194906 2019-02-21 10:08:41 -0800 Same Site Lax cookies are not sent with cross-site redirect from client-initiated load 2020-12-09 16:26:00 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Local Build All All RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=184987 https://bugs.webkit.org/show_bug.cgi?id=194933 https://bugs.webkit.org/show_bug.cgi?id=219650 InRadar P2 Normal --- 1 dbates dbates beidson bfulgham cdumez csaavedra ews-watchlist flavio japhet tsavell webkit-bug-importer oldest_to_newest 1508559 0 dbates 2019-02-21 10:08:41 -0800 You can see this using Twitter. Here is one way to trigger this bug: 1. Sign into Twitter.com. 2. Visit <https://iosdevweekly.com/issues/388#HfB24p3>. 3. Command + click the twitter.com hyperlink Then the opened page will display the error message "403 Forbidden: Then server understood the request, but is refusing to fulfill it." But you should see the linked tweet. 1508560 1 dbates 2019-02-21 10:08:54 -0800 <rdar://problem/44305947> 1508570 2 362618 dbates 2019-02-21 10:31:59 -0800 Created attachment 362618 Patch and layout test 1508589 3 362618 bfulgham 2019-02-21 11:26:09 -0800 Comment on attachment 362618 Patch and layout test View in context: https://bugs.webkit.org/attachment.cgi?id=362618&action=review Looks good. I thought of some ideas for possible future improvements (see comments). > Source/WebCore/loader/FrameLoader.cpp:2889 > + request.setIsTopSite(isMainResource && m_frame.isMainFrame()); It looks like the concept of 'isTopSite' is used elsewhere in FrameLoader (e.g., L2871). I wonder if we should have a helper: bool isTopSite(bool isMainResource) const { return isMainResource && m_frame.isMainFrame(); } > LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt:9 > +PASS Has cookie "normal" with value 27. Do we have a test for Same-Site HTTP-only cookies that are visible servers, but are not exposed to DOM? That's not really relevant to this Lax cookie case, but would be good to make sure we never regress HTTP-only cookies being isolated from the WebContent process. 1508715 4 362618 dbates 2019-02-21 15:53:19 -0800 Comment on attachment 362618 Patch and layout test View in context: https://bugs.webkit.org/attachment.cgi?id=362618&action=review >> Source/WebCore/loader/FrameLoader.cpp:2889 >> + request.setIsTopSite(isMainResource && m_frame.isMainFrame()); > > It looks like the concept of 'isTopSite' is used elsewhere in FrameLoader (e.g., L2871). I wonder if we should have a helper: > > bool isTopSite(bool isMainResource) const { return isMainResource && m_frame.isMainFrame(); } Will clean up using a local