Bug 1203787 - When the add-on ID is longer than 64 characters compare the signing certificate's common name to the sha256 hash of the ID. r=dveditz, a=lizzard
authorDave Townsend <dtownsend@oxymoronical.com>
Fri, 18 Sep 2015 10:17:54 -0700
changeset 296180 f9de006c505e8c95341cdfaa5596f8b2e42e3ef6
parent 296179 10ebd4bb39d1f74b6600bcfb36b0d411c25e4321
child 296181 2f4c59d36486b729ee541c5ab3cc09645e0158f9
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz, lizzard
bugs1203787
milestone43.0a2
Bug 1203787 - When the add-on ID is longer than 64 characters compare the signing certificate's common name to the sha256 hash of the ID. r=dveditz, a=lizzard
toolkit/mozapps/extensions/internal/XPIProvider.jsm
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/long_63_hash.xpi
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/long_63_plain.xpi
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/long_64_hash.xpi
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/long_64_plain.xpi
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/long_65_hash.xpi
toolkit/mozapps/extensions/test/xpcshell/test_signed_long.js
toolkit/mozapps/extensions/test/xpcshell/xpcshell-shared.ini
toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1449,24 +1449,38 @@ function verifyZipSigning(aZip, aCertifi
   }
   return aZip.manifestEntriesCount == count;
 }
 
 /**
  * Returns the signedState for a given return code and certificate by verifying
  * it against the expected ID.
  */
-function getSignedStatus(aRv, aCert, aExpectedID) {
+function getSignedStatus(aRv, aCert, aAddonID) {
+  let expectedCommonName = aAddonID;
+  if (aAddonID.length > 64) {
+    let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"].
+                    createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+    let data = converter.convertToByteArray(aAddonID, {});
+
+    let crypto = Cc["@mozilla.org/security/hash;1"].
+                 createInstance(Ci.nsICryptoHash);
+    crypto.init(Ci.nsICryptoHash.SHA256);
+    crypto.update(data, data.length);
+    expectedCommonName = getHashStringForCrypto(crypto);
+  }
+
   switch (aRv) {
     case Cr.NS_OK:
-      if (aExpectedID != aCert.commonName)
+      if (expectedCommonName != aCert.commonName)
         return AddonManager.SIGNEDSTATE_BROKEN;
 
       let hotfixID = Preferences.get(PREF_EM_HOTFIX_ID, undefined);
-      if (hotfixID && hotfixID == aExpectedID && Preferences.get(PREF_EM_CERT_CHECKATTRIBUTES, false)) {
+      if (hotfixID && hotfixID == aAddonID && Preferences.get(PREF_EM_CERT_CHECKATTRIBUTES, false)) {
         // The hotfix add-on has some more rigorous certificate checks
         try {
           CertUtils.validateCert(aCert,
                                  CertUtils.readCertPrefs(PREF_EM_HOTFIX_CERTS));
         }
         catch (e) {
           logger.warn("The hotfix add-on was not signed by the expected " +
                       "certificate and so will not be installed.", e);
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..1f7375b7d342b535b0c3406c2cc72737bf4a710b
GIT binary patch
literal 4431
zc$|$`XHXN|(hj`|!b^DpA@oi{5mXQa=@5GFz1Kh}0V$zL7my}M6$w>Zs8Xbegbq@K
zAiWAmRaz)l@60!MuJhiRZ_k_`yR&EK+1=SQ^Q<-m51$4A01yM5O+=Loom;O@?*IUG
zlmNhQtA?WfQ;@2rl8}d2kc+#!4cG@}Gi?+omF~7wK%SIW=P+j4)EdKJm$w(CtupZ0
zdM`00#FiV<q-Q^5H`M9C7he^loe8yv`18NqQ(Il}&7TY$#da2)9h|h@wto0>@C>ws
zy|Gx@y~Lr}jG2PQsdS(%2!+WxV|sE4v|mlKSqsNgAoTQ9MdjGO>a!yDc}Q~QZL|q_
z_3;1%rdfE=2sTRB+9UVW9^$S;9y0ZSsW|g1EUPw*UL4of^O6OMi!-6G><w`5M-X;H
z^WnXde;=&!!3Uz3lUE5^lILBhi2aC&-jpU6GIaMFjZgIrO!iHZaN!a&D;E(1mx>)3
zt`2Az3RrX)yx1p<J^_<)0ogJ}xJ0mA_Mi*OJ+6@8Bh4tg!DLHU;78WK0|MF;r6=%~
zx9nwY0E+276OnQQW<H{5p!_h)p)u+GF1VC9bHpZGu|MHL$on=6sEN3a0e<?heE~UO
zv07s)#L8zeG740x)MmlDR+&X!;EMqhGWzG|Y?zp7YT<!^$bj^WfRB$U*EjaQuhSCy
z93La3GZC2_vwTdc6TBt}T&m06WPo0HAq_G0c3B>sTsY!s>q9(-`75!VX$qCSb2pK>
z>j55)waUnk1Nmjm8*C{!qj)lg)x3tE2|9IeS=)H-O8Ub3JS(=oW4)@7^bNakjh~$K
z)e{TD@2HkZ3o*E8Fxk?R%m}%7)oq1?MBZ|~w3GM{stIH2v9D^{wd#pemDO!)JUipr
zka5PX?DR<<@<FGsh9B;ASKfUTnES3dy0r$v(W%5+hA*Rqs<PS^H@Nxv<$<4$<eA!w
zvP|aG#<FRfT184037`zH$SXxKy?P0V(cnSuTz1ZqV}wUvQjW?k1JXRW{LP|Z>v`&H
z=SGG;2eZwoZ)03ex=@t9t23}6hI>UJ^e!x<lF$0YtidE7=S7fo&U#b<Il4#F*6@LC
z4Q<Pxcp|5pX11cUsn`S>D*@Uy-0(YtW&5TuK2(a*M+M)KJqaz8Nkk5yW;Wr4QpC;U
zwVariA!`c4Q8ZHG$OTD75(nQ2;|i$%5w+%MC?pjw-u)ecq$`$o8S27y@|##)eUM<9
zXz^Fkl9;eOB9{5&?_>E&w6lv&0ZNog{Gsa;C+!K)j6JPdl`>=CBt4@CK6mwNPZPH0
zJRqZBMjM({wF5#IrS1L0AN?|nXeH31lCh2TuE*EVmaYu{77Wd$zU@ZUaboj+9=xWq
zm*@gR_gZ)7N3;5s#k=;6ajVo(e&mi3(9>P6(3<kx%ZxTCmp+bJmGV5H-Ce(X+cq@w
zLa|FALcJvIwh9r`Ca1GmfvU`iPB++5vD}qAfdr4nEZ3^#EiRqP&PWKJ@DSCGT&AtE
z`zc+l-UP(vii!(oE)E(C7mwGgxX)zEvVdJ$%vFofatamK;2LxVoz*@;M(uod5NE;Z
z_ebUsx%m4Ed1MHiLCjhSS%(|m>xC3DsUKpHh+f~jj@UHtyOip)tZ-Wjwk7Y+&ZUC4
zrm4K^$~90B%h=pN(LDuryB(!XLD=OF9*6l2_Qk6g`O@lApOD5!@sl<AWe&rE5ZY^O
zA+qvdn1_4qNsg<pxstx0beQ7BEHld6Pf2w_95do5vb+X2&;A&34s8%@=zmA7M4TS<
