240496 CVE-2008-4482 2008-10-08 12:12 0000 dev-libs/xerces-c <3.0.0-r1 maxOccurs XML schema DoS (CVE-2008-4482) 2009-03-09 14:01:42 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://issues.apache.org/jira/browse/XERCESC-1051 B3 [glsa] P2 minor --- 242218 241500 1 craig@gentoo.org security@gentoo.org cpp@gentoo.org fmccor@gentoo.org kentfredric@gmail.com craig@gentoo.org 2008-10-08 12:12:50 0000 CVE-2008-4482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4482): The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. dev-zero@gentoo.org 2008-10-15 10:32:39 0000 3.0.0 is now in the tree craig@gentoo.org 2008-10-15 13:22:48 0000 Thanks! Arches, please test and mark stable. fmccor@gentoo.org 2008-10-15 15:31:03 0000 (In reply to comment #2) > Thanks! Arches, please test and mark stable. > Sure, once you put the source xerces-c-3.0.0.tar.gz somewhere. :) craig@gentoo.org 2008-10-15 15:32:54 0000 I thought Tiziano had done that, I don't have commit rights. hoffie@gentoo.org 2008-10-15 15:45:02 0000 Looks like apache mirror structure has been reorganized in case of xerces. New SRC_URI should be e.g. http://apache.nedmirror.nl/xerces/c/3/sources/xerces-c-3.0.0.tar.gz (I'm not fixing it myself because there is another major issue). =dev-libs/xerces-c-3.0.0 cannot go stable (as darksiide pointed out on IRC), it is EAPI=2. Maintainers, could you backport the fix? Removing arches for now, back to [ebuild]. fmccor@gentoo.org 2008-10-15 17:41:33 0000 Created an attachment (id=168592) test log from src_test phase For completeness, I'll mention that the tests fail, apparently because the package expects all test results to be part of the test-results.log, but they are not. On both sparc and on amd64, I get the attached test-results.log, and it claims all tests pass. However, the supplied expected output (xerces-c-3.0.0/scripts/sanityTest_ExpectedResult.log) contains the output from the tests (and is 1213 lines long). Thus, even if we didn't have the EAPI=2 issue, we couldn't mark this stable because FEATURES=test fails spectacularly. I think the problem is with how the tests are run. It looks like they run successfully, but I don't know where their output goes. Wherever it is, results are identical on sparc and amd64. halcy0n@gentoo.org 2008-10-25 17:50:43 0000 Added a new ebuild (3.0.0-r1) which is EAPI=0 and I believe I fixed the tests. Please test and let me know. There's one series of tests that *might* fail. fmccor@gentoo.org 2008-10-25 18:46:37 0000 (In reply to comment #7) > Added a new ebuild (3.0.0-r1) which is EAPI=0 and I believe I fixed the tests. > Please test and let me know. There's one series of tests that *might* fail. > It shows a failure, thus, which might be a glibc problem: ====================== *** glibc detected *** /var/tmp/portage/dev-libs/xerces-c-3.0.0-r1/work/xerces-c-3.0.0/tests/.libs/lt-ThreadTest: double free or corruption (!prev): 0x71d189a0 *** *** glibc detected *** *** glibc detected *** /var/tmp/portage/dev-libs/xerces-c-3.0.0-r1/work/xerces-c-3.0.0/tests/.libs/lt-ThreadTest: double free or corruption (!prev): 0x*** glibc detected *** /var/tmp/portage/dev-libs/xerces-c-3.0.0-r1/work/xerces-c-3.0.0/tests/.libs/lt-ThreadTest: double free or corruption (!prev): 0x72110aa0 *** diff test-results.log ./scripts/sanityTest_ExpectedResult.log 1169,1170c1169,1181 < 123Test Run Successfully < 45678910111213Test Run Successfully --- > 1Test Run Successfully > 2Test Run Successfully > 3Test Run Successfully > 4Test Run Successfully > 5Test Run Successfully > 6Test Run Successfully > 7Test Run Successfully > 8Test Run Successfully > 9Test Run Successfully > 10Test Run Successfully > 11Test Run Successfully > 12Test Run Successfully > 13Test Run Successfully make: *** [check] Error 1 ========================== As for the actual output, the 123Test Run Successfully is supposed to be 1Test ... 2Test ... ================ I am using sys-libs/glibc-2.6.1 on this system. fmccor@gentoo.org 2008-11-11 22:11:43 0000 At Mark's (Halcy0n's) request, I ran the tests with FEATURES='test -sandbox', and with '-sandbox' everything now runs correctly for xerces-c-3.0.0-r1. Based on that, since this is a security bug, sparc is ready to go stable when you wish. rbu@gentoo.org 2008-11-11 22:46:04 0000 Arches, please test and mark stable: =dev-libs/xerces-c-3.0.0-r1 Target keywords : "alpha amd64 ppc ppc64 sparc x86" fmccor@gentoo.org 2008-11-11 23:54:31 0000 Sparc stable, everything now tests successfully (with FEATURES='-sandbox test'). Problems were with the tests, not with the package, and thanks to Halcy0n for the assistance. fmccor@gentoo.org 2008-11-12 00:43:52 0000 Reverting sparc to ~sparc temporarily, awaiting resolution of some apparent coordination problems with xalan-c. I'll take care of everything at once when we are in sync. halcy0n@gentoo.org 2008-11-12 01:19:56 0000 xalan-c doesn't compile with xerces-c-3. I have added a new version to the tree, but I would like for it to sit for a few days before asking for arches to stable. rbu@gentoo.org 2008-11-12 04:35:14 0000 removing arches until then. please give a feedback, we're targeting nov. 16 to re-add arches for stabling of both ebuilds. keytoaster@gentoo.org 2008-11-22 18:16:41 0000 ping, any news here? halcy0n@gentoo.org 2008-11-23 22:26:53 0000 Just started the stablereq process on the other bug since I haven't received anything stating it doesn't work. halcy0n@gentoo.org 2008-11-26 21:23:56 0000 Maybe we should add the arches here as well to get some action happening on bug #242218 We are still waiting on amd64 and x86 there fmccor@gentoo.org 2008-11-26 21:54:08 0000 (In reply to comment #17) > Maybe we should add the arches here as well to get some action happening on bug > #242218 We are still waiting on amd64 and x86 there > Sparc