variable, isMainResource, is a param specific to this function. >> LayoutTests/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt:9 >> +PASS Has cookie "normal" with value 27. > > Do we have a test for Same-Site HTTP-only cookies that are visible servers, but are not exposed to DOM? That's not really relevant to this Lax cookie case, but would be good to make sure we never regress HTTP-only cookies being isolated from the WebContent process. No, we don't. $ grep -Rli "httpOnly" LayoutTests/http/ LayoutTests/http//tests/websocket/tests/hybi/cookie_wsh.py LayoutTests/http//tests/websocket/tests/hybi/secure-cookie-secure-connection.pl LayoutTests/http//tests/websocket/tests/hybi/httponly-cookie.pl LayoutTests/http//tests/websocket/tests/hybi/contentextensions/block-cookies-worker.php LayoutTests/http//tests/websocket/tests/hybi/contentextensions/block-cookies.php LayoutTests/http//tests/websocket/tests/hybi/httponly-cookie-expected.txt LayoutTests/http//tests/inspector/network/har/har-page.html LayoutTests/http//tests/inspector/network/har/har-page-expected.txt LayoutTests/http//tests/appcache/document-cookie-http-only-expected.txt LayoutTests/http//tests/appcache/document-cookie-http-only.php LayoutTests/http//tests/cookies/js-get-and-set-http-only-cookie.html LayoutTests/http//tests/cookies/js-get-and-set-http-only-cookie-expected.txt Lacking test coverage for HTTP only cookies in general. Anyway, this is tangential to this bug. So, I suggest we solve the test shortage in another. Feel free to open such a bug. 1508717 5 dbates 2019-02-21 15:54:48 -0800 Committed r241918: <https://trac.webkit.org/changeset/241918> 1508766 6 tsavell 2019-02-21 17:04:36 -0800 The new test http/tests/cookies/same-site/user-load-cross-site-redirect.php Added in https://trac.webkit.org/changeset/241918/webkit is failing on Mojave WK1. History: http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fcookies%2Fsame-site%2Fuser-load-cross-site-redirect.php Diff: --- /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/cookies/same-site/user-load-cross-site-redirect-expected.txt +++ /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/cookies/same-site/user-load-cross-site-redirect-actual.txt @@ -4,7 +4,7 @@ Cookies sent with HTTP request: -PASS Do not have cookie "strict". +FAIL Should not have cookie "strict". But do with value 27. PASS Has cookie "lax" with value 27. PASS Has cookie "normal" with value 27. @@ -13,6 +13,7 @@ PASS Has DOM cookie "lax" with value 27. PASS Has DOM cookie "normal" with value 27. PASS successfullyParsed is true +Some tests failed. TEST COMPLETE 1508900 7 dbates 2019-02-21 22:48:19 -0800 (In reply to Truitt Savell from comment #6) > The new test http/tests/cookies/same-site/user-load-cross-site-redirect.php > > Added in https://trac.webkit.org/changeset/241918/webkit > > is failing on Mojave WK1. History: > http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard. > html#showAllRuns=true&tests=http%2Ftests%2Fcookies%2Fsame-site%2Fuser-load- > cross-site-redirect.php > > Diff: > --- > /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/ > tests/cookies/same-site/user-load-cross-site-redirect-expected.txt > +++ > /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/ > tests/cookies/same-site/user-load-cross-site-redirect-actual.txt > @@ -4,7 +4,7 @@ > > > Cookies sent with HTTP request: > -PASS Do not have cookie "strict". > +FAIL Should not have cookie "strict". But do with value 27. > PASS Has cookie "lax" with value 27. > PASS Has cookie "normal" with value 27. > > @@ -13,6 +13,7 @@ > PASS Has DOM cookie "lax" with value 27. > PASS Has DOM cookie "normal" with value 27. > PASS successfullyParsed is true > +Some tests failed. > > TEST COMPLETE This failure reveals an existing bug. That is, this patch did not cause a regression. As the primary purpose of this test and this bug is the behavior of Same Site Lax cookies I have amended the test and test result to skip the failing sub-test for now to get the bots green. Committed fix in <https://trac.webkit.org/changeset/241931>. Will investigate the sub-test failure in bug #194933. 1522270 8 cdumez 2019-03-28 15:56:42 -0700 *** Bug 196375 has been marked as a duplicate of this bug. *** 362618 2019-02-21 10:31:59 -0800 2019-02-21 11:26:09 -0800 Patch and layout test bug-194906-20190221103156.patch text/plain 8466 dbates U3VidmVyc2lvbiBSZXZpc2lvbjogMjQxODYwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMjYyNzdlYTVlNjQyMmVk MGFiMzRkZmZmNDIxZmE3Y2JjMzI2NjEyMy4uZDY2NTdkY2IzNTM0NmI2YjFiYTUzYjVjNGIwZTQx ODY3MDc2ZjBiMyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDM5IEBACisyMDE5LTAyLTIxICBEYW5p ZWwgQmF0ZXMgIDxkYWJhdGVzQGFwcGxlLmNvbT4KKworICAgICAgICBTYW1lIFNpdGUgTGF4IGNv b2tpZXMgYXJlIG5vdCBzZW50IHdpdGggY3Jvc3Mtc2l0ZSByZWRpcmVjdCBmcm9tIGNsaWVudC1p bml0aWF0ZWQgbG9hZAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTk0OTA2CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS80NDMwNTk0Nz4KKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBFbnN1cmUgdGhhdCBhIHJl cXVlc3QgZm9yIGEgdG9wLWxldmVsIG5hdmlnYXRpb24gaXMgYW5ub3RhdGVkIGFzIHN1Y2ggcmVn YXJkbGVzcyBvZiB3aGV0aGVyCisgICAgICAgIHRoZSByZXF1ZXN0IGhhcyBhIGNvbXB1dGVkIFNh bWUgU2l0ZSBwb2xpY3kuCisKKyAgICAgICAgIk5ldyBsb2FkcyIgaW5pdGlhdGVkIGJ5IGEgdGhl