140064 2015-01-04 18:50:04 -0800 [Linux] SeccompFilters: improve the port-agnostic whitelist 2015-03-26 12:00:53 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Enhancement --- 110014 140065 1 mcatanzaro mcatanzaro cgarcia commit-queue mcatanzaro tmpsantos zan oldest_to_newest 1058629 0 mcatanzaro 2015-01-04 18:50:04 -0800 I think pretty much all the files and directories that the GTK+ port web process needs to access are generic enough that they should most likely be whitelisted for EFL as well. I'd like to add several locations to the web process whitelist: * /lib64 and /usr/lib64: nothing has any chance of working on x86_64 Linux otherwise, except on Debian which doesn't have these directories. * /run/user/UID where UID is the result of getuid(), since at-spi2 creates lots of random directories here. (I'd rather this be more restrictive.) I think at-spi2 is not specific to GTK+. * Specific files in /sys/fs/cgroup, for the memory pressure handler that landed last month. (These accesses will fail regardless because those files are owned by root. Not sure how the memory pressure handler is supposed to work.) * Check $XDG_DATA_HOME before assuming that mime types are in ~/.local/share/mime * /var/tmp -- this is unfortunate, but with recent enough mesa (for DRI3) and barring a configure-time override (which Debian wisely does), shared memory winds up here: https://bugzilla.redhat.com/show_bug.cgi?id=1172869 * mesa configuration files * Various directories needed by udev * ~/nv for the NVIDIA proprietary driver, suggested by Zan. * Tempted to also put gstreamer stuff here.... We can talk about whether any of these locations should be moved to the GTK+ and/or EFL whitelists instead. 1058630 1 mcatanzaro 2015-01-04 18:55:36 -0800 (In reply to comment #0) > * /var/tmp -- this is unfortunate, but with recent enough mesa (for DRI3) > and barring a configure-time override (which Debian wisely does), shared > memory winds up here: https://bugzilla.redhat.com/show_bug.cgi?id=1172869 > * mesa configuration files > * Various directories needed by udev I currently have access to these directories disabled if compiled without support for mesa, but I wonder if it's wiser to just unconditionally allow them to avoid potential future breakage. 1058631 2 243951 mcatanzaro 2015-01-04 18:56:05 -0800 Created attachment 243951 Patch 1079497 3 249298 mcatanzaro 2015-03-23 15:58:45 -0700 Created attachment 249298 [Linux] SeccompFilters: improve the port-agnostic whitelist 1079498 4 249298 mcatanzaro 2015-03-23 16:03:32 -0700 Comment on attachment 249298 [Linux] SeccompFilters: improve the port-agnostic whitelist So, this is the first patch in my series. The goal here is the same as in bug #142987, but I've spent enough time rebasing this series already that I'd rather commit them separately, especially since that patch is the last in the series and this is the first, it would just be a pain. So this one alone doesn't really accomplish much (well, it makes accelerated compositing work), it's just a bit better than what we have now.... 1079593 5 249298 zan 2015-03-24 05:37:28 -0700 Comment on attachment 249298 [Linux] SeccompFilters: improve the port-agnostic whitelist View in context: https://bugs.webkit.org/attachment.cgi?id=249298&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:194 > + // Needed by at-spi2. > + addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite); Is this truly port-agnostic, or is it specific to GNOME/GTK? > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:216 > + // Try removing this permission when we can rely on a newer libxshmfence. Put a FIXME here. 1079608 6 mcatanzaro 2015-03-24 08:00:14 -0700 (In reply to comment #5) > Is this truly port-agnostic, or is it specific to GNOME/GTK? It's