88760 2012-06-11 00:20:54 -0700 [soup] Prevent setting or editing httpOnly cookies from JavaScript 2012-06-14 05:56:52 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED WebExposed P2 Normal --- 87208 1 cdumez cdumez danw d-r gustavo jochen mario mdwajahatali.siddiqui mrobinson rakuco rwlbuis svillar webkit.review.bot oldest_to_newest 645779 0 cdumez 2012-06-11 00:20:54 -0700 Bug 86067 added http/tests/cookies/js-get-and-set-http-only-cookie.html test to make sure httpOnly cookies cannot be set, read or overwritten by JavaScript. This test is failing for both GTK and EFL ports because the Soup-specific code allows setting/overwriting httpOnly cookies from JavaScript. 645834 1 146809 cdumez 2012-06-11 01:35:26 -0700 Created attachment 146809 Patch 645872 2 d-r 2012-06-11 02:48:01 -0700 *** Bug 87247 has been marked as a duplicate of this bug. *** 645920 3 146809 jochen 2012-06-11 05:42:39 -0700 Comment on attachment 146809 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 > - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); any reason for this change? It seems unrelated to the CL description 645923 4 146809 cdumez 2012-06-11 05:46:54 -0700 Comment on attachment 146809 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 >> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); > > any reason for this change? It seems unrelated to the CL description It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. 645927 5 cdumez 2012-06-11 05:53:05 -0700 (In reply to comment #4) > (From update of attachment 146809 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review > > >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 > >> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); > > > > any reason for this change? It seems unrelated to the CL description > > It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. Otherwise soup_cookie_jar_set_cookie_with_first_party() will call internally: 1. soup_cookie_parse(); // Useless since we already did it 2. policy check; 3. soup_cookie_jar_add_cookie(); I'm now doing step 2 and 3 manually instead of calling soup_cookie_jar_set_cookie_with_first_party(), in order to an extra step 1. Hopefully, this is clearer. 645928 6 jochen 2012-06-11 05:55:52 -0700 (In reply to comment #5) > (In reply to comment #4) > > (From update of attachment 146809 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review > > > > >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 > > >> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); > > > > > > any reason for this change? It seems unrelated to the CL description > > > > It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. > > Otherwise soup_cookie_jar_set_cookie_with_first_party() will call internally: > 1. soup_cookie_parse(); // Useless since we already did it > 2. policy check; > 3. soup_cookie_jar_add_cookie(); > > I'm now doing step 2 and 3 manually instead of calling soup_cookie_jar_set_cookie_with_first_party(), in order to an extra step 1. > > Hopefully, this is clearer. It seems unfortunate to duplicate the policy check code. I understand that you want to avoid parsing the cookie twice. But how can we make sure that the policy check here and in soup_cookie_jar_set_cookie_with_first_party do not diverge over time? 645932 7 cdumez 2012-06-11 06:08:00 -0700 (In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > (From update of attachment 146809 [details] [details] [details]) > > > View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review > > > > > > >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 > > > >> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); > > > > > > > > any reason for this change? It seems unrelated to the CL description > > > > > > It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. > > > > Otherwise soup_cookie_jar_set_cookie_with_first_party() will call internally: > > 1. soup_cookie_parse(); // Useless since we already did it > > 2. policy check; > > 3. soup_cookie_jar_add_cookie(); > > > > I'm now doing step 2 and 3 manually instead of calling soup_cookie_jar_set_cookie_with_first_party(), in order to an extra step 1. > > > > Hopefully, this is clearer. > > It seems unfortunate to duplicate the policy check code. I understand that you want to avoid parsing the cookie twice. But how can we make sure that the policy check here and in soup_cookie_jar_set_cookie_with_first_party do not diverge over time? kov/mrobinson: What's your preference? I don't really mind either way, it just seemed unfortunate to parse the Cookie twice. 645973 8 146809 gustavo 2012-06-11 07:02:54 -0700 Comment on attachment 146809 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:82 > + GOwnPtr<SoupCookie> newCookie(soup_cookie_parse(value.utf8().data(), origin.get())); I think we may have a problem with API mismatch here. setCookies() implies value may contain more than one cookie, but all soup API we're using here only deals with the first cookie if there are many. We probably need a soup_cookie*s*_parse, and a soup_cookie_jar_set_cookie*s*_with_first_party(). > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:87 > + // set from JavaScript (Bug 86067). I don't see value in mentioning this bug number in the code comments, the ChangeLog is enough. > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92 > + GOwnPtr<GSList> existingCookies(soup_cookie_jar_all_cookies(jar)); I think this is very inefficient, we should not be listing all cookies, how about using soup_cookie_jar_get_cookies(), so you can give it the URI? >>>>>> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 >>>>>> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); >>>>> >>>>> any reason for this change? It seems unrelated to the CL description >>>> >>>> It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. >>> >>> Otherwise soup_cookie_jar_set_cookie_with_first_party() will call internally: >>> 1. soup_cookie_parse(); // Useless since we already did it >>> 2. policy check; >>> 3. soup_cookie_jar_add_cookie(); >>> >>> I'm now doing step 2 and 3 manually instead of calling soup_cookie_jar_set_cookie_with_first_party(), in order to an extra step 1. >>> >>> Hopefully, this is clearer. >> >> It seems unfortunate to duplicate the policy check code. I understand that you want to avoid parsing the cookie twice. But how can we make sure that the policy check here and in soup_cookie_jar_set_cookie_with_first_party do not diverge over time? > > kov/mrobinson: What's your preference? I don't really mind either way, it just seemed unfortunate to parse the Cookie twice. I prefer reliability and readability in this case. Unless there's a performance issue we need to fix I don't think the loss in readability and the risk of diverging is paid by the gain in not parsing the cookie twice. If you want to make this more efficient I'd suggest proposing new API for soup to set a cookie from an existing SoupCookie object. 