7 @@ > - in_buff.url); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"no content type from URL\""); > - fflush(stdout); > - continue; > - } > -@@ -799,7 +798,7 @@ > - logit(log_file, "DEBUG No antivir check (ABORTCONTENT match) for co= ntent-type: %s\n", content_type); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -- puts(""); > -+ puts("ERR message=3D\"ABORTCONTENT match\""); > - fflush(stdout); > - continue; > - } > -@@ -814,7 +813,7 @@ > - if ((sockd =3D dconnect ()) < 0) > - { > - logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to = Squid.\n"); > -- puts(""); > -+ puts("BH message=3D\"cannot connect clamd daemon\""); > - fflush(stdout); > - continue; > - } > -@@ -824,7 +823,7 @@ > - if (write (sockd, "zINSTREAM", 10) <=3D 0) > - { > - logit(log_file, "ERROR Can't write to Clamd socket.\n"); > -- puts(""); > -+ puts("BH message=3D\"cannot write to clamd socket\""); > - fflush(stdout); > - continue; > - } > -@@ -844,7 +843,7 @@ > - close (sockd); > - if (debug > 1) > - logit(log_file, "DEBUG Connection to clamd closed.\n"); > -- puts(""); > -+ puts("ERR message=3D\"connection to clamd closed\""); > - fflush(stdout); > - if (statit =3D=3D 1) > - timeit(g_start, "Total"); > -@@ -892,8 +891,7 @@ > - logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url); > - } > - } > -- fprintf (stdout, "%s %s %s %s\n", urlredir, > -- in_buff.src_address, in_buff.ident, in_buff.method); > -+ fprintf (stdout, "OK rewrite-url=3D\"%s\"\n", urlredir); > - fflush(stdout); > - xfree(urlredir); > - if (debug !=3D 0) > -@@ -911,7 +909,7 @@ > - if (virusfound =3D=3D 0) { > - if (debug !=3D 0) > - logit(log_file, "DEBUG No virus detected.\n"); > -- puts(""); > -+ puts("ERR message=3D\"no virus detected\""); > - fflush(stdout); > - } > - } --===============2953214928387353983==--