92649 2012-07-30 07:57:43 -0700 [Qt] REGRESSION http/tests/security/contentSecurityPolicy/object-src-none-blocked.html fails after r123978 2012-08-04 15:20:19 -0700 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED Qt, QtTriaged P2 Normal --- 79666 92478 93138 93178 1 zarvai mkwst abarth eric gyuyoung.kim japhet kadam kbalazs mifenton mikhail.pozdnyakov mkwst ossy rakuco webkit.review.bot oldest_to_newest 682011 0 zarvai 2012-07-30 07:57:43 -0700 http/tests/security/contentSecurityPolicy/object-src-none-blocked.html fails after r123978 --- /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/contentSecurityPolicy/object-src-none-blocked-expected.txt +++ /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/contentSecurityPolicy/object-src-none-blocked-actual.txt @@ -1,3 +1,5 @@ +CONSOLE MESSAGE: Refused to load the object 'data:application/x-webkit-test-netscape,logifloaded' because it violates the following Content Security Policy directive: "object-src 'none'". + CONSOLE MESSAGE: Refused to load the object 'data:application/x-webkit-test-netscape,logifloaded' because it violates the following Content Security Policy directive: "object-src 'none'". 682013 1 mkwst 2012-07-30 08:01:51 -0700 The diff looks correct, sorry for not checking the other ports before landing. I'll fix it tonight when I'm back in front of a computer. 682030 2 ossy 2012-07-30 08:18:38 -0700 Why r123978 caused this duplicated console message? 682036 3 zarvai 2012-07-30 08:24:35 -0700 Problem exist on Qt5, too. http/tests/security/contentSecurityPolicy/object-src-none-blocked.html test makes http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml fail after the commit r123978. Before this commit it had no problem with "logifloaded". --- /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt +++ /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-securityOrigin-actual.txt @@ -1,3 +1,5 @@ +CONSOLE MESSAGE: Refused to load the object 'data:application/x-webkit-test-netscape,logifloaded' because it violates the following Content Security Policy directive: "object-src 'none'". + CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8080/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match. -This test passes if it doesn't alert the contents of innocent-victim.html. +This test passes if it doesn't alert the contents of innocent-victim.html. 682050 4 zarvai 2012-07-30 08:51:17 -0700 Test skipped on Qt in http://trac.webkit.org/changeset/124030. Please unskip it with the proper fix. 683139 5 mkwst 2012-07-31 08:55:22 -0700 (In reply to comment #2) > Why r123978 caused this duplicated console message? I spoke too quickly; I didn't see that the console message was being duplicated. That diff makes no sense. 