140072 2015-01-04 20:42:58 -0800 [GTK] Enable seccomp filters by default 2016-09-21 05:18:11 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED WONTFIX P2 Enhancement --- 110014 140062 140071 140073 140075 140131 140132 142980 142982 142983 142986 142987 146993 153235 89874 1 mcatanzaro mcatanzaro cgarcia gyuyoung.kim lantw44 mcatanzaro ossy tmpsantos zan oldest_to_newest 1058649 0 mcatanzaro 2015-01-04 20:42:58 -0800 Don't commit this yet :) 1058650 1 243961 mcatanzaro 2015-01-04 20:45:32 -0800 Created attachment 243961 Patch 1079482 2 249291 mcatanzaro 2015-03-23 15:45:11 -0700 Created attachment 249291 [GTK] Enable seccomp filters by default 1079484 3 249292 mcatanzaro 2015-03-23 15:48:04 -0700 Created attachment 249292 [GTK] Enable seccomp filters by default 1156516 4 mcatanzaro 2016-01-18 19:02:01 -0800 The current seccomp filters code does not provide any meaningful security, and is certainly worse than no sandbox at all due to the high likelihood that it will unexpectedly break something by inappropriately denying access to a file. We might be better off deleting all this code and starting from scratch (perhaps using mount namespaces), rather than try to enforce a filesystem access policy with seccomp filters. We should use seccomp filters to enforce a short syscall blacklist regardless, but that is much simpler than what we have now, and none of the current code is useful for that. (A syscall whitelist -- the approach I attempted -- is far to fragile.) 1163657 5 tmpsantos 2016-02-10 16:13:54 -0800 The idea of trying something with seccomp was because at the time it was the only mechanism available in many distros that wouldn't require special privileges to create the sandbox. Obviously trapping just a few syscalls won't give much, but the plan was to incrementally grow and add more filters. 243961 2015-01-04 20:45:32 -0800 2015-03-23 15:46:32 -0700 Patch 0010-GTK-Enable-seccomp-filters-by-default.patch text/plain 3237 mcatanzaro RnJvbSA3ODljOGFlZjk5ZTNjMDIxYzBmYjllNDU1Mjc0ZGMwZmQ2ZGZjMTViIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTdW4sIDI4IERlYyAyMDE0IDE1OjE3OjQwIC0wNjAwClN1YmplY3Q6IFtQQVRD SCAxMC8xMF0gW0dUS10gRW5hYmxlIHNlY2NvbXAgZmlsdGVycyBieSBkZWZhdWx0CgotLS0KIENo YW5nZUxvZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IDExICsrKysrKysrKysrCiBT b3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZSAgICAgICAgICAgfCAgMiArLQogVG9vbHMvQ2hh bmdlTG9nICAgICAgICAgICAgICAgICAgICAgICAgIHwgMTEgKysrKysrKysrKysKIFRvb2xzL1Nj cmlwdHMvd2Via2l0cGVybC9GZWF0dXJlTGlzdC5wbSB8ICAyICstCiA0IGZpbGVzIGNoYW5nZWQs IDI0IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvQ2hhbmdlTG9n