63460 2011-06-27 08:46:38 -0700 CORS should only deal with request headers set by script authors 2023-03-27 08:30:24 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED CONFIGURATION CHANGED https://bugs.webkit.org/show_bug.cgi?id=131484 https://bugs.webkit.org/show_bug.cgi?id=236084 P2 Normal --- 0 per-erik.brodin webkit-unassigned abarth annevk ap dglazkov gustavo.noronha gustavo levin webkit.review.bot xan.lopez youennf oldest_to_newest 427972 0 per-erik.brodin 2011-06-27 08:46:38 -0700 The CORS specification has recently been updated to clarify that only request headers set by script authors, "author request headers", should be matched against the list of simple headers and sent in Access-Control-Request-Headers in preflight requests, etc. All headers set by XHR are explicitly or implicitly set by authors, but in EventSource there are no author set headers but rather two request headers set by the implementation, Cache-Control and Last-Event-ID. 427976 1 98735 per-erik.brodin 2011-06-27 08:49:02 -0700 Created attachment 98735 proposed patch 428004 2 abarth 2011-06-27 09:33:09 -0700 Interesting approach. I'm going to let ap take a first crack at reviewing this patch. 428206 3 98735 ap 2011-06-27 13:03:05 -0700 Comment on attachment 98735 proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=98735&action=review The implementation cannot work on Mac, because header status will be lost after a round-trip through NSURLRequest (or any other HTTP library request object). WebKit needs this round-trip because it has delegate methods where it informs client applications about requests that are about to be made. ResourceRequest is ah HTTP level notion, and it shouldn't have any knowledge of Web platform concepts. Secondly, when we talk about author vs. implementation, where do headers added by client applications fit? It kind of sounds like it's "implementation", but we can't know if those applications use untrusted content to decide which headers to add. > LayoutTests/ChangeLog:6 > + CORS should only deal with request headers set by script authors. > + https://bugs.webkit.org/show_bug.cgi?id=63460 That's an interesting idea, although it seems somewhat questionable to me. The design principle use to be to avoid hitting servers with anything they couldn't be hit with through form submission, and the new rule deviates from that pretty far. > Source/WebCore/platform/network/ResourceRequestBase.h:47 > + enum ResourceRequestHeaderStatus { Naming nit: I would have liked something like "origination" or "source" more than "status". 428209 4 ap 2011-06-27 13:09:21 -0700 One more question: what about Content-Type headers that are not set by authors? Currently XMLHttpRequest defaults to application/xml, which triggers preflight. Should the same logic be applied there? 429134 5 per-erik.brodin 2011-06-28 14:17:03 -0700 (In reply to comment #3) I appreciate the quick review. > The implementation cannot work on Mac, because header status will be lost after a round-trip through NSURLRequest (or any other HTTP library request object). WebKit needs this round-trip because it has delegate methods where it informs client applications about requests that are about to be made. > I realize that the header status might get lost when platforms deal with the request. However, the header status is only meant to be used by the CORS implementation and that happens before the status is lost. I was not able to build on Mac with the patch applied because of the optional arguments but once that was fixed I achieved the desired behavior on Mac as well. > ResourceRequest is ah HTTP level notion, and it shouldn't have any knowledge of Web platform concepts. > Could you recommend a different approach to fixing this bug? The included test demonstrates a deviation in the implementation from the current CORS spec (Origin being sent in Access-Control-Request-Headers header). To enable CORS in EventSource this patch was going to prevent a preflight from the two headers added by the implementation (thus not in the list of simple headers) but I guess I could solve that with a flag in ThreadableLoaderOptions instead. > Secondly, when we talk about author vs. implementation, where do headers added by client applications fit? It kind of sounds like it's "implementation", but we can't know if those applications use untrusted content to decide which headers to add. > Can clients invoke CORS? I would say that client added headers are implementation headers and that it is up to clients to safely add headers. > > LayoutTests/ChangeLog:6 > > + CORS should only deal with request headers set by script authors. > > + https://bugs.webkit.org/show_bug.cgi?id=63460 > > That's an interesting idea, although it seems somewhat questionable to me. The design principle use to be to avoid hitting servers with anything they couldn't be hit with through form submission, and the new rule deviates from that pretty far. > I think the reasoning is that headers added by the implementation are safe even for cross origin requests. With this clarification the CORS specification does not have to be updated for every new specification that wants to add a header without causing a preflight request to be made. Also, there is only one list of simple headers so if Last-Event-ID was to be added back then you could use this header in XHR without