z)5K3YUkU0rD0nK4h0vshK5Bkbzn~NkID62)cAz=aS{8oh#GX6M=*Sm3-$a}>Z5&;O
z?s#oGgnmlb@ooA2aGb((aPZ!2{=8(QZB`1wU%6jpt}IufhR4|&HTmpz#AiW;w!Lm&
z>Ds<oJ06iO8TGcG^;eC|_G?6NVj_a)DvX!Db(TBj@tV=umEAvshoRNzRb4|mtnRt0
zXDwZhGE_1yk;nVl8^6GAc=QyFG-dZRZ>P&geFF4z$=BaKBd$&z?TxM|<@4C>3hoaQ
zHSRQj*v4wSa5y!M&^}gG<f<MK6yecGItdijF6GcFt&=(Si)6{CxT#?(y5+&N3X;m&
z*wYG^vG{|@tZxywoP4(hdCl(J$0yHn8Yb0-mmlIq|Fz|*8%SD~$LMb!DS4c6OtJrW
zY#*CHC&GA5(dy2Fyz0Fjg2rjD!k3X<X5Xz_mYZ!(YNT<<M_d+*-HCipCQu?d?+bRd
z=XX<1(LIuv0O!kvAM(gUQTOFUtB-l524+l4nv1&?S{BBsoT-?|eL~H;3V))Jk&L3W
z5rqbj<!j{BvB6oiDFUxhPiPEl7pSMF@TB9L#b+>@T!#$G`RwfNQ5rnpAlcQyYZ6s3
zJc9O2^eCK+td`}#Mw>DV1@@lYmoADk%>gzHqQ_!jm`f`=HKHq0X6Gew#-dj|+@?lI
z$7==6;2p0>J)f8iu7iC;zgj<6qzrwtD%M@UXK@xTWZLB=l=nS<_cLPOw^VLM%~fBM
zfY0pculyjr(Ej*f_WsNUR%2L#5xe-6IsxvGkf*-ck>orZI3?CZ4DL2P|5_>*<yhxj
z-;=cr2hzAGji}e;OYyXOHlUDxS>6#GLQi)k+g`yMKOBm`N#TE=SQH$(S+~?2dQrM^
zOqAS8`ZIiHCrliv+$Sp4E-wAr>H~;Dr>&06rCl&)1$YcfTom$T31Q5`6u(3v-8sFv
zgCAB}UFr%Y^;~<CMKWddao0_D?TR3U(k2MB(oH5y2>W+R@wkPlNpzuS34d3<74<Vt
z&l=?;YkRkB*V4wS?Fw@T66E4*cLm^F7Bj8Oca;Hn>4VR)(b37@w#f+}V<x8n{UUVI
zpMC&9KS@+wg=uNYX-HLcdTSJS!Z|)TBN(i4nSwuA;%n*Y$v?G-;OV}10D)3Yal*0h
zAHAPt!I9nPxkpI7M(KU}^QW#H`z`wXb{#x1PvVlSjCs~J1gDY$bgq>%*f0q<9XiZE
zd1J%w69{#~DlQg3xO9qs3<x}b1ir&@hO@q3dz*2BFi+J2V~IR025)P}my%5mP8u;1
z?Vpb2N2*IKSCh+;z7fzsx@-%%-pO30yCsZf1zYt=#-B-omzZty^`T?5d2n*V=cu-V
zj>m<57wL<VEK}0KADrzgb0#^;!?_NOC`zDbmT~6k)He8was0#-{$ty>{wqU3&|Qd`
z{#n##YmJm`2^*@mmWm6;UWi*z3*pym1;P%2r_Cs6UWta*T&7nDn2by$v)@h^Sv7O=
zVT`pv!jw}?%K3s*kXO5tBHzgx9v_x3Ntb9iWAx2mpkP-k_${NX1M=qPl(RYKW0KJx
zlw{hhSdRPaYRPnC>X_?MjT)R<*(AX<r81M(Wpa6FwOmzYo(JTEe5kfe!>sW=ywePG
z^XidAGn0@#OIyWx{aCd0!pz&$yF_u@ebj`d<PVY6GXhU6K5vQB0uS$Z<qs6~&w1|d
zhCI0@i`|=Np~BmdxYJlYjHoUdso~GFc^dY0@Kx+|{Dje{`$^c#_S(vu`HlpBJFhJF
zU4k>@F<S^@RdYhRbD_wT)y@dW-kAH@t9I|J5MhHsdzQQq{w)t%MA$={!q`W}`HYLg
zcQ)R0!-e2<YV%49tdczqN1V3BAr_wNB(}a2iwlJ?kie7Pw)J-=NfEBkQwsr^iwcjE
zJj-4P+&RFUOKgU)I+|=>Dj^h3kRY3_Y0Xa243wV3d!qTZ)H<hwm^&|ZXv#k8eB%rY
z?s>^_8+m*&CVJpx@yd=Idd-9%f9aM@e0Y<nUG(b4&>E*lrdW6?6%?iU{>2l_OY05d
zmB6PiWC0=OiS)Pg-9*K*vZ~MOy>wz#Tc2~!5^>FSo1PY-GA>Y7Z!e;9BWt}M*ay7q
zO;Vl{Es=aSz{ZmAToopPh1g*9?m4}42>JDU7&dyA54Emqm=b#Qze#W{uTjN~+tYA$
zNjg*05%#^Kz&f_2;g%#e+za{ZdDUyS9@EC$(cUkuz2hQ+GtjsS5HNV-4og&m@RE)O
z_M#V!DbcNZ*yqM879bbhc`KNcA@kV-<%Q2vik;>hP!~D&t!FL|>R;6^zbZ+WA7Cxm
z@O>rTWxqWh!tZ^?KU0K)rO|GAdA)6ZdQvWGAhLSOVLN*TVYxD2$<E2?|JLEKB}-2}
zOz!fgzBVoQhZ(Xt&X<}!y~j`{V1P!h&wo1f-o?Z2H=ANx!>{|Q7SiVlOJ{n1BGTU0
zW|ivJY<%+mN<!Pg$FP%qf5bdC>U;18v9VQvdP%)2hzPy*shFjVqffCO8n8GAx1h8%
zeXRclmi{A5Br~U|7+lCP@?8*V$t5#aFh}_Y6m-^b8#<=Q<XoMu^eS26F^uapKjY}z
zJI$FNNWBxhd#yH!?*+~(ktim-)bBYXX=N>MpnW6i<kU;(P0Q5hRBPeWu|3h_@*)mj
zgwZ~D=GL|ZBx?I8Vwqb)t4o}#LmfY5*Vm;)ZDHN&4G#1lP(l@M!IF;NU!7%{)@MRq
zdvxzrHFS%kH~f!o!tk{J&699{@uW+LsIqh&g|QP30Pq4203ZX<16({|zBcaeU>|!&
z1APJjUVzk<fghX<fP;Vf%j@3+t3=PtD?*q)WXs6++}sRo$r^j#yYst)$*E-#FA3=F
zHIw_$4VIsDr%8c2kiT>*H~&ODX)}p;{IQXw(8jR;^Qrv)Oxg}XBlMn%G^!b3prT^&
zr5AHA(^Wo~m6+HsZr3)$(Kt-SnmjYe+RXX3u_q;g>>aPn$s6l;;gE8zmf1?8CJBln
z=K;Sr$E50aKF(}VIG$<_9F~#7%EM_1=+rkEzF6yH)7Zg1Qc28TPL$UM#0no)0lT+<
z2Ij{yxd#ocN!i|i;a`J2Ala?QCyzG}DP#7M;6Y1{1BI0Y4Af+`L>0%FW?$mS(-*jN
zQcH!3dylhgc=MSR(=`N92sf_OmQ}E8(f{BBE6><mE9CG`m|4;o4f>O&4mDT9Adm3C
zaaG?AC&J;l@6Fe>YBMjiQXfM?kL=Z?b2Ol<y3eoc3RbK&B>bf|>kvfLUOQn{Aob+t
zVEHZTvr){4St^mc;HFT3_J8qNy>AVD&wptdfIs=Hji-yF1I!of;dr7kJfsc*fhWiz
zApX(eF_f<G)cxhvW5}>Zqb_<_0IWJZFd?9(y5=*WPQ(WrRvi->6dXW<nsg8SL=1>e
zp<?T}qP}d$hNL*ORGtJG5*Qm77uD=I%@tKP&zrc7rY3XN45&c{mnOJ8yswYDdVemQ
z?FsPGMI!EEB~vvJOxR>@{s-=s+cihmUs~X=OZ`tg9Og(isy+r0<O8Wq{}=9KKapv_
z0d=ik`TYEy7@lYqja-kE&voQNLVHg;>Z)<bf>c0CT42z_qcuXBiCiS(85bd8&gL_M
z3<Jra((^|WbdN7vvRby<qPJ+~eY|mgLBqkN!TaA!g8vf)4&Z;R41Pxd;{EUO`7OU6
zzYXUl2mF7A=}$<1_W3`M#wq@}>wiZ0v*Q1W5PSC@>#q$VApGrs|Lf5G!o@-PTl*Jj
C?H!K*
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0d3f4b19b699e18ec1267d54e8a0b6a8b43e4664
GIT binary patch
literal 4395
zc$|$`bx;)S_Fg)qbSV{(6scti!6hY>*rmHWmhO;FX;4Bwx)yeo?)B24<N_kFfTA=a
zv2?@LJM)`6*ZIDg-+AZ#<Ggd;XP$G;oIjqU2_+z;1pok~07;mz5==r^^AiOCP)h><
z{C-t?rYk3)qW)aa)%^wB#l;Hb<!v=(U}ySye%e0LjhL8ANt?v>TA@YxO*kupl${Im
zB&qC<f->Wi@V;VaQp9~)LTXhCvrlmwc(>E&2`$FGQx^_8c6S$Q*5^ZyjU@}(XF{jV
z0R=zEh#m{eOIp8VQ6$6ki6HO-%5A}<(d9%)o`GkKtd>+>!r{jiz(+t0LF(^=L3mPS
zVnBT2h;CZeUI@XdQuwu?AkFqfQCj3~`cqgjEw~mn*a@JcsPto@Br#0I<4U^5U&|uF
zOwSTnt!;geTEl;masjujJvcsQq!#SsA`xWj>6;zwo$VzP0N|KS*ud&vv|6&a{TYO6
z9_S146Gs6X8lDk^V=W|$iMutdq}rLb6x%$S)u}#$WS^s2Z7%b_esSsF0`CB*C8dqY
z(-ekF5L}#PWuS)1#0Lr}SvDGZMG-uTkI>1UN2&fkZGVMvoZReLkzhk{R;Mvzf~8@3
zv0_DM`3yfHjjhpT8I4JmOgM{1-4u;(=#~WxY{(6uUb{GAdAedtBbEJX3t32<L=rVH
zx76n}vpGf9)OX!5$zX16xVf=~iLeRSmypsz`#C4%29^9}HnJgcuVUE6jlw{d-Bi54
zJ)~_7wLR!qWRP=|leAqJ8hX<4gx4Z-7%4c5bf=mZzP<Oh`>pwL)azm8>h?y;tV=43
z0?NVf<crVrHpIkijF4+bS%vZu(yP0<HM%U-hrtT7r#M>YZ#;+efwrvPxGaHWek82A
zHd3tIM|SDDcdz`}ElF@6*04L{Tj*Wc7f$*ib&Tjr_-#}Ug1=$mqRYA{)_-wdhc;ck
z&&s;cLH!j|(axgyM8?Bj5-+%Ce!u%h@Q8dMy#2U5((ucV@fz^hp%eElCu0daz2rhQ
zXmee>p|T*Fg<Y}A<J}^D#!BJfupF<eq*j6*xwX$q$5)(ECv#0Hw|3c)D1nsS!qi}!
