Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1kUVVO-0003fU-D1
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 19 Oct 2020 13:47:18 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1kUVVM-0005xD-8I
	for pgadmin-hackers@arkaria.postgresql.org; Mon, 19 Oct 2020 13:47:16 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <ganesh.jaybhay@enterprisedb.com>)
	id 1kUVVL-0005wu-Ss
	for pgadmin-hackers@lists.postgresql.org; Mon, 19 Oct 2020 13:47:16 +0000
Received: from mail-pg1-x52d.google.com ([2607:f8b0:4864:20::52d])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <ganesh.jaybhay@enterprisedb.com>)
	id 1kUVVH-0004UO-Td
	for pgadmin-hackers@postgresql.org; Mon, 19 Oct 2020 13:47:15 +0000
Received: by mail-pg1-x52d.google.com with SMTP id l18so7378pgg.0
        for <pgadmin-hackers@postgresql.org>;
 Mon, 19 Oct 2020 06:47:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=FhEYitZBVf8VkbFOiGOffJJcT9RymNs27IINbj6EfZQ=;
        b=wt3sMqaWUJhjsKJOK9QQrW8lsVn03eC3MhhwkjB/7zzyr/tI/Zy1XJFZia9zx2Cst8
         AShk7AfkJL7ktN4ApWtxd8w5N/j2AosWcK31ozCLaJ382D+E/N22CuCxlINpx5eKOFHn
         nLNEWtIot0qoGPe2yMDeFLKA6LZ8OA/mUpiJkih8aw4zDo8gDq1YtVVXC/3Bc3D73qQU
         EHybaKG+HVx0G5ogLXRBYpHZfPOUMvo4PSa5wUxiKm21c9Ihm0EWI8+NaJF2nk2Or4+t
         zxo/9oBsrlpO/w7YMYj2NSJSTxT95QW0+fFnHqahdmU7aX/Mb6WPafwxD5ILUe2YpIbi
         yrsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=FhEYitZBVf8VkbFOiGOffJJcT9RymNs27IINbj6EfZQ=;
        b=Gofw40xFjedh/pkdKwioeHvDDAFtp+/RbGTg2u/a1jJrSQvE5/xQSEWtfjL/EA7srs
         EaoWHDqAMAY4Krf4XACaZ2tdzg5J3+SinxcWj4I3qjrqyHV1HCILqzgrsetrhYjpnbam
         3lH1SdDdc/a5R4DMTFMJkjiOhzjqOYmC+E3YAyWB0wDRBGQXs9yTt//gWVlyZ6HT1koX
         QmLBpDXIluj0Kji4CIevOzH7rfAN3AB+9K+8Oawwzons5b410aQ640z/RY8MfM6uPg7H
         OHyxWGnBiWRMp0j//B9e9EY4poWZDgnVsS7UpWCttNR3aadtM5OMZvfDU3KgEqxHzN42
         Z3kw==
X-Gm-Message-State: AOAM533SmPaX4RDL6BC8lrkuhzKJQIHIoON4fH8n3SWauJDLCoy19+bY
	YG+RG2s9ooW4cS8E7Kh84Gaqr1NdfpYQPHYMHC+38XOgRjHQ+hOgeohXCHGrXO6cT3bB1chKoxR
	za3XeKHfz2MAXZnZ02fItpyNQckJ2b7J00orZR+pY8by5qDbdYkPadSZtvT5ypFlQxyp9cgypps
	wSeJItrSVyd5wDNDcNgtzT2yslYY2wR1cH/35QGM5FG110WoaS68MFmXrS1A==
X-Google-Smtp-Source: 
 ABdhPJy4zmX6iIf5Kcqa+HHJXF5W12CW9+1mvJzZOcFHSfiNKKNVDFD0BJzCPJCmphjaFi5TWanJGYqvgEnZ+1S+Rw4=
X-Received: by 2002:a63:e44b:: with SMTP id
 i11mr14672823pgk.431.1603115229280;
 Mon, 19 Oct 2020 06:47:09 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAK6syApbZRiHvJ9Z=mzAg6XPY79wWCPQsyBXo+3kut5UPUEsDA@mail.gmail.com>
 <CA+OCxowZ1XrTtZ2Caz0nRuNX5T8zQ3YbyJV5RDs80_v=f5m-Xg@mail.gmail.com>
In-Reply-To: 
 <CA+OCxowZ1XrTtZ2Caz0nRuNX5T8zQ3YbyJV5RDs80_v=f5m-Xg@mail.gmail.com>
From: Ganesh Jaybhay <ganesh.jaybhay@enterprisedb.com>
Date: Mon, 19 Oct 2020 19:16:58 +0530
Message-ID: 
 <CAK6syAqACY7Ab-HBDB5+0D0xkqMaH0=FM5j5G0yfjZqit4Lp3Q@mail.gmail.com>
Subject: Re: [pgAdmin][5919] Fix security related issues
To: Dave Page <dpage@pgadmin.org>
Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/mixed; boundary="000000000000c6e7b105b2065950"
X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor
X-CLOUD-SEC-AV-Sent: true
X-Gm-Spam: 0
X-Gm-Phishy: 0
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Precedence: bulk

--000000000000c6e7b105b2065950
Content-Type: multipart/alternative; boundary="000000000000c6e7ae05b206594e"

--000000000000c6e7ae05b206594e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thank you Dave for the suggestion.

Please find the attached updated patch to make HSTS by default disabled and
conditional based on flag.

Regards,
Ganesh Jaybhay

On Mon, Oct 19, 2020 at 5:38 PM Dave Page <dpage@pgadmin.org> wrote:

> Hi
>
> On Mon, Oct 19, 2020 at 1:01 PM Ganesh Jaybhay <
> ganesh.jaybhay@enterprisedb.com> wrote:
>
>> Hi Hackers,
>>
>> Please find the attached patch to fix the below security issues:
>>
>>    - Host Header Injection - Added ALLOWED_HOSTS list to limit host
>>    address
>>    - Lack of Content Security Policy (CSP) - Added security header
>>    - Lack of Protection Mechanisms - HSTS - Added security header
>>    - Lack of Cookie Attribute =E2=80=93 Secure : Kept as False as secure=
 limits
>>    cookies to HTTPS traffic only.