646000 9 146809 cdumez 2012-06-11 07:53:14 -0700 Comment on attachment 146809 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review By the way, the "1 vs several" cookie parsing is a separate issue (which was already there). Should I open another bug for it and use the current bug report only for prevent httpOnly cookie setting from JS? >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:82 >> + GOwnPtr<SoupCookie> newCookie(soup_cookie_parse(value.utf8().data(), origin.get())); > > I think we may have a problem with API mismatch here. setCookies() implies value may contain more than one cookie, but all soup API we're using here only deals with the first cookie if there are many. We probably need a soup_cookie*s*_parse, and a soup_cookie_jar_set_cookie*s*_with_first_party(). Agreed. Unfortunately, those APIs do not exist in libsoup yet. >> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92 >> + GOwnPtr<GSList> existingCookies(soup_cookie_jar_all_cookies(jar)); > > I think this is very inefficient, we should not be listing all cookies, how about using soup_cookie_jar_get_cookies(), so you can give it the URI? Well, I considered that first but the issue is that soup_cookie_jar_get_cookies() returns the cookies in a single gchar*. Then, I have currently no way of parsing more than one cookie from a gchar*. >>>>>>> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:-83 >>>>>>> - soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data()); >>>>>> >>>>>> any reason for this change? It seems unrelated to the CL description >>>>> >>>>> It has been replaced by soup_cookie_jar_add_cookie(jar, newCookie.release()) a few lines bellow since we already have the Cookie parsed. The first_party check is also done bellow. >>>> >>>> Otherwise soup_cookie_jar_set_cookie_with_first_party() will call internally: >>>> 1. soup_cookie_parse(); // Useless since we already did it >>>> 2. policy check; >>>> 3. soup_cookie_jar_add_cookie(); >>>> >>>> I'm now doing step 2 and 3 manually instead of calling soup_cookie_jar_set_cookie_with_first_party(), in order to an extra step 1. >>>> >>>> Hopefully, this is clearer. >>> >>> It seems unfortunate to duplicate the policy check code. I understand that you want to avoid parsing the cookie twice. But how can we make sure that the policy check here and in soup_cookie_jar_set_cookie_with_first_party do not diverge over time? >> >> kov/mrobinson: What's your preference? I don't really mind either way, it just seemed unfortunate to parse the Cookie twice. > > I prefer reliability and readability in this case. Unless there's a performance issue we need to fix I don't think the loss in readability and the risk of diverging is paid by the gain in not parsing the cookie twice. If you want to make this more efficient I'd suggest proposing new API for soup to set a cookie from an existing SoupCookie object. Ok, I understand. I'll do that. 646093 10 146809 cdumez 2012-06-11 10:48:55 -0700 Comment on attachment 146809 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=146809&action=review >>> Source/WebCore/platform/network/soup/CookieJarSoup.cpp:92 >>> + GOwnPtr<GSList> existingCookies(soup_cookie_jar_all_cookies(jar)); >> >> I think this is very inefficient, we should not be listing all cookies, how about using soup_cookie_jar_get_cookies(), so you can give it the URI? > > Well, I considered that first but the issue is that soup_cookie_jar_get_cookies() returns the cookies in a single gchar*. Then, I have currently no way of parsing more than one cookie from a gchar*. One other issue with soup_cookie_jar_get_cookies() is that it calls soup_cookie_to_cookie_header() for each cookie internally and not soup_cookie_to_set_cookie_header(). As a consequence, the returned cookies do not have a PATH set (only "NAME=VALUE"). However, I need the PATH (in addition to the NAME) in order to do an "overwrite" check. 646117 11 146878 cdumez 2012-06-11 11:18:02 -0700 Created attachment 146878 Patch Based on the feedback, I'm now proposing this patch. The patch now fixes setCookies() so that it processes all the cookies and not just the first one. I have clearly documented with FIXME comments the methods that should be removed later and provided by libsoup instead (optimally). However, I hope we can land this patch like this and improve the code later since this fixes a valid issue and getting a new and improved libsoup release may take time. I don't mind writing the patches for libsoup though if it helps. 646124 12 146878 webkit-ews 2012-06-11 11:25:10 -0700 Comment on attachment 146878 Patch Attachment 146878 did not pass qt-ews (qt): Output: http://queues.webkit.org/results/12935768 646139 13 gustavo 2012-06-11 11:39:46 -0700 (In reply to comment #9) > By the way, the "1 vs several" cookie parsing is a separate issue (which was already there). Should I open another bug for it and use the current bug report only for prevent httpOnly cookie setting from JS? Yes, please, I just thought I'd mention it so we can all be aware of the issue. > However, I hope we can land this patch like this and improve the code later since this fixes a valid issue and getting a new and improved libsoup release may take time. > I don't mind writing the patches for libsoup though if it helps. Like I said on IRC, I don't think there's a particular rush: we don't have any deadlines pressing us, and we can use our jhbuild infrastructure to bump the libsoup version as soon as new APIs are pushed. That said, if you want to go ahead I think your first patch is better than creating all those helper functions, modulo copying the policy check logic instead of calling soup's API we discussed. 646147 14 146878 cdumez 2012-06-11 11:45:57 -0700 Comment on attachment 146878 Patch Clearing flags. Will propose a new patch once libsoup is updated. 646730 15 cdumez 2012-06-12 01:32:57 -0700 Proposed the following libsoup patches to add the few API functions we need: https://bugzilla.gnome.org/show_bug.cgi?id=677922 https://bugzilla.gnome.org/show_bug.cgi?id=677923 I don't really think we need a new soup_cookies_parse() function in libsoup since we can split on newlines and call soup_cookie_parse() for each cookie. From libsoup point of view, such function makes little sense IMHO since it is not a header format (No "Set-Cookie:" or "Cookie:" at the beginning of the lines). 646771 16 mario 2012-06-12 03:14:12 -0700 Skipping http/tests/cookies/js-get-and-set-http-only-cookie.html in the GTK port: http://trac.webkit.org/changeset/120052 Please unskip when fixed. Thanks! 647132 17 147124 cdumez 2012-06-12 11:39:14 -0700 Created attachment 147124 Patch Updated patch now that the libsoup patches landed. 647153 18 147124 gustavo 2012-06-12 11:55:20 -0700 Comment on attachment 147124 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=147124&action=review Since I have a small suggestion I'm not setting cq+, thanks, great work! > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:75 > +static inline SoupCookie* findCookieInList(const GSList* cookies, const gchar* name, const gchar* path) I think you could make this helper contain the full logic, so instead of finding the cookie in the list and then verifying it's http-only at the caller you can instead have httpOnlyCookiExists(...). > Source/WebCore/platform/network/soup/CookieJarSoup.cpp:113 > + // Make sure we do not overwrite httpOnly cookies from JavaScript. > + SoupCookie* existingCookie = findCookieInList(existingCookies, soup_cookie_get_name(cookie.get()), soup_cookie_get_path(cookie.get())); > + if (existingCookie && soup_cookie_get_http_only(existingCookie)) > + continue; Would make this more readable =). 647166 19 147133 cdumez 2012-06-12 12:13:32 -0700 Created attachment 147133 Patch Take feedback into consideration. Could someone please cq+ ? 