preflight as well (not sure if this is a problem though, just an interesting consequence). > > Source/WebCore/platform/network/ResourceRequestBase.h:47 > > + enum ResourceRequestHeaderStatus { > > Naming nit: I would have liked something like "origination" or "source" more than "status". Yes, you are right, "source" is much better than "status". Anything related to "origin" should probably be avoided in this context though. (In reply to comment #4) > One more question: what about Content-Type headers that are not set by authors? Currently XMLHttpRequest defaults to application/xml, which triggers preflight. Should the same logic be applied there? The Content-Type headers set by the XHR implementation would fall under the category "implicitly set by authors", see the second paragraph in http://lists.w3.org/Archives/Public/public-webapps/2011AprJun/1222.html 429249 6 ap 2011-06-28 16:32:08 -0700 > Could you recommend a different approach to fixing this bug? I don't have a lot of detail to give, but the source of headers would need to be tracked outside of ResourceRequest. Or perhaps the code could be refactored so that implementation headers would be added after deciding whether to make a simple request. It seems that this change to the spec hasn't really settled yet, it that correct? 433950 7 annevk 2011-07-08 01:32:19 -0700 Need to figure out how to phrase the requirement on Content-Type adequately. People seemed to think however that this is what the specification should have said all along. 454173 8 104586 levin 2011-08-19 16:18:27 -0700 Created attachment 104586 Patch 454175 9 levin 2011-08-19 16:19:46 -0700 Added depends link since I wrote this code using the patch from 66340. 454180 10 104586 webkit.review.bot 2011-08-19 16:23:24 -0700 Comment on attachment 104586 Patch Attachment 104586 did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/9439468 454181 11 104586 gyuyoung.kim 2011-08-19 16:23:53 -0700 Comment on attachment 104586 Patch Attachment 104586 did not pass efl-ews (efl): Output: http://queues.webkit.org/results/9435513 454199 12 per-erik.brodin 2011-08-19 16:42:23 -0700 (In reply to comment #8) > Created an attachment (id=104586) [details] > Patch What about request headers set by the implementation that are not in UserAgentHeaderData such as Cache-Control and Last-Event-ID set by EventSource? Those headers should trigger preflight when set by authors using XHR and thus can't be added to the list. That's why I tried to keep track of which headers that are actually set by the implementation and which are set by the author. 454204 13 104586 webkit-ews 2011-08-19 16:44:57 -0700 Comment on attachment 104586 Patch Attachment 104586 did not pass qt-ews (qt): Output: http://queues.webkit.org/results/9438514 454213 14 ap 2011-08-19 17:01:37 -0700 + m_userAgentHeaders.add("accept-charset"); + m_userAgentHeaders.add("accept-encoding"); + m_userAgentHeaders.add("access-control-request-headers"); Despite what I said in comment 1, I'm not sure if it's the best approach to move headers that are special cased in XMLHttpRequest to some shared location. It's ThreadableLoader client (in this case, XHR) who really knows if JavaScript code called one of those methods that added non-engine headers. Many other clients simply don't provide any way to specify custom headers, so doing checks on these is pointless. What do you think? 454225 15 104586 webkit.review.bot 2011-08-19 17:24:41 -0700 Comment on attachment 104586 Patch Attachment 104586 did not pass mac-ews (mac): Output: http://queues.webkit.org/results/9438527 454258 16 104586 gustavo.noronha 2011-08-19 18:12:52 -0700 Comment on attachment 104586 Patch Attachment 104586 did not pass gtk-ews (gtk): Output: http://queues.webkit.org/results/9438561 454741 17 104586 levin 2011-08-22 11:34:31 -0700 Comment on attachment 104586 Patch Withdrawn. I'll leave this bug for others. 454751 18 levin 2011-08-22 11:40:52 -0700 (In reply to comment #12) > (In reply to comment #8) > > Created an attachment (id=104586) [details] [details] > > Patch > > What about request headers set by the implementation that are not in UserAgentHeaderData such as Cache-Control and Last-Event-ID set by EventSource? Those headers should trigger preflight when set by authors using XHR and thus can't be added to the list. That's why I tried to keep track of which headers that are actually set by the implementation and which are set by the author. I don't think that keeping track of headers sent by the author and headers set by the implementation is the correct way of thinking about the problem. imo, instead one should think of what headers to whitelist. It really doesn't matter how they are set if the request could do malicious things on the server which seems to be the real purpose of deciding whether to do a preflight request or not. Regardless, I've withdrawn this patch to allow anyone else to take it up as they see fit. 454771 19 ap 2011-08-22 11:54:56 -0700 > It really doesn't matter how they are set if the request could do malicious things on the server which seems to be the real purpose of deciding whether to do a preflight request or not. That's my thinking, too, but the current spec draft disagrees, only talking about how the headers are set. 1204443 20 ap 2016-06-21 23:07:35 -0700 One particularly unfortunate consequence of this is that when Do Not Track is enabled in Safari preferences, all CORS requests become non-simple ones, and start using preflight. 