>>    - Information Disclosure =E2=80=93 Web Server / Development Framework
>>    VersionDescription: Kept as hard coded 'Python' instead of exposing
>>    wsgi/python/gunicorn version info.
>>
>> Please review and let me know if I have missed anything.
>>
>
> I took a very quick look at this, and one thing that immediately stood ou=
t
> is that HSTS should definitely not be enabled by default. That can make
> dev/test/redeploy extremely difficult.
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>

--000000000000c6e7ae05b206594e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thank you Dave for the suggestion.<div><br></div><div>Plea=
se find the attached updated patch to make HSTS by default disabled and con=
ditional based on flag.</div><div><br></div><div>Regards,</div><div>Ganesh=
=C2=A0Jaybhay</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cl=
ass=3D"gmail_attr">On Mon, Oct 19, 2020 at 5:38 PM Dave Page &lt;<a href=3D=
"mailto:dpage@pgadmin.org" target=3D"_blank">dpage@pgadmin.org</a>&gt; wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"l=
tr"><div>Hi</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g=
mail_attr">On Mon, Oct 19, 2020 at 1:01 PM Ganesh Jaybhay &lt;<a href=3D"ma=
ilto:ganesh.jaybhay@enterprisedb.com" target=3D"_blank">ganesh.jaybhay@ente=
rprisedb.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddin=
g-left:1ex"><div dir=3D"ltr">Hi Hackers,<div><br></div><div>Please find the=
 attached patch to fix the below security issues:</div><div><ul><li>Host He=
ader Injection -=C2=A0Added ALLOWED_HOSTS list to limit host address=C2=A0<=
/li><li>Lack of Content Security Policy (CSP) - Added security header</li><=
li>Lack of Protection Mechanisms - HSTS -=C2=A0Added security header</li><l=
i>Lack of Cookie Attribute =E2=80=93 Secure : Kept as False as secure limit=
s cookies to HTTPS traffic only.</li><li>Information Disclosure =E2=80=93 W=
eb Server / Development Framework VersionDescription: Kept=C2=A0as hard cod=
ed &#39;Python&#39; instead of exposing wsgi/python/gunicorn version info.<=
/li></ul><div>Please review and let me know if I have missed anything.</div=
></div></div></blockquote><div><br></div><div>I took a very quick look at t=
his, and one thing that immediately stood out is that HSTS should definitel=
y not be enabled by default. That can make dev/test/redeploy extremely diff=
icult.</div><div>=C2=A0</div></div>-- <br><div dir=3D"ltr"><div dir=3D"ltr"=
>Dave Page<br>Blog: <a href=3D"http://pgsnake.blogspot.com" target=3D"_blan=
k">http://pgsnake.blogspot.com</a><br>Twitter: @pgsnake<br><br>EDB: <a href=
=3D"http://www.enterprisedb.com" target=3D"_blank">http://www.enterprisedb.=
com</a><br><br></div></div></div>
</blockquote></div>

--000000000000c6e7ae05b206594e--

--000000000000c6e7b105b2065950
Content-Type: application/x-patch; name="RM5919_v1.patch"
Content-Disposition: attachment; filename="RM5919_v1.patch"
Content-Transfer-Encoding: base64
Content-ID: <f_kggl2pcv0>
X-Attachment-Id: f_kggl2pcv0