647185 20 147133 gyuyoung.kim 2012-06-12 12:38:19 -0700 Comment on attachment 147133 Patch Attachment 147133 did not pass efl-ews (efl): Output: http://queues.webkit.org/results/12940720 647186 21 147133 cdumez 2012-06-12 12:41:08 -0700 Comment on attachment 147133 Patch The ews efl did not take into consideration the libsoup update. False alarm. Marking as cq? again. 647529 22 147133 webkit.review.bot 2012-06-12 17:33:21 -0700 Comment on attachment 147133 Patch Clearing flags on attachment: 147133 Committed r120145: <http://trac.webkit.org/changeset/120145> 647530 23 webkit.review.bot 2012-06-12 17:33:27 -0700 All reviewed patches have been landed. Closing bug. 647823 24 svillar 2012-06-13 02:17:32 -0700 http/tests/misc/redirect-to-about-blank.html has started to fail after committing this. 647844 25 cdumez 2012-06-13 02:54:20 -0700 (In reply to comment #24) > http/tests/misc/redirect-to-about-blank.html has started to fail after committing this. Yes, I skipped the test for both GTK and EFL and I opened Bug 88961 to track the issue. This is caused by a regression in the new version of libsoup. It is actually unrelated to this fix but a side effect of the libsoup version bump in jhbuild. 649097 26 mdwajahatali.siddiqui 2012-06-14 05:46:47 -0700 I am using a non jhbuild on ubuntu 12.04 to build webkit-gtk with options to autogen --enable-webkit2 && --with-gtk=3.0 and I get the following build error on svn rev# 120311 ../Source/WebCore/platform/network/soup/CookieJarSoup.cpp: In function ‘void WebCore::setCookies(WebCore::Document*, const WebCore::KURL&, const WTF::String&)’: ../Source/WebCore/platform/network/soup/CookieJarSoup.cpp:99:86: error: ‘soup_cookie_jar_get_cookie_list’ was not declared in this scope ../Source/WebCore/platform/network/soup/CookieJarSoup.cpp:117:92: error: ‘soup_cookie_jar_add_cookie_with_first_party’ was not declared in this scope I tried installing latest libsoup-2.39.2 but of no use, I could not find these APIs defined soup_cookie_jar_get_cookie_list & soup_cookie_jar_add_cookie_with_first_party in libsoup-2.39.2 Is something getting missed here? 649102 27 gustavo 2012-06-14 05:56:52 -0700 We're now using API from an unreleased version of soup. You need to build libsoup from git or wait for the next release. 146809 2012-06-11 01:35:26 -0700 2012-06-11 11:18:02 -0700 Patch 88760_httpOnly_cookies.patch text/plain 4594 cdumez ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA0NDJhZjIzLi5jMDRkZmUzIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMTggQEAKIDIwMTItMDYt MTEgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNvbT4KIAorICAg ICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkgY29va2llcyBm cm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgVW5za2lwIGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHkt Y29va2llLmh0bWwgbm93CisgICAgICAgIHRoYXQgd2UgZG9uJ3QgYWxsb3cgb3ZlcndyaXRpbmcg aHR0cE9ubHkgY29va2llcyBmcm9tIEphdmFTY3JpcHQKKyAgICAgICAgYW55bW9yZS4KKworICAg ICAgICAqIHBsYXRmb3JtL2VmbC9UZXN0RXhwZWN0YXRpb25zOgorCisyMDEyLTA2LTExICBDaHJp c3RvcGhlIER1bWV6ICA8Y2hyaXN0b3BoZS5kdW1lekBpbnRlbC5jb20+CisKICAgICAgICAgW0VG TF0gc2tpcCBodHRwL3Rlc3RzL2Nvb2tpZXMvanMtZ2V0LWFuZC1zZXQtaHR0cC1vbmx5LWNvb2tp ZS5odG1sIHRlc3QgY2FzZQogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9ODg3NTEKIApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZWZsL1Rl c3RFeHBlY3RhdGlvbnMgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVzdEV4cGVjdGF0aW9u cwppbmRleCAxYmE4YTBjLi5kNjc3NDhmIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9wbGF0Zm9y bS9lZmwvVGVzdEV4cGVjdGF0aW9ucworKysgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVz dEV4cGVjdGF0aW9ucwpAQCAtNzExLDkgKzcxMSw2IEBAIEJVR1dLODY2MzcgOiBlZGl0aW5nL3Nw ZWxsaW5nL3NwZWxsY2hlY2stcXVldWUuaHRtbCA9IFRFWFQKIEJVR1dLODY2MzcgOiBlZGl0aW5n L3NwZWxsaW5nL3NwZWxsY2hlY2stc2VxdWVuY2VudW0uaHRtbCA9IFRFWFQKIEJVR1dLODY2Mzcg OiBlZGl0aW5nL3NwZWxsaW5nL3NwZWxsaW5nLW1hcmtlci1kZXNjcmlwdGlvbi5odG1sID0gVEVY VAogCi0vLyBOZXcgdGVzdCBhZGRlZCBpbiByMTE5OTQ3IHdoaWNoIGZhaWxzIG9uIGFsbW9zdCBh bGwgcG9ydHMKLUJVR1dLODcyMDggOiBodHRwL3Rlc3RzL2Nvb2tpZXMvanMtZ2V0LWFuZC1zZXQt aHR0cC1vbmx5LWNvb2tpZS5odG1sID0gVEVYVAotCiAvLyBJdCBpcyB1bmNsZWFyIHdoZXRoZXIg YSBuZXcgYmFzZWxpbmUgaXMgbmVlZGVkIG9yIGl0IGlzIGEgSlNDIGZhaWx1cmUKIEJVR1dLNzc0 MTMgOiBmYXN0L3BhcnNlci9uZXN0ZWQtZnJhZ21lbnQtcGFyc2VyLWNyYXNoLmh0bWwgPSBURVhU CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3Jl L0NoYW5nZUxvZwppbmRleCBjMWJkZjE4Li42ODBlZjllIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEs MTcgQEAKKzIwMTItMDYtMTEgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGlu dGVsLmNvbT4KKworICAgICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0 cE9ubHkgY29va2llcyBmcm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgUHJldmVudCBzZXR0aW5nIG9yIG92ZXJ3cml0aW5nIGh0dHBP bmx5IGNvb2tpZXMgZnJvbSBKYXZhU2NyaXB0LgorCisgICAgICAgIFRlc3Q6IGh0dHAvdGVzdHMv Y29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHktY29va2llLmh0bWwKKworICAgICAgICAq IHBsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNv cmU6OnNldENvb2tpZXMpOgorCiAyMDEyLTA2LTExICBQZXRlciBXYW5nICA8cGV0ZXIud2FuZ0B0 b3JjaG1vYmlsZS5jb20uY24+CiAKICAgICAgICAgW0pTQ10gV2ViIEluc3BlY3RvcjogaW1wbGVt ZW50IGJyZWFraW5nIGZyb20gbmF0aXZlIGNhbGxiYWNrCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi Q29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvQ29va2llSmFyU291cC5jcHAgYi9Tb3VyY2UvV2Vi Q29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvQ29va2llSmFyU291cC5jcHAKaW5kZXggYTEzODdl Ny4uYWY0YjA1NSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9z b3VwL0Nvb2tpZUphclNvdXAuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdv cmsvc291cC9Db29raWVKYXJTb3VwLmNwcApAQCAtNzksOCArNzksMzYgQEAgdm9pZCBzZXRDb29r aWVzKERvY3VtZW50KiBkb2N1bWVudCwgY29uc3QgS1VSTCYgdXJsLCBjb25zdCBTdHJpbmcmIHZh bHVlKQogICAgICAgICByZXR1cm47CiAKICAgICBHT3duUHRyPFNvdXBVUkk+IG9yaWdpbihzb3Vw X3VyaV9uZXcodXJsLnN0cmluZygpLnV0ZjgoKS5kYXRhKCkpKTsKKyAgICBHT3duUHRyPFNvdXBD b29raWU+IG5ld0Nvb2tpZShzb3VwX2Nvb2tpZV9wYXJzZSh2YWx1ZS51dGY4KCkuZGF0YSgpLCBv cmlnaW4uZ2V0KCkpKTsKKyAgICBpZiAoIW5ld0Nvb2tpZSkKKyAgICAgICAgcmV0dXJuOworCisg ICAgLy8gTWFrZSBzdXJlIHRoZSBjb29raWUgaXMgbm90IGh0dHBPbmx5IHNpbmNlIHN1Y2ggY29v a2llcyBzaG91bGQgbm90IGJlCisgICAgLy8gc2V0IGZyb20gSmF2YVNjcmlwdCAoQnVnIDg2MDY3 KS4KKyAgICBpZiAoc291cF9jb29raWVfZ2V0X2h0dHBfb25seShuZXdDb29raWUuZ2V0KCkpKQor ICAgICAgICByZXR1cm47CisKKyAgICAvLyBNYWtlIHN1cmUgd2UgZG8gbm90IG92ZXJ3cml0ZSBo dHRwT25seSBjb29raWVzIGZyb20gSmF2YVNjcmlwdCAoQnVnIDg2MDY3KS4KKyAgICBHT3duUHRy PEdTTGlzdD4gZXhpc3RpbmdDb29raWVzKHNvdXBfY29va2llX2phcl9hbGxfY29va2llcyhqYXIp KTsKKyAgICBmb3IgKEdTTGlzdCogaXRlciA9IGV4aXN0aW5nQ29va2llcy5nZXQoKTsgaXRlcjsg aXRlciA9IGdfc2xpc3RfbmV4dChpdGVyKSkgeworICAgICAgICBHT3duUHRyPFNvdXBDb29raWU+ IGV4aXN0aW5nQ29va2llKHN0YXRpY19jYXN0PFNvdXBDb29raWUqPihpdGVyLT5kYXRhKSk7Cisg ICAgICAgIGlmICghc291cF9jb29raWVfYXBwbGllc190b191cmkoZXhpc3RpbmdDb29raWUuZ2V0 KCksIG9yaWdpbi5nZXQoKSkpCisgICAgICAgICAgICBjb250aW51ZTsKKyAgICAgICAgaWYgKCFz dHJjbXAoc291cF9jb29raWVfZ2V0X25hbWUoZXhpc3RpbmdDb29raWUuZ2V0KCkpLCBzb3VwX2Nv b2tpZV9nZXRfbmFtZShuZXdDb29raWUuZ2V0KCkpKQorICAgICAgICAgICAgJiYgIWdfc3RyY21w MChzb3VwX2Nvb2tpZV9nZXRfcGF0aChleGlzdGluZ0Nvb2tpZS5nZXQoKSksIHNvdXBfY29va2ll X2dldF9wYXRoKG5ld0Nvb2tpZS5nZXQoKSkpKSB7CisgICAgICAgICAgICAvLyBBdHRlbXB0IHRv IG92ZXJ3cml0ZSBleGlzdGluZyBjb29raWUKKyAgICAgICAgICAgIGlmIChzb3VwX2Nvb2tpZV9n ZXRfaHR0cF9vbmx5KGV4aXN0aW5nQ29va2llLmdldCgpKSkKKyAgICAgICAgICAgICAgICByZXR1 cm47CisgICAgICAgICAgICBicmVhazsKKyAgICAgICAgfQorICAgIH0KKworICAgIC8vIENoZWNr