zWn0M0CLX!5L!jBqR4iEKgJ{*O2gB^c+DHs0xE~w<8`p1pYOJjE&R+*SE-N9myeRO<
zsGoBlK2d+C;!~F51xggeyFNZZ*V!<+@Gd0IvXw#2Xah>_$|`ZjL9m+iGJwx6@!?iM
z0{AM~SfJ`&lr)84ri3t)N!T;dSl;m@xR~BvY=@G!LF7o$GaE$W=JwTvfSLp5vjG*Y
zUjJ*xmZJv=q+%~g>SvZPkaa`g$N0S*Dh3eY^l&>etO-6_yM`#X`6>eJHMkWUKJYXw
z2$i<nWr_c>DO?kcU#zafZ9>r*?$q*a5)0WE)`Glw$ug29C2BD<Q9B&&seJr>Wq3)6
z#Z-42Civ-JRmRq@hXV>5j=h`d3Qy32vBWZY-1z1eKdM{&F@Y?a%v87QH5t@ETDmjr
z<W^%@N-Q*YTHh|`5@caKrjxX|vTrxh`y^)HdQ*t1V)W$CZVziP0Uoe#cBn=glp=7!
z-Jw%DF(n_|F^F^xJLwhF{os)WdlR#7Fg4{*pYMxX<5V9ES&lSNUs<at5x>8C!dY)n
zQE!1WlNddlnUq)-X%R9_)i9@+vQ?vqV<&v!tfR5y8PRXgrGJu(9NVM6jLjn}a}Lr!
z|Kym8*@q~-P6=JLuUvOJ5ox5#gs0?j2XF~GZQRA1w5cR{5Em5f(V5MK;rgQ0T&_!6
z_Qe;$andA*7HAEKj4a(wQp6#1^RrgoO7~v>>}I4N-&s#3$^SB~_nQ4-iOh#eY@FOl
zQ*y;-ILu9^xVI(VW2^?TH{}Qy-IICcF820VwG=rQ-PFIWeEI<|J$TLh0G7_F?58%R
z>qcpea4>esuMBbajlA)Aj-Oco@gVS|>9dK~p0m8BDNSY?e&er`)V6n2_psAAuxq4t
z^hnNtj_MA|6wE^@R*B#?kayK|4qPPQ=GWl;8R!t={Mc&$p>Xr^JwtdU1ePqn(j+W@
zw@YV^dGP%LwF=3VNz(WgaLSa4vIx;<hZvXrY|4~&2E0y3UUEa+7g%w)0LG>XRtHz{
z%TrQ!f<fs3J#|XSYB?r!V(WS58rjz<SB?nAUZT7V7`f|SW+E@&g>B5s&|+6sr@rgj
zA8$b4KCG)?wWby3&X8!w$5m4jhtm!oCW@iV`GTBWVypLU4C|7<Rr;Uy&ef}(UJte!
z9L4WuJ=^&LKS({wwb$A_47+GH6kdEC9($HHxa_p!rJV*DU=aT5*{u}Iw^!FyvA6Rq
zxovBnw<CoOTg_P@X(~Bbx_Q^c$A!B=M<mDk9=wTdI4#b+gI-C5-`6dNB)X`2O}#YS
z`07|+;RNcVRp{R#J$mtwKy<QCad`hQuLUqwv7ql1d|Vr;yrn+7Te<DTW8_|$u1`rm
zo0GFt63~94ZMbYof6-_^XE*r<xND#FWiU;o0f9|hXeKWnYD6DUY0(YEz$hej@Y5G>
ziy=XGhiW_5U%oOP&u!e?QQt7=7;?ED8EV%2OC%BL=kI5~T1Iu_5VigI$S{^H0K;*V
z>mn~c6mnW)b(+DM_@i)SO#j91iRw(O$^-p^ff*v>p)hAv^nHaJQ6GCyODL4H?L`R5
z7h5*AexbPG)N|u;G2{E0SVT6u+%jAW*qpu)G+mjiEq0cSHZNc55h<SR8fRSI(bY9i
z#)l?2-WXmb?M8p@<Ir*vw^<gR5LL5}dB#i>I%7BQm||c_8iRsSvCvX~m#YJO)uQm~
zEm{E(5}qGlb@q$~e2$b)T@WP#$bN|Ym`znwTy&=x@G4zLo;Cat(NPnrt7cy{Zyd|e
zt#z?O9~@X{Ldg*l@Wj&9lj@lCF$q6rc4Bsi6mUnjy;zg2wTqGoqr(z&F0vGMmQb|i
zqUC2OE~G)?AAS)4Cw{~<bg$V~p=SfA3BAfSsqyAD{&8==B_eInMp9NZnlRdj_@+?C
zh>Z)))_+q}k$7Wq=UjT!T2R;7*6Xe+wTwT{K5aE;;q;*aMo1&5UtFr!4X4|PTD24V
zIbdhJ5S1@i&STW#(jCu61J0Y6#a*X;IMY!bZVOxY5caff$oneY@d~m|WGXXKb^otq
zKQG2&H>GtV!dArbj>VU+rHi(1?eh?}Zx*Y9$X-E@EA!dl%#PWdX0K8&;Ry5jPqM;h
z==KdGfuGtNPM$bd1-J?7<D`C}H?_SMWy)IWy@njwJ&u6FVB*oq$(gwh7}KpZ-EqAw
zpOF3LH=4yO(9j>3F9&$2=vJy&#GJ~sHy#z<e(9kV=&PvE<f_5OV3iSrO)^F&$vEG!
zWXoertw+JLz-T??<Qd(`4UQP6Q{}Je9;1hfudo@>Z`wdR@TR`hOHbuA)1pt3Rh=>+
z2=i(`tvAEbons~%Yp{p;^`lwU$D2P$Y}r~DaE|rW?s5iD9X4l`1HOHSY%W>1a`ir>
z(of#9rt{C7ZSxRW8i&d!VrWO5RBSGWC|%cxJ$^qU%`xHY3mtEvH5BN1r7$(w+vq~}
zi8-!%CF|f23Fh;-?Ae2OtK{A^;0%o?o;OX7e!}za+aHc{a7WE!cQ_u`P7q0ow;wkh
zUZAi&gHXMCRTMF)`CSQ)WX`$n_rUIEklMS62bX18r*733?1k>wCoU&0>%3{-Jb2YS
z9jch_I-i1(Z^Az)q`c*hJM@gDL|u~fA6V!ujMak=cs-WZIcW}S^w_(OCgoG?FHJ&-
za5s(e6H4_oqN~Ejb@8?l-`0YY-6_3M{Ne3qCQDIE-L?sGGqJVIcll!cyj7$oow=Yi
z%V=L`5DO_xT8>WbLe<3RyZv67Sz5bcb?2u6g@<3-B^;SY*3Yp_H8?`Vd;Ord<VGFl
z@x?O9Eog`O0`z>h#7%R;?%^&ydCPM_Ps5gv^v89<2qafl284po?6H=V4jg%43AGC6
zGYoF8aCH0Lzk^~tYY)uyWm1#3#e2au(gJ~<;n`k&Ab=+JyQ$ZSx@lUXT{-GnCBHL?
