guix-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360.


From: Alex Vong
Subject: [bug#30378] [PATCH] gnu: mpv: Fix CVE-2018-6360.
Date: Thu, 08 Feb 2018 13:53:52 +0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

Leo Famulari <address@hidden> writes:

> On Wed, Feb 07, 2018 at 02:53:12PM +0800, Alex Vong wrote:
>> Tags: security
>> 
>> Hello,
>> 
>> This patch fixes CVE-2018-6360, which is about mpv maybe get tricked
>> into playing unsafe url returned by youtube-dl.
>
>> From 2a6538067bdad659672f1d19811bad8a5b8d9d56 Mon Sep 17 00:00:00 2001
>> From: Alex Vong <address@hidden>
>> Date: Wed, 7 Feb 2018 14:39:40 +0800
>> Subject: [PATCH] gnu: mpv: Fix CVE-2018-6360.
>> 
>> * gnu/packages/patches/mpv-CVE-2018-6360-1.patch,
>> gnu/packages/patches/mpv-CVE-2018-6360-2.patch,
>> gnu/packages/patches/mpv-CVE-2018-6360-3.patch: New files.
>> * gnu/local.mk (dist_patch_DATA): Add them.
>> * gnu/packages/video.scm (mpv)[source]: Use them.
>
> Thank you very much for putting this patch together!
>
:-)

> I noticed that the person who fixed the bug upstream said that 4 commits
> were needed [0], but this patch (and Debian's and Nix's) are missing the
> first in that person's list, 828bd2963cd10.
>
> I'm going to ask upstream to clarify but, in the meantime, do you know
> why this patch is not included?
>
I have no idea about this. I think we should wait for the author to tell
us what they think. Here is a new patch with the 4 commits:

>From 6891f7c24fdd90953454c8fdf68baade394eb9ba Mon Sep 17 00:00:00 2001
From: Alex Vong <address@hidden>
Date: Wed, 7 Feb 2018 14:39:40 +0800
Subject: [PATCH] gnu: mpv: Fix CVE-2018-6360.