IGNvb2tpZSBqYXIgcG9saWN5IGFuZCBzZXQgY29va2llLgorICAgIFNvdXBDb29raWVKYXJBY2Nl cHRQb2xpY3kgcG9saWN5ID0gc291cF9jb29raWVfamFyX2dldF9hY2NlcHRfcG9saWN5KGphcik7 CiAgICAgR093blB0cjxTb3VwVVJJPiBmaXJzdFBhcnR5KHNvdXBfdXJpX25ldyhkb2N1bWVudC0+ Zmlyc3RQYXJ0eUZvckNvb2tpZXMoKS5zdHJpbmcoKS51dGY4KCkuZGF0YSgpKSk7Ci0gICAgc291 cF9jb29raWVfamFyX3NldF9jb29raWVfd2l0aF9maXJzdF9wYXJ0eShqYXIsIG9yaWdpbi5nZXQo KSwgZmlyc3RQYXJ0eS5nZXQoKSwgdmFsdWUudXRmOCgpLmRhdGEoKSk7CisgICAgaWYgKHBvbGlj eSAhPSBTT1VQX0NPT0tJRV9KQVJfQUNDRVBUX05FVkVSCisgICAgICAgICYmIChwb2xpY3kgPT0g U09VUF9DT09LSUVfSkFSX0FDQ0VQVF9BTFdBWVMgfHwgc291cF9jb29raWVfZG9tYWluX21hdGNo ZXMobmV3Q29va2llLmdldCgpLCBmaXJzdFBhcnR5LT5ob3N0KSkpCisgICAgICAgIHNvdXBfY29v a2llX2phcl9hZGRfY29va2llKGphciwgbmV3Q29va2llLnJlbGVhc2UoKSk7CiB9CiAKIHN0YXRp YyBTdHJpbmcgY29va2llc0ZvckRvY3VtZW50KGNvbnN0IERvY3VtZW50KiBkb2N1bWVudCwgY29u c3QgS1VSTCYgdXJsLCBib29sIGZvckhUVFBIZWFkZXIpCg== 146878 2012-06-11 11:18:02 -0700 2012-06-12 11:39:14 -0700 Patch 88760_httpOnly_cookies.patch text/plain 6297 cdumez ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBlODQyZmRmLi5kYzEzNjM5IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYgQEAKKzIwMTItMDYt MTEgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNvbT4KKworICAg ICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkgY29va2llcyBm cm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgVW5za2lwIGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHkt Y29va2llLmh0bWwgbm93CisgICAgICAgIHRoYXQgd2UgZG9uJ3QgYWxsb3cgb3ZlcndyaXRpbmcg aHR0cE9ubHkgY29va2llcyBmcm9tIEphdmFTY3JpcHQKKyAgICAgICAgYW55bW9yZS4KKworICAg ICAgICAqIHBsYXRmb3JtL2VmbC9UZXN0RXhwZWN0YXRpb25zOgorCiAyMDEyLTA2LTExICBEYW4g QmVybnN0ZWluICA8bWl0ekBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2ZXJ0ZWQgcjExOTk0MCBi ZWNhdXNlIGl0IGNhdXNlZCBtdWx0aXBsZSBtZWRpYSB0ZXN0cyB0byBmYWlsIG9uIExpb24uCmRp ZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVzdEV4cGVjdGF0aW9ucyBiL0xh eW91dFRlc3RzL3BsYXRmb3JtL2VmbC9UZXN0RXhwZWN0YXRpb25zCmluZGV4IDFiYThhMGMuLmQ2 Nzc0OGYgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2VmbC9UZXN0RXhwZWN0YXRp b25zCisrKyBiL0xheW91dFRlc3RzL3BsYXRmb3JtL2VmbC9UZXN0RXhwZWN0YXRpb25zCkBAIC03 MTEsOSArNzExLDYgQEAgQlVHV0s4NjYzNyA6IGVkaXRpbmcvc3BlbGxpbmcvc3BlbGxjaGVjay1x dWV1ZS5odG1sID0gVEVYVAogQlVHV0s4NjYzNyA6IGVkaXRpbmcvc3BlbGxpbmcvc3BlbGxjaGVj ay1zZXF1ZW5jZW51bS5odG1sID0gVEVYVAogQlVHV0s4NjYzNyA6IGVkaXRpbmcvc3BlbGxpbmcv c3BlbGxpbmctbWFya2VyLWRlc2NyaXB0aW9uLmh0bWwgPSBURVhUCiAKLS8vIE5ldyB0ZXN0IGFk ZGVkIGluIHIxMTk5NDcgd2hpY2ggZmFpbHMgb24gYWxtb3N0IGFsbCBwb3J0cwotQlVHV0s4NzIw OCA6IGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHktY29va2llLmh0 bWwgPSBURVhUCi0KIC8vIEl0IGlzIHVuY2xlYXIgd2hldGhlciBhIG5ldyBiYXNlbGluZSBpcyBu ZWVkZWQgb3IgaXQgaXMgYSBKU0MgZmFpbHVyZQogQlVHV0s3NzQxMyA6IGZhc3QvcGFyc2VyL25l c3RlZC1mcmFnbWVudC1wYXJzZXItY3Jhc2guaHRtbCA9IFRFWFQKIApkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IDM0 NjZlYjAuLjZlOWY2YzEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZworKysg Yi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwyMyBAQAorMjAxMi0wNi0xMSAg Q2hyaXN0b3BoZSBEdW1leiAgPGNocmlzdG9waGUuZHVtZXpAaW50ZWwuY29tPgorCisgICAgICAg IFtzb3VwXSBQcmV2ZW50IHNldHRpbmcgb3IgZWRpdGluZyBodHRwT25seSBjb29raWVzIGZyb20g SmF2YVNjcmlwdAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9ODg3NjAKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBQcmV2ZW50IHNldHRpbmcgb3Igb3ZlcndyaXRpbmcgaHR0cE9ubHkgY29va2llcyBmcm9tIEph dmFTY3JpcHQuCisgICAgICAgIEZpeCBzZXRDb29raWVzKCkgc28gdGhhdCBpdCBwYXJzZXMgYWxs IHRoZSBjb29raWVzIGFuZCBub3QganVzdAorICAgICAgICB0aGUgZmlyc3Qgb25lLgorCisgICAg ICAgIFRlc3Q6IGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHktY29v a2llLmh0bWwKKworICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3Vw LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OnBhcnNlQ29va2llcyk6CisgICAgICAgIChXZWJDb3Jl KToKKyAgICAgICAgKFdlYkNvcmU6OmZpbmRDb29raWVJbkxpc3QpOgorICAgICAgICAoV2ViQ29y ZTo6Z2V0Q29va2llc0Zvck9yaWdpbik6CisgICAgICAgIChXZWJDb3JlOjpzZXRDb29raWVzKToK KwogMjAxMi0wNi0xMSAgRGFuIEJlcm5zdGVpbiAgPG1pdHpAYXBwbGUuY29tPgogCiAgICAgICAg IFJldmVydGVkIHIxMTk5NDAgYmVjYXVzZSBpdCBjYXVzZWQgbXVsdGlwbGUgbWVkaWEgdGVzdHMg dG8gZmFpbCBvbiBMaW9uLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0 d29yay9zb3VwL0Nvb2tpZUphclNvdXAuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0 d29yay9zb3VwL0Nvb2tpZUphclNvdXAuY3BwCmluZGV4IGExMzg3ZTcuLjVjYTJmMTIgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3Vw LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvQ29va2llSmFy U291cC5jcHAKQEAgLTcyLDYgKzcyLDQ3IEBAIHZvaWQgc2V0U291cENvb2tpZUphcihTb3VwQ29v a2llSmFyKiBqYXIpCiAgICAgZGVmYXVsdENvb2tpZUphcigpID0gamFyOwogfQogCisvLyBGSVhN RTogT3B0aW1hbGx5LCBsaWJzb3VwIHNob3VsZCBoYXZlIGEgc291cF9jb29raWVzX3BhcnNlKCkg ZnVuY3Rpb24KKy8vIHRvIGRvIHRoaXMgZm9yIHVzLgorc3RhdGljIGlubGluZSBHU0xpc3QqIHBh cnNlQ29va2llcyhjb25zdCBTdHJpbmcmIHJhd0Nvb2tpZXMsIFNvdXBVUkkqIHVyaSkKK3sKKyAg ICBHU0xpc3QqIHJldCA9IDA7CisgICAgVmVjdG9yPFN0cmluZz4gcmF3Q29va2llc1ZlY3Q7CisK KyAgICByYXdDb29raWVzLnNwbGl0KCdcbicsIHJhd0Nvb2tpZXNWZWN0KTsKKyAgICBjb25zdCBz aXplX3QgcmF3Q29va2llc0NvdW50ID0gcmF3Q29va2llc1ZlY3Quc2l6ZSgpOworICAgIGZvciAo c2l6ZV90IGkgPSAwOyBpIDwgcmF3Q29va2llc0NvdW50OyArK2kpIHsKKyAgICAgICAgU291cENv b2tpZSogY29va2llID0gc291cF9jb29raWVfcGFyc2UocmF3Q29va2llc1ZlY3RbaV0udXRmOCgp LmRhdGEoKSwgdXJpKTsKKyAgICAgICAgaWYgKGNvb2tpZSkKKyAgICAgICAgICAgIHJldCA9IGdf c2xpc3RfcHJlcGVuZChyZXQsIGNvb2tpZSk7CisgICAgfQorICAgIHJldHVybiBnX3NsaXN0X3Jl dmVyc2UocmV0KTsKK30KKworc3RhdGljIGlubGluZSBTb3VwQ29va2llKiBmaW5kQ29va2llSW5M aXN0KGNvbnN0IEdTTGlzdCogY29va2llcywgY29uc3QgZ2NoYXIqIG5hbWUsIGNvbnN0IGdjaGFy KiBwYXRoKQoreworICAgIGZvciAoY29uc3QgR1NMaXN0KiBpdGVyID0gY29va2llczsgaXRlcjsg aXRlciA9IGdfc2xpc3RfbmV4dChpdGVyKSkgeworICAgICAgICBTb3VwQ29va2llKiBjb29raWUg PSBzdGF0aWNfY2FzdDxTb3VwQ29va2llKj4oaXRlci0+ZGF0YSk7CisgICAgICAgIGlmICghc3Ry Y21wKHNvdXBfY29va2llX2dldF9uYW1lKGNvb2tpZSksIG5hbWUpCisgICAgICAgICAgICAmJiAh Z19zdHJjbXAwKHNvdXBfY29va2llX2dldF9wYXRoKGNvb2tpZSksIHBhdGgpKQorICAgICAgICAg ICAgcmV0dXJuIGNvb2tpZTsKKyAgICB9CisgICAgcmV0dXJuIDA7Cit9CisKKy8vIEZJWE1FOiBP cHRpbWFsbHksIGxpYnNvdXAgc2hvdWxkIGhhdmUgYW4gQVBJIHRvIGRvIHRoaXMgZm9yIHVzLgor c3RhdGljIGlubGluZSBHU0xpc3QqIGdldENvb2tpZXNGb3JPcmlnaW4oU291cENvb2tpZUphciog amFyLCBTb3VwVVJJKiBvcmlnaW4pCit7CisgICAgR1NMaXN0KiByZXQgPSAwOworICAgIEdPd25Q dHI8R1NMaXN0PiBhbGxDb29raWVzKHNvdXBfY29va2llX2phcl9hbGxfY29va2llcyhqYXIpKTsK KyAgICBmb3IgKEdTTGlzdCogaXRlciA9IGFsbENvb2tpZXMuZ2V0KCk7IGl0ZXI7IGl0ZXIgPSBn X3NsaXN0X25leHQoaXRlcikpIHsKKyAgICAgICBHT3duUHRyPFNvdXBDb29raWU+IGNvb2tpZShz dGF0aWNfY2FzdDxTb3VwQ29va2llKj4oaXRlci0+ZGF0YSkpOworICAgICAgIGlmIChzb3VwX2Nv b2tpZV9hcHBsaWVzX3RvX3VyaShjb29raWUuZ2V0KCksIG9yaWdpbikpCisgICAgICAgICAgIHJl dCA9IGdfc2xpc3RfcHJlcGVuZChyZXQsIGNvb2tpZS5yZWxlYXNlKCkpOworICAgIH0KKyAgICBy ZXR1cm4gcmV0OworfQorCiB2b2lkIHNldENvb2tpZXMoRG9jdW1lbnQqIGRvY3VtZW50LCBjb25z dCBLVVJMJiB1cmwsIGNvbnN0IFN0cmluZyYgdmFsdWUpCiB7CiAgICAgU291cENvb2tpZUphciog amFyID0gY29va2llSmFyRm9yRG9jdW1lbnQoZG9jdW1lbnQpOwpAQCAtODAsNyArMTIxLDMxIEBA IHZvaWQgc2V0Q29va2llcyhEb2N1bWVudCogZG9jdW1lbnQsIGNvbnN0IEtVUkwmIHVybCwgY29u c3QgU3RyaW5nJiB2YWx1ZSkKIAogICAgIEdPd25QdHI8U291cFVSST4gb3JpZ2luKHNvdXBfdXJp X25ldyh1cmwuc3RyaW5nKCkudXRmOCgpLmRhdGEoKSkpOwogICAgIEdPd25QdHI8U291cFVSST4g Zmlyc3RQYXJ0eShzb3VwX3VyaV9uZXcoZG9jdW1lbnQtPmZpcnN0UGFydHlGb3JDb29raWVzKCku c3RyaW5nKCkudXRmOCgpLmRhdGEoKSkpOwotICAgIHNvdXBfY29va2llX2phcl9zZXRfY29va2ll X3dpdGhfZmlyc3RfcGFydHkoamFyLCBvcmlnaW4uZ2V0KCksIGZpcnN0UGFydHkuZ2V0KCksIHZh