79657 2012-02-27 03:40:17 -0800 [WK2] [GTK] [libsoup] SoupSession should use system CA 2012-03-01 04:52:07 -0800 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 svillar svillar danw mrobinson rakuco svillar webkit.review.bot oldest_to_newest 565549 0 svillar 2012-02-27 03:40:17 -0800 As stated here https://bugs.webkit.org/show_bug.cgi?id=68602#c24 libsoup should use the available system CA list to validate SSL certificates. Enabling that caused several regressions (see https://bugs.webkit.org/show_bug.cgi?id=68602#c27). 565559 1 129008 svillar 2012-02-27 03:58:24 -0800 Created attachment 129008 Patch 565685 2 129008 mrobinson 2012-02-27 08:50:06 -0800 Comment on attachment 129008 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=129008&action=review Looks good, but this needs to be expanded for WKTR. > Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:597 > + /* Do not use strict certificate validation for tests. */ > + g_object_set(session, SOUP_SESSION_SSL_STRICT, FALSE, NULL); > + You'll also need to do this for WebKitTestRunner. 566679 3 129254 svillar 2012-02-28 07:58:25 -0800 Created attachment 129254 Patch 566811 4 129254 mrobinson 2012-02-28 09:52:04 -0800 Comment on attachment 129254 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=129254&action=review > Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp:236 > + g_object_set(session, SOUP_SESSION_SSL_STRICT, FALSE, NULL); The more I think this, the more I wonder if this should be in ResourceHandleSoup.cpp as well. Sergio and Dan, any thoughts about this? 566836 5 svillar 2012-02-28 10:20:35 -0800 (In reply to comment #4) > (From update of attachment 129254 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=129254&action=review > > > Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp:236 > > + g_object_set(session, SOUP_SESSION_SSL_STRICT, FALSE, NULL); > > The more I think this, the more I wonder if this should be in ResourceHandleSoup.cpp as well. Sergio and Dan, any thoughts about this? If we do that then we must add some sort of "This certificate seems to be invalid/expired/whatever. Do you want to accept this certificate anyway?" dialog (as we will be accepting invalid certificates). IMO we do not need to do that as I haven't seen any major issue related to certificate handling. 566919 6 mrobinson 2012-02-28 11:35:10 -0800 (In reply to comment #5) > If we do that then we must add some sort of "This certificate seems to be invalid/expired/whatever. Do you want to accept this certificate anyway?" dialog (as we will be accepting invalid certificates). IMO we do not need to do that as I haven't seen any major issue related to certificate handling. Doesn't Soup support this kind of operation? My concern with this patch is that by flipping this flag in ResouceHandleSoup, we'll be preventing sites from loading that used to load before. This will break downstream applications until they turn off strict SSL handling. Is this a valid concern or have I just misunderstood the situation? 