683214 6 ossy 2012-07-31 09:54:24 -0700 Great, skipping a test made another one fail, but only on WK2: --- /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/layout-test-results/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked-expected.txt +++ /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/layout-test-results/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked-actual.txt @@ -1,3 +1,5 @@ +CONSOLE MESSAGE: Refused to load the object '' because it violates the following Content Security Policy directive: "object-src 'none'". + CONSOLE MESSAGE: Refused to load the object '' because it violates the following Content Security Policy directive: "object-src 'none'". This test passes if there is a console message saying the plugin was blocked. 685736 7 mkwst 2012-08-02 13:34:42 -0700 Merging 92963 into this bug. Adam suggested that async console logs from one test might be leaking into the next. This could certainly be the case, given that plugin loading is wonky. I'll post a patch in a moment that adds delays and see how it goes. If it fixes the issues, I'll unskip the tests on the various ports. 685740 8 mkwst 2012-08-02 13:35:41 -0700 *** Bug 92963 has been marked as a duplicate of this bug. *** 686657 9 156356 mkwst 2012-08-03 06:49:23 -0700 Created attachment 156356 Patch 686662 10 mkwst 2012-08-03 06:52:59 -0700 This is a bit of a mess. Console messages are leaking into the next test, partially because we're generating more messages than we should when blocking plugins via Content Security Policy. The attached patch adds a new PluginUnavailabilityReason, and marks the plugin element's renderer as unavailable when CSP blocks the plugin. This should prevent additional console messages from being generated, and works in my local testing (NRWT, running each test in the `security/contentSecurityPolicy` directory 20 times). WDYT, Jochen and Adam? 686668 11 156356 jochen 2012-08-03 06:59:00 -0700 Comment on attachment 156356 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=156356&action=review > Source/WebCore/loader/SubframeLoader.cpp:-130 > - return false; I assume you removed this check because you don't have a renderer yet at this point? Are there code paths that go through requestPlugin but never loadPlugin? 686677 12 156356 mkwst 2012-08-03 07:06:47 -0700 Comment on attachment 156356 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=156356&action=review >> Source/WebCore/loader/SubframeLoader.cpp:-130 >> - return false; > > I assume you removed this check because you don't have a renderer yet at this point? > > Are there code paths that go through requestPlugin but never loadPlugin? Right. Since someone already called out the dependence on renderer in loadPlugin as an issue, I decided that introducing it in another method would be a bad idea. loadPlugin and requestPlugin are both private methods of SubframeLoader, and so far as I can tell, loadPlugin is only called inside SubframeLoader from requestPlugin. Removing this check here seems safe. 686806 13 mkwst 2012-08-03 08:59:51 -0700 *** Bug 92956 has been marked as a duplicate of this bug. *** 686809 14 mkwst 2012-08-03 09:01:17 -0700 *** Bug 91379 has been marked as a duplicate of this bug. *** 686816 15 156356 abarth 2012-08-03 09:14:07 -0700 Comment on attachment 