182924 2018-02-19 05:40:34 -0800 Potential privacy issue: DNS prefetching can be re-enabled 2018-02-27 08:39:18 -0800 1 1 1 Unclassified WebKit WebKitGTK Other Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 jens.a.mueller+webkit webkit-unassigned bfulgham bugs-noreply cdumez commit-queue dbates esprehn+autocc ews-watchlist kangil.han mcatanzaro mcrha tpopela oldest_to_newest 1400338 0 jens.a.mueller+webkit 2018-02-19 05:40:34 -0800 In the scope of academic research we systematically analyzed various email clients for `web bugs' -- 1x1 pixel images in HTML emails used by spammers to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content like images in HTML emails. This can be bypassed on Trojitá and Evolution by re-enabling DNS prefetching within the HTML email itself: <meta http-equiv="x-dns-prefetch-control" content="on"> <a href="http://tracking-id.attacker.com"></a> The related bug reports can be found here: https://bugs.kde.org/show_bug.cgi?id=390452 https://bugzilla.gnome.org/show_bug.cgi?id=793449 Both mail clients use WebKit to render HTML emails, so it may actually be a WebKit issue and should be fixed here. For the testing the mail clients we used Debian GNU/Linux 9.3 with: - libwebkit2gtk-4.0-37:amd64 (version 2.16.6+0+deb9u1) - libqt5webkit5:amd64 (version 5.7.1+dfsg-1) 1401089 1 334367 mcrha 2018-02-21 05:58:11 -0800 Created attachment 334367 proposed patch Let's prefer settings value over the on ein the page. That is, once the DNS prefething is disabled in the WebKit settings, it cannot be enabled by the page. 1401092 2 ews-watchlist 2018-02-21 06:01:03 -0800 Attachment 334367 did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Line contains tab character. [whitespace/tab] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style. 1401096 3 334372 mcrha 2018-02-21 06:14:13 -0800 Created attachment 334372 proposed patch (fixed tab in ChangeLog) 1401222 4 334372 mcatanzaro 2018-02-21 12:29:45 -0800 Comment on attachment 334372 proposed patch (fixed tab in ChangeLog) Tor users are not going to be happy about this. (Another good example of why you should only use Tor with Tor Browser Bundle....) I think this patch makes sense, but since no ports enable DNS prefetch by default, this really totally disables DNS prefetch in WebKit, to the point where we should be considering removing the feature entirely. And that is rather strange, since prefetch is considered to be a major performance boost. By coincidence, I had started a discussion about this yesterday: https://lists.webkit.org/pipermail/webkit-dev/2018-February/029881.html 1401239 5 mcrha 2018-02-21 13:13:19 -0800 Tor users can enable the DNS prefetch in settings and it'll make them happy again. Evolution explicitly disables the prefetch. I didn't know all webkit has this disabled by default, good to know. As this will be all client-driven, there is no need to remove the setting and the code around it, it's all fine. I believe the intention to have the page override