130398 2014-03-18 09:11:03 -0700 [WK2][GTK] Expose the enable-web-security property in WebKit2GTK API 2015-09-14 02:25:46 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) Unspecified Linux RESOLVED WONTFIX Gtk P2 Normal --- 1 mario webkit-unassigned berto bunhere cdumez cgarcia commit-queue gustavo gyuyoung.kim mrobinson nicolas philip.chimento sergio oldest_to_newest 991683 0 mario 2014-03-18 09:11:03 -0700 It would be very convenient to be able to disable the same-origin policy in WebKit2GTK+ based browsers for the purpose of testing certain websites and/or running specific test suites (such as the one for CSS2.1 [1), meaning that we would need to expose WebCore::Settings's webSecurityEnabled property for apps to be able to disable it (although it should be activated by default). See more details in the mail sent to webkit-gtk mailing list: https://lists.webkit.org/pipermail/webkit-gtk/2014-March/001818.html [1] http://test.csswg.org/suites/css2.1/ 991687 1 227057 mario 2014-03-18 09:22:06 -0700 Created attachment 227057 Patch proposal Here comes a patch. I added documentation and unit testing to it, so I guess nothing is missing, but you know... there's always something :) Please review, thanks! 991688 2 commit-queue 2014-03-18 09:23:01 -0700 Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API 993008 3 mario 2014-03-21 03:57:47 -0700 Carlos, Gustavo, Martin & others... any comment on this? There was some positive feedback in the ML about it, btw: https://lists.webkit.org/pipermail/webkit-gtk/2014-March/001819.html 1003617 4 mario 2014-04-24 06:36:36 -0700 Ping? 1020221 5 227057 g.czajkowski 2014-07-03 04:02:39 -0700 Comment on attachment 227057 Patch proposal This option can be very useful for testing. FYI, we exposed it for EFL's MiniBrowser as well (bug 121095). 1020232 6 mario 2014-07-03 05:24:46 -0700 (In reply to comment #5) > (From update of attachment 227057 [details]) > This option can be very useful for testing. FYI, we exposed it for EFL's MiniBrowser as well (bug 121095). I just pinged Carlos today on IRC about this. Let's see if we can get it soon 1020235 7 cgarcia 2014-07-03 05:41:09 -0700 If it's useful for testing, why do we want it in the public API? 1020240 8 mario 2014-07-03 06:01:09 -0700 (In reply to comment #7) > If it's useful for testing, why do we want it in the public API? As per IRC log: <KaL> msanchez: if it's useful for testing why do we want it in the public API? <msanchez> well, it might be useful for other use cases too <msanchez> anyway, having it exposed in the web API will also allow people to use minibrowser (or any other webkit2gtk based browser allowing to set that setting) to test web apps and test harnesses <msanchez> I understand for epiphany it's probably not useful, but it could be useful for other browsers that might want (for whatever the reason) to allow users to disable those checks <msanchez> what alternative do you propose? 