zts;tvfCIiesU2%2S2N<>-gjD2ihAuQad`}rM_}4d*FLXGJjcw;jPv)~wSkkTia`z!
zplU)uzku<cQ<}@k32L1pQW^DqE(zNrK2S<TbpEINKr~{VUpB2g1JTvlekA856p9^}
zUD?W39dIS9%I0z!stBd52njQ~P)SXiy3=>og2@!D5Yy0){ur6YOY2HOkl*{`J^8JI
zcf>l29@yY{+rnKpN4`;US5<yQ%7tz;+q)-{gB;pz>EI1)S8LD)k7uo9g~k9|y$Zie
ze#rpP@NhAVCD=(*JhvooOn3o$eD9zuUiEQb)Kq1_oCEiRaTg1^`0CJW+>Q#<>)>~g
zv(dBw!?5?&O-_x`nBChPKOZVS6re9A$U<cqGek_6U1gYJZCHd7t?7CxHuyL8a*2DH
zt>gDkVGP<QEW7tqFYOKTM`_D3?FvC;cAST@n*Y&2_`fvJIaF9lx{k`w0S^F3Apihw
z0T=;rH*X&+7Z;G1t-YQu5rDv7>Qc`);1&Rn@c38Mf5a0)$HYAn%owt6;B#tf0y1Zf
z6Y=cWwlg|5FMdQOP<F-SGJJi(OTO8x2n^({SkEgsc$~bJ{AgU#KtgbJ#4q-9!N)AR
zc7B6_EoJG37J#0zve``U-2E&kg*;YLQs4NW)|vK(Vak@2SuZS29B-O>(h_e~J(4{r
zv8;-KqBL5u??{><RK<>iz9swQFp9qERVw>q^+6nx+#3}^M??=>yE|j4dy&o#>XAxj
zo;grj9uzGSuVm@oI0`I?V{&;hyewrclHyl$u}k)|o{%y@PYB8E4&fe<7-s=L=hIVt
zsv-Prj0yW1Pl2(}g%c<h`q*=vUCoonq?Eq#1r@kyu@?E3U4!wE2c$G@b)}fYJ7Ho@
zYcS+T{%W|T+8g?W02E*O12+*7fdAffMWZ(BOyiX#G<45aRXRt_V@W&qs;+R+QVrrK
zwN@8S0(9RDvk-u#wgfAz15Yq>o!Hw#)S%{2fad>bRh=J={jtBiOu(O7)yfTSZ|Cg;
za<xBD8ySW{1wa#&Pyt@d$XJ6m__N6OrG4m#T9fv`2p>pgWN?B{Rb|<05Jtk|J)$xu
zIK)3VAkeIh^A*w~J@yb?!58*n+t(+@qr2@!lnI%$g2Pq*idSD$VRO5VUu|wSWzF=^
z%j8lAp(6VGA6D<oMzG1SoWmjUXNy@Xfgs{$Q`0|qx85w<JN@zke_i0;X>4!%TNv0F
zl%GdHb?Se3@B0c(`3}M~e&uuYJ23*`N?Q3IDX*)juZe9vZ4H-A!)D}sQqp`wuCC}v
zX(mdc%pfje;+(Z0qD(!B7Zs;ZAoP;wt#4Y_{}r=NJMZO*_lp`HJ}tpNF980}!tntA
zunzc*z(VlP<MZ2oe=dt4qy+qbhUrgAfA;ymlq#wIzUzM?{8{n;BG^*@ZT&T&M8v-X
P2!9>=U%YOpe|!H1s>b=4
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..8b6f013a0014330a0291c1fe2eebeebf7f3d8091
GIT binary patch
literal 4437
zc$|$`cQ71o^S{$OL4*)BIUG(eheSQS2d8(U_Y#hX9zlX|N<wgYiA3}gy@pew6Hf2F
zME54|%x~U#Gv9aSx6eF(?9M(rpWU5(W<IN>ij6}J000O8NrnQ7=}3I^6$t?Fg#rNh
zV^xRg%J3*_DDb+t1vof6TS7d&EXUyfl1WaNqJptL&S9JgWa&Yy&$iR6M4b;6!UH7v
zv{n@$x`w2(Z6RA?n9X-&JcBAh*tT&WCCHee@dFwmzIT2-H+cE$eD+py{<41e^4qsT
zFVp$UIsoOR7YE8aRe2IbB2Nx_Hz^3DM1W~=WCgHewZ!T42~tzu;91;k;IO{4xDSZ_
zM9(Z!+(W@fKoS{>)_BsiL)LP0jK$ByO%!l(35t)Y)Dk<(S!o7hGdO2OEdy)GfR7n`
zyLLb!uezwh%l5_G9!j+!#0GJqwk*H6;%F`qi)rS3el!>Tl3k3Y6ObUsg@aa<OhwAw
z?y|0(w}aOfRuz)kvl0Nzzn(peWzMvA-OUt>jb*>H6E5L>{zYYCY=C@kF%;QeTZa`&
zK&wNiC6_}M8A|C+2Yf0P-WS{=2i^v3Ee!X&U$nm>3p*$Gyp1Er!rZh*o$v<UR9tk=
zh~d)SV)9DzU$%k4#l^s4!2M`>D}EJw5*<UrD9;WKRv<TCR0o)Yi6pid%jj-&8z;2b
z^0PsUHn1!d23>Rq5ON<*kOOm2A@MEFLik5&7L>H|Kjg+nxzZB+`Ba*f3iKLXpXX9F
zR8p?qUwQh|<lc19{PX3V(UJ3ma#=5h2;LUra=odh#>#$tgG6%>e40r#VC7;s3(9WX
zJZxycdp(l!mI*OYusu}<(re5?zkO&l3674&=CUlV>KMa81dm9dpSh+VxeaDst{|qD
zM}G?D)ZLH9`>HhvqK-1g?%3K@vBDFs$@MYalXJb&qlB6_r>k7X5fsT@TdfSF=^u?&
z`h*;K(e>j_dj)VoRty8=6nYM0$DJ?GBzh2qoM9;J(Mdl~SJ7EXYCcu;vat?t&7AKs
zuC&HI-8dod!4v{TokLN-xa(i6LG;k3x1YrzQyZx90kiJ72xujKVpbjUq)Z+<Uy-Xd
z%yE{_eSi#1eDmyw5Q<2mo$`H8*h%9=gq0{$86nXWu2FbCY%Ft-Nwv08$g=}!mk@?Q
z&|6wbYh<A>bBJTa&ss#6eucu_COyWxy3QP{T52D%y6X$%tE5<iMx+i^8vC|sONW7t
zg%JrEy@jN7^r#S4qi0o}wq!Kt<l+NF5;bMJJozfrYI0rG#0-1;Qe9)pHfyLft9er^
z>#95_wQ2#gSdxy2A${fG3)fkel}wkoDA5v$dpo@aj`QWEktUO%c_*)tb+TZJPbWda
zSFSS8n*&m_X(IK+jM%wumVazTLz8y&O*ar01h4RpYjh$QKnkZlEBfUEC!CpYzdoRB
z;2eR3HRa@e#B136m8$>w;(1WsDAlO+G=UzL6&`grr)Kt&UHziuxGm|OGv}`(pS-KN
zElBAXT*18A{xF&qkcz+gi>e&4Iod_4G**mQ!qW{(3PDj<#1+qGppx0c!s2mbw1av?