IGIvQ2hhbmdlTG9nCmluZGV4IGUzYzg2NTEuLjVhYTE1MjYgMTAwNjQ0Ci0tLSBhL0NoYW5nZUxv ZworKysgYi9DaGFuZ2VMb2cKQEAgLTEsNSArMSwxNiBAQAogMjAxNS0wMS0wNCAgTWljaGFlbCBD YXRhbnphcm8gIDxtY2F0YW56YXJvQGlnYWxpYS5jb20+CiAKKyAgICAgICAgW0dUS10gRW5hYmxl IHNlY2NvbXAgZmlsdGVycyBieSBkZWZhdWx0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQu b3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNzIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBFbmFibGUgc2VjY29tcCBmaWx0ZXJzCisKKyAgICAgICAgKiBT b3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZToKKworMjAxNS0wMS0wNCAgTWljaGFlbCBDYXRh bnphcm8gIDxtY2F0YW56YXJvQGlnYWxpYS5jb20+CisKICAgICAgICAgW0dUS10gQWRkIHNlY2Nv bXAgZmlsdGVycyBzdXBwb3J0CiAgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xMTAwMTQKIApkaWZmIC0tZ2l0IGEvU291cmNlL2NtYWtlL09wdGlvbnNHVEsu Y21ha2UgYi9Tb3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZQppbmRleCA2MDdmZDQ2Li44Nzhk NTczIDEwMDY0NAotLS0gYS9Tb3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZQorKysgYi9Tb3Vy Y2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZQpAQCAtMTU3LDcgKzE1Nyw3IEBAIFdFQktJVF9PUFRJ T05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9QSUNUVVJFX1NJWkVTIE9OKQogV0VCS0lUX09Q VElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1FVT1RBIE9GRikKIFdFQktJVF9PUFRJT05f REVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9SRVNPTFVUSU9OX01FRElBX1FVRVJZIE9GRikKIFdF QktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9SRVFVRVNUX0FOSU1BVElPTl9G UkFNRSBPTikKLVdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9TRUNDT01Q X0ZJTFRFUlMgT0ZGKQorV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1NF Q0NPTVBfRklMVEVSUyBPTikKIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJM RV9TSEFSRURfV09SS0VSUyBPTikKIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVO QUJMRV9TUEVMTENIRUNLIE9OKQogV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5B QkxFX1RFTVBMQVRFX0VMRU1FTlQgT04pCmRpZmYgLS1naXQgYS9Ub29scy9DaGFuZ2VMb2cgYi9U b29scy9DaGFuZ2VMb2cKaW5kZXggZjM2MDRlZC4uYzA3Njk2ZiAxMDA2NDQKLS0tIGEvVG9vbHMv Q2hhbmdlTG9nCisrKyBiL1Rvb2xzL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDE2IEBACiAyMDE1LTAx LTA0ICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAg ICBbR1RLXSBFbmFibGUgc2VjY29tcCBmaWx0ZXJzIGJ5IGRlZmF1bHQKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0MDA3MgorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEVuYWJsZSBzZWNjb21wIGZpbHRlcnMK KworICAgICAgICAqIFNjcmlwdHMvd2Via2l0cGVybC9GZWF0dXJlTGlzdC5wbToKKworMjAxNS0w MS0wNCAgTWljaGFlbCBDYXRhbnphcm8gIDxtY2F0YW56YXJvQGlnYWxpYS5jb20+CisKICAgICAg ICAgW0dUS10gRW5hYmxlIHNlY2NvbXAgZmlsdGVyIEFQSSB0ZXN0cwogICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQwMDcxCiAKZGlmZiAtLWdpdCBhL1Rv