used by both EFL and GTK. In general, I don't mind giving a few extra permissions even if they're not needed (e.g. I assume WPE may not use ATK) since if you don't use at-spi2 then it's pretty unlikely you'd put important data in a folder named at-spi2. However in this case it's actually bad, since at-spi2 is not in the name of the permission at all. /run/user/1000 is quite wide a permission. I'll create a new bug #143004 to narrow this permission. > Put a FIXME here. OK (although it's removed in one of the follow-up patches) 1079971 7 zan 2015-03-25 10:08:43 -0700 (In reply to comment #6) > (In reply to comment #5) > > Is this truly port-agnostic, or is it specific to GNOME/GTK? > > It's used by both EFL and GTK. In general, I don't mind giving a few extra > permissions even if they're not needed (e.g. I assume WPE may not use ATK) > since if you don't use at-spi2 then it's pretty unlikely you'd put important > data in a folder named at-spi2. However in this case it's actually bad, > since at-spi2 is not in the name of the permission at all. /run/user/1000 is > quite wide a permission. I'll create a new bug #143004 to narrow this > permission. > Place a FIXME comment above this code, a note about the problem and link to the bug, and we can move forward with this. 1080290 8 249490 mcatanzaro 2015-03-26 08:58:14 -0700 Created attachment 249490 [Linux] SeccompFilters: improve the port-agnostic whitelist Added FIXMEs 1080291 9 249491 mcatanzaro 2015-03-26 08:59:21 -0700 Created attachment 249491 [Linux] SeccompFilters: improve the port-agnostic whitelist Actually added FIXMEs 1080364 10 249491 commit-queue 2015-03-26 12:00:48 -0700 Comment on attachment 249491 [Linux] SeccompFilters: improve the port-agnostic whitelist Clearing flags on attachment: 249491 Committed r182021: <http://trac.webkit.org/changeset/182021> 1080365 11 commit-queue 2015-03-26 12:00:53 -0700 All reviewed patches have been landed. Closing bug. 243951 2015-01-04 18:56:05 -0800 2015-03-23 15:59:30 -0700 Patch 0001-Linux-SeccompFilters-improve-the-port-agnostic-white.patch text/plain 3745 mcatanzaro ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBmNDQyZTViLi4yOTdmMWE4IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcg QEAKKzIwMTUtMDEtMDQgIE1pY2hhZWwgQ2F0YW56YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29t PgorCisgICAgICAgIFtMaW51eF0gU2VjY29tcEZpbHRlcnM6IGltcHJvdmUgdGhlIHBvcnQtYWdu b3N0aWMgd2hpdGVsaXN0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xNDAwNjQKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBBbGxvdyB0aGUgd2ViIHByb2Nlc3MgdG8gYWNjZXNzIHNldmVyYWwgZmlsZXMgYW5k IGRpcmVjdG9yaWVzIHRoYXQgaXQKKyAgICAgICAgd2FzIHByZXZpb3VzbHkgcHJvaGliaXRlZCBm cm9tIGFjY2Vzc2luZy4gVGhpcyBtYWtlcyB0aGUgd2ViIHByb2Nlc3MKKyAgICAgICAgbXVjaCBs ZXNzIGxpa2VseSB0byBicmVhay4KKworICAgICAgICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmls dGVycy9TeXNjYWxsUG9saWN5LmNwcDoKKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6 YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3kpOgorCiAyMDE0LTEyLTE5ICBKZXNzaWUgQmVybGlu ICA8amJlcmxpbkB3ZWJraXQub3JnPgogCiAgICAgICAgIEJ1aWxkIGZpeC4KZGlmZiAtLWdpdCBh L1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5 LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxs UG9saWN5LmNwcAppbmRleCAxNWNiMmNmLi43Y2Y2YzMxIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2Vi S2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAKKysrIGIv U291cmNlL1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3ku Y3BwCkBAIC0xMzUsNyArMTM1LDkgQEAgdm9pZCBTeXNjYWxsUG9saWN5OjphZGREZWZhdWx0V2Vi UHJvY2Vzc1BvbGljeShjb25zdCBXZWJQcm9jZXNzQ3JlYXRpb25QYXJhbWV0ZXIKIAogICAgIC8v IFNoYXJlZCBsaWJyYXJpZXMsIHBsdWdpbnMgYW5kIGZvbnRzLgogICAgIGFkZERpcmVjdG9yeVBl