142986 2015-03-23 14:59:46 -0700 [Seccomp] Canonicalize filesystem path when whitelisting it 2015-07-22 15:10:54 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Normal --- 140072 142987 1 mcatanzaro mcatanzaro mcatanzaro zan oldest_to_newest 1079443 0 mcatanzaro 2015-03-23 14:59:46 -0700 We need to allow symlinks in our whitelist to allow whitelisting locations like /etc/localtime that could be a symlink to anywhere. Currently symlinks don't work because they're followed by the code that checks if access is permitted, so also follow them when adding the permission. Security consequence: an attacker that has already owned your computer can give the web process additional permissions by creating a symlink from a permissible loaction to an impermissible location. (Not a problem.) 1079447 1 249279 mcatanzaro 2015-03-23 15:02:39 -0700 Created attachment 249279 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it 1079455 2 249281 mcatanzaro 2015-03-23 15:10:45 -0700 Created attachment 249281 [Linux] Improvements to SyscallPolicy 1079464 3 249281 mcatanzaro 2015-03-23 15:18:33 -0700 Comment on attachment 249281 [Linux] Improvements to SyscallPolicy Dammit, wrong bug again... this time it's my fault for typing the bug number wrong, though. 1079466 4 249285 mcatanzaro 2015-03-23 15:23:39 -0700 Created attachment 249285 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it 1111305 5 249285 zan 2015-07-22 09:17:47 -0700 Comment on attachment 249285 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it View in context: https://bugs.webkit.org/attachment.cgi?id=249285&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.h:59 > + static void addPermissionToMap(const String& path, Permission, PermissionMap&); Why use a private static method? Why not just implement this as a normal helper method? 1111306 6 mcatanzaro 2015-07-22 09:21:25 -0700 I only see one good reason: to keep SyscallPolicy::PermissionMap private. 1111316 7 zan 2015-07-22 09:45:42 -0700 But the helper method can be private, just as the static one is now. 1111320 8 249285 zan 2015-07-22 09:50:16 -0700 Comment on attachment 249285 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it View in context: https://bugs.webkit.org/attachment.cgi?id=249285&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:125 > + SyscallPolicy::addPermissionToMap(path, permission, m_filePermission); This could still directly set the HashMap entry, only calling out a helper method (or some already existing API?) that canonicalizes the given path. 1111328 9 mcatanzaro 2015-07-22 10:07:06 -0700 (In reply to comment #7) > But the helper method can be private, just as the static one is now. Oh, the reason to implement it as a static member function instead of a non-static member function is that it doesn't require access to any member variables. I can make it non-static if you prefer that style, but that's not my preference. (In reply to comment #8) > This could still directly set the HashMap entry, only calling out a helper > method (or some already existing API?) that canonicalizes the given path. OK, I agree that would be nicer. 