b2xzL1NjcmlwdHMvd2Via2l0cGVybC9GZWF0dXJlTGlzdC5wbSBiL1Rvb2xzL1NjcmlwdHMvd2Vi a2l0cGVybC9GZWF0dXJlTGlzdC5wbQppbmRleCA1MWRkOGJlLi4yYTY2ZDVkIDEwMDY0NAotLS0g YS9Ub29scy9TY3JpcHRzL3dlYmtpdHBlcmwvRmVhdHVyZUxpc3QucG0KKysrIGIvVG9vbHMvU2Ny aXB0cy93ZWJraXRwZXJsL0ZlYXR1cmVMaXN0LnBtCkBAIC0zNTcsNyArMzU3LDcgQEAgbXkgQGZl YXR1cmVzID0gKAogICAgICAgZGVmaW5lID0+ICJFTkFCTEVfUkVRVUVTVF9BTklNQVRJT05fRlJB TUUiLCBkZWZhdWx0ID0+IChpc0FwcGxlTWFjV2ViS2l0KCkgfHwgaXNHdGsoKSB8fCBpc0VmbCgp KSwgdmFsdWUgPT4gXCRyZXF1ZXN0QW5pbWF0aW9uRnJhbWVTdXBwb3J0IH0sCiAKICAgICB7IG9w dGlvbiA9PiAic2VjY29tcC1maWx0ZXJzIiwgZGVzYyA9PiAiVG9nZ2xlIFNlY2NvbXAgRmlsdGVy IHNhbmRib3giLAotICAgICAgZGVmaW5lID0+ICJFTkFCTEVfU0VDQ09NUF9GSUxURVJTIiwgZGVm YXVsdCA9PiAwLCB2YWx1ZSA9PiBcJHNlY2NvbXBGaWx0ZXJzU3VwcG9ydCB9LAorICAgICAgZGVm aW5lID0+ICJFTkFCTEVfU0VDQ09NUF9GSUxURVJTIiwgZGVmYXVsdCA9PiBpc0d0aygpLCB2YWx1 ZSA9PiBcJHNlY2NvbXBGaWx0ZXJzU3VwcG9ydCB9LAogCiAgICAgeyBvcHRpb24gPT4gInNjcmlw dGVkLXNwZWVjaCIsIGRlc2MgPT4gIlRvZ2dsZSBTY3JpcHRlZCBTcGVlY2ggc3VwcG9ydCIsCiAg ICAgICBkZWZpbmUgPT4gIkVOQUJMRV9TQ1JJUFRFRF9TUEVFQ0giLCBkZWZhdWx0ID0+IDAsIHZh bHVlID0+IFwkc2NyaXB0ZWRTcGVlY2hTdXBwb3J0IH0sCi0tIAoyLjEuMAoK 249291 2015-03-23 15:45:11 -0700 2015-03-23 15:46:39 -0700 [GTK] Enable seccomp filters by default GTK-Enable-seccomp-filters-by-default.patch text/plain 3335 mcatanzaro RnJvbSBlMWY0Y2RmMDQ4MDZmOTJlNzRkMTAwZjk4MTkxNTg0Y2M0ZWFmYTdjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTdW4sIDI4IERlYyAyMDE0IDE1OjE3OjQwIC0wNjAwClN1YmplY3Q6IFtQQVRD SF0gW0dUS10gRW5hYmxlIHNlY2NvbXAgZmlsdGVycyBieSBkZWZhdWx0CgpodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQwMDcyCi0tLQogQ2hhbmdlTG9nICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHwgMTEgKysrKysrKysrKysKIFNvdXJjZS9jbWFrZS9PcHRp b25zR1RLLmNtYWtlICAgICAgICAgICB8ICAzICsrLQogVG9vbHMvQ2hhbmdlTG9nICAgICAgICAg ICAgICAgICAgICAgICAgIHwgMTEgKysrKysrKysrKysKIFRvb2xzL1NjcmlwdHMvd2Via2l0cGVy bC9GZWF0dXJlTGlzdC5wbSB8ICAyICstCiA0IGZpbGVzIGNoYW5nZWQsIDI1IGluc2VydGlvbnMo KyksIDIgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvQ2hhbmdlTG9nIGIvQ2hhbmdlTG9nCmlu ZGV4IDJkMTM0MmMuLmNmMzZiMWEgMTAwNjQ0Ci0tLSBhL0NoYW5nZUxvZworKysgYi9DaGFuZ2VM b2cKQEAgLTEsNSArMSwxNiBAQAogMjAxNS0wMS0wNCAgTWljaGFlbCBDYXRhbnphcm8gIDxtY2F0 YW56YXJvQGlnYWxpYS5jb20+CiAKKyAgICAgICAgW0dUS10gRW5hYmxlIHNlY2NvbXAgZmlsdGVy cyBieSBkZWZhdWx0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xNDAwNzIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBFbmFibGUgc2VjY29tcCBmaWx0ZXJzCisKKyAgICAgICAgKiBTb3VyY2UvY21ha2UvT3B0 aW9uc0dUSy5jbWFrZToKKworMjAxNS0wMS0wNCAgTWljaGFlbCBDYXRhbnphcm8gIDxtY2F0YW56 