is ready when you are. rbu@gentoo.org 2008-11-26 23:24:44 0000 (In reply to comment #17) > Maybe we should add the arches here as well to get some action happening on bug > #242218 We are still waiting on amd64 and x86 there Feel free to CC arches on this bug, but please state the exact stabling targets because both this and the bug 242218 are not fun to read through. kentfredric@gmail.com 2008-12-05 19:31:12 0000 More affirmation the tests failing appears to be a sandboxing issue. I Upgraded to sandbox 1.3.1 and the glibc warnings disappeared, but the tests are still segfaulting mysteriously. I improved the Perl script that runs the tests so that they're a little more informative as to what is going on, so now, under sandbox, this happens: ( With a bit of random variation, sandbox doesn't look like it wants to crash in consistent ways ) 1Test Run Successfully 2Test Run Successfully 3Test Run Successfully 4Test Run Successfully 5 ThreadTest -parser=dom -v=always -quiet -threads 10 -time 20 personal.xml Exited With State 11 6 ThreadTest -parser=sax2 -v=always -quiet -threads 10 -time 20 personal.xml Exited With State 11 7 ThreadTest -parser=sax -gc -v=always -quiet -threads 10 -time 20 personal.xml Exited With State 11 8 ThreadTest -parser=dom -gc -v=always -quiet -threads 10 -time 20 personal.xml Exited With State 11 9 ThreadTest -parser=sax2 -gc -v=always -quiet -threads 10 -time 20 personal.xml Exited With State 11 10 ThreadTest -parser=sax -n -s -f -v=always -quiet -threads 10 -time 20 personal-schema.xml Exited With State 11 11 ThreadTest -parser=dom -n -s -f -v=always -quiet -threads 10 -time 20 personal-schema.xml Exited With State 11 12Test Run Successfully 13Test Run Successfully 14Test Run Successfully 15Test Run Successfully And without sandbox, this happens: 1Test Run Successfully 2Test Run Successfully 3Test Run Successfully 4Test Run Successfully 5Test Run Successfully 6Test Run Successfully 7Test Run Successfully 8Test Run Successfully 9Test Run Successfully 10Test Run Successfully 11Test Run Successfully 12Test Run Successfully 13Test Run Successfully 14Test Run Successfully 15Test Run Successfully Which makes the diff of fails at the end of it all more useful. ( I only changed the part that was affected by sandbox crashes ) kentfredric@gmail.com 2008-12-05 19:33:23 0000 Created an attachment (id=174350) Minor test-case informativeness enhancement patch halcy0n@gentoo.org 2008-12-09 02:28:06 0000 Arche, please mark the following stable: amd64, sparc, x86: dev-libs/xalan-c-1.11.0_pre705082 everyone: dev-libs/xerces-c-3.0.0-r1 fmccor@gentoo.org 2008-12-09 06:45:04 0000 (In reply to comment #22) > Arche, please mark the following stable: > > amd64, sparc, x86: dev-libs/xalan-c-1.11.0_pre705082 > everyone: dev-libs/xerces-c-3.0.0-r1 > sparc went stable on dev-libs/xalan-c-1.11.0_pre705082 on 23 November. sparc tried to go stable on