this option is just a security hole, especially after Jens explained it (to me) in the GNOME bugzilla. I hesitate to insert at the top of each generated HTML code by evolution (in iframe-s too?) a new <meta> first, to explicitly disable prefetch, then any similar tag in received mail would not enable it, but if you think it's the way to go, then let it be the way to go. Another approach would be to have enable-dns-prefetch a three-state value: 1) enabled always 2) disabled always 3) disabled, but allow the page enable it (to mimic the current behaviour and expectations) and the most the page will be always able to disable DNS pefetch, but enable it only if the setting will be the value 3) from the above list. 1401240 6 334372 cdumez 2018-02-21 13:18:17 -0800 Comment on attachment 334372 proposed patch (fixed tab in ChangeLog) View in context: https://bugs.webkit.org/attachment.cgi?id=334372&action=review > Source/WebCore/dom/Document.cpp:-5763 > - if (equalLettersIgnoringASCIICase(dnsPrefetchControl, "on") && !m_haveExplicitlyDisabledDNSPrefetch) { I'd rather we return early in this method if !settings().dnsPrefetchingEnabled(). Otherwise, we end up changing the value of m_haveExplicitlyDisabledDNSPrefetch. 1401246 7 mcrha 2018-02-21 13:33:56 -0800 (In reply to Chris Dumez from comment #6) > I'd rather we return early in this method if > !settings().dnsPrefetchingEnabled(). Otherwise, we end up changing the value > of m_haveExplicitlyDisabledDNSPrefetch. I've been thinking of it too, but: a) I wanted ensure that the prefetch will be disabled b) that variable is used basically only here (and in initDNSPrefetch(), where it's set to 'false' again) and after this change is means "explicitly disabled by settings" here, from my point of view. I added some debug prints around and the initDNSPrefetch() is called plenty of times after each page reload (or load of a new page in case of Evolution), thus the value is reset often. 1401276 8 mcatanzaro 2018-02-21 14:25:48 -0800 (In reply to Milan Crha from comment #5) > Tor users can enable the DNS prefetch in settings and it'll make them happy > again. I mean: if you use tor, you really don't want to be locally prefetching anything. 1401279 9 mcatanzaro 2018-02-21 14:28:47 -0800 I also think early return would be cleaner. Chris, you're OK with changing the semantics of this HTTP header to only allow disabling prefetch, never enabling it? I think we need to; the bug report is valid. 1401297 10 cdumez 2018-02-21 15:33:33 -0800 (In reply to Michael Catanzaro from comment #9) > I also think early return would be cleaner. > > Chris, you're OK with changing the semantics of this HTTP header to only > allow disabling prefetch, never enabling it? I think we need to; the bug > report is valid. I think the change makes sense. Client setting should override anything else IMHO. 1401393 11 334442 mcrha 2018-02-22 01:33:10 -0800 Created attachment 334442 proposed patch ][ In case you want the page only to disable