1111381 10 257286 mcatanzaro 2015-07-22 12:35:51 -0700 Created attachment 257286 Patch 1111442 11 mcatanzaro 2015-07-22 15:10:54 -0700 Committed r187190: <http://trac.webkit.org/changeset/187190> 249279 2015-03-23 15:02:39 -0700 2015-03-23 15:23:36 -0700 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it bug-142986-20150323170203.patch text/plain 2888 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTgxODI1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYTgyMjQyZmE5ODBkNzBk OTY1MGU5NzczNjUyMDQ0ZDJlYWYzMWZjNS4uNzhlNTVhYzNmMzFhMmJkOTNmMTRkMDYyZjgxYWU2 MGJhZDcyODY2NiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDIwIEBACiAyMDE1LTAzLTIzICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbU2VjY29t cF0gQ2Fub25pY2FsaXplIGZpbGVzeXN0ZW0gcGF0aCB3aGVuIHdoaXRlbGlzdGluZyBpdAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQyOTg2CisKKyAg ICAgICAgV2UgbmVlZCB0byBhbGxvdyBzeW1saW5rcyBpbiBvdXIgd2hpdGVsaXN0IHRvIGFsbG93 IHdoaXRlbGlzdGluZworICAgICAgICBsb2NhdGlvbnMgbGlrZSAvZXRjL2xvY2FsdGltZSB0aGF0 IGNvdWxkIGJlIGEgc3ltbGluayB0byBhbnl3aGVyZS4KKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9T eXNjYWxsUG9saWN5LmNwcDoKKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkUGVy bWlzc2lvblRvTWFwKTogQWRkZWQuIEZvbGxvd3Mgc3ltbGlua3MuCisgICAgICAgIChXZWJLaXQ6 OlN5c2NhbGxQb2xpY3k6OmFkZEZpbGVQZXJtaXNzaW9uKTogVXNlIGFkZFBlcm1pc3Npb25Ub01h cC4KKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGlyZWN0b3J5UGVybWlzc2lv bik6IFVzZSBhZGRQZXJtaXNzaW9uVG9NYXAuCisKKzIwMTUtMDMtMjMgIE1pY2hhZWwgQ2F0YW56 YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCiAgICAgICAgIFtTZWNjb21wXSBTZXQgYXBw cm9wcmlhdGUgZmlsdGVycyB3aGVuIHRyYXBwaW5nIHN5c2NhbGxzIGJ5IGRlZmF1bHQKICAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0Mjk4MwogCmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2Fs bFBvbGljeS5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMv U3lzY2FsbFBvbGljeS5jcHAKaW5kZXggMjM0N2ZkYjQ0ZjM0NTkxNzFhZmRmZmY0ZTczYzc2OWE1 NDhiMGU5NS4uZDY5YTU2OTIxYjU3MDQ4NTIzMjYyZWE2MzRjYzJjZjBmMmEwZDNlOCAxMDA2NDQK LS0tIGEvU291cmNlL1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQ b2xpY3kuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVy cy9TeXNjYWxsUG9saWN5LmNwcApAQCAtMzUsNiArMzUsNyBAQAogI2luY2x1ZGUgPHN5cy9zdGF0 Lmg+CiAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiAjaW5jbHVkZSA8dW5pc3RkLmg+CisjaW5jbHVk ZSA8d3RmL3RleHQvQ1N0cmluZy5oPgogCiBuYW1lc3BhY2UgV2ViS2l0IHsKIApAQCAtMTA2LDE4 ICsxMDcsMjkgQEAgYm9vbCBTeXNjYWxsUG9saWN5OjpoYXNQZXJtaXNzaW9uRm9yUGF0aChjb25z dCBjaGFyKiBwYXRoLCBQZXJtaXNzaW9uIHBlcm1pc3Npb24KICAgICByZXR1cm4gZmFsc2U7CiB9 CiAKK3ZvaWQgU3lzY2FsbFBvbGljeTo6YWRkUGVybWlzc2lvblRvTWFwKGNvbnN0IFN0cmluZyYg cGF0aCwgUGVybWlzc2lvbiBwZXJtaXNzaW9uLCBQZXJtaXNzaW9uTWFwJiBtYXApCit7CisgICAg Y2hhciogY2Fub25pY2FsaXplZFBhdGggPSBjYW5vbmljYWxpemVfZmlsZV9uYW1lKHBhdGgudXRm OCgpLmRhdGEoKSk7CisgICAgaWYgKGNhbm9uaWNhbGl6ZWRQYXRoKSB7CisgICAgICAgIG1hcC5z ZXQoU3RyaW5nOjpmcm9tVVRGOChjYW5vbmljYWxpemVkUGF0aCksIHBlcm1pc3Npb24pOworICAg ICAgICBmcmVlKGNhbm9uaWNhbGl6ZWRQYXRoKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKyAg ICBtYXAuc2V0KHBhdGgsIHBlcm1pc3Npb24pOworfQorCiB2b2lkIFN5c2NhbGxQb2xpY3k6OmFk ZEZpbGVQZXJtaXNzaW9uKGNvbnN0IFN0cmluZyYgcGF0aCwgUGVybWlzc2lvbiBwZXJtaXNzaW9u KQogewogICAgIEFTU0VSVCghcGF0aC5pc0VtcHR5KCkgJiYgcGF0aC5zdGFydHNXaXRoKCcvJykg ICYmICFwYXRoLmVuZHNXaXRoKCcvJykgJiYgIXBhdGguY29udGFpbnMoIi8vIikpOwogCi0gICAg bV9maWxlUGVybWlzc2lvbi5zZXQocGF0aCwgcGVybWlzc2lvbik7CisgICAgU3lzY2FsbFBvbGlj eTo6YWRkUGVybWlzc2lvblRvTWFwKHBhdGgsIHBlcm1pc3Npb24sIG1fZmlsZVBlcm1pc3Npb24p