dev-libs/xerces-c-3.0.0-r1 on 11 November but reverted it because it needed to wait for xalan. So, now sparc can go stable on xerces-c again if you like (tests with it run fine thanks to your help), but we can't do anything on xalan-c. Please advise --- perhaps you meant ppc instead of sparc? (xalan-c currently is "~amd64 ~ppc sparc ~x86") fmccor@gentoo.org 2008-12-09 07:04:00 0000 Oh, because this is a security bug, I did build xalan-c with xerces-c-3.0.0-r1 so I know that combination is good on sparc. ranger@gentoo.org 2008-12-09 15:53:22 0000 ppc64 done. I talked to halcy0n about a failure I saw with ppc64 where I had -threads and yet threaded tests were being executed (which == fail). I enabled threads and bumped into the segfault that other arches saw with sandbox. So the combination of threads/-sandbox resulted in successful compilation and test. fmccor@gentoo.org 2008-12-09 18:34:42 0000 Sparc stable for xerces-c-3.0.0-r1 and xalan-c-1.11.0_pre705082. Comments 22, 23, 24 above for details. klausman@gentoo.org 2008-12-11 22:20:06 0000 I ran into the same testing troubles as ranger (comment #25), fixed them the same way and stabilized xerces-c as requested. dertobi123@gentoo.org 2008-12-13 13:30:34 0000 ppc stable maekke@gentoo.org 2008-12-14 11:16:22 0000 looks good on amd64/x86, minor ebuild issue: rm: cannot remove `samples/data': Is a directory rm: cannot remove `samples/src': Is a directory >>> Completed installing xerces-c-3.0.0-r1 into /var/tmp/portage/dev-libs/xerces-c-3.0.0-r1/image/ maekke@gentoo.org 2008-12-14 12:44:02 0000 amd64/x86 stable, all arches done. keytoaster@gentoo.org 2008-12-15 14:01:03 0000 Denial of Service is 3, not 4. Updating whiteboard. keytoaster@gentoo.org 2008-12-15 14:01:29 0000 Ready for vote, I vote YES. falco@gentoo.org 2009-01-11 17:40:18 0000 Yes too, filling request. rbu@gentoo.org 2009-03-09 14:01:42 0000 GLSA 200903-19 168592 2008-10-15 17:41 0000 test log from src_test phase test-results.log text/plain c2g6IFN0ZEluUGFyc2U6IGNvbW1hbmQgbm90IGZvdW5kCnNoOiBTdGRJblBhcnNlOiBjb21tYW5k IG5vdCBmb3VuZApzaDogU3RkSW5QYXJzZTogY29tbWFuZCBub3QgZm91bmQKClRlc3Qgb2YgYSBs b25nIGVsZW1lbnQgbmFtZS4KCgpET01NZW1UZXN0ClRlc3QgUnVuIFN1Y2Nlc3NmdWxseQpET01U ZXN0ClRlc3QgUnVuIFN1Y2Nlc3NmdWxseQpSYW5nZVRlc3QKVGVzdCBSdW4gU3VjY2Vzc2Z1bGx5 CkRPTVRyYXZlcnNhbFRlc3QKVGVzdCBSdW4gU3VjY2Vzc2Z1bGx5CgpVc2FnZToKICAgIFhTZXJp YWxpemVyVGVzdCBbb3B0aW9uc10gPFhNTCBmaWxlIHwgTGlzdCBmaWxlPgoKVGhpcyBwcm9ncmFt IGludm9rZXMgdGhlIFNBWDJYTUxSZWFkZXIsIGFuZCB0aGVuIHByaW50cyB0aGUKbnVtYmVyIG9m IGVsZW1lbnRzLCBhdHRyaWJ1dGVzLCBzcGFjZXMgYW5kIGNoYXJhY3RlcnMgZm91bmQKaW4gZWFj aCBYTUwgZmlsZSwgdXNpbmcgU0FYMiBBUEkuCgpPcHRpb25zOgogICAgLWwgICAgICAgICAgSW5k aWNhdGUgdGhlIGlucHV0IGZpbGUgaXMgYSBMaXN0IEZpbGUgdGhhdCBoYXMgYSBsaXN0IG9mIHht bCBmaWxlcy4KICAgICAgICAgICAgICAgIERlZmF1bHQgdG8gb2ZmIChJbnB1dCBmaWxlIGlzIGFu IFhNTCBmaWxlKS4KICAgIC12PXh4eCAgICAgIFZhbGlkYXRpb24gc2NoZW1lIFthbHdheXMgfCBu