1204465 21 youennf 2016-06-22 01:34:30 -0700 (In reply to comment #20) > One particularly unfortunate consequence of this is that when Do Not Track > is enabled in Safari preferences, all CORS requests become non-simple ones, > and start using preflight. I don't know where is happening the insertion of DNT header in that case. I guess that if they are inserted after core preflight checker, this should work nicely. For WebKit GStreamer (bug 131484), although non-simple headers may be added, I think preflight is never used. This makes sense to me. 1204486 22 annevk 2016-06-22 03:18:47 -0700 (In reply to comment #21) > I guess that if they are inserted after core preflight checker, this should > work nicely. That is definitely how Fetch approaches this. DNT is set with other headers just before the request goes to the network. Notably, this is after service workers. See step 12 of https://fetch.spec.whatwg.org/#concept-http-network-or-cache-fetch. It's a little vague still, but hopefully that will get better over time. Now, it is a problem that user agents are somehow exempt from the same-origin policy and we keep introducing new headers that we emit across origins and servers might get tripped up by. I don't have a good story for that yet. Nobody seems to really think about it that when they add DNT to all requests, they also violate the implicit agreements around the same-origin policy. 1204649 23 ap 2016-06-22 13:44:31 -0700 The DNT header is inserted by Safari injected bundle code in a client callback. 1944246 24 annevk 2023-03-27 08:30:24 -0700 I believe this is by-and-large working as intended now. 98735 2011-06-27 08:49:02 -0700 2011-08-19 16:18:20 -0700 proposed patch cors_author_headers_1.patch text/plain 16320 per-erik.brodin ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA4NGM1NTZiLi4wZTljNzYyIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQgQEAKKzIwMTEtMDYt MjcgIFBlci1FcmlrIEJyb2RpbiAgPHBlci1lcmlrLmJyb2RpbkBlcmljc3Nvbi5jb20+CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQ09SUyBzaG91bGQg b25seSBkZWFsIHdpdGggcmVxdWVzdCBoZWFkZXJzIHNldCBieSBzY3JpcHQgYXV0aG9ycy4KKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTYzNDYwCisKKyAg ICAgICAgKiBodHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2FjY2Vzcy1jb250cm9sLXByZWZsaWdo dC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICog aHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVz dC1oZWFkZXJzLW9yaWdpbi5odG1sOiBBZGRlZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3htbGh0 dHByZXF1ZXN0L3Jlc291cmNlcy9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFk ZXJzLW9yaWdpbi5waHA6IEFkZGVkLgorCiAyMDExLTA2LTI3ICBQYXZlbCBGZWxkbWFuICA8cGZl bGRtYW5AZ29vZ2xlLmNvbT4KIAogICAgICAgICBOb3QgcmV2aWV3ZWQ6IHVwZGF0aW5nIGNocm9t aXVtIGV4cGVjdGF0aW9ucy4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMveG1s aHR0cHJlcXVlc3QvYWNjZXNzLWNvbnRyb2wtcHJlZmxpZ2h0LXJlcXVlc3QtaGVhZGVycy1vcmln aW4tZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9h Y2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi1leHBlY3RlZC50 eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uM2UzZTEzNgotLS0gL2Rldi9u dWxsCisrKyBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvYWNjZXNzLWNv bnRyb2wtcHJlZmxpZ2h0LXJlcXVlc3QtaGVhZGVycy1vcmlnaW4tZXhwZWN0ZWQudHh0CkBAIC0w LDAgKzEsNCBAQAorVGVzdCB0aGF0ICdPcmlnaW4nIGlzIG5vdCBpbmNsdWRlZCBpbiBBY2Nlc3Mt Q29udHJvbC1SZXF1ZXN0LUhlYWRlcnMgaW4gYSBwcmVmbGlnaHQgcmVxdWVzdC4gU2hvdWxkIHBy aW50IFBBU1MuCisKK1BBU1MKKwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94 bWxodHRwcmVxdWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9y aWdpbi5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9hY2Nlc3Mt Y29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi5odG1sCm5ldyBmaWxlIG1v ZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjA5NTA4NzMKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlv dXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2FjY2Vzcy1jb250cm9sLXByZWZsaWdo dC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLmh0bWwKQEAgLTAsMCArMSwzNCBAQAorPGh0bWw+Cis8 Ym9keT4KKzxwPlRlc3QgdGhhdCAnT3JpZ2luJyBpcyBub3QgaW5jbHVkZWQgaW4gQWNjZXNzLUNv bnRyb2wtUmVxdWVzdC1IZWFkZXJzIGluIGEgcHJlZmxpZ2h0IHJlcXVlc3QuIFNob3VsZCBwcmlu dCBQQVNTLjwvcD4KKzxkaXYgaWQ9ImxvZyI+PC9kaXY+Cis8c2NyaXB0PgorZnVuY3Rpb24gbG9n KG1lc3NhZ2UpIHsKKyAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgibG9nIikuaW5uZXJIVE1M ICs9IG1lc3NhZ2UgKyAiPGJyPiI7Cit9CisKK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xs ZXIpIHsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CisgICAgbGF5b3V0 VGVzdENvbnRyb2xsZXIud2FpdFVudGlsRG9uZSgpOworfQorCit2YXIgYmFzZV91cmwgPSBsb2Nh dGlvbi5ocmVmLnN1YnN0cigwLCBsb2NhdGlvbi5ocmVmLmxhc3RJbmRleE9mKCcvJykpLnJlcGxh Y2UoIjEyNy4wLjAuMSIsICJsb2NhbGhvc3QiKTsKK3ZhciB4aHIgPSBuZXcgWE1MSHR0cFJlcXVl c3QoKTsKK3hoci5vcGVuKCJHRVQiLCBiYXNlX3VybCArICIvcmVzb3VyY2VzL2FjY2Vzcy1jb250 cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLnBocCIpOworeGhyLnNldFJlcXVl c3RIZWFkZXIoIk15LUN1c3RvbS1IZWFkZXIiLCAiUEFTUyIpOworeGhyLm9uZXJyb3IgPSBmdW5j dGlvbiAoKSB7CisgICAgbG9nKCJGQUlMIik7CisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29u dHJvbGxlcikKKyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworfTsK K3hoci5vbnJlYWR5c3RhdGVjaGFuZ2UgPSBmdW5jdGlvbiAoKSB7CisgICAgaWYgKHhoci5yZWFk