566959 7 danw 2012-02-28 12:09:20 -0800 (In reply to comment #6) > (In reply to comment #5) > > > If we do that then we must add some sort of "This certificate seems to be invalid/expired/whatever. Do you want to accept this certificate anyway?" dialog (as we will be accepting invalid certificates). > > Doesn't Soup support this kind of operation? libsoup doesn't do any UI stuff. If the app knows that SSL_STRICT has been set FALSE, then it can watch for various signals and such to know when it needs to present such a dialog itself, but if not, then setting SSL_STRICT to FALSE is exactly the same as just not setting USE_SYSTEM_CA_FILE. Just slower. Moreover, if the app was previously setting its own SSL_CA_FILE, and just assuming that SSL_STRICT had its default value of TRUE, then having WebKit set it FALSE by default would render the app insecure (since it would be expecting invalid certificates to be rejected, but they wouldn't be). So I guess we can't do this without breaking API... maybe do it in wk2 only? 566960 8 mrobinson 2012-02-28 12:12:54 -0800 (In reply to comment #7) > So I guess we can't do this without breaking API... maybe do it in wk2 only? Sounds like WebKit2-only is the best option. :( Let's keep this in mind if we ever break WebKit1 API. 567431 9 svillar 2012-02-28 23:45:05 -0800 (In reply to comment #7) > Moreover, if the app was previously setting its own SSL_CA_FILE, and just assuming that SSL_STRICT had its default value of TRUE, then having WebKit set it FALSE by default would render the app insecure (since it would be expecting invalid certificates to be rejected, but they wouldn't be). > > So I guess we can't do this without breaking API... maybe do it in wk2 only? Let's clarify this, this patch *does not* set SSL strict to FALSE for WebKit clients. It will do it only for testing purpouses, i.e, it will only be set to FALSE for WebKitTestRunner and DumpRenderTree. 567439 10 mrobinson 2012-02-28 23:51:23 -0800 (In reply to comment #9) > > So I guess we can't do this without breaking API... maybe do it in wk2 only? > > Let's clarify this, this patch *does not* set SSL strict to FALSE for WebKit clients. It will do it only for testing purpouses, i.e, it will only be set to FALSE for WebKitTestRunner and DumpRenderTree. From what I understand this is an API break, because applications will fail to load sites that they could load just fine in the past -- or is that not the case? 567444 11 svillar 2012-02-29 00:02:22 -0800 (In reply to comment #10) > (In reply to comment #9) > > > So I guess we can't do this without breaking API... maybe do it in wk2 only? > > > > Let's clarify this, this patch *does not* set SSL strict to FALSE for WebKit clients. It will do it only for testing purpouses, i.e, it will only be set to FALSE for WebKitTestRunner and DumpRenderTree. > > From what I understand this is an API break, because applications will fail to load sites that they could load just fine in the past -- or is that not the case? Unless I'm missing something I don't think this will break any application. 