bHVlLnV0ZjgoKS5kYXRhKCkpOworCisgICAgLy8gR2V0IGV4aXN0aW5nIGNvb2tpZXMgZm9yIHRo aXMgb3JpZ2luLgorICAgIEdTTGlzdCogZXhpc3RpbmdDb29raWVzID0gZ2V0Q29va2llc0Zvck9y aWdpbihqYXIsIG9yaWdpbi5nZXQoKSk7CisKKyAgICBHU0xpc3QqIG5ld0Nvb2tpZXMgPSBwYXJz ZUNvb2tpZXModmFsdWUsIG9yaWdpbi5nZXQoKSk7CisgICAgZm9yIChjb25zdCBHU0xpc3QqIGl0 ZXIgPSBuZXdDb29raWVzOyBpdGVyOyBpdGVyID0gZ19zbGlzdF9uZXh0KGl0ZXIpKSB7CisgICAg ICAgIFNvdXBDb29raWUqIG5ld0Nvb2tpZSA9IHN0YXRpY19jYXN0PFNvdXBDb29raWUqPihpdGVy LT5kYXRhKTsKKworICAgICAgICAvLyBNYWtlIHN1cmUgdGhlIGNvb2tpZSBpcyBub3QgaHR0cE9u bHkgc2luY2Ugc3VjaCBjb29raWVzIHNob3VsZCBub3QgYmUgc2V0IGZyb20gSmF2YVNjcmlwdC4K KyAgICAgICAgaWYgKHNvdXBfY29va2llX2dldF9odHRwX29ubHkobmV3Q29va2llKSkKKyAgICAg ICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIC8vIE1ha2Ugc3VyZSB3ZSBkbyBub3Qgb3Zlcndy aXRlIGh0dHBPbmx5IGNvb2tpZXMgZnJvbSBKYXZhU2NyaXB0LgorICAgICAgICBTb3VwQ29va2ll KiBleGlzdGluZ0Nvb2tpZSA9IGZpbmRDb29raWVJbkxpc3QoZXhpc3RpbmdDb29raWVzLCBzb3Vw X2Nvb2tpZV9nZXRfbmFtZShuZXdDb29raWUpLCBzb3VwX2Nvb2tpZV9nZXRfcGF0aChuZXdDb29r aWUpKTsKKyAgICAgICAgaWYgKGV4aXN0aW5nQ29va2llICYmIHNvdXBfY29va2llX2dldF9odHRw X29ubHkoZXhpc3RpbmdDb29raWUpKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAg Ly8gRklYTUU6IE9wdGltYWxseSwgbGlic291cCBzaG91bGQgaGF2ZSBhbiBlcXVpdmFsZW50IG9m IHNvdXBfY29va2llX2phcl9zZXRfY29va2llX3dpdGhfZmlyc3RfcGFydHkoKQorICAgICAgICAv LyB0aGF0IHRha2VzIGEgU291cENvb2tpZSBpbiBhcmd1bWVudC4KKyAgICAgICAgR093blB0cjxj aGFyPiBuZXdDb29raWVTdHJpbmcoc291cF9jb29raWVfdG9fc2V0X2Nvb2tpZV9oZWFkZXIobmV3 Q29va2llKSk7CisgICAgICAgIHNvdXBfY29va2llX2phcl9zZXRfY29va2llX3dpdGhfZmlyc3Rf cGFydHkoamFyLCBvcmlnaW4uZ2V0KCksIGZpcnN0UGFydHkuZ2V0KCksIG5ld0Nvb2tpZVN0cmlu Zy5nZXQoKSk7CisgICAgfQorCisgICAgc291cF9jb29raWVzX2ZyZWUoZXhpc3RpbmdDb29raWVz KTsKKyAgICBzb3VwX2Nvb2tpZXNfZnJlZShuZXdDb29raWVzKTsKIH0KIAogc3RhdGljIFN0cmlu ZyBjb29raWVzRm9yRG9jdW1lbnQoY29uc3QgRG9jdW1lbnQqIGRvY3VtZW50LCBjb25zdCBLVVJM JiB1cmwsIGJvb2wgZm9ySFRUUEhlYWRlcikK 147124 2012-06-12 11:39:14 -0700 2012-06-12 12:13:32 -0700 Patch 88760_httpOnly_cookies.patch text/plain 10198 cdumez ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBlMWYyZTNjLi5mOWQwMGY5IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMTkgQEAKIDIwMTItMDYt MTIgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNvbT4KIAorICAg ICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkgY29va2llcyBm cm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgVW5za2lwIGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9ubHkt Y29va2llLmh0bWwgZm9yCisgICAgICAgIGJvdGggR1RLIGFuZCBFRkwgcG9ydHMgbm93IHRoYXQg dGhhdCB3ZSBkb24ndCBhbGxvdyBvdmVyd3JpdGluZworICAgICAgICBodHRwT25seSBjb29raWVz IGZyb20gSmF2YVNjcmlwdCBhbnltb3JlLgorCisgICAgICAgICogcGxhdGZvcm0vZWZsL1Rlc3RF eHBlY3RhdGlvbnM6CisgICAgICAgICogcGxhdGZvcm0vZ3RrL1Rlc3RFeHBlY3RhdGlvbnM6CisK KzIwMTItMDYtMTIgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNv bT4KKwogICAgICAgICBbRUZMXSBlbmFibGUgTEVHQUNZX1dFQktJVF9CTE9CX0JVSUxERVIgZmxh ZwogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODg3MTUK IApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZWZsL1Rlc3RFeHBlY3RhdGlvbnMg Yi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVzdEV4cGVjdGF0aW9ucwppbmRleCA3OThhMDdj Li5mZWYzMDVmIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVzdEV4cGVj dGF0aW9ucworKysgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9lZmwvVGVzdEV4cGVjdGF0aW9ucwpA QCAtNjkzLDkgKzY5Myw2IEBAIEJVR1dLODY2MzcgOiBlZGl0aW5nL3NwZWxsaW5nL3NwZWxsY2hl Y2stcXVldWUuaHRtbCA9IFRFWFQKIEJVR1dLODY2MzcgOiBlZGl0aW5nL3NwZWxsaW5nL3NwZWxs Y2hlY2stc2VxdWVuY2VudW0uaHRtbCA9IFRFWFQKIEJVR1dLODY2MzcgOiBlZGl0aW5nL3NwZWxs aW5nL3NwZWxsaW5nLW1hcmtlci1kZXNjcmlwdGlvbi5odG1sID0gVEVYVAogCi0vLyBOZXcgdGVz dCBhZGRlZCBpbiByMTE5OTQ3IHdoaWNoIGZhaWxzIG9uIGFsbW9zdCBhbGwgcG9ydHMKLUJVR1dL ODcyMDggOiBodHRwL3Rlc3RzL2Nvb2tpZXMvanMtZ2V0LWFuZC1zZXQtaHR0cC1vbmx5LWNvb2tp ZS5odG1sID0gVEVYVAotCiAvLyBJdCBpcyB1bmNsZWFyIHdoZXRoZXIgYSBuZXcgYmFzZWxpbmUg aXMgbmVlZGVkIG9yIGl0IGlzIGEgSlNDIGZhaWx1cmUKIEJVR1dLNzc0MTMgOiBmYXN0L3BhcnNl ci9uZXN0ZWQtZnJhZ21lbnQtcGFyc2VyLWNyYXNoLmh0bWwgPSBURVhUCiAKZGlmZiAtLWdpdCBh L0xheW91dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25zIGIvTGF5b3V0VGVzdHMv cGxhdGZvcm0vZ3RrL1Rlc3RFeHBlY3RhdGlvbnMKaW5kZXggMTkwNmE0NS4uNGU5ZThjMiAxMDA2 NDQKLS0tIGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZ3RrL1Rlc3RFeHBlY3RhdGlvbnMKKysrIGIv TGF5b3V0VGVzdHMvcGxhdGZvcm0vZ3RrL1Rlc3RFeHBlY3RhdGlvbnMKQEAgLTEyNDgsOSArMTI0 OCw2IEBAIEJVR1dLODU2ODkgU0tJUCA6IGZhc3QvYW5pbWF0aW9uL3JlcXVlc3QtYW5pbWF0aW9u LWZyYW1lLWRpc2FibGVkLmh0bWwgPSBURVhUCiAvLyBOZXcgdGVzdCBpbnRyb2R1Y2VkIGluIHIx MTk5MTEgZmFpbGluZyBvbiBHVEsgYW5kIEVGTCBwb3J0cwogQlVHV0s4ODcyNyA6IGh0dHAvdGVz dHMveG1saHR0cHJlcXVlc3Qvb3JpZ2luLWV4YWN0LW1hdGNoaW5nLmh0bWwgPSBURVhUCiAKLS8v IE5ldyB0ZXN0IGludHJvZHVjZWQgaW4gcjExOTk0NyBmYWlsaW5nIG9uIEdUSyBwb3J0Ci1CVUdX Szg4NzYwIDogaHR0cC90ZXN0cy9jb29raWVzL2pzLWdldC1hbmQtc2V0LWh0dHAtb25seS1jb29r aWUuaHRtbCA9IFRFWFQKLQogLy8gU3RhcnRlZCBmYWlsaW5nIGFmdGVyIGl0IHdhcyBhZGRlZCBp biByMTE2NDczCiBCVUdXSzg1OTY5IDogaHR0cC90ZXN0cy9sb2FkaW5nL3Bvc3QtaW4taWZyYW1l LXdpdGgtYmFjay1uYXZpZ2F0aW9uLmh0bWwgPSBGQUlMCiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9X ZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCAyMGUwNDRh Li5lM2U5MzVjIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTItMDYtMTIgIENocmlz dG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNvbT4KKworICAgICAgICBbc291 cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkgY29va2llcyBmcm9tIEphdmFT Y3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTg4 NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgUHJl dmVudCBzZXR0aW5nIG9yIG92ZXJ3cml0aW5nIGh0dHBPbmx5IGNvb2tpZXMgZnJvbSBKYXZhU2Ny aXB0LgorICAgICAgICBGaXggc2V0Q29va2llcygpIHNvIHRoYXQgaXQgcGFyc2VzIGFsbCB0aGUg Y29va2llcyBhbmQgbm90IGp1c3QKKyAgICAgICAgdGhlIGZpcnN0IG9uZS4KKworICAgICAgICBU ZXN0OiBodHRwL3Rlc3RzL2Nvb2tpZXMvanMtZ2V0LWFuZC1zZXQtaHR0cC1vbmx5LWNvb2tpZS5o dG1sCisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAvQ29va2llSmFyU291cC5jcHA6 CisgICAgICAgIChXZWJDb3JlOjpmaW5kQ29va2llSW5MaXN0KToKKyAgICAgICAgKFdlYkNvcmUp OgorICAgICAgICAoV2ViQ29yZTo6c2V0Q29va2llcyk6CisKIDIwMTItMDYtMTIgIFBhdmVsIEZl bGRtYW4gIDxwZmVsZG1hbkBjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgV2ViIEluc3BlY3Rvcjog YWxsb3cgY2xlYXJpbmcgcmV2aXNpb24gaGlzdG9yeS4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcCBiL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3VwLmNwcAppbmRleCBhMTM4N2U3 Li5iM2RkZWRiIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3Nv dXAvQ29va2llSmFyU291cC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29y ay9zb3VwL0Nvb2tpZUphclNvdXAuY3BwCkBAIC03Miw2ICs3MiwxNyBAQCB2b2lkIHNldFNvdXBD b29raWVKYXIoU291cENvb2tpZUphciogamFyKQogICAgIGRlZmF1bHRDb29raWVKYXIoKSA9IGph cjsKIH0KIAorc3RhdGljIGlubGluZSBTb3VwQ29va2llKiBmaW5kQ29va2llSW5MaXN0KGNvbnN0 IEdTTGlzdCogY29va2llcywgY29uc3QgZ2NoYXIqIG5hbWUsIGNvbnN0IGdjaGFyKiBwYXRoKQor eworICAgIGZvciAoY29uc3QgR1NMaXN0KiBpdGVyID0gY29va2llczsgaXRlcjsgaXRlciA9IGdf c2xpc3RfbmV4dChpdGVyKSkgeworICAgICAgICBTb3VwQ29va2llKiBjb29raWUgPSBzdGF0aWNf Y2FzdDxTb3VwQ29va2llKj4oaXRlci0+ZGF0YSk7CisgICAgICAgIGlmICghc3RyY21wKHNvdXBf Y29va2llX2dldF9uYW1lKGNvb2tpZSksIG5hbWUpCisgICAgICAgICAgICAmJiAhZ19zdHJjbXAw KHNvdXBfY29va2llX2dldF9wYXRoKGNvb2tpZSksIHBhdGgpKQorICAgICAgICAgICAgcmV0dXJu IGNvb2tpZTsKKyAgICB9CisgICAgcmV0dXJuIDA7Cit9CisKIHZvaWQgc2V0Q29va2llcyhEb2N1 bWVudCogZG9jdW1lbnQsIGNvbnN0IEtVUkwmIHVybCwgY29uc3QgU3RyaW5nJiB2YWx1ZSkKIHsK ICAgICBTb3VwQ29va2llSmFyKiBqYXIgPSBjb29raWVKYXJGb3JEb2N1bWVudChkb2N1bWVudCk7 