eVN0YXRlID09IDQpIHsKKyAgICAgICAgbG9nKHhoci5yZXNwb25zZVRleHQpOworICAgICAgICBp ZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgICAgICAgICAgbGF5b3V0VGVzdENv bnRyb2xsZXIubm90aWZ5RG9uZSgpOworICAgIH0KK307Cit4aHIuc2VuZCgpOworCis8L3Njcmlw dD4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJl cXVlc3QvcmVzb3VyY2VzL2FjY2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMt b3JpZ2luLnBocCBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvcmVzb3Vy Y2VzL2FjY2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLnBocApu ZXcgZmlsZSBtb2RlIDEwMDc1NQppbmRleCAwMDAwMDAwLi42ZGUwMmRlCi0tLSAvZGV2L251bGwK KysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9yZXNvdXJjZXMvYWNj ZXNzLWNvbnRyb2wtcHJlZmxpZ2h0LXJlcXVlc3QtaGVhZGVycy1vcmlnaW4ucGhwCkBAIC0wLDAg KzEsMTAgQEAKKzw/cGhwCitoZWFkZXIoIkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKiIp OworCitpZiAoJF9TRVJWRVJbIlJFUVVFU1RfTUVUSE9EIl0gPT0gIk9QVElPTlMiKSB7CisgICAg aWYgKHN0cmlzdHIoJF9TRVJWRVJbIkhUVFBfQUNDRVNTX0NPTlRST0xfUkVRVUVTVF9IRUFERVJT Il0sICJPcmlnaW4iKSA9PT0gZmFsc2UpCisgICAgICAgIGhlYWRlcigiQWNjZXNzLUNvbnRyb2wt QWxsb3ctSGVhZGVyczogTXktQ3VzdG9tLUhlYWRlciIpOworfQorZWxzZQorICAgIGVjaG8gJF9T RVJWRVJbIkhUVFBfTVlfQ1VTVE9NX0hFQURFUiJdOworPz4KZGlmZiAtLWdpdCBhL1NvdXJjZS9X ZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBkNzc4NWJh Li5hODI1NzI2IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjkgQEAKKzIwMTEtMDYtMjcgIFBlci1F cmlrIEJyb2RpbiAgPHBlci1lcmlrLmJyb2RpbkBlcmljc3Nvbi5jb20+CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQ09SUyBzaG91bGQgb25seSBkZWFs IHdpdGggcmVxdWVzdCBoZWFkZXJzIHNldCBieSBzY3JpcHQgYXV0aG9ycy4KKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTYzNDYwCisKKyAgICAgICAgVGVz dDogaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVx dWVzdC1oZWFkZXJzLW9yaWdpbi5odG1sCisKKyAgICAgICAgKiBsb2FkZXIvQ3Jvc3NPcmlnaW5B Y2Nlc3NDb250cm9sLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OmlzT25BY2Nlc3NDb250cm9sU2lt cGxlUmVxdWVzdEhlYWRlcldoaXRlbGlzdCk6CisgICAgICAgIChXZWJDb3JlOjpjcmVhdGVBY2Nl c3NDb250cm9sUHJlZmxpZ2h0UmVxdWVzdCk6CisgICAgICAgICogbG9hZGVyL0RvY3VtZW50VGhy ZWFkYWJsZUxvYWRlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpEb2N1bWVudFRocmVhZGFibGVM b2FkZXI6OkRvY3VtZW50VGhyZWFkYWJsZUxvYWRlcik6CisgICAgICAgIChXZWJDb3JlOjpEb2N1 bWVudFRocmVhZGFibGVMb2FkZXI6Om1ha2VTaW1wbGVDcm9zc09yaWdpbkFjY2Vzc1JlcXVlc3Qp OgorICAgICAgICAoV2ViQ29yZTo6RG9jdW1lbnRUaHJlYWRhYmxlTG9hZGVyOjpkaWRSZWNlaXZl UmVzcG9uc2UpOgorICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvUmVzb3VyY2VSZXF1ZXN0QmFz ZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpSZXNvdXJjZVJlcXVlc3RCYXNlOjpodHRwSGVhZGVy RmllbGRzKToKKyAgICAgICAgKFdlYkNvcmU6OlJlc291cmNlUmVxdWVzdEJhc2U6Omh0dHBIZWFk ZXJGaWVsZCk6CisgICAgICAgIChXZWJDb3JlOjpSZXNvdXJjZVJlcXVlc3RCYXNlOjpzZXRIVFRQ SGVhZGVyRmllbGQpOgorICAgICAgICAoV2ViQ29yZTo6UmVzb3VyY2VSZXF1ZXN0QmFzZTo6YWRk SFRUUEhlYWRlckZpZWxkKToKKyAgICAgICAgKFdlYkNvcmU6OlJlc291cmNlUmVxdWVzdEJhc2U6 OmFkZEhUVFBIZWFkZXJGaWVsZHMpOgorICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvUmVzb3Vy Y2VSZXF1ZXN0QmFzZS5oOgorICAgICAgICAqIHhtbC9YTUxIdHRwUmVxdWVzdC5jcHA6CisgICAg ICAgIChXZWJDb3JlOjpYTUxIdHRwUmVxdWVzdDo6Y3JlYXRlUmVxdWVzdCk6CisKIDIwMTEtMDYt MjcgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBnb29nbGUuY29tPgogCiAgICAgICAgIFJldmll d2VkIGJ5IFl1cnkgU2VtaWtoYXRza3kuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2Fk ZXIvQ3Jvc3NPcmlnaW5BY2Nlc3NDb250cm9sLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9D cm9zc09yaWdpbkFjY2Vzc0NvbnRyb2wuY3BwCmluZGV4IGU0YzM2MmEuLjY1ZmE0NDQgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9Dcm9zc09yaWdpbkFjY2Vzc0NvbnRyb2wuY3Bw CisrKyBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9Dcm9zc09yaWdpbkFjY2Vzc0NvbnRyb2wuY3Bw CkBAIC00NSw4ICs0NSw3IEBAIGJvb2wgaXNPbkFjY2Vzc0NvbnRyb2xTaW1wbGVSZXF1ZXN0SGVh ZGVyV2hpdGVsaXN0KGNvbnN0IFN0cmluZyYgbmFtZSwgY29uc3QgU3RyCiB7CiAgICAgaWYgKGVx dWFsSWdub3JpbmdDYXNlKG5hbWUsICJhY2NlcHQiKQogICAgICAgICB8fCBlcXVhbElnbm9yaW5n Q2FzZShuYW1lLCAiYWNjZXB0LWxhbmd1YWdlIikKLSAgICAgICAgfHwgZXF1YWxJZ25vcmluZ0Nh c2UobmFtZSwgImNvbnRlbnQtbGFuZ3VhZ2UiKQotICAgICAgICB8fCBlcXVhbElnbm9yaW5nQ2Fz ZShuYW1lLCAib3JpZ2luIikpCisgICAgICAgIHx8IGVxdWFsSWdub3JpbmdDYXNlKG5hbWUsICJj b250ZW50LWxhbmd1YWdlIikpCiAgICAgICAgIHJldHVybiB0cnVlOwogCiAgICAgLy8gUHJlZmxp Z2h0IGlzIHJlcXVpcmVkIGZvciBNSU1FIHR5cGVzIHRoYXQgY2FuIG5vdCBiZSBzZW50IHZpYSBm b3JtIHN1Ym1pc3Npb24uCkBAIC0xMTEsNyArMTEwLDcgQEAgUmVzb3VyY2VSZXF1ZXN0IGNyZWF0 ZUFjY2Vzc0NvbnRyb2xQcmVmbGlnaHRSZXF1ZXN0KGNvbnN0IFJlc291cmNlUmVxdWVzdCYgcmVx dWUKICAgICBwcmVmbGlnaHRSZXF1ZXN0LnNldEhUVFBIZWFkZXJGaWVsZCgiQWNjZXNzLUNvbnRy b2wtUmVxdWVzdC1NZXRob2QiLCByZXF1ZXN0Lmh0dHBNZXRob2QoKSk7CiAgICAgcHJlZmxpZ2h0 UmVxdWVzdC5zZXRQcmlvcml0eShyZXF1ZXN0LnByaW9yaXR5KCkpOwogCi0gICAgY29uc3QgSFRU UEhlYWRlck1hcCYgcmVxdWVzdEhlYWRlckZpZWxkcyA9IHJlcXVlc3QuaHR0cEhlYWRlckZpZWxk cygpOworICAgIGNvbnN0IEhUVFBIZWFkZXJNYXAmIHJlcXVlc3RIZWFkZXJGaWVsZHMgPSByZXF1 ZXN0Lmh0dHBIZWFkZXJGaWVsZHMoSGVhZGVyU3RhdHVzQXV0aG9yKTsKIAogICAgIGlmIChyZXF1 ZXN0SGVhZGVyRmllbGRzLnNpemUoKSA+IDApIHsKICAgICAgICAgVmVjdG9yPFVDaGFyPiBoZWFk ZXJCdWZmZXI7CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvRG9jdW1lbnRUaHJl YWRhYmxlTG9hZGVyLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9Eb2N1bWVudFRocmVhZGFi bGVMb2FkZXIuY3BwCmluZGV4IDUzZTJjZjIuLmU5MGFiYTMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9X ZWJDb3JlL2xvYWRlci9Eb2N1bWVudFRocmVhZGFibGVMb2FkZXIuY3BwCisrKyBiL1NvdXJjZS9X