prefetching, but never enable it, then the m_haveExplicitlyDisabledDNSPrefetch property can be removed and the code simplified as much as this. 1401432 12 334442 cdumez 2018-02-22 09:00:32 -0800 Comment on attachment 334442 proposed patch ][ View in context: https://bugs.webkit.org/attachment.cgi?id=334442&action=review > Source/WebCore/dom/Document.cpp:-5769 > - m_haveExplicitlyDisabledDNSPrefetch = true; I do not understand why it is OK to drop this flag. This flag has nothing to do with the page setting. 1401455 13 334442 mcatanzaro 2018-02-22 10:36:01 -0800 Comment on attachment 334442 proposed patch ][ View in context: https://bugs.webkit.org/attachment.cgi?id=334442&action=review > Source/WebCore/dom/Document.cpp:5765 > + // let the page only disable prefetching, not enable it WebKit style is to write the comment as a full sentence, with a capital L and a period at the end. >> Source/WebCore/dom/Document.cpp:-5769 >> - m_haveExplicitlyDisabledDNSPrefetch = true; > > I do not understand why it is OK to drop this flag. This flag has nothing to do with the page setting. I think m_haveExplicitlyDisabledDNSPrefetch is there to ensure that if prefetch is disabled, either with the HTTP header or HTML meta http-equiv, it can't ever be reenabled the same way. Thanks for trying to clean up the code, but I think we should keep it. 1401666 14 mcrha 2018-02-22 23:39:45 -0800 Well, when I change it to something like this: diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp index 0a5a1df61a..db08fb9b7a 100644 --- a/Source/WebCore/dom/Document.cpp +++ b/Source/WebCore/dom/Document.cpp @@ -5765,10 +5765,12 @@ void Document::initDNSPrefetch() void Document::parseDNSPrefetchControlHeader(const String& dnsPrefetchControl) { - if (equalLettersIgnoringASCIICase(dnsPrefetchControl, "on") && !m_haveExplicitlyDisabledDNSPrefetch) { - m_isDNSPrefetchEnabled = true; + if (!settings().dnsPrefetchingEnabled()) + return; + + // Let the page only disable prefetching, not enable it. + if (equalLettersIgnoringASCIICase(dnsPrefetchControl, "on")) return; - } m_isDNSPrefetchEnabled = false; m_haveExplicitlyDisabledDNSPrefetch = true; then it's only written to m_haveExplicitlyDisabledDNSPrefetch, never read from it. That's why I removed it. I think the change is that simple that you can correct it the way which prefer to you, I really do not care of credits, I only would like to have this included in the next stable release of WebKitGTK+ and not miss it due to nitpicks. 1401779 15 mcatanzaro 2018-02-23 11:32:13 -0800 Just don't get rid of the && !m_haveExplicitlyDisabledDNSPrefetch check: void Document::parseDNSPrefetchControlHeader(const String& dnsPrefetchControl) { // Prefetch disabled in settings if (!settings().dnsPrefetchingEnabled()) return; // Prefetch requested by website *AND not previously turned off by website* if (equalLettersIgnoringASCIICase(dnsPrefetchControl, "on") && !m_haveExplicitlyDisabledDNSPrefetch) { m_isDNSPrefetchEnabled = true; return; } // Prefetch