CkBAIC04MCw3ICs5MSwzMSBAQCB2b2lkIHNldENvb2tpZXMoRG9jdW1lbnQqIGRvY3VtZW50LCBj b25zdCBLVVJMJiB1cmwsIGNvbnN0IFN0cmluZyYgdmFsdWUpCiAKICAgICBHT3duUHRyPFNvdXBV Ukk+IG9yaWdpbihzb3VwX3VyaV9uZXcodXJsLnN0cmluZygpLnV0ZjgoKS5kYXRhKCkpKTsKICAg ICBHT3duUHRyPFNvdXBVUkk+IGZpcnN0UGFydHkoc291cF91cmlfbmV3KGRvY3VtZW50LT5maXJz dFBhcnR5Rm9yQ29va2llcygpLnN0cmluZygpLnV0ZjgoKS5kYXRhKCkpKTsKLSAgICBzb3VwX2Nv b2tpZV9qYXJfc2V0X2Nvb2tpZV93aXRoX2ZpcnN0X3BhcnR5KGphciwgb3JpZ2luLmdldCgpLCBm aXJzdFBhcnR5LmdldCgpLCB2YWx1ZS51dGY4KCkuZGF0YSgpKTsKKworICAgIC8vIEdldCBleGlz dGluZyBjb29raWVzIGZvciB0aGlzIG9yaWdpbi4KKyAgICBHU0xpc3QqIGV4aXN0aW5nQ29va2ll cyA9IHNvdXBfY29va2llX2phcl9nZXRfY29va2llX2xpc3QoamFyLCBvcmlnaW4uZ2V0KCksIFRS VUUpOworCisgICAgVmVjdG9yPFN0cmluZz4gY29va2llczsKKyAgICB2YWx1ZS5zcGxpdCgnXG4n LCBjb29raWVzKTsKKyAgICBjb25zdCBzaXplX3QgY29va2llc0NvdW50ID0gY29va2llcy5zaXpl KCk7CisgICAgZm9yIChzaXplX3QgaSA9IDA7IGkgPCBjb29raWVzQ291bnQ7ICsraSkgeworICAg ICAgICBHT3duUHRyPFNvdXBDb29raWU+IGNvb2tpZShzb3VwX2Nvb2tpZV9wYXJzZShjb29raWVz W2ldLnV0ZjgoKS5kYXRhKCksIG9yaWdpbi5nZXQoKSkpOworICAgICAgICBpZiAoIWNvb2tpZSkK KyAgICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIC8vIE1ha2Ugc3VyZSB0aGUgY29va2ll IGlzIG5vdCBodHRwT25seSBzaW5jZSBzdWNoIGNvb2tpZXMgc2hvdWxkIG5vdCBiZSBzZXQgZnJv bSBKYXZhU2NyaXB0LgorICAgICAgICBpZiAoc291cF9jb29raWVfZ2V0X2h0dHBfb25seShjb29r aWUuZ2V0KCkpKQorICAgICAgICAgICAgY29udGludWU7CisKKyAgICAgICAgLy8gTWFrZSBzdXJl IHdlIGRvIG5vdCBvdmVyd3JpdGUgaHR0cE9ubHkgY29va2llcyBmcm9tIEphdmFTY3JpcHQuCisg ICAgICAgIFNvdXBDb29raWUqIGV4aXN0aW5nQ29va2llID0gZmluZENvb2tpZUluTGlzdChleGlz dGluZ0Nvb2tpZXMsIHNvdXBfY29va2llX2dldF9uYW1lKGNvb2tpZS5nZXQoKSksIHNvdXBfY29v a2llX2dldF9wYXRoKGNvb2tpZS5nZXQoKSkpOworICAgICAgICBpZiAoZXhpc3RpbmdDb29raWUg JiYgc291cF9jb29raWVfZ2V0X2h0dHBfb25seShleGlzdGluZ0Nvb2tpZSkpCisgICAgICAgICAg ICBjb250aW51ZTsKKworICAgICAgICBzb3VwX2Nvb2tpZV9qYXJfYWRkX2Nvb2tpZV93aXRoX2Zp cnN0X3BhcnR5KGphciwgZmlyc3RQYXJ0eS5nZXQoKSwgY29va2llLnJlbGVhc2UoKSk7CisgICAg fQorCisgICAgc291cF9jb29raWVzX2ZyZWUoZXhpc3RpbmdDb29raWVzKTsKIH0KIAogc3RhdGlj IFN0cmluZyBjb29raWVzRm9yRG9jdW1lbnQoY29uc3QgRG9jdW1lbnQqIGRvY3VtZW50LCBjb25z dCBLVVJMJiB1cmwsIGJvb2wgZm9ySFRUUEhlYWRlcikKZGlmZiAtLWdpdCBhL1Rvb2xzL0NoYW5n ZUxvZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCBiYmRiNTg1Li5iNjM4MDliIDEwMDY0NAotLS0g YS9Ub29scy9DaGFuZ2VMb2cKKysrIGIvVG9vbHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMTggQEAK IDIwMTItMDYtMTIgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNv bT4KIAorICAgICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkg Y29va2llcyBmcm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgVXBkYXRlIGxpYnNvdXAgdG8gdjIuMzkuMiwgZ2xpYiB0byB2Mi4zMy4y IGFuZCBnbGliLW5ldHdvcmtpbmcKKyAgICAgICAgdG8gdjIuMzMuMiBmb3IgYm90aCBHVEsgYW5k IEVGTCBwb3J0cy4KKworICAgICAgICAqIGVmbC9qaGJ1aWxkLm1vZHVsZXM6CisgICAgICAgICog Z3RrL2poYnVpbGQubW9kdWxlczoKKworMjAxMi0wNi0xMiAgQ2hyaXN0b3BoZSBEdW1leiAgPGNo cmlzdG9waGUuZHVtZXpAaW50ZWwuY29tPgorCiAgICAgICAgIFtFRkxdIGVuYWJsZSBMRUdBQ1lf V0VCS0lUX0JMT0JfQlVJTERFUiBmbGFnCiAgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD04ODcxNQogCmRpZmYgLS1naXQgYS9Ub29scy9lZmwvamhidWlsZC5t b2R1bGVzIGIvVG9vbHMvZWZsL2poYnVpbGQubW9kdWxlcwppbmRleCAxMWVjYjA5Li4xNGZhZjc4 IDEwMDY0NAotLS0gYS9Ub29scy9lZmwvamhidWlsZC5tb2R1bGVzCisrKyBiL1Rvb2xzL2VmbC9q aGJ1aWxkLm1vZHVsZXMKQEAgLTExMCwyMCArMTEwLDIwIEBACiAgICAgPGRlcGVuZGVuY2llcz4K ICAgICAgIDxkZXAgcGFja2FnZT0ibGliZmZpIi8+CiAgICAgPC9kZXBlbmRlbmNpZXM+Ci0gICAg PGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGliLzIuMzIvZ2xpYi0yLjMyLjIu dGFyLnh6IiB2ZXJzaW9uPSIyLjMyLjIiCisgICAgPGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUv c291cmNlcy9nbGliLzIuMzMvZ2xpYi0yLjMzLjIudGFyLnh6IiB2ZXJzaW9uPSIyLjMzLjIiCiAg ICAgICAgICAgICByZXBvPSJmdHAuZ25vbWUub3JnIgotICAgICAgICAgICAgaGFzaD0ic2hhMjU2 OmIxNzY0YWJmMDBiYWM5NmUwZTkzZTI5ZmI5NzE1Y2U3NWYzNTgzNTc5YWNhYzQwNjQ4ZTE4Nzcx ZDQzZDYxMzYiCi0gICAgICAgICAgICBtZDVzdW09IjViZmRiNjE5N2FmYjkwZTRkYmM3YjFiYjk4 ZjBlYWUwIi8+CisgICAgICAgICAgICBoYXNoPSJzaGEyNTY6YjcxNjNlOWYxNTk3NzVkMTNlY2Zi NDMzZDY3YzNmMDg4M2UwZTUxOGU4NWIyZTk3MGQ0YWQ5NzczZDdjZDBiNCIKKyAgICAgICAgICAg IG1kNXN1bT0iMDZlZjAwOTlmZWQyMmFmY2YzNGFkZTM5ZGRmZjlhNWIiLz4KICAgPC9hdXRvdG9v bHM+CiAKICAgPGF1dG90b29scyBpZD0iZ2xpYi1uZXR3b3JraW5nIj4KICAgICA8ZGVwZW5kZW5j aWVzPgogICAgICAgPGRlcCBwYWNrYWdlPSJnbnV0bHMiLz4KICAgICA8L2RlcGVuZGVuY2llcz4K LSAgICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2VzL2dsaWItbmV0d29ya2luZy8y LjMxL2dsaWItbmV0d29ya2luZy0yLjMxLjIudGFyLnh6IiB2ZXJzaW9uPSIyLjMxLjIiCisgICAg PGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGliLW5ldHdvcmtpbmcvMi4zMy9n bGliLW5ldHdvcmtpbmctMi4zMy4yLnRhci54eiIgdmVyc2lvbj0iMi4zMy4yIgogICAgICAgICAg ICAgcmVwbz0iZnRwLmdub21lLm9yZyIKLSAgICAgICAgICAgIGhhc2g9InNoYTI1NjowM2UzYTI4 ODFkMjYyNmQxMjA2ZTcyOTcyNTMxNjYxMDM3ZmUwZDMyZTc0NWJmOWIyZjYzYzBkNmY1ZTMyYTlj IgotICAgICAgICAgICAgbWQ1c3VtPSJiNjQ5YjQ1N2JkOWZkNWUwZTliOWM0ZGNiMWE3NGEzNyIv PgorICAgICAgICAgICAgaGFzaD0iZTI5OGNmZjM5MzVlYjc1MmJlMjkwYmJmNzM0ZTQ1N2YxODcw YmRiNTM3MGVlMjkyNjA2ZTYwNDBhODIwNzRlNyIKKyAgICAgICAgICAgIG1kNXN1bT0iNWFiYjM2 NGYyYTBiYWJlMmVjMWUzYTZkNTlmNjkwNDMiLz4KICAgPC9hdXRvdG9vbHM+CiAKICAgPGF1dG90 b29scyBpZD0iZ251dGxzIgpAQCAtMTQzLDkgKzE0Myw5IEBACiAgICAgPGRlcGVuZGVuY2llcz4K ICAgICAgIDxkZXAgcGFja2FnZT0iZ2xpYi1uZXR3b3JraW5nIi8+CiAgICAgPC9kZXBlbmRlbmNp ZXM+Ci0gICAgPGJyYW5jaCBtb2R1bGU9ImxpYnNvdXAiIHZlcnNpb249IjIuMzguMSIKKyAgICA8 YnJhbmNoIG1vZHVsZT0ibGlic291cCIgdmVyc2lvbj0iMi4zOS4yIgogICAgICAgICAgICAgcmVw bz0iZ2l0Lmdub21lLm9yZyIKLSAgICAgICAgICAgIHRhZz0iTElCU09VUF8yXzM4XzEiLz4KKyAg ICAgICAgICAgIHRhZz0iTElCU09VUF8yXzM5XzIiLz4KICAgPC9hdXRvdG9vbHM+CiAKICAgPGF1 dG90b29scyBpZD0iZm9udGNvbmZpZyIgYXV0b2dlbi1zaD0iY29uZmlndXJlIj4KZGlmZiAtLWdp dCBhL1Rvb2xzL2d0ay9qaGJ1aWxkLm1vZHVsZXMgYi9Ub29scy9ndGsvamhidWlsZC5tb2R1bGVz CmluZGV4IGM5M2UzOWYuLjMzMDZkNzQgMTAwNjQ0Ci0tLSBhL1Rvb2xzL2d0ay9qaGJ1aWxkLm1v ZHVsZXMKKysrIGIvVG9vbHMvZ3RrL2poYnVpbGQubW9kdWxlcwpAQCAtMTMxLDEwICsxMzEsMTAg QEAKICAgICA8ZGVwZW5kZW5jaWVzPgogICAgICAgPGRlcCBwYWNrYWdlPSJsaWJmZmkiLz4KICAg ICA8L2RlcGVuZGVuY2llcz4KLSAgICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2Vz L2dsaWIvMi4zMi9nbGliLTIuMzIuMC50YXIueHoiIHZlcnNpb249IjIuMzIuMCIKKyAgICA8YnJh bmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2VzL2dsaWIvMi4zMy9nbGliLTIuMzMuMi50YXIu eHoiIHZlcnNpb249IjIuMzMuMiIKICAgICAgICAgICAgIHJlcG89ImZ0cC5nbm9tZS5vcmciCi0g ICAgICAgICAgICBoYXNoPSJzaGEyNTY6Y2RlOWQ5ZjI1ZWQ2NDgwNjljNTQ3ZTMyMzg5N2FkOTM3 OTk3NGUxZjkzNmI0NDc3ZmE1MWJjZjFiYjI2MWFlNCIKLSAgICAgICAgICAgIG1kNXN1bT0iYzVm YTc2ZmJmOTE4NGQyMGRmYjA0YWY2NmI1OTgxOTAiLz4KKyAgICAgICAgICAgIGhhc2g9InNoYTI1 NjpiNzE2M2U5ZjE1OTc3NWQxM2VjZmI0MzNkNjdjM2YwODgzZTBlNTE4ZTg1YjJlOTcwZDRhZDk3 NzNkN2NkMGI0IgorICAgICAgICAgICAgbWQ1c3VtPSIwNmVmMDA5OWZlZDIyYWZjZjM0YWRlMzlk ZGZmOWE1YiIvPgogICA8L2F1dG90b29scz4KIAogICA8YXV0b3Rvb2xzIGlkPSJnbGliLW5ldHdv cmtpbmciPgpAQCAtMTQyLDEwICsxNDIsMTAgQEAKICAgICAgIDxkZXAgcGFja2FnZT0iZ2xpYiIv PgogICAgICAgPGRlcCBwYWNrYWdlPSJnbnV0bHMiLz4KICAgICA8L2RlcGVuZGVuY2llcz4KLSAg ICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2VzL2dsaWItbmV0d29ya2luZy8yLjMx L2dsaWItbmV0d29ya2luZy0yLjMxLjIudGFyLnh6IiB2ZXJzaW9uPSIyLjMxLjIiCisgICAgPGJy YW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGliLW5ldHdvcmtpbmcvMi4zMy9nbGli LW5ldHdvcmtpbmctMi4zMy4yLnRhci54eiIgdmVyc2lvbj0iMi4zMy4yIgogICAgICAgICAgICAg cmVwbz0iZnRwLmdub21lLm9yZyIKLSAgICAgICAgICAgIGhhc2g9InNoYTI1NjowM2UzYTI4ODFk MjYyNmQxMjA2ZTcyOTcyNTMxNjYxMDM3ZmUwZDMyZTc0NWJmOWIyZjYzYzBkNmY1ZTMyYTljIgot ICAgICAgICAgICAgbWQ1c3VtPSJiNjQ5YjQ1N2JkOWZkNWUwZTliOWM0ZGNiMWE3NGEzNyIvPgor