zk;;AkjqXCH3MR@3rT4r|`vw*J!)wAkaXc)Y47lMhnAF<%0_9u7yS`S@eY(<fPdFFZ
zp7fT%O?63*MEicn(EN1OK8D3%_D)WFED<w!J@`ImTjQ+|)xt7nT_c~=xHXf60{c$i
z+vAh)$a&29et3s9jn3z%{8l|IU%2)Xy`z2d6K6v>;z^I8%-~n53`lUkjd15O;itCq
z#+mt<S*1h=TR82AKFX*=0kJ3nr%SZ3Wl+e1c&R5BcCKi_D1A2DD%L1`S3An5w+`7Z
zA_A>sW85^R-Wr$r(XHTh#T2N_lB;@sveV$Q_d$_yvEeaZD45k5S+W_U+e!uFH}3vS
z+A}YuVi|tH>mC{zf4C5{fYL#3=iLoYE|gL&v^6G%^5~G5<oH{2yOzDp*e(y+@iekQ
zOnQ*7|C*WIU?Wy3p?cE0xZSY5ZfrDNYTTz;K1R-xWP|O;Ls8Sv!bJE<nN!zQ*}QdR
zVCRJ3re`GfI^6FdvgnJ9zp7I)Q0ShJ_M%%N`#ZAmkBnYfTXs@H5006jZHJmkUbqim
z>gr2#vIY0lVP#$5U$JYSn|t0|7&m4yx8_7E2Vh+fz#qQY6nP+{^vj@miKs(6>t*v=
z&4;DoeNqR^?v!Cpg(KK2djR^gTtes^@vT*zSz#gLCT4yn$Z_-CW4zka)B-kk6iIAK
zN&Hp`Cjav+n1)Ho(RuTUu~K&NUO3!dZ6!uHGXq7qXZC1-yAKCP=)CjdjfZ2^xw`sY
z@Z&~i-;w%3fiEUmxq?IYm$B(CPhxAp!8$pUBi(O!*}XDnM@~FQ4(&B*NHFtibbNu8
z=(eC^<qOnwgK$469;RfFq7;To#<%vx15&!#WBPJgnj58jMvf7>GBt1ra^q<kG%@IT
zt)++ah-$25QAt9=ajv->$oHtz_!CXoXt&&H@AuX7*{UkS1X;70A``-iZ{GB8YqA9H
zy=&`*0pE_64h^}1>8oW(Y@%M$EmT;%*vO?QVy!LC3itQdo@aBeEPsDkI`zs$vAdno
zMS^Tg+}Qh@$o!II*naduxuRzDr*yYc+O7(+Bb!dTIn0w?lSQ6@PIY<JB8pSzfW^EC
zjT9BzSABEe+3ND8<&=$F9M4QAk1z+l+wd)c?3Gb<_Z{BXeT_{Wvpw^fBBZ(spem<C
zxKMvyo~(#qgNA|65K1Sqbf72wt55f%kZ&^8Wy3umh)B`8Q<<&sr6=uu?H(1ekhQ_)
z_yNAfp)*evx#J5~@z=i|&|)<ero*rv1C+81Uam0X<6<hk0XR6*x7Sgymphnf<Y`uZ
zHeis2Myi7wK$RqeN0fs?MM(n;IhK<7sI(@LPY4vaI@sLDA1HpVl;m-aWy44g$usCr
z0@h?YBo_Jc0a{lZ>Z*tjiv4Ly-td%^TehX!j0RUmjYHZ>$*y)7`oS6z0R!WJ%6GZ%
zcLnx_Hhjg+UVMAz(j;6`nUE*$hfT04RT(pa=Yu8V;&)^Iv0DZ<B@=O*HS*}1iSYV5
z{Y32Pi^Tq5{k)nRqmYIU)p~w5sU7aESU=Y5C4!^1iYn3p&03C>v<P2O#FU~oM6)C6
zQd;^JRlTW+P&>;TjdW<PzDbhoGa_s|ks(zar)NB&NFm!`S7K*~_=20Zw6~WySLNmE
z^gjA6ioemtpsAo=^D3!ua%}zH58Hw=eYHxb%BPE#pp+|CfhuF7O>o_6SPJpptawSN
zz6Qfr(}B5+_;TOMHzod80m`}t>r-I+`*<btqU@v>Tn?#@)uzEBV|UGqSLFO;+#ps-
zaQMY4!d1bc3<JDFY!)4wc=&nK^Y}9G<_w5#oH#V+Wz#gcxMfW^mY&OAtjbv#2vkT+
zXzkraW8Tg64Zoh~-95~hHKIJqT&s?wXViMK*U2>?kgA-S|7NODr{v12&y90>$2K1f
zvm5p`5EV8=HfmDIZxhAkILwn*a%n`BKGY1>OIg%1GEimu=0s~-oG`p@df;yNbWg6$
zf1ovim#jRzrn{mw<Kn{||IOogj`i`9m~l@A)Q&UbbZADUQSPvYof;);+dy{%=|skw
zNOlUf&JS{^Crqq0n6hn@pzKb;XKgOoBK4BjNknHY++CfewvUd?>J@K#A_S83>+3$p
zgJU{-ZC2-s+5Cnk98*xMfyrwySFNDjt!5}jWX{dTX$UHDx1ip$DVIcl@Fe}Qd?NEE
ze%ZUe1ycIsL#Cv`;A(%VOWBGC?#pW+ie>W|`Iol^5oEomHF(4n*A96w#vUx?2Jl8Y
z-))))Y8bbQijIgQpggVFG_dj^pE?;Q94z!qnm=y`#et--B76U%Nh+2)`}E{h1nd4P
z^3>2Mu7(hsv9LU8ZCiLr-G!ecBO0h|61?*WMLy0}k0Y}BV3_}n^-Vf?j^L8WOj$bH
zJ~66nf>ZqHX>aHEf+%}}rC%!T*v^sH2dbAu+iTTl5L`{}?KzeLTaeX3l~|C|#8n-F
zty3FWtX>w~xfQZ1eo5N+%%5k_B)L)Y@aD@Wzl7Z9f=Aw~<6X}*et!xtWNrNqmUx(M
z?!0zsw)qBan~Je?M;*hF0Wo@AjOwMm=hl<k-0ZgH$?s=Bnlsz|R3J9>P8IJB3}Gj#
zYr%e%Z<ASngW8qL2!l0Mr5w>CaU&cz1$_BLg032(>C;*d5k%|G8ZyChFUYb-81r>w
z<ImgZXF}d{-z5a;9?d|WuL~~~*Pb@Wk)1$`*!HahOUnipvG{r5CRD4mpdawA(bwR9
ze$4CE3YTF@-w#>VBd&|Gxv3iX9<K18>9V-W`13ZCVQFSTlsf#AB`GjOUnz_-{CWUw
zAJ?Yf&f*k|iCIQC@uF)y#QVaP4o><HGQh{>?=}YaI8!f|Uq>}X4jw&B`Pj!@&lYK8
zG#8paGrSJk^P5b;KQ_SF9*0*@UXL4A%^3~XluG*Xk~MoQ>$lCR%3fx4knD-BqxK{B
zxX3=@Z2MjYfNM8u(r$3I{>_%KezPTrnt);#LFdLZAOP?d8vq~%&;lG>y}T`*ogtn!