156356 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=156356&action=review >>> Source/WebCore/loader/SubframeLoader.cpp:-130 >>> - return false; >> >> I assume you removed this check because you don't have a renderer yet at this point? >> >> Are there code paths that go through requestPlugin but never loadPlugin? > > Right. Since someone already called out the dependence on renderer in loadPlugin as an issue, I decided that introducing it in another method would be a bad idea. > > loadPlugin and requestPlugin are both private methods of SubframeLoader, and so far as I can tell, loadPlugin is only called inside SubframeLoader from requestPlugin. Removing this check here seems safe. Is the isSandboxed(SandboxPlugins) needed? Should we add an ASSERT? 686832 16 mkwst 2012-08-03 09:26:26 -0700 (In reply to comment #15) > (From update of attachment 156356 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=156356&action=review > > >>> Source/WebCore/loader/SubframeLoader.cpp:-130 > >>> - return false; > >> > >> I assume you removed this check because you don't have a renderer yet at this point? > >> > >> Are there code paths that go through requestPlugin but never loadPlugin? > > > > Right. Since someone already called out the dependence on renderer in loadPlugin as an issue, I decided that introducing it in another method would be a bad idea. > > > > loadPlugin and requestPlugin are both private methods of SubframeLoader, and so far as I can tell, loadPlugin is only called inside SubframeLoader from requestPlugin. Removing this check here seems safe. > > Is the isSandboxed(SandboxPlugins) needed? Should we add an ASSERT? I don't see another check for SandboxPlugins in SubframeLoader or in HTML{Object,Embed}Element. We could move that check to loadPlugin if you'd like? Moving some of these check out into HTMLXXXElement might very well make sense. I'm happy to do that, but I'd suggest doing it in a separate patch, as it's cleanup that's somewhat tangential to this bug. 686898 17 156356 abarth 2012-08-03 10:19:32 -0700 Comment on attachment 156356 Patch Ok. In general, these two checks should be right next to each other since they're doing very similar things, but we can clean that up in a later patch. 686917 18 156356 mkwst 2012-08-03 10:29:21 -0700 Comment on attachment 156356 Patch I've filed a bug to follow up on the cleanup. Would you mind CQing this in the meantime? 686920 19 mkwst 2012-08-03 10:30:39 -0700 (In reply to comment #18) > (From update of attachment 156356 [details]) > I've filed a bug to follow up on the cleanup. Would you mind CQing this in the meantime? web.it/93138 686923 20 abarth 2012-08-03 10:32:11 -0700 boom 687020 21 156356 webkit.review.bot 2012-08-03 12:14:26 -0700 Comment on attachment 156356 Patch Clearing flags on attachment: 156356 Committed r124636: <http://trac.webkit.org/changeset/124636> 687021 22 webkit.review.bot 2012-08-03 12:14:33 -0700 All reviewed patches have been landed. Closing bug. 687498 23 mkwst 2012-08-04 15:18:38 -0700 *** Bug 77556 has been marked as a duplicate of this bug. *** 687500 24 mkwst 2012-08-04 15:20:19 -0700 *** Bug 71906 has been marked as a duplicate of this bug. *** 156356 2012-08-03 06:49:23 -0700 2012-08-03 12:14:25 -0700 Patch bug-92649-20120803154902.patch text/plain 10644 mkwst U3VidmVyc2lvbiBSZXZpc2lvbjogMTI0NTgyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNjlhMjg3ZTdjNDMxZWRh ZTc5MThjZjQ0MTg2YjEwODFlYjczNzhlYS4uNzlkMjBhZDczYTFjNjc1NWU5NzU2YTdjMTkyNDE5 OWQzOWQyMjhkNSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDUzIEBACisyMDEyLTA4LTAzICBNaWtl IFdlc3QgIDxta3dzdEBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgQmxvY2tpbmcgYSBwbHVnaW4g dmlhIENTUCBzaG91bGQgcmVzdWx0IGluIG9uZSAoYW5kIG9ubHkgb25lKSBjb25zb2xlIG1lc3Nh Z2UuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD05MjY0 OQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEN1cnJl bnRseSwgYmxvY2tpbmcgYSBwbHVnaW4gdmlhIENvbnRlbnQgU2VjdXJpdHkgUG9saWN5IHJlc3Vs dHMgaW4gc29tZQorICAgICAgICBsZWFrYWdlIG9mIGNvbnNvbGUgbG9nIG1lc3NhZ2VzIGJldHdl ZW4gdGVzdHMuIEknbSB1bmNsZWFyIGFzIHRvIHRoZQorICAgICAgICByb290IGNhdXNlLCBidXQg dGhlIHN5bXB0b21zIGV4aGliaXRlZCBpbmNsdWRlCisgICAgICAgIGBTdWJmcmFtZUxvYWRlcjo6 cmVxdWVzdFBsdWdpbmAgYmVpbmcgY2FsbGVkIG11bHRpcGxlIHRpbWVzIGZvciBhIHNpbmdsZQor ICAgICAgICBlbGVtZW50LCB3aGljaCBpbiB0dXJuIGNhdXNlcyBtdWx0aXBsZSBjb25zb2xlIGxv Z3MgdG8gYmUgc2VudC4gVGhlc2UKKyAgICAgICAgbWVzc2FnZXMgdGVuZCB0byBhcHBlYXIgaW4g dGhlIHN1YnNlcXVlbnQgdGVzdCwgbWFraW5nIHRoZQorICAgICAgICBgaHR0cC90ZXN0L3NlY3Vy aXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9vYmplY3Qtc3JjLSpgIHNldCBvZiB0ZXN0cworICAg ICAgICBmbGFrZXkgaW5kZWVkLgorCisgICAgICAgIFRoaXMgcGF0Y2ggYWRkcmVzc2VzIHRoZSBp c3N1ZSBieSBtYXJraW5nIGVsZW1lbnRzJyBwbHVnaW5zIGFzCisgICAgICAgIHVuYXZhaWxhYmxl IHdoZW4gdGhleSdyZSBibG9ja2VkIGJ5IENTUC4gTm8gbmV3IHRlc3RzIGhhdmUgYmVlbiBhZGRl ZDoKKyAgICAgICAgdGhpcyBwYXRjaCBzaG91bGQgc2ltcGx5IG1ha2UgdGhlIGN1cnJlbnQgdGVz dHMgYWN0dWFsbHkgcGFzcy4KKworICAgICAgICAqIGxvYWRlci9TdWJmcmFtZUxvYWRlci5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpTdWJmcmFtZUxvYWRlcjo6cmVxdWVzdFBsdWdpbik6CisgICAg ICAgICAgICBXZSBjaGVjayB0aGUgQ1NQIHN0YXR1cyBpbiBgU3ViZnJhbWVMb2FkZXI6OmxvYWRQ bHVnaW5gLCB3aGljaCBpcworICAgICAgICAgICAgY2FsbGVkIGF0IHRoZSBlbmQgb2YgdGhpcyBm dW5jdGlvbi4gQ2hlY2tpbmcgQ1NQIHN0YXR1cyBpbiBib3RoCisgICAgICAgICAgICBsb2NhdGlv bnMgaXMgcmVkdW5kYW50LgorICAgICAgICAoV2ViQ29yZTo6U3ViZnJhbWVMb2FkZXI6OmxvYWRQ bHVnaW4pOgorICAgICAgICAgICAgSWYgdGhlIHBsdWdpbiBpcyBibG9ja2VkIGJ5IENTUCwgdGVs bCB0aGUgZWxlbWVudCdzIGVtYmVkZGVkIG9iamVjdAorICAgICAgICAgICAgcmVuZGVyZXIgdGhh dCB0aGUgcGx1Z2luIGlzIHVuYXZhaWxhYmxlLgorICAgICAgICAqIHBsYXRmb3JtL0xvY2FsaXpl ZFN0cmluZ3MuY3BwOgorICAgICAgICAoV2ViQ29yZTo6YmxvY2tlZFBsdWdpbkJ5Q29udGVudFNl Y3VyaXR5UG9saWN5VGV4dCk6CisgICAgICAgIChXZWJDb3JlKToKKyAgICAgICAgKiBwbGF0Zm9y bS9Mb2NhbGl6ZWRTdHJpbmdzLmg6CisgICAgICAgIChXZWJDb3JlKToKKyAgICAgICAgKiBwbGF0 Zm9ybS9ibGFja2JlcnJ5L0xvY2FsaXplZFN0cmluZ3NCbGFja0JlcnJ5LmNwcDoKKyAgICAgICAg KFdlYkNvcmU6OmJsb2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQpOgorICAg ICAgICAoV2ViQ29yZSk6CisgICAgICAgICogcGxhdGZvcm0vZWZsL0xvY2FsaXplZFN0cmluZ3NF ZmwuY3BwOgorICAgICAgICAoV2ViQ29yZTo6YmxvY2tlZFBsdWdpbkJ5Q29udGVudFNlY3VyaXR5 UG9saWN5VGV4dCk6CisgICAgICAgIChXZWJDb3JlKToKKyAgICAgICAgKiBwbGF0Zm9ybS9ndGsv TG9jYWxpemVkU3RyaW5nc0d0ay5jcHA6CisgICAgICAgIChXZWJDb3JlOjpibG9ja2VkUGx1Z2lu QnlDb250ZW50U2VjdXJpdHlQb2xpY3lUZXh0KToKKyAgICAgICAgKFdlYkNvcmUpOgorICAgICAg ICAqIHBsYXRmb3JtL3F0L0xvY2FsaXplZFN0cmluZ3NRdC5jcHA6CisgICAgICAgIChXZWJDb3Jl OjpibG9ja2VkUGx1Z2luQnlDb250ZW50U2VjdXJpdHlQb2xpY3lUZXh0KToKKyAgICAgICAgKFdl YkNvcmUpOgorICAgICAgICAqIHJlbmRlcmluZy9SZW5kZXJFbWJlZGRlZE9iamVjdC5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjp1bmF2YWlsYWJsZVBsdWdpblJlcGxhY2VtZW50VGV4dCk6CisgICAg ICAgICogcmVuZGVyaW5nL1JlbmRlckVtYmVkZGVkT2JqZWN0Lmg6CisgICAgICAgICAgICBSZXR1 cm4gYXBwcm9wcmlhdGUgdGV4dCB3aGVuIHRoZSBwbHVnaW4gaXMgYmxvY2tlZCBieSBDU1AuCisK IDIwMTItMDgtMDMgIEd5dXlvdW5nIEtpbSAgPGd5dXlvdW5nLmtpbUBzYW1zdW5nLmNvbT4KIAog ICAgICAgICBBZGQgKmV4cGxpY2l0KiBrZXl3b3JkIHRvIGNvbnN0cnVjdG9ycyBpbiBXZWJDb3Jl L2FjY2Vzc2liaWxpdHkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvY2hyb21pdW0vQ2hhbmdl TG9nIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKaW5kZXggYzA3YjkyOWE5YmQx MzBhNzQwMWQ0MWE3N2QyOWMyMWFjNWM4YmExYS4uOWQ3MmY4YzYwNTI1YTI3ZWE4YTk4YjhhZjgw NjMzZTY0NzdiMDY0OSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9jaHJvbWl1bS9DaGFuZ2VM b2cKKysrIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNSBA QAorMjAxMi0wOC0wMyAgTWlrZSBXZXN0ICA8bWt3c3RAY2hyb21pdW0ub3JnPgorCisgICAgICAg IEJsb2NraW5nIGEgcGx1Z2luIHZpYSBDU1Agc2hvdWxkIHJlc3VsdCBpbiBvbmUgKGFuZCBvbmx5 IG9uZSkgY29uc29sZSBtZXNzYWdlLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9OTI2NDkKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICAqIHNyYy9Mb2NhbGl6ZWRTdHJpbmdzLmNwcDoKKyAgICAgICAgKFdlYkNv cmU6OmJsb2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQpOgorICAgICAgICAo V2ViQ29yZSk6CisgICAgICAgICAgICBBZGRpbmcgYSBzdHViIGZvciB0aGUgbmV3bHkgYWRkZWQg c3RyaW5nLgorCiAyMDEyLTA4LTAyICBJbHlhIFRpa2hvbm92c2t5ICA8bG9pc2xvQGNocm9taXVt Lm9yZz4KIAogICAgICAgICBXZWIgSW5zcGVjdG9yOiBleHRlbmQgdGVzdCBjb3ZlcmFnZSBmb3Ig bm1pIGNvZGUgYW5kIGZpeCAyIGJ1Z3MuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2Fk ZXIvU3ViZnJhbWVMb2FkZXIuY3BwIGIvU291cmNlL1dlYkNvcmUvbG9hZGVyL1N1YmZyYW1lTG9h ZGVyLmNwcAppbmRleCBjMGEwOTdhMGJjZmU2N2U2MDQ3MjRiMDZlMzZjNzc3NTIyOTExMjA2Li42 OTkxNzM2MmMwMGM0MTMyNjlkZTU3MmUxNDVlNGQ3MGEwZjMzNGNjIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvV2ViQ29yZS9sb2FkZXIvU3ViZnJhbWVMb2FkZXIuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3Jl L2xvYWRlci9TdWJmcmFtZUxvYWRlci5jcHAKQEAgLTEyNiw4ICsxMjYsNiBAQCBib29sIFN1YmZy YW1lTG9hZGVyOjpyZXF1ZXN0UGx1Z2luKEhUTUxQbHVnSW5JbWFnZUVsZW1lbnQqIG93bmVyRWxl bWVudCwgY29uc3QgSwogICAgIGlmIChtX2ZyYW1lLT5kb2N1bWVudCgpKSB7CiAgICAgICAgIGlm IChtX2ZyYW1lLT5kb2N1bWVudCgpLT5pc1NhbmRib3hlZChTYW5kYm94UGx1Z2lucykpCiAgICAg ICAgICAgICByZXR1cm4gZmFsc2U7Ci0gICAgICAgIGlmICghbV9mcmFtZS0+ZG9jdW1lbnQoKS0+ Y29udGVudFNlY3VyaXR5UG9saWN5KCktPmFsbG93T2JqZWN0RnJvbVNvdXJjZSh1cmwpKQotICAg ICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgIH0KIAogICAgIEFTU0VSVChvd25lckVsZW1lbnQt Pmhhc1RhZ05hbWUob2JqZWN0VGFnKSB8fCBvd25lckVsZW1lbnQtPmhhc1RhZ05hbWUoZW1iZWRU YWcpKTsKQEAgLTQyMSw4ICs0MTksMTAgQEAgYm9vbCBTdWJmcmFtZUxvYWRlcjo6bG9hZFBsdWdp bihIVE1MUGx1Z0luSW1hZ2VFbGVtZW50KiBwbHVnaW5FbGVtZW50LCBjb25zdCBLVVIKICAgICAg ICAgcmV0dXJuIGZhbHNlOwogICAgIH0KIAotICAgIGlmICghZG9jdW1lbnQoKS0+Y29udGVudFNl Y3VyaXR5UG9saWN5KCktPmFsbG93T2JqZWN0RnJvbVNvdXJjZSh1cmwpKQorICAgIGlmICghZG9j dW1lbnQoKS0+Y29udGVudFNlY3VyaXR5UG9saWN5KCktPmFsbG93T2JqZWN0RnJvbVNvdXJjZSh1 cmwpKSB7CisgICAgICAgIHJlbmRlcmVyLT5zZXRQbHVnaW5VbmF2YWlsYWJpbGl0eVJlYXNvbihS ZW5kZXJFbWJlZGRlZE9iamVjdDo6UGx1Z2luQmxvY2tlZEJ5Q29udGVudFNlY3VyaXR5UG9saWN5 KTsKICAgICAgICAgcmV0dXJuIGZhbHNlOworICAgIH0KIAogICAgIEZyYW1lTG9hZGVyKiBmcmFt ZUxvYWRlciA9IG1fZnJhbWUtPmxvYWRlcigpOwogICAgIGlmICghZnJhbWVMb2FkZXItPmNoZWNr SWZSdW5JbnNlY3VyZUNvbnRlbnQoZG9jdW1lbnQoKS0+c2VjdXJpdHlPcmlnaW4oKSwgdXJsKSkK ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL0xvY2FsaXplZFN0cmluZ3MuY3Bw IGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vTG9jYWxpemVkU3RyaW5ncy5jcHAKaW5kZXggZTc5 YjUxOGU5NzIyNTU4NzE2ZmZiNjU1M2E3NzBhMjQ0ZDk1NjM0YS4uYmM1NGI2MWFhYzRmZWVmYjM0 M2NiMDRiOGI3ODU4NDgzZTBkYzlhMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vTG9jYWxpemVkU3RyaW5ncy5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vTG9j YWxpemVkU3RyaW5ncy5jcHAKQEAgLTY3Myw2ICs2NzMsMTEgQEAgU3RyaW5nIGNyYXNoZWRQbHVn aW5UZXh0KCkKICAgICByZXR1cm4gV0VCX1VJX1NUUklORygiUGx1Zy1pbiBGYWlsdXJlIiwgIkxh YmVsIHRleHQgdG8gYmUgdXNlZCBpZiBwbHVnaW4gaG9zdCBwcm9jZXNzIGhhcyBjcmFzaGVkIik7 CiB9CiAKK1N0cmluZyBibG9ja2VkUGx1Z2luQnlDb250ZW50U2VjdXJpdHlQb2xpY3lUZXh0KCkK K3sKKyAgICByZXR1cm4gV0VCX1VJX1NUUklORygiQmxvY2tlZCBQbHVnLWluIiwgIkxhYmVsIHRl eHQgdG8gYmUgdXNlZCBpZiBwbHVnaW4gaXMgYmxvY2tlZCBieSBhIHBhZ2UncyBDb250ZW50IFNl Y3VyaXR5IFBvbGljeSIpOworfQorCiBTdHJpbmcgaW5zZWN1cmVQbHVnaW5WZXJzaW9uVGV4dCgp CiB7CiAgICAgcmV0dXJuIFdFQl9VSV9TVFJJTkcoIkJsb2NrZWQgUGx1Zy1pbiIsICJMYWJlbCB0 ZXh0IHRvIGJlIHVzZWQgd2hlbiBhbiBpbnNlY3VyZSBwbHVnLWluIHZlcnNpb24gd2FzIGJsb2Nr ZWQgZnJvbSBsb2FkaW5nIik7CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9M b2NhbGl6ZWRTdHJpbmdzLmggYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9Mb2NhbGl6ZWRTdHJp bmdzLmgKaW5kZXggZmU2Njg2ZGJhNTBhMWYyODk5YmM3Y2NiZmFiMDcyN2RkZTJlYTBhMC4uZWFi MzhiYWNhZmJiMTc1YzRhNGRlMTUxZGZhZGUyMTZiNjhjYjE2OSAxMDA2NDQKLS0tIGEvU291cmNl L1dlYkNvcmUvcGxhdGZvcm0vTG9jYWxpemVkU3RyaW5ncy5oCisrKyBiL1NvdXJjZS9XZWJDb3Jl L3BsYXRmb3JtL0xvY2FsaXplZFN0cmluZ3MuaApAQCAtMTY3LDYgKzE2Nyw3IEBAIG5hbWVzcGFj ZSBXZWJDb3JlIHsKIAogICAgIFN0cmluZyBtaXNzaW5nUGx1Z2luVGV4dCgpOwogICAgIFN0cmlu ZyBjcmFzaGVkUGx1Z2luVGV4dCgpOworICAgIFN0cmluZyBibG9ja2VkUGx1Z2luQnlDb250ZW50 U2VjdXJpdHlQb2xpY3lUZXh0KCk7CiAgICAgU3RyaW5nIGluc2VjdXJlUGx1Z2luVmVyc2lvblRl eHQoKTsKICAgICBTdHJpbmcgbXVsdGlwbGVGaWxlVXBsb2FkVGV4dCh1bnNpZ25lZCBudW1iZXJP ZkZpbGVzKTsKICAgICBTdHJpbmcgdW5rbm93bkZpbGVTaXplVGV4dCgpOwpkaWZmIC0tZ2l0IGEv U291cmNlL1dlYkNvcmUvcGxhdGZvcm0vYmxhY2tiZXJyeS9Mb2NhbGl6ZWRTdHJpbmdzQmxhY2tC