ZGlmZiAtLWdpdCBhL0RvY2tlcmZpbGUgYi9Eb2NrZXJmaWxlCmluZGV4IDM4YzEzMTAuLjNmNWQ1
MDQgMTAwNjQ0Ci0tLSBhL0RvY2tlcmZpbGUKKysrIGIvRG9ja2VyZmlsZQpAQCAtODEsNyArODEs
OCBAQCBSVU4gYXBrIGFkZCAtLW5vLWNhY2hlIFwKICAgICAgICAgZmxhc2tfZ3JhdmF0YXIgXAog
ICAgICAgICBmbGFza19taWdyYXRlIFwKICAgICAgICAgc2ltcGxlanNvbiBcCi0gICAgICAgIGNy
eXB0b2dyYXBoeQorICAgICAgICBjcnlwdG9ncmFwaHkgXAorICAgICAgICBuZXRhZGRyCiAKICMg
Q29weSB0aGUgZG9jcyBmcm9tIHRoZSBsb2NhbCB0cmVlLiBFeHBsaWNpdGx5IHJlbW92ZSBhbnkg
ZXhpc3RpbmcgYnVpbGRzIHRoYXQKICMgbWF5IGJlIHByZXNlbnQKQEAgLTE3Nyw2ICsxNzgsNyBA
QCBSVU4gbG4gLXNmIC91c3IvbGliL2xpYnBxLnNvLjUuMTIgL3Vzci9saWIvbGlicHEuc28uNQog
CiAjIENvcHkgdGhlIHJ1bm5lciBzY3JpcHQKIENPUFkgcGtnL2RvY2tlci9ydW5fcGdhZG1pbi5w
eSAvcGdhZG1pbjQKK0NPUFkgcGtnL2RvY2tlci9ndW5pY29ybl9jb25maWcucHkgL3BnYWRtaW40
CiBDT1BZIHBrZy9kb2NrZXIvZW50cnlwb2ludC5zaCAvZW50cnlwb2ludC5zaAogCiAjIFByZWNv
bXBpbGUgYW5kIG9wdGltaXplIHB5dGhvbiBjb2RlIHRvIHNhdmUgdGltZSBhbmQgc3BhY2Ugb24g
c3RhcnR1cApkaWZmIC0tZ2l0IGEvcGtnL2RvY2tlci9lbnRyeXBvaW50LnNoIGIvcGtnL2RvY2tl
ci9lbnRyeXBvaW50LnNoCmluZGV4IDVhNDgyYzcuLjkzZDgwOWYgMTAwNzU1Ci0tLSBhL3BrZy9k
b2NrZXIvZW50cnlwb2ludC5zaAorKysgYi9wa2cvZG9ja2VyL2VudHJ5cG9pbnQuc2gKQEAgLTU4
LDcgKzU4LDcgQEAgVElNRU9VVD0kKGNkIC9wZ2FkbWluNCAmJiBweXRob24gLWMgJ2ltcG9ydCBj
b25maWc7IHByaW50KGNvbmZpZy5TRVNTSU9OX0VYUElSQVQKICMgVXNpbmcgLS10aHJlYWRzIHRv
IGhhdmUgbXVsdGktdGhyZWFkZWQgc2luZ2xlLXByb2Nlc3Mgd29ya2VyCiAKIGlmIFsgISAteiAk
e1BHQURNSU5fRU5BQkxFX1RMU30gXTsgdGhlbgotICAgIGV4ZWMgZ3VuaWNvcm4gLS10aW1lb3V0
ICR7VElNRU9VVH0gLS1iaW5kICR7UEdBRE1JTl9MSVNURU5fQUREUkVTUzotWzo6XX06JHtQR0FE
TUlOX0xJU1RFTl9QT1JUOi00NDN9IC13IDEgLS10aHJlYWRzICR7R1VOSUNPUk5fVEhSRUFEUzot
MjV9IC0tYWNjZXNzLWxvZ2ZpbGUgJHtHVU5JQ09STl9BQ0NFU1NfTE9HRklMRTotLX0gLS1rZXlm
aWxlIC9jZXJ0cy9zZXJ2ZXIua2V5IC0tY2VydGZpbGUgL2NlcnRzL3NlcnZlci5jZXJ0IHJ1bl9w
Z2FkbWluOmFwcAorICAgIGV4ZWMgZ3VuaWNvcm4gLS10aW1lb3V0ICR7VElNRU9VVH0gLS1iaW5k
ICR7UEdBRE1JTl9MSVNURU5fQUREUkVTUzotWzo6XX06JHtQR0FETUlOX0xJU1RFTl9QT1JUOi00
NDN9IC13IDEgLS10aHJlYWRzICR7R1VOSUNPUk5fVEhSRUFEUzotMjV9IC0tYWNjZXNzLWxvZ2Zp
bGUgJHtHVU5JQ09STl9BQ0NFU1NfTE9HRklMRTotLX0gLS1rZXlmaWxlIC9jZXJ0cy9zZXJ2ZXIu
a2V5IC0tY2VydGZpbGUgL2NlcnRzL3NlcnZlci5jZXJ0IC1jIGd1bmljb3JuX2NvbmZpZy5weSBy
dW5fcGdhZG1pbjphcHAKIGVsc2UKLSAgICBleGVjIGd1bmljb3JuIC0tdGltZW91dCAke1RJTUVP
VVR9IC0tYmluZCAke1BHQURNSU5fTElTVEVOX0FERFJFU1M6LVs6Ol19OiR7UEdBRE1JTl9MSVNU
RU5fUE9SVDotODB9IC13IDEgLS10aHJlYWRzICR7R1VOSUNPUk5fVEhSRUFEUzotMjV9IC0tYWNj
ZXNzLWxvZ2ZpbGUgJHtHVU5JQ09STl9BQ0NFU1NfTE9HRklMRTotLX0gcnVuX3BnYWRtaW46YXBw
CisgICAgZXhlYyBndW5pY29ybiAtLXRpbWVvdXQgJHtUSU1FT1VUfSAtLWJpbmQgJHtQR0FETUlO
X0xJU1RFTl9BRERSRVNTOi1bOjpdfToke1BHQURNSU5fTElTVEVOX1BPUlQ6LTgwfSAtdyAxIC0t
dGhyZWFkcyAke0dVTklDT1JOX1RIUkVBRFM6LTI1fSAtLWFjY2Vzcy1sb2dmaWxlICR7R1VOSUNP
Uk5fQUNDRVNTX0xPR0ZJTEU6LS19IC1jIGd1bmljb3JuX2NvbmZpZy5weSBydW5fcGdhZG1pbjph
cHAKIGZpCmRpZmYgLS1naXQgYS9wa2cvZG9ja2VyL2d1bmljb3JuX2NvbmZpZy5weSBiL3BrZy9k
b2NrZXIvZ3VuaWNvcm5fY29uZmlnLnB5Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAw
MDAuLjUxM2M4ODkKLS0tIC9kZXYvbnVsbAorKysgYi9wa2cvZG9ja2VyL2d1bmljb3JuX2NvbmZp
