79154 2012-02-21 15:28:49 -0800 [chromium] XSS Auditor bypass via javascript url and control characters 2012-02-23 11:46:42 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED XSSAuditor P2 Normal --- 1 tsepez tsepez abarth webkit.review.bot oldest_to_newest 561281 0 tsepez 2012-02-21 15:28:49 -0800 Reported by masatokinugawa, Today (10 hours ago) VULNERABILITY DETAILS The vector is: ?xss=1&body=%3Ca%20href=%22ja%09vascript:alert(1)%22%3EClick%20here%3C/a%3E Safari is OK. Also Reported by kuzzcc, Yesterday (32 hours ago) Chrome 19.0.1041.0 dev-m window xp sp3 ?q=%3Ca%20href=%22%26%231;javascript:alert(0)%22%3Etest%3C/a%3E data:text/html,<a href="&#1;javascript:alert(0)">test</a> 561293 1 128061 tsepez 2012-02-21 15:37:00 -0800 Created attachment 128061 Patch. 561320 2 128061 abarth 2012-02-21 16:05:03 -0800 Comment on attachment 128061 Patch. This isn't the right approach... There should be a function already that does this work called something like protocolIs or protocolIsJavaScript... 561323 3 abarth 2012-02-21 16:06:09 -0800 Take a look at allowSettingJavaScriptURL in JSHTMLFrameElementCustom.cpp, for example. 561325 4 abarth 2012-02-21 16:06:45 -0800 allowSettingSrcToJavaScriptUrl 562226 5 tsepez 2012-02-22 12:11:53 -0800 allowSettingFrameSrcToJavascriptUrl() does the check: if (protocolIsJavaScript(stripLeadingAndTrailingHTMLSpaces(value))) { ... If I'm reading this right, stripLeadingAndTrailingHTMLSpaces() [HTMLParserIdioms.cpp] doesn't remove control-characters or internal HTML spaces. protocolIsJavaScript() [KURL.cpp] uses protocolIs() which asserts on c <= 0x20 in DEBUG builds but nothing otherwise. So it looks like this check is hosed in the same was as XSSauditor if the (specific to chromium, right?) code allows &#1; and the like -- Unless there is a higher-level check. Flipping to component security while I cobble together an example see if there's actually a hole here. 562400 6 tsepez 2012-02-22 14:37:07 -0800 Ah. KURL vs. KURLgoogle again. KURLgoogle's protocolIs() will handle the ctrl characters, so no UXSS hole on setting frame.location. Good. So we can use protocolIsJavascript(), but test will need to be chromium-only. 562634 7 128349 tsepez 2012-02-22 17:42:34 -0800 Created attachment 128349 Patch. Patch using Adam's suggested function. Also, the test now uses an <a href=""> rather than an <iframe src=""> since iframe src currently isn't exploitable. It flunks an origin test on chromium -- which is why this needs to be href in an a tag. Still waiting full testing completion. 