zc6z$F0PIQ0D?Oj*!~h`9>2I%p)2zIw#%`f}v_Wfd?=ur)h#B)ML62`cwuYx>*&KvC
zxz`NN-)}C#M4Q#}RQ}+CwGWv`!f~r{977Utao&}F-^kI-Zsgr2Zg|hO(&Mi+06iro
z(~0(JdZeS=2WA2SpXe>CWIKakB@0qyfQ7OBZB<)*3~?EU)KQK_S%_+pX6<ANel?UV
z+rHN)=a5K^q+@)A%<fd9cfXLxt0?3yE{)nM-Gqhi<vUhLn`GRBi6h0OUZJd-QpQ%=
z^&{y!(6i&r?vM^U#vQX?^Hk%ug!idSth6NNJT>BdvL0K+>K7-y%(Qu(3H|&CJCg6o
zloIIqmE&R-EPYX@T7k#@gu%kG-BMc*mdUsN)C67Hevu%gms8Wo@hNGCnl;7EbPef_
zXF_TCV*!PIfa6`)^U;Fm=p(Bi@@la+DM08wrX!E!(psv$HQjUjdA~J~95gq2`^_ko
z(d|4E&Ayva75s(G%FM+18ld%GtacYjOda`KO9uSSYAszI>}<WfAue`D>iyr<RCyr7
zq^dk%bpPO29llXP%;KSHzj~EUPd^t#xxaUqOGSCfvsVqD)2m;3khhP!w}+=%XWxfk
zkKoi@Xc<euo8?fS$TAz^KewXb?~faju;Q<Ap^%Nd!}+GV+JrgTU5~L7y#d{T-5{rm
zSj-}jcZ#MXinOQoAPcw~)g~r?;pVWZNOSzH`TxFD|HQ_<?1<57gR0z|JSt=Vh5OKl
zf6S*>P4jm?Cw~&d7AU2bWmUa;p#JsUQJ)ufMt_OPF%Qvo;tv;>y3ofAr2NV7q`D--
z=XJHY)QD$~3iQtcY}O*_>yvEj6%8jnJ%GQV0kNpD|M#lk|KueQ@IMv@e<Cnq|L^hn
zBYz&}hCoOG|DR#{8`9r>{tu*avVZRS-x2<<_<th2A^*qvYpLSm{c*tgeQ18;;-vVa
F{R<_FH^cw{
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..50e5cd5d9e610cb67642d7927ede6a93603f1c70
GIT binary patch
literal 4396
zc$|$`2T&8v@(v{QBE3j2QbTAWpj1(c2}ln}Z$T6g6Oi7EB27vFK|)npP<m*JfFLD;
zROuj61Pm?o`t;5G=go6|Z|1)@H*<TlxAX1p?A&~72nB*z0000bAR8v9gT=jdAEpHW
zsu%!(Kezg~O*N(T478;^9tF6$yE{OTD2GwFzskt^WknjNY_QXST>7t<a~54}jP2to
z6)A;1>5kgZ^h)D{OQHlhwWHbu1gc%vCzU5|?pHh0Bww*vdu4Jk9jJbA9(W$ux=C#5
zI|$A_IBB`0;dp@#*Sm%na|hB#gqI5MvxI%ZfXKtYf&t9H_tPYl7GW5A`=jrmf|U6z
zK<oz^e$Czz1{q3P1i&&r_h&5Wd}u(p#XdQiOK3L85$K{3=7Bv2#8XycAXyailN2(b
z>3A=)%{bI&A&(iG)4_<ak0I*vr1|T=U>{HTD{O*-lFc_f{d`-v?vXM~;chZe1Rpf9
zdd*q01bwh#ZJ`3$k%@9&2C$q@Q!zi&Nt<8#u^_ziBMya{@I6wy^Es7ae&c(%iI<=s
zX?u%TEp=X^xt3F!jD&=%-}mPyhD*K;ccXcfDqFA8kk+>ro_#r`X}suq%07SIzw+^J
zP{`%8v#aqW9gkWXyuUub(<{MYrr<Mw;kNpVFEXi}&y;f36F>#tC*BVGxymmr!!={8
zE}sb^A4L1HfTWHq^VyJ2$?w?`uJteP8OuGgFb`f8OeB{|<L*El8%AWfl1)8JnNG|5
zC7!)xpIxMPqDEMiU;YpT8+Sk1&ZC@-&iGjajBIuB;p5thXGZcc@(MNvTHjQGEf{Bb
ztHP@h!j`Ke5@Ey08h>Z@(5bfGpkPjNY^jJNB0h4H_cd0C(PlhtU<K@sM^xe;8HygI
zIR$Pge?H#ap-@+;qq)Oe{$W|RHdB1T)O9M2hCAy`aRSRNiNrEJ=|d+Wxxmyx95$AV
zW}mHG?z((L=@4?$<SjH7ZQjn6wN0`~2Q0usrz54e%Gil;)Wf@qE)oL_M6z{^zd;D^
zEu3BJ%O(QY?quPi=JI~?J#*#T@X0oecWfFhoFXb@b<D=6F`F~CQ6$?Mn{+5t2U%BL
zqcZ7gyal_2iEt=PoG-4voIYjQe>*7l;3?lwKKM?Cm;6E*q`iRVM!M1|+MqS#>X*j;
zV2l{cwuAYh&)m_=0|T~nXszLo>W1iqj*N*Lx+z;*KE7u>0w4*<_7Yd^#W1j~n}|+n
zQ}{AHnm;OI;Sk$N6cM^6(7iOblag58yjR{MU14q6(na}A>0>dPM`v7W$19Uh)6I=5
z#Ya5+0Sn&PuPN8hD!XvVz@Ao%z(m@&{h~p_Dm(I_`7=*2MJ$n`|1pAFt*pZ>h=G=5
zF#LSSRNy51`(%2A7<wmNSHx(QXYEM*NxJnju4i#nljIJq3}CTrRAX6EyxK%k-1Ft(
zrljy;(&+-8K<%ckyTmw-tFW|Ht-wCb0-frd+rNeikr9%C^zL<b7E0!MmP4K|I8x^y
zx>eXZ?cNr!T_*FuQJH8F+{cbBdcvVf7D%k2wRoGSGgLAV?%d$FGMmyrnOVzziU@`8
z&(FMr`+I1~Emg8>y}M}Vc%h;Si=*1&bY4kSj=F?7ds?ZdGXW&<(vJ~yE!o~6`n|I|
zr-~hJ&^y$zKxMOE?eMzFvfE!%7||}4?v9}qSw3!AL~R$KJ1dXr`ZyE5BM#DBJJ$EJ
zBQQWg!mN!Ql$2|^kV|~Xtjoy`GxZAcOJDfW+bBuJclf#-JyBc@i1rn0y}FWi{iye-
zPmD+_K0^)lr8EL%_H_GvF(z{ZK=^<T#=W12n7C4~TJrf}FF_Day;oI*2yVLHw!G&(
zBY=p~gl*@!i}2P6$<MxIZUloLZjE(5f1TtI^TqYtozLt88nqBr_wZ89ll-<@8Uc+*
zu^DeP5OvigxlsKPuIu&iI7~wA4^EzW$!W#HLh|0g9em9#qU-MAV#&y*m?zO@ys~Sq
z)O*QC4R36x`+n$iF1ps{DVd0qW70QvOPg|r22BTMX0{z%daOo$#j28IB|j#*ra0Rq
zdvIw)C=*tjdVKXM&Y<y?=R8Z+jC6TsETg7h=YAgz&v?#rN=~Jf-&rQGvUTN_xTf=T
zRM@h{<uqs}u@5p5d~9MGsFx_8Y^o&3Yh(LJjo3DW%uG`)kOV0oHr(p{W_aYfCajxa
zoBhSy@wQKaulhGgpYx)U<$zZy?b)hOgBrLd9!;tDT<^G-Eu}ob2QR(rxjL+X@i=dQ
zOEbM$ULpmq10CNcdOfHE!C;FLbGUSw%Jr%MLqXH=kYV~;QSn!^kIJb<R9;wcxMwT)
z?Ho4I4=QvwD;Oymdi`){4OtU4_dNgHQ;IfX1#7?X*R?3Ns3@;cG$ALu6g&Ej=sb2y
zDmX{xqh|`L=~OP~<s3Y#aN=pqgB6{wGhq()>+6}iNr4JWj@K~PkP53;UcW!O^0?<!
zmyIPSyZ8bQ{fX80aebdxt)7&Nn!u|pzRWVuI46rvY%ZN+(RFeIfw)LA7v`JJJB(%R
z#>-cZR7?8@;Zzcvu$Y1Rx|z+fC-ar%*W(J^_+WiQG<;k(i;8R)4H+G~PV}_fMRUWg
zcq#w<uXd;0nlPv`J4R92d=WPjD^Az;i*4J*F?_OJ2d($rXv;2A=d-+RPzsHd<pcnZ
zF*auOBV=<nrrONeU4HpBAgT%L29ad0P9E|fucv#nzm<?fwb$J&q34$88b%;ab&C!t
zD5owqQ`p8cJvEKl=#lq-rE+A7LB7&LjaitS4yh!9x2S0yDvk6-!xu=H#K`Su;xq+7
zX}n=!8g{M07E$B-_Y8l|W+MQ8``h`!cxoAWnO@o7|BeF#CI7%jZwQ`}W&enSlAiTD