OwogfQogCiB2b2lkIFN5c2NhbGxQb2xpY3k6OmFkZERpcmVjdG9yeVBlcm1pc3Npb24oY29uc3Qg U3RyaW5nJiBwYXRoLCBQZXJtaXNzaW9uIHBlcm1pc3Npb24pCiB7CiAgICAgQVNTRVJUKHBhdGgu c3RhcnRzV2l0aCgnLycpICYmICFwYXRoLmNvbnRhaW5zKCIvLyIpICYmIChwYXRoLmxlbmd0aCgp ID09IDEgfHwgIXBhdGguZW5kc1dpdGgoJy8nKSkpOwogCi0gICAgbV9kaXJlY3RvcnlQZXJtaXNz aW9uLnNldChwYXRoLCBwZXJtaXNzaW9uKTsKKyAgICBTeXNjYWxsUG9saWN5OjphZGRQZXJtaXNz aW9uVG9NYXAocGF0aCwgcGVybWlzc2lvbiwgbV9kaXJlY3RvcnlQZXJtaXNzaW9uKTsKIH0KIAog dm9pZCBTeXNjYWxsUG9saWN5OjphZGREZWZhdWx0V2ViUHJvY2Vzc1BvbGljeShjb25zdCBXZWJQ cm9jZXNzQ3JlYXRpb25QYXJhbWV0ZXJzJiBwYXJhbWV0ZXJzKQo= 249281 2015-03-23 15:10:45 -0700 2015-03-23 15:18:33 -0700 [Linux] Improvements to SyscallPolicy bug-142986-20150323171009.patch text/plain 8171 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTgxODI1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggNzhlNTVhYzNmMzFhMmJk OTNmMTRkMDYyZjgxYWU2MGJhZDcyODY2Ni4uY2MzYjUyOGEzZTgwZmEyNTJlNmE0Y2UwZmI2MzMw YWM3MmFkNTk2YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDIxIEBACiAyMDE1LTAzLTIzICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbU2VjY29t cF0gRnVydGhlciBpbXByb3ZlbWVudHMgdG8gZGVmYXVsdCB3ZWIgcHJvY2VzcyBwb2xpY3kKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0Mjk4NworCisg ICAgICAgIFByb3ZpZGUgdmFyaW91cyBoZWxwZXIgZnVuY3Rpb25zIHRvIGFsbG93IG1vcmUgZmxl eGlibGUgY29uc3RydWN0aW9uIG9mCisgICAgICAgIGZpbGVzeXN0ZW0gYWNjZXNzIHBvbGljaWVz LgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEltcHJv dmUgdGhlIHBvbGljeS4gQWxzbywgcmVtb3ZlIGlmZGVmcyB0byByZWR1Y2UgcG90ZW50aWFsIGZv ciBicmVha2FnZSBpbiBub24tZGVmYXVsdAorICAgICAgICBjb25maWd1cmF0aW9ucy4KKworICAg ICAgICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcDoKKyAg ICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3kp OgorCisyMDE1LTAzLTIzICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNv bT4KKwogICAgICAgICBbU2VjY29tcF0gQ2Fub25pY2FsaXplIGZpbGVzeXN0ZW0gcGF0aCB3aGVu IHdoaXRlbGlzdGluZyBpdAogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9MTQyOTg2CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51 eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJl ZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmNwcAppbmRleCBkNjlhNTY5MjFi NTcwNDg1MjMyNjJlYTYzNGNjMmNmMGYyYTBkM2U4Li4wOTY3NmFiZDk4Yzg0MmI2YzAzMGIzYmZk ZTBmNTQzMGEzMDcyNzY5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgv U2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvU2hh cmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuY3BwCkBAIC0yOCw2ICsyOCw3 IEBACiAKICNpZiBFTkFCTEUoU0VDQ09NUF9GSUxURVJTKQogCisjaW5jbHVkZSAiQmFzZURpcmVj dG9yeS5oIgogI2luY2x1ZGUgIlBsdWdpblNlYXJjaFBhdGguaCIKICNpbmNsdWRlICJXZWJQcm9j ZXNzQ3JlYXRpb25QYXJhbWV0ZXJzLmgiCiAjaW5jbHVkZSA8bGliZ2VuLmg+CkBAIC0xNTIsMzAg KzE1MywzMCBAQCB2b2lkIFN5c2NhbGxQb2xpY3k6OmFkZERlZmF1bHRXZWJQcm9jZXNzUG9saWN5 KGNvbnN0IFdlYlByb2Nlc3NDcmVhdGlvblBhcmFtZXRlcgogICAgIC8vIGZpbGUgdW5sZXNzIHdo aXRlIGxpc3RlZCBiZWxsb3cgb3IgYnkgcGxhdGZvcm0uCiAgICAgYWRkRGlyZWN0b3J5UGVybWlz c2lvbihBU0NJSUxpdGVyYWwoIi8iKSwgTm90QWxsb3dlZCk7CiAKLSAgICAvLyBTaGFyZWQgbGli cmFyaWVzLCBwbHVnaW5zIGFuZCBmb250cy4KKyAgICAvLyBTeXN0ZW0gbGlicmFyeSBkaXJlY3Rv cmllcwogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvbGliIiksIFJl YWQpOwogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvbGliMzIiKSwg UmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9saWI2NCIp LCBSZWFkKTsKICAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3Vzci9s aWIiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91 c3IvbGliMzIiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVy YWwoIi91c3IvbGliNjQiKSwgUmVhZCk7Ci0gICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJ SUxpdGVyYWwoIi91c3Ivc2hhcmUiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lv bihBU0NJSUxpdGVyYWwoIi91c3IvbG9jYWwvbGliIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9y eVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdXNyL2xvY2FsL2xpYjMyIiksIFJlYWQpOworICAg IGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvdXNyL2xvY2FsL2xpYjY0Iiks IFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKExJQkRJUiks IFJlYWQpOwogCi0gICAgLy8gU3VwcG9ydCBmb3IgYWx0ZXJuYXRpdmUgaW5zdGFsbCBwcmVmaXhl cywgZS5nLiAvdXNyL2xvY2FsLgorICAgIC8vIFN5c3RlbSBkYXRhIGRpcmVjdG9yaWVzCisgICAg YWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3Ivc2hhcmUiKSwgUmVhZCk7 CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi91c3IvbG9jYWwvc2hh cmUiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoREFU QURJUiksIFJlYWQpOwotICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKExJ QkRJUiksIFJlYWQpOwogCi0gICAgLy8gUGx1Z2luIHNlYXJjaCBwYXRoCisgICAgLy8gTlBBUEkg cGx1Z2lucwogICAgIGZvciAoU3RyaW5nJiBwYXRoIDogcGx1Z2luc0RpcmVjdG9yaWVzKCkpCiAg ICAgICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24ocGF0aCwgUmVhZCk7CiAKICAgICAvLyBTU0wg Q2VydGlmaWNhdGVzLgogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIv ZXRjL3NzbC9jZXJ0cyIpLCBSZWFkKTsKIAotICAgIC8vIEZvbnRjb25maWcgY2FjaGUuCi0gICAg YWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9ldGMvZm9udHMiKSwgUmVhZCk7 Ci0gICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi92YXIvY2FjaGUvZm9u dGNvbmZpZyIpLCBSZWFkKTsKLQogICAgIC8vIEF1ZGlvIGRldmljZXMsIHJhbmRvbSBudW1iZXIg Z2VuZXJhdG9ycywgZXRjLgogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRlcmFs KCIvZGV2IiksIFJlYWRBbmRXcml0ZSk7CiAKQEAgLTIyMCw1NyArMjIxLDY0IEBAIHZvaWQgU3lz Y2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3koY29uc3QgV2ViUHJvY2Vzc0Ny ZWF0aW9uUGFyYW1ldGVyCiAgICAgLy8gTmVlZGVkIGJ5IGF0LXNwaTIuCiAgICAgYWRkRGlyZWN0 b3J5UGVybWlzc2lvbigiL3J1bi91c2VyLyIgKyBTdHJpbmc6Om51bWJlcihnZXR1aWQoKSksIFJl YWRBbmRXcml0ZSk7CiAKLSAgICAvLyBOZWVkZWQgYnkgV2ViS2l0J3MgbWVtb3J5IHByZXNzdXJl IGhhbmRsZXIKKyAgICAvLyBOZWVkZWQgYnkgV2ViS2l0J3MgbWVtb3J5IHByZXNzdXJlIGhhbmRs ZXIuCiAgICAgYWRkRmlsZVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvc3lzL2ZzL2Nncm91cC9t ZW1vcnkvbWVtb3J5LnByZXNzdXJlX2xldmVsIiksIFJlYWQpOwogICAgIGFkZEZpbGVQZXJtaXNz aW9uKEFTQ0lJTGl0ZXJhbCgiL3N5cy9mcy9jZ3JvdXAvbWVtb3J5L2Nncm91cC5ldmVudF9jb250 cm9sIiksIFJlYWQpOwogCi0gICAgY2hhciogaG9tZURpciA9IGdldGVudigiSE9NRSIpOwotICAg IGlmIChob21lRGlyKSB7Ci0gICAgICAgIC8vIFgxMSBjb25uZWN0aW9uIHRva2VuLgotICAgICAg ICBhZGRGaWxlUGVybWlzc2lvbihTdHJpbmc6OmZyb21VVEY4KGhvbWVEaXIpICsgIi8uWGF1dGhv cml0eSIsIFJlYWQpOwotICAgIH0KKyAgICAvLyBYMTEgY29ubmVjdGlvbiB0b2tlbi4KKyAgICBh ZGRGaWxlUGVybWlzc2lvbih1c2VySG9tZURpcmVjdG9yeSgpICsgIi8uWGF1dGhvcml0eSIsIFJl YWQpOwogCiAgICAgLy8gTUlNRSB0eXBlIHJlc29sdXRpb24uCi0gICAgY2hhciogZGF0YUhvbWVE aXIgPSBnZXRlbnYoIlhER19EQVRBX0hPTUUiKTsKLSAgICBpZiAoZGF0YUhvbWVEaXIpCi0gICAg ICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChkYXRhSG9tZURpcikg KyAiL21pbWUiLCBSZWFkKTsKLSAgICBlbHNlIGlmIChob21lRGlyKQotICAgICAgICBhZGREaXJl Y3RvcnlQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgoaG9tZURpcikgKyAiLy5sb2NhbC9zaGFy