cm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvbGliIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBl cm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvbGliNjQiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5 UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3IvbGliIiksIFJlYWQpOworICAgIGFkZERpcmVj dG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdXNyL2xpYjY0IiksIFJlYWQpOwogICAgIGFk ZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdXNyL3NoYXJlIiksIFJlYWQpOwog CiAgICAgLy8gU1NMIENlcnRpZmljYXRlcy4KQEAgLTE4NiwxMyArMTg4LDQ3IEBAIHZvaWQgU3lz Y2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3koY29uc3QgV2ViUHJvY2Vzc0Ny ZWF0aW9uUGFyYW1ldGVyCiAgICAgLy8gTmVlZGVkIGJ5IEQtQnVzLgogICAgIGFkZEZpbGVQZXJt aXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Zhci9saWIvZGJ1cy9tYWNoaW5lLWlkIiksIFJlYWQpOwog CisgICAgLy8gTmVlZGVkIGJ5IGF0LXNwaTIuCisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbigi L3J1bi91c2VyLyIgKyBTdHJpbmc6Om51bWJlcihnZXR1aWQoKSksIFJlYWRBbmRXcml0ZSk7CisK KyAgICAvLyBOZWVkZWQgYnkgV2ViS2l0J3MgbWVtb3J5IHByZXNzdXJlIGhhbmRsZXIKKyAgICBh ZGRGaWxlUGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMvZnMvY2dyb3VwL21lbW9yeS9tZW1v cnkucHJlc3N1cmVfbGV2ZWwiKSwgUmVhZCk7CisgICAgYWRkRmlsZVBlcm1pc3Npb24oQVNDSUlM aXRlcmFsKCIvc3lzL2ZzL2Nncm91cC9tZW1vcnkvY2dyb3VwLmV2ZW50X2NvbnRyb2wiKSwgUmVh ZCk7CisKICAgICBjaGFyKiBob21lRGlyID0gZ2V0ZW52KCJIT01FIik7CiAgICAgaWYgKGhvbWVE aXIpIHsKICAgICAgICAgLy8gWDExIGNvbm5lY3Rpb24gdG9rZW4uCiAgICAgICAgIGFkZEZpbGVQ ZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgoaG9tZURpcikgKyAiLy5YYXV0aG9yaXR5IiwgUmVh ZCk7Ci0gICAgICAgIC8vIE1JTUUgdHlwZSByZXNvbHV0aW9uLgotICAgICAgICBhZGREaXJlY3Rv cnlQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgoaG9tZURpcikgKyAgIi8ubG9jYWwvc2hhcmUv bWltZSIsIFJlYWQpOwogICAgIH0KKworICAgIC8vIE1JTUUgdHlwZSByZXNvbHV0aW9uLgorICAg IGNoYXIqIGRhdGFIb21lRGlyID0gZ2V0ZW52KCJYREdfREFUQV9IT01FIik7CisgICAgaWYgKGRh dGFIb21lRGlyKQorICAgICAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVU RjgoZGF0YUhvbWVEaXIpICsgIi9taW1lIiwgUmVhZCk7CisgICAgZWxzZSBpZiAoaG9tZURpcikK KyAgICAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhvbWVEaXIp ICsgIi8ubG9jYWwvc2hhcmUvbWltZSIsIFJlYWQpOworCisjaWYgRU5BQkxFKFdFQkdMKSB8fCBF TkFCTEUoQUNDRUxFUkFURURfMkRfQ0FOVkFTKQorICAgIC8vIE5lZWRlZCBvbiBtb3N0IG5vbi1E ZWJpYW4gZGlzdHJvcyBieSBsaWJ4c2htZmVuY2UgPD0gMS4xLCBvciBuZXdlcgorICAgIC8vIGxp YnhzaG1mZW5jZSB3aXRoIG9sZGVyIGtlcm5lbHMgKGxpbnV4IDw9IDMuMTYpLCBmb3IgRFJJMyBz aGFyZWQgbWVtb3J5LgorICAgIC8vIFRyeSByZW1vdmluZyB0aGlzIHBlcm1pc3Npb24gd2hlbiB3 ZSBjYW4gcmVseSBvbiBhIG5ld2VyIGxpYnhzaG1mZW5jZS4KKyAgICAvLyBTZWUgaHR0cDovL2Nv ZGUuZ29vZ2xlLmNvbS9wL2Nocm9taXVtL2lzc3Vlcy9kZXRhaWw/aWQ9NDE1NjgxCisgICAgYWRk RGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi92YXIvdG1wIiksIFJlYWRBbmRXcml0 ZSk7CisKKyAgICAvLyBPcHRpb25hbCBNZXNhIERSSSBjb25maWd1cmF0aW9uIGZpbGUKKyAgICBh ZGRGaWxlUGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9ldGMvZHJpcmMiKSwgUmVhZCk7CisgICAg aWYgKGhvbWVEaXIpCisgICAgICAgIGFkZEZpbGVQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgo aG9tZURpcikgKyAiLy5kcmlyYyIsIFJlYWQpOworCisgICAgLy8gTWVzYSB1c2VzIHVkZXYuCisg ICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9ldGMvdWRldiIpLCBSZWFk KTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3J1bi91ZGV2Iiks IFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvc3lzL2Rl dmljZXMiKSwgUmVhZCk7CisjZW5kaWYKKworICAgIC8vIE5lZWRlZCBieSBOVklESUEgcHJvcHJp ZXRhcnkgZ3JhcGhpY3MgZHJpdmVyCisgICAgaWYgKGhvbWVEaXIpCisgICAgICAgIGFkZERpcmVj dG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICIvLm52IiwgUmVhZCk7 CiB9CiAKIH0gLy8gbmFtZXNwYWNlIFdlYktpdAotLSAKMi4xLjAKCg== 249298 2015-03-23 15:58:45 -0700 2015-03-26 08:58:14 -0700 [Linux] SeccompFilters: improve the port-agnostic whitelist Linux-SeccompFilters-improve-the-port-agnostic-whi.patch text/plain 4507 mcatanzaro