ICAgICAgICAgICAgaGFzaD0ic2hhMjU2OmUyOThjZmYzOTM1ZWI3NTJiZTI5MGJiZjczNGU0NTdm MTg3MGJkYjUzNzBlZTI5MjYwNmU2MDQwYTgyMDc0ZTciCisgICAgICAgICAgICBtZDVzdW09IjVh YmIzNjRmMmEwYmFiZTJlYzFlM2E2ZDU5ZjY5MDQzIi8+CiAgIDwvYXV0b3Rvb2xzPgogCiAgIDxh dXRvdG9vbHMgaWQ9ImdudXRscyIKQEAgLTE2MSw5ICsxNjEsOSBAQAogICAgIDxkZXBlbmRlbmNp ZXM+CiAgICAgICA8ZGVwIHBhY2thZ2U9ImdsaWItbmV0d29ya2luZyIvPgogICAgIDwvZGVwZW5k ZW5jaWVzPgotICAgIDxicmFuY2ggbW9kdWxlPSJsaWJzb3VwIiB2ZXJzaW9uPSIyLjM4LjEiCisg ICAgPGJyYW5jaCBtb2R1bGU9ImxpYnNvdXAiIHZlcnNpb249IjIuMzkuMiIKICAgICAgICAgICAg IHJlcG89ImdpdC5nbm9tZS5vcmciCi0gICAgICAgICAgICB0YWc9IkxJQlNPVVBfMl8zOF8xIi8+ CisgICAgICAgICAgICB0YWc9IkxJQlNPVVBfMl8zOV8yIi8+CiAgIDwvYXV0b3Rvb2xzPgogCiAg IDxhdXRvdG9vbHMgaWQ9ImZvbnRjb25maWciIGF1dG9nZW4tc2g9ImNvbmZpZ3VyZSI+Cg== 147133 2012-06-12 12:13:32 -0700 2012-06-12 17:33:21 -0700 Patch 88760_httpOnly_cookies.patch text/plain 10216 cdumez ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBlMWYyZTNjLi44Nzc3OGFkIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMTkgQEAKIDIwMTItMDYt MTIgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGludGVsLmNvbT4KIAorICAg ICAgICBbc291cF0gUHJldmVudCBzZXR0aW5nIG9yIGVkaXRpbmcgaHR0cE9ubHkgY29va2llcyBm cm9tIEphdmFTY3JpcHQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTg4NzYwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgR3VzdGF2byBOb3JvbmhhIFNpbHZh LgorCisgICAgICAgIFVuc2tpcCBodHRwL3Rlc3RzL2Nvb2tpZXMvanMtZ2V0LWFuZC1zZXQtaHR0 cC1vbmx5LWNvb2tpZS5odG1sIGZvcgorICAgICAgICBib3RoIEdUSyBhbmQgRUZMIHBvcnRzIG5v dyB0aGF0IHRoYXQgd2UgZG9uJ3QgYWxsb3cgb3ZlcndyaXRpbmcKKyAgICAgICAgaHR0cE9ubHkg Y29va2llcyBmcm9tIEphdmFTY3JpcHQgYW55bW9yZS4KKworICAgICAgICAqIHBsYXRmb3JtL2Vm bC9UZXN0RXhwZWN0YXRpb25zOgorICAgICAgICAqIHBsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRp b25zOgorCisyMDEyLTA2LTEyICBDaHJpc3RvcGhlIER1bWV6ICA8Y2hyaXN0b3BoZS5kdW1lekBp bnRlbC5jb20+CisKICAgICAgICAgW0VGTF0gZW5hYmxlIExFR0FDWV9XRUJLSVRfQkxPQl9CVUlM REVSIGZsYWcKICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTg4NzE1CiAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2VmbC9UZXN0RXhwZWN0 YXRpb25zIGIvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZWZsL1Rlc3RFeHBlY3RhdGlvbnMKaW5kZXgg Nzk4YTA3Yy4uZmVmMzA1ZiAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZWZsL1Rl c3RFeHBlY3RhdGlvbnMKKysrIGIvTGF5b3V0VGVzdHMvcGxhdGZvcm0vZWZsL1Rlc3RFeHBlY3Rh dGlvbnMKQEAgLTY5Myw5ICs2OTMsNiBAQCBCVUdXSzg2NjM3IDogZWRpdGluZy9zcGVsbGluZy9z cGVsbGNoZWNrLXF1ZXVlLmh0bWwgPSBURVhUCiBCVUdXSzg2NjM3IDogZWRpdGluZy9zcGVsbGlu Zy9zcGVsbGNoZWNrLXNlcXVlbmNlbnVtLmh0bWwgPSBURVhUCiBCVUdXSzg2NjM3IDogZWRpdGlu Zy9zcGVsbGluZy9zcGVsbGluZy1tYXJrZXItZGVzY3JpcHRpb24uaHRtbCA9IFRFWFQKIAotLy8g TmV3IHRlc3QgYWRkZWQgaW4gcjExOTk0NyB3aGljaCBmYWlscyBvbiBhbG1vc3QgYWxsIHBvcnRz Ci1CVUdXSzg3MjA4IDogaHR0cC90ZXN0cy9jb29raWVzL2pzLWdldC1hbmQtc2V0LWh0dHAtb25s eS1jb29raWUuaHRtbCA9IFRFWFQKLQogLy8gSXQgaXMgdW5jbGVhciB3aGV0aGVyIGEgbmV3IGJh c2VsaW5lIGlzIG5lZWRlZCBvciBpdCBpcyBhIEpTQyBmYWlsdXJlCiBCVUdXSzc3NDEzIDogZmFz dC9wYXJzZXIvbmVzdGVkLWZyYWdtZW50LXBhcnNlci1jcmFzaC5odG1sID0gVEVYVAogCmRpZmYg LS1naXQgYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9ndGsvVGVzdEV4cGVjdGF0aW9ucyBiL0xheW91 dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25zCmluZGV4IDE5MDZhNDUuLjRlOWU4 YzIgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25z CisrKyBiL0xheW91dFRlc3RzL3BsYXRmb3JtL2d0ay9UZXN0RXhwZWN0YXRpb25zCkBAIC0xMjQ4 LDkgKzEyNDgsNiBAQCBCVUdXSzg1Njg5IFNLSVAgOiBmYXN0L2FuaW1hdGlvbi9yZXF1ZXN0LWFu aW1hdGlvbi1mcmFtZS1kaXNhYmxlZC5odG1sID0gVEVYVAogLy8gTmV3IHRlc3QgaW50cm9kdWNl ZCBpbiByMTE5OTExIGZhaWxpbmcgb24gR1RLIGFuZCBFRkwgcG9ydHMKIEJVR1dLODg3MjcgOiBo dHRwL3Rlc3RzL3htbGh0dHByZXF1ZXN0L29yaWdpbi1leGFjdC1tYXRjaGluZy5odG1sID0gVEVY VAogCi0vLyBOZXcgdGVzdCBpbnRyb2R1Y2VkIGluIHIxMTk5NDcgZmFpbGluZyBvbiBHVEsgcG9y dAotQlVHV0s4ODc2MCA6IGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRwLW9u bHktY29va2llLmh0bWwgPSBURVhUCi0KIC8vIFN0YXJ0ZWQgZmFpbGluZyBhZnRlciBpdCB3YXMg YWRkZWQgaW4gcjExNjQ3MwogQlVHV0s4NTk2OSA6IGh0dHAvdGVzdHMvbG9hZGluZy9wb3N0LWlu LWlmcmFtZS13aXRoLWJhY2stbmF2aWdhdGlvbi5odG1sID0gRkFJTAogCmRpZmYgLS1naXQgYS9T b3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg MjBlMDQ0YS4uMDA0MWYwMyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisr KyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIxIEBACisyMDEyLTA2LTEy ICBDaHJpc3RvcGhlIER1bWV6ICA8Y2hyaXN0b3BoZS5kdW1lekBpbnRlbC5jb20+CisKKyAgICAg ICAgW3NvdXBdIFByZXZlbnQgc2V0dGluZyBvciBlZGl0aW5nIGh0dHBPbmx5IGNvb2tpZXMgZnJv bSBKYXZhU2NyaXB0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD04ODc2MAorCisgICAgICAgIFJldmlld2VkIGJ5IEd1c3Rhdm8gTm9yb25oYSBTaWx2YS4K KworICAgICAgICBQcmV2ZW50IHNldHRpbmcgb3Igb3ZlcndyaXRpbmcgaHR0cE9ubHkgY29va2ll cyBmcm9tIEphdmFTY3JpcHQuCisgICAgICAgIEZpeCBzZXRDb29raWVzKCkgc28gdGhhdCBpdCBw YXJzZXMgYWxsIHRoZSBjb29raWVzIGFuZCBub3QganVzdAorICAgICAgICB0aGUgZmlyc3Qgb25l LgorCisgICAgICAgIFRlc3Q6IGh0dHAvdGVzdHMvY29va2llcy9qcy1nZXQtYW5kLXNldC1odHRw LW9ubHktY29va2llLmh0bWwKKworICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvc291cC9Db29r aWVKYXJTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6Omh0dHBPbmx5Q29va2llRXhpc3RzKToK KyAgICAgICAgKFdlYkNvcmUpOgorICAgICAgICAoV2ViQ29yZTo6c2V0Q29va2llcyk6CisKIDIw MTItMDYtMTIgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBjaHJvbWl1bS5vcmc+CiAKICAgICAg ICAgV2ViIEluc3BlY3RvcjogYWxsb3cgY2xlYXJpbmcgcmV2aXNpb24gaGlzdG9yeS4KZGlmZiAt LWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3Vw LmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Db29raWVKYXJTb3Vw LmNwcAppbmRleCBhMTM4N2U3Li5jNmU5YmNlIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9w bGF0Zm9ybS9uZXR3b3JrL3NvdXAvQ29va2llSmFyU291cC5jcHAKKysrIGIvU291cmNlL1dlYkNv cmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL0Nvb2tpZUphclNvdXAuY3BwCkBAIC03Miw2ICs3Miwy MCBAQCB2b2lkIHNldFNvdXBDb29raWVKYXIoU291cENvb2tpZUphciogamFyKQogICAgIGRlZmF1 bHRDb29raWVKYXIoKSA9IGphcjsKIH0KIAorc3RhdGljIGlubGluZSBib29sIGh0dHBPbmx5Q29v a2llRXhpc3RzKGNvbnN0IEdTTGlzdCogY29va2llcywgY29uc3QgZ2NoYXIqIG5hbWUsIGNvbnN0 IGdjaGFyKiBwYXRoKQoreworICAgIGZvciAoY29uc3QgR1NMaXN0KiBpdGVyID0gY29va2llczsg aXRlcjsgaXRlciA9IGdfc2xpc3RfbmV4dChpdGVyKSkgeworICAgICAgICBTb3VwQ29va2llKiBj b29raWUgPSBzdGF0aWNfY2FzdDxTb3VwQ29va2llKj4oaXRlci0+ZGF0YSk7CisgICAgICAgIGlm ICghc3RyY21wKHNvdXBfY29va2llX2dldF9uYW1lKGNvb2tpZSksIG5hbWUpCisgICAgICAgICAg ICAmJiAhZ19zdHJjbXAwKHNvdXBfY29va2llX2dldF9wYXRoKGNvb2tpZSksIHBhdGgpKSB7Cisg ICAgICAgICAgICBpZiAoc291cF9jb29raWVfZ2V0X2h0dHBfb25seShjb29raWUpKQorICAgICAg ICAgICAgICAgIHJldHVybiB0cnVlOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0KKyAg ICB9CisgICAgcmV0dXJuIGZhbHNlOworfQorCiB2b2lkIHNldENvb2tpZXMoRG9jdW1lbnQqIGRv Y3VtZW50LCBjb25zdCBLVVJMJiB1cmwsIGNvbnN0IFN0cmluZyYgdmFsdWUpCiB7CiAgICAgU291 cENvb2tpZUphciogamFyID0gY29va2llSmFyRm9yRG9jdW1lbnQoZG9jdW1lbnQpOwpAQCAtODAs NyArOTQsMzAgQEAgdm9pZCBzZXRDb29raWVzKERvY3VtZW50KiBkb2N1bWVudCwgY29uc3QgS1VS TCYgdXJsLCBjb25zdCBTdHJpbmcmIHZhbHVlKQogCiAgICAgR093blB0cjxTb3VwVVJJPiBvcmln aW4oc291cF91cmlfbmV3KHVybC5zdHJpbmcoKS51dGY4KCkuZGF0YSgpKSk7CiAgICAgR093blB0 cjxTb3VwVVJJPiBmaXJzdFBhcnR5KHNvdXBfdXJpX25ldyhkb2N1bWVudC0+Zmlyc3RQYXJ0eUZv ckNvb2tpZXMoKS5zdHJpbmcoKS51dGY4KCkuZGF0YSgpKSk7Ci0gICAgc291cF9jb29raWVfamFy X3NldF9jb29raWVfd2l0aF9maXJzdF9wYXJ0eShqYXIsIG9yaWdpbi5nZXQoKSwgZmlyc3RQYXJ0 eS5nZXQoKSwgdmFsdWUudXRmOCgpLmRhdGEoKSk7CisKKyAgICAvLyBHZXQgZXhpc3RpbmcgY29v a2llcyBmb3IgdGhpcyBvcmlnaW4uCisgICAgR1NMaXN0KiBleGlzdGluZ0Nvb2tpZXMgPSBzb3Vw X2Nvb2tpZV9qYXJfZ2V0X2Nvb2tpZV9saXN0KGphciwgb3JpZ2luLmdldCgpLCBUUlVFKTsKKwor