ZS9taW1lIiwgUmVhZCk7Ci0KLSNpZiBFTkFCTEUoV0VCR0wpIHx8IEVOQUJMRShBQ0NFTEVSQVRF RF8yRF9DQU5WQVMpCi0gICAgLy8gTmVlZGVkIG9uIG1vc3Qgbm9uLURlYmlhbiBkaXN0cm9zIGJ5 IGxpYnhzaG1mZW5jZSA8PSAxLjEsIG9yIG5ld2VyCi0gICAgLy8gbGlieHNobWZlbmNlIHdpdGgg b2xkZXIga2VybmVscyAobGludXggPD0gMy4xNiksIGZvciBEUkkzIHNoYXJlZCBtZW1vcnkuCi0g ICAgLy8gVHJ5IHJlbW92aW5nIHRoaXMgcGVybWlzc2lvbiB3aGVuIHdlIGNhbiByZWx5IG9uIGEg bmV3ZXIgbGlieHNobWZlbmNlLgotICAgIC8vIFNlZSBodHRwOi8vY29kZS5nb29nbGUuY29tL3Av Y2hyb21pdW0vaXNzdWVzL2RldGFpbD9pZD00MTU2ODEKLSAgICBhZGREaXJlY3RvcnlQZXJtaXNz aW9uKEFTQ0lJTGl0ZXJhbCgiL3Zhci90bXAiKSwgUmVhZEFuZFdyaXRlKTsKLQotICAgIC8vIE9w dGlvbmFsIE1lc2EgRFJJIGNvbmZpZ3VyYXRpb24gZmlsZQotICAgIGFkZEZpbGVQZXJtaXNzaW9u KEFTQ0lJTGl0ZXJhbCgiL2V0Yy9kcmlyYyIpLCBSZWFkKTsKLSAgICBpZiAoaG9tZURpcikKLSAg ICAgICAgYWRkRmlsZVBlcm1pc3Npb24oU3RyaW5nOjpmcm9tVVRGOChob21lRGlyKSArICIvLmRy aXJjIiwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbih1c2VyRGF0YURpcmVjdG9y eSgpICsgIi9taW1lIiwgUmVhZCk7CisKKyAgICAvLyBOZWVkZWQgYnkgTlZJRElBIHByb3ByaWV0 YXJ5IGdyYXBoaWNzIGRyaXZlci4KKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVzZXJIb21l RGlyZWN0b3J5KCkgKyAiLy5udiIsIFJlYWRBbmRXcml0ZSk7CiAKLSAgICAvLyBNZXNhIHVzZXMg dWRldi4KKyAgICAvLyBOZWVkZWQgYnkgdWRldgogICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24o QVNDSUlMaXRlcmFsKCIvZXRjL3VkZXYiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0b3J5UGVybWlz c2lvbihBU0NJSUxpdGVyYWwoIi9ydW4vdWRldiIpLCBSZWFkKTsKICAgICBhZGREaXJlY3RvcnlQ ZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3N5cy9idXMiKSwgUmVhZCk7CiAgICAgYWRkRGlyZWN0 b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMvY2xhc3MiKSwgUmVhZCk7CiAgICAgYWRk RGlyZWN0b3J5UGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9zeXMvZGV2aWNlcyIpLCBSZWFkKTsK LSNlbmRpZgogCi0gICAgLy8gTmVlZGVkIGJ5IE5WSURJQSBwcm9wcmlldGFyeSBncmFwaGljcyBk cml2ZXIKLSAgICBpZiAoaG9tZURpcikKLSAgICAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbihT dHJpbmc6OmZyb21VVEY4KGhvbWVEaXIpICsgIi8ubnYiLCBSZWFkQW5kV3JpdGUpOworICAgIC8v IFB1bHNlQXVkaW8KKyAgICBhZGRGaWxlUGVybWlzc2lvbihBU0NJSUxpdGVyYWwoIi9ldGMvYXNv dW5kLmNvbmYiKSwgUmVhZCk7CisgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lvbih1c2VyQ29uZmln RGlyZWN0b3J5KCkgKyAiLy5wdWxzZSIsIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Np b24odXNlckhvbWVEaXJlY3RvcnkoKSArICIvLnB1bHNlIiwgUmVhZCk7CisKKyAgICAvLyBNZXNh CisgICAgYWRkRmlsZVBlcm1pc3Npb24oQVNDSUlMaXRlcmFsKCIvZXRjL2RyaXJjIiksIFJlYWQp OworICAgIGFkZEZpbGVQZXJtaXNzaW9uKHVzZXJIb21lRGlyZWN0b3J5KCkgKyAiLy5kcmlyYyIs IFJlYWQpOworICAgIGFkZEZpbGVQZXJtaXNzaW9uKEFTQ0lJTGl0ZXJhbCgiL3N5cy9mcy9zZWxp bnV4L2Jvb2xlYW5zL2FsbG93X2V4ZWNtZW0iKSwgUmVhZCk7CisKKyAgICAvLyBHU3RyZWFtZXIK KyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKFN0cmluZzo6ZnJvbVVURjgoTElCRVhFQ0RJUikg KyAiL2dzdHJlYW1lci0xLjAiLCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVz ZXJEYXRhRGlyZWN0b3J5KCkgKyAiL2dzdHJlYW1lci0xLjAiLCBSZWFkKTsKKyAgICBhZGREaXJl Y3RvcnlQZXJtaXNzaW9uKHVzZXJDYWNoZURpcmVjdG9yeSgpICsgIi9nc3RyZWFtZXItMS4wIiwg UmVhZEFuZFdyaXRlKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVzZXJIb21lRGlyZWN0 b3J5KCkgKyAiLy5mcmVpMHItMSIsIFJlYWRBbmRXcml0ZSk7CisgICAgY2hhciogZ3N0cmVhbWVy UGx1Z2luRGlyZWN0b3J5ID0gZ2V0ZW52KCJHU1RfUExVR0lOX1BBVEhfMV8wIik7CisgICAgaWYg KGdzdHJlYW1lclBsdWdpbkRpcmVjdG9yeSkKKyAgICAgICAgYWRkRGlyZWN0b3J5UGVybWlzc2lv