turned off by website (any value for the header except "on") m_isDNSPrefetchEnabled = false; m_haveExplicitlyDisabledDNSPrefetch = true; } 1401993 16 mcrha 2018-02-26 01:32:15 -0800 (In reply to Chris Dumez from comment #10) > (In reply to Michael Catanzaro from comment #9) > > I also think early return would be cleaner. > > > > Chris, you're OK with changing the semantics of this HTTP header to only > > allow disabling prefetch, never enabling it? I think we need to; the bug > > report is valid. > > I think the change makes sense. Client setting should override anything else > IMHO. The suggestion in comment #15 goes against the above quoted part, from my point of view. Especially when we agree that the web page should not ever enable the DNS prefetch on its own when user settings is OFF. I look on it this way: - settings = OFF, then DNS prefetch is kept off whatever the page or response headers will claim - settings = ON, then the DNS prefetch is enabled and the page can only disable the prefetch; when the page uses "on", then it won't change anything (prefetch is already enabled) * if the page (or the transport headers) disable DNS prefetching and then the page "changes its mind" and will try to enable it again, then the code with m_haveExplicitlyDisabledDNSPrefetch doesn't make much sense to me, because in that case WebKit would try to dictate some "workflow" to the web pages, which looks odd, because WebKit has the settings to let the clients (users of WebKit) influence the DNS prefetching behaviour, and the user already said it's fine to do DNS prefetching, thus it doesn't matter whether the page disabled and then enabled it again (or ten times). I think that the code complexity with m_haveExplicitlyDisabledDNSPrefetch is not needed, unless you are afraid of (or you want to cover) some header injection on the response headers/page content(/iframes?), but even then the last word has the WebKit client through the settings and if it is fine with DNS prefetching, then let the page do it or change it on/off to its likings. 1402066 17 mcatanzaro 2018-02-26 09:11:50 -0800 (In reply to Milan Crha from comment #16) > The suggestion in comment #15 goes against the above quoted part, from my > point of view. Especially when we agree that the web page should not ever > enable the DNS prefetch on its own when user settings is OFF. I look on it > this way: > > - settings = OFF, then DNS prefetch is kept off whatever the page or > response headers will claim Yes > - settings = ON, then the DNS prefetch is enabled and the page can only > disable the prefetch; when the page uses "on", then it won't change > anything (prefetch is already enabled) Yes > * if the page (or the transport headers) disable DNS prefetching > and then the page "changes its mind" and will try to enable it again, > then the code with m_haveExplicitlyDisabledDNSPrefetch doesn't > make much sense to me, because in that case WebKit would try to > dictate > some "workflow" to the web pages, which looks odd, because WebKit has > the settings to let the clients (users of WebKit) influence the DNS > prefetching behaviour, and the user already said it's fine to do DNS > prefetching, thus it doesn't matter whether the page disabled and then > enabled it again (or ten times). > > I think that the code complexity with m_haveExplicitlyDisabledDNSPrefetch is > not needed, unless you are afraid of (or you want to cover) some header > injection on the response headers/page content(/iframes?), but even then the > last word has the WebKit client through the settings and if it is fine with > DNS prefetching, then let the page do it or change it on/off to its likings. Since this setting affects the security of the page, the current code ensures that it is not possible to re-enable it once it has been disabled. There doesn't seem to be any strong reason for your patch to remove this restriction. I would prefer that your patch make only the originally-desired change. 1402091 18 334626 mcrha 2018-02-26 10:19:53 -0800 Created attachment 334626 proposed patch ]I[ Okay okay :) 1402139 19 334626 mcatanzaro 2018-02-26 12:38:05 -0800 Comment on attachment 334626 proposed patch ]I[ View in context: https://bugs.webkit.org/attachment.cgi?id=334626&action=review Now, this patch looks good to me. Maybe Chris will want to give final review. > Source/WebCore/dom/Document.cpp:5771 > + // Prefetch requested by the website AND not previously turned off by the website Please don't add this comment to the code; I had meant that to be a comment for Bugzilla purposes only. :) It's somewhat obvious, and also not a complete sentence. 1402305 20 334678 mcrha 2018-02-27 00:32:53 -0800 Created attachment 334678 proposed patch IV 1402338 21 334678 mcatanzaro 2018-02-27 07:54:42 -0800 Comment on attachment 334678 proposed patch IV Chris, this look good to you? 1402340 22 334678 cdumez 2018-02-27 08:15:10 -0800 Comment on attachment 334678 proposed patch IV Yes. 1402342 23 334678 commit-queue 2018-02-27 08:39:16 -0800 Comment on attachment 334678 proposed patch IV Clearing flags on attachment: 334678 Committed r229061: <https://trac.webkit.org/changeset/229061> 1402343 24 commit-queue 2018-02-27 08:39:18 -0800 All reviewed patches have been landed. Closing bug. 334367 2018-02-21 05:58:11 -0800 2018-02-21 06:14:13 -0800 proposed patch wk.patch text/plain 1302 mcrha ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjN2RkNTMxYWUwLi45ODM3YTgwYzkwIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTQgQEAKKzIwMTgtMDItMjEgIE1pbGFuIENyaGEgIDxtY3JoYUByZWRoYXQuY29tPgorCisg ICAgICAgIFBvdGVudGlhbCBwcml2YWN5IGlzc3VlOiBETlMgcHJlZmV0Y2hpbmcgY2FuIGJlIHJl LWVuYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MjkyNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpwYXJzZURO U1ByZWZldGNoQ29udHJvbEhlYWRlcik6IHByZWZlciBXZWJLaXQgc2V0dGluZ3MKKwlvdmVyIHRo ZSB2YWx1ZSBpbiB0aGUgSFRNTCBkb2N1bWVudAorCiAyMDE4LTAyLTA2ICBNczJnZXIgIDxNczJn