ZXJyeS5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ibGFja2JlcnJ5L0xvY2FsaXplZFN0 cmluZ3NCbGFja0JlcnJ5LmNwcAppbmRleCA5ZDM2MmRiZjE3MzZhODlmNzYyZTFkMGM2MDAxMGNi YjBlYzQxOTNkLi43MzJjNGRmNzNiNjhhMjExOWI1MzQyNGY2ZGNiNTBjZWY4YjRjMmNhIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ibGFja2JlcnJ5L0xvY2FsaXplZFN0cmlu Z3NCbGFja0JlcnJ5LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ibGFja2JlcnJ5 L0xvY2FsaXplZFN0cmluZ3NCbGFja0JlcnJ5LmNwcApAQCAtNTcyLDYgKzU3MiwxMiBAQCBTdHJp bmcgY3Jhc2hlZFBsdWdpblRleHQoKQogICAgIHJldHVybiBTdHJpbmcoKTsKIH0KIAorU3RyaW5n IGJsb2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQoKQoreworICAgIG5vdElt cGxlbWVudGVkKCk7CisgICAgcmV0dXJuIFN0cmluZygpOworfQorCiBTdHJpbmcgaW5zZWN1cmVQ bHVnaW5WZXJzaW9uVGV4dCgpCiB7CiAgICAgbm90SW1wbGVtZW50ZWQoKTsKZGlmZiAtLWdpdCBh L1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2VmbC9Mb2NhbGl6ZWRTdHJpbmdzRWZsLmNwcCBiL1Nv dXJjZS9XZWJDb3JlL3BsYXRmb3JtL2VmbC9Mb2NhbGl6ZWRTdHJpbmdzRWZsLmNwcAppbmRleCAy NjNiNWIzYmMwNmRjMTQyNWI5ODU0NzljM2I4ZTJjZDA0ZmI3NzJiLi44MDBkYWUyNWE5NGM5MDgy N2FhNTQyNjY2ZGZjMzA4MGQyMDIzNjAwIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0 Zm9ybS9lZmwvTG9jYWxpemVkU3RyaW5nc0VmbC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxh dGZvcm0vZWZsL0xvY2FsaXplZFN0cmluZ3NFZmwuY3BwCkBAIC01NjAsNiArNTYwLDEyIEBAIFN0 cmluZyBjcmFzaGVkUGx1Z2luVGV4dCgpCiAgICAgcmV0dXJuIFN0cmluZzo6ZnJvbVVURjgoInBs dWdpbiBjcmFzaGVkIik7CiB9CiAKK1N0cmluZyBibG9ja2VkUGx1Z2luQnlDb250ZW50U2VjdXJp dHlQb2xpY3lUZXh0KCkKK3sKKyAgICBub3RJbXBsZW1lbnRlZCgpOworICAgIHJldHVybiBTdHJp bmcoKTsKK30KKwogU3RyaW5nIGluc2VjdXJlUGx1Z2luVmVyc2lvblRleHQoKQogewogICAgIG5v dEltcGxlbWVudGVkKCk7CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ndGsv TG9jYWxpemVkU3RyaW5nc0d0ay5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ndGsvTG9j YWxpemVkU3RyaW5nc0d0ay5jcHAKaW5kZXggNGJiMmNlMDg2NGJiYjVhY2MxYzIxMDI2NTNlYTdh OTU2NDU1NjhlOC4uMmFlODAzMDZjOWQ5ZTk1NTZmOTI4YTBjM2I3ZDNjOGFiMTQ4NjMwZSAxMDA2 NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3RrL0xvY2FsaXplZFN0cmluZ3NHdGsu Y3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2d0ay9Mb2NhbGl6ZWRTdHJpbmdzR3Rr LmNwcApAQCAtNDczLDYgKzQ3MywxMiBAQCBTdHJpbmcgY3Jhc2hlZFBsdWdpblRleHQoKQogICAg IHJldHVybiBTdHJpbmc6OmZyb21VVEY4KF8oIlBsdWctaW4gRmFpbHVyZSIpKTsKIH0KIAorU3Ry aW5nIGJsb2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQoKQoreworICAgIG5v dEltcGxlbWVudGVkKCk7CisgICAgcmV0dXJuIFN0cmluZygpOworfQorCiBTdHJpbmcgaW5zZWN1 cmVQbHVnaW5WZXJzaW9uVGV4dCgpCiB7CiAgICAgbm90SW1wbGVtZW50ZWQoKTsKZGlmZiAtLWdp dCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3F0L0xvY2FsaXplZFN0cmluZ3NRdC5jcHAgYi9T b3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9xdC9Mb2NhbGl6ZWRTdHJpbmdzUXQuY3BwCmluZGV4IGI4 MmZjNWM3NGUwMmZjNDk1NjRlMzg2OWI4OGZlZDljNmIxNTlhOWMuLjU2MTNmYjEwM2FmMWY0ZDc2 MGIxYTMxOTU0YWJhNjFmNWNjNjM5MTcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRm b3JtL3F0L0xvY2FsaXplZFN0cmluZ3NRdC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vcXQvTG9jYWxpemVkU3RyaW5nc1F0LmNwcApAQCAtNDQ1LDYgKzQ0NSwxMiBAQCBTdHJpbmcg Y3Jhc2hlZFBsdWdpblRleHQoKQogICAgIHJldHVybiBTdHJpbmcoKTsKIH0KIAorU3RyaW5nIGJs