bihnc3RyZWFtZXJQbHVnaW5EaXJlY3RvcnksIFJlYWQpOworICAgIGNoYXIqIGdzdHJlYW1lclJl Z2lzdHJ5RmlsZSA9IGdldGVudigiR1NUX1JFR0lTVFJZXzFfMCIpOworICAgIGlmIChnc3RyZWFt ZXJSZWdpc3RyeUZpbGUpCisgICAgICAgIGFkZEZpbGVQZXJtaXNzaW9uKGdzdHJlYW1lclJlZ2lz dHJ5RmlsZSwgUmVhZEFuZFdyaXRlKTsKKworICAgIC8vIEZvbnRjb25maWcKKyAgICBhZGREaXJl Y3RvcnlQZXJtaXNzaW9uKHVzZXJDYWNoZURpcmVjdG9yeSgpICsgIi9mb250Y29uZmlnIiwgUmVh ZEFuZFdyaXRlKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVzZXJDb25maWdEaXJlY3Rv cnkoKSArICIvZm9udGNvbmZpZyIsIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24o dXNlckNvbmZpZ0RpcmVjdG9yeSgpICsgIi9mb250cyIsIFJlYWQpOworICAgIGFkZERpcmVjdG9y eVBlcm1pc3Npb24odXNlckRhdGFEaXJlY3RvcnkoKSArICIvZm9udHMiLCBSZWFkKTsKKyAgICBh ZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVzZXJIb21lRGlyZWN0b3J5KCkgKyAiL2ZvbnRjb25maWci LCBSZWFkKTsKKyAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKHVzZXJIb21lRGlyZWN0b3J5KCkg KyAiLy5mb250cyIsIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVNDSUlMaXRl cmFsKCIvZXRjL2ZvbnRzIiksIFJlYWQpOworICAgIGFkZERpcmVjdG9yeVBlcm1pc3Npb24oQVND SUlMaXRlcmFsKCIvdmFyL2NhY2hlL2ZvbnRjb25maWciKSwgUmVhZCk7CiAKICNpZmRlZiBTT1VS Q0VfRElSCiAgICAgLy8gRGV2ZWxvcGVycyB1c2luZyBidWlsZC13ZWJraXQgZXhwZWN0IHNvbWUg bGlicmFyaWVzIHRvIGJlIGxvYWRlZAogICAgIC8vIGZyb20gdGhlIGJ1aWxkIHJvb3QgZGlyZWN0 b3J5IGFuZCB0aGV5IGFsc28gbmVlZCBhY2Nlc3MgdG8gbGF5b3V0IHRlc3QKICAgICAvLyBmaWxl cy4gVGhlIGNvbnN0YW50IGlzIGRlZmluZWQgb25seSB3aGVuIGpoYnVpbGQgaXMgZGV0ZWN0ZWQs IHdoaWNoIGlzCiAgICAgLy8gYW4gaW5kaWNhdGlvbiBvZiBhIGRldmVsb3BtZW50IGJ1aWxkLgot ICAgIGNoYXIqIHNvdXJjZURpciA9IGNhbm9uaWNhbGl6ZV9maWxlX25hbWUoU09VUkNFX0RJUik7 Ci0gICAgaWYgKHNvdXJjZURpcikgewotICAgICAgICBhZGREaXJlY3RvcnlQZXJtaXNzaW9uKFN0 cmluZzo6ZnJvbVVURjgoc291cmNlRGlyKSwgU3lzY2FsbFBvbGljeTo6UmVhZEFuZFdyaXRlKTsK LSAgICAgICAgZnJlZShzb3VyY2VEaXIpOwotICAgIH0KKyAgICBhZGREaXJlY3RvcnlQZXJtaXNz aW9uKFN0cmluZzo6ZnJvbVVURjgoU09VUkNFX0RJUiksIFN5c2NhbGxQb2xpY3k6OlJlYWRBbmRX cml0ZSk7CiAjZW5kaWYKIH0KIAo= 249285 2015-03-23 15:23:39 -0700 2015-07-22 12:35:48 -0700 [Linux] Seccomp Filters: Canonicalize filesystem path when whitelisting it bug-142986-20150323172303.patch text/plain 3502 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTgxODI1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYTgyMjQyZmE5ODBkNzBk OTY1MGU5NzczNjUyMDQ0ZDJlYWYzMWZjNS4uNzhlNTVhYzNmMzFhMmJkOTNmMTRkMDYyZjgxYWU2 MGJhZDcyODY2NiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDIwIEBACiAyMDE1LTAzLTIzICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbU2VjY29t cF0gQ2Fub25pY2FsaXplIGZpbGVzeXN0ZW0gcGF0aCB3aGVuIHdoaXRlbGlzdGluZyBpdAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQyOTg2CisKKyAg ICAgICAgV2UgbmVlZCB0byBhbGxvdyBzeW1saW5rcyBpbiBvdXIgd2hpdGVsaXN0IHRvIGFsbG93 IHdoaXRlbGlzdGluZworICAgICAgICBsb2NhdGlvbnMgbGlrZSAvZXRjL2xvY2FsdGltZSB0aGF0 IGNvdWxkIGJlIGEgc3ltbGluayB0byBhbnl3aGVyZS4KKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFNoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9T eXNjYWxsUG9saWN5LmNwcDoKKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkUGVy bWlzc2lvblRvTWFwKTogQWRkZWQuIEZvbGxvd3Mgc3ltbGlua3MuCisgICAgICAgIChXZWJLaXQ6 OlN5c2NhbGxQb2xpY3k6OmFkZEZpbGVQZXJtaXNzaW9uKTogVXNlIGFkZFBlcm1pc3Npb25Ub01h cC4KKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRkRGlyZWN0b3J5UGVybWlzc2lv bik6IFVzZSBhZGRQZXJtaXNzaW9uVG9NYXAuCisKKzIwMTUtMDMtMjMgIE1pY2hhZWwgQ2F0YW56 YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCiAgICAgICAgIFtTZWNjb21wXSBTZXQgYXBw cm9wcmlhdGUgZmlsdGVycyB3aGVuIHRyYXBwaW5nIHN5c2NhbGxzIGJ5IGRlZmF1bHQKICAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0Mjk4MwogCmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2Fs bFBvbGljeS5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMv U3lzY2FsbFBvbGljeS5jcHAKaW5kZXggMjM0N2ZkYjQ0ZjM0NTkxNzFhZmRmZmY0ZTczYzc2OWE1 NDhiMGU5NS4uZDY5YTU2OTIxYjU3MDQ4NTIzMjYyZWE2MzRjYzJjZjBmMmEwZDNlOCAxMDA2NDQK LS0tIGEvU291cmNlL1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQ b2xpY3kuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVy cy9TeXNjYWxsUG9saWN5LmNwcApAQCAtMzUsNiArMzUsNyBAQAogI2luY2x1ZGUgPHN5cy9zdGF0 Lmg+CiAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiAjaW5jbHVkZSA8dW5pc3RkLmg+CisjaW5jbHVk ZSA8d3RmL3RleHQvQ1N0cmluZy5oPgogCiBuYW1lc3BhY2UgV2ViS2l0IHsKIApAQCAtMTA2LDE4 ICsxMDcsMjkgQEAgYm9vbCBTeXNjYWxsUG9saWN5OjpoYXNQZXJtaXNzaW9uRm9yUGF0aChjb25z dCBjaGFyKiBwYXRoLCBQZXJtaXNzaW9uIHBlcm1pc3Npb24KICAgICByZXR1cm4gZmFsc2U7CiB9 CiAKK3ZvaWQgU3lzY2FsbFBvbGljeTo6YWRkUGVybWlzc2lvblRvTWFwKGNvbnN0IFN0cmluZyYg cGF0aCwgUGVybWlzc2lvbiBwZXJtaXNzaW9uLCBQZXJtaXNzaW9uTWFwJiBtYXApCit7CisgICAg Y2hhciogY2Fub25pY2FsaXplZFBhdGggPSBjYW5vbmljYWxpemVfZmlsZV9uYW1lKHBhdGgudXRm OCgpLmRhdGEoKSk7CisgICAgaWYgKGNhbm9uaWNhbGl6ZWRQYXRoKSB7CisgICAgICAgIG1hcC5z ZXQoU3RyaW5nOjpmcm9tVVRGOChjYW5vbmljYWxpemVkUGF0aCksIHBlcm1pc3Npb24pOworICAg ICAgICBmcmVlKGNhbm9uaWNhbGl6ZWRQYXRoKTsKKyAgICAgICAgcmV0dXJuOworICAgIH0KKyAg ICBtYXAuc2V0KHBhdGgsIHBlcm1pc3Npb24pOworfQorCiB2b2lkIFN5c2NhbGxQb2xpY3k6OmFk ZEZpbGVQZXJtaXNzaW9uKGNvbnN0IFN0cmluZyYgcGF0aCwgUGVybWlzc2lvbiBwZXJtaXNzaW9u KQogewogICAgIEFTU0VSVCghcGF0aC5pc0VtcHR5KCkgJiYgcGF0aC5zdGFydHNXaXRoKCcvJykg ICYmICFwYXRoLmVuZHNXaXRoKCcvJykgJiYgIXBhdGguY29udGFpbnMoIi8vIikpOwogCi0gICAg bV9maWxlUGVybWlzc2lvbi5zZXQocGF0aCwgcGVybWlzc2lvbik7CisgICAgU3lzY2FsbFBvbGlj eTo6YWRkUGVybWlzc2lvblRvTWFwKHBhdGgsIHBlcm1pc3Npb24sIG1fZmlsZVBlcm1pc3Npb24p OwogfQogCiB2b2lkIFN5c2NhbGxQb2xpY3k6OmFkZERpcmVjdG9yeVBlcm1pc3Npb24oY29uc3Qg U3RyaW5nJiBwYXRoLCBQZXJtaXNzaW9uIHBlcm1pc3Npb24pCiB7CiAgICAgQVNTRVJUKHBhdGgu c3RhcnRzV2l0aCgnLycpICYmICFwYXRoLmNvbnRhaW5zKCIvLyIpICYmIChwYXRoLmxlbmd0aCgp ID09IDEgfHwgIXBhdGguZW5kc1dpdGgoJy8nKSkpOwogCi0gICAgbV9kaXJlY3RvcnlQZXJtaXNz aW9uLnNldChwYXRoLCBwZXJtaXNzaW9uKTsKKyAgICBTeXNjYWxsUG9saWN5OjphZGRQZXJtaXNz aW9uVG9NYXAocGF0aCwgcGVybWlzc2lvbiwgbV9kaXJlY3RvcnlQZXJtaXNzaW9uKTsKIH0KIAog dm9pZCBTeXNjYWxsUG9saWN5OjphZGREZWZhdWx0V2ViUHJvY2Vzc1BvbGljeShjb25zdCBXZWJQ cm9jZXNzQ3JlYXRpb25QYXJhbWV0ZXJzJiBwYXJhbWV0ZXJzKQpkaWZmIC0tZ2l0IGEvU291cmNl L1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuaCBiL1Nv dXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9saWN5LmgK aW5kZXggNGIzODg2ZTZlOTBhOWZjOTAxNzk5YmY3YmQ2ZTU4YzU0YWVhOGYyNi4uNjI5OTNkMGNm OWRlOTgxZDkyNDExOTUxNWY5MDUyNWFjZWIxNGUxYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktp dDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuaAorKysgYi9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5oCkBA IC01Niw2ICs1Niw3IEBAIHB1YmxpYzoKIAogcHJpdmF0ZToKICAgICB0eXBlZGVmIEhhc2hNYXA8 U3RyaW5nLCBpbnQ+IFBlcm1pc3Npb25NYXA7CisgICAgc3RhdGljIHZvaWQgYWRkUGVybWlzc2lv blRvTWFwKGNvbnN0IFN0cmluZyYgcGF0aCwgUGVybWlzc2lvbiwgUGVybWlzc2lvbk1hcCYpOwog ICAgIFBlcm1pc3Npb25NYXAgbV9maWxlUGVybWlzc2lvbjsKICAgICBQZXJtaXNzaW9uTWFwIG1f