ZXZlciB8IGF1dG8qXS4KICAgIC1mICAgICAgICAgIEVuYWJsZSBmdWxsIHNjaGVtYSBjb25zdHJh aW50IGNoZWNraW5nIHByb2Nlc3NpbmcuIERlZmF1bHRzIHRvIG9mZi4KICAgIC1wICAgICAgICAg IEVuYWJsZSBuYW1lc3BhY2UtcHJlZml4ZXMgZmVhdHVyZS4gRGVmYXVsdHMgdG8gb2ZmLgogICAg LW4gICAgICAgICAgRGlzYWJsZSBuYW1lc3BhY2UgcHJvY2Vzc2luZy4gRGVmYXVsdHMgdG8gb24u CiAgICAgICAgICAgICAgICBOT1RFOiBUSElTIElTIE9QUE9TSVRFIEZST00gT1RIRVIgU0FNUExF Uy4KICAgIC1zICAgICAgICAgIERpc2FibGUgc2NoZW1hIHByb2Nlc3NpbmcuIERlZmF1bHRzIHRv IG9uLgogICAgICAgICAgICAgICAgTk9URTogVEhJUyBJUyBPUFBPU0lURSBGUk9NIE9USEVSIFNB TVBMRVMuCiAgICAtbG9jYWxlPWxsX0NDIHNwZWNpZnkgdGhlIGxvY2FsZSwgZGVmYXVsdDogZW5f VVMuCiAgICAtPyAgICAgICAgICBTaG93IHRoaXMgaGVscC4KCiAgKiA9IERlZmF1bHQgaWYgbm90 IHByb3ZpZGVkIGV4cGxpY2l0bHkuCgpwZXJzb25hbC54bWw6e3RpbWluZyByZW1vdmVkfSgzNyBl bGVtcywgMTIgYXR0cnMsIDAgc3BhY2VzLCAyNjggY2hhcnMpCnBlcnNvbmFsLnhtbDp7dGltaW5n IHJlbW92ZWR9KDM3IGVsZW1zLCAxMiBhdHRycywgMTM0IHNwYWNlcywgMTM0IGNoYXJzKQpwZXJz b25hbC1zY2hlbWEueG1sOnt0aW1pbmcgcmVtb3ZlZH0oMzcgZWxlbXMsIDI4IGF0dHJzLCAwIHNw YWNlcywgMjY4IGNoYXJzKQpwZXJzb25hbC1zY2hlbWEueG1sOnt0aW1pbmcgcmVtb3ZlZH0oMzcg ZWxlbXMsIDI4IGF0dHJzLCAxNDAgc3BhY2VzLCAxMjggY2hhcnMpCnBlcnNvbmFsLXNjaGVtYS54 bWw6e3RpbWluZyByZW1vdmVkfSgzNyBlbGVtcywgMjggYXR0cnMsIDE0MCBzcGFjZXMsIDEyOCBj aGFycykKClhTVmFsdWVUZXN0IFBhc3MKClVzYWdlOgogICAgSW5pdFRlcm1UZXN0IFtvcHRpb25z XSA8WE1MIGZpbGU+CgpUaGlzIHByb2dyYW0gdGVzdHMgdGhlIFhNTFBsYXRmb3JtVXRpbHM6Oklu aXRpYWxpemUoKS9UZXJtaW5hdGUoKQpwYWlyIGJ5IGNhbGxpbmcgaXQgYSBudW1iZXIgb2YgdGlt ZXMuCk9wdGlvbnM6CiAgICAtbiAgICAgICAgICBFbmFibGUgbmFtZXNwYWNlIHByb2Nlc3Npbmcu IERlZmF1bHQgaXMgb2ZmLgogICAgLXMgICAgICAgICAgRW5hYmxlIHNjaGVtYSBwcm9jZXNzaW5n LiBEZWZhdWx0IGlzIG9mZi4KICAgIC1mICAgICAgICAgIEVuYWJsZSBmdWxsIHNjaGVtYSBjb25z dHJhaW50IGNoZWNraW5nLiBEZWZhdWx0cyB0byBvZmYuCiAgICAtPyAgICAgICAgICBTaG93IHRo aXMgaGVscC4KCjFUZXN0IFJ1biBTdWNjZXNzZnVsbHkKMlRlc3QgUnVuIFN1Y2Nlc3NmdWxseQoz VGVzdCBSdW4gU3VjY2Vzc2Z1bGx5Ck5vIGlucHV0IFhNTCBmaWxlIHNwZWNpZmllZCBvbiBjb21t YW5kIGxpbmUuCnVzYWdlOiAgVGhyZWFkVGVzdCBbLXZdIFstdGhyZWFkcyBubm5dIFstdGltZSBu bm5dIFstcXVpZXRdIFstdmVyYm9zZV0geG1sZmlsZS4uLgogICAgIC12PXh4eCAgICAgICAgIFZh bGlkYXRpb24gc2NoZW1lIFthbHdheXMgfCBuZXZlciB8IGF1dG9dLiAgRGVmYXVsdCBpcyBBVVRP LgogICAgIC1uICAgICAgICAgICAgIEVuYWJsZSBuYW1lc3BhY2UgcHJvY2Vzc2luZy4gRGVmYXVs dHMgdG8gb2ZmLgogICAgIC1zICAgICAgICAgICAgIEVuYWJsZSBzY2hlbWEgcHJvY2Vzc2luZy4g RGVmYXVsdHMgdG8gb2ZmLgogICAgIC1mICAgICAgICAgICAgIEVuYWJsZSBmdWxsIHNjaGVtYSBj b25zdHJhaW50IGNoZWNraW5nLiBEZWZhdWx0cyB0byBvZmYuCiAgICAgLXBhcnNlcj14eHggICAg UGFyc2VyIFR5cGUgW2RvbSB8IHNheCB8IHNheDJdLiAgRGVmYXVsdCBpcyBTQVggKFNBWDEpLgog ICAgIC1wICAgICAgICAgICAgIEVuYWJsZSBuYW1lc3BhY2UgcHJlZml4ZXMuIERlZmF1bHRzIHRv IG9mZi4KICAgICAgICAgICAgICAgICAgICAoT25seSB1c2VkIHdpdGggLXBhcnNlcj1zYXgyLCBp Z25vcmVkIG90aGVyd2lzZS4pCiAgICAgLXF1aWV0ICAgICAgICAgU3VwcHJlc3MgcGVyaW9kaWMg c3RhdHVzIGRpc3BsYXkuCiAgICAgLXZlcmJvc2UgICAgICAgRGlzcGxheSBleHRyYSBtZXNzYWdl cy4KICAgICAtcmV1c2UgICAgICAgICBSZXRhaW4gYW5kIHJldXNlIHBhcnNlci4gIERlZmF1bHQg