563317 8 128349 webkit.review.bot 2012-02-23 11:46:35 -0800 Comment on attachment 128349 Patch. Clearing flags on attachment: 128349 Committed r108653: <http://trac.webkit.org/changeset/108653> 563318 9 webkit.review.bot 2012-02-23 11:46:42 -0800 All reviewed patches have been landed. Closing bug. 128061 2012-02-21 15:37:00 -0800 2012-02-22 17:42:34 -0800 Patch. bug_79154.txt text/plain 4172 tsepez SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEwODQwOCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDEyLTAyLTIxICBUb20gU2Vw ZXogIDx0c2VwZXpAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFhTUyBBdWRpdG9yIGJ5cGFzcyB2 aWEgamF2YXNjcmlwdCB1cmwgYW5kIGNvbnRyb2wgY2hhcmFjdGVycworICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NzkxNTQKKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUZXN0OiBodHRwL3Rlc3RzL3NlY3VyaXR5 L3hzc0F1ZGl0b3IvaWZyYW1lLWphdmFzY3JpcHQtdXJsLWNvbnRyb2wtY2hhcnMuaHRtbAorCisg ICAgICAgICogaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpj b250YWluc0phdmFTY3JpcHRVUkwpOgorCiAyMDEyLTAyLTIxICBObydhbSBSb3NlbnRoYWwgIDxu b2FtLnJvc2VudGhhbEBub2tpYS5jb20+CiAKICAgICAgICAgW1F0XSBQcmV2aW91cyB3ZWIgcGFn ZSBhcHBlYXJzIG91dHNpZGUgY29udGVudCByZWN0CkluZGV4OiBTb3VyY2UvV2ViQ29yZS9odG1s L3BhcnNlci9YU1NBdWRpdG9yLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9odG1s L3BhcnNlci9YU1NBdWRpdG9yLmNwcAkocmV2aXNpb24gMTA4MzgxKQorKysgU291cmNlL1dlYkNv cmUvaHRtbC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE0MCwxOSAr MTQwLDIxIEBAIHN0YXRpYyBib29sIGlzRGFuZ2Vyb3VzSFRUUEVxdWl2KGNvbnN0IFMKIAogc3Rh dGljIGJvb2wgY29udGFpbnNKYXZhU2NyaXB0VVJMKGNvbnN0IFZlY3RvcjxVQ2hhciwgMzI+JiB2 YWx1ZSkKIHsKKyAgICAvLyBCZSBnZW5lcm91cyBpbiB3aGF0IHdlIGFjY2VwdCBhcyBhIGphdmFz Y3JpcHQgVVJJIHNjaGVtZSwgZXZlbiBpZiB0aGUgYnJvd3NlciBpdHNlbGYKKyAgICAvLyBkb2Vz bid0IHRvbGVyYXRlIHN1Y2ggc2hlbmFuaWdhbnMuIFRoaXMgcHJldmVudHMgdGhlIFhTU0F1ZGl0 b3IgZnJvbSBmYWlsaW5nIHNob3VsZCAKKyAgICAvLyB0aGUgYnJvd3NlciBpdHNlbGYgc29tZWRh eSBiZWNvbWUgbW9yZSB0b2xlcmFudC4KICAgICBzdGF0aWMgY29uc3QgY2hhciBqYXZhU2NyaXB0 U2NoZW1lW10gPSAiamF2YXNjcmlwdDoiOwotICAgIHN0YXRpYyBjb25zdCBzaXplX3QgbGVuZ3Ro T2ZKYXZhU2NyaXB0U2NoZW1lID0gc2l6ZW9mKGphdmFTY3JpcHRTY2hlbWUpIC0gMTsKKyAgICBj b25zdCBjaGFyKiBzY2hlbWVQb2ludGVyID0gamF2YVNjcmlwdFNjaGVtZTsKIAotICAgIHNpemVf dCBpOwotICAgIGZvciAoaSA9IDA7IGkgPCB2YWx1ZS5zaXplKCk7ICsraSkgewotICAgICAgICBp ZiAoIWlzSFRNTFNwYWNlKHZhbHVlW2ldKSkKLSAgICAgICAgICAgIGJyZWFrOworICAgIGZvciAo c2l6ZV90IGkgPSAwOyBpIDwgdmFsdWUuc2l6ZSgpOyArK2kpIHsKKyAgICAgICAgaWYgKHZhbHVl