ZGlyZWN0b3J5UGVybWlzc2lvbjsKIH07Cg== 257286 2015-07-22 12:35:51 -0700 2015-07-22 13:26:31 -0700 Patch bug-142986-20150722143436.patch text/plain 2430 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTg3MTY1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggNTRhYTBiMzFmYjZhMTcw ZjBkMWFiNDRiZTk4NDQyYzM0ZDQ3NDEzOC4uNWRmNGIzMDAzZTg1OTk0MDhmZWI0NDk1YzgxZTUz OTVhYjhjODBkZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDE3IEBACiAyMDE1LTA3LTIyICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAorICAgICAgICBbU2VjY29t cF0gQ2Fub25pY2FsaXplIGZpbGVzeXN0ZW0gcGF0aCB3aGVuIHdoaXRlbGlzdGluZyBpdAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQyOTg2CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBTaGFyZWQvbGlu dXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHA6CisgICAgICAgIChXZWJLaXQ6OmNh bm9uaWNhbGl6ZUZpbGVOYW1lKToKKyAgICAgICAgKFdlYktpdDo6U3lzY2FsbFBvbGljeTo6YWRk RmlsZVBlcm1pc3Npb24pOgorICAgICAgICAoV2ViS2l0OjpTeXNjYWxsUG9saWN5OjphZGREaXJl Y3RvcnlQZXJtaXNzaW9uKToKKworMjAxNS0wNy0yMiAgTWljaGFlbCBDYXRhbnphcm8gIDxtY2F0 YW56YXJvQGlnYWxpYS5jb20+CisKICAgICAgICAgW1NlY2NvbXAgRmlsdGVyc10gQWRkIGhlbHBl cnMgdG8gZ2V0IFhERyBiYXNlIGRpcmVjdG9yeSBsb2NhdGlvbnMKICAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0Mjk4MgogCmRpZmYgLS1naXQgYS9Tb3Vy Y2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGljeS5jcHAg Yi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvbGludXgvU2VjY29tcEZpbHRlcnMvU3lzY2FsbFBvbGlj eS5jcHAKaW5kZXggYjIzNzZmNzM0ZTU5OGJjODZiZjIwZTRiZDJkNzI4OGIzOGU2NDc1Ny4uNmYx MzU1ZTI2Yjc5MzFmYTJjNzc4NzkyNjBkNTBhOWU1ZDdkNzQ2MyAxMDA2NDQKLS0tIGEvU291cmNl L1dlYktpdDIvU2hhcmVkL2xpbnV4L1NlY2NvbXBGaWx0ZXJzL1N5c2NhbGxQb2xpY3kuY3BwCisr KyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9saW51eC9TZWNjb21wRmlsdGVycy9TeXNjYWxsUG9s aWN5LmNwcApAQCAtMTA2LDE4ICsxMDYsMjkgQEAgYm9vbCBTeXNjYWxsUG9saWN5OjpoYXNQZXJt aXNzaW9uRm9yUGF0aChjb25zdCBjaGFyKiBwYXRoLCBQZXJtaXNzaW9uIHBlcm1pc3Npb24KICAg ICByZXR1cm4gZmFsc2U7CiB9CiAKK3N0YXRpYyBTdHJpbmcgY2Fub25pY2FsaXplRmlsZU5hbWUo Y29uc3QgU3RyaW5nJiBwYXRoKQoreworICAgIGNoYXIqIGNhbm9uaWNhbGl6ZWRQYXRoID0gY2Fu b25pY2FsaXplX2ZpbGVfbmFtZShwYXRoLnV0ZjgoKS5kYXRhKCkpOworICAgIGlmIChjYW5vbmlj YWxpemVkUGF0aCkgeworICAgICAgICBTdHJpbmcgcmVzdWx0ID0gU3RyaW5nOjpmcm9tVVRGOChj YW5vbmljYWxpemVkUGF0aCk7CisgICAgICAgIGZyZWUoY2Fub25pY2FsaXplZFBhdGgpOworICAg ICAgICByZXR1cm4gcmVzdWx0OworICAgIH0KKyAgICByZXR1cm4gcGF0aDsKK30KKwogdm9pZCBT eXNjYWxsUG9saWN5OjphZGRGaWxlUGVybWlzc2lvbihjb25zdCBTdHJpbmcmIHBhdGgsIFBlcm1p c3Npb24gcGVybWlzc2lvbikKIHsKICAgICBBU1NFUlQoIXBhdGguaXNFbXB0eSgpICYmIHBhdGgu c3RhcnRzV2l0aCgnLycpICAmJiAhcGF0aC5lbmRzV2l0aCgnLycpICYmICFwYXRoLmNvbnRhaW5z KCIvLyIpKTsKIAotICAgIG1fZmlsZVBlcm1pc3Npb24uc2V0KHBhdGgsIHBlcm1pc3Npb24pOwor ICAgIG1fZmlsZVBlcm1pc3Npb24uc2V0KGNhbm9uaWNhbGl6ZUZpbGVOYW1lKHBhdGgpLCBwZXJt aXNzaW9uKTsKIH0KIAogdm9pZCBTeXNjYWxsUG9saWN5OjphZGREaXJlY3RvcnlQZXJtaXNzaW9u KGNvbnN0IFN0cmluZyYgcGF0aCwgUGVybWlzc2lvbiBwZXJtaXNzaW9uKQogewogICAgIEFTU0VS VChwYXRoLnN0YXJ0c1dpdGgoJy8nKSAmJiAhcGF0aC5jb250YWlucygiLy8iKSAmJiAocGF0aC5s ZW5ndGgoKSA9PSAxIHx8ICFwYXRoLmVuZHNXaXRoKCcvJykpKTsKIAotICAgIG1fZGlyZWN0b3J5 UGVybWlzc2lvbi5zZXQocGF0aCwgcGVybWlzc2lvbik7CisgICAgbV9kaXJlY3RvcnlQZXJtaXNz aW9uLnNldChjYW5vbmljYWxpemVGaWxlTmFtZShwYXRoKSwgcGVybWlzc2lvbik7CiB9CiAKIHZv aWQgU3lzY2FsbFBvbGljeTo6YWRkRGVmYXVsdFdlYlByb2Nlc3NQb2xpY3koY29uc3QgV2ViUHJv Y2Vzc0NyZWF0aW9uUGFyYW1ldGVycyYgcGFyYW1ldGVycykK