ZXJAaWdhbGlhLmNvbT4KIAogICAgICAgICBJbml0aWFsaXplIEltYWdlQml0bWFwOjptX2JpdG1h cERhdGEgaW4gdGhlIGNvbnN0cnVjdG9yLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvZG9t L0RvY3VtZW50LmNwcCBiL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5jcHAKaW5kZXggMzA3 ZWFmYjcyOC4uMGRjNDFmYTg2NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvZG9tL0RvY3Vt ZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCkBAIC01NzYwLDcg KzU3NjAsNyBAQCB2b2lkIERvY3VtZW50Ojppbml0RE5TUHJlZmV0Y2goKQogCiB2b2lkIERvY3Vt ZW50OjpwYXJzZUROU1ByZWZldGNoQ29udHJvbEhlYWRlcihjb25zdCBTdHJpbmcmIGRuc1ByZWZl dGNoQ29udHJvbCkKIHsKLSAgICBpZiAoZXF1YWxMZXR0ZXJzSWdub3JpbmdBU0NJSUNhc2UoZG5z UHJlZmV0Y2hDb250cm9sLCAib24iKSAmJiAhbV9oYXZlRXhwbGljaXRseURpc2FibGVkRE5TUHJl ZmV0Y2gpIHsKKyAgICBpZiAoZXF1YWxMZXR0ZXJzSWdub3JpbmdBU0NJSUNhc2UoZG5zUHJlZmV0 Y2hDb250cm9sLCAib24iKSAmJiAhbV9oYXZlRXhwbGljaXRseURpc2FibGVkRE5TUHJlZmV0Y2gg JiYgc2V0dGluZ3MoKS5kbnNQcmVmZXRjaGluZ0VuYWJsZWQoKSkgewogICAgICAgICBtX2lzRE5T UHJlZmV0Y2hFbmFibGVkID0gdHJ1ZTsKICAgICAgICAgcmV0dXJuOwogICAgIH0K 334372 2018-02-21 06:14:13 -0800 2018-02-22 01:33:10 -0800 proposed patch (fixed tab in ChangeLog) wk.patch text/plain 1309 mcrha ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjN2RkNTMxYWUwLi45ODM3YTgwYzkwIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTQgQEAKKzIwMTgtMDItMjEgIE1pbGFuIENyaGEgIDxtY3JoYUByZWRoYXQuY29tPgorCisg ICAgICAgIFBvdGVudGlhbCBwcml2YWN5IGlzc3VlOiBETlMgcHJlZmV0Y2hpbmcgY2FuIGJlIHJl LWVuYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MjkyNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpwYXJzZURO U1ByZWZldGNoQ29udHJvbEhlYWRlcik6IHByZWZlciBXZWJLaXQgc2V0dGluZ3MKKyAgICAgICAg b3ZlciB0aGUgdmFsdWUgaW4gdGhlIEhUTUwgZG9jdW1lbnQKKwogMjAxOC0wMi0wNiAgTXMyZ2Vy ICA8TXMyZ2VyQGlnYWxpYS5jb20+CiAKICAgICAgICAgSW5pdGlhbGl6ZSBJbWFnZUJpdG1hcDo6 bV9iaXRtYXBEYXRhIGluIHRoZSBjb25zdHJ1Y3Rvci4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJD b3JlL2RvbS9Eb2N1bWVudC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCmlu ZGV4IDMwN2VhZmI3MjguLjBkYzQxZmE4NjcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2Rv bS9Eb2N1bWVudC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcApAQCAt NTc2MCw3ICs1NzYwLDcgQEAgdm9pZCBEb2N1bWVudDo6aW5pdEROU1ByZWZldGNoKCkKIAogdm9p ZCBEb2N1bWVudDo6cGFyc2VETlNQcmVmZXRjaENvbnRyb2xIZWFkZXIoY29uc3QgU3RyaW5nJiBk bnNQcmVmZXRjaENvbnRyb2wpCiB7Ci0gICAgaWYgKGVxdWFsTGV0dGVyc0lnbm9yaW5nQVNDSUlD YXNlKGRuc1ByZWZldGNoQ29udHJvbCwgIm9uIikgJiYgIW1faGF2ZUV4cGxpY2l0bHlEaXNhYmxl ZEROU1ByZWZldGNoKSB7CisgICAgaWYgKGVxdWFsTGV0dGVyc0lnbm9yaW5nQVNDSUlDYXNlKGRu c1ByZWZldGNoQ29udHJvbCwgIm9uIikgJiYgIW1faGF2ZUV4cGxpY2l0bHlEaXNhYmxlZEROU1By ZWZldGNoICYmIHNldHRpbmdzKCkuZG5zUHJlZmV0Y2hpbmdFbmFibGVkKCkpIHsKICAgICAgICAg bV9pc0ROU1ByZWZldGNoRW5hYmxlZCA9IHRydWU7CiAgICAgICAgIHJldHVybjsKICAgICB9Cg== 334442 2018-02-22 01:33:10 -0800 2018-02-26 10:19:53 -0800 proposed patch ][ wk.patch text/plain 2398 mcrha ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBjN2RkNTMxYWUwLi4zZTllMGViYTdiIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTYgQEAKKzIwMTgtMDItMjIgIE1pbGFuIENyaGEgIDxtY3JoYUByZWRoYXQuY29tPgorCisg