567594 12 danw 2012-02-29 07:14:34 -0800 (In reply to comment #11) > Unless I'm missing something I don't think this will break any application. It will. Note that SSL_STRICT was tacked on after the fact and has confusing semantics because we didn't think it through enough at the time. SSL_STRICT=TRUE doesn't mean "be strict", it means "be strict if SSL_CA_FILE or USE_SYSTEM_CA_FILE is also set, and non-strict if not". So, with WebKit's current behavior, an app that doesn't set any SSL-related options will accept all certificates. If we commit your patch as is, then an app that doesn't set any SSL-related options will now start rejecting all certificates that aren't signed by one of the system CAs, which is essentially an API break. (It doesn't break epiphany, because epiphany unsets SSL_STRICT itself.) If we commit your patch and also unset SSL_STRICT (as Martin suggested in comment 4), then that avoids that problem, but causes the opposite problem; apps that were previously setting SSL_CA_FILE or USE_SYSTEM_CA_FILE but not changing the setting of SSL_STRICT will now suddenly start accepting all certificates, instead of only accepting acceptable ones. 567615 13 svillar 2012-02-29 07:32:12 -0800 (In reply to comment #12) > (In reply to comment #11) > > Unless I'm missing something I don't think this will break any application. > > It will. Note that SSL_STRICT was tacked on after the fact and has confusing semantics because we didn't think it through enough at the time. SSL_STRICT=TRUE doesn't mean "be strict", it means "be strict if SSL_CA_FILE or USE_SYSTEM_CA_FILE is also set, and non-strict if not". > > So, with WebKit's current behavior, an app that doesn't set any SSL-related options will accept all certificates. Yeah indeed, I was wrongly assuming that rejecting certificates was the default policy. So, I guess we should remove the USE_SYSTEM_CA_FILE from ResourceHandleSoup and move it to WK2 initialization specific code. How does it sound Martin? 567628 14 mrobinson 2012-02-29 07:57:41 -0800 (In reply to comment #13) > So, I guess we should remove the USE_SYSTEM_CA_FILE from ResourceHandleSoup and move it to WK2 initialization specific code. How does it sound Martin? Yeah, let's do that. Now that I understand the scope of the problem, this sounds like the best plan. 567634 15 129453 svillar 2012-02-29 08:12:19 -0800 Created attachment 129453 Patch 567943 16 129453 mrobinson 2012-02-29 14:26:31 -0800 Comment on attachment 129453 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=129453&action=review > Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp:236 > + SoupSession* session = WebCore::ResourceHandle::defaultSession(); > + g_object_set(session, SOUP_SESSION_SSL_STRICT, FALSE, NULL); I'm really sorry about this back and forth in this patch, I really am. Before landing I think we should move this to Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp. Later we can add API to WebKit2 to expose certificate errors to the client. By default it would accept broken certificates. 