IGNsaWVudCAoU2FmYXJpKSBlaXRoZXIgYnkgQVBJIG9yIGEgaHVtYW4gZWl0aGVyIGV4cGxpY2l0 bHkKKyAgICAgICAgdHlwaW5nIGEgVVJMIGluIHRoZSBhZGRyZXNzIGJhciBvciBDb21tYW5kICsg Y2xpY2tpbmcgYSBoeXBlcmxpbmsgdG8gb3BlbiBpdCBpbiBhIG5ldyB3aW5kb3cvdGFiCisgICAg ICAgIGFyZSBhbHdheXMgY29uc2lkZXJlZCBTYW1lIFNpdGUuIFRoaXMgaXMgYnkgZGVmaW5pdGlv biBmcm9tIHRoZSBzcGVjLiBbMV0gYXMgd2UgYXJlbid0IG5hdmlnYXRpbmcKKyAgICAgICAgZnJv bSBhbiBleGlzdGluZyBwYWdlLiAoQ29tbWFuZCArIGNsaWNrIHNob3VsZCBiZSB0aG91Z2h0IG9m IGFzIGEgY29udmVuaWVuY2UgdG8gdGhlIHVzZXIgZnJvbQorICAgICAgICBoYXZpbmcgdG8gY29w eSB0aGUgaHlwZXJsaW5rJ3MgVVJMLCBjcmVhdGUgYSBuZXcgd2luZG93LCBhbmQgcGFzdGUgdGhl IFVSTCBpbnRvIHRoZSBhZGRyZXNzIGJhcikuCisgICAgICAgIEN1cnJlbnRseSB0aGUgZnJhbWUg bG9hZGVyIG1hcmtzIGEgcmVxdWVzdCBhcyBhIHRvcC1sZXZlbCBuYXZpZ2F0aW9uIGlmIGFuZCBv bmx5IGlmIHRoZSByZXF1ZXN0CisgICAgICAgIGRvZXMgbm90IGhhdmUgYSBwcmUtY29tcHV0ZWQg U2FtZSBTaXRlIHBvbGljeS4gSG93ZXZlciwgIk5ldyBsb2FkcyIgaGF2ZSBhIHByZS1jb21wdXRl ZCBTYW1lIFNpdGUKKyAgICAgICAgcG9saWN5LiBTbywgdGhlc2UgbG9hZHMgd291bGQgbmV2ZXIg YmUgbWFya2VkIGFzIGEgdG9wLWxldmVsIG5hdmlnYXRpb24gYnkgdGhlIGZyYW1lIGxvYWRpbmcg Y29kZS4KKyAgICAgICAgVGhlcmVmb3JlLCBpZiB0aGUgIm5ldyBsb2FkIiB0dXJuZWQgb3V0IHRv IGJlIGEgY3Jvc3Mtc2l0ZSByZWRpcmVjdCB0aGVuIFdlYktpdCB3b3VsZCBpbmNvcnJlY3RseQor ICAgICAgICB0ZWxsIHRoZSBuZXR3b3JraW5nIHN0YWNrIHRoYXQgdGhlIGxvYWQgd2FzIGEgY3Jv c3Mtc2l0ZSwgbm9uLXRvcC1sZXZlbCBuYXZpZ2F0aW9uLCBhbmQgcGVyIHRoZQorICAgICAgICBT YW1lIFNpdGUgc3BlYyBbMl0sIHRoZSBuZXR3b3JraW5nIHN0YWNrIHdvdWxkIG5vdCBzZW5kIFNh bWUgU2l0ZSBMYXggY29va2llcy4gSW5zdGVhZCwKKyAgICAgICAgV2ViS2l0IHNob3VsZCB1bmNv bmRpdGlvbmFsbHkgZW5zdXJlIHRoYXQgcmVxdWVzdHMgYXJlIG1hcmtlZCBhcyBhIHRvcC1sZXZl bCBuYXZpZ2F0aW9uLCBpZiBhcHBsaWNhYmxlLgorCisgICAgICAgIFsxXSBTZWUgTm90ZSBmb3Ig KDEpIGluICA8aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtaHR0cGJpcy1y ZmM2MjY1YmlzLTAyI3NlY3Rpb24tNS4yPgorICAgICAgICBbMl0gPGh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWh0dHBiaXMtcmZjNjI2NWJpcy0wMiNzZWN0aW9uLTUuMy43 LjE+CisKKyAgICAgICAgVGVzdDogaHR0cC90ZXN0cy9jb29raWVzL3NhbWUtc2l0ZS91c2VyLWxv YWQtY3Jvc3Mtc2l0ZS1yZWRpcmVjdC5waHAKKworICAgICAgICAqIGxvYWRlci9GcmFtZUxvYWRl ci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpGcmFtZUxvYWRlcjo6YWRkRXh0cmFGaWVsZHNUb1Jl cXVlc3QpOiBVbmNvbmRpdGlvbmFsbHkgdXBkYXRlIHRoZSByZXF1ZXN0J3MgdG9wLQorICAgICAg ICBsZXZlbCBuYXZpZ2F0aW9uIGJpdC4KKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL1Jlc291 cmNlUmVxdWVzdEJhc2UuY3BwOgorICAgICAgICAoV2ViQ29yZTo6UmVzb3VyY2VSZXF1ZXN0QmFz ZTo6c2V0QXNJc29sYXRlZENvcHkpOiBVbmNvbmRpdGlvbmFsbHkgY29weSBhIHJlcXVlc3QncyB0 b3AtCisgICAgICAgIGxldmVsIG5hdmlnYXRpb24gYml0LgorCiAyMDE5LTAyLTIwICBTaW1vbiBG cmFzZXIgIDxzaW1vbi5mcmFzZXJAYXBwbGUuY29tPgogCiAgICAgICAgIFJFR1JFU1NJT04gKDI0 