1020272 9 mario 2014-07-03 09:42:44 -0700 More from IRC: <KaL> msanchez: I don't have any proposal because I don't even know what those checks are <msanchez> KaL: I was talking about the "same-origin" policy <KaL> ah, cross-origin problems <msanchez> where the browser won't allow executing scripts coming from a different origin/domain/whatever than the one the document belongs to <msanchez> or something like that (not an expert either) <msanchez> yes <KaL> yes, I see <msanchez> it seems to be a major problem for some test suites <msanchez> and I can imagine there might be very especific use cases where people might want to disable those too <KaL> sounds like everybody will turn that off the first time they face a cross-origin issue <msanchez> well, IMHO depending on the audience of a given browser, that browser might want to expose that setting or not <KaL> but anyway, if kov and mrobinson are fine, I'm not opposed Martin, Gustavo... what's your take? 1021090 10 mario 2014-07-08 08:43:41 -0700 (In reply to comment #9) > More from IRC: > > <KaL> msanchez: I don't have any proposal because I don't even know what those checks are > <msanchez> KaL: I was talking about the "same-origin" policy > <KaL> ah, cross-origin problems > <msanchez> where the browser won't allow executing scripts coming from a different origin/domain/whatever than the one the document belongs to > <msanchez> or something like that (not an expert either) > <msanchez> yes > <KaL> yes, I see > <msanchez> it seems to be a major problem for some test suites > <msanchez> and I can imagine there might be very especific use cases where people might want to disable those too > <KaL> sounds like everybody will turn that off the first time they face a cross-origin issue > <msanchez> well, IMHO depending on the audience of a given browser, that browser might want to expose that setting or not > <KaL> but anyway, if kov and mrobinson are fine, I'm not opposed > > > Martin, Gustavo... what's your take? Ping again? 1021093 11 mrobinson 2014-07-08 08:52:20 -0700 I'm not a huge fan of this API, but I'm not going to oppose it. It's pretty easy to boot up a Python web server for testing locally. 1021321 12 227057 mario 2014-07-09 02:51:22 -0700 Comment on attachment 227057 Patch proposal I'm removing the r? flag based on the feedback got so far, I can always apply this locally when needed. Anyone more interested on this please feel free to push it yourself. 1021369 13 mrobinson 2014-07-09 08:31:47 -0700 (In reply to comment #12) > (From update of attachment 227057 [details]) > I'm removing the r? flag based on the feedback got so far, I can always apply this locally when needed. Anyone more interested on this please feel free to push it yourself. Sorry, I didn't want to cause you to give up on the patch. If other browsers still ship this flag and we're pretty sure the option won't be removed, we should probably do it too. 1021592 14 mario 2014-07-10 03:39:55 -0700 (In reply to comment #13) > (In reply to comment #12) > > (From update of attachment 227057 [details] [details]) > > I'm removing the r? flag based on the feedback got so far, I can always apply this locally when needed. Anyone more interested on this please feel free to push it yourself. > > Sorry, I didn't want to cause you to give up on the patch. If other browsers still ship this flag and we're pretty sure the option won't be removed, we should probably do it too. No problem. Thing is that I don't have a strong enough reason myself to push it other than what I found while trying to run those test suites, which was a problem shared by another person too in the mailing list Because of that, I thought it might be interesting to have this API there, but given the few interest that this patch seemed to cause, I came to the conclusion that perhaps is not that relevant anyway so there was no good reason for me to push it anymore. Besides, the patch is not rocket science either, so it could be applied at any further point anyway, if needed :) 1024511 15 mario 2014-07-24 07:11:33 -0700 Resolving as WONTFIX. If anyone detects this functionality is needed in the future, creating the patch again or simply reusing this one here would be fairly straightforward 1034953 16 nicolas 2014-09-12 14:14:53 -0700 Let's say we'd like to write an local application written in HTML that runs within WebKit, what would be the solution if not this API to let the local application load resources from the web ? 1125158 17 mario 2015-09-11 02:50:00 -0700 (In reply to comment #16) > Let's say we'd like to write an local application written in HTML that runs > within WebKit, what would be the solution if not this API to let the local > application load resources from the web ? After more than one year with this thing buried i nthe bugzilla, I recently stumbled into a situation quite similar to the one described by Nicolas, where the only way I could move forward was by disabling web-security. To be clear, this happens in a context where I'm sure disabling this option does not pose any problem (i.e. not a full fledged browser), and where we control all the local content being loaded by the webview, meaning that there's no way anyone could inject a XSS attack or anything, pretty much like the case for testing the CSS test suite mentioned initially along with this bug report. So, I'd like to get this discussion back to life again, see if we can agree on adding this property to the public API, so that embedders of WebKitGTK can use it if needed, without needing downstream patches. 1125160 18 mario 2015-09-11 03:03:35 -0700 Hmm... I think I was too fast. I just found bug 144748 and realized that, perhaps, the new API recently added to fix that is all we might need after all. I'll give this a try when I have some time and will resolve this back to WONTFIX if that's the case, but feel free to post your comments anyway, if any. 1125174 19 nicolas 2015-09-11 06:37:18 -0700 I think to the having a way to force allowing file:// would work for my case too (have a local web app acessing the web without having to implement custom URI). 