Y3JlYXRlcyBuZXcgZm9yIGVhY2ggcGFyc2UuCiAgICAgLXRocmVhZHMgbm5uICAgTnVtYmVyIG9m IHRocmVhZHMuICBEZWZhdWx0IGlzIDIuCiAgICAgLXRpbWUgbm5uICAgICAgVG90YWwgdGltZSB0 byBydW4sIGluIHNlY29uZHMuICBEZWZhdWx0IGlzIGZvcmV2ZXIuCiAgICAgLXBhcnNlcyBubm4g ICAgUnVuIGZvciBubm4gcGFyc2VzIGluc3RlYWQgb2YgdGltZS4gIERlZmF1bHQgaXMgdG8gdXNl IHRpbWUKICAgICAtZHVtcCAgICAgICAgICBEdW1wIERPTSB0cmVlIG9uIGVycm9yLgogICAgIC1t ZW0gICAgICAgICAgIFJlYWQgZmlsZXMgaW50byBtZW1vcnkgb25jZSBvbmx5LCBhbmQgcGFyc2Ug dGhlbSBmcm9tIHRoZXJlLgogICAgIC1nYyAgICAgICAgICAgIEVuYWJsZSBncmFtbWFyIGNhY2hp bmcgKGkuZS4gZ3JhbW1hciBjYWNoZWQgYW5kIHVzZWQgaW4gc3Vic2VxdWVudCBwYXJzZXMpLiBE ZWZhdWx0cyB0byBvZmYuCiAgICAgLWluaXQgICAgICAgICAgUGVyZm9ybSBhbiBpbml0aWFsIHBh cnNlIG9mIHRoZSBmaWxlKHMpIGJlZm9yZSBzdGFydGluZyB1cCB0aGUgaW5kaXZpZHVhbCB0aHJl YWRzLgoKMTJUZXN0IFJ1biBTdWNjZXNzZnVsbHkKM1Rlc3QgUnVuIFN1Y2Nlc3NmdWxseQo0NVRl c3QgUnVuIFN1Y2Nlc3NmdWxseQo2VGVzdCBSdW4gU3VjY2Vzc2Z1bGx5Cjc4VGVzdCBSdW4gU3Vj Y2Vzc2Z1bGx5CjlUZXN0IFJ1biBTdWNjZXNzZnVsbHkKMTBUZXN0IFJ1biBTdWNjZXNzZnVsbHkK MTFUZXN0IFJ1biBTdWNjZXNzZnVsbHkKMTIxM1Rlc3QgUnVuIFN1Y2Nlc3NmdWxseQoxNFRlc3Qg UnVuIFN1Y2Nlc3NmdWxseQoxNVRlc3QgUnVuIFN1Y2Nlc3NmdWxseQoKVXNhZ2U6CiAgICBNZW1I YW5kbGVyVGVzdCBbb3B0aW9uc10gPFhNTCBmaWxlIHwgTGlzdCBmaWxlPgoKVGhpcyBwcm9ncmFt IGludm9rZXMgdGhlIFhlcmNlc0RPTVBhcnNlciwgRE9NTFNQYXJzZXIsIFNBWFBhcnNlciAsCmFu ZCB0aGUgU0FYMlhNTFJlYWRlciwgYW5kIGVuc3VyZXMgdGhhdCBNZW1vcnlNYW5hZ2VycyBzZXQg b24gdGhlc2UKZG9tQnVpbGRlcnMgYXJlIGNhbGxlZCB0byBkZWxldGUganVzdCBhcyBtYW55IGJ5 dGVzIGFzIHRoZXkgYWxsb2NhdGUuClRoaXMgaXMgZG9uZSBmb3IgZWFjaCBYTUwgZmlsZSwgYW5k IGVhY2ggZmlsZSBpcyBwcm9jZXNzZWQKYXMgbWFueSB0aW1lcyBhcyBpbmRpY2F0ZWQuCk9wdGlv bnM6CiAgICAtbCAgICAgICAgICBJbmRpY2F0ZSB0aGUgaW5wdXQgZmlsZSBpcyBhIExpc3QgRmls ZSB0aGF0IGhhcyBhIGxpc3Qgb2YgeG1sIGZpbGVzLgogICAgICAgICAgICAgICAgRGVmYXVsdCB0 byBvZmYgKElucHV0IGZpbGUgaXMgYW4gWE1MIGZpbGUpLgogICAgLXY9eHh4ICAgICAgVmFsaWRh dGlvbiBzY2hlbWUgW2Fsd2F5cyB8IG5ldmVyIHwgYXV0bypdLgogICAgLW4gICAgICAgICAgRW5h YmxlIG5hbWVzcGFjZSBwcm9jZXNzaW5nLiBEZWZhdWx0cyB0byBvZmYuCiAgICAtcyAgICAgICAg ICBFbmFibGUgc2NoZW1hIHByb2Nlc3NpbmcuIERlZmF1bHRzIHRvIG9mZi4KICAgIC1mICAgICAg ICAgIEVuYWJsZSBmdWxsIHNjaGVtYSBjb25zdHJhaW50IGNoZWNraW5nLiBEZWZhdWx0cyB0byBv ZmYuCiAgICAtcj1uICAgICAgICBSdW4gZmlsZSB0aHJvdWdoIGRvbUJ1aWxkZXJzIG4gdGltZXMu CiAgICAtPyAgICAgICAgICBTaG93IHRoaXMgaGVscC4KCiAgKiA9IERlZmF1bHQgaWYgbm90IHBy b3ZpZGVkIGV4cGxpY2l0bHkuCgpBdCBkZXN0cnVjdGlvbiwgZG9tQnVpbGRlck1lbU1vbml0b3Ig aGFzIDAgYnl0ZXMuCkF0IGRlc3RydWN0aW9uLCBzYXgyTWVtTW9uaXRvciBoYXMgMCBieXRlcy4K QXQgZGVzdHJ1Y3Rpb24sIHNheDFNZW1Nb25pdG9yIGhhcyAwIGJ5dGVzLgpBdCBkZXN0cnVjdGlv biwgc3RhdGljTWVtTW9uaXRvciBoYXMgMCBieXRlcy4KQXQgZGVzdHJ1Y3Rpb24sIGRvbUJ1aWxk ZXJNZW1Nb25pdG9yIGhhcyAwIGJ5dGVzLgpBdCBkZXN0cnVjdGlvbiwgc2F4Mk1lbU1vbml0b3Ig aGFzIDAgYnl0ZXMuCkF0IGRlc3RydWN0aW9uLCBzYXgxTWVtTW9uaXRvciBoYXMgMCBieXRlcy4K QXQgZGVzdHJ1Y3Rpb24sIHN0YXRpY01lbU1vbml0b3IgaGFzIDAgYnl0ZXMuClRlc3QgUnVuIFN1 Y2Nlc3NmdWxseQo= 174350 2008-12-05 19:33 0000 