MDY5OCk6IEZpeGVkIHBvc2l0aW9uIGJhbm5lcnMgZmxpY2tlciBhbmQgbW92ZSB3aGVuIHNjcm9s bGluZyBvbiBpT1MKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9GcmFtZUxvYWRl ci5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvRnJhbWVMb2FkZXIuY3BwCmluZGV4IDEwOWI3 ZDM1NWQxNDI1MzFjNDI1MDZlZTcxZjVmZDYyMGNhY2UwMmIuLmE2MTFkYzc0MzczODAyMjBkOTMz YjU1NGQ3OTYzY2ZjZjUxNTJjZmEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9G cmFtZUxvYWRlci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvbG9hZGVyL0ZyYW1lTG9hZGVyLmNw cApAQCAtMjg4NSw4ICsyODg1LDggQEAgdm9pZCBGcmFtZUxvYWRlcjo6YWRkRXh0cmFGaWVsZHNU b1JlcXVlc3QoUmVzb3VyY2VSZXF1ZXN0JiByZXF1ZXN0LCBGcmFtZUxvYWRUeXAKICAgICAgICAg ICAgIEFTU0VSVChvd25lckZyYW1lIHx8IG1fZnJhbWUuaXNNYWluRnJhbWUoKSk7CiAgICAgICAg IH0KICAgICAgICAgYWRkU2FtZVNpdGVJbmZvVG9SZXF1ZXN0SWZOZWVkZWQocmVxdWVzdCwgaW5p dGlhdG9yKTsKLSAgICAgICAgcmVxdWVzdC5zZXRJc1RvcFNpdGUoaXNNYWluUmVzb3VyY2UgJiYg bV9mcmFtZS5pc01haW5GcmFtZSgpKTsKICAgICB9CisgICAgcmVxdWVzdC5zZXRJc1RvcFNpdGUo aXNNYWluUmVzb3VyY2UgJiYgbV9mcmFtZS5pc01haW5GcmFtZSgpKTsKIAogICAgIFBhZ2UqIHBh Z2UgPSBmcmFtZSgpLnBhZ2UoKTsKICAgICBib29sIGhhc1NwZWNpZmljQ2FjaGVQb2xpY3kgPSBy ZXF1ZXN0LmNhY2hlUG9saWN5KCkgIT0gUmVzb3VyY2VSZXF1ZXN0Q2FjaGVQb2xpY3k6OlVzZVBy b3RvY29sQ2FjaGVQb2xpY3k7CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9u ZXR3b3JrL1Jlc291cmNlUmVxdWVzdEJhc2UuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0v bmV0d29yay9SZXNvdXJjZVJlcXVlc3RCYXNlLmNwcAppbmRleCA2MjVhYzUxZjdlMzljMTllMzJm YmNiNTJkNjJhNzRmZmVjYzFiMjczLi5kNTQwZjQ0YzNiZDI5NDQ0MDhlNjdkYzUyMjdhNDdlYzM0 MWMwNTI3IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL1Jlc291 cmNlUmVxdWVzdEJhc2UuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsv UmVzb3VyY2VSZXF1ZXN0QmFzZS5jcHAKQEAgLTcwLDEwICs3MCw5IEBAIHZvaWQgUmVzb3VyY2VS ZXF1ZXN0QmFzZTo6c2V0QXNJc29sYXRlZENvcHkoY29uc3QgUmVzb3VyY2VSZXF1ZXN0JiBvdGhl cikKICAgICBpZiAoYXV0byBpbnNwZWN0b3JJbml0aWF0b3JOb2RlSWRlbnRpZmllciA9IG90aGVy Lmluc3BlY3RvckluaXRpYXRvck5vZGVJZGVudGlmaWVyKCkpCiAgICAgICAgIHNldEluc3BlY3Rv ckluaXRpYXRvck5vZGVJZGVudGlmaWVyKCppbnNwZWN0b3JJbml0aWF0b3JOb2RlSWRlbnRpZmll cik7CiAKLSAgICBpZiAoIW90aGVyLmlzU2FtZVNpdGVVbnNwZWNpZmllZCgpKSB7CisgICAgaWYg KCFvdGhlci5pc1NhbWVTaXRlVW5zcGVjaWZpZWQoKSkKICAgICAgICAgc2V0SXNTYW1lU2l0ZShv dGhlci5pc1NhbWVTaXRlKCkpOwotICAgICAgICBzZXRJc1RvcFNpdGUob3RoZXIuaXNUb3BTaXRl KCkpOwotICAgIH0KKyAgICBzZXRJc1RvcFNpdGUob3RoZXIuaXNUb3BTaXRlKCkpOwogCiAgICAg dXBkYXRlUmVzb3VyY2VSZXF1ZXN0KCk7CiAgICAgbV9odHRwSGVhZGVyRmllbGRzID0gb3RoZXIu aHR0cEhlYWRlckZpZWxkcygpLmlzb2xhdGVkQ29weSgpOwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVz dHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCmluZGV4IGYzNDQyNzBhYWJlMDE0 