ZWJDb3JlL2xvYWRlci9Eb2N1bWVudFRocmVhZGFibGVMb2FkZXIuY3BwCkBAIC05MCwxMiArOTAs MTIgQEAgRG9jdW1lbnRUaHJlYWRhYmxlTG9hZGVyOjpEb2N1bWVudFRocmVhZGFibGVMb2FkZXIo RG9jdW1lbnQqIGRvY3VtZW50LCBUaHJlYWRhYmwKICAgICBPd25QdHI8UmVzb3VyY2VSZXF1ZXN0 PiBjcm9zc09yaWdpblJlcXVlc3QgPSBhZG9wdFB0cihuZXcgUmVzb3VyY2VSZXF1ZXN0KHJlcXVl c3QpKTsKICAgICB1cGRhdGVSZXF1ZXN0Rm9yQWNjZXNzQ29udHJvbCgqY3Jvc3NPcmlnaW5SZXF1 ZXN0LCBzZWN1cml0eU9yaWdpbigpLCBtX29wdGlvbnMuYWxsb3dDcmVkZW50aWFscyk7CiAKLSAg ICBpZiAoIW1fb3B0aW9ucy5mb3JjZVByZWZsaWdodCAmJiBpc1NpbXBsZUNyb3NzT3JpZ2luQWNj ZXNzUmVxdWVzdChjcm9zc09yaWdpblJlcXVlc3QtPmh0dHBNZXRob2QoKSwgY3Jvc3NPcmlnaW5S ZXF1ZXN0LT5odHRwSGVhZGVyRmllbGRzKCkpKQorICAgIGlmICghbV9vcHRpb25zLmZvcmNlUHJl ZmxpZ2h0ICYmIGlzU2ltcGxlQ3Jvc3NPcmlnaW5BY2Nlc3NSZXF1ZXN0KGNyb3NzT3JpZ2luUmVx dWVzdC0+aHR0cE1ldGhvZCgpLCBjcm9zc09yaWdpblJlcXVlc3QtPmh0dHBIZWFkZXJGaWVsZHMo SGVhZGVyU3RhdHVzQXV0aG9yKSkpCiAgICAgICAgIG1ha2VTaW1wbGVDcm9zc09yaWdpbkFjY2Vz c1JlcXVlc3QoKmNyb3NzT3JpZ2luUmVxdWVzdCk7CiAgICAgZWxzZSB7CiAgICAgICAgIG1fYWN0 dWFsUmVxdWVzdCA9IGNyb3NzT3JpZ2luUmVxdWVzdC5yZWxlYXNlKCk7CiAKLSAgICAgICAgaWYg KENyb3NzT3JpZ2luUHJlZmxpZ2h0UmVzdWx0Q2FjaGU6OnNoYXJlZCgpLmNhblNraXBQcmVmbGln aHQoc2VjdXJpdHlPcmlnaW4oKS0+dG9TdHJpbmcoKSwgbV9hY3R1YWxSZXF1ZXN0LT51cmwoKSwg bV9vcHRpb25zLmFsbG93Q3JlZGVudGlhbHMsIG1fYWN0dWFsUmVxdWVzdC0+aHR0cE1ldGhvZCgp LCBtX2FjdHVhbFJlcXVlc3QtPmh0dHBIZWFkZXJGaWVsZHMoKSkpCisgICAgICAgIGlmIChDcm9z c09yaWdpblByZWZsaWdodFJlc3VsdENhY2hlOjpzaGFyZWQoKS5jYW5Ta2lwUHJlZmxpZ2h0KHNl Y3VyaXR5T3JpZ2luKCktPnRvU3RyaW5nKCksIG1fYWN0dWFsUmVxdWVzdC0+dXJsKCksIG1fb3B0 aW9ucy5hbGxvd0NyZWRlbnRpYWxzLCBtX2FjdHVhbFJlcXVlc3QtPmh0dHBNZXRob2QoKSwgbV9h Y3R1YWxSZXF1ZXN0LT5odHRwSGVhZGVyRmllbGRzKEhlYWRlclN0YXR1c0F1dGhvcikpKQogICAg ICAgICAgICAgcHJlZmxpZ2h0U3VjY2VzcygpOwogICAgICAgICBlbHNlCiAgICAgICAgICAgICBt YWtlQ3Jvc3NPcmlnaW5BY2Nlc3NSZXF1ZXN0V2l0aFByZWZsaWdodCgqbV9hY3R1YWxSZXF1ZXN0 KTsKQEAgLTEwNCw3ICsxMDQsNyBAQCBEb2N1bWVudFRocmVhZGFibGVMb2FkZXI6OkRvY3VtZW50 VGhyZWFkYWJsZUxvYWRlcihEb2N1bWVudCogZG9jdW1lbnQsIFRocmVhZGFibAogCiB2b2lkIERv Y3VtZW50VGhyZWFkYWJsZUxvYWRlcjo6bWFrZVNpbXBsZUNyb3NzT3JpZ2luQWNjZXNzUmVxdWVz dChjb25zdCBSZXNvdXJjZVJlcXVlc3QmIHJlcXVlc3QpCiB7Ci0gICAgQVNTRVJUKGlzU2ltcGxl Q3Jvc3NPcmlnaW5BY2Nlc3NSZXF1ZXN0KHJlcXVlc3QuaHR0cE1ldGhvZCgpLCByZXF1ZXN0Lmh0 dHBIZWFkZXJGaWVsZHMoKSkpOworICAgIEFTU0VSVChpc1NpbXBsZUNyb3NzT3JpZ2luQWNjZXNz UmVxdWVzdChyZXF1ZXN0Lmh0dHBNZXRob2QoKSwgcmVxdWVzdC5odHRwSGVhZGVyRmllbGRzKEhl YWRlclN0YXR1c0F1dGhvcikpKTsKIAogICAgIC8vIENyb3NzLW9yaWdpbiByZXF1ZXN0cyBhcmUg b25seSBkZWZpbmVkIGZvciBIVFRQLiBXZSB3b3VsZCBjYXRjaCB0aGlzIHdoZW4gY2hlY2tpbmcg cmVzcG9uc2UgaGVhZGVycyBsYXRlciwgYnV0IHRoZXJlIGlzIG5vIHJlYXNvbiB0byBzZW5kIGEg cmVxdWVzdCB0aGF0J3MgZ3VhcmFudGVlZCB0byBiZSBkZW5pZWQuCiAgICAgLy8gRklYTUU6IENv bnNpZGVyIGFsbG93aW5nIHNpbXBsZSBDT1JTIHJlcXVlc3RzIHRvIG5vbi1IVFRQIFVSTHMuCkBA IC0xODgsNyArMTg4LDcgQEAgdm9pZCBEb2N1bWVudFRocmVhZGFibGVMb2FkZXI6OmRpZFJlY2Vp dmVSZXNwb25zZSh1bnNpZ25lZCBsb25nIGlkZW50aWZpZXIsIGNvbnMKICAgICAgICAgT3duUHRy PENyb3NzT3JpZ2luUHJlZmxpZ2h0UmVzdWx0Q2FjaGVJdGVtPiBwcmVmbGlnaHRSZXN1bHQgPSBh ZG9wdFB0cihuZXcgQ3Jvc3NPcmlnaW5QcmVmbGlnaHRSZXN1bHRDYWNoZUl0ZW0obV9vcHRpb25z LmFsbG93Q3JlZGVudGlhbHMpKTsKICAgICAgICAgaWYgKCFwcmVmbGlnaHRSZXN1bHQtPnBhcnNl KHJlc3BvbnNlLCBhY2Nlc3NDb250cm9sRXJyb3JEZXNjcmlwdGlvbikKICAgICAgICAgICAgIHx8 ICFwcmVmbGlnaHRSZXN1bHQtPmFsbG93c0Nyb3NzT3JpZ2luTWV0aG9kKG1fYWN0dWFsUmVxdWVz dC0+aHR0cE1ldGhvZCgpLCBhY2Nlc3NDb250cm9sRXJyb3JEZXNjcmlwdGlvbikKLSAgICAgICAg ICAgIHx8ICFwcmVmbGlnaHRSZXN1bHQtPmFsbG93c0Nyb3NzT3JpZ2luSGVhZGVycyhtX2FjdHVh bFJlcXVlc3QtPmh0dHBIZWFkZXJGaWVsZHMoKSwgYWNjZXNzQ29udHJvbEVycm9yRGVzY3JpcHRp b24pKSB7CisgICAgICAgICAgICB8fCAhcHJlZmxpZ2h0UmVzdWx0LT5hbGxvd3NDcm9zc09yaWdp bkhlYWRlcnMobV9hY3R1YWxSZXF1ZXN0LT5odHRwSGVhZGVyRmllbGRzKEhlYWRlclN0YXR1c0F1 dGhvciksIGFjY2Vzc0NvbnRyb2xFcnJvckRlc2NyaXB0aW9uKSkgewogICAgICAgICAgICAgcHJl ZmxpZ2h0RmFpbHVyZShyZXNwb25zZS51cmwoKSwgYWNjZXNzQ29udHJvbEVycm9yRGVzY3JpcHRp b24pOwogICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICB9CmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL1Jlc291cmNlUmVxdWVzdEJhc2UuY3BwIGIvU291cmNl L1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9SZXNvdXJjZVJlcXVlc3RCYXNlLmNwcAppbmRleCBm ZTg2OTkzLi45ZWRjMmJmIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL1Jlc291cmNlUmVxdWVzdEJhc2UuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3Jt L25ldHdvcmsvUmVzb3VyY2VSZXF1ZXN0QmFzZS5jcHAKQEAgLTIwNyw0MCArMjA3LDQ1IEBAIHZv aWQgUmVzb3VyY2VSZXF1ZXN0QmFzZTo6c2V0SFRUUE1ldGhvZChjb25zdCBTdHJpbmcmIGh0dHBN ZXRob2QpCiAgICAgICAgIG1fcGxhdGZvcm1SZXF1ZXN0VXBkYXRlZCA9IGZhbHNlOwogfQogCi1j b25zdCBIVFRQSGVhZGVyTWFwJiBSZXNvdXJjZVJlcXVlc3RCYXNlOjpodHRwSGVhZGVyRmllbGRz KCkgY29uc3QKK2NvbnN0IEhUVFBIZWFkZXJNYXAmIFJlc291cmNlUmVxdWVzdEJhc2U6Omh0dHBI ZWFkZXJGaWVsZHMoUmVzb3VyY2VSZXF1ZXN0SGVhZGVyU3RhdHVzIGhlYWRlclN0YXR1cykgY29u c3QKIHsKICAgICB1cGRhdGVSZXNvdXJjZVJlcXVlc3QoKTsgCiAKLSAgICByZXR1cm4gbV9odHRw SGVhZGVyRmllbGRzOyAKKyAgICByZXR1cm4gaGVhZGVyU3RhdHVzID09IEhlYWRlclN0YXR1c0lt cGxlbWVudGF0aW9uID8gbV9odHRwSGVhZGVyRmllbGRzIDogbV9odHRwQXV0aG9ySGVhZGVyRmll bGRzOwogfQogCi1TdHJpbmcgUmVzb3VyY2VSZXF1ZXN0QmFzZTo6aHR0cEhlYWRlckZpZWxkKGNv bnN0IEF0b21pY1N0cmluZyYgbmFtZSkgY29uc3QKK1N0cmluZyBSZXNvdXJjZVJlcXVlc3RCYXNl OjpodHRwSGVhZGVyRmllbGQoY29uc3QgQXRvbWljU3RyaW5nJiBuYW1lLCBSZXNvdXJjZVJlcXVl c3RIZWFkZXJTdGF0dXMgaGVhZGVyU3RhdHVzKSBjb25zdAogewogICAgIHVwZGF0ZVJlc291cmNl UmVxdWVzdCgpOyAKICAgICAKLSAgICByZXR1cm4gbV9odHRwSGVhZGVyRmllbGRzLmdldChuYW1l