568566 17 svillar 2012-03-01 04:52:07 -0800 Committed r109338: <http://trac.webkit.org/changeset/109338> 129008 2012-02-27 03:58:24 -0800 2012-02-28 07:58:18 -0800 Patch bug-79657-20120227125822.patch text/plain 3265 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMTA4NzYwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNWU2NDE3ZTU0NTkyY2Yy OTIxNTQ4ZTk5NzdkZGU2YzM2NDQ2ZjU3My4uNmNiMjIxMWU2YjA2NjA1MTMxZmViOTM5M2I5YzAz YzNlOTczNWJjZiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDEyLTAyLTI3ICBTZXJn aW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFtHVEtdW2xp YnNvdXBdIFNvdXBTZXNzaW9uIHNob3VsZCB1c2Ugc3lzdGVtIENBCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03OTY1NworCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFNvdXBTZXNzaW9uIHNvdWxkIHVzZSBzeXN0 ZW0gQ0EgbGlzdCB0byB2YWxpZGF0ZSBTU0wgY2VydGlmaWNhdGVzLgorCisgICAgICAgIE5vIG5l dyB0ZXN0cyByZXF1aXJlZC4gQ3VycmVudCBodHRwcyB0ZXN0cyB3aWxsIGZhaWwgaWYgd2UgZG8g bm90CisgICAgICAgIGRpc2FibGUgc3RyaWN0IFNTTCB2ZXJpZmljYXRpb24gZm9yIHRlc3Rpbmcu CisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNw cDoKKyAgICAgICAgKFdlYkNvcmU6OlJlc291cmNlSGFuZGxlOjpkZWZhdWx0U2Vzc2lvbik6CisK IDIwMTItMDItMjQgIFZzZXZvbG9kIFZsYXNvdiAgPHZzZXZpa0BjaHJvbWl1bS5vcmc+CiAKICAg ICAgICAgV2ViIEluc3BlY3RvcjogU2NyaXB0cyBwYW5lbCBuYXZpZ2F0b3Igb3ZlcmxheSBzaG91 bGQgYmUgc2hvd24gYXV0b21hdGljYWxseSBvbmx5IG9uZSB0aW1lLgpkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jlc291cmNlSGFuZGxlU291cC5jcHAg Yi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3Vw LmNwcAppbmRleCBlNjcxNjYwYWVhMzMzNzEzYmUzNDg1NjMxOWVjYTYzYzk0YzczYjZkLi4wZWU1 ZDAxYjc0MDJlY2RlNmRhMGJiOTNjMWExM2ZiNzE3ZGI3ZTc5IDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcAorKysg Yi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3Vw LmNwcApAQCAtNzM5LDYgKzczOSw3IEBAIFNvdXBTZXNzaW9uKiBSZXNvdXJjZUhhbmRsZTo6ZGVm YXVsdFNlc3Npb24oKQogICAgICAgICAgICAgICAgICAgICAgU09VUF9TRVNTSU9OX0FERF9GRUFU VVJFX0JZX1RZUEUsIFNPVVBfVFlQRV9DT05URU5UX0RFQ09ERVIsCiAgICAgICAgICAgICAgICAg ICAgICBTT1VQX1NFU1NJT05fQUREX0ZFQVRVUkVfQllfVFlQRSwgU09VUF9UWVBFX0NPTlRFTlRf U05JRkZFUiwKICAgICAgICAgICAgICAgICAgICAgIFNPVVBfU0VTU0lPTl9BRERfRkVBVFVSRV9C WV9UWVBFLCBTT1VQX1RZUEVfUFJPWFlfUkVTT0xWRVJfREVGQVVMVCwKKyAgICAgICAgICAgICAg ICAgICAgIFNPVVBfU0VTU0lPTl9TU0xfVVNFX1NZU1RFTV9DQV9GSUxFLCBUUlVFLAogICAgICAg ICAgICAgICAgICAgICAgTlVMTCk7CiAgICAgfQogCmRpZmYgLS1naXQgYS9Ub29scy9DaGFuZ2VM b2cgYi9Ub29scy9DaGFuZ2VMb2cKaW5kZXggMzAzOGUyZTRiMmRlY2I4NGIxMjk1ZDAxZjEyMjk1 MDEzNzAyOWYyNy4uM2EyNjlkYjY3MWUxNDBhMzFjM2YwMmM3OGM2ZTg0NjI4NjZkOWJmZSAxMDA2 NDQKLS0tIGEvVG9vbHMvQ2hhbmdlTG9nCisrKyBiL1Rvb2xzL0NoYW5nZUxvZwpAQCAtMSwzICsx LDE2IEBACisyMDEyLTAyLTI3ICBTZXJnaW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEu Y29tPgorCisgICAgICAgIFtHVEtdW2xpYnNvdXBdIFNvdXBTZXNzaW9uIHNob3VsZCB1c2Ugc3lz dGVtIENBCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03 OTY1NworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIERp c2FibGUgc3RyaWN0IFNTTCB2ZXJpZmljYXRpb24gZm9yIHRlc3RpbmcgYWZ0ZXIgZW5hYmxpbmcg c3lzdGVtCisgICAgICAgIENBIHZlcmlmaWNhdGlvbiBmb3IgU1NMIGNlcnRpZmljYXRlcy4KKwor