RnJvbSBmOThjYTEyNjExZmZjNWNiZTJlYmMzNmM0MmVjZTI2NTNmZTNkN2UwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTYXQsIDI3IERlYyAyMDE0IDExOjQzOjExIC0wNjAwClN1YmplY3Q6IFtQQVRD SF0gW0xpbnV4XSBTZWNjb21wRmlsdGVyczogaW1wcm92ZSB0aGUgcG9ydC1hZ25vc3RpYyB3aGl0 ZWxpc3QKCmh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKLS0t CiBTb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cgICAgICAgICAgICAgICAgICAgICAgICAgICB8IDE0 ICsrKysrKysKIC4uLi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5j cHAgIHwgNDQgKysrKysrKysrKysrKysrKysrKysrLQogMiBmaWxlcyBjaGFuZ2VkLCA1NiBpbnNl cnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCBlNjM4ZjRmLi4zYmY4ZDY1 IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTUtMDEtMDQgIE1pY2hhZWwgQ2F0YW56 YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCisgICAgICAgIFtMaW51eF0gU2VjY29tcEZp bHRlcnM6IGltcHJvdmUgdGhlIHBvcnQtYWdub3N0aWMgd2hpdGVsaXN0CisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBbGxvdyB0aGUgd2ViIHByb2Nlc3Mg dG8gYWNjZXNzIHNldmVyYWwgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHRoYXQgaXQKKyAgICAgICAg d2FzIHByZXZpb3VzbHkgcHJvaGliaXRlZCBmcm9tIGFjY2Vzc2luZy4gVGhpcyBtYWtlcyB0aGUg d2ViIHByb2Nlc3MKKyAgICAgICAgbXVjaCBsZXNzIGxpa2VseSB0byBicmVhay4KKworICAgICAg ICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcDoKKyAgICAg ICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3kpOgor CiAyMDE1LTAzLTIxICBDb21taXQgUXVldWUgIDxjb21taXQtcXVldWVAd2Via2l0Lm9yZz4KIAog ICAgICAgICBVbnJldmlld2VkLCByb2xsaW5nIG91dCByMTgxODI0LgpkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuY3Bw IGIvU291cmNlL1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xp Y3kuY3BwCmluZGV4IDE1Y2IyY2YuLmIzNmY0NDkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQy L1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcAorKysgYi9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAK QEAgLTEzNSw3ICsxMzUsMTEgQEAgdm9pZCBTeXNjYWxsUG9saWN5OjphZGREZWZhdWx0V2ViUHJv Y2Vzc1BvbGljeShjb25zdCBXZWJQcm9jZXNzQ3JlYXRpb25QYXJhbWV0ZXIKIAogICAgIC8vIFNo YXJlZCBsaWJyYXJpZXMsIHBsdWdpbnMgYW5kIGZvbnRzLgogICAgIGFkZERpcmVjdG9yeVBlcm1p c3Npb24oQVNDSUlMaXRlcmFsKCIvbGliIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1p c3Npb24oQVNDSUlMaXRlcmFsKCIvbGliMzIiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVy bWlzc2lvbihBU0NJSUxpdGVyYWwoIi9saWI2NCIpLCBSZWFkKTsKICAgICBhZGREaXJlY3RvcnlQ ZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9saWIiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0 b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3IvbGliMzIiKSwgUmVhZCk7CisgICAgYWRk RGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3IvbGliNjQiKSwgUmVhZCk7CiAg ICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3Ivc2hhcmUiKSwgUmVh ZCk7CiAKICAgICAvLyBTU0wgQ2VydGlmaWNhdGVzLgpAQCAtMTg2LDEzICsxOTAsNDkgQEAgdm9p ZCBTeXNjYWxsUG9saWN5OjphZGREZWZhdWx0V2ViUHJvY2Vzc1BvbGljeShjb25zdCBXZWJQcm9j ZXNzQ3JlYXRpb25QYXJhbWV0ZXIKICAgICAvLyBOZWVkZWQgYnkgRC1CdXMuCiAgICAgYWRkRmls ZVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdmFyL2xpYi9kYnVzL21hY2hpbmUtaWQiKSwgUmVh ZCk7CiAKKyAgICAvLyBOZWVkZWQgYnkgYXQtc3BpMi4KKyAgICBhZGREaXJlY3RvcnlQZXJtaXNz aW9uKCIvcnVuL3VzZXIvIiArIFN0cmluZzo6bnVtYmVyKGdldHVpZCgpKSwgUmVhZEFuZFdyaXRl KTsKKworICAgIC8vIE5lZWRlZCBieSBXZWJLaXQncyBtZW1vcnkgcHJlc3N1cmUgaGFuZGxlcgor ICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3N5cy9mcy9jZ3JvdXAvbWVtb3J5 L21lbW9yeS5wcmVzc3VyZV9sZXZlbCIpLCBSZWFkKTsKKyAgICBhZGRGaWxlUGVybWlzc2lvbihB U0NJSUxpdGVyYWwoIi9zeXMvZnMvY2dyb3VwL21lbW9yeS9jZ3JvdXAuZXZlbnRfY29udHJvbCIp LCBSZWFkKTsKKwogICAgIGNoYXIqIGhvbWVEaXIgPSBnZXRlbnYoIkhPTUUiKTsKICAgICBpZiAo aG9tZURpcikgewogICAgICAgICAvLyBYMTEgY29ubmVjdGlvbiB0b2tlbi4KICAgICAgICAgYWRk RmlsZVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICIvLlhhdXRob3JpdHki LCBSZWFkKTsKLSAgICAgICAgLy8gTUlNRSB0eXBlIHJlc29sdXRpb24uCi0gICAgICAgIGFkZERp cmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICAiLy5sb2NhbC9z aGFyZS9taW1lIiwgUmVhZCk7CiAgICAgfQorCisgICAgLy8gTUlNRSB0eXBlIHJlc29sdXRpb24u CisgICAgY2hhciogZGF0YUhvbWVEaXIgPSBnZXRlbnYoIlhER19EQVRBX0hPTUUiKTsKKyAgICBp ZiAoZGF0YUhvbWVEaXIpCisgICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpm cm9tVVRGOChkYXRhSG9tZURpcikgKyAiL21pbWUiLCBSZWFkKTsKKyAgICBlbHNlIGlmIChob21l RGlyKQorICAgICAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgoaG9t ZURpcikgKyAiLy5sb2NhbC9zaGFyZS9taW1lIiwgUmVhZCk7CisKKyNpZiBFTkFCTEUoV0VCR0wp IHx8IEVOQUJMRShBQ0NFTEVSQVRFRF8yRF9DQU5WQVMpCisgICAgLy8gTmVlZGVkIG9uIG1vc3Qg bm9uLURlYmlhbiBkaXN0cm9zIGJ5IGxpYnhzaG1mZW5jZSA8PSAxLjEsIG9yIG5ld2VyCisgICAg Ly8gbGlieHNobWZlbmNlIHdpdGggb2xkZXIga2VybmVscyAobGludXggPD0gMy4xNiksIGZvciBE UkkzIHNoYXJlZCBtZW1vcnkuCisgICAgLy8gVHJ5IHJlbW92aW5nIHRoaXMgcGVybWlzc2lvbiB3 aGVuIHdlIGNhbiByZWx5IG9uIGEgbmV3ZXIgbGlieHNobWZlbmNlLgorICAgIC8vIFNlZSBodHRw Oi8vY29kZS5nb29nbGUuY29tL3AvY2hyb21pdW0vaXNzdWVzL2RldGFpbD9pZD00MTU2ODEKKyAg ICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Zhci90bXAiKSwgUmVhZEFu ZFdyaXRlKTsKKworICAgIC8vIE9wdGlvbmFsIE1lc2EgRFJJIGNvbmZpZ3VyYXRpb24gZmlsZQor ICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL2V0Yy9kcmlyYyIpLCBSZWFkKTsK KyAgICBpZiAoaG9tZURpcikKKyAgICAgICAgYWRkRmlsZVBlcm1pc3Npb24oU3RyaW5nOjpmcm9t VVRGOChob21lRGlyKSArICIvLmRyaXJjIiwgUmVhZCk7CisKKyAgICAvLyBNZXNhIHVzZXMgdWRl di4KKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL2V0Yy91ZGV2Iiks IFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvcnVuL3Vk ZXYiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9z eXMvYnVzIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFs KCIvc3lzL2NsYXNzIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlM aXRlcmFsKCIvc3lzL2RldmljZXMiKSwgUmVhZCk7CisjZW5kaWYKKworICAgIC8vIE5lZWRlZCBi eSBOVklESUEgcHJvcHJpZXRhcnkgZ3JhcGhpY3MgZHJpdmVyCisgICAgaWYgKGhvbWVEaXIpCisg ICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSAr ICIvLm52IiwgUmVhZEFuZFdyaXRlKTsKIH0KIAogfSAvLyBuYW1lc3BhY2UgV2ViS2l0Ci0tIAoy LjEuMA== 249490 2015-03-26 08:58:14 -0700 2015-03-26 08:59:21 -0700 [Linux] SeccompFilters: improve the port-agnostic whitelist Linux-SeccompFilters-improve-the-port-agnostic-whi.patch text/plain 4557 mcatanzaro RnJvbSA2ZDgxMzYwNmYxMjYxMmVhYjgwZjUwN2MwNTFmNDRkODVmYTkzZDk2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTYXQsIDI3IERlYyAyMDE0IDExOjQzOjExIC0wNjAwClN1YmplY3Q6IFtQQVRD SF0gW0xpbnV4XSBTZWNjb21wRmlsdGVyczogaW1wcm92ZSB0aGUgcG9ydC1hZ25vc3RpYyB3aGl0 ZWxpc3QKCmh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKLS0t CiBTb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cgICAgICAgICAgICAgICAgICAgICAgICAgICB8IDE0 ICsrKysrKysKIC4uLi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5j cHAgIHwgNDQgKysrKysrKysrKysrKysrKysrKysrLQogMiBmaWxlcyBjaGFuZ2VkLCA1NiBpbnNl cnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCBjMzZjNWI4Li4zYzQ3MGUx IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTUtMDEtMDQgIE1pY2hhZWwgQ2F0YW56 YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCisgICAgICAgIFtMaW51eF0gU2VjY29tcEZp bHRlcnM6IGltcHJvdmUgdGhlIHBvcnQtYWdub3N0aWMgd2hpdGVsaXN0CisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBbGxvdyB0aGUgd2ViIHByb2Nlc3Mg dG8gYWNjZXNzIHNldmVyYWwgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHRoYXQgaXQKKyAgICAgICAg d2FzIHByZXZpb3VzbHkgcHJvaGliaXRlZCBmcm9tIGFjY2Vzc2luZy4gVGhpcyBtYWtlcyB0aGUg d2ViIHByb2Nlc3MKKyAgICAgICAgbXVjaCBsZXNzIGxpa2VseSB0byBicmVhay4KKworICAgICAg ICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcDoKKyAgICAg ICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3kpOgor CiAyMDE1LTAzLTI1ICBaYW4gRG9iZXJzZWsgIDx6ZG9iZXJzZWtAaWdhbGlhLmNvbT4KIAogICAg ICAgICBbV0syXSBXZWJVc2VyTWVkaWFDbGllbnQ6OnBhZ2VEZXN0cm95ZWQoKSB2aXJ0dWFsIG1l