b2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQoKQoreworICAgIG5vdEltcGxl bWVudGVkKCk7CisgICAgcmV0dXJuIFN0cmluZygpOworfQorCiBTdHJpbmcgaW5zZWN1cmVQbHVn aW5WZXJzaW9uVGV4dCgpCiB7CiAgICAgbm90SW1wbGVtZW50ZWQoKTsKZGlmZiAtLWdpdCBhL1Nv dXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJFbWJlZGRlZE9iamVjdC5jcHAgYi9Tb3VyY2Uv V2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRW1iZWRkZWRPYmplY3QuY3BwCmluZGV4IGEzNjU3ZmFl M2E5NGFiNGU1ZDJlMmVkNTQ4YTQ2OGM3ZTNiZTUyMTQuLjEzNTk1OTQyMGJhZDU5YjBjNGVlZGNm YTFhOThhNWRjMWI3Njg4NzEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3JlbmRlcmluZy9S ZW5kZXJFbWJlZGRlZE9iamVjdC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcmVuZGVyaW5nL1Jl bmRlckVtYmVkZGVkT2JqZWN0LmNwcApAQCAtMTA5LDYgKzEwOSw4IEBAIHN0YXRpYyBTdHJpbmcg dW5hdmFpbGFibGVQbHVnaW5SZXBsYWNlbWVudFRleHQoUmVuZGVyRW1iZWRkZWRPYmplY3Q6OlBs dWdpblVuYXZhCiAgICAgICAgIHJldHVybiBtaXNzaW5nUGx1Z2luVGV4dCgpOwogICAgIGNhc2Ug UmVuZGVyRW1iZWRkZWRPYmplY3Q6OlBsdWdpbkNyYXNoZWQ6CiAgICAgICAgIHJldHVybiBjcmFz aGVkUGx1Z2luVGV4dCgpOworICAgIGNhc2UgUmVuZGVyRW1iZWRkZWRPYmplY3Q6OlBsdWdpbkJs b2NrZWRCeUNvbnRlbnRTZWN1cml0eVBvbGljeToKKyAgICAgICAgcmV0dXJuIGJsb2NrZWRQbHVn aW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQoKTsKICAgICBjYXNlIFJlbmRlckVtYmVkZGVk T2JqZWN0OjpJbnNlY3VyZVBsdWdpblZlcnNpb246CiAgICAgICAgIHJldHVybiBpbnNlY3VyZVBs dWdpblZlcnNpb25UZXh0KCk7CiAgICAgfQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcmVu ZGVyaW5nL1JlbmRlckVtYmVkZGVkT2JqZWN0LmggYi9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcv UmVuZGVyRW1iZWRkZWRPYmplY3QuaAppbmRleCBmZDQ0ZTA4MGZkMzVlMjdhMWQ5MTU3ZTU0MzMy MzNlMzg5YWYzYjVlLi5iZTg1NGMxZWQwM2VmY2VmNDY0NzNiNWUyMDhjZTBhYjhhMTcyNzdlIDEw MDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRW1iZWRkZWRPYmplY3Qu aAorKysgYi9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRW1iZWRkZWRPYmplY3QuaApA QCAtMzksNiArMzksNyBAQCBwdWJsaWM6CiAgICAgZW51bSBQbHVnaW5VbmF2YWlsYWJpbGl0eVJl YXNvbiB7CiAgICAgICAgIFBsdWdpbk1pc3NpbmcsCiAgICAgICAgIFBsdWdpbkNyYXNoZWQsCisg ICAgICAgIFBsdWdpbkJsb2NrZWRCeUNvbnRlbnRTZWN1cml0eVBvbGljeSwKICAgICAgICAgSW5z ZWN1cmVQbHVnaW5WZXJzaW9uCiAgICAgfTsKICAgICB2b2lkIHNldFBsdWdpblVuYXZhaWxhYmls aXR5UmVhc29uKFBsdWdpblVuYXZhaWxhYmlsaXR5UmVhc29uKTsKZGlmZiAtLWdpdCBhL1NvdXJj ZS9XZWJLaXQvY2hyb21pdW0vc3JjL0xvY2FsaXplZFN0cmluZ3MuY3BwIGIvU291cmNlL1dlYktp dC9jaHJvbWl1bS9zcmMvTG9jYWxpemVkU3RyaW5ncy5jcHAKaW5kZXggMDgxYTY3YjhhOTAwOTlj YTJkMzk1MWE0NWUwYjE4ZmJiMDJhMmE5MS4uY2Y5NzhmZDA3YWQ5MmU1NGZiN2Y3YzhlY2I3ODhk NjdmOTU5NDk3NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9jaHJvbWl1bS9zcmMvTG9jYWxp emVkU3RyaW5ncy5jcHAKKysrIGIvU291cmNlL1dlYktpdC9jaHJvbWl1bS9zcmMvTG9jYWxpemVk U3RyaW5ncy5jcHAKQEAgLTIxNSw2ICsyMTUsMTIgQEAgU3RyaW5nIGNyYXNoZWRQbHVnaW5UZXh0 KCkKICAgICByZXR1cm4gU3RyaW5nKCJQbHVnLWluIEZhaWx1cmUiKTsKIH0KIAorU3RyaW5nIGJs b2NrZWRQbHVnaW5CeUNvbnRlbnRTZWN1cml0eVBvbGljeVRleHQoKQoreworICAgIG5vdEltcGxl bWVudGVkKCk7CisgICAgcmV0dXJuIFN0cmluZygpOworfQorCiBTdHJpbmcgaW5zZWN1cmVQbHVn aW5WZXJzaW9uVGV4dCgpCiB7CiAgICAgbm90SW1wbGVtZW50ZWQoKTsK