KTsKKyAgICByZXR1cm4gaGVhZGVyU3RhdHVzID09IEhlYWRlclN0YXR1c0ltcGxlbWVudGF0aW9u ID8gbV9odHRwSGVhZGVyRmllbGRzLmdldChuYW1lKSA6IG1faHR0cEF1dGhvckhlYWRlckZpZWxk cy5nZXQobmFtZSk7CiB9CiAKLVN0cmluZyBSZXNvdXJjZVJlcXVlc3RCYXNlOjpodHRwSGVhZGVy RmllbGQoY29uc3QgY2hhciogbmFtZSkgY29uc3QKK1N0cmluZyBSZXNvdXJjZVJlcXVlc3RCYXNl OjpodHRwSGVhZGVyRmllbGQoY29uc3QgY2hhciogbmFtZSwgUmVzb3VyY2VSZXF1ZXN0SGVhZGVy U3RhdHVzIGhlYWRlclN0YXR1cykgY29uc3QKIHsKICAgICB1cGRhdGVSZXNvdXJjZVJlcXVlc3Qo KTsgCiAgICAgCi0gICAgcmV0dXJuIG1faHR0cEhlYWRlckZpZWxkcy5nZXQobmFtZSk7CisgICAg cmV0dXJuIGhlYWRlclN0YXR1cyA9PSBIZWFkZXJTdGF0dXNJbXBsZW1lbnRhdGlvbiA/IG1faHR0 cEhlYWRlckZpZWxkcy5nZXQobmFtZSkgOiBtX2h0dHBBdXRob3JIZWFkZXJGaWVsZHMuZ2V0KG5h bWUpOwogfQogCi12b2lkIFJlc291cmNlUmVxdWVzdEJhc2U6OnNldEhUVFBIZWFkZXJGaWVsZChj b25zdCBBdG9taWNTdHJpbmcmIG5hbWUsIGNvbnN0IFN0cmluZyYgdmFsdWUpCit2b2lkIFJlc291 cmNlUmVxdWVzdEJhc2U6OnNldEhUVFBIZWFkZXJGaWVsZChjb25zdCBBdG9taWNTdHJpbmcmIG5h bWUsIGNvbnN0IFN0cmluZyYgdmFsdWUsIFJlc291cmNlUmVxdWVzdEhlYWRlclN0YXR1cyBoZWFk ZXJTdGF0dXMpCiB7CiAgICAgdXBkYXRlUmVzb3VyY2VSZXF1ZXN0KCk7IAogICAgIAogICAgIG1f aHR0cEhlYWRlckZpZWxkcy5zZXQobmFtZSwgdmFsdWUpOyAKICAgICAKKyAgICBpZiAoaGVhZGVy U3RhdHVzID09IEhlYWRlclN0YXR1c0F1dGhvcikKKyAgICAgICAgbV9odHRwQXV0aG9ySGVhZGVy RmllbGRzLnNldChuYW1lLCB2YWx1ZSk7CisgICAgZWxzZQorICAgICAgICBtX2h0dHBBdXRob3JI ZWFkZXJGaWVsZHMucmVtb3ZlKG5hbWUpOworCiAgICAgaWYgKHVybCgpLnByb3RvY29sSW5IVFRQ RmFtaWx5KCkpCiAgICAgICAgIG1fcGxhdGZvcm1SZXF1ZXN0VXBkYXRlZCA9IGZhbHNlOwogfQog Ci12b2lkIFJlc291cmNlUmVxdWVzdEJhc2U6OnNldEhUVFBIZWFkZXJGaWVsZChjb25zdCBjaGFy KiBuYW1lLCBjb25zdCBTdHJpbmcmIHZhbHVlKQordm9pZCBSZXNvdXJjZVJlcXVlc3RCYXNlOjpz ZXRIVFRQSGVhZGVyRmllbGQoY29uc3QgY2hhciogbmFtZSwgY29uc3QgU3RyaW5nJiB2YWx1ZSwg UmVzb3VyY2VSZXF1ZXN0SGVhZGVyU3RhdHVzIGhlYWRlclN0YXR1cykKIHsKLSAgICBzZXRIVFRQ SGVhZGVyRmllbGQoQXRvbWljU3RyaW5nKG5hbWUpLCB2YWx1ZSk7CisgICAgc2V0SFRUUEhlYWRl ckZpZWxkKEF0b21pY1N0cmluZyhuYW1lKSwgdmFsdWUsIGhlYWRlclN0YXR1cyk7CiB9CiAKIHZv aWQgUmVzb3VyY2VSZXF1ZXN0QmFzZTo6Y2xlYXJIVFRQQXV0aG9yaXphdGlvbigpCkBAIC0zNDAs MjIgKzM0NSwyOCBAQCB2b2lkIFJlc291cmNlUmVxdWVzdEJhc2U6OnNldFByaW9yaXR5KFJlc291 cmNlTG9hZFByaW9yaXR5IHByaW9yaXR5KQogICAgICAgICBtX3BsYXRmb3JtUmVxdWVzdFVwZGF0 ZWQgPSBmYWxzZTsKIH0KIAotdm9pZCBSZXNvdXJjZVJlcXVlc3RCYXNlOjphZGRIVFRQSGVhZGVy RmllbGQoY29uc3QgQXRvbWljU3RyaW5nJiBuYW1lLCBjb25zdCBTdHJpbmcmIHZhbHVlKSAKK3Zv aWQgUmVzb3VyY2VSZXF1ZXN0QmFzZTo6YWRkSFRUUEhlYWRlckZpZWxkKGNvbnN0IEF0b21pY1N0 cmluZyYgbmFtZSwgY29uc3QgU3RyaW5nJiB2YWx1ZSwgUmVzb3VyY2VSZXF1ZXN0SGVhZGVyU3Rh dHVzIGhlYWRlclN0YXR1cykKIHsKICAgICB1cGRhdGVSZXNvdXJjZVJlcXVlc3QoKTsKICAgICBw YWlyPEhUVFBIZWFkZXJNYXA6Oml0ZXJhdG9yLCBib29sPiByZXN1bHQgPSBtX2h0dHBIZWFkZXJG aWVsZHMuYWRkKG5hbWUsIHZhbHVlKTsgCiAgICAgaWYgKCFyZXN1bHQuc2Vjb25kKQogICAgICAg ICByZXN1bHQuZmlyc3QtPnNlY29uZCArPSAiLCIgKyB2YWx1ZTsKIAorICAgIGlmIChoZWFkZXJT dGF0dXMgPT0gSGVhZGVyU3RhdHVzQXV0aG9yKSB7CisgICAgICAgIHJlc3VsdCA9IG1faHR0cEF1 dGhvckhlYWRlckZpZWxkcy5hZGQobmFtZSwgdmFsdWUpOworICAgICAgICBpZiAoIXJlc3VsdC5z ZWNvbmQpCisgICAgICAgICAgICByZXN1bHQuZmlyc3QtPnNlY29uZCArPSAiLCIgKyB2YWx1ZTsK KyAgICB9CisKICAgICBpZiAodXJsKCkucHJvdG9jb2xJbkhUVFBGYW1pbHkoKSkKICAgICAgICAg bV9wbGF0Zm9ybVJlcXVlc3RVcGRhdGVkID0gZmFsc2U7CiB9CiAKLXZvaWQgUmVzb3VyY2VSZXF1 ZXN0QmFzZTo6YWRkSFRUUEhlYWRlckZpZWxkcyhjb25zdCBIVFRQSGVhZGVyTWFwJiBoZWFkZXJG aWVsZHMpCit2b2lkIFJlc291cmNlUmVxdWVzdEJhc2U6OmFkZEhUVFBIZWFkZXJGaWVsZHMoY29u c3QgSFRUUEhlYWRlck1hcCYgaGVhZGVyRmllbGRzLCBSZXNvdXJjZVJlcXVlc3RIZWFkZXJTdGF0 dXMgaGVhZGVyU3RhdHVzKQogewogICAgIEhUVFBIZWFkZXJNYXA6OmNvbnN0X2l0ZXJhdG9yIGVu ZCA9IGhlYWRlckZpZWxkcy5lbmQoKTsKICAgICBmb3IgKEhUVFBIZWFkZXJNYXA6OmNvbnN0X2l0 ZXJhdG9yIGl0ID0gaGVhZGVyRmllbGRzLmJlZ2luKCk7IGl0ICE9IGVuZDsgKytpdCkKLSAgICAg ICAgYWRkSFRUUEhlYWRlckZpZWxkKGl0LT5maXJzdCwgaXQtPnNlY29uZCk7CisgICAgICAgIGFk ZEhUVFBIZWFkZXJGaWVsZChpdC0+Zmlyc3QsIGl0LT5zZWNvbmQsIGhlYWRlclN0YXR1cyk7CiB9 CiAKIGJvb2wgZXF1YWxJZ25vcmluZ0hlYWRlckZpZWxkcyhjb25zdCBSZXNvdXJjZVJlcXVlc3RC YXNlJiBhLCBjb25zdCBSZXNvdXJjZVJlcXVlc3RCYXNlJiBiKQpkaWZmIC0tZ2l0IGEvU291cmNl L1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9SZXNvdXJjZVJlcXVlc3RCYXNlLmggYi9Tb3VyY2Uv V2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL1Jlc291cmNlUmVxdWVzdEJhc2UuaAppbmRleCA0Yzdh YmNiLi5mMmM1YTM4IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3Jr L1Jlc291cmNlUmVxdWVzdEJhc2UuaAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL1Jlc291cmNlUmVxdWVzdEJhc2UuaApAQCAtNDQsNiArNDQsMTEgQEAgbmFtZXNwYWNlIFdl YkNvcmUgewogICAgICAgICBSZXR1cm5DYWNoZURhdGFEb250TG9hZCAgLy8gcmVzdWx0cyBvZiBh IHBvc3QgLSBhbGxvdyBzdGFsZSBkYXRhIGFuZCBvbmx5IHVzZSBjYWNoZQogICAgIH07CiAKKyAg ICBlbnVtIFJlc291cmNlUmVxdWVzdEhlYWRlclN0YXR1cyB7CisgICAgICAgIEhlYWRlclN0YXR1 c0ltcGxlbWVudGF0aW9uLAorICAgICAgICBIZWFkZXJTdGF0dXNBdXRob3IKKyAgICB9OworCiAg ICAgY2xhc3MgUmVzb3VyY2VSZXF1ZXN0OwogICAgIHN0cnVjdCBDcm9zc1RocmVhZFJlc291cmNl UmVxdWVzdERhdGE7CiAKQEAgLTk0LDEzICs5OSwxMyBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiAg ICAgICAgIGNvbnN0IFN0cmluZyYgaHR0cE1ldGhvZCgpIGNvbnN0OwogICAgICAgICB2b2lkIHNl dEhUVFBNZXRob2QoY29uc3QgU3RyaW5nJiBodHRwTWV0aG9kKTsKICAgICAgICAgCi0gICAgICAg IGNvbnN0IEhUVFBIZWFkZXJNYXAmIGh0dHBIZWFkZXJGaWVsZHMoKSBjb25zdDsKLSAgICAgICAg U3RyaW5nIGh0dHBIZWFkZXJGaWVsZChjb25zdCBBdG9taWNTdHJpbmcmIG5hbWUpIGNvbnN0Owot ICAgICAgICBTdHJpbmcgaHR0cEhlYWRlckZpZWxkKGNvbnN0IGNoYXIqIG5hbWUpIGNvbnN0Owot ICAgICAgICB2b2lkIHNldEhUVFBIZWFkZXJGaWVsZChjb25zdCBBdG9taWNTdHJpbmcmIG5hbWUs IGNvbnN0IFN0cmluZyYgdmFsdWUpOwotICAgICAgICB2b2lkIHNldEhUVFBIZWFkZXJGaWVsZChj