Minor test-case informativeness enhancement patch testInform.patch text/plain ZGlmZiAtTmF1ciB4ZXJjZXMtYy0zLjAuMC9zY3JpcHRzL3Nhbml0eVRlc3QucGwgeGVyY2VzLWMt My4wLjAvc2NyaXB0cy9zYW5pdHlUZXN0LnBsCi0tLSB4ZXJjZXMtYy0zLjAuMC9zY3JpcHRzL3Nh bml0eVRlc3QucGwJMjAwOC0wOS0xNyAxNTowNjozMy4wMDAwMDAwMDAgKzEyMDAKKysrIHhlcmNl cy1jLTMuMC4wL3NjcmlwdHMvc2FuaXR5VGVzdC5wbAkyMDA4LTEyLTA2IDA3OjQ2OjEzLjA4MDEy NzYwMiArMTMwMApAQCAtMTYzLDM4ICsxNjMsMzggQEAKIHByaW50ICAoIjMiKTsKIHN5c3RlbSAo IkluaXRUZXJtVGVzdCAtbiAtcyAtZiBwZXJzb25hbC1zY2hlbWEueG1sIik7CiAKK3N1YiBkb1Rl c3QgeyAKKyAgICBteSAoICRubywgJGNtZCApID0gQF87CisgICAgcHJpbnQgJG5vOyAKKyAgICBp ZiAoIHN5c3RlbSgkY21kKSAhPSAwICl7CisgICAgICAgIGlmKCAkPyA9PSAtMSApeworICAgICAg ICAgICAgcHJpbnQgImZhaWxlZCB0byBleGVjdXRlICQhICRjbWQgXG4iOworICAgICAgICAgICAg cmV0dXJuOworICAgICAgICB9CisgICAgICAgIGlmKCAkPyAhPSAwICl7CisgICAgICAgICAgICBw cmludCAiJCEgJGNtZCBFeGl0ZWQgV2l0aCBTdGF0ZSAkPyBcbiI7CisgICAgICAgICAgICByZXR1 cm47CisgICAgICAgIH0KKyAgICB9CisgICAgcmV0dXJuOworfQogIyAgUnVuIFRocmVhZFRlc3QK IHN5c3RlbSAoIlRocmVhZFRlc3QiKTsKLXByaW50ICAoIjEiKTsKLXN5c3RlbSAoIlRocmVhZFRl c3QgLXBhcnNlcj1zYXggLXY9bmV2ZXIgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBlcnNv bmFsLnhtbCIpOwotcHJpbnQgICgiMiIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAtcGFyc2VyPWRv bSAtdj1uZXZlciAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Ci1w cmludCAgKCIzIik7Ci1zeXN0ZW0gKCJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4MiAtdj1uZXZlciAt cXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Ci1wcmludCAgKCI0Iik7 Ci1zeXN0ZW0gKCJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4IC12PWFsd2F5cyAtcXVpZXQgLXRocmVh ZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Ci1wcmludCAgKCI1Iik7Ci1zeXN0ZW0gKCJU aHJlYWRUZXN0IC1wYXJzZXI9ZG9tIC12PWFsd2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUg MjAgcGVyc29uYWwueG1sIik7Ci1wcmludCAgKCI2Iik7Ci1zeXN0ZW0gKCJUaHJlYWRUZXN0IC1w YXJzZXI9c2F4MiAtdj1hbHdheXMgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBlcnNvbmFs LnhtbCIpOwotcHJpbnQgICgiNyIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAtcGFyc2VyPXNheCAt Z2MgLXY9YWx3YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC54bWwiKTsK LXByaW50ICAoIjgiKTsKLXN5c3RlbSAoIlRocmVhZFRlc3QgLXBhcnNlcj1kb20gLWdjIC12PWFs d2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Ci1wcmludCAg KCI5Iik7Ci1zeXN0ZW0gKCJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4MiAtZ2MgLXY9YWx3YXlzIC1x dWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC54bWwiKTsKLXByaW50ICAoIjEwIik7 Ci1zeXN0ZW0gKCJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4IC1uIC1zIC1mIC12PWFsd2F5cyAtcXVp ZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwtc2NoZW1hLnhtbCIpOwotcHJpbnQgICgi MTEiKTsKLXN5c3RlbSAoIlRocmVhZFRlc3QgLXBhcnNlcj1kb20gLW4gLXMgLWYgLXY9YWx3YXlz IC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hlbWEueG1sIik7Ci1wcmlu dCAgKCIxMiIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAtcGFyc2VyPXNheDIgLW4gLXMgLWYgLXY9 