ICAgICAgIFBvdGVudGlhbCBwcml2YWN5IGlzc3VlOiBETlMgcHJlZmV0Y2hpbmcgY2FuIGJlIHJl LWVuYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MjkyNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50Ojppbml0RE5T UHJlZmV0Y2gpOgorICAgICAgICAoV2ViQ29yZTo6RG9jdW1lbnQ6OnBhcnNlRE5TUHJlZmV0Y2hD b250cm9sSGVhZGVyKToKKyAgICAgICAgKiBkb20vRG9jdW1lbnQuaDogcHJlZmVyIFdlYktpdCBz ZXR0aW5ncworICAgICAgICBvdmVyIHRoZSB2YWx1ZSBpbiB0aGUgSFRNTCBkb2N1bWVudAorCiAy MDE4LTAyLTA2ICBNczJnZXIgIDxNczJnZXJAaWdhbGlhLmNvbT4KIAogICAgICAgICBJbml0aWFs aXplIEltYWdlQml0bWFwOjptX2JpdG1hcERhdGEgaW4gdGhlIGNvbnN0cnVjdG9yLgpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcCBiL1NvdXJjZS9XZWJDb3JlL2Rv bS9Eb2N1bWVudC5jcHAKaW5kZXggMzA3ZWFmYjcyOC4uMTdlMGY4ODhkNiAxMDA2NDQKLS0tIGEv U291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9kb20v RG9jdW1lbnQuY3BwCkBAIC01NzQ4LDcgKzU3NDgsNiBAQCBUZXh0QXV0b1NpemluZyYgRG9jdW1l bnQ6OnRleHRBdXRvU2l6aW5nKCkKIAogdm9pZCBEb2N1bWVudDo6aW5pdEROU1ByZWZldGNoKCkK IHsKLSAgICBtX2hhdmVFeHBsaWNpdGx5RGlzYWJsZWRETlNQcmVmZXRjaCA9IGZhbHNlOwogICAg IG1faXNETlNQcmVmZXRjaEVuYWJsZWQgPSBzZXR0aW5ncygpLmRuc1ByZWZldGNoaW5nRW5hYmxl ZCgpICYmIHNlY3VyaXR5T3JpZ2luKCkucHJvdG9jb2woKSA9PSAiaHR0cCI7CiAKICAgICAvLyBJ bmhlcml0IEROUyBwcmVmZXRjaCBvcHQtb3V0IGZyb20gcGFyZW50IGZyYW1lICAgIApAQCAtNTc2 MCwxMyArNTc1OSwxNCBAQCB2b2lkIERvY3VtZW50Ojppbml0RE5TUHJlZmV0Y2goKQogCiB2b2lk IERvY3VtZW50OjpwYXJzZUROU1ByZWZldGNoQ29udHJvbEhlYWRlcihjb25zdCBTdHJpbmcmIGRu c1ByZWZldGNoQ29udHJvbCkKIHsKLSAgICBpZiAoZXF1YWxMZXR0ZXJzSWdub3JpbmdBU0NJSUNh c2UoZG5zUHJlZmV0Y2hDb250cm9sLCAib24iKSAmJiAhbV9oYXZlRXhwbGljaXRseURpc2FibGVk RE5TUHJlZmV0Y2gpIHsKLSAgICAgICAgbV9pc0ROU1ByZWZldGNoRW5hYmxlZCA9IHRydWU7Cisg ICAgaWYgKCFzZXR0aW5ncygpLmRuc1ByZWZldGNoaW5nRW5hYmxlZCgpKQorICAgICAgICByZXR1 cm47CisKKyAgICAvLyBsZXQgdGhlIHBhZ2Ugb25seSBkaXNhYmxlIHByZWZldGNoaW5nLCBub3Qg ZW5hYmxlIGl0CisgICAgaWYgKGVxdWFsTGV0dGVyc0lnbm9yaW5nQVNDSUlDYXNlKGRuc1ByZWZl dGNoQ29udHJvbCwgIm9uIikpCiAgICAgICAgIHJldHVybjsKLSAgICB9CiAKICAgICBtX2lzRE5T UHJlZmV0Y2hFbmFibGVkID0gZmFsc2U7Ci0gICAgbV9oYXZlRXhwbGljaXRseURpc2FibGVkRE5T UHJlZmV0Y2ggPSB0cnVlOwogfQogCiB2b2lkIERvY3VtZW50OjphZGRDb25zb2xlTWVzc2FnZShz dGQ6OnVuaXF1ZV9wdHI8SW5zcGVjdG9yOjpDb25zb2xlTWVzc2FnZT4mJiBjb25zb2xlTWVzc2Fn ZSkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5oIGIvU291cmNlL1dl YkNvcmUvZG9tL0RvY3VtZW50LmgKaW5kZXggOTY5ODBkMDBjZC4uOTI2NjNjZjE1OCAxMDA2NDQK LS0tIGEvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmgKKysrIGIvU291cmNlL1dlYkNvcmUv ZG9tL0RvY3VtZW50LmgKQEAgLTE4NDIsNyArMTg0Miw2IEBAIHByaXZhdGU6CiAKICAgICBib29s IG1fZ290b0FuY2hvck5lZWRlZEFmdGVyU3R5bGVzaGVldHNMb2FkIHsgZmFsc2UgfTsKICAgICBi b29sIG1faXNETlNQcmVmZXRjaEVuYWJsZWQgeyBmYWxzZSB9OwotICAgIGJvb2wgbV9oYXZlRXhw bGljaXRseURpc2FibGVkRE5TUHJlZmV0Y2ggeyBmYWxzZSB9OwogCiAgICAgYm9vbCBtX2FjY2Vz c0tleU1hcFZhbGlkIHsgZmFsc2UgfTsKICAgICBib29sIG1faXNTeW50aGVzaXplZCB7IGZhbHNl IH07Cg== 334626 2018-02-26 10:19:53 -0800 2018-02-27 00:33:15 -0800 proposed patch ]I[ wk.patch text/plain 1234 