* gnu/packages/patches/mpv-CVE-2018-6360-1.patch,
gnu/packages/patches/mpv-CVE-2018-6360-2.patch,
gnu/packages/patches/mpv-CVE-2018-6360-3.patch,
gnu/packages/patches/mpv-CVE-2018-6360-4.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/video.scm (mpv)[source]: Use them.
---
 gnu/local.mk                                   |   6 +-
 gnu/packages/patches/mpv-CVE-2018-6360-1.patch | 133 ++++++++++++++++++++++++
 gnu/packages/patches/mpv-CVE-2018-6360-2.patch | 138 +++++++++++++++++++++++++
 gnu/packages/patches/mpv-CVE-2018-6360-3.patch |  59 +++++++++++
 gnu/packages/patches/mpv-CVE-2018-6360-4.patch |  84 +++++++++++++++
 gnu/packages/video.scm                         |   6 +-
 6 files changed, 424 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/mpv-CVE-2018-6360-1.patch
 create mode 100644 gnu/packages/patches/mpv-CVE-2018-6360-2.patch
 create mode 100644 gnu/packages/patches/mpv-CVE-2018-6360-3.patch
 create mode 100644 gnu/packages/patches/mpv-CVE-2018-6360-4.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 3f0023a2f..b0b4ca482 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -9,7 +9,7 @@
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira 
<https://libreplanet.org/wiki/User:Adfeno> <address@hidden>
 # Copyright © 2016, 2017 Ricardo Wurmus <address@hidden>
 # Copyright © 2016 Ben Woodcroft <address@hidden>
-# Copyright © 2016, 2017 Alex Vong <address@hidden>
+# Copyright © 2016, 2017, 2018 Alex Vong <address@hidden>
 # Copyright © 2016, 2017 Efraim Flashner <address@hidden>
 # Copyright © 2016, 2017 Jan Nieuwenhuizen <address@hidden>
 # Copyright © 2017 Tobias Geerinckx-Rice <address@hidden>
@@ -910,6 +910,10 @@ dist_patch_DATA =                                          
\
   %D%/packages/patches/mhash-keygen-test-segfault.patch                \
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch                \
   %D%/packages/patches/mpc123-initialize-ao.patch              \
+  %D%/packages/patches/mpv-CVE-2018-6360-1.patch               \
+  %D%/packages/patches/mpv-CVE-2018-6360-2.patch               \
+  %D%/packages/patches/mpv-CVE-2018-6360-3.patch               \
+  %D%/packages/patches/mpv-CVE-2018-6360-4.patch               \
   %D%/packages/patches/module-init-tools-moduledir.patch       \
   %D%/packages/patches/mongodb-support-unknown-linux-distributions.patch       
\
   %D%/packages/patches/mozjs17-aarch64-support.patch           \
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-1.patch 
b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
new file mode 100644
index 000000000..4d48da667
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
@@ -0,0 +1,133 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/828bd2963cd10a851e0a977809687aed4d377dc3
+
+From 828bd2963cd10a851e0a977809687aed4d377dc3 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <address@hidden>
+Date: Tue, 2 Jan 2018 20:46:58 +0000
+Subject: [PATCH] command: add demuxer-lavf-list property
+
+Was only available with --demuxer-lavf-format=help and the demuxer
+needed to be used for it to actually print the list.
+
+This can be used in the future to check if 'dash' support was compiled
+with FFmpeg so ytdl_hook can use it instead. For now, dashdec is too
+rudimentary to be used right away.
+---
+ DOCS/man/input.rst |  4 ++++
+ common/av_common.c | 17 +++++++++++++++++
+ common/av_common.h |  1 +
+ player/command.c   | 15 +++++++++++++++
+ 4 files changed, 37 insertions(+)
+
+diff --git a/DOCS/man/input.rst b/DOCS/man/input.rst
+index 16d8ecb45d..0ae4a0c0c8 100644
+--- a/DOCS/man/input.rst
++++ b/DOCS/man/input.rst
+@@ -2119,6 +2119,10 @@ Property list
+     The encoder names (``driver`` entries) can be passed to ``--ovc`` and
+     ``--oac`` (without the ``lavc:`` prefix required by ``--vd`` and 
``--ad``).
+ 
++``demuxer-lavf-list``
++    List of available libavformat demuxers' names. This can be used to check
++    for support for a specific format or use with ``--demuxer-lavf-format``.
++
+ ``mpv-version``
+     Return the mpv version/copyright string. Depending on how the binary was
+     built, it might contain either a release version, or just a git hash.
+diff --git a/common/av_common.c b/common/av_common.c
+index 65a212b994..0599d98465 100644
+--- a/common/av_common.c
++++ b/common/av_common.c
+@@ -26,6 +26,7 @@
+ #include <libavutil/error.h>
+ #include <libavutil/cpu.h>
+ #include <libavcodec/avcodec.h>
++#include <libavformat/avformat.h>
+ 
+ #include "config.h"
+ 
+@@ -33,6 +34,7 @@
+ #include "common/msg.h"
+ #include "demux/packet.h"
+ #include "demux/stheader.h"
++#include "misc/bstr.h"
+ #include "video/fmt-conversion.h"
+ #include "av_common.h"
+ #include "codecs.h"
+@@ -246,6 +248,21 @@ void mp_add_lavc_encoders(struct mp_decoder_list *list)
+     }
+ }
+ 
++char **mp_get_lavf_demuxers(void)
++{
++    char **list = NULL;
++    AVInputFormat *cur = NULL;
++    int num = 0;
++    for (;;) {
++        cur = av_iformat_next(cur);
++        if (!cur)
++            break;
++        MP_TARRAY_APPEND(NULL, list, num, talloc_strdup(NULL, cur->name));
++    }
++    MP_TARRAY_APPEND(NULL, list, num, NULL);
++    return list;
++}
++
+ int mp_codec_to_av_codec_id(const char *codec)
+ {
+     int id = AV_CODEC_ID_NONE;
+diff --git a/common/av_common.h b/common/av_common.h
+index 6d0c823b8d..0e7c838884 100644
+--- a/common/av_common.h
++++ b/common/av_common.h
+@@ -41,6 +41,7 @@ double mp_pts_from_av(int64_t av_pts, AVRational *tb);
+ void mp_set_avcodec_threads(struct mp_log *l, AVCodecContext *avctx, int 
threads);
+ void mp_add_lavc_decoders(struct mp_decoder_list *list, enum AVMediaType 
type);
+ void mp_add_lavc_encoders(struct mp_decoder_list *list);
++char **mp_get_lavf_demuxers(void);
+ int mp_codec_to_av_codec_id(const char *codec);
+ const char *mp_codec_from_av_codec_id(int codec_id);
+ void mp_set_avdict(struct AVDictionary **dict, char **kv);
+diff --git a/player/command.c b/player/command.c
+index 6f2c15b047..412afc5e11 100644
+--- a/player/command.c
++++ b/player/command.c
+@@ -3588,6 +3588,20 @@ static int mp_property_encoders(void *ctx, struct 
m_property *prop,
+     return r;
+ }
+ 
++static int mp_property_lavf_demuxers(void *ctx, struct m_property *prop,
++                                 int action, void *arg)
++{
++    switch (action) {
++    case M_PROPERTY_GET:
++        *(char ***)arg = mp_get_lavf_demuxers();
++        return M_PROPERTY_OK;
++    case M_PROPERTY_GET_TYPE:
++        *(struct m_option *)arg = (struct m_option){.type = 
CONF_TYPE_STRING_LIST};
++        return M_PROPERTY_OK;
++    }
++    return M_PROPERTY_NOT_IMPLEMENTED;
++}
++
+ static int mp_property_version(void *ctx, struct m_property *prop,
+                                int action, void *arg)
+ {
+@@ -4027,6 +4041,7 @@ static const struct m_property mp_properties_base[] = {
+     {"protocol-list", mp_property_protocols},
+     {"decoder-list", mp_property_decoders},
+     {"encoder-list", mp_property_encoders},
++    {"demuxer-lavf-list", mp_property_lavf_demuxers},
+ 
+     {"mpv-version", mp_property_version},
+     {"mpv-configuration", mp_property_configuration},
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-2.patch 
b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
new file mode 100644
index 000000000..55fc7daaf
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
@@ -0,0 +1,138 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
+
+To apply the patch to mpv 0.28.0 release tarball, hunk #4 is removed. Hunk #4
+checks if 'mpd_url' is safe, but the support for 'mpd_url' is not available
+for the 0.28.0 release. So it should be safe to remove hunk #4.
+
+From e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <address@hidden>
+Date: Fri, 26 Jan 2018 01:19:04 +0000
+Subject: [PATCH] ytdl_hook: whitelist protocols from urls retrieved from
+ youtube-dl
+
+Not very clean since there's a lot of potential unsafe urls that youtube-dl
+can give us, depending on whether it's a single url, split tracks,
+playlists, segmented dash, etc.
+---
+ player/lua/ytdl_hook.lua | 54 +++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 47 insertions(+), 7 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index dd96ecc01d..b480c21625 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -16,6 +16,18 @@ local ytdl = {
+ 
+ local chapter_list = {}
+ 
++function Set (t)
++    local set = {}
++    for _, v in pairs(t) do set[v] = true end
++    return set
++end
++
++local safe_protos = Set {
++    "http", "https", "ftp", "ftps",
++    "rtmp", "rtmps", "rtmpe", "rtmpt", "rtmpts", "rtmpte",
++    "data"
++}
++
+ local function exec(args)
+     local ret = utils.subprocess({args = args})
+     return ret.status, ret.stdout, ret
+@@ -183,6 +195,9 @@ local function edl_track_joined(fragments, protocol, 
is_live, base)
+ 
+     for i = offset, #fragments do
+         local fragment = fragments[i]
++        if not url_is_safe(join_url(base, fragment)) then
++            return nil
++        end
+         table.insert(parts, edl_escape(join_url(base, fragment)))
+         if fragment.duration then
+             parts[#parts] =
+@@ -208,6 +223,15 @@ local function proto_is_dash(json)
+            or json["protocol"] == "http_dash_segments"
+ end
+ 
++local function url_is_safe(url)
++    local proto = type(url) == "string" and url:match("^(.+)://") or nil
++    local safe = proto and safe_protos[proto]
++    if not safe then
++        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++    end
++    return safe
++end
++
+ local function add_single_video(json)
+     local streamurl = ""
+     local max_bitrate = 0
+@@ -238,14 +264,18 @@ local function add_single_video(json)
+             edl_track = edl_track_joined(track.fragments,
+                 track.protocol, json.is_live,
+                 track.fragment_base_url)
++            local url = edl_track or track.url
++            if not url_is_safe(url) then
++                return
++            end
+             if track.acodec and track.acodec ~= "none" then
+                 -- audio track
+                 mp.commandv("audio-add",
+-                    edl_track or track.url, "auto",
++                    url, "auto",
+                     track.format_note or "")
+             elseif track.vcodec and track.vcodec ~= "none" then
+                 -- video track
+-                streamurl = edl_track or track.url
++                streamurl = url
+             end
+         end
+ 
+@@ -264,7 +294,13 @@ local function add_single_video(json)
+ 
+     msg.debug("streamurl: " .. streamurl)
+ 
+-    mp.set_property("stream-open-filename", streamurl:gsub("^data:", 
"data://", 1))
++    streamurl = streamurl:gsub("^data:", "data://", 1)
++
++    if not url_is_safe(streamurl) then
++        return
++    end
++
++    mp.set_property("stream-open-filename", streamurl)
+ 
+     mp.set_property("file-local-options/force-media-title", json.title)
+ 
+@@ -526,14 +562,18 @@ mp.add_hook(o.try_ytdl_first and "on_load" or 
"on_load_fail", 10, function ()
+                         site = entry["webpage_url"]
+                     end
+ 
+-                    if not (site:find("https?://") == 1) then
+-                        site = "ytdl://" .. site
++                    -- links with only youtube id as returned by 
--flat-playlist
++                    if not site:find("://") then
++                        table.insert(playlist, "ytdl://" .. site)
++                    elseif url_is_safe(site) then
++                        table.insert(playlist, site)
+                     end
+-                    table.insert(playlist, site)
+ 
+                 end
+ 
+-                mp.set_property("stream-open-filename", "memory://" .. 
table.concat(playlist, "\n"))
++                if #playlist > 0 then
++                    mp.set_property("stream-open-filename", "memory://" .. 
table.concat(playlist, "\n"))
++                end
+             end
+ 
+         else -- probably a video
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-3.patch 
b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
new file mode 100644
index 000000000..b37e33a64
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
@@ -0,0 +1,59 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/f8263e82cc74a9ac6530508bec39c7b0dc02568f
+
+From f8263e82cc74a9ac6530508bec39c7b0dc02568f Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <address@hidden>
+Date: Fri, 26 Jan 2018 11:26:27 +0000
+Subject: [PATCH] ytdl_hook: move url_is_safe earlier in code
+
+lua isn't javascript.
+---
+ player/lua/ytdl_hook.lua | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index b480c21625..458c94af38 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -84,6 +84,15 @@ local function edl_escape(url)
+     return "%" .. string.len(url) .. "%" .. url
+ end
+ 
++local function url_is_safe(url)
++    local proto = type(url) == "string" and url:match("^(.+)://") or nil
++    local safe = proto and safe_protos[proto]
++    if not safe then
++        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++    end
++    return safe
++end
++
+ local function time_to_secs(time_string)
+     local ret
+ 
+@@ -223,15 +232,6 @@ local function proto_is_dash(json)
+            or json["protocol"] == "http_dash_segments"
+ end
+ 
+-local function url_is_safe(url)
+-    local proto = type(url) == "string" and url:match("^(.+)://") or nil
+-    local safe = proto and safe_protos[proto]
+-    if not safe then
+-        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
+-    end
+-    return safe
+-end
+-
+ local function add_single_video(json)
+     local streamurl = ""
+     local max_bitrate = 0
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-4.patch 
b/gnu/packages/patches/mpv-CVE-2018-6360-4.patch
new file mode 100644
index 000000000..dc3e272d3
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-4.patch
@@ -0,0 +1,84 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/ce42a965330dfeb7d2f6c69ea42d35454105c828
+
+From ce42a965330dfeb7d2f6c69ea42d35454105c828 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <address@hidden>
+Date: Fri, 26 Jan 2018 18:54:17 +0000
+Subject: [PATCH] ytdl_hook: fix safe url checking with EDL urls
+
+---
+ player/lua/ytdl_hook.lua | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index 458c94af38..6c8e78657d 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -264,18 +264,17 @@ local function add_single_video(json)
+             edl_track = edl_track_joined(track.fragments,
+                 track.protocol, json.is_live,
+                 track.fragment_base_url)
+-            local url = edl_track or track.url
+-            if not url_is_safe(url) then
++            if not edl_track and not url_is_safe(track.url) then
+                 return
+             end
+             if track.acodec and track.acodec ~= "none" then
+                 -- audio track
+                 mp.commandv("audio-add",
+-                    url, "auto",
++                    edl_track or track.url, "auto",
+                     track.format_note or "")
+             elseif track.vcodec and track.vcodec ~= "none" then
+                 -- video track
+-                streamurl = url
++                streamurl = edl_track or track.url
+             end
+         end
+ 
+@@ -284,6 +283,9 @@ local function add_single_video(json)
+         edl_track = edl_track_joined(json.fragments, json.protocol,
+             json.is_live, json.fragment_base_url)
+ 
++        if not edl_track and not url_is_safe(json.url) then
++            return
++        end
+         -- normal video or single track
+         streamurl = edl_track or json.url
+         set_http_headers(json.http_headers)
+@@ -294,13 +296,7 @@ local function add_single_video(json)
+ 
+     msg.debug("streamurl: " .. streamurl)
+ 
+-    streamurl = streamurl:gsub("^data:", "data://", 1)
+-
+-    if not url_is_safe(streamurl) then
+-        return
+-    end
+-
+-    mp.set_property("stream-open-filename", streamurl)
++    mp.set_property("stream-open-filename", streamurl:gsub("^data:", 
"data://", 1))
+ 
+     mp.set_property("file-local-options/force-media-title", json.title)
+ 
+@@ -499,6 +495,10 @@ mp.add_hook(o.try_ytdl_first and "on_load" or 
"on_load_fail", 10, function ()
+ 
+                 msg.debug("EDL: " .. playlist)
+ 
++                if not playlist then
++                    return
++                end
++
+                 -- can't change the http headers for each entry, so use the 
1st
+                 if json.entries[1] then
+                     set_http_headers(json.entries[1].http_headers)
+-- 
+2.16.1
+
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 8cbe590bf..8c0743745 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <address@hidden>
 ;;; Copyright © 2015 Andy Patterson <address@hidden>
 ;;; Copyright © 2015 Ricardo Wurmus <address@hidden>
-;;; Copyright © 2015, 2016, 2017 Alex Vong <address@hidden>
+;;; Copyright © 2015, 2016, 2017, 2018 Alex Vong <address@hidden>
 ;;; Copyright © 2016, 2017 Alex Griffin <address@hidden>
 ;;; Copyright © 2016 Kei Kebreau <address@hidden>
 ;;; Copyright © 2016 Dmitry Nikolaev <address@hidden>
@@ -1018,6 +1018,10 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
               (sha256
                (base32
                 "1d2p6k3y9lqx8bpdal4grrj8ljy7pvd8qgdq8004fmr38afmbb7f"))
+              (patches (search-patches "mpv-CVE-2018-6360-1.patch"
+                                       "mpv-CVE-2018-6360-2.patch"
+                                       "mpv-CVE-2018-6360-3.patch"
+                                       "mpv-CVE-2018-6360-4.patch"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system waf-build-system)
     (native-inputs
-- 
2.16.1

> [0]
> https://github.com/mpv-player/mpv/issues/5456#issuecomment-362442132

reply via email to

[Prev in Thread] Current Thread [Next in Thread]