ICAgICAgICAqIER1bXBSZW5kZXJUcmVlL2d0ay9EdW1wUmVuZGVyVHJlZS5jcHA6CisgICAgICAg IChzZXREZWZhdWx0c1RvQ29uc2lzdGVudFN0YXRlVmFsdWVzRm9yVGVzdGluZyk6CisKIDIwMTIt MDItMjQgIEtlbnRhcm8gSGFyYSAgPGhhcmFrZW5AY2hyb21pdW0ub3JnPgogCiAgICAgICAgIEFk ZCBwZXJmb3JtYW5jZSB0ZXN0cyBmb3IgRE9NIGF0dHJpYnV0ZSBnZXR0ZXJzIGFuZCBzZXR0ZXJz CmRpZmYgLS1naXQgYS9Ub29scy9EdW1wUmVuZGVyVHJlZS9ndGsvRHVtcFJlbmRlclRyZWUuY3Bw IGIvVG9vbHMvRHVtcFJlbmRlclRyZWUvZ3RrL0R1bXBSZW5kZXJUcmVlLmNwcAppbmRleCAyZWNm MWRmMjM0ZjgzZTM0NzdhMmZiY2U2OTMwNzM5YmE1ODg0Y2NjLi44OGFmN2FiMGFiMWFjNTYwOTdi OTc2NWFhOWMwMjM5Mzg4NmNjMmNmIDEwMDY0NAotLS0gYS9Ub29scy9EdW1wUmVuZGVyVHJlZS9n dGsvRHVtcFJlbmRlclRyZWUuY3BwCisrKyBiL1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2d0ay9EdW1w UmVuZGVyVHJlZS5jcHAKQEAgLTU5Miw2ICs1OTIsOSBAQCBzdGF0aWMgdm9pZCBzZXREZWZhdWx0 c1RvQ29uc2lzdGVudFN0YXRlVmFsdWVzRm9yVGVzdGluZygpCiAgICAgU291cFNlc3Npb24qIHNl c3Npb24gPSB3ZWJraXRfZ2V0X2RlZmF1bHRfc2Vzc2lvbigpOwogICAgIHNvdXBfc2Vzc2lvbl9y ZW1vdmVfZmVhdHVyZV9ieV90eXBlKHNlc3Npb24sIFdFQktJVF9UWVBFX1NPVVBfQVVUSF9ESUFM T0cpOwogCisgICAgLyogRG8gbm90IHVzZSBzdHJpY3QgY2VydGlmaWNhdGUgdmFsaWRhdGlvbiBm b3IgdGVzdHMuICovCisgICAgZ19vYmplY3Rfc2V0KHNlc3Npb24sIFNPVVBfU0VTU0lPTl9TU0xf U1RSSUNULCBGQUxTRSwgTlVMTCk7CisKICNpZiBQTEFURk9STShYMTEpCiAgICAgd2Via2l0X3dl Yl9zZXR0aW5nc19hZGRfZXh0cmFfcGx1Z2luX2RpcmVjdG9yeSh3ZWJWaWV3LCBURVNUX1BMVUdJ Tl9ESVIpOwogI2VuZGlmCg== 129254 2012-02-28 07:58:25 -0800 2012-02-29 08:12:12 -0800 Patch bug-79657-20120228165823.patch text/plain 5157 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMTA5MDk1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZTc2MDk0Y2ViYTkzYjhl NzFhYjgxYzkyZjIyMmRmMjBlOGE3MDZhZi4uOWIzMDk1ZWUzNGE3ZjJkZmMxODI0NjU1NTMzNWU4 MDYxN2NiNGIzNSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDEyLTAyLTI3ICBTZXJn aW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFtHVEtdW2xp YnNvdXBdIFNvdXBTZXNzaW9uIHNob3VsZCB1c2Ugc3lzdGVtIENBCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03OTY1NworCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFNvdXBTZXNzaW9uIHNvdWxkIHVzZSBzeXN0 ZW0gQ0EgbGlzdCB0byB2YWxpZGF0ZSBTU0wgY2VydGlmaWNhdGVzLgorCisgICAgICAgIE5vIG5l dyB0ZXN0cyByZXF1aXJlZC4gQ3VycmVudCBodHRwcyB0ZXN0cyB3aWxsIGZhaWwgaWYgd2UgZG8g bm90CisgICAgICAgIGRpc2FibGUgc3RyaWN0IFNTTCB2ZXJpZmljYXRpb24gZm9yIHRlc3Rpbmcu CisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNw cDoKKyAgICAgICAgKFdlYkNvcmU6OlJlc291cmNlSGFuZGxlOjpkZWZhdWx0U2Vzc2lvbik6CisK IDIwMTItMDItMjggIEFudHRpIEtvaXZpc3RvICA8YW50dGlAYXBwbGUuY29tPgogCiAgICAgICAg IFNwbGl0IENTU1N0eWxlUnVsZSBpbnRvIGludGVybmFsIGFuZCBDU1NPTSB0eXBlCmRpZmYgLS1n aXQgYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cK aW5kZXggMGJjYmVmODVhMDQ0ZWFhNjE2ZjYyZDlmMTJkYTc3YmQ3MDM2NTIzMi4uZGRjNWMxNGZh ZTIwMDNhNzg1ZWM1ZmI2YzA0Njk0ZTAxM2UxNjI2NSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4 IEBACisyMDEyLTAyLTI4ICBTZXJnaW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29t PgorCisgICAgICAgIFtHVEtdW2xpYnNvdXBdIFNvdXBTZXNzaW9uIHNob3VsZCB1c2Ugc3lzdGVt IENBCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03OTY1 NworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIERvIG5v dCB1c2Ugc3RyaWN0IGNlcnRpZmljYXRlIHZhbGlkYXRpb24gZm9yIHRlc3RpbmcuCisKKyAgICAg ICAgTm8gbmV3IHRlc3RzIHJlcXVpcmVkLiBDdXJyZW50IGh0dHBzIHRlc3RzIHdpbGwgZmFpbCBp ZiB3ZSBkbyBub3QKKyAgICAgICAgZGlzYWJsZSBzdHJpY3QgU1NMIHZlcmlmaWNhdGlvbiBmb3Ig dGVzdGluZy4KKworICAgICAgICAqIFdlYlByb2Nlc3MvSW5qZWN0ZWRCdW5kbGUvSW5qZWN0ZWRC dW5kbGUuY3BwOgorICAgICAgICAoV2ViS2l0OjpJbmplY3RlZEJ1bmRsZTo6c3dpdGNoTmV0d29y a0xvYWRlclRvTmV3VGVzdGluZ1Nlc3Npb24pOgorCiAyMDEyLTAyLTI4ICBIdWdvIFBhcmVudGUg TGltYSAgPGh1Z28ubGltYUBvcGVuYm9zc2Eub3JnPgogCiAgICAgICAgIFtRdF1bV0syXSBVc2Ug bW92ZW1lbnRTdGFydGVkL0VuZGVkIHNpZ25hbHMgaW5zdGVhZCBvZiBtb3ZpbmdDaGFuZ2VkIG9u IFF0Vmlld3BvcnRJbnRlcmF0aW9uRW5naW5lCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9w bGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcCBiL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwCmluZGV4IGU2 NzE2NjBhZWEzMzM3MTNiZTM0ODU2MzE5ZWNhNjNjOTRjNzNiNmQuLjBlZTVkMDFiNzQwMmVjZGU2 ZGEwYmI5M2MxYTEzZmI3MTdkYjdlNzkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRm b3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwCisrKyBiL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwCkBAIC03Mzks NiArNzM5LDcgQEAgU291cFNlc3Npb24qIFJlc291cmNlSGFuZGxlOjpkZWZhdWx0U2Vzc2lvbigp CiAgICAgICAgICAgICAgICAgICAgICBTT1VQX1NFU1NJT05fQUREX0ZFQVRVUkVfQllfVFlQRSwg U09VUF9UWVBFX0NPTlRFTlRfREVDT0RFUiwKICAgICAgICAgICAgICAgICAgICAgIFNPVVBfU0VT U0lPTl9BRERfRkVBVFVSRV9CWV9UWVBFLCBTT1VQX1RZUEVfQ09OVEVOVF9TTklGRkVSLAogICAg ICAgICAgICAgICAgICAgICAgU09VUF9TRVNTSU9OX0FERF9GRUFUVVJFX0JZX1RZUEUsIFNPVVBf VFlQRV9QUk9YWV9SRVNPTFZFUl9ERUZBVUxULAorICAgICAgICAgICAgICAgICAgICAgU09VUF9T RVNTSU9OX1NTTF9VU0VfU1lTVEVNX0NBX0ZJTEUsIFRSVUUsCiAgICAgICAgICAgICAgICAgICAg ICBOVUxMKTsKICAgICB9CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3Mv SW5qZWN0ZWRCdW5kbGUvSW5qZWN0ZWRCdW5kbGUuY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJv Y2Vzcy9JbmplY3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKaW5kZXggMjI2N2Q2NmE5YWZj NDNiMWU0ZWNiYjYxZjZkMjA0ZTE5MTkwYWZlMS4uZmQ1MjM4ZTQwMzc2ZDQ5NDEyNGY1MDdiYWNi ODE4MWZlNmE5NDJlMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9Jbmpl Y3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJv Y2Vzcy9JbmplY3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKQEAgLTIzMCw2ICsyMzAsMTAg QEAgdm9pZCBJbmplY3RlZEJ1bmRsZTo6c3dpdGNoTmV0d29ya0xvYWRlclRvTmV3VGVzdGluZ1Nl c3Npb24oKQogICAgIC8vIFNldCBhIHByaXZhdGUgc2Vzc2lvbiBmb3IgdGVzdGluZyB0byBhdm9p ZCBpbnRlcmZlcmluZyB3aXRoIGdsb2JhbCBjb29raWVzLiBUaGlzIHNob3VsZCBiZSBkaWZmZXJl bnQgZnJvbSBwcml2YXRlIGJyb3dzaW5nIHNlc3Npb24uCiAgICAgUmV0YWluUHRyPENGVVJMU3Rv cmFnZVNlc3Npb25SZWY+IHNlc3Npb24gPSBSZXNvdXJjZUhhbmRsZTo6Y3JlYXRlUHJpdmF0ZUJy b3dzaW5nU3RvcmFnZVNlc3Npb24oQ0ZTVFIoIlByaXZhdGUgV2ViS2l0IFNlc3Npb24iKSk7CiAg ICAgUmVzb3VyY2VIYW5kbGU6OnNldERlZmF1bHRTdG9yYWdlU2Vzc2lvbihzZXNzaW9uLmdldCgp KTsKKyNlbGlmIFVTRShTT1VQKQorICAgIC8vIERvIG5vdCB1c2Ugc3RyaWN0IGNlcnRpZmljYXRl IHZhbGlkYXRpb24gZm9yIHRlc3RzLgorICAgIFNvdXBTZXNzaW9uKiBzZXNzaW9uID0gV2ViQ29y ZTo6UmVzb3VyY2VIYW5kbGU6OmRlZmF1bHRTZXNzaW9uKCk7CisgICAgZ19vYmplY3Rfc2V0KHNl