mcrha ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA3ZmRlZDEyY2EwLi43MzVhMWIxNjk1IDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTMgQEAKKzIwMTgtMDItMjYgIE1pbGFuIENyaGEgIDxtY3JoYUByZWRoYXQuY29tPgorCisg ICAgICAgIFBvdGVudGlhbCBwcml2YWN5IGlzc3VlOiBETlMgcHJlZmV0Y2hpbmcgY2FuIGJlIHJl LWVuYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MjkyNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpwYXJzZURO U1ByZWZldGNoQ29udHJvbEhlYWRlcik6CisKIDIwMTgtMDItMjIgIFl1c3VrZSBTdXp1a2kgIDx1 dGF0YW5lLnRlYUBnbWFpbC5jb20+CiAKICAgICAgICAgUmVtb3ZlIGN1cnJlbnRUaW1lKCkgLyBj dXJyZW50VGltZU1TKCkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5j cHAgYi9Tb3VyY2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCmluZGV4IDBhNWExZGY2MWEuLmE4 NGQwYTUyYWMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5jcHAKKysr IGIvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcApAQCAtNTc2NSw2ICs1NzY1LDEwIEBA IHZvaWQgRG9jdW1lbnQ6OmluaXRETlNQcmVmZXRjaCgpCiAKIHZvaWQgRG9jdW1lbnQ6OnBhcnNl RE5TUHJlZmV0Y2hDb250cm9sSGVhZGVyKGNvbnN0IFN0cmluZyYgZG5zUHJlZmV0Y2hDb250cm9s KQogeworICAgIGlmICghc2V0dGluZ3MoKS5kbnNQcmVmZXRjaGluZ0VuYWJsZWQoKSkKKyAgICAg ICAgcmV0dXJuOworCisgICAgLy8gUHJlZmV0Y2ggcmVxdWVzdGVkIGJ5IHRoZSB3ZWJzaXRlIEFO RCBub3QgcHJldmlvdXNseSB0dXJuZWQgb2ZmIGJ5IHRoZSB3ZWJzaXRlCiAgICAgaWYgKGVxdWFs TGV0dGVyc0lnbm9yaW5nQVNDSUlDYXNlKGRuc1ByZWZldGNoQ29udHJvbCwgIm9uIikgJiYgIW1f aGF2ZUV4cGxpY2l0bHlEaXNhYmxlZEROU1ByZWZldGNoKSB7CiAgICAgICAgIG1faXNETlNQcmVm ZXRjaEVuYWJsZWQgPSB0cnVlOwogICAgICAgICByZXR1cm47Cg== 334678 2018-02-27 00:32:53 -0800 2018-02-27 08:39:16 -0800 proposed patch IV wk.patch text/plain 1146 mcrha ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA3ZmRlZDEyY2EwLi43MzVhMWIxNjk1IDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTMgQEAKKzIwMTgtMDItMjYgIE1pbGFuIENyaGEgIDxtY3JoYUByZWRoYXQuY29tPgorCisg ICAgICAgIFBvdGVudGlhbCBwcml2YWN5IGlzc3VlOiBETlMgcHJlZmV0Y2hpbmcgY2FuIGJlIHJl LWVuYWJsZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE4MjkyNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpwYXJzZURO U1ByZWZldGNoQ29udHJvbEhlYWRlcik6CisKIDIwMTgtMDItMjIgIFl1c3VrZSBTdXp1a2kgIDx1 dGF0YW5lLnRlYUBnbWFpbC5jb20+CiAKICAgICAgICAgUmVtb3ZlIGN1cnJlbnRUaW1lKCkgLyBj dXJyZW50VGltZU1TKCkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5j cHAgYi9Tb3VyY2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCmluZGV4IDBhNWExZGY2MWEuLjcw YmU4ODkwYWUgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5jcHAKKysr IGIvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcApAQCAtNTc2NSw2ICs1NzY1LDkgQEAg dm9pZCBEb2N1bWVudDo6aW5pdEROU1ByZWZldGNoKCkKIAogdm9pZCBEb2N1bWVudDo6cGFyc2VE TlNQcmVmZXRjaENvbnRyb2xIZWFkZXIoY29uc3QgU3RyaW5nJiBkbnNQcmVmZXRjaENvbnRyb2wp CiB7CisgICAgaWYgKCFzZXR0aW5ncygpLmRuc1ByZWZldGNoaW5nRW5hYmxlZCgpKQorICAgICAg ICByZXR1cm47CisKICAgICBpZiAoZXF1YWxMZXR0ZXJzSWdub3JpbmdBU0NJSUNhc2UoZG5zUHJl ZmV0Y2hDb250cm9sLCAib24iKSAmJiAhbV9oYXZlRXhwbGljaXRseURpc2FibGVkRE5TUHJlZmV0 Y2gpIHsKICAgICAgICAgbV9pc0ROU1ByZWZldGNoRW5hYmxlZCA9IHRydWU7CiAgICAgICAgIHJl dHVybjsK