YXJvQGlnYWxpYS5jb20+CisKICAgICAgICAgW0dUS10gQWRkIHNlY2NvbXAgZmlsdGVycyBzdXBw b3J0CiAgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMTAw MTQKIApkaWZmIC0tZ2l0IGEvU291cmNlL2NtYWtlL09wdGlvbnNHVEsuY21ha2UgYi9Tb3VyY2Uv Y21ha2UvT3B0aW9uc0dUSy5jbWFrZQppbmRleCA5ZTI5ZTg2Li4wZGIyZmIxIDEwMDY0NAotLS0g YS9Tb3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZQorKysgYi9Tb3VyY2UvY21ha2UvT3B0aW9u c0dUSy5jbWFrZQpAQCAtMTgxLDcgKzE4MSw4IEBAIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JU X1ZBTFVFKEVOQUJMRV9QSUNUVVJFX1NJWkVTIE9OKQogV0VCS0lUX09QVElPTl9ERUZBVUxUX1BP UlRfVkFMVUUoRU5BQkxFX1FVT1RBIE9GRikKIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZB TFVFKEVOQUJMRV9SRVNPTFVUSU9OX01FRElBX1FVRVJZIE9GRikKIFdFQktJVF9PUFRJT05fREVG QVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9SRVFVRVNUX0FOSU1BVElPTl9GUkFNRSBPTikKLVdFQktJ VF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9TRUNDT01QX0ZJTFRFUlMgT0ZGKQor V0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1NFQ0NPTVBfRklMVEVSUyBP TikKK1dFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9TSEFSRURfV09SS0VS UyBPTikKIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9TUEVMTENIRUNL IE9OKQogV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1RFTVBMQVRFX0VM RU1FTlQgT04pCiBXRUJLSVRfT1BUSU9OX0RFRkFVTFRfUE9SVF9WQUxVRShFTkFCTEVfVE9VQ0hf RVZFTlRTIE9OKQpkaWZmIC0tZ2l0IGEvVG9vbHMvQ2hhbmdlTG9nIGIvVG9vbHMvQ2hhbmdlTG9n CmluZGV4IDQwOTM2NzYuLjFiOWRkYWUgMTAwNjQ0Ci0tLSBhL1Rvb2xzL0NoYW5nZUxvZworKysg Yi9Ub29scy9DaGFuZ2VMb2cKQEAgLTEsNSArMSwxNiBAQAogMjAxNS0wMS0wNCAgTWljaGFlbCBD YXRhbnphcm8gIDxtY2F0YW56YXJvQGlnYWxpYS5jb20+CiAKKyAgICAgICAgW0dUS10gRW5hYmxl IHNlY2NvbXAgZmlsdGVycyBieSBkZWZhdWx0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQu b3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNzIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBFbmFibGUgc2VjY29tcCBmaWx0ZXJzCisKKyAgICAgICAgKiBT Y3JpcHRzL3dlYmtpdHBlcmwvRmVhdHVyZUxpc3QucG06CisKKzIwMTUtMDEtMDQgIE1pY2hhZWwg Q2F0YW56YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCiAgICAgICAgIFtHVEtdIEVuYWJs ZSBzZWNjb21wIGZpbHRlciBBUEkgdGVzdHMKICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTE0MDA3MQogCmRpZmYgLS1naXQgYS9Ub29scy9TY3JpcHRzL3dl YmtpdHBlcmwvRmVhdHVyZUxpc3QucG0gYi9Ub29scy9TY3JpcHRzL3dlYmtpdHBlcmwvRmVhdHVy ZUxpc3QucG0KaW5kZXggMTZmZDY0OS4uZGYxOWMwNyAxMDA2NDQKLS0tIGEvVG9vbHMvU2NyaXB0 cy93ZWJraXRwZXJsL0ZlYXR1cmVMaXN0LnBtCisrKyBiL1Rvb2xzL1NjcmlwdHMvd2Via2l0cGVy bC9GZWF0dXJlTGlzdC5wbQpAQCAtMzU2LDcgKzM1Niw3IEBAIG15IEBmZWF0dXJlcyA9ICgKICAg ICAgIGRlZmluZSA9PiAiRU5BQkxFX1JFUVVFU1RfQU5JTUFUSU9OX0ZSQU1FIiwgZGVmYXVsdCA9 PiAoaXNBcHBsZU1hY1dlYktpdCgpIHx8IGlzR3RrKCkgfHwgaXNFZmwoKSksIHZhbHVlID0+IFwk