c3Npb24sIFNPVVBfU0VTU0lPTl9TU0xfU1RSSUNULCBGQUxTRSwgTlVMTCk7CiAjZW5kaWYKIH0K IApkaWZmIC0tZ2l0IGEvVG9vbHMvQ2hhbmdlTG9nIGIvVG9vbHMvQ2hhbmdlTG9nCmluZGV4IDU3 M2YzM2RjZTk1YTg5YmJiNmQ5OGM1NzhiY2RlZDQ0MDJmMmRjMDMuLmMyMmU5YzY4MTcxMzgzYWM3 ZjgzYTAwMmFhNGUwYjdlNWMxZWY3NGIgMTAwNjQ0Ci0tLSBhL1Rvb2xzL0NoYW5nZUxvZworKysg Yi9Ub29scy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNiBAQAorMjAxMi0wMi0yNyAgU2VyZ2lvIFZp bGxhciBTZW5pbiAgPHN2aWxsYXJAaWdhbGlhLmNvbT4KKworICAgICAgICBbR1RLXVtsaWJzb3Vw XSBTb3VwU2Vzc2lvbiBzaG91bGQgdXNlIHN5c3RlbSBDQQorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Nzk2NTcKKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICBEaXNhYmxlIHN0cmljdCBTU0wgdmVyaWZpY2F0aW9u IGZvciB0ZXN0aW5nIGFmdGVyIGVuYWJsaW5nIHN5c3RlbQorICAgICAgICBDQSB2ZXJpZmljYXRp b24gZm9yIFNTTCBjZXJ0aWZpY2F0ZXMuCisKKyAgICAgICAgKiBEdW1wUmVuZGVyVHJlZS9ndGsv RHVtcFJlbmRlclRyZWUuY3BwOgorICAgICAgICAoc2V0RGVmYXVsdHNUb0NvbnNpc3RlbnRTdGF0 ZVZhbHVlc0ZvclRlc3RpbmcpOgorCiAyMDEyLTAyLTI4ICBLZW50IFRhbXVyYSAgPHRrZW50QGNo cm9taXVtLm9yZz4KIAogICAgICAgICBVcGRhdGUgYSBwYXR0ZXJuIGZvciBmb3JtcyBmaWxlcyBv ZiB3YXRjaGxpc3QKZGlmZiAtLWdpdCBhL1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2d0ay9EdW1wUmVu ZGVyVHJlZS5jcHAgYi9Ub29scy9EdW1wUmVuZGVyVHJlZS9ndGsvRHVtcFJlbmRlclRyZWUuY3Bw CmluZGV4IDJlY2YxZGYyMzRmODNlMzQ3N2EyZmJjZTY5MzA3MzliYTU4ODRjY2MuLjg4YWY3YWIw YWIxYWM1NjA5N2I5NzY1YWE5YzAyMzkzODg2Y2MyY2YgMTAwNjQ0Ci0tLSBhL1Rvb2xzL0R1bXBS ZW5kZXJUcmVlL2d0ay9EdW1wUmVuZGVyVHJlZS5jcHAKKysrIGIvVG9vbHMvRHVtcFJlbmRlclRy ZWUvZ3RrL0R1bXBSZW5kZXJUcmVlLmNwcApAQCAtNTkyLDYgKzU5Miw5IEBAIHN0YXRpYyB2b2lk IHNldERlZmF1bHRzVG9Db25zaXN0ZW50U3RhdGVWYWx1ZXNGb3JUZXN0aW5nKCkKICAgICBTb3Vw U2Vzc2lvbiogc2Vzc2lvbiA9IHdlYmtpdF9nZXRfZGVmYXVsdF9zZXNzaW9uKCk7CiAgICAgc291 cF9zZXNzaW9uX3JlbW92ZV9mZWF0dXJlX2J5X3R5cGUoc2Vzc2lvbiwgV0VCS0lUX1RZUEVfU09V UF9BVVRIX0RJQUxPRyk7CiAKKyAgICAvKiBEbyBub3QgdXNlIHN0cmljdCBjZXJ0aWZpY2F0ZSB2 YWxpZGF0aW9uIGZvciB0ZXN0cy4gKi8KKyAgICBnX29iamVjdF9zZXQoc2Vzc2lvbiwgU09VUF9T RVNTSU9OX1NTTF9TVFJJQ1QsIEZBTFNFLCBOVUxMKTsKKwogI2lmIFBMQVRGT1JNKFgxMSkKICAg ICB3ZWJraXRfd2ViX3NldHRpbmdzX2FkZF9leHRyYV9wbHVnaW5fZGlyZWN0b3J5KHdlYlZpZXcs IFRFU1RfUExVR0lOX0RJUik7CiAjZW5kaWYK 129453 2012-02-29 08:12:19 -0800 2012-02-29 14:26:31 -0800 Patch bug-79657-20120229171217.patch text/plain 2837 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMTA5MjA1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggNGQyNjgxMDYxYWRmYzMz NDAxYWY4MTExOWNkYzcxNjY3M2UyZjUwZi4uNmNkOTg5NzQ2Yjk1YzhkYTk1N2MxNDliZDFkNjMw YWY2YzlmMTUyYyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIyIEBACisyMDEyLTAyLTI5ICBTZXJn aW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFtXSzJdIFtH VEtdIFtsaWJzb3VwXSBTb3VwU2Vzc2lvbiBzaG91bGQgdXNlIHN5c3RlbSBDQQorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Nzk2NTcKKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBTb3VwU2Vzc2lvbiBzb3VsZCB1 c2Ugc3lzdGVtIENBIGxpc3QgdG8gdmFsaWRhdGUgU1NMCisgICAgICAgIGNlcnRpZmljYXRlcy4g RG8gbm90IHVzZSBzdHJpY3QgY2VydGlmaWNhdGUgdmFsaWRhdGlvbiBmb3IKKyAgICAgICAgTGF5 