OGFlOTNlZWY0ZTgyMDc2NjU0NWU4YjRlZTkuLjgyMTYzYWZkMzQzZjM1YzcyNDBlZDI1NThhZTJj YjY2M2U5YTI1MGYgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlv dXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNyBAQAorMjAxOS0wMi0yMSAgRGFuaWVsIEJh dGVzICA8ZGFiYXRlc0BhcHBsZS5jb20+CisKKyAgICAgICAgU2FtZSBTaXRlIExheCBjb29raWVz IGFyZSBub3Qgc2VudCB3aXRoIGNyb3NzLXNpdGUgcmVkaXJlY3QgZnJvbSBjbGllbnQtaW5pdGlh dGVkIGxvYWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE5NDkwNgorICAgICAgICA8cmRhcjovL3Byb2JsZW0vNDQzMDU5NDc+CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQWRkIGEgdGVzdCB0aGF0IGlzIHJl cHJlc2VudGF0aXZlIG9mIGEgdXNlciBsb2FkaW5nIGEgY3Jvc3Mtc2l0ZSBwYWdlIHRoYXQgcmVk aXJlY3RzCisgICAgICAgIHRvIGEgcGFnZSB0aGF0IGV4cGVjdHMgU2FtZSBTaXRlIExheCBjb29r aWVzLgorCisgICAgICAgICogaHR0cC90ZXN0cy9jb29raWVzL3NhbWUtc2l0ZS91c2VyLWxvYWQt Y3Jvc3Mtc2l0ZS1yZWRpcmVjdC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGh0dHAv dGVzdHMvY29va2llcy9zYW1lLXNpdGUvdXNlci1sb2FkLWNyb3NzLXNpdGUtcmVkaXJlY3QucGhw OiBBZGRlZC4KKwogMjAxOS0wMi0yMCAgQW50dGkgS29pdmlzdG8gIDxhbnR0aUBhcHBsZS5jb20+ CiAKICAgICAgICAgTWFrZSBwcm9ncmFtbWF0aWMgZnJhbWUgc2Nyb2xsaW5nIHdvcmsgb24gaU9T CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL2Nvb2tpZXMvc2FtZS1zaXRlL3Vz ZXItbG9hZC1jcm9zcy1zaXRlLXJlZGlyZWN0LWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2h0 dHAvdGVzdHMvY29va2llcy9zYW1lLXNpdGUvdXNlci1sb2FkLWNyb3NzLXNpdGUtcmVkaXJlY3Qt ZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmIwZjI5ZmQ0NDlmMjJiYzVkZWY3ZjM0ZWM3N2Q3NjVm NTE0NGRhZWEKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL2Nvb2tp ZXMvc2FtZS1zaXRlL3VzZXItbG9hZC1jcm9zcy1zaXRlLXJlZGlyZWN0LWV4cGVjdGVkLnR4dApA QCAtMCwwICsxLDE4IEBACitUaGlzIHRlc3QgaXMgcmVwcmVzZW50YXRpdmUgb2YgYSB1c2VyIHRo YXQgbG9hZHMgYSBzaXRlLCB2aWEgdGhlIGFkZHJlc3MgYmFyIG9yIENvbW1hbmQgKyBjbGlja2lu ZyBhIGh5cGVybGluaywgdGhhdCByZWRpcmVjdHMgdG8gYSBjcm9zcy1zaXRlIHBhZ2UgdGhhdCBl eHBlY3RzIGl0cyBTYW1lU2l0ZSBMYXggY29va2llcy4KKworT24gc3VjY2VzcywgeW91IHdpbGwg c2VlIGEgc2VyaWVzIG9mICJQQVNTIiBtZXNzYWdlcywgZm9sbG93ZWQgYnkgIlRFU1QgQ09NUExF VEUiLgorCisKK0Nvb2tpZXMgc2VudCB3aXRoIEhUVFAgcmVxdWVzdDoKK1BBU1MgRG8gbm90IGhh dmUgY29va2llICJzdHJpY3QiLgorUEFTUyBIYXMgY29va2llICJsYXgiIHdpdGggdmFsdWUgMjcu CitQQVNTIEhhcyBjb29raWUgIm5vcm1hbCIgd2l0aCB2YWx1ZSAyNy4KKworQ29va2llcyB2aXNp YmxlIGluIERPTToKK1BBU1MgRG8gbm90IGhhdmUgRE9NIGNvb2tpZSAic3RyaWN0Ii4KK1BBU1Mg SGFzIERPTSBjb29raWUgImxheCIgd2l0aCB2YWx1ZSAyNy4KK1BBU1MgSGFzIERPTSBjb29raWUg Im5vcm1hbCIgd2l0aCB2YWx1ZSAyNy4KK1BBU1Mgc3VjY2Vzc2Z1bGx5UGFyc2VkIGlzIHRydWUK KworVEVTVCBDT01QTEVURQorCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL2Nv