cmVxdWVzdEFuaW1hdGlvbkZyYW1lU3VwcG9ydCB9LAogCiAgICAgeyBvcHRpb24gPT4gInNlY2Nv bXAtZmlsdGVycyIsIGRlc2MgPT4gIlRvZ2dsZSBTZWNjb21wIEZpbHRlciBzYW5kYm94IiwKLSAg ICAgIGRlZmluZSA9PiAiRU5BQkxFX1NFQ0NPTVBfRklMVEVSUyIsIGRlZmF1bHQgPT4gMCwgdmFs dWUgPT4gXCRzZWNjb21wRmlsdGVyc1N1cHBvcnQgfSwKKyAgICAgIGRlZmluZSA9PiAiRU5BQkxF X1NFQ0NPTVBfRklMVEVSUyIsIGRlZmF1bHQgPT4gaXNHdGsoKSwgdmFsdWUgPT4gXCRzZWNjb21w RmlsdGVyc1N1cHBvcnQgfSwKIAogICAgIHsgb3B0aW9uID0+ICJzY3JpcHRlZC1zcGVlY2giLCBk ZXNjID0+ICJUb2dnbGUgU2NyaXB0ZWQgU3BlZWNoIHN1cHBvcnQiLAogICAgICAgZGVmaW5lID0+ ICJFTkFCTEVfU0NSSVBURURfU1BFRUNIIiwgZGVmYXVsdCA9PiAwLCB2YWx1ZSA9PiBcJHNjcmlw dGVkU3BlZWNoU3VwcG9ydCB9LAotLSAKMi4xLjA= 249292 2015-03-23 15:48:04 -0700 2015-03-23 15:48:04 -0700 [GTK] Enable seccomp filters by default GTK-Enable-seccomp-filters-by-default.patch text/plain 3274 mcatanzaro RnJvbSBiODJhYWVmYjViMTAxMmQ1YjUwOGQ1ZTFjNzFjMzEwNmVmZjI2Zjk2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTdW4sIDI4IERlYyAyMDE0IDE1OjE3OjQwIC0wNjAwClN1YmplY3Q6IFtQQVRD SF0gW0dUS10gRW5hYmxlIHNlY2NvbXAgZmlsdGVycyBieSBkZWZhdWx0CgpodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQwMDcyCi0tLQogQ2hhbmdlTG9nICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHwgMTEgKysrKysrKysrKysKIFNvdXJjZS9jbWFrZS9PcHRp b25zR1RLLmNtYWtlICAgICAgICAgICB8ICAyICstCiBUb29scy9DaGFuZ2VMb2cgICAgICAgICAg ICAgICAgICAgICAgICAgfCAxMSArKysrKysrKysrKwogVG9vbHMvU2NyaXB0cy93ZWJraXRwZXJs L0ZlYXR1cmVMaXN0LnBtIHwgIDIgKy0KIDQgZmlsZXMgY2hhbmdlZCwgMjQgaW5zZXJ0aW9ucygr KSwgMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9DaGFuZ2VMb2cgYi9DaGFuZ2VMb2cKaW5k ZXggMmQxMzQyYy4uY2YzNmIxYSAxMDA2NDQKLS0tIGEvQ2hhbmdlTG9nCisrKyBiL0NoYW5nZUxv ZwpAQCAtMSw1ICsxLDE2IEBACiAyMDE1LTAxLTA0ICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRh bnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbR1RLXSBFbmFibGUgc2VjY29tcCBmaWx0ZXJz IGJ5IGRlZmF1bHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTE0MDA3MgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIEVuYWJsZSBzZWNjb21wIGZpbHRlcnMKKworICAgICAgICAqIFNvdXJjZS9jbWFrZS9PcHRp b25zR1RLLmNtYWtlOgorCisyMDE1LTAxLTA0ICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRhbnph cm9AaWdhbGlhLmNvbT4KKwogICAgICAgICBbR1RLXSBBZGQgc2VjY29tcCBmaWx0ZXJzIHN1cHBv cnQKICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTExMDAx NAogCmRpZmYgLS1naXQgYS9Tb3VyY2UvY21ha2UvT3B0aW9uc0dUSy5jbWFrZSBiL1NvdXJjZS9j bWFrZS9PcHRpb25zR1RLLmNtYWtlCmluZGV4IDllMjllODYuLmE3OWUwOTIgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9jbWFrZS9PcHRpb25zR1RLLmNtYWtlCisrKyBiL1NvdXJjZS9jbWFrZS9PcHRpb25z R1RLLmNtYWtlCkBAIC0xODEsNyArMTgxLDcgQEAgV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRf VkFMVUUoRU5BQkxFX1BJQ1RVUkVfU0laRVMgT04pCiBXRUJLSVRfT1BUSU9OX0RFRkFVTFRfUE9S VF9WQUxVRShFTkFCTEVfUVVPVEEgT0ZGKQogV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFM VUUoRU5BQkxFX1JFU09MVVRJT05fTUVESUFfUVVFUlkgT0ZGKQogV0VCS0lUX09QVElPTl9ERUZB VUxUX1BPUlRfVkFMVUUoRU5BQkxFX1JFUVVFU1RfQU5JTUFUSU9OX0ZSQU1FIE9OKQotV0VCS0lU X09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1NFQ0NPTVBfRklMVEVSUyBPRkYpCitX RUJLSVRfT1BUSU9OX0RFRkFVTFRfUE9SVF9WQUxVRShFTkFCTEVfU0VDQ09NUF9GSUxURVJTIE9O KQogV0VCS0lUX09QVElPTl9ERUZBVUxUX1BPUlRfVkFMVUUoRU5BQkxFX1NQRUxMQ0hFQ0sgT04p CiBXRUJLSVRfT1BUSU9OX0RFRkFVTFRfUE9SVF9WQUxVRShFTkFCTEVfVEVNUExBVEVfRUxFTUVO VCBPTikKIFdFQktJVF9PUFRJT05fREVGQVVMVF9QT1JUX1ZBTFVFKEVOQUJMRV9UT1VDSF9FVkVO VFMgT04pCmRpZmYgLS1naXQgYS9Ub29scy9DaGFuZ2VMb2cgYi9Ub29scy9DaGFuZ2VMb2cKaW5k ZXggNDA5MzY3Ni4uMWI5ZGRhZSAxMDA2NDQKLS0tIGEvVG9vbHMvQ2hhbmdlTG9nCisrKyBiL1Rv b2xzL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDE2IEBACiAyMDE1LTAxLTA0ICBNaWNoYWVsIENhdGFu emFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbR1RLXSBFbmFibGUgc2Vj Y29tcCBmaWx0ZXJzIGJ5IGRlZmF1bHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTE0MDA3MgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIEVuYWJsZSBzZWNjb21wIGZpbHRlcnMKKworICAgICAgICAqIFNjcmlw dHMvd2Via2l0cGVybC9GZWF0dXJlTGlzdC5wbToKKworMjAxNS0wMS0wNCAgTWljaGFlbCBDYXRh bnphcm8gIDxtY2F0YW56YXJvQGlnYWxpYS5jb20+CisKICAgICAgICAgW0dUS10gRW5hYmxlIHNl Y2NvbXAgZmlsdGVyIEFQSSB0ZXN0cwogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTQwMDcxCiAKZGlmZiAtLWdpdCBhL1Rvb2xzL1NjcmlwdHMvd2Via2l0 cGVybC9GZWF0dXJlTGlzdC5wbSBiL1Rvb2xzL1NjcmlwdHMvd2Via2l0cGVybC9GZWF0dXJlTGlz dC5wbQppbmRleCAxNmZkNjQ5Li5kZjE5YzA3IDEwMDY0NAotLS0gYS9Ub29scy9TY3JpcHRzL3dl YmtpdHBlcmwvRmVhdHVyZUxpc3QucG0KKysrIGIvVG9vbHMvU2NyaXB0cy93ZWJraXRwZXJsL0Zl YXR1cmVMaXN0LnBtCkBAIC0zNTYsNyArMzU2LDcgQEAgbXkgQGZlYXR1cmVzID0gKAogICAgICAg ZGVmaW5lID0+ICJFTkFCTEVfUkVRVUVTVF9BTklNQVRJT05fRlJBTUUiLCBkZWZhdWx0ID0+IChp c0FwcGxlTWFjV2ViS2l0KCkgfHwgaXNHdGsoKSB8fCBpc0VmbCgpKSwgdmFsdWUgPT4gXCRyZXF1 ZXN0QW5pbWF0aW9uRnJhbWVTdXBwb3J0IH0sCiAKICAgICB7IG9wdGlvbiA9PiAic2VjY29tcC1m aWx0ZXJzIiwgZGVzYyA9PiAiVG9nZ2xlIFNlY2NvbXAgRmlsdGVyIHNhbmRib3giLAotICAgICAg ZGVmaW5lID0+ICJFTkFCTEVfU0VDQ09NUF9GSUxURVJTIiwgZGVmYXVsdCA9PiAwLCB2YWx1ZSA9 PiBcJHNlY2NvbXBGaWx0ZXJzU3VwcG9ydCB9LAorICAgICAgZGVmaW5lID0+ICJFTkFCTEVfU0VD Q09NUF9GSUxURVJTIiwgZGVmYXVsdCA9PiBpc0d0aygpLCB2YWx1ZSA9PiBcJHNlY2NvbXBGaWx0 ZXJzU3VwcG9ydCB9LAogCiAgICAgeyBvcHRpb24gPT4gInNjcmlwdGVkLXNwZWVjaCIsIGRlc2Mg PT4gIlRvZ2dsZSBTY3JpcHRlZCBTcGVlY2ggc3VwcG9ydCIsCiAgICAgICBkZWZpbmUgPT4gIkVO QUJMRV9TQ1JJUFRFRF9TUEVFQ0giLCBkZWZhdWx0ID0+IDAsIHZhbHVlID0+IFwkc2NyaXB0ZWRT cGVlY2hTdXBwb3J0IH0sCi0tIAoyLjEuMA==