b3V0IFRlc3RzIHRvdWdoLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cyByZXF1aXJlZC4gQ3VycmVu dCBXSzIgaHR0cHMgdGVzdHMgd2lsbCBmYWlsIGlmIHdlIGRvCisgICAgICAgIG5vdCBkaXNhYmxl IHN0cmljdCBTU0wgdmVyaWZpY2F0aW9uIGZvciB0ZXN0aW5nLgorCisgICAgICAgICogV2ViUHJv Y2Vzcy9JbmplY3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHA6CisgICAgICAgIChXZWJLaXQ6 OkluamVjdGVkQnVuZGxlOjpzd2l0Y2hOZXR3b3JrTG9hZGVyVG9OZXdUZXN0aW5nU2Vzc2lvbik6 CisgICAgICAgICogV2ViUHJvY2Vzcy9ndGsvV2ViUHJvY2Vzc01haW5HdGsuY3BwOgorICAgICAg ICAoV2ViS2l0OjpXZWJQcm9jZXNzTWFpbkd0ayk6CisKIDIwMTItMDItMjggIFNpbW9uIEZyYXNl ciAgPHNpbW9uLmZyYXNlckBhcHBsZS5jb20+CiAKICAgICAgICAgVXBkYXRlIFdlYktpdFN5c3Rl bUludGVyZmFjZS4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvSW5qZWN0 ZWRCdW5kbGUvSW5qZWN0ZWRCdW5kbGUuY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9J bmplY3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKaW5kZXggMjI2N2Q2NmE5YWZjNDNiMWU0 ZWNiYjYxZjZkMjA0ZTE5MTkwYWZlMS4uZmQ1MjM4ZTQwMzc2ZDQ5NDEyNGY1MDdiYWNiODE4MWZl NmE5NDJlMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9JbmplY3RlZEJ1 bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9J bmplY3RlZEJ1bmRsZS9JbmplY3RlZEJ1bmRsZS5jcHAKQEAgLTIzMCw2ICsyMzAsMTAgQEAgdm9p ZCBJbmplY3RlZEJ1bmRsZTo6c3dpdGNoTmV0d29ya0xvYWRlclRvTmV3VGVzdGluZ1Nlc3Npb24o KQogICAgIC8vIFNldCBhIHByaXZhdGUgc2Vzc2lvbiBmb3IgdGVzdGluZyB0byBhdm9pZCBpbnRl cmZlcmluZyB3aXRoIGdsb2JhbCBjb29raWVzLiBUaGlzIHNob3VsZCBiZSBkaWZmZXJlbnQgZnJv bSBwcml2YXRlIGJyb3dzaW5nIHNlc3Npb24uCiAgICAgUmV0YWluUHRyPENGVVJMU3RvcmFnZVNl c3Npb25SZWY+IHNlc3Npb24gPSBSZXNvdXJjZUhhbmRsZTo6Y3JlYXRlUHJpdmF0ZUJyb3dzaW5n U3RvcmFnZVNlc3Npb24oQ0ZTVFIoIlByaXZhdGUgV2ViS2l0IFNlc3Npb24iKSk7CiAgICAgUmVz b3VyY2VIYW5kbGU6OnNldERlZmF1bHRTdG9yYWdlU2Vzc2lvbihzZXNzaW9uLmdldCgpKTsKKyNl bGlmIFVTRShTT1VQKQorICAgIC8vIERvIG5vdCB1c2Ugc3RyaWN0IGNlcnRpZmljYXRlIHZhbGlk YXRpb24gZm9yIHRlc3RzLgorICAgIFNvdXBTZXNzaW9uKiBzZXNzaW9uID0gV2ViQ29yZTo6UmVz b3VyY2VIYW5kbGU6OmRlZmF1bHRTZXNzaW9uKCk7CisgICAgZ19vYmplY3Rfc2V0KHNlc3Npb24s IFNPVVBfU0VTU0lPTl9TU0xfU1RSSUNULCBGQUxTRSwgTlVMTCk7CiAjZW5kaWYKIH0KIApkaWZm IC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9ndGsvV2ViUHJvY2Vzc01haW5HdGsu Y3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9ndGsvV2ViUHJvY2Vzc01haW5HdGsuY3Bw CmluZGV4IGFhY2MyN2I2YjJkYjE3ZWRmMjcxM2E0Yjc4NjkwOTk5ZmQ2YmUwMjguLjM5MDA2NDcx ODdlMTgzZTE3ZDRhZjQyZmEwNTFkMmJjZTE3MDIxMWYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJL aXQyL1dlYlByb2Nlc3MvZ3RrL1dlYlByb2Nlc3NNYWluR3RrLmNwcAorKysgYi9Tb3VyY2UvV2Vi S2l0Mi9XZWJQcm9jZXNzL2d0ay9XZWJQcm9jZXNzTWFpbkd0ay5jcHAKQEAgLTY0LDYgKzY0LDkg QEAgV0tfRVhQT1JUIGludCBXZWJQcm9jZXNzTWFpbkd0ayhpbnQgYXJnYywgY2hhciogYXJndltd KQogICAgIFNvdXBTZXNzaW9uKiBzZXNzaW9uID0gV2ViQ29yZTo6UmVzb3VyY2VIYW5kbGU6OmRl ZmF1bHRTZXNzaW9uKCk7CiAgICAgc291cF9zZXNzaW9uX2FkZF9mZWF0dXJlX2J5X3R5cGUoc2Vz c2lvbiwgV0VCX1RZUEVfQVVUSF9ESUFMT0cpOwogCisgICAgLy8gQ2Fubm90IGJlIGRvbmUgaW4g UmVzb3VyY2VIYW5kbGVTb3VwICh3aWxsIGJyZWFrIFdLMSBBUEkpLgorICAgIGdfb2JqZWN0X3Nl dChzZXNzaW9uLCBTT1VQX1NFU1NJT05fU1NMX1VTRV9TWVNURU1fQ0FfRklMRSwgVFJVRSwgTlVM TCk7CisKICAgICBSdW5Mb29wOjpydW4oKTsKIAogICAgIHJldHVybiAwOwo=