W2ldIDw9IDB4MjApCisgICAgICAgICAgICBjb250aW51ZTsKKyAgICAgICAgaWYgKHRvQVNDSUlM b3dlcih2YWx1ZVtpXSkgIT0gKnNjaGVtZVBvaW50ZXIrKykgCisgICAgICAgICAgICByZXR1cm4g ZmFsc2U7CisgICAgICAgIGlmICghKnNjaGVtZVBvaW50ZXIpCisgICAgICAgICAgICByZXR1cm4g dHJ1ZTsKICAgICB9Ci0KLSAgICBpZiAodmFsdWUuc2l6ZSgpIC0gaSA8IGxlbmd0aE9mSmF2YVNj cmlwdFNjaGVtZSkKLSAgICAgICAgcmV0dXJuIGZhbHNlOwotCi0gICAgcmV0dXJuIGVxdWFsSWdu b3JpbmdDYXNlKHZhbHVlLmRhdGEoKSArIGksIGphdmFTY3JpcHRTY2hlbWUsIGxlbmd0aE9mSmF2 YVNjcmlwdFNjaGVtZSk7CisgICAgcmV0dXJuIGZhbHNlOwogfQogCiBzdGF0aWMgaW5saW5lIFN0 cmluZyBkZWNvZGUxNkJpdFVuaWNvZGVFc2NhcGVTZXF1ZW5jZXMoY29uc3QgU3RyaW5nJiBzdHJp bmcpCkluZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCShyZXZpc2lvbiAxMDg0MDgpCisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJ KHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxMyBAQAorMjAxMi0wMi0yMSAgVG9tIFNlcGV6ICA8 dHNlcGV6QGNocm9taXVtLm9yZz4KKworICAgICAgICBYU1MgQXVkaXRvciBieXBhc3MgdmlhIGph dmFzY3JpcHQgdXJsIGFuZCBjb250cm9sIGNoYXJhY3RlcnMKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTc5MTU0CisKKyAgICAgICAgUmV2aWV3ZWQgYnkg Tk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0 b3IvaWZyYW1lLWphdmFzY3JpcHQtdXJsLWNvbnRyb2wtY2hhcnMtZXhwZWN0ZWQudHh0OiBBZGRl ZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvaWZyYW1lLWphdmFz Y3JpcHQtdXJsLWNvbnRyb2wtY2hhcnMuaHRtbDogQWRkZWQuCisKIDIwMTItMDItMjEgIFZpY3Rv ciBDYXJidW5lICA8dmNhcmJ1bmVAYWRvYmUuY29tPgogCiAgICAgICAgIEFkZGVkIHJlbGV2YW50 IHRlc3RzIGFuZCBmdW5jdGlvbmFsaXR5IGZvciBzdXBwb3J0aW5nIHBhdXNlLW9uLWV4aXQKSW5k ZXg6IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9pZnJhbWUtamF2 YXNjcmlwdC11cmwtY29udHJvbC1jaGFycy1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5 b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL2lmcmFtZS1qYXZhc2NyaXB0 LXVybC1jb250cm9sLWNoYXJzLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKKysrIExheW91dFRl c3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9pZnJhbWUtamF2YXNjcmlwdC11cmwt Y29udHJvbC1jaGFycy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMyBAQAor Q09OU09MRSBNRVNTQUdFOiBSZWZ1c2VkIHRvIGV4ZWN1dGUgYSBKYXZhU2NyaXB0IHNjcmlwdC4g U291cmNlIGNvZGUgb2Ygc2NyaXB0IGZvdW5kIHdpdGhpbiByZXF1ZXN0LgorCisKSW5kZXg6IExh eW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9pZnJhbWUtamF2YXNjcmlw dC11cmwtY29udHJvbC1jaGFycy5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAv dGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9pZnJhbWUtamF2YXNjcmlwdC11cmwtY29udHJvbC1j aGFycy5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0 eS94c3NBdWRpdG9yL2lmcmFtZS1qYXZhc2NyaXB0LXVybC1jb250cm9sLWNoYXJzLmh0bWwJKHJl