b25zdCBjaGFyKiBuYW1lLCBjb25zdCBTdHJpbmcmIHZhbHVlKTsKLSAgICAgICAgdm9pZCBhZGRI VFRQSGVhZGVyRmllbGQoY29uc3QgQXRvbWljU3RyaW5nJiBuYW1lLCBjb25zdCBTdHJpbmcmIHZh bHVlKTsKLSAgICAgICAgdm9pZCBhZGRIVFRQSGVhZGVyRmllbGRzKGNvbnN0IEhUVFBIZWFkZXJN YXAmIGhlYWRlckZpZWxkcyk7CisgICAgICAgIGNvbnN0IEhUVFBIZWFkZXJNYXAmIGh0dHBIZWFk ZXJGaWVsZHMoUmVzb3VyY2VSZXF1ZXN0SGVhZGVyU3RhdHVzID0gSGVhZGVyU3RhdHVzSW1wbGVt ZW50YXRpb24pIGNvbnN0OworICAgICAgICBTdHJpbmcgaHR0cEhlYWRlckZpZWxkKGNvbnN0IEF0 b21pY1N0cmluZyYgbmFtZSwgUmVzb3VyY2VSZXF1ZXN0SGVhZGVyU3RhdHVzID0gSGVhZGVyU3Rh dHVzSW1wbGVtZW50YXRpb24pIGNvbnN0OworICAgICAgICBTdHJpbmcgaHR0cEhlYWRlckZpZWxk KGNvbnN0IGNoYXIqIG5hbWUsIFJlc291cmNlUmVxdWVzdEhlYWRlclN0YXR1cyA9IEhlYWRlclN0 YXR1c0ltcGxlbWVudGF0aW9uKSBjb25zdDsKKyAgICAgICAgdm9pZCBzZXRIVFRQSGVhZGVyRmll bGQoY29uc3QgQXRvbWljU3RyaW5nJiBuYW1lLCBjb25zdCBTdHJpbmcmIHZhbHVlLCBSZXNvdXJj ZVJlcXVlc3RIZWFkZXJTdGF0dXMgPSBIZWFkZXJTdGF0dXNJbXBsZW1lbnRhdGlvbik7CisgICAg ICAgIHZvaWQgc2V0SFRUUEhlYWRlckZpZWxkKGNvbnN0IGNoYXIqIG5hbWUsIGNvbnN0IFN0cmlu ZyYgdmFsdWUsIFJlc291cmNlUmVxdWVzdEhlYWRlclN0YXR1cyA9IEhlYWRlclN0YXR1c0ltcGxl bWVudGF0aW9uKTsKKyAgICAgICAgdm9pZCBhZGRIVFRQSGVhZGVyRmllbGQoY29uc3QgQXRvbWlj U3RyaW5nJiBuYW1lLCBjb25zdCBTdHJpbmcmIHZhbHVlLCBSZXNvdXJjZVJlcXVlc3RIZWFkZXJT dGF0dXMgPSBIZWFkZXJTdGF0dXNJbXBsZW1lbnRhdGlvbik7CisgICAgICAgIHZvaWQgYWRkSFRU UEhlYWRlckZpZWxkcyhjb25zdCBIVFRQSGVhZGVyTWFwJiBoZWFkZXJGaWVsZHMsIFJlc291cmNl UmVxdWVzdEhlYWRlclN0YXR1cyA9IEhlYWRlclN0YXR1c0ltcGxlbWVudGF0aW9uKTsKICAgICAg ICAgCiAgICAgICAgIHZvaWQgY2xlYXJIVFRQQXV0aG9yaXphdGlvbigpOwogCkBAIC0xOTksNiAr MjA0LDcgQEAgbmFtZXNwYWNlIFdlYkNvcmUgewogICAgICAgICBLVVJMIG1fZmlyc3RQYXJ0eUZv ckNvb2tpZXM7CiAgICAgICAgIFN0cmluZyBtX2h0dHBNZXRob2Q7CiAgICAgICAgIEhUVFBIZWFk ZXJNYXAgbV9odHRwSGVhZGVyRmllbGRzOworICAgICAgICBIVFRQSGVhZGVyTWFwIG1faHR0cEF1 dGhvckhlYWRlckZpZWxkczsKICAgICAgICAgVmVjdG9yPFN0cmluZz4gbV9yZXNwb25zZUNvbnRl bnREaXNwb3NpdGlvbkVuY29kaW5nRmFsbGJhY2tBcnJheTsKICAgICAgICAgUmVmUHRyPEZvcm1E YXRhPiBtX2h0dHBCb2R5OwogICAgICAgICBib29sIG1fYWxsb3dDb29raWVzOwpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYkNvcmUveG1sL1hNTEh0dHBSZXF1ZXN0LmNwcCBiL1NvdXJjZS9XZWJDb3Jl L3htbC9YTUxIdHRwUmVxdWVzdC5jcHAKaW5kZXggNjYzNDE2Ny4uZDEyZWQ1NiAxMDA2NDQKLS0t IGEvU291cmNlL1dlYkNvcmUveG1sL1hNTEh0dHBSZXF1ZXN0LmNwcAorKysgYi9Tb3VyY2UvV2Vi Q29yZS94bWwvWE1MSHR0cFJlcXVlc3QuY3BwCkBAIC02NDQsNyArNjQ0LDcgQEAgdm9pZCBYTUxI dHRwUmVxdWVzdDo6Y3JlYXRlUmVxdWVzdChFeGNlcHRpb25Db2RlJiBlYykKICAgICB9CiAKICAg ICBpZiAobV9yZXF1ZXN0SGVhZGVycy5zaXplKCkgPiAwKQotICAgICAgICByZXF1ZXN0LmFkZEhU VFBIZWFkZXJGaWVsZHMobV9yZXF1ZXN0SGVhZGVycyk7CisgICAgICAgIHJlcXVlc3QuYWRkSFRU UEhlYWRlckZpZWxkcyhtX3JlcXVlc3RIZWFkZXJzLCBIZWFkZXJTdGF0dXNBdXRob3IpOwogCiAg ICAgVGhyZWFkYWJsZUxvYWRlck9wdGlvbnMgb3B0aW9uczsKICAgICBvcHRpb25zLnNlbmRMb2Fk Q2FsbGJhY2tzID0gdHJ1ZTsK 104586 2011-08-19 16:18:27 -0700 2011-08-22 11:34:30 -0700 Patch bug-63460-20110819161826.patch text/plain 5902 levin U3VidmVyc2lvbiBSZXZpc2lvbjogOTM0MzIKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5n ZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBkNWZiMTc4NzUxMTdhZjgxNjRmMjYy NTdjNGU2MjhjOWQxMDlhYjIxLi5kYWIwYzMwOTY4ZTVmNzk4MGI1OGRjMGRjOGNjY2EzOWU4NWQ3 ZGE0IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQgQEAKKzIwMTEtMDgtMTkgIFBlci1FcmlrIEJyb2RpbiAg PHBlci1lcmlrLmJyb2RpbkBlcmljc3Nvbi5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgQ09SUyBzaG91bGQgb25seSBkZWFsIHdpdGggcmVxdWVz dCBoZWFkZXJzIHNldCBieSBzY3JpcHQgYXV0aG9ycy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTYzNDYwCisKKyAgICAgICAgKiBodHRwL3Rlc3RzL3ht bGh0dHByZXF1ZXN0L2FjY2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMtb3Jp Z2luLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogaHR0cC90ZXN0cy94bWxodHRwcmVx dWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi5odG1s OiBBZGRlZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L3Jlc291cmNlcy9h Y2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi5waHA6IEFkZGVk LgorCiAyMDExLTA4LTE5ICBEYXZpZCBMZXZpbiAgPGxldmluQGNocm9taXVtLm9yZz4KIAogICAg ICAgICBSRUdSRVNTSU9OIChyODkwODYpOiBBbGwgd29ya2VyIHhociByZXF1ZXN0cyB0cmlnZ2Vy IHByZWZsaWdodCByZXF1ZXN0cy4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMv eG1saHR0cHJlcXVlc3QvYWNjZXNzLWNvbnRyb2wtcHJlZmxpZ2h0LXJlcXVlc3QtaGVhZGVycy1v cmlnaW4tZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVxdWVz dC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi1leHBlY3Rl ZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMC4uM2UzZTEzNmY4YzkyNzg5MWYzNWRlZGI4ZTkwYjk0YWI5NjFhYTM4 YwotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMveG1saHR0cHJlcXVl c3QvYWNjZXNzLWNvbnRyb2wtcHJlZmxpZ2h0LXJlcXVlc3QtaGVhZGVycy1vcmlnaW4tZXhwZWN0 ZWQudHh0CkBAIC0wLDAgKzEsNCBAQAorVGVzdCB0aGF0ICdPcmlnaW4nIGlzIG5vdCBpbmNsdWRl ZCBpbiBBY2Nlc3MtQ29udHJvbC1SZXF1ZXN0LUhlYWRlcnMgaW4gYSBwcmVmbGlnaHQgcmVxdWVz dC4gU2hvdWxkIHByaW50IFBBU1MuCisKK1BBU1MKKwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv aHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVz dC1oZWFkZXJzLW9yaWdpbi5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy94bWxodHRwcmVx dWVzdC9hY2Nlc3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi5odG1s Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAuLjA5NTA4NzM5MzRlYjNjYWJlMDg1NDU5OTdiMmFiZmVjZTAwNzAyMWMKLS0t IC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L2Fj Y2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLmh0bWwKQEAgLTAs MCArMSwzNCBAQAorPGh0bWw+Cis8Ym9keT4KKzxwPlRlc3QgdGhhdCAnT3JpZ2luJyBpcyBub3Qg