zWAzrY&C2qnAf3$?WLC+J-L(i4hkMst-aO0;NDJ}P%1=>YVh;*_f7P&LPUyV&9c3@o
zQ{>LR;TCcm6t$nB23QJ5M&p(1nPE;wsF{bk=gH^T#5xre59QhnE>0_QGCVKc>S9n-
zN=#iy?BLO^x88+F{@f52XBkUk_LY>_bnKXzVaj;cy$v9E-{_UBnl-W|+AT>w<l;r`
z<v1`NRc~jVRb+ksp{1qDpQl*&`t%G^b8^#|;H&}N?7)7gyJ<UcNS(Nwp>kP(*P}XV
z&=V32)Bh>@?XADCucuYWtfN}D5&NuM(Vz{tSGR@rLeTDTkE6+yix7dD@U+USaF~Qq
zd{ST8?6ozj4cdr%Yh~{xaY?&B1b-+OBjH=u3{N(%;ZJ1gIibvo>VQ6`qXK?QQ>fCp
z2U*hh?ot~T9I{$B&}m`)n*4sK?Tc_Z>$LQfn;H_umBQE-&^Jxyc)|+4Oj8P@$yeX>
z<c@>@@6ut5cF!7hLaev-Kwi1(_(!`d_g0xkX-4}it|+WHHM&@E%_-J!m7gXK-kS7w
z`E(u~unIQ+dZ(pt;FeiTZyDi`>S3*L@KZ=PPCgCx?Rf8vmZqGu@?)ftR*cqB$GsiH
zG&Rn0y;5RmNazEt16)I@4tb0#j~zcwTka#_vyxEtReJ`xjurN6PpG*cSxvOmMNj45
zE5Z@L22?GKpn}jiD4fj!rYKNUz~1gl&*|&I-ERHa@Nr3!$CCfgJ7+qtKdd}E_ch=Z
z(eD$-rM`FT80&m+uV-18(QJ&FJQn<}@6hu*#2k`b{H_ciYhx?WYyR$f6V?~&dVk2y
zOHy}dQDTitEH}gh$)_K2{}<XI^Ng0ubXW2Dih5rQpO3&O$^3~d73d80l9KYg@@wJ5
zxv@RTf;!f47XyA#+s6bEB>SSB)OwZ|l37qfPRu@rE<~n$^xlbVm<c$2FzIPA-n?Ke
zszWi>#&wzBVPEgXQ4!@g9+KU*n-*t5p$3<$5^rd&u|!9oj5v4u?1@3v7p;`B3A-;m
zsvrZRQcM*EBkf*=Q`U+_GU>kHz#P1gmKH4%SzWlmS26r7#G0=Rvox6S)?VrDi+glu
z;Dz@FT0AI0QzuW2wO6TBot=({X_8t2iq9tAb<NGsObhpQ26bdM4aqtCx*DusH;saL
z((6KR94>YojdPJ+2?CY)2$#cqJGP`KN*=#gB_PbEO}rOmcl3-k&w=ooq!R9<Pnrq|
z6S6xcZYzs}&ey&mSRL!lRmT#GD>!{2Y-6I~8_DH+Wg*4w_T!4R+ig>jU9`=(>atxY
z8nnb>tG2d~N46*x{Jbj1I?%qZR2A*Zaz|ui+TcrVdP7!33Szp+x5%v{NI1R<fEuZy
zHj=lDx>@)7zRsl)tnb{(M~#C!45hvy^Ynox-OG#(nI7IBxbr9XhZ+JqyfC+fe;MQg
ze=w^z$!$;-F>%h-p7|W>ambeQw}pv&=+{`<Ui91_%GRihR?3}8N#X^L$C&6RX6(6@
zJZDO}TjUs+ZJ9q!Z~kWGZFjS~h#x2htjMvksb^(w<cv6(k6hp#%^xFY9R8ty8rtl<
zBwZR)KJxGi;K(9n@O6eWlet)-tYLxY+v5x!bOP!EWcY6qMEaWqL4K2<F3QeTR}ugq
z2?zkt05||{o+xhzcXtTV8DVBh1^|w$oSOOg(Evz5`@gOJ&7NMHSUrl6;Rs%Vdmma`
zL2UV-$v^%;aIxIC%@?DRDmvqK?>j${pkAxL#q2Lpyz&Y|R7hA(5c_%qeqDMA|0HGv
z^EsXMJs95oOINi92QbsswfWXD$(8;<>lHsGrBCd-BN|~5s%uY|9$;^E|Dvw_MI23q
zm^!h*z9Jl2dbeS`oT6TtKL37?Pr(i~jP}#m5<Ozypl7Ru8dVz3O2!6T=KN-FdXg##
zX;(?$`9{?F(Q`EqhvjYK_({}YR6g9rd=CGF;3e1|%rTF-P+evzcQm{)i!^xQlc#DQ
zZ(f!bhH-w5QLelKjFC~B&=v7JeXx*sJ8QwXUR&z^9=H924hJK%+ZdUjCf5Dfj^pI3
zW(BwwvA1ai7Qu{1HY@2~<kn1<!`};m+aT}8?p%8*Vy>WX`sqSXTENxp`A@HDPn^^{
z+Om+p{P0dBmqcbqE<W7L<b8A$(=WP_Qx{q#<Y;T{eg-i7FS5EpLc<dCTSEi>CaVsf
zZU`5YH^c)$)W`S1pi+=QI;fOHKYpObSY||ieqjfS*RM0~#!Eu<@I8Z)cl3TBdteme
zD7@Z)bT7E4TdLl8%SYCXa^LIfBB`9Wz>Yb!Lq5cRc1hdcpDa9i$=~2uJ3pOKJh8ss
znjh_D#@pGys=RvpJbj{6z&1Lav2-%J)M(NS@||q8-rD*v++xnvFCYBY{C{uee<Il^
z1Wi9|016hDx-<G;xOaSHM}2x=cYnvT_a`u*9G2y#AoP?+zb2K~ivs50%dK~%sLxV{
zJv<sCRJrM7(eSj!G)uq6h9Z_g*DJ;5hXKwjF<eb)E=@X?<H*M(zoC(kvH<`01mOQ9
zj0EsM<^g{^@B;sL`}~nVkBh>|=m7tpX8Ie_-*x^Eqzd|fuKM2|{?7P+Jh)u?$NU>Y
S$;kg0fPOEwKj0buX#WD_)(3F_
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..993cd4cb4793b1e0ffa04156b68d8c30eafca61b
GIT binary patch
literal 4436
zc$|$`XHXMb(@rRX8;~MR=|!r9CI|>9AVqp_5(pp!fgq63i*%6QyL19blU_xdbO_Qr
zQF^=dUi8&>=9_o!oqK1#J#&8SnLW=uyF2^iSxpsOJW2onKnN&Q6;ezw;RRn40{~TI
z0Ko58HF;ebh?2SjzrBN}4FX}#heVlA8hA)1deMkRSlyfL#aODmvli$P`jW&x@Hx>Z
z@;-ND&*yGpa;0~?{nUS;W2;iQ<fqE4hT}{7;>#0F-<&V)d123QKlx&RX6^64Kfcb~
zKYourmn6uk#=i3F|8lPfQ5A5n!$bFs-ftiaALOse3yAbLJp<tJN^1~Q-Z<l|X&H$C
zczpP!gD2Ky+L;AXftFWO&~JCzuZn2iS@FL^ZZxPdPicbqD(lvm{KAOJN&{s93)g;e
z5vLFOvGb%G-=k^|nep<10RFcwa6Uc;QPKDY{;}|HJE65Fj^}3wu8K+ki)($tlpO3*
zwd9^CjR%%V-$N*Dl{2O{7a;v(MAeM>i%fhBKahWCCltlG+j8@6?2I+o-Q9C}_3#0|
zbWjRaFla)vgo}!uSh+tsMbC*T&o}g1cg7$0TCv7aaL>9nd#Ek$8s_Z|%wqB;xd|SD
z<@tV!TJh^3HJ!W13Up)x*xI^_2E^wHF-FP0I&jxxx00tPQFPYR(bv<_(E=TW^Vkl^
zS&7twL*B_!{DEf`nODu@{|&6!Vc~mA#_aiokZMSwp#ei&7$D<ZcV42b&IZ}|ioJ=o
zIZ4`^B;6yO{xTDajV&kDcww-emT~*ob3_QLaAKxqPOSRsrnENN?pqXpz+%`Q-%9yX
zt+kPdlZg@{&}J}`jeqyq0cg$ETC6LA0><y-vG`E4(Izpbu4(+Oa!%>|qW^qrX;9CP
zljYNbaCR3;tsFJ%2Q$Mc->lEbab$}kA9gt0bv@&v`Pm6l?6gOIbr-xLQ|C-<Y<a1*
zQe#?J#YVW#xz^+}LfkNXF~?D|d5z|xKTv0(YhS-)2V?HLJ!6A)h&1S|-rKgFaN<#%
zTyFB3oxWxu9sSB9YDCBAKQ%wT<D8+Pcgy3ICQHLfqtIl_->hsQsWflNrb;iEJeX`u
zx0vWM;*CD4=PwUXS*{C0T|Ae<FqX1j25b@uc)c^a@L1nx3aRG`D~xk362ldC8ILz1
zrb<9-GQP)~w!4%q9y<7RCNl|wes%87V6z=-`ICoAL&b=KpYc{8xl!k-R%9htqpT=W