1125578 20 mario 2015-09-14 02:25:46 -0700 (In reply to comment #18) > Hmm... I think I was too fast. I just found bug 144748 and realized that, > perhaps, the new API recently added to fix that is all we might need after > all. > > I'll give this a try when I have some time and will resolve this back to > WONTFIX if that's the case, but feel free to post your comments anyway, if > any. This worked good enough for me too so I'm re-resolving this as WONTFIX. Sorry for the noise. (In reply to comment #19) > I think to the having a way to force allowing file:// would work for my case > too (have a local web app acessing the web without having to implement > custom URI). It sounds like you're trying to do something similar to what we are doing, so I'm confident it will work for you too. 227057 2014-03-18 09:22:06 -0700 2014-07-09 02:51:22 -0700 Patch proposal 0001-2014-03-18-Mario-Sanchez-Prada-mario.prada-samsung.c.patch text/plain 9963 mario RnJvbSA5MDU1MTQ4NzNkNmRhNjllMjI0ODdmODAyNzM4OTA5NjYxNjcyZDA2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNYXJpbyBTYW5jaGV6IFByYWRhIDxtYXJpby5wcmFkYUBzYW1z dW5nLmNvbT4KRGF0ZTogVHVlLCAxOCBNYXIgMjAxNCAxNjoxMzo0MiArMDAwMApTdWJqZWN0OiBb UEFUQ0hdIDIwMTQtMDMtMTggIE1hcmlvIFNhbmNoZXogUHJhZGEgIDxtYXJpby5wcmFkYUBzYW1z dW5nLmNvbT4KCiAgICAgICAgW1dLMl1bR1RLXSBFeHBvc2UgdGhlIGVuYWJsZS13ZWItc2VjdXJp dHkgcHJvcGVydHkgaW4gV2ViS2l0MkdUSyBBUEkKICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTMwMzk4CgogICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgoKICAgICAgICBFeHBvc2UgV2ViQ29yZTo6U2V0dGluZ3MncyB3ZWJTZWN1cml0eUVu YWJsZWQgcHJvcGVydHkgaW4KICAgICAgICBXZWJLaXQyR1RLIEFQSSBhbmQgdXBkYXRlIGRvY3Vt ZW50YXRpb24gZmlsZXMuCgogICAgICAgICogVUlQcm9jZXNzL0FQSS9ndGsvV2ViS2l0U2V0dGlu Z3MuY3BwOgogICAgICAgICh3ZWJLaXRTZXR0aW5nc1NldFByb3BlcnR5KTogSGFuZGxlIHRoZSBu ZXcgcHJvcGVydHkuCiAgICAgICAgKHdlYktpdFNldHRpbmdzR2V0UHJvcGVydHkpOiBEaXR0by4K ICAgICAgICAod2Via2l0X3NldHRpbmdzX2NsYXNzX2luaXQpOiBJbnN0YWxsIHRoZSBuZXcgcHJv cGVydHkuCiAgICAgICAgKHdlYmtpdF9zZXR0aW5nc19zZXRfZW5hYmxlX3dlYl9zZWN1cml0eSk6 IE5ldyBzZXR0ZXIuCiAgICAgICAgKHdlYmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3dlYl9zZWN1 cml0eSk6IE5ldyBnZXR0ZXIuCiAgICAgICAgKiBVSVByb2Nlc3MvQVBJL2d0ay9XZWJLaXRTZXR0 aW5ncy5oOiBBZGQgbmV3IGdldHRlciBhbmQgc2V0dGVyLgogICAgICAgICogVUlQcm9jZXNzL0FQ SS9ndGsvZG9jcy93ZWJraXQyZ3RrLXNlY3Rpb25zLnR4dDogQWRkIG5ldyBmdW5jdGlvbnMuCgoy MDE0LTAzLTE4ICBNYXJpbyBTYW5jaGV6IFByYWRhICA8bWFyaW8ucHJhZGFAc2Ftc3VuZy5jb20+ CgogICAgICAgIFtXSzJdW0dUS10gRXhwb3NlIHRoZSBlbmFibGUtd2ViLXNlY3VyaXR5IHByb3Bl cnR5IGluIFdlYktpdDJHVEsgQVBJCiAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTEzMDM5OAoKICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K CiAgICAgICAgVXBkYXRlIHVuaXQgdGVzdCBmb3IgV2ViS2l0U2V0dGluZ3MgdG8gaW5jbHVkZSB0 aGUgbmV3IHByb3BlcnR5CiAgICAgICAgYmVpbmcgYWRkZWQsIGVuYWJsZS13ZWItc2VjdXJpdHkg KEZBTFNFIGJ5IGRlZmF1bHQpLgoKICAgICAgICAqIFRlc3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0 Mkd0ay9UZXN0V2ViS2l0U2V0dGluZ3MuY3BwOgogICAgICAgICh0ZXN0V2ViS2l0U2V0dGluZ3Mp OiBVcGRhdGVkLgotLS0KIFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyAgICAgICAgICAgICAgICAg ICAgICAgICAgIHwgICAxOSArKysrKysKIC4uLi9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvZ3RrL1dl YktpdFNldHRpbmdzLmNwcCAgIHwgICA2OCArKysrKysrKysrKysrKysrKysrLQogU291cmNlL1dl YktpdDIvVUlQcm9jZXNzL0FQSS9ndGsvV2ViS2l0U2V0dGluZ3MuaCAgfCAgICA2ICsrCiAuLi4v VUlQcm9jZXNzL0FQSS9ndGsvZG9jcy93ZWJraXQyZ3RrLXNlY3Rpb25zLnR4dCB8ICAgIDIgKwog VG9vbHMvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgIDEz ICsrKysKIC4uLi9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RXZWJLaXRTZXR0aW5ncy5jcHAgICAgICAg IHwgICAgNSArKwogNiBmaWxlcyBjaGFuZ2VkLCAxMTIgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlv bigtKQoKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJL aXQyL0NoYW5nZUxvZwppbmRleCA3MzNhZDUwLi5kM2RlYmQxIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMjIgQEAKKzIwMTQtMDMtMTggIE1hcmlvIFNhbmNoZXogUHJhZGEgIDxtYXJpby5wcmFkYUBz YW1zdW5nLmNvbT4KKworICAgICAgICBbV0syXVtHVEtdIEV4cG9zZSB0aGUgZW5hYmxlLXdlYi1z ZWN1cml0eSBwcm9wZXJ0eSBpbiBXZWJLaXQyR1RLIEFQSQorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTMwMzk4CisKKyAgICAgICAgUmV2aWV3ZWQgYnkg Tk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgRXhwb3NlIFdlYkNvcmU6OlNldHRpbmdzJ3Mgd2Vi U2VjdXJpdHlFbmFibGVkIHByb3BlcnR5IGluCisgICAgICAgIFdlYktpdDJHVEsgQVBJIGFuZCB1 cGRhdGUgZG9jdW1lbnRhdGlvbiBmaWxlcy4KKworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvZ3Rr L1dlYktpdFNldHRpbmdzLmNwcDoKKyAgICAgICAgKHdlYktpdFNldHRpbmdzU2V0UHJvcGVydHkp OiBIYW5kbGUgdGhlIG5ldyBwcm9wZXJ0eS4KKyAgICAgICAgKHdlYktpdFNldHRpbmdzR2V0UHJv cGVydHkpOiBEaXR0by4KKyAgICAgICAgKHdlYmtpdF9zZXR0aW5nc19jbGFzc19pbml0KTogSW5z dGFsbCB0aGUgbmV3IHByb3BlcnR5LgorICAgICAgICAod2Via2l0X3NldHRpbmdzX3NldF9lbmFi bGVfd2ViX3NlY3VyaXR5KTogTmV3IHNldHRlci4KKyAgICAgICAgKHdlYmtpdF9zZXR0aW5nc19n ZXRfZW5hYmxlX3dlYl9zZWN1cml0eSk6IE5ldyBnZXR0ZXIuCisgICAgICAgICogVUlQcm9jZXNz L0FQSS9ndGsvV2ViS2l0U2V0dGluZ3MuaDogQWRkIG5ldyBnZXR0ZXIgYW5kIHNldHRlci4KKyAg ICAgICAgKiBVSVByb2Nlc3MvQVBJL2d0ay9kb2NzL3dlYmtpdDJndGstc2VjdGlvbnMudHh0OiBB ZGQgbmV3IGZ1bmN0aW9ucy4KKwogMjAxNC0wMy0xOCAgQ3NhYmEgT3N6dHJvZ29uw6FjICA8b3Nz eUB3ZWJraXQub3JnPgogCiAgICAgICAgIFtHVEtdIFVSVEZCIGFmdGVyIHIxNjU3ODkuIFN0dWIg ZnVuY3Rpb24gYWRkZWQuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJ L2d0ay9XZWJLaXRTZXR0aW5ncy5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL2d0 ay9XZWJLaXRTZXR0aW5ncy5jcHAKaW5kZXggZmFlY2FmNi4uYTNjZmM5ZSAxMDA2NDQKLS0tIGEv U291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9ndGsvV2ViS2l0U2V0dGluZ3MuY3BwCisrKyBi L1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvZ3RrL1dlYktpdFNldHRpbmdzLmNwcApAQCAt MTM4LDcgKzEzOCw4IEBAIGVudW0gewogICAgIFBST1BfRU5BQkxFX1dSSVRFX0NPTlNPTEVfTUVT U0FHRVNfVE9fU1RET1VULAogICAgIFBST1BfRU5BQkxFX01FRElBX1NUUkVBTSwKICAgICBQUk9Q X0VOQUJMRV9TUEFUSUFMX05BVklHQVRJT04sCi0gICAgUFJPUF9FTkFCTEVfTUVESUFTT1VSQ0UK KyAgICBQUk9QX0VOQUJMRV9NRURJQVNPVVJDRSwKKyAgICBQUk9QX0VOQUJMRV9XRUJfU0VDVVJJ VFkKIH07CiAKIHN0YXRpYyB2b2lkIHdlYktpdFNldHRpbmdzQ29uc3RydWN0ZWQoR09iamVjdCog b2JqZWN0KQpAQCAtMzEyLDYgKzMxMyw5IEBAIHN0YXRpYyB2b2lkIHdlYktpdFNldHRpbmdzU2V0 UHJvcGVydHkoR09iamVjdCogb2JqZWN0LCBndWludCBwcm9wSWQsIGNvbnN0IEdWYWx1CiAgICAg Y2FzZSBQUk9QX0VOQUJMRV9NRURJQVNPVVJDRToKICAgICAgICAgd2Via2l0X3NldHRpbmdzX3Nl dF9lbmFibGVfbWVkaWFzb3VyY2Uoc2V0dGluZ3MsIGdfdmFsdWVfZ2V0X2Jvb2xlYW4odmFsdWUp KTsKICAgICAgICAgYnJlYWs7CisgICAgY2FzZSBQUk9QX0VOQUJMRV9XRUJfU0VDVVJJVFk6Cisg ICAgICAgIHdlYmtpdF9zZXR0aW5nc19zZXRfZW5hYmxlX3dlYl9zZWN1cml0eShzZXR0aW5ncywg Z192YWx1ZV9nZXRfYm9vbGVhbih2YWx1ZSkpOworICAgICAgICBicmVhazsKICAgICBkZWZhdWx0 OgogICAgICAgICBHX09CSkVDVF9XQVJOX0lOVkFMSURfUFJPUEVSVFlfSUQob2JqZWN0LCBwcm9w SWQsIHBhcmFtU3BlYyk7CiAgICAgICAgIGJyZWFrOwpAQCAtNDY3LDYgKzQ3MSw5IEBAIHN0YXRp YyB2b2lkIHdlYktpdFNldHRpbmdzR2V0UHJvcGVydHkoR09iamVjdCogb2JqZWN0LCBndWludCBw cm9wSWQsIEdWYWx1ZSogdmFsCiAgICAgY2FzZSBQUk9QX0VOQUJMRV9NRURJQVNPVVJDRToKICAg ICAgICAgZ192YWx1ZV9zZXRfYm9vbGVhbih2YWx1ZSwgd2Via2l0X3NldHRpbmdzX2dldF9lbmFi bGVfbWVkaWFzb3VyY2Uoc2V0dGluZ3MpKTsKICAgICAgICAgYnJlYWs7CisgICAgY2FzZSBQUk9Q X0VOQUJMRV9XRUJfU0VDVVJJVFk6CisgICAgICAgIGdfdmFsdWVfc2V0X2Jvb2xlYW4odmFsdWUs IHdlYmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3dlYl9zZWN1cml0eShzZXR0aW5ncykpOworICAg ICAgICBicmVhazsKIAogICAgIGRlZmF1bHQ6CiAgICAgICAgIEdfT0JKRUNUX1dBUk5fSU5WQUxJ RF9QUk9QRVJUWV9JRChvYmplY3QsIHByb3BJZCwgcGFyYW1TcGVjKTsKQEAgLTEyMTgsNiArMTIy NSwyNSBAQCBzdGF0aWMgdm9pZCB3ZWJraXRfc2V0dGluZ3NfY2xhc3NfaW5pdChXZWJLaXRTZXR0 aW5nc0NsYXNzKiBrbGFzcykKICAgICAgICAgICAgIF8oIldoZXRoZXIgTWVkaWFTb3VyY2Ugc2hv dWxkIGJlIGVuYWJsZWQuIiksCiAgICAgICAgICAgICBGQUxTRSwKICAgICAgICAgICAgIHJlYWRX cml0ZUNvbnN0cnVjdFBhcmFtRmxhZ3MpKTsKKworICAgLyoqCisgICAgICogV2ViS2l0U2V0dGlu Z3M6ZW5hYmxlLXdlYi1zZWN1cml0eToKKyAgICAgKgorICAgICAqIFdoZXRoZXIgdG8gZW5hYmxl IHdlYiBzZWN1cml0eSwgbWVhbmluZyB0aGF0IHRoZSAic2FtZS1vcmlnaW4iCisgICAgICogcG9s aWN5IHdpbGwgYmUgZW5mb3JjZWQuIFRoaXMgZmVhdHVyZSB3aWxsIGJlIGFsd2F5cyBlbmFibGVk IGJ5CisgICAgICogZGVmYXVsdCBidXQgY2FuIGJlIGludGVyZXN0aW5nIHRvIGRpc2FibGUgaXQg Zm9yIHNwZWNpYWwgY2FzZXMsCisgICAgICogc3VjaCBhcyB3aGVuIHRlc3Rpbmcgd2Vic2l0ZXMg b3IgcnVubmluZyB0ZXN0IHN1aXRlcyAoZS5nLiBsaWtlCisgICAgICogdGhlIG9uZSBmb3IgQ1NT Mi4xIGF0IGh0dHA6Ly90ZXN0LmNzc3dnLm9yZy9zdWl0ZXMvY3NzMi4xKQorICAgICAqCisgICAg ICogU2luY2U6IDIuNgorICAgICAqLworICAgIGdfb2JqZWN0X2NsYXNzX2luc3RhbGxfcHJvcGVy dHkoZ09iamVjdENsYXNzLAorICAgICAgICBQUk9QX0VOQUJMRV9XRUJfU0VDVVJJVFksCisgICAg ICAgIGdfcGFyYW1fc3BlY19ib29sZWFuKCJlbmFibGUtd2ViLXNlY3VyaXR5IiwKKyAgICAgICAg ICAgIF8oIkVuYWJsZSBXZWIgU2VjdXJpdHkiKSwKKyAgICAgICAgICAgIF8oIldoZXRoZXIgdG8g ZW5hYmxlIHdlYiBzZWN1cml0eSAoZW5mb3JjZSB0aGUgc2FtZS1vcmlnaW4gcG9saWN5KS4iKSwK KyAgICAgICAgICAgIFRSVUUsCisgICAgICAgICAgICByZWFkV3JpdGVDb25zdHJ1Y3RQYXJhbUZs YWdzKSk7CiB9CiAKIFdlYlByZWZlcmVuY2VzKiB3ZWJraXRTZXR0aW5nc0dldFByZWZlcmVuY2Vz