dGhvZCBzaG91bGQgYmUgbWFya2VkIGFzIG92ZXJyaWRlCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi S2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAgYi9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAK aW5kZXggMTVjYjJjZi4uYjM2ZjQ0OSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvU2hhcmVk L2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuY3BwCisrKyBiL1NvdXJjZS9XZWJL aXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcApAQCAtMTM1 LDcgKzEzNSwxMSBAQCB2b2lkIFN5c2NhbGxQb2xpY3k6OmFkZERlZmF1bHRXZWJQcm9jZXNzUG9s aWN5KGNvbnN0IFdlYlByb2Nlc3NDcmVhdGlvblBhcmFtZXRlcgogCiAgICAgLy8gU2hhcmVkIGxp YnJhcmllcywgcGx1Z2lucyBhbmQgZm9udHMuCiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihB U0NJSUxpdGVyYWwoIi9saWIiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihB U0NJSUxpdGVyYWwoIi9saWIzMiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9u KEFTQ0lJTGl0ZXJhbCgiL2xpYjY0IiksIFJlYWQpOwogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Np b24oQVNDSUlMaXRlcmFsKCIvdXNyL2xpYiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJt aXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9saWIzMiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3Rv cnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9saWI2NCIpLCBSZWFkKTsKICAgICBhZGRE aXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9zaGFyZSIpLCBSZWFkKTsKIAog ICAgIC8vIFNTTCBDZXJ0aWZpY2F0ZXMuCkBAIC0xODYsMTMgKzE5MCw0OSBAQCB2b2lkIFN5c2Nh bGxQb2xpY3k6OmFkZERlZmF1bHRXZWJQcm9jZXNzUG9saWN5KGNvbnN0IFdlYlByb2Nlc3NDcmVh dGlvblBhcmFtZXRlcgogICAgIC8vIE5lZWRlZCBieSBELUJ1cy4KICAgICBhZGRGaWxlUGVybWlz c2lvbihBU0NJSUxpdGVyYWwoIi92YXIvbGliL2RidXMvbWFjaGluZS1pZCIpLCBSZWFkKTsKIAor ICAgIC8vIE5lZWRlZCBieSBhdC1zcGkyLgorICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oIi9y dW4vdXNlci8iICsgU3RyaW5nOjpudW1iZXIoZ2V0dWlkKCkpLCBSZWFkQW5kV3JpdGUpOworCisg ICAgLy8gTmVlZGVkIGJ5IFdlYktpdCdzIG1lbW9yeSBwcmVzc3VyZSBoYW5kbGVyCisgICAgYWRk RmlsZVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvc3lzL2ZzL2Nncm91cC9tZW1vcnkvbWVtb3J5 LnByZXNzdXJlX2xldmVsIiksIFJlYWQpOworICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0 ZXJhbCgiL3N5cy9mcy9jZ3JvdXAvbWVtb3J5L2Nncm91cC5ldmVudF9jb250cm9sIiksIFJlYWQp OworCiAgICAgY2hhciogaG9tZURpciA9IGdldGVudigiSE9NRSIpOwogICAgIGlmIChob21lRGly KSB7CiAgICAgICAgIC8vIFgxMSBjb25uZWN0aW9uIHRva2VuLgogICAgICAgICBhZGRGaWxlUGVy bWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhvbWVEaXIpICsgIi8uWGF1dGhvcml0eSIsIFJlYWQp OwotICAgICAgICAvLyBNSU1FIHR5cGUgcmVzb2x1dGlvbi4KLSAgICAgICAgYWRkRGlyZWN0b3J5 UGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhvbWVEaXIpICsgICIvLmxvY2FsL3NoYXJlL21p bWUiLCBSZWFkKTsKICAgICB9CisKKyAgICAvLyBNSU1FIHR5cGUgcmVzb2x1dGlvbi4KKyAgICBj aGFyKiBkYXRhSG9tZURpciA9IGdldGVudigiWERHX0RBVEFfSE9NRSIpOworICAgIGlmIChkYXRh SG9tZURpcikKKyAgICAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4 KGRhdGFIb21lRGlyKSArICIvbWltZSIsIFJlYWQpOworICAgIGVsc2UgaWYgKGhvbWVEaXIpCisg ICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSAr ICIvLmxvY2FsL3NoYXJlL21pbWUiLCBSZWFkKTsKKworI2lmIEVOQUJMRShXRUJHTCkgfHwgRU5B QkxFKEFDQ0VMRVJBVEVEXzJEX0NBTlZBUykKKyAgICAvLyBOZWVkZWQgb24gbW9zdCBub24tRGVi aWFuIGRpc3Ryb3MgYnkgbGlieHNobWZlbmNlIDw9IDEuMSwgb3IgbmV3ZXIKKyAgICAvLyBsaWJ4 c2htZmVuY2Ugd2l0aCBvbGRlciBrZXJuZWxzIChsaW51eCA8PSAzLjE2KSwgZm9yIERSSTMgc2hh cmVkIG1lbW9yeS4KKyAgICAvLyBUcnkgcmVtb3ZpbmcgdGhpcyBwZXJtaXNzaW9uIHdoZW4gd2Ug Y2FuIHJlbHkgb24gYSBuZXdlciBsaWJ4c2htZmVuY2UuCisgICAgLy8gU2VlIGh0dHA6Ly9jb2Rl Lmdvb2dsZS5jb20vcC9jaHJvbWl1bS9pc3N1ZXMvZGV0YWlsP2lkPTQxNTY4MQorICAgIGFkZERp cmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdmFyL3RtcCIpLCBSZWFkQW5kV3JpdGUp OworCisgICAgLy8gT3B0aW9uYWwgTWVzYSBEUkkgY29uZmlndXJhdGlvbiBmaWxlCisgICAgYWRk RmlsZVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvZXRjL2RyaXJjIiksIFJlYWQpOworICAgIGlm