Zy5weQpAQCAtMCwwICsxLDIgQEAKK2ltcG9ydCBndW5pY29ybgorZ3VuaWNvcm4uU0VSVkVSX1NP
RlRXQVJFID0gJ1B5dGhvbicKZGlmZiAtLWdpdCBhL3JlcXVpcmVtZW50cy50eHQgYi9yZXF1aXJl
bWVudHMudHh0CmluZGV4IGE1ODE1YTMuLmRiYjAwODMgMTAwNjQ0Ci0tLSBhL3JlcXVpcmVtZW50
cy50eHQKKysrIGIvcmVxdWlyZW1lbnRzLnR4dApAQCAtNDEsNCArNDEsNSBAQCBGbGFzay1TZWN1
cml0eS1Ub28+PTMuMC4wCiBiY3J5cHQ8PTMuMS43CiBjcnlwdG9ncmFwaHk8PTMuMAogc3NodHVu
bmVsPj0wLjEuNQorbmV0YWRkcj09MC44LjAKIGxkYXAzPj0yLjUuMQpkaWZmIC0tZ2l0IGEvd2Vi
L2NvbmZpZy5weSBiL3dlYi9jb25maWcucHkKaW5kZXggNzAyZTczZi4uYjg5M2UzNSAxMDA2NDQK
LS0tIGEvd2ViL2NvbmZpZy5weQorKysgYi93ZWIvY29uZmlnLnB5CkBAIC0xNDMsMTIgKzE0Myw1
NyBAQCBERUZBVUxUX1NFUlZFUiA9ICcxMjcuMC4wLjEnCiAjIGVudmlyb25tZW50IGJ5IHRoZSBy
dW50aW1lCiBERUZBVUxUX1NFUlZFUl9QT1JUID0gNTA1MAogCisjIFRoaXMgcGFyYW0gaXMgdXNl
ZCB0byB2YWxpZGF0ZSBBTExPV0VEX0hPU1RTIGZvciB0aGUgYXBwbGljYXRpb24KKyMgVGhpcyB3
aWxsIGJlIHVzZWQgdG8gYXZvaWQgSG9zdCBIZWFkZXIgSW5qZWN0aW9uIGF0dGFjaworIyBGb3Ig
aG93IHRvIHNldCBBTExPV0VEX0hPU1RTIHNlZSBuZXRhZGRyIGxpYnJhcnkKKyMgRm9yIG1vcmUg
ZGV0YWlscyBodHRwczovL25ldGFkZHIucmVhZHRoZWRvY3MuaW8vZW4vbGF0ZXN0L3R1dG9yaWFs
XzAzLmh0bWwKKyMgZS5nLiBBTExPV0VEX0hPU1RTID0gWycxOTIuMC4yLjAvMjgnLCAnOjoxOTIu
MC4yLjAvMTI0J10KKyMgQUxMT1dFRF9IT1NUUyA9IFsnMjI1LjAuMC4wLzgnLCAnMjI2LjAuMC4w
LzcnLCAnMjI4LjAuMC4wLzYnXQorIyBBTExPV0VEX0hPU1RTID0gWycxMjcuMC4wLjEnLCAnMTky
LjE2OC4wLjEnXQorIyBpZiBBTExPV0VEX0hPU1RTPSBbXSB0aGVuIGl0IHdpbGwgYWNjZXB0IGFs
bCBpcHMgKGFuZCBhcHBsaWNhdGlvbiB3aWxsIGJlCisjIHZ1bG5lcmFibGUgdG8gSG9zdCBIZWFk
ZXIgSW5qZWN0aW9uIGF0dGFjaykKK0FMTE9XRURfSE9TVFMgPSBbXQorCisjIFRoaXMgcGFyYW0g
aXMgdXNlZCB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCB3ZWIgc2VydmVyIGluZm9ybWF0aW9uIGFi
b3V0CisjIHRoZSB3ZWIgdGVjaG5vbG9neSBhbmQgdGhlIGZyYW1ld29ya3MgYmVpbmcgdXNlZCBp
biB0aGUgYXBwbGljYXRpb24KKyMgQW4gYXR0YWNrZXIgY291bGQgdXNlIHRoaXMgaW5mb3JtYXRp
b24gdG8gZmluZ2VycHJpbnQgdW5kZXJseWluZyBvcGVyYXRpbmcKKyMgc3lzdGVtIGFuZCByZXNl
YXJjaCBrbm93biBleHBsb2l0cyBmb3IgdGhlIHNwZWNpZmljIHZlcnNpb24gb2YKKyMgc29mdHdh
cmUgaW4gdXNlCitXRUJfU0VSVkVSID0gJ1B5dGhvbicKKwogIyBFbmFibGUgWC1GcmFtZS1PcHRp
b24gcHJvdGVjdGlvbi4KICMgU2V0IHRvIG9uZSBvZiAiU0FNRU9SSUdJTiIsICJBTExPVy1GUk9N
IG9yaWdpbiIgb3IgIiIgdG8gZGlzYWJsZS4KICMgTm90ZSB0aGF0ICJERU5ZIiBpcyBOT1Qgc3Vw
cG9ydGVkIChhbmQgd2lsbCBiZSBzaWxlbnRseSBpZ25vcmVkKS4KICMgU2VlIGh0dHBzOi8vdG9v
bHMuaWV0Zi5vcmcvaHRtbC9yZmM3MDM0IGZvciBtb3JlIGluZm8uCiBYX0ZSQU1FX09QVElPTlMg
PSAiU0FNRU9SSUdJTiIKIAorIyBUaGUgQ29udGVudC1TZWN1cml0eS1Qb2xpY3kgaGVhZGVyIGFs
bG93cyB5b3UgdG8gcmVzdHJpY3QgaG93IHJlc291cmNlcworIyBzdWNoIGFzIEphdmFTY3JpcHQs
IENTUywgb3IgcHJldHR5IG11Y2ggYW55dGhpbmcgdGhhdCB0aGUgYnJvd3NlciBsb2Fkcy4KKyMg
c2VlIGh0dHBzOi8vY29udGVudC1zZWN1cml0eS1wb2xpY3kuY29tLyNzb3VyY2VfbGlzdCBmb3Ig
bW9yZSBpbmZvCisjIGUuZy4gImRlZmF1bHQtc3JjIGh0dHBzOiBkYXRhOiAndW5zYWZlLWlubGlu
ZScgJ3Vuc2FmZS1ldmFsJzsiCitDT05URU5UX1NFQ1VSSVRZX1BPTElDWSA9ICJkZWZhdWx0LXNy
YyBodHRwOiBkYXRhOiBibG9iOiAndW5zYWZlLWlubGluZScgIiBcCisgICAgICAgICAgICAgICAg
ICAgICAgICAgICIndW5zYWZlLWV2YWwnOyIKKworIyBTVFJJQ1RfVFJBTlNQT1JUX1NFQ1VSSVRZ
X0VOQUJMRUQgd2hlbiBzZXQgdG8gVHJ1ZSB3aWxsIHNldCB0aGUKKyMgU3RyaWN0LVRyYW5zcG9y
dC1TZWN1cml0eSBoZWFkZXIKK1NUUklDVF9UUkFOU1BPUlRfU0VDVVJJVFlfRU5BQkxFRCA9IEZh
bHNlCisKKyMgVGhlIFN0cmljdC1UcmFuc3BvcnQtU2VjdXJpdHkgaGVhZGVyIHRlbGxzIHRoZSBi
cm93c2VyIHRvIGNvbnZlcnQgYWxsIEhUVFAKKyMgcmVxdWVzdHMgdG8gSFRUUFMsIHByZXZlbnRp
bmcgbWFuLWluLXRoZS1taWRkbGUgKE1JVE0pIGF0dGFja3MuCisjIGUuZy4gJ21heC1hZ2U9MzE1
MzYwMDA7IGluY2x1ZGVTdWJEb21haW5zJworU1RSSUNUX1RSQU5TUE9SVF9TRUNVUklUWSA9ICJt
YXgtYWdlPTMxNTM2MDAwOyBpbmNsdWRlU3ViRG9tYWlucyIKKworIyBUaGUgWC1Db250ZW50LVR5
cGUtT3B0aW9ucyBoZWFkZXIgZm9yY2VzIHRoZSBicm93c2VyIHRvIGhvbm9yIHRoZSByZXNwb25z
ZQorIyBjb250ZW50IHR5cGUgaW5zdGVhZCBvZiB0cnlpbmcgdG8gZGV0ZWN0IGl0LCB3aGljaCBj
YW4gYmUgYWJ1c2VkIHRvCisjIGdlbmVyYXRlIGEgY3Jvc3Mtc2l0ZSBzY3JpcHRpbmcgKFhTUykg
YXR0YWNrLgorIyBlLmcuIG5vc25pZmYKK1hfQ09OVEVOVF9UWVBFX09QVElPTlMgPSAibm9zbmlm
ZiIKKworIyBUaGUgYnJvd3NlciB3aWxsIHRyeSB0byBwcmV2ZW50IHJlZmxlY3RlZCBYU1MgYXR0
YWNrcyBieSBub3QgbG9hZGluZyB0aGUKKyMgcGFnZSBpZiB0aGUgcmVxdWVzdCBjb250YWlucyBz
b21ldGhpbmcgdGhhdCBsb29rcyBsaWtlIEphdmFTY3JpcHQgYW5kIHRoZQorIyByZXNwb25zZSBj
b250YWlucyB0aGUgc2FtZSBkYXRhLiBlLmcuICcxOyBtb2RlPWJsb2NrJworWF9YU1NfUFJPVEVD
VElPTiA9ICIxOyBtb2RlPWJsb2NrIgorCiAjIEhhc2hpbmcgYWxnb3JpdGhtIHVzZWQgZm9yIHBh
c3N3b3JkIHN0b3JhZ2UKIFNFQ1VSSVRZX1BBU1NXT1JEX0hBU0ggPSAncGJrZGYyX3NoYTUxMicK
IApAQCAtNDIxLDEyICs0NjYsMTQgQEAgT05fREVNQU5EX1JFQ09SRF9DT1VOVCA9IDEwMDAKIFNI
T1dfR1JBVkFUQVJfSU1BR0UgPSBUcnVlCiAKICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCi0jIFNldCBjb29r
aWUgcGF0aAorIyBTZXQgY29va2llIHBhdGggYW5kIG9wdGlvbnMKICMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
CiBDT09LSUVfREVGQVVMVF9QQVRIID0gJy8nCiBDT09LSUVfREVGQVVMVF9ET01BSU4gPSBOb25l
CiBTRVNTSU9OX0NPT0tJRV9ET01BSU4gPSBOb25lCiBTRVNTSU9OX0NPT0tJRV9TQU1FU0lURSA9
ICdMYXgnCitTRVNTSU9OX0NPT0tJRV9TRUNVUkUgPSBGYWxzZQorU0VTU0lPTl9DT09LSUVfSFRU
UE9OTFkgPSBUcnVlCiAKICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKICMgU2tpcCBzdG9yaW5nIHNlc3Npb24g
aW4gZmlsZXMgYW5kIGNhY2hlIGZvciBzcGVjaWZpYyBwYXRocwpkaWZmIC0tZ2l0IGEvd2ViL3Bn
YWRtaW4vX19pbml0X18ucHkgYi93ZWIvcGdhZG1pbi9fX2luaXRfXy5weQppbmRleCAyNzVmMzY1
Li41OWNhYjYyIDEwMDY0NAotLS0gYS93ZWIvcGdhZG1pbi9fX2luaXRfXy5weQorKysgYi93ZWIv
cGdhZG1pbi9fX2luaXRfXy5weQpAQCAtMTIsNiArMTIsNyBAQCBzdWNoIGFzIHNldHVwIG9mIGxv
Z2dpbmcsIGR5bmFtaWMgbG9hZGluZyBvZiBtb2R1bGVzIGV0Yy4iIiIKIGltcG9ydCBsb2dnaW5n
CiBpbXBvcnQgb3MKIGltcG9ydCBzeXMKK2ltcG9ydCByZQogZnJvbSB0eXBlcyBpbXBvcnQgTWV0
aG9kVHlwZQogZnJvbSBjb2xsZWN0aW9ucyBpbXBvcnQgZGVmYXVsdGRpY3QKIGZyb20gaW1wb3J0
bGliIGltcG9ydCBpbXBvcnRfbW9kdWxlCkBAIC0xOSwxMSArMjAsMTMgQEAgZnJvbSBpbXBvcnRs
aWIgaW1wb3J0IGltcG9ydF9tb2R1bGUKIGZyb20gZmxhc2sgaW1wb3J0IEZsYXNrLCBhYm9ydCwg
cmVxdWVzdCwgY3VycmVudF9hcHAsIHNlc3Npb24sIHVybF9mb3IKIGZyb20gd2Vya3pldWcuZXhj
ZXB0aW9ucyBpbXBvcnQgSFRUUEV4Y2VwdGlvbgogZnJvbSBmbGFza19iYWJlbGV4IGltcG9ydCBC
YWJlbCwgZ2V0dGV4dAorZnJvbSBmbGFza19iYWJlbGV4IGltcG9ydCBnZXR0ZXh0IGFzIF8KIGZy
b20gZmxhc2tfbG9naW4gaW1wb3J0IHVzZXJfbG9nZ2VkX2luLCB1c2VyX2xvZ2dlZF9vdXQKIGZy
b20gZmxhc2tfbWFpbCBpbXBvcnQgTWFpbAogZnJvbSBmbGFza19wYXJhbm9pZCBpbXBvcnQgUGFy
YW5vaWQKIGZyb20gZmxhc2tfc2VjdXJpdHkgaW1wb3J0IFNlY3VyaXR5LCBTUUxBbGNoZW15VXNl
ckRhdGFzdG9yZSwgY3VycmVudF91c2VyCiBmcm9tIGZsYXNrX3NlY3VyaXR5LnV0aWxzIGltcG9y
dCBsb2dpbl91c2VyLCBsb2dvdXRfdXNlcgorZnJvbSBuZXRhZGRyIGltcG9ydCBJUFNldAogZnJv
bSB3ZXJremV1Zy5kYXRhc3RydWN0dXJlcyBpbXBvcnQgSW1tdXRhYmxlRGljdAogZnJvbSB3ZXJr
emV1Zy5sb2NhbCBpbXBvcnQgTG9jYWxQcm94eQogZnJvbSB3ZXJremV1Zy51dGlscyBpbXBvcnQg
ZmluZF9tb2R1bGVzCkBAIC0zNiw5ICszOSwxMCBAQCBmcm9tIHBnYWRtaW4udXRpbHMuc2Vzc2lv
biBpbXBvcnQgY3JlYXRlX3Nlc3Npb25faW50ZXJmYWNlLCBwZ2FfdW5hdXRob3Jpc2VkCiBmcm9t
IHBnYWRtaW4udXRpbHMudmVyc2lvbmVkX3RlbXBsYXRlX2xvYWRlciBpbXBvcnQgVmVyc2lvbmVk
VGVtcGxhdGVMb2FkZXIKIGZyb20gZGF0ZXRpbWUgaW1wb3J0IHRpbWVkZWx0YQogZnJvbSBwZ2Fk
bWluLnNldHVwIGltcG9ydCBnZXRfdmVyc2lvbiwgc2V0X3ZlcnNpb24KLWZyb20gcGdhZG1pbi51
dGlscy5hamF4IGltcG9ydCBpbnRlcm5hbF9zZXJ2ZXJfZXJyb3IKK2Zyb20gcGdhZG1pbi51dGls
cy5hamF4IGltcG9ydCBpbnRlcm5hbF9zZXJ2ZXJfZXJyb3IsIG1ha2VfanNvbl9yZXNwb25zZQog
ZnJvbSBwZ2FkbWluLnV0aWxzLmNzcmYgaW1wb3J0IHBnQ1NSRlByb3RlY3QKIGZyb20gcGdhZG1p
biBpbXBvcnQgYXV0aGVudGljYXRlCitmcm9tIHBnYWRtaW4udXRpbHMuc2VjdXJpdHlfaGVhZGVy
cyBpbXBvcnQgU2VjdXJpdHlIZWFkZXJzCiAKIHdpbnJlZyA9IE5vbmUKIGlmIG9zLm5hbWUgPT0g
J250JzoKQEAgLTY1OCw2ICs2NjIsMzYgQEAgZGVmIGNyZWF0ZV9hcHAoYXBwX25hbWU9Tm9uZSk6
CiAgICAgICAgICAgICAgICAgcmVxdWVzdC5lbmRwb2ludCBub3QgaW4gKCdzZWN1cml0eS5sb2dp
bicsICdzZWN1cml0eS5sb2dvdXQnKToKICAgICAgICAgICAgIGxvZ291dF91c2VyKCkKIAorICAg
IEBhcHAuYmVmb3JlX3JlcXVlc3QKKyAgICBkZWYgbGltaXRfaG9zdF9hZGRyKCk6CisgICAgICAg
ICIiIgorICAgICAgICBUaGlzIGZ1bmN0aW9uIHZhbGlkYXRlIHRoZSBob3N0cyBmcm9tIEFMTE9X
RURfSE9TVFMgYmVmb3JlIGFsbG93aW5nCisgICAgICAgIEhUVFAgcmVxdWVzdCB0byBhdm9pZCBI
b3N0IEhlYWRlciBJbmplY3Rpb24gYXR0YWNrCisgICAgICAgIDpyZXR1cm46IE5vbmUvSlNPTiBy
ZXNwb25zZSB3aXRoIDQwMyBIVFRQIHN0YXR1cyBjb2RlCisgICAgICAgICIiIgorICAgICAgICBj
bGllbnRfaG9zdCA9IHN0cihyZXF1ZXN0Lmhvc3QpLnNwbGl0KCc6JylbMF0KKyAgICAgICAgdmFs
aWQgPSBUcnVlCisgICAgICAgIGFsbG93ZWRfaG9zdHMgPSBjb25maWcuQUxMT1dFRF9IT1NUUwor
CisgICAgICAgIGlmIGxlbihhbGxvd2VkX2hvc3RzKSAhPSAwOgorICAgICAgICAgICAgcmVnZXgg
PSByZS5jb21waWxlKAorICAgICAgICAgICAgICAgIHInXGR7MSwzfVwuXGR7MSwzfVwuXGR7MSwz
fVwuXGR7MSwzfSg/Oi9cZHsxLDJ9fCknKQorICAgICAgICAgICAgIyBDcmVhdGUgc2VwYXJhdGUg
bGlzdCBmb3IgaXAgYWRkcmVzc2VzIGFuZCBob3N0IG5hbWVzCisgICAgICAgICAgICBpcF9zZXQg
PSBsaXN0KGZpbHRlcihsYW1iZGEgaXA6IHJlZ2V4Lm1hdGNoKGlwKSwgYWxsb3dlZF9ob3N0cykp
CisgICAgICAgICAgICBob3N0X3NldCA9IGxpc3QoZmlsdGVyKGxhbWJkYSBpcDogbm90IHJlZ2V4
Lm1hdGNoKGlwKSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxsb3dlZF9o
b3N0cykpCisgICAgICAgICAgICBpc19pcCA9IHJlZ2V4Lm1hdGNoKGNsaWVudF9ob3N0KQorICAg
ICAgICAgICAgaWYgaXNfaXA6CisgICAgICAgICAgICAgICAgdmFsaWQgPSBJUFNldChpcF9zZXQp
Ll9fY29udGFpbnNfXyhjbGllbnRfaG9zdCkKKyAgICAgICAgICAgIGVsc2U6CisgICAgICAgICAg
ICAgICAgdmFsaWQgPSBob3N0X3NldC5fX2NvbnRhaW5zX18oY2xpZW50X2hvc3QpCisKKyAgICAg
ICAgaWYgbm90IHZhbGlkOgorICAgICAgICAgICAgcmV0dXJuIG1ha2VfanNvbl9yZXNwb25zZSgK
KyAgICAgICAgICAgICAgICBzdGF0dXM9NDAzLCBzdWNjZXNzPTAsCisgICAgICAgICAgICAgICAg
ZXJyb3Jtc2c9XygiNDAzIEZPUkJJRERFTiIpCisgICAgICAgICAgICApCisKICAgICBAYXBwLmFm
dGVyX3JlcXVlc3QKICAgICBkZWYgYWZ0ZXJfcmVxdWVzdChyZXNwb25zZSk6CiAgICAgICAgIGlm
ICdrZXknIGluIHJlcXVlc3QuYXJnczoKQEAgLTY2NywxMyArNzAxLDEyIEBAIGRlZiBjcmVhdGVf
YXBwKGFwcF9uYW1lPU5vbmUpOgogICAgICAgICAgICAgICAgIGRvbWFpblsnZG9tYWluJ10gPSBj
b25maWcuQ09PS0lFX0RFRkFVTFRfRE9NQUlOCiAgICAgICAgICAgICByZXNwb25zZS5zZXRfY29v
a2llKCdQR0FETUlOX0lOVF9LRVknLCB2YWx1ZT1yZXF1ZXN0LmFyZ3NbJ2tleSddLAogICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBwYXRoPWNvbmZpZy5DT09LSUVfREVGQVVMVF9QQVRI
LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZWN1cmU9Y29uZmlnLlNFU1NJT05f
Q09PS0lFX1NFQ1VSRSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaHR0cG9ubHk9
Y29uZmlnLlNFU1NJT05fQ09PS0lFX0hUVFBPTkxZLAorICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBzYW1lc2l0ZT1jb25maWcuU0VTU0lPTl9DT09LSUVfU0FNRVNJVEUsCiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICoqZG9tYWluKQogCi0gICAgICAgICMgWC1GcmFtZS1P
cHRpb25zIGZvciBzZWN1cml0eQotICAgICAgICBpZiBjb25maWcuWF9GUkFNRV9PUFRJT05TICE9
ICIiIGFuZCBcCi0gICAgICAgICAgICAgICAgY29uZmlnLlhfRlJBTUVfT1BUSU9OUy5sb3dlcigp
ICE9ICJkZW55IjoKLSAgICAgICAgICAgIHJlc3BvbnNlLmhlYWRlcnNbIlgtRnJhbWUtT3B0aW9u
cyJdID0gY29uZmlnLlhfRlJBTUVfT1BUSU9OUwotCisgICAgICAgIFNlY3VyaXR5SGVhZGVycy5z
ZXRfcmVzcG9uc2VfaGVhZGVycyhyZXNwb25zZSkKICAgICAgICAgcmV0dXJuIHJlc3BvbnNlCiAK
ICAgICAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIwpkaWZmIC0tZ2l0IGEvd2ViL3BnYWRtaW4vYnJvd3Nlci9f
X2luaXRfXy5weSBiL3dlYi9wZ2FkbWluL2Jyb3dzZXIvX19pbml0X18ucHkKaW5kZXggNTM3NWU5
NC4uNmVkMTM4YiAxMDA2NDQKLS0tIGEvd2ViL3BnYWRtaW4vYnJvd3Nlci9fX2luaXRfXy5weQor
KysgYi93ZWIvcGdhZG1pbi9icm93c2VyL19faW5pdF9fLnB5CkBAIC02OTcsNiArNjk3LDkgQEAg
ZGVmIGluZGV4KCk6CiAKICAgICByZXNwb25zZS5zZXRfY29va2llKCJQR0FETUlOX0xBTkdVQUdF
IiwgdmFsdWU9bGFuZ3VhZ2UsCiAgICAgICAgICAgICAgICAgICAgICAgICBwYXRoPWNvbmZpZy5D
T09LSUVfREVGQVVMVF9QQVRILAorICAgICAgICAgICAgICAgICAgICAgICAgc2VjdXJlPWNvbmZp
Zy5TRVNTSU9OX0NPT0tJRV9TRUNVUkUsCisgICAgICAgICAgICAgICAgICAgICAgICBodHRwb25s
eT1jb25maWcuU0VTU0lPTl9DT09LSUVfSFRUUE9OTFksCisgICAgICAgICAgICAgICAgICAgICAg
ICBzYW1lc2l0ZT1jb25maWcuU0VTU0lPTl9DT09LSUVfU0FNRVNJVEUsCiAgICAgICAgICAgICAg
ICAgICAgICAgICAqKmRvbWFpbikKIAogICAgIHJldHVybiByZXNwb25zZQpkaWZmIC0tZ2l0IGEv
d2ViL3BnYWRtaW4vcHJlZmVyZW5jZXMvX19pbml0X18ucHkgYi93ZWIvcGdhZG1pbi9wcmVmZXJl
bmNlcy9fX2luaXRfXy5weQppbmRleCBkYjExZDFkLi5kMDVjMWM4IDEwMDY0NAotLS0gYS93ZWIv
cGdhZG1pbi9wcmVmZXJlbmNlcy9fX2luaXRfXy5weQorKysgYi93ZWIvcGdhZG1pbi9wcmVmZXJl
bmNlcy9fX2luaXRfXy5weQpAQCAtMjMyLDYgKzIzMiw5IEBAIGRlZiBzYXZlKHBpZCk6CiAgICAg
c2V0YXR0cihzZXNzaW9uLCAnUEdBRE1JTl9MQU5HVUFHRScsIGxhbmd1YWdlKQogICAgIHJlc3Bv
bnNlLnNldF9jb29raWUoIlBHQURNSU5fTEFOR1VBR0UiLCB2YWx1ZT1sYW5ndWFnZSwKICAgICAg
ICAgICAgICAgICAgICAgICAgIHBhdGg9Y29uZmlnLkNPT0tJRV9ERUZBVUxUX1BBVEgsCisgICAg
ICAgICAgICAgICAgICAgICAgICBzZWN1cmU9Y29uZmlnLlNFU1NJT05fQ09PS0lFX1NFQ1VSRSwK
KyAgICAgICAgICAgICAgICAgICAgICAgIGh0dHBvbmx5PWNvbmZpZy5TRVNTSU9OX0NPT0tJRV9I
VFRQT05MWSwKKyAgICAgICAgICAgICAgICAgICAgICAgIHNhbWVzaXRlPWNvbmZpZy5TRVNTSU9O
X0NPT0tJRV9TQU1FU0lURSwKICAgICAgICAgICAgICAgICAgICAgICAgICoqZG9tYWluKQogCiAg
ICAgcmV0dXJuIHJlc3BvbnNlCmRpZmYgLS1naXQgYS93ZWIvcGdhZG1pbi91dGlscy9zZWN1cml0
eV9oZWFkZXJzLnB5IGIvd2ViL3BnYWRtaW4vdXRpbHMvc2VjdXJpdHlfaGVhZGVycy5weQpuZXcg
ZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi5kODViNWViCi0tLSAvZGV2L251bGwKKysr
IGIvd2ViL3BnYWRtaW4vdXRpbHMvc2VjdXJpdHlfaGVhZGVycy5weQpAQCAtMCwwICsxLDQxIEBA
CisjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIworIworIyBwZ0FkbWluIDQgLSBQb3N0Z3JlU1FMIFRvb2xzCisj
CisjIENvcHlyaWdodCAoQykgMjAxMyAtIDIwMjAsIFRoZSBwZ0FkbWluIERldmVsb3BtZW50IFRl
YW0KKyMgVGhpcyBzb2Z0d2FyZSBpcyByZWxlYXNlZCB1bmRlciB0aGUgUG9zdGdyZVNRTCBMaWNl
bmNlCisjCisjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCisKK2ltcG9ydCBjb25maWcKKworCitjbGFzcyBTZWN1
cml0eUhlYWRlcnM6CisKKyAgICBAc3RhdGljbWV0aG9kCisgICAgZGVmIHNldF9yZXNwb25zZV9o
ZWFkZXJzKHJlc3BvbnNlKToKKyAgICAgICAgIiIic2V0IHJlc3BvbnNlIHNlY3VyaXR5IGhlYWRl
cnMiIiIKKworICAgICAgICBwYXJhbXNfZGljdCA9IHsKKyAgICAgICAgICAgICdDT05URU5UX1NF
Q1VSSVRZX1BPTElDWSc6ICdDb250ZW50LVNlY3VyaXR5LVBvbGljeScsCisgICAgICAgICAgICAn
WF9DT05URU5UX1RZUEVfT1BUSU9OUyc6ICdYLUNvbnRlbnQtVHlwZS1PcHRpb25zJywKKyAgICAg
ICAgICAgICdYX1hTU19QUk9URUNUSU9OJzogJ1gtWFNTLVByb3RlY3Rpb24nLAorICAgICAgICAg
ICAgJ1dFQl9TRVJWRVInOiAnU2VydmVyJywKKyAgICAgICAgfQorCisgICAgICAgICMgWC1GcmFt
ZS1PcHRpb25zIGZvciBzZWN1cml0eQorICAgICAgICBpZiBjb25maWcuWF9GUkFNRV9PUFRJT05T
ICE9ICIiIGFuZCBcCisgICAgICAgICAgICAgICAgY29uZmlnLlhfRlJBTUVfT1BUSU9OUy5sb3dl
cigpICE9ICJkZW55IjoKKyAgICAgICAgICAgIHJlc3BvbnNlLmhlYWRlcnNbIlgtRnJhbWUtT3B0
aW9ucyJdID0gY29uZmlnLlhfRlJBTUVfT1BUSU9OUworCisgICAgICAgICMgU3RyaWN0LVRyYW5z
cG9ydC1TZWN1cml0eQorICAgICAgICBpZiBjb25maWcuU1RSSUNUX1RSQU5TUE9SVF9TRUNVUklU
WV9FTkFCTEVEIGFuZCBcCisgICAgICAgICAgICAgICAgY29uZmlnLlNUUklDVF9UUkFOU1BPUlRf
U0VDVVJJVFkgIT0gIiI6CisgICAgICAgICAgICByZXNwb25zZS5oZWFkZXJzWyJTdHJpY3QtVHJh
bnNwb3J0LVNlY3VyaXR5Il0gPSBcCisgICAgICAgICAgICAgICAgY29uZmlnLlNUUklDVF9UUkFO
U1BPUlRfU0VDVVJJVFkKKworICAgICAgICAjIGFkZCBvdGhlciBzZWN1cml0eSBvcHRpb25zCisg
ICAgICAgIGZvciBrZXkgaW4gcGFyYW1zX2RpY3Q6CisgICAgICAgICAgICBpZiBrZXkgaW4gY29u
ZmlnLl9fZGljdF9fIGFuZCBjb25maWcuX19kaWN0X19ba2V5XSAhPSAiIiBcCisgICAgICAgICAg
ICAgICAgICAgIGFuZCBjb25maWcuX19kaWN0X19ba2V5XSBpcyBub3QgTm9uZToKKyAgICAgICAg
ICAgICAgICByZXNwb25zZS5oZWFkZXJzW3BhcmFtc19kaWN0W2tleV1dID0gY29uZmlnLl9fZGlj
dF9fW2tleV0KZGlmZiAtLWdpdCBhL3dlYi9wZ2FkbWluL3V0aWxzL3Nlc3Npb24ucHkgYi93ZWIv
cGdhZG1pbi91dGlscy9zZXNzaW9uLnB5CmluZGV4IGI4YWYzZDQuLjYyZTAzYmEgMTAwNjQ0Ci0t
LSBhL3dlYi9wZ2FkbWluL3V0aWxzL3Nlc3Npb24ucHkKKysrIGIvd2ViL3BnYWRtaW4vdXRpbHMv
c2Vzc2lvbi5weQpAQCAtMzExLDcgKzMxMSwxMSBAQCBjbGFzcyBNYW5hZ2VkU2Vzc2lvbkludGVy
ZmFjZShTZXNzaW9uSW50ZXJmYWNlKToKICAgICAgICAgcmVzcG9uc2Uuc2V0X2Nvb2tpZSgKICAg
ICAgICAgICAgIGFwcC5zZXNzaW9uX2Nvb2tpZV9uYW1lLAogICAgICAgICAgICAgJyVzISVzJyAl
IChzZXNzaW9uLnNpZCwgc2Vzc2lvbi5obWFjX2RpZ2VzdCksCi0gICAgICAgICAgICBleHBpcmVz
PWNvb2tpZV9leHAsIGh0dHBvbmx5PVRydWUsIGRvbWFpbj1kb21haW4KKyAgICAgICAgICAgIGV4
cGlyZXM9Y29va2llX2V4cCwKKyAgICAgICAgICAgIHNlY3VyZT1jb25maWcuU0VTU0lPTl9DT09L
SUVfU0VDVVJFLAorICAgICAgICAgICAgaHR0cG9ubHk9Y29uZmlnLlNFU1NJT05fQ09PS0lFX0hU
VFBPTkxZLAorICAgICAgICAgICAgc2FtZXNpdGU9Y29uZmlnLlNFU1NJT05fQ09PS0lFX1NBTUVT
SVRFLAorICAgICAgICAgICAgZG9tYWluPWRvbWFpbgogICAgICAgICApCiAKIAo=
--000000000000c6e7b105b2065950--