KFdlYktpdFNldHRpbmdzKiBzZXR0aW5ncykKQEAgLTMwMDAsMyArMzAyNiw0MyBAQCB2b2lkIHdl YmtpdF9zZXR0aW5nc19zZXRfZW5hYmxlX21lZGlhc291cmNlKFdlYktpdFNldHRpbmdzKiBzZXR0 aW5ncywgZ2Jvb2xlYW4gZQogICAgIHByaXYtPnByZWZlcmVuY2VzLT5zZXRNZWRpYVNvdXJjZUVu YWJsZWQoZW5hYmxlZCk7CiAgICAgZ19vYmplY3Rfbm90aWZ5KEdfT0JKRUNUKHNldHRpbmdzKSwg ImVuYWJsZS1tZWRpYXNvdXJjZSIpOwogfQorCisvKioKKyAqIHdlYmtpdF9zZXR0aW5nc19zZXRf ZW5hYmxlX3dlYl9zZWN1cml0eToKKyAqIEBzZXR0aW5nczogYSAjV2ViS2l0U2V0dGluZ3MKKyAq IEBlbmFibGVkOiBWYWx1ZSB0byBiZSBzZXQKKyAqCisgKiBTZXQgdGhlICNXZWJLaXRTZXR0aW5n czplbmFibGUtd2ViLXNlY3VyaXR5IHByb3BlcnR5LgorICoKKyAqIFNpbmNlOiAyLjYKKyAqLwor dm9pZCB3ZWJraXRfc2V0dGluZ3Nfc2V0X2VuYWJsZV93ZWJfc2VjdXJpdHkoV2ViS2l0U2V0dGlu Z3MqIHNldHRpbmdzLCBnYm9vbGVhbiBlbmFibGVkKQoreworICAgIGdfcmV0dXJuX2lmX2ZhaWwo V0VCS0lUX0lTX1NFVFRJTkdTKHNldHRpbmdzKSk7CisKKyAgICBXZWJLaXRTZXR0aW5nc1ByaXZh dGUqIHByaXYgPSBzZXR0aW5ncy0+cHJpdjsKKyAgICBib29sIGN1cnJlbnRWYWx1ZSA9IHByaXYt PnByZWZlcmVuY2VzLT53ZWJTZWN1cml0eUVuYWJsZWQoKTsKKworICAgIGlmIChjdXJyZW50VmFs dWUgPT0gZW5hYmxlZCkKKyAgICAgICAgcmV0dXJuOworCisgICAgcHJpdi0+cHJlZmVyZW5jZXMt PnNldFdlYlNlY3VyaXR5RW5hYmxlZChlbmFibGVkKTsKKyAgICBnX29iamVjdF9ub3RpZnkoR19P QkpFQ1Qoc2V0dGluZ3MpLCAiZW5hYmxlLXdlYi1zZWN1cml0eSIpOworfQorCisvKioKKyAqIHdl YmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3dlYl9zZWN1cml0eToKKyAqIEBzZXR0aW5nczogYSAj V2ViS2l0U2V0dGluZ3MKKyAqCisgKiBHZXQgdGhlICNXZWJLaXRTZXR0aW5nczplbmFibGUtd2Vi LXNlY3VyaXR5IHByb3BlcnR5LgorICoKKyAqIFJldHVybnM6ICVUUlVFIElmIHdlYiBzZWN1cml0 eSBpcyBlbmFibGVkIG9yICVGQUxTRSBvdGhlcndpc2UuCisgKgorICogU2luY2U6IDIuNgorICov CitnYm9vbGVhbiB3ZWJraXRfc2V0dGluZ3NfZ2V0X2VuYWJsZV93ZWJfc2VjdXJpdHkoV2ViS2l0 U2V0dGluZ3MqIHNldHRpbmdzKQoreworICAgIGdfcmV0dXJuX3ZhbF9pZl9mYWlsKFdFQktJVF9J U19TRVRUSU5HUyhzZXR0aW5ncyksIEZBTFNFKTsKKworICAgIHJldHVybiBzZXR0aW5ncy0+cHJp di0+cHJlZmVyZW5jZXMtPndlYlNlY3VyaXR5RW5hYmxlZCgpOworfQpkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9ndGsvV2ViS2l0U2V0dGluZ3MuaCBiL1NvdXJjZS9X ZWJLaXQyL1VJUHJvY2Vzcy9BUEkvZ3RrL1dlYktpdFNldHRpbmdzLmgKaW5kZXggNjZlNjg3Zi4u MjMzZmExZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9ndGsvV2Vi S2l0U2V0dGluZ3MuaAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL2d0ay9XZWJL aXRTZXR0aW5ncy5oCkBAIC00MTQsNiArNDE0LDEyIEBAIFdFQktJVF9BUEkgdm9pZAogd2Via2l0 X3NldHRpbmdzX3NldF9lbmFibGVfbWVkaWFzb3VyY2UgICAgICAgICAgICAgICAgICAgICAgICAg KFdlYktpdFNldHRpbmdzICpzZXR0aW5ncywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBnYm9vbGVhbiAgICAgICAgZW5hYmxl ZCk7CiAKK1dFQktJVF9BUEkgZ2Jvb2xlYW4KK3dlYmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3dl Yl9zZWN1cml0eSAgICAgICAgICAgICAgICAgICAgICAgIChXZWJLaXRTZXR0aW5ncyogc2V0dGlu Z3MpOworCitXRUJLSVRfQVBJIHZvaWQKK3dlYmtpdF9zZXR0aW5nc19zZXRfZW5hYmxlX3dlYl9z ZWN1cml0eSAgICAgICAgICAgICAgICAgICAgICAgIChXZWJLaXRTZXR0aW5ncyogc2V0dGluZ3Ms CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZ2Jvb2xlYW4gICAgICAgIGVuYWJsZWQpOwogR19FTkRfREVDTFMKIAogI2VuZGlm IC8qIFdlYktpdFNldHRpbmdzX2ggKi8KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1VJUHJv