b2tpZXMvc2FtZS1zaXRlL3VzZXItbG9hZC1jcm9zcy1zaXRlLXJlZGlyZWN0LnBocCBiL0xheW91 dFRlc3RzL2h0dHAvdGVzdHMvY29va2llcy9zYW1lLXNpdGUvdXNlci1sb2FkLWNyb3NzLXNpdGUt cmVkaXJlY3QucGhwCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmNhMWZmYTdiN2JkNWE4ZmQ3MTE0MjgzNzU2Yzk1MWI0 YjBiYWVlNTYKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL2Nvb2tp ZXMvc2FtZS1zaXRlL3VzZXItbG9hZC1jcm9zcy1zaXRlLXJlZGlyZWN0LnBocApAQCAtMCwwICsx LDQ1IEBACis8P3BocAorICAgIGluY2x1ZGVfb25jZSgiLi4vcmVzb3VyY2VzL2Nvb2tpZS11dGls aXRpZXMucGhwIik7CisKKyAgICBpZiAoaG9zdG5hbWVJc0VxdWFsVG9TdHJpbmcoIjEyNy4wLjAu MSIpICYmIGVtcHR5KCRfU0VSVkVSWyJRVUVSWV9TVFJJTkciXSkpIHsKKyAgICAgICAgd2tTZXRD b29raWUoInN0cmljdCIsICIyNyIsIEFycmF5KCJTYW1lU2l0ZSIgPT4gIlN0cmljdCIsICJNYXgt QWdlIiA9PiAxMDAsICJwYXRoIiA9PiAiLyIpKTsKKyAgICAgICAgd2tTZXRDb29raWUoImxheCIs ICIyNyIsIEFycmF5KCJTYW1lU2l0ZSIgPT4gIkxheCIsICJNYXgtQWdlIiA9PiAxMDAsICJwYXRo IiA9PiAiLyIpKTsKKyAgICAgICAgd2tTZXRDb29raWUoIm5vcm1hbCIsICIyNyIsIEFycmF5KCJN YXgtQWdlIiA9PiAxMDAsICJwYXRoIiA9PiAiLyIpKTsKKyAgICAgICAgaGVhZGVyKCJMb2NhdGlv bjogaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Jlc291cmNlcy9yZWRpcmVjdC5waHA/dXJsPSIgLiB1 cmxlbmNvZGUoImh0dHA6Ly8xMjcuMC4wLjE6ODAwMCIgLiAkX1NFUlZFUlsiUkVRVUVTVF9VUkki XSAuICI/Y2hlY2stY29va2llcyIpKTsKKyAgICAgICAgZXhpdCgwKTsKKyAgICB9Cis/PgorPCFE T0NUWVBFIGh0bWw+Cis8aHRtbD4KKzxoZWFkPgorPHNjcmlwdCBzcmM9Ii9qcy10ZXN0LXJlc291 cmNlcy9qcy10ZXN0LmpzIj48L3NjcmlwdD4KKzxzY3JpcHQgc3JjPSIuLi9yZXNvdXJjZXMvY29v a2llLXV0aWxpdGllcy5qcyI+PC9zY3JpcHQ+Cis8c2NyaXB0Pl9zZXRDYWNoZWRDb29raWVzSlNP TignPD9waHAgZWNobyBqc29uX2VuY29kZSgkX0NPT0tJRSk7ID8+Jyk8L3NjcmlwdD4KKzwvaGVh ZD4KKzxib2R5PgorPHNjcmlwdD4KK3dpbmRvdy5qc1Rlc3RJc0FzeW5jID0gdHJ1ZTsKKworZGVz Y3JpcHRpb24oIlRoaXMgdGVzdCBpcyByZXByZXNlbnRhdGl2ZSBvZiBhIHVzZXIgdGhhdCBsb2Fk cyBhIHNpdGUsIHZpYSB0aGUgYWRkcmVzcyBiYXIgb3IgQ29tbWFuZCArIGNsaWNraW5nIGEgaHlw ZXJsaW5rLCB0aGF0IHJlZGlyZWN0cyB0byBhIGNyb3NzLXNpdGUgcGFnZSB0aGF0IGV4cGVjdHMg aXRzIFNhbWVTaXRlIExheCBjb29raWVzLiIpOworCithc3luYyBmdW5jdGlvbiBjaGVja1Jlc3Vs dCgpCit7CisgICAgZGVidWcoIkNvb2tpZXMgc2VudCB3aXRoIEhUVFAgcmVxdWVzdDoiKTsKKyAg ICBhd2FpdCBzaG91bGROb3RIYXZlQ29va2llKCJzdHJpY3QiKTsKKyAgICBhd2FpdCBzaG91bGRI YXZlQ29va2llV2l0aFZhbHVlKCJsYXgiLCAiMjciKTsKKyAgICBhd2FpdCBzaG91bGRIYXZlQ29v a2llV2l0aFZhbHVlKCJub3JtYWwiLCAiMjciKTsKKworICAgIGRlYnVnKCI8YnI+Q29va2llcyB2 aXNpYmxlIGluIERPTToiKTsKKyAgICBzaG91bGROb3RIYXZlRE9NQ29va2llKCJzdHJpY3QiKTsK KyAgICBzaG91bGRIYXZlRE9NQ29va2llV2l0aFZhbHVlKCJsYXgiLCAiMjciKTsKKyAgICBzaG91 bGRIYXZlRE9NQ29va2llV2l0aFZhbHVlKCJub3JtYWwiLCAiMjciKTsKKworICAgIGF3YWl0IHJl c2V0Q29va2llcygpOworICAgIGZpbmlzaEpTVGVzdCgpOworfQorCitjaGVja1Jlc3VsdCgpOwor PC9zY3JpcHQ+Cis8L2JvZHk+Cis8L2h0bWw+CisK