dmlzaW9uIDApCkBAIC0wLDAgKzEsMTQgQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8aGVh ZD4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgIGxheW91 dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgbGF5b3V0VGVzdENvbnRyb2xsZXIuc2V0 WFNTQXVkaXRvckVuYWJsZWQodHJ1ZSk7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5Pgor PGlmcmFtZSBzcmM9Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC9zZWN1cml0eS94c3NBdWRpdG9yL3Jl c291cmNlcy9lY2hvLWludGVydGFnLnBsP3E9PGlmcmFtZSUyMHNyYz0nJTI2JTIzeDFqQXZhJTI2 JTIzeDA5c0NyaXB0JTIwOmFsZXJ0JTI2JTIzeDI1JTNCMjgxKSciPjwvaWZyYW1lPgorPC9ib2R5 PgorPC9odG1sPgo= 128349 2012-02-22 17:42:34 -0800 2012-02-23 11:46:35 -0800 Patch. patch_79154.txt text/plain 5314 tsepez SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEwODU4NSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDEyLTAyLTIyICBUb20gU2Vw ZXogIDx0c2VwZXpAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFtjaHJvbWl1bV0gWFNTIEF1ZGl0 b3IgYnlwYXNzIHZpYSBqYXZhc2NyaXB0IHVybCBhbmQgY29udHJvbCBjaGFyYWN0ZXJzCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03OTE1NAorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3Q6IGh0dHAvdGVz dHMvc2VjdXJpdHkveHNzQXVkaXRvci9qYXZhc2NyaXB0LWxpbmstY29udHJvbC1jaGFyMi5odG1s CisKKyAgICAgICAgKiBodG1sL3BhcnNlci9YU1NBdWRpdG9yLmNwcDoKKyAgICAgICAgKFdlYkNv cmUpOgorICAgICAgICAoV2ViQ29yZTo6WFNTQXVkaXRvcjo6ZXJhc2VEYW5nZXJvdXNBdHRyaWJ1 dGVzSWZJbmplY3RlZCk6CisKIDIwMTItMDItMjIgIElhbiBWb2xsaWNrICA8dm9sbGlja0BjaHJv bWl1bS5vcmc+CiAKICAgICAgICAgW2Nocm9taXVtXSBQbHVtYiBmcm9tIEdyYXBoaWNzTGF5ZXIg dG8gdGhlIGNjIHRocmVhZCBhbmltYXRpb24gY29kZQpJbmRleDogU291cmNlL1dlYkNvcmUvaHRt bC9wYXJzZXIvWFNTQXVkaXRvci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvaHRt bC9wYXJzZXIvWFNTQXVkaXRvci5jcHAJKHJldmlzaW9uIDEwODU2MSkKKysrIFNvdXJjZS9XZWJD b3JlL2h0bWwvcGFyc2VyL1hTU0F1ZGl0b3IuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xMzMsMjMg KzEzMyw2IEBAIHN0YXRpYyBib29sIGlzRGFuZ2Vyb3VzSFRUUEVxdWl2KGNvbnN0IFMKICAgICBy ZXR1cm4gZXF1YWxJZ25vcmluZ0Nhc2UoZXF1aXYsICJyZWZyZXNoIikgfHwgZXF1YWxJZ25vcmlu Z0Nhc2UoZXF1aXYsICJzZXQtY29va2llIik7CiB9CiAKLXN0YXRpYyBib29sIGNvbnRhaW5zSmF2 YVNjcmlwdFVSTChjb25zdCBWZWN0b3I8VUNoYXIsIDMyPiYgdmFsdWUpCi17Ci0gICAgc3RhdGlj IGNvbnN0IGNoYXIgamF2YVNjcmlwdFNjaGVtZVtdID0gImphdmFzY3JpcHQ6IjsKLSAgICBzdGF0 aWMgY29uc3Qgc2l6ZV90IGxlbmd0aE9mSmF2YVNjcmlwdFNjaGVtZSA9IHNpemVvZihqYXZhU2Ny aXB0U2NoZW1lKSAtIDE7Ci0KLSAgICBzaXplX3QgaTsKLSAgICBmb3IgKGkgPSAwOyBpIDwgdmFs dWUuc2l6ZSgpOyArK2kpIHsKLSAgICAgICAgaWYgKCFpc0hUTUxTcGFjZSh2YWx1ZVtpXSkpCi0g ICAgICAgICAgICBicmVhazsKLSAgICB9Ci0KLSAgICBpZiAodmFsdWUuc2l6ZSgpIC0gaSA8IGxl bmd0aE9mSmF2YVNjcmlwdFNjaGVtZSkKLSAgICAgICAgcmV0dXJuIGZhbHNlOwotCi0gICAgcmV0 dXJuIGVxdWFsSWdub3JpbmdDYXNlKHZhbHVlLmRhdGEoKSArIGksIGphdmFTY3JpcHRTY2hlbWUs IGxlbmd0aE9mSmF2YVNjcmlwdFNjaGVtZSk7Ci19Ci0KIHN0YXRpYyBpbmxpbmUgU3RyaW5nIGRl Y29kZTE2Qml0VW5pY29kZUVzY2FwZVNlcXVlbmNlcyhjb25zdCBTdHJpbmcmIHN0cmluZykKIHsK ICAgICAvLyBOb3RlLCB0aGUgZW5jb2RpbmcgaXMgaWdub3JlZCBzaW5jZSBlYWNoICV1LWVzY2Fw ZSBzZXF1ZW5jZSByZXByZXNlbnRzIGEgVVRGLTE2IGNvZGUgdW5pdC4KQEAgLTQ1Niw3ICs0Mzks NyBAQCBib29sIFhTU0F1ZGl0b3I6OmVyYXNlRGFuZ2Vyb3VzQXR0cmlidXRlCiAgICAgZm9yIChz aXplX3QgaSA9IDA7IGkgPCB0b2tlbi5hdHRyaWJ1dGVzKCkuc2l6ZSgpOyArK2kpIHsKICAgICAg ICAgY29uc3QgSFRNTFRva2VuOjpBdHRyaWJ1dGUmIGF0dHJpYnV0ZSA9IHRva2VuLmF0dHJpYnV0 ZXMoKS5hdChpKTsKICAgICAgICAgYm9vbCBpc0lubGluZUV2ZW50SGFuZGxlciA9IGlzTmFtZU9m SW5saW5lRXZlbnRIYW5kbGVyKGF0dHJpYnV0ZS5tX25hbWUpOwotICAgICAgICBib29sIHZhbHVl Q29udGFpbnNKYXZhU2NyaXB0VVJMID0gaXNJbmxpbmVFdmVudEhhbmRsZXIgPyBmYWxzZSA6IGNv bnRhaW5zSmF2YVNjcmlwdFVSTChhdHRyaWJ1dGUubV92YWx1ZSk7CisgICAgICAgIGJvb2wgdmFs dWVDb250YWluc0phdmFTY3JpcHRVUkwgPSAhaXNJbmxpbmVFdmVudEhhbmRsZXIgJiYgcHJvdG9j b2xJc0phdmFTY3JpcHQoc3RyaXBMZWFkaW5nQW5kVHJhaWxpbmdIVE1MU3BhY2VzKFN0cmluZyhh dHRyaWJ1dGUubV92YWx1ZS5kYXRhKCksIGF0dHJpYnV0ZS5tX3ZhbHVlLnNpemUoKSkpKTsKICAg ICAgICAgaWYgKCFpc0lubGluZUV2ZW50SGFuZGxlciAmJiAhdmFsdWVDb250YWluc0phdmFTY3Jp cHRVUkwpCiAgICAgICAgICAgICBjb250aW51ZTsKICAgICAgICAgLy8gQmV3YXJlIG9mIHRyYWls aW5nIGNoYXJhY3RlcnMgd2hpY2ggY2FtZSBmcm9tIHRoZSBwYWdlIGl0c2VsZiwgbm90IHRoZSAK SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDEwODU4NSkKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29y a2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDEyLTAyLTIyICBUb20gU2VwZXogIDx0c2Vw ZXpAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFtjaHJvbWl1bV0gWFNTIEF1ZGl0b3IgYnlwYXNz IHZpYSBqYXZhc2NyaXB0IHVybCBhbmQgY29udHJvbCBjaGFyYWN0ZXJzCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03OTE1NAorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS94 c3NBdWRpdG9yL2phdmFzY3JpcHQtbGluay1jb250cm9sLWNoYXIyLWV4cGVjdGVkLnR4dDogQWRk ZWQuCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL2phdmFzY3JpcHQt bGluay1jb250cm9sLWNoYXIyLmh0bWw6IEFkZGVkLgorICAgICAgICAqIHBsYXRmb3JtL2Nocm9t aXVtL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvcjogQWRkZWQuCisgICAgICAgICogcGxh dGZvcm0vY2hyb21pdW0vaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL2phdmFzY3JpcHQt bGluay1jb250cm9sLWNoYXIyLWV4cGVjdGVkLnR4dDogQWRkZWQuCisKIDIwMTItMDItMjIgIEFk cmllbm5lIFdhbGtlciAgPGVubmVAZ29vZ2xlLmNvbT4KIAogICAgICAgICBbY2hyb21pdW1dIFVu cmV2aWV3ZWQgZ2FyZGVuaW5nLiBSZWJhc2VsaW5lIHpvb20tcmVwbGFjZWQtaW50cmluc2ljLXJh dGlvCkluZGV4OiBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvamF2 YXNjcmlwdC1saW5rLWNvbnRyb2wtY2hhcjItZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExh eW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9qYXZhc2NyaXB0LWxpbmst Y29udHJvbC1jaGFyMi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9o dHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvamF2YXNjcmlwdC1saW5rLWNvbnRyb2wtY2hh cjItZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsxIEBACisKSW5kZXg6IExheW91 dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9qYXZhc2NyaXB0LWxpbmstY29u dHJvbC1jaGFyMi5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2Vj dXJpdHkveHNzQXVkaXRvci9qYXZhc2NyaXB0LWxpbmstY29udHJvbC1jaGFyMi5odG1sCShyZXZp c2lvbiAwKQorKysgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS94c3NBdWRpdG9yL2ph dmFzY3JpcHQtbGluay1jb250cm9sLWNoYXIyLmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEs MTYgQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8aGVhZD4KKzxzY3JpcHQ+CitpZiAod2lu ZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVt cEFzVGV4dCgpOworICAgIGxheW91dFRlc3RDb250cm9sbGVyLndhaXRVbnRpbERvbmUoKTsKKyAg ICBsYXlvdXRUZXN0Q29udHJvbGxlci5zZXRYU1NBdWRpdG9yRW5hYmxlZCh0cnVlKTsKK30KKzwv c2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8aWZyYW1lIHNyYz0naHR0cDovL2xvY2FsaG9zdDo4 MDAwL3NlY3VyaXR5L3hzc0F1ZGl0b3IvcmVzb3VyY2VzL2VjaG8taW50ZXJ0YWctY2xpY2stYW5k LW5vdGlmeS5wbD9lbG1pZD1hbmNob3JMaW5rJnE9JTNDYStpZCUzRGFuY2hvckxpbmsraHJlZiUz RCUyMiUyNiUyM3gxamF2YXNjJTA5cmlwdCUzQWFsZXJ0JTI4L1hTUyUwNS8lMjklMjIlM0V0ZXN0 JTNDL2ElM0UnPgorPC9pZnJhbWU+Cis8L2JvZHk+Cis8L2h0bWw+CkluZGV4OiBMYXlvdXRUZXN0 cy9wbGF0Zm9ybS9jaHJvbWl1bS9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvamF2YXNj cmlwdC1saW5rLWNvbnRyb2wtY2hhcjItZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91 dFRlc3RzL3BsYXRmb3JtL2Nocm9taXVtL2h0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9q YXZhc2NyaXB0LWxpbmstY29udHJvbC1jaGFyMi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisr KyBMYXlvdXRUZXN0cy9wbGF0Zm9ybS9jaHJvbWl1bS9odHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1 ZGl0b3IvamF2YXNjcmlwdC1saW5rLWNvbnRyb2wtY2hhcjItZXhwZWN0ZWQudHh0CShyZXZpc2lv biAwKQpAQCAtMCwwICsxLDMgQEAKK0NPTlNPTEUgTUVTU0FHRTogUmVmdXNlZCB0byBleGVjdXRl IGEgSmF2YVNjcmlwdCBzY3JpcHQuIFNvdXJjZSBjb2RlIG9mIHNjcmlwdCBmb3VuZCB3aXRoaW4g cmVxdWVzdC4KKworCg==