Y2Vzcy9BUEkvZ3RrL2RvY3Mvd2Via2l0Mmd0ay1zZWN0aW9ucy50eHQgYi9Tb3VyY2UvV2ViS2l0 Mi9VSVByb2Nlc3MvQVBJL2d0ay9kb2NzL3dlYmtpdDJndGstc2VjdGlvbnMudHh0CmluZGV4IGEw OThhMDAuLmVmZWZkNjkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkv Z3RrL2RvY3Mvd2Via2l0Mmd0ay1zZWN0aW9ucy50eHQKKysrIGIvU291cmNlL1dlYktpdDIvVUlQ cm9jZXNzL0FQSS9ndGsvZG9jcy93ZWJraXQyZ3RrLXNlY3Rpb25zLnR4dApAQCAtMzc1LDYgKzM3 NSw4IEBAIHdlYmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3NwYXRpYWxfbmF2aWdhdGlvbgogd2Vi a2l0X3NldHRpbmdzX3NldF9lbmFibGVfc3BhdGlhbF9uYXZpZ2F0aW9uCiB3ZWJraXRfc2V0dGlu Z3NfZ2V0X2VuYWJsZV9tZWRpYXNvdXJjZQogd2Via2l0X3NldHRpbmdzX3NldF9lbmFibGVfbWVk aWFzb3VyY2UKK3dlYmtpdF9zZXR0aW5nc19nZXRfZW5hYmxlX3dlYl9zZWN1cml0eQord2Via2l0 X3NldHRpbmdzX3NldF9lbmFibGVfd2ViX3NlY3VyaXR5CiAKIDxTVUJTRUNUSU9OIFN0YW5kYXJk PgogV2ViS2l0U2V0dGluZ3NDbGFzcwpkaWZmIC0tZ2l0IGEvVG9vbHMvQ2hhbmdlTG9nIGIvVG9v bHMvQ2hhbmdlTG9nCmluZGV4IDY1NDdmN2MuLmUwMzFjYjMgMTAwNjQ0Ci0tLSBhL1Rvb2xzL0No YW5nZUxvZworKysgYi9Ub29scy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNiBAQAorMjAxNC0wMy0x OCAgTWFyaW8gU2FuY2hleiBQcmFkYSAgPG1hcmlvLnByYWRhQHNhbXN1bmcuY29tPgorCisgICAg ICAgIFtXSzJdW0dUS10gRXhwb3NlIHRoZSBlbmFibGUtd2ViLXNlY3VyaXR5IHByb3BlcnR5IGlu IFdlYktpdDJHVEsgQVBJCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xMzAzOTgKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBVcGRhdGUgdW5pdCB0ZXN0IGZvciBXZWJLaXRTZXR0aW5ncyB0byBpbmNsdWRlIHRo ZSBuZXcgcHJvcGVydHkKKyAgICAgICAgYmVpbmcgYWRkZWQsIGVuYWJsZS13ZWItc2VjdXJpdHkg KEZBTFNFIGJ5IGRlZmF1bHQpLgorCisgICAgICAgICogVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJL aXQyR3RrL1Rlc3RXZWJLaXRTZXR0aW5ncy5jcHA6CisgICAgICAgICh0ZXN0V2ViS2l0U2V0dGlu Z3MpOiBVcGRhdGVkLgorCiAyMDE0LTAzLTE3ICBSeW9zdWtlIE5pd2EgIDxybml3YUB3ZWJraXQu b3JnPgogCiAgICAgICAgIHdlYmtpdHB5IHRlc3QgcmViYXNlbGluZS4KZGlmZiAtLWdpdCBhL1Rv b2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0Mkd0ay9UZXN0V2ViS2l0U2V0dGluZ3MuY3Bw IGIvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RXZWJLaXRTZXR0aW5n cy5jcHAKaW5kZXggNjBmOTY0ZS4uMDllNzVhOCAxMDA2NDQKLS0tIGEvVG9vbHMvVGVzdFdlYktp dEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RXZWJLaXRTZXR0aW5ncy5jcHAKKysrIGIvVG9vbHMv VGVzdFdlYktpdEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RXZWJLaXRTZXR0aW5ncy5jcHAKQEAg LTI3Myw2ICsyNzMsMTEgQEAgc3RhdGljIHZvaWQgdGVzdFdlYktpdFNldHRpbmdzKFRlc3QqLCBn Y29uc3Rwb2ludGVyKQogICAgIHdlYmtpdF9zZXR0aW5nc19zZXRfZW5hYmxlX21lZGlhc291cmNl KHNldHRpbmdzLCBUUlVFKTsKICAgICBnX2Fzc2VydCh3ZWJraXRfc2V0dGluZ3NfZ2V0X2VuYWJs ZV9tZWRpYXNvdXJjZShzZXR0aW5ncykpOwogCisgICAgLy8gQnkgZGVmYXVsdCwgd2ViIHNlY3Vy aXR5IGlzIGVuYWJsZWQKKyAgICBnX2Fzc2VydCh3ZWJraXRfc2V0dGluZ3NfZ2V0X2VuYWJsZV93 ZWJfc2VjdXJpdHkoc2V0dGluZ3MpKTsKKyAgICB3ZWJraXRfc2V0dGluZ3Nfc2V0X2VuYWJsZV93 ZWJfc2VjdXJpdHkoc2V0dGluZ3MsIEZBTFNFKTsKKyAgICBnX2Fzc2VydCghd2Via2l0X3NldHRp bmdzX2dldF9lbmFibGVfd2ViX3NlY3VyaXR5KHNldHRpbmdzKSk7CisKICAgICBnX29iamVjdF91 bnJlZihHX09CSkVDVChzZXR0aW5ncykpOwogfQogCi0tIAoxLjcuMTAuNAoK