IChob21lRGlyKQorICAgICAgICBhZGRGaWxlUGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhv bWVEaXIpICsgIi8uZHJpcmMiLCBSZWFkKTsKKworICAgIC8vIE1lc2EgdXNlcyB1ZGV2LgorICAg IGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvZXRjL3VkZXYiKSwgUmVhZCk7 CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9ydW4vdWRldiIpLCBS ZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3N5cy9idXMi KSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMv Y2xhc3MiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwo Ii9zeXMvZGV2aWNlcyIpLCBSZWFkKTsKKyNlbmRpZgorCisgICAgLy8gTmVlZGVkIGJ5IE5WSURJ QSBwcm9wcmlldGFyeSBncmFwaGljcyBkcml2ZXIKKyAgICBpZiAoaG9tZURpcikKKyAgICAgICAg YWRkRGlyZWN0b3J5UGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhvbWVEaXIpICsgIi8ubnYi LCBSZWFkQW5kV3JpdGUpOwogfQogCiB9IC8vIG5hbWVzcGFjZSBXZWJLaXQKLS0gCjIuMS4w 249491 2015-03-26 08:59:21 -0700 2015-03-26 12:00:48 -0700 [Linux] SeccompFilters: improve the port-agnostic whitelist Linux-SeccompFilters-improve-the-port-agnostic-whi.patch text/plain 4648 mcatanzaro RnJvbSA4NTgyZTNmZjYxODMyYmE3N2ZiNjhjYWZkZGU5MWU2NmZlNWI2ZGI2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNaWNoYWVsIENhdGFuemFybyA8bWNhdGFuemFyb0BpZ2FsaWEu Y29tPgpEYXRlOiBTYXQsIDI3IERlYyAyMDE0IDExOjQzOjExIC0wNjAwClN1YmplY3Q6IFtQQVRD SF0gW0xpbnV4XSBTZWNjb21wRmlsdGVyczogaW1wcm92ZSB0aGUgcG9ydC1hZ25vc3RpYyB3aGl0 ZWxpc3QKCmh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKLS0t CiBTb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cgICAgICAgICAgICAgICAgICAgICAgICAgICB8IDE0 ICsrKysrKysKIC4uLi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5j cHAgIHwgNDUgKysrKysrKysrKysrKysrKysrKysrLQogMiBmaWxlcyBjaGFuZ2VkLCA1NyBpbnNl cnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCBjMzZjNWI4Li4zYzQ3MGUx IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTUtMDEtMDQgIE1pY2hhZWwgQ2F0YW56 YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCisgICAgICAgIFtMaW51eF0gU2VjY29tcEZp bHRlcnM6IGltcHJvdmUgdGhlIHBvcnQtYWdub3N0aWMgd2hpdGVsaXN0CisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDAwNjQKKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBbGxvdyB0aGUgd2ViIHByb2Nlc3Mg dG8gYWNjZXNzIHNldmVyYWwgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHRoYXQgaXQKKyAgICAgICAg d2FzIHByZXZpb3VzbHkgcHJvaGliaXRlZCBmcm9tIGFjY2Vzc2luZy4gVGhpcyBtYWtlcyB0aGUg d2ViIHByb2Nlc3MKKyAgICAgICAgbXVjaCBsZXNzIGxpa2VseSB0byBicmVhay4KKworICAgICAg ICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcDoKKyAgICAg ICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3kpOgor CiAyMDE1LTAzLTI1ICBaYW4gRG9iZXJzZWsgIDx6ZG9iZXJzZWtAaWdhbGlhLmNvbT4KIAogICAg ICAgICBbV0syXSBXZWJVc2VyTWVkaWFDbGllbnQ6OnBhZ2VEZXN0cm95ZWQoKSB2aXJ0dWFsIG1l dGhvZCBzaG91bGQgYmUgbWFya2VkIGFzIG92ZXJyaWRlCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi S2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAgYi9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAK aW5kZXggMTVjYjJjZi4uN2ZjMjFiYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvU2hhcmVk L2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuY3BwCisrKyBiL1NvdXJjZS9XZWJL aXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcApAQCAtMTM1 LDcgKzEzNSwxMSBAQCB2b2lkIFN5c2NhbGxQb2xpY3k6OmFkZERlZmF1bHRXZWJQcm9jZXNzUG9s aWN5KGNvbnN0IFdlYlByb2Nlc3NDcmVhdGlvblBhcmFtZXRlcgogCiAgICAgLy8gU2hhcmVkIGxp YnJhcmllcywgcGx1Z2lucyBhbmQgZm9udHMuCiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihB U0NJSUxpdGVyYWwoIi9saWIiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihB U0NJSUxpdGVyYWwoIi9saWIzMiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9u KEFTQ0lJTGl0ZXJhbCgiL2xpYjY0IiksIFJlYWQpOwogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Np b24oQVNDSUlMaXRlcmFsKCIvdXNyL2xpYiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJt aXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9saWIzMiIpLCBSZWFkKTsKKyAgICBhZGREaXJlY3Rv cnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9saWI2NCIpLCBSZWFkKTsKICAgICBhZGRE aXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9zaGFyZSIpLCBSZWFkKTsKIAog ICAgIC8vIFNTTCBDZXJ0aWZpY2F0ZXMuCkBAIC0xODYsMTMgKzE5MCw1MCBAQCB2b2lkIFN5c2Nh bGxQb2xpY3k6OmFkZERlZmF1bHRXZWJQcm9jZXNzUG9saWN5KGNvbnN0IFdlYlByb2Nlc3NDcmVh dGlvblBhcmFtZXRlcgogICAgIC8vIE5lZWRlZCBieSBELUJ1cy4KICAgICBhZGRGaWxlUGVybWlz c2lvbihBU0NJSUxpdGVyYWwoIi92YXIvbGliL2RidXMvbWFjaGluZS1pZCIpLCBSZWFkKTsKIAor ICAgIC8vIE5lZWRlZCBieSBhdC1zcGkyLgorICAgIC8vIEZJWE1FIFRoaXMgaXMgdG9vIHBlcm1p c3NpdmU6IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDMwMDQKKyAg ICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKCIvcnVuL3VzZXIvIiArIFN0cmluZzo6bnVtYmVyKGdl dHVpZCgpKSwgUmVhZEFuZFdyaXRlKTsKKworICAgIC8vIE5lZWRlZCBieSBXZWJLaXQncyBtZW1v cnkgcHJlc3N1cmUgaGFuZGxlcgorICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgi L3N5cy9mcy9jZ3JvdXAvbWVtb3J5L21lbW9yeS5wcmVzc3VyZV9sZXZlbCIpLCBSZWFkKTsKKyAg ICBhZGRGaWxlUGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMvZnMvY2dyb3VwL21lbW9yeS9j Z3JvdXAuZXZlbnRfY29udHJvbCIpLCBSZWFkKTsKKwogICAgIGNoYXIqIGhvbWVEaXIgPSBnZXRl bnYoIkhPTUUiKTsKICAgICBpZiAoaG9tZURpcikgewogICAgICAgICAvLyBYMTEgY29ubmVjdGlv biB0b2tlbi4KICAgICAgICAgYWRkRmlsZVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21l RGlyKSArICIvLlhhdXRob3JpdHkiLCBSZWFkKTsKLSAgICAgICAgLy8gTUlNRSB0eXBlIHJlc29s dXRpb24uCi0gICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOCho b21lRGlyKSArICAiLy5sb2NhbC9zaGFyZS9taW1lIiwgUmVhZCk7CiAgICAgfQorCisgICAgLy8g TUlNRSB0eXBlIHJlc29sdXRpb24uCisgICAgY2hhciogZGF0YUhvbWVEaXIgPSBnZXRlbnYoIlhE R19EQVRBX0hPTUUiKTsKKyAgICBpZiAoZGF0YUhvbWVEaXIpCisgICAgICAgIGFkZERpcmVjdG9y eVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChkYXRhSG9tZURpcikgKyAiL21pbWUiLCBSZWFk KTsKKyAgICBlbHNlIGlmIChob21lRGlyKQorICAgICAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9u KFN0cmluZzo6ZnJvbVVURjgoaG9tZURpcikgKyAiLy5sb2NhbC9zaGFyZS9taW1lIiwgUmVhZCk7 CisKKyNpZiBFTkFCTEUoV0VCR0wpIHx8IEVOQUJMRShBQ0NFTEVSQVRFRF8yRF9DQU5WQVMpCisg ICAgLy8gTmVlZGVkIG9uIG1vc3Qgbm9uLURlYmlhbiBkaXN0cm9zIGJ5IGxpYnhzaG1mZW5jZSA8 PSAxLjEsIG9yIG5ld2VyCisgICAgLy8gbGlieHNobWZlbmNlIHdpdGggb2xkZXIga2VybmVscyAo bGludXggPD0gMy4xNiksIGZvciBEUkkzIHNoYXJlZCBtZW1vcnkuCisgICAgLy8gRklYTUUgVHJ5 IHJlbW92aW5nIHRoaXMgcGVybWlzc2lvbiB3aGVuIHdlIGNhbiByZWx5IG9uIGEgbmV3ZXIgbGli eHNobWZlbmNlLgorICAgIC8vIFNlZSBodHRwOi8vY29kZS5nb29nbGUuY29tL3AvY2hyb21pdW0v aXNzdWVzL2RldGFpbD9pZD00MTU2ODEKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJ TGl0ZXJhbCgiL3Zhci90bXAiKSwgUmVhZEFuZFdyaXRlKTsKKworICAgIC8vIE9wdGlvbmFsIE1l c2EgRFJJIGNvbmZpZ3VyYXRpb24gZmlsZQorICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0 ZXJhbCgiL2V0Yy9kcmlyYyIpLCBSZWFkKTsKKyAgICBpZiAoaG9tZURpcikKKyAgICAgICAgYWRk RmlsZVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICIvLmRyaXJjIiwgUmVh ZCk7CisKKyAgICAvLyBNZXNhIHVzZXMgdWRldi4KKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9u KEFTQ0lJTGl0ZXJhbCgiL2V0Yy91ZGV2IiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1p c3Npb24oQVNDSUlMaXRlcmFsKCIvcnVuL3VkZXYiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5 UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMvYnVzIiksIFJlYWQpOworICAgIGFkZERpcmVj dG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvc3lzL2NsYXNzIiksIFJlYWQpOworICAgIGFk ZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvc3lzL2RldmljZXMiKSwgUmVhZCk7 CisjZW5kaWYKKworICAgIC8vIE5lZWRlZCBieSBOVklESUEgcHJvcHJpZXRhcnkgZ3JhcGhpY3Mg ZHJpdmVyCisgICAgaWYgKGhvbWVEaXIpCisgICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24o U3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICIvLm52IiwgUmVhZEFuZFdyaXRlKTsKIH0KIAog fSAvLyBuYW1lc3BhY2UgV2ViS2l0Ci0tIAoyLjEuMA==