ICAgIFZlY3RvcjxTdHJpbmc+IGNvb2tpZXM7CisgICAgdmFsdWUuc3BsaXQoJ1xuJywgY29va2ll cyk7CisgICAgY29uc3Qgc2l6ZV90IGNvb2tpZXNDb3VudCA9IGNvb2tpZXMuc2l6ZSgpOworICAg IGZvciAoc2l6ZV90IGkgPSAwOyBpIDwgY29va2llc0NvdW50OyArK2kpIHsKKyAgICAgICAgR093 blB0cjxTb3VwQ29va2llPiBjb29raWUoc291cF9jb29raWVfcGFyc2UoY29va2llc1tpXS51dGY4 KCkuZGF0YSgpLCBvcmlnaW4uZ2V0KCkpKTsKKyAgICAgICAgaWYgKCFjb29raWUpCisgICAgICAg ICAgICBjb250aW51ZTsKKworICAgICAgICAvLyBNYWtlIHN1cmUgdGhlIGNvb2tpZSBpcyBub3Qg aHR0cE9ubHkgc2luY2Ugc3VjaCBjb29raWVzIHNob3VsZCBub3QgYmUgc2V0IGZyb20gSmF2YVNj cmlwdC4KKyAgICAgICAgaWYgKHNvdXBfY29va2llX2dldF9odHRwX29ubHkoY29va2llLmdldCgp KSkKKyAgICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIC8vIE1ha2Ugc3VyZSB3ZSBkbyBu b3Qgb3ZlcndyaXRlIGh0dHBPbmx5IGNvb2tpZXMgZnJvbSBKYXZhU2NyaXB0LgorICAgICAgICBp ZiAoaHR0cE9ubHlDb29raWVFeGlzdHMoZXhpc3RpbmdDb29raWVzLCBzb3VwX2Nvb2tpZV9nZXRf bmFtZShjb29raWUuZ2V0KCkpLCBzb3VwX2Nvb2tpZV9nZXRfcGF0aChjb29raWUuZ2V0KCkpKSkK KyAgICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgIHNvdXBfY29va2llX2phcl9hZGRfY29v a2llX3dpdGhfZmlyc3RfcGFydHkoamFyLCBmaXJzdFBhcnR5LmdldCgpLCBjb29raWUucmVsZWFz ZSgpKTsKKyAgICB9CisKKyAgICBzb3VwX2Nvb2tpZXNfZnJlZShleGlzdGluZ0Nvb2tpZXMpOwog fQogCiBzdGF0aWMgU3RyaW5nIGNvb2tpZXNGb3JEb2N1bWVudChjb25zdCBEb2N1bWVudCogZG9j dW1lbnQsIGNvbnN0IEtVUkwmIHVybCwgYm9vbCBmb3JIVFRQSGVhZGVyKQpkaWZmIC0tZ2l0IGEv VG9vbHMvQ2hhbmdlTG9nIGIvVG9vbHMvQ2hhbmdlTG9nCmluZGV4IGJiZGI1ODUuLmJkNjNhYTcg MTAwNjQ0Ci0tLSBhL1Rvb2xzL0NoYW5nZUxvZworKysgYi9Ub29scy9DaGFuZ2VMb2cKQEAgLTEs NSArMSwxOCBAQAogMjAxMi0wNi0xMiAgQ2hyaXN0b3BoZSBEdW1leiAgPGNocmlzdG9waGUuZHVt ZXpAaW50ZWwuY29tPgogCisgICAgICAgIFtzb3VwXSBQcmV2ZW50IHNldHRpbmcgb3IgZWRpdGlu ZyBodHRwT25seSBjb29raWVzIGZyb20gSmF2YVNjcmlwdAorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODg3NjAKKworICAgICAgICBSZXZpZXdlZCBieSBH dXN0YXZvIE5vcm9uaGEgU2lsdmEuCisKKyAgICAgICAgVXBkYXRlIGxpYnNvdXAgdG8gdjIuMzku MiwgZ2xpYiB0byB2Mi4zMy4yIGFuZCBnbGliLW5ldHdvcmtpbmcKKyAgICAgICAgdG8gdjIuMzMu MiBmb3IgYm90aCBHVEsgYW5kIEVGTCBwb3J0cy4KKworICAgICAgICAqIGVmbC9qaGJ1aWxkLm1v ZHVsZXM6CisgICAgICAgICogZ3RrL2poYnVpbGQubW9kdWxlczoKKworMjAxMi0wNi0xMiAgQ2hy aXN0b3BoZSBEdW1leiAgPGNocmlzdG9waGUuZHVtZXpAaW50ZWwuY29tPgorCiAgICAgICAgIFtF RkxdIGVuYWJsZSBMRUdBQ1lfV0VCS0lUX0JMT0JfQlVJTERFUiBmbGFnCiAgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD04ODcxNQogCmRpZmYgLS1naXQgYS9U b29scy9lZmwvamhidWlsZC5tb2R1bGVzIGIvVG9vbHMvZWZsL2poYnVpbGQubW9kdWxlcwppbmRl eCAxMWVjYjA5Li4xNGZhZjc4IDEwMDY0NAotLS0gYS9Ub29scy9lZmwvamhidWlsZC5tb2R1bGVz CisrKyBiL1Rvb2xzL2VmbC9qaGJ1aWxkLm1vZHVsZXMKQEAgLTExMCwyMCArMTEwLDIwIEBACiAg ICAgPGRlcGVuZGVuY2llcz4KICAgICAgIDxkZXAgcGFja2FnZT0ibGliZmZpIi8+CiAgICAgPC9k ZXBlbmRlbmNpZXM+Ci0gICAgPGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGli LzIuMzIvZ2xpYi0yLjMyLjIudGFyLnh6IiB2ZXJzaW9uPSIyLjMyLjIiCisgICAgPGJyYW5jaCBt b2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGliLzIuMzMvZ2xpYi0yLjMzLjIudGFyLnh6IiB2 ZXJzaW9uPSIyLjMzLjIiCiAgICAgICAgICAgICByZXBvPSJmdHAuZ25vbWUub3JnIgotICAgICAg ICAgICAgaGFzaD0ic2hhMjU2OmIxNzY0YWJmMDBiYWM5NmUwZTkzZTI5ZmI5NzE1Y2U3NWYzNTgz NTc5YWNhYzQwNjQ4ZTE4NzcxZDQzZDYxMzYiCi0gICAgICAgICAgICBtZDVzdW09IjViZmRiNjE5 N2FmYjkwZTRkYmM3YjFiYjk4ZjBlYWUwIi8+CisgICAgICAgICAgICBoYXNoPSJzaGEyNTY6Yjcx NjNlOWYxNTk3NzVkMTNlY2ZiNDMzZDY3YzNmMDg4M2UwZTUxOGU4NWIyZTk3MGQ0YWQ5NzczZDdj ZDBiNCIKKyAgICAgICAgICAgIG1kNXN1bT0iMDZlZjAwOTlmZWQyMmFmY2YzNGFkZTM5ZGRmZjlh NWIiLz4KICAgPC9hdXRvdG9vbHM+CiAKICAgPGF1dG90b29scyBpZD0iZ2xpYi1uZXR3b3JraW5n Ij4KICAgICA8ZGVwZW5kZW5jaWVzPgogICAgICAgPGRlcCBwYWNrYWdlPSJnbnV0bHMiLz4KICAg ICA8L2RlcGVuZGVuY2llcz4KLSAgICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2Vz L2dsaWItbmV0d29ya2luZy8yLjMxL2dsaWItbmV0d29ya2luZy0yLjMxLjIudGFyLnh6IiB2ZXJz aW9uPSIyLjMxLjIiCisgICAgPGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGli LW5ldHdvcmtpbmcvMi4zMy9nbGliLW5ldHdvcmtpbmctMi4zMy4yLnRhci54eiIgdmVyc2lvbj0i Mi4zMy4yIgogICAgICAgICAgICAgcmVwbz0iZnRwLmdub21lLm9yZyIKLSAgICAgICAgICAgIGhh c2g9InNoYTI1NjowM2UzYTI4ODFkMjYyNmQxMjA2ZTcyOTcyNTMxNjYxMDM3ZmUwZDMyZTc0NWJm OWIyZjYzYzBkNmY1ZTMyYTljIgotICAgICAgICAgICAgbWQ1c3VtPSJiNjQ5YjQ1N2JkOWZkNWUw ZTliOWM0ZGNiMWE3NGEzNyIvPgorICAgICAgICAgICAgaGFzaD0iZTI5OGNmZjM5MzVlYjc1MmJl MjkwYmJmNzM0ZTQ1N2YxODcwYmRiNTM3MGVlMjkyNjA2ZTYwNDBhODIwNzRlNyIKKyAgICAgICAg ICAgIG1kNXN1bT0iNWFiYjM2NGYyYTBiYWJlMmVjMWUzYTZkNTlmNjkwNDMiLz4KICAgPC9hdXRv dG9vbHM+CiAKICAgPGF1dG90b29scyBpZD0iZ251dGxzIgpAQCAtMTQzLDkgKzE0Myw5IEBACiAg ICAgPGRlcGVuZGVuY2llcz4KICAgICAgIDxkZXAgcGFja2FnZT0iZ2xpYi1uZXR3b3JraW5nIi8+ CiAgICAgPC9kZXBlbmRlbmNpZXM+Ci0gICAgPGJyYW5jaCBtb2R1bGU9ImxpYnNvdXAiIHZlcnNp b249IjIuMzguMSIKKyAgICA8YnJhbmNoIG1vZHVsZT0ibGlic291cCIgdmVyc2lvbj0iMi4zOS4y IgogICAgICAgICAgICAgcmVwbz0iZ2l0Lmdub21lLm9yZyIKLSAgICAgICAgICAgIHRhZz0iTElC U09VUF8yXzM4XzEiLz4KKyAgICAgICAgICAgIHRhZz0iTElCU09VUF8yXzM5XzIiLz4KICAgPC9h dXRvdG9vbHM+CiAKICAgPGF1dG90b29scyBpZD0iZm9udGNvbmZpZyIgYXV0b2dlbi1zaD0iY29u ZmlndXJlIj4KZGlmZiAtLWdpdCBhL1Rvb2xzL2d0ay9qaGJ1aWxkLm1vZHVsZXMgYi9Ub29scy9n dGsvamhidWlsZC5tb2R1bGVzCmluZGV4IGM5M2UzOWYuLjMzMDZkNzQgMTAwNjQ0Ci0tLSBhL1Rv b2xzL2d0ay9qaGJ1aWxkLm1vZHVsZXMKKysrIGIvVG9vbHMvZ3RrL2poYnVpbGQubW9kdWxlcwpA QCAtMTMxLDEwICsxMzEsMTAgQEAKICAgICA8ZGVwZW5kZW5jaWVzPgogICAgICAgPGRlcCBwYWNr YWdlPSJsaWJmZmkiLz4KICAgICA8L2RlcGVuZGVuY2llcz4KLSAgICA8YnJhbmNoIG1vZHVsZT0i L3B1Yi9HTk9NRS9zb3VyY2VzL2dsaWIvMi4zMi9nbGliLTIuMzIuMC50YXIueHoiIHZlcnNpb249 IjIuMzIuMCIKKyAgICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2VzL2dsaWIvMi4z My9nbGliLTIuMzMuMi50YXIueHoiIHZlcnNpb249IjIuMzMuMiIKICAgICAgICAgICAgIHJlcG89 ImZ0cC5nbm9tZS5vcmciCi0gICAgICAgICAgICBoYXNoPSJzaGEyNTY6Y2RlOWQ5ZjI1ZWQ2NDgw NjljNTQ3ZTMyMzg5N2FkOTM3OTk3NGUxZjkzNmI0NDc3ZmE1MWJjZjFiYjI2MWFlNCIKLSAgICAg ICAgICAgIG1kNXN1bT0iYzVmYTc2ZmJmOTE4NGQyMGRmYjA0YWY2NmI1OTgxOTAiLz4KKyAgICAg ICAgICAgIGhhc2g9InNoYTI1NjpiNzE2M2U5ZjE1OTc3NWQxM2VjZmI0MzNkNjdjM2YwODgzZTBl NTE4ZTg1YjJlOTcwZDRhZDk3NzNkN2NkMGI0IgorICAgICAgICAgICAgbWQ1c3VtPSIwNmVmMDA5 OWZlZDIyYWZjZjM0YWRlMzlkZGZmOWE1YiIvPgogICA8L2F1dG90b29scz4KIAogICA8YXV0b3Rv b2xzIGlkPSJnbGliLW5ldHdvcmtpbmciPgpAQCAtMTQyLDEwICsxNDIsMTAgQEAKICAgICAgIDxk ZXAgcGFja2FnZT0iZ2xpYiIvPgogICAgICAgPGRlcCBwYWNrYWdlPSJnbnV0bHMiLz4KICAgICA8 L2RlcGVuZGVuY2llcz4KLSAgICA8YnJhbmNoIG1vZHVsZT0iL3B1Yi9HTk9NRS9zb3VyY2VzL2ds aWItbmV0d29ya2luZy8yLjMxL2dsaWItbmV0d29ya2luZy0yLjMxLjIudGFyLnh6IiB2ZXJzaW9u PSIyLjMxLjIiCisgICAgPGJyYW5jaCBtb2R1bGU9Ii9wdWIvR05PTUUvc291cmNlcy9nbGliLW5l dHdvcmtpbmcvMi4zMy9nbGliLW5ldHdvcmtpbmctMi4zMy4yLnRhci54eiIgdmVyc2lvbj0iMi4z My4yIgogICAgICAgICAgICAgcmVwbz0iZnRwLmdub21lLm9yZyIKLSAgICAgICAgICAgIGhhc2g9 InNoYTI1NjowM2UzYTI4ODFkMjYyNmQxMjA2ZTcyOTcyNTMxNjYxMDM3ZmUwZDMyZTc0NWJmOWIy ZjYzYzBkNmY1ZTMyYTljIgotICAgICAgICAgICAgbWQ1c3VtPSJiNjQ5YjQ1N2JkOWZkNWUwZTli OWM0ZGNiMWE3NGEzNyIvPgorICAgICAgICAgICAgaGFzaD0ic2hhMjU2OmUyOThjZmYzOTM1ZWI3 NTJiZTI5MGJiZjczNGU0NTdmMTg3MGJkYjUzNzBlZTI5MjYwNmU2MDQwYTgyMDc0ZTciCisgICAg ICAgICAgICBtZDVzdW09IjVhYmIzNjRmMmEwYmFiZTJlYzFlM2E2ZDU5ZjY5MDQzIi8+CiAgIDwv YXV0b3Rvb2xzPgogCiAgIDxhdXRvdG9vbHMgaWQ9ImdudXRscyIKQEAgLTE2MSw5ICsxNjEsOSBA QAogICAgIDxkZXBlbmRlbmNpZXM+CiAgICAgICA8ZGVwIHBhY2thZ2U9ImdsaWItbmV0d29ya2lu ZyIvPgogICAgIDwvZGVwZW5kZW5jaWVzPgotICAgIDxicmFuY2ggbW9kdWxlPSJsaWJzb3VwIiB2 ZXJzaW9uPSIyLjM4LjEiCisgICAgPGJyYW5jaCBtb2R1bGU9ImxpYnNvdXAiIHZlcnNpb249IjIu MzkuMiIKICAgICAgICAgICAgIHJlcG89ImdpdC5nbm9tZS5vcmciCi0gICAgICAgICAgICB0YWc9 IkxJQlNPVVBfMl8zOF8xIi8+CisgICAgICAgICAgICB0YWc9IkxJQlNPVVBfMl8zOV8yIi8+CiAg IDwvYXV0b3Rvb2xzPgogCiAgIDxhdXRvdG9vbHMgaWQ9ImZvbnRjb25maWciIGF1dG9nZW4tc2g9 ImNvbmZpZ3VyZSI+Cg==