aW5jbHVkZWQgaW4gQWNjZXNzLUNvbnRyb2wtUmVxdWVzdC1IZWFkZXJzIGluIGEgcHJlZmxpZ2h0 IHJlcXVlc3QuIFNob3VsZCBwcmludCBQQVNTLjwvcD4KKzxkaXYgaWQ9ImxvZyI+PC9kaXY+Cis8 c2NyaXB0PgorZnVuY3Rpb24gbG9nKG1lc3NhZ2UpIHsKKyAgICBkb2N1bWVudC5nZXRFbGVtZW50 QnlJZCgibG9nIikuaW5uZXJIVE1MICs9IG1lc3NhZ2UgKyAiPGJyPiI7Cit9CisKK2lmICh3aW5k b3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1w QXNUZXh0KCk7CisgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIud2FpdFVudGlsRG9uZSgpOworfQor Cit2YXIgYmFzZV91cmwgPSBsb2NhdGlvbi5ocmVmLnN1YnN0cigwLCBsb2NhdGlvbi5ocmVmLmxh c3RJbmRleE9mKCcvJykpLnJlcGxhY2UoIjEyNy4wLjAuMSIsICJsb2NhbGhvc3QiKTsKK3ZhciB4 aHIgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsKK3hoci5vcGVuKCJHRVQiLCBiYXNlX3VybCArICIv cmVzb3VyY2VzL2FjY2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2lu LnBocCIpOworeGhyLnNldFJlcXVlc3RIZWFkZXIoIk15LUN1c3RvbS1IZWFkZXIiLCAiUEFTUyIp OworeGhyLm9uZXJyb3IgPSBmdW5jdGlvbiAoKSB7CisgICAgbG9nKCJGQUlMIik7CisgICAgaWYg KHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikKKyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xs ZXIubm90aWZ5RG9uZSgpOworfTsKK3hoci5vbnJlYWR5c3RhdGVjaGFuZ2UgPSBmdW5jdGlvbiAo KSB7CisgICAgaWYgKHhoci5yZWFkeVN0YXRlID09IDQpIHsKKyAgICAgICAgbG9nKHhoci5yZXNw b25zZVRleHQpOworICAgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAg ICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworICAgIH0KK307Cit4 aHIuc2VuZCgpOworCis8L3NjcmlwdD4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3Rz L2h0dHAvdGVzdHMveG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2FjY2Vzcy1jb250cm9sLXByZWZs aWdodC1yZXF1ZXN0LWhlYWRlcnMtb3JpZ2luLnBocCBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMv eG1saHR0cHJlcXVlc3QvcmVzb3VyY2VzL2FjY2Vzcy1jb250cm9sLXByZWZsaWdodC1yZXF1ZXN0 LWhlYWRlcnMtb3JpZ2luLnBocApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi42ZGUwMmRlOTIzOGFlZmQ0MDVhMWI0NzU4 MTcxNjhhMjgwMDhhNDYyCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0 cy94bWxodHRwcmVxdWVzdC9yZXNvdXJjZXMvYWNjZXNzLWNvbnRyb2wtcHJlZmxpZ2h0LXJlcXVl c3QtaGVhZGVycy1vcmlnaW4ucGhwCkBAIC0wLDAgKzEsMTAgQEAKKzw/cGhwCitoZWFkZXIoIkFj Y2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKiIpOworCitpZiAoJF9TRVJWRVJbIlJFUVVFU1Rf TUVUSE9EIl0gPT0gIk9QVElPTlMiKSB7CisgICAgaWYgKHN0cmlzdHIoJF9TRVJWRVJbIkhUVFBf QUNDRVNTX0NPTlRST0xfUkVRVUVTVF9IRUFERVJTIl0sICJPcmlnaW4iKSA9PT0gZmFsc2UpCisg ICAgICAgIGhlYWRlcigiQWNjZXNzLUNvbnRyb2wtQWxsb3ctSGVhZGVyczogTXktQ3VzdG9tLUhl YWRlciIpOworfQorZWxzZQorICAgIGVjaG8gJF9TRVJWRVJbIkhUVFBfTVlfQ1VTVE9NX0hFQURF UiJdOworPz4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9X ZWJDb3JlL0NoYW5nZUxvZwppbmRleCA1MzI2NTdhOThmZGNjZjIzYjhiOTU5OGVkODg1Y2E4MmMy NWU3ODY0Li5lNmFhNmE4YjBiNzU4MjhjYzdkMWQzZjcxMTk4OWRhYzVkODg3ZDdjIDEwMDY0NAot LS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCkBAIC0xLDUgKzEsMTcgQEAKIDIwMTEtMDgtMTkgIERhdmlkIExldmluICA8bGV2aW5AY2hy b21pdW0ub3JnPgogCisgICAgICAgIENPUlMgc2hvdWxkIG9ubHkgZGVhbCB3aXRoIHJlcXVlc3Qg aGVhZGVycyBzZXQgYnkgc2NyaXB0IGF1dGhvcnMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTYzNDYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgVGVzdDogaHR0cC90ZXN0cy94bWxodHRwcmVxdWVzdC9hY2Nl c3MtY29udHJvbC1wcmVmbGlnaHQtcmVxdWVzdC1oZWFkZXJzLW9yaWdpbi5odG1sCisKKyAgICAg ICAgKiBsb2FkZXIvQ3Jvc3NPcmlnaW5BY2Nlc3NDb250cm9sLmNwcDoKKyAgICAgICAgKFdlYkNv cmU6OmNyZWF0ZUFjY2Vzc0NvbnRyb2xQcmVmbGlnaHRSZXF1ZXN0KTogT25seSBzZW5kIHRoZSBu b24tdXNlciBhZ2VudCBoZWFkZXJzLgorCisyMDExLTA4LTE5ICBEYXZpZCBMZXZpbiAgPGxldmlu QGNocm9taXVtLm9yZz4KKwogICAgICAgICBSRUdSRVNTSU9OIChyODkwODYpOiBBbGwgd29ya2Vy IHhociByZXF1ZXN0cyB0cmlnZ2VyIHByZWZsaWdodCByZXF1ZXN0cy4KICAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTY2MzQwCiAKZGlmZiAtLWdpdCBhL1Nv dXJjZS9XZWJDb3JlL2xvYWRlci9Dcm9zc09yaWdpbkFjY2Vzc0NvbnRyb2wuY3BwIGIvU291cmNl L1dlYkNvcmUvbG9hZGVyL0Nyb3NzT3JpZ2luQWNjZXNzQ29udHJvbC5jcHAKaW5kZXggNThiNjY2 Y2IwMzFjMTllNzVhYWJlMTIzMGNlYmZkM2MxYzgwMTlhNS4uZjM3MWVlMDBmNWY4Zjk2ZWNjOTkw YzQyNjY1MDY0MmY1NDYyZTcwMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvbG9hZGVyL0Ny b3NzT3JpZ2luQWNjZXNzQ29udHJvbC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvbG9hZGVyL0Ny b3NzT3JpZ2luQWNjZXNzQ29udHJvbC5jcHAKQEAgLTExNSwxNCArMTE1LDE0IEBAIFJlc291cmNl UmVxdWVzdCBjcmVhdGVBY2Nlc3NDb250cm9sUHJlZmxpZ2h0UmVxdWVzdChjb25zdCBSZXNvdXJj ZVJlcXVlc3QmIHJlcXVlCiAgICAgcHJlZmxpZ2h0UmVxdWVzdC5zZXRQcmlvcml0eShyZXF1ZXN0 LnByaW9yaXR5KCkpOwogCiAgICAgY29uc3QgSFRUUEhlYWRlck1hcCYgcmVxdWVzdEhlYWRlckZp ZWxkcyA9IHJlcXVlc3QuaHR0cEhlYWRlckZpZWxkcygpOwotCi0gICAgaWYgKHJlcXVlc3RIZWFk ZXJGaWVsZHMuc2l6ZSgpID4gMCkgeworICAgIFVzZXJBZ2VudEhlYWRlckRhdGE6OmluaXRpYWxp emUoKTsKKyAgICBOb25Vc2VyQWdlbnRIZWFkZXJDb25zdEl0ZXJhdG9yIGl0ID0gVXNlckFnZW50 SGVhZGVyRGF0YTo6YmVnaW5Ob25Vc2VyQWdlbnRIZWFkZXJzKHJlcXVlc3RIZWFkZXJGaWVsZHMp OworICAgIE5vblVzZXJBZ2VudEhlYWRlckNvbnN0SXRlcmF0b3IgZW5kID0gVXNlckFnZW50SGVh ZGVyRGF0YTo6ZW5kTm9uVXNlckFnZW50SGVhZGVycyhyZXF1ZXN0SGVhZGVyRmllbGRzKTsKKyAg ICBpZiAoaXQgIT0gZW5kKSB7CiAgICAgICAgIFZlY3RvcjxVQ2hhcj4gaGVhZGVyQnVmZmVyOwot ICAgICAgICBIVFRQSGVhZGVyTWFwOjpjb25zdF9pdGVyYXRvciBpdCA9IHJlcXVlc3RIZWFkZXJG aWVsZHMuYmVnaW4oKTsKICAgICAgICAgYXBwZW5kKGhlYWRlckJ1ZmZlciwgaXQtPmZpcnN0KTsK ICAgICAgICAgKytpdDsKIAotICAgICAgICBIVFRQSGVhZGVyTWFwOjpjb25zdF9pdGVyYXRvciBl bmQgPSByZXF1ZXN0SGVhZGVyRmllbGRzLmVuZCgpOwogICAgICAgICBmb3IgKDsgaXQgIT0gZW5k OyArK2l0KSB7CiAgICAgICAgICAgICBoZWFkZXJCdWZmZXIuYXBwZW5kKCcsJyk7CiAgICAgICAg ICAgICBoZWFkZXJCdWZmZXIuYXBwZW5kKCcgJyk7Cg==