YWx3YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hlbWEueG1sIik7 Ci1wcmludCAgKCIxMyIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAtcGFyc2VyPXNheCAtZ2MgLW4g LXMgLWYgLXY9YWx3YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hl bWEueG1sIik7Ci1wcmludCAgKCIxNCIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAtcGFyc2VyPWRv bSAtZ2MgLW4gLXMgLWYgLXY9YWx3YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJz b25hbC1zY2hlbWEueG1sIik7Ci1wcmludCAgKCIxNSIpOwotc3lzdGVtICgiVGhyZWFkVGVzdCAt cGFyc2VyPXNheDIgLWdjIC1uIC1zIC1mIC12PWFsd2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRp bWUgMjAgcGVyc29uYWwtc2NoZW1hLnhtbCIpOworZG9UZXN0ICgiMSIsICJUaHJlYWRUZXN0IC1w YXJzZXI9c2F4IC12PW5ldmVyIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC54 bWwiKTsKK2RvVGVzdCAoIjIiLCAiVGhyZWFkVGVzdCAtcGFyc2VyPWRvbSAtdj1uZXZlciAtcXVp ZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Citkb1Rlc3QgKCIzIiwgIlRo cmVhZFRlc3QgLXBhcnNlcj1zYXgyIC12PW5ldmVyIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAy MCBwZXJzb25hbC54bWwiKTsKK2RvVGVzdCAoIjQiLCAiVGhyZWFkVGVzdCAtcGFyc2VyPXNheCAt dj1hbHdheXMgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBlcnNvbmFsLnhtbCIpOworZG9U ZXN0ICgiNSIsICJUaHJlYWRUZXN0IC1wYXJzZXI9ZG9tIC12PWFsd2F5cyAtcXVpZXQgLXRocmVh ZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Citkb1Rlc3QgKCI2IiwgIlRocmVhZFRlc3Qg LXBhcnNlcj1zYXgyIC12PWFsd2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29u YWwueG1sIik7Citkb1Rlc3QgKCI3IiwgIlRocmVhZFRlc3QgLXBhcnNlcj1zYXggLWdjIC12PWFs d2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Citkb1Rlc3Qg KCI4IiwgIlRocmVhZFRlc3QgLXBhcnNlcj1kb20gLWdjIC12PWFsd2F5cyAtcXVpZXQgLXRocmVh ZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwueG1sIik7Citkb1Rlc3QgKCI5IiwgIlRocmVhZFRlc3Qg LXBhcnNlcj1zYXgyIC1nYyAtdj1hbHdheXMgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBl cnNvbmFsLnhtbCIpOworZG9UZXN0ICgiMTAiLCAiVGhyZWFkVGVzdCAtcGFyc2VyPXNheCAtbiAt cyAtZiAtdj1hbHdheXMgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBlcnNvbmFsLXNjaGVt YS54bWwiKTsKK2RvVGVzdCAoIjExIiwgIlRocmVhZFRlc3QgLXBhcnNlcj1kb20gLW4gLXMgLWYg LXY9YWx3YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hlbWEueG1s Iik7Citkb1Rlc3QgKCIxMiIsICJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4MiAtbiAtcyAtZiAtdj1h bHdheXMgLXF1aWV0IC10aHJlYWRzIDEwIC10aW1lIDIwIHBlcnNvbmFsLXNjaGVtYS54bWwiKTsK K2RvVGVzdCAoIjEzIiwgIlRocmVhZFRlc3QgLXBhcnNlcj1zYXggLWdjIC1uIC1zIC1mIC12PWFs d2F5cyAtcXVpZXQgLXRocmVhZHMgMTAgLXRpbWUgMjAgcGVyc29uYWwtc2NoZW1hLnhtbCIpOwor ZG9UZXN0ICgiMTQiLCAiVGhyZWFkVGVzdCAtcGFyc2VyPWRvbSAtZ2MgLW4gLXMgLWYgLXY9YWx3 YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hlbWEueG1sIik7Citk b1Rlc3QgKCIxNSIsICJUaHJlYWRUZXN0IC1wYXJzZXI9c2F4MiAtZ2MgLW4gLXMgLWYgLXY9YWx3 YXlzIC1xdWlldCAtdGhyZWFkcyAxMCAtdGltZSAyMCBwZXJzb25hbC1zY2hlbWEueG1sIik7CiAK ICMgIFJ1biBNZW1IYW5kbGVyVGVzdAogc3lzdGVtICgiTWVtSGFuZGxlclRlc3QiKTsK