zhb~I3rF8dc4fXw@2&z@nC|}Gsj&yu(wVgkGSiSS0gudNH^B=3{q#puE8QS<0NAFoS
z9Aa*c{SODE(~i}2&PEM`9ltyde0=Ub*je}aE%$7+CFjRb_+Zlyl0^Z9?}d?)w(%}z
z&;E3u29m;TLLdC>5pRZn5SU78Y$PgzAQ;@(lJliymdt16@dWVX2(IS!f_G^^4LJ@F
zv4<M5L|e^U*cGx|A=d1ZA3BDz{Oo~scK#J&d(*uM{ROc?*YsP{-miYNw?DcVM{?Dd
zVBjl@NQSAQaV!*UEB5UH`p_im<%ThxHc`TEUAeOO<?tig-OWDH?|Vmi_0EY;;1CK=
zP8JMTqmE1^tF4sDL)KZ+2dyucay`;b28p+rbN8kb@HpZf#hZ;mjruJu>MXX_yq$JC
zu{z6CaKfRG8qU^P>6Bz6+(YzCMMZbrA0sgEIv??RcwItDAhSrV7i3RN?@Oj|F&)u@
z?!Xq;g@gfQK+QnfI}{f8LEz}aNQ!5c;r#c@=Ti3?ObBR)B3fYzCQ%XQa*KGhx4_9m
z@o)2f4XN`MDCL_{C@w>k2y_B}6sACgUxk$^a!Ahlh~-GCjX!0ovBT@iw+rkuNVNFO
z@bpz>?B}U3Z6<wgIGlb5?NbP5I+Dk7dA4_J*lmeFLdWPyee$)<7$XV85V*9WP<7)w
z>R1i7sgchXaR)!QDMHC_=~qyLgRL_&l4sSg{4HA5!S11ZJ-LAsSLj&bx_2<_Yqj^|
zD0L?W+v&qLF@LMEJ4H&W&5H6C-ALZX5^pVbhGVs>VZK57E_W|Ag<uqEzhQ!<MVaJ{
ze2z5EEwiU!N49*sy5nYmZKR@yzxGQa^$e7LtIf^|Zm8*M@JcxdkVM{AwA1rUnBl}h
z1m`E`KocuiI+sdsw3rE5L1^|i^ydSfpBfk@UuAOg!^d`3$!VQFU}}}L&(iyl5+BFd
zMjRG!3i#9q60iJiE)mF=fw{~TG~%^7Tc2Zc+f;T9%zr5(u!_k!-AIwS6C>2uwa~)*
z$jM>F<xaAl7G3GLsnq$p1Lha{+EZ@zn?kAwy6xSiBBWE~5;xOX)94YtfsoLKkO%l0
zj<&8rsv0TWMMg@Svm}P5AE_%g!z=OeWjN+EKo&t`A60l;x1e7i@(_-buxj`5Ka%SV
zt``c8S$os&aY0m#qT?5>yeCV|A}D1sEJr6)c2Fq#U@f(RrY5BG=-fssf8-F|3T#+R
z#fqfo%qS{m&~Pq+UI;)=Yuk(Q18J+3j7hVc8n)nTZLR}`kGa3wAU;uZ(jKr!T+hu0
zn+Enjo_ybZGV|%^04hR9-^H1vMgZ2yLS674nJ31odY*ho@<sNsBy1n~LmPt3?s{U}
zhjMEkm1_*fb=CI+4f5DiVP$j@BA0PL8!t-w*9WQ!aP!|8_xECsUu1qDq;z8mv*Agp
zTFOi-0ncn{eF)Q^EnjZ2#}hVKcs&%}I^@Z3dt`6E7_!^FT?cVo;byOuZo~fB_|ffU
zsNM1y%;H#ISk;n5(P8a`zG}--ci7wB?tN&cU3@$Uq%c$8yAuAI_Pr6(hs`BHCVz9(
zQarUNxEr@A<BFb^s8{662xNH~KP!-hcq-LcSCdB?pB;G6N=vyOFosJ;wt4OFjJFfv
zrJ=dGlnDorT^k~qx`1#HhY^TON{S5+r%$jQYC$X`IN#=Hn43pvuEP}2fL{Bf0N9Zs
z-E&F45ZjDbolP)`+eQFDXD?|MQ_3z!W@pDV2XyXJ{Z#xjzHblg{vIc5mwW&D0Z!0)
z%u|58bW=W7!Yxj{fa}w~G1lFwv>M;k*NY;DcyGQtH<8b8jQkSjbHu$CoLKGqbrSs}
zH0Z|^yq~l5^e9MG?}{lCaw@JX|16g&&t>pz9aYt#WSZcGj2hM;Y7E^qlxwp;t%)i1
zq<#@i;^)_~5Pjv=GQ_B2H2jE#Auz4``3}`5(+_v(8?u-u@}(rKz?yqOEQWL?T*4EN
zTC97$uZe1y6;%+u#h%zMvi_CjyA^+s!WpwFjRYrbzYeIHi%2pcxfM&xYd?fs`%EB>
zEK@&#Nql@d&Fc>46J@1FA2+f5Jd799KH1}W9g<WBIv4hNplj4cIPbK#=d7WOhLg1>
zVQ$b)K>PbY-!P^|!Y3+I)7o>#!naeeY@u#pngasXhp&QTT#MO~bBjpOMLc5Tj1P^j
zQre5Jnmt=hv^@Pc@z5xbr(hGw^w6d2bYH>O>I_#dqVgWm{f1Xx=7M}OUk(Sv#iHFE
z`~=q>8KHw7U44#5PvWANr%{4gdu!)}z1Op`Ns(zW+o9r#&&sT0OrKIa6gbte$0k2+
zK_73Y<GWfSI+{o>t@6kgPKh?q7A^`eB)eQQ>&hj2FH{~^C%>T4O?a}@9iXw%DhCGd
zGM`W<6grRP(}7sL`TFc~9ax4S#CPJKBkXD;?8-}(p9@!f7yne`G_Q<FLLmE7C!gyL
zBPa^EKyM0DI>umwG+`3+jr7l$BH!}6zJ<J4ALX>}grCE6LAUqMuZ>I>^q#Yw9^dxZ
zaPi3bI5=z1?pG$3_-ac16kor6PjpNV{G6R3t?A1^0nE*&_N1K0f_SBGim1Zp67Zv~
zAst|YSL`qoMaj!%q(uBD$^M&$9s+d0)~=dY`6XoM)+*zwwl{@VqmjHUGetwRhY~Bu
z7Oa;Sv!GqewmLQ~Y_5Ey_xX}8jdFM=jP1!2bh_+Eucaz+Xr1obYU)<iCRHqufZAmg
zCxw<?xQRqxU#TD~eV{|5Zo%(k`FS@{9Hsdpaio1Ae!N+w-u%?)ddcWw2z^54p#iW+
zIXy1ZC22IgxmiXr8Gm>lhwB`L7;|H$wn`2v>RDlYQnNz<_&{EgD?Xld)$n4uU3t4@
z!vIgz#3e77z@W9jq&S#=RVoH;n3Ce-%o#y?7i;2Iq##%NPy%xB%$Phc^_jIqnKc5I
z<2Lnf7x9`R^;ii&mb2D^rUfpjXM-vV-*ODPHq1#cMS60*j;dn!<{+OM1Mhz}8~GB>
zS>Hu`A}@jPp}3&we|02mkLHwYv4ug@1%@dj^=1Mf;}rTO1c+k>d2KnXS#hiH%}I3o
zRd7YNlY9$qSe&(N>NY&uPt$dYmMkqk=|B`U{`BL^#Lj3Jrs(AD3d!@vwePFpVbx+-
zyGtFIF*eg)JC_^pb*uAMCTNbG0wS9EpnTQPjgBeUYAdx6BW&(=xg-XCS<*&VNfzWm
zS44c=*GR*1i;O_d@r4vJ4bR4quc6tl*b`qj;QOcp*Qs>Pw@GCm?Py?@JrI`NQ)txT
z?PWD=AsPk|vc513NEV^Eq|yAZSi<=wmV$nXC2bb`32Pt#5Q_@{5CQH1Y~G-p%@GJb
zq$ONW7axG@E_I{l;!Xqr;+_49`mf4D>%bfW1n9jtbeu1s#y^Us$*h;X=Lf5ITV=KG
zauwW)&m{Ytn^S$Y592t}t#F%efsH$kQi^+SXj`FEGp170Bl-k7QzmKaBxHw&8KkMm
zw5LxSU3<_AcL&dXWbG~H4LP{=nQ#mPgK5)1PrP5=J6M)APRusSdSq{=vwhc;euAw=
ziX_*uTaUK}Ja_M%{eaZaa4Thp5|yPaa1aF*h(kkVN}s%^JYwyO@2h5T6Uy{>+G@2X
zCA*V@p$J}mJ&}>cakmb4)N9dKV<wTEE4D0Ldar4nIM%5^$}DoKn$j;zE+9+1k_tCO
zfDwWB(EVhtM`rLr2l}f5t*|GFK+{@fS&3xC{S$7!&?)m<)pQ<xiL4ES0oQO=3I`Kw
zH8EViu(GX#{x~s!3EvTCD*T7eDkdH#c~<;<{C>3kK&6C>&aMMjZ*mv?I?8w5eeZm-
z^Tc^j)S0o-ZR$riiPH5d>k5J9Uqr1(5dWi)UtSX6@1oZHjSbui<;-UfKUNzWR8@iS
zjowj#@L+~UYP1C=9(`LrQW;XK)9xF3$fq>aKl)HvX$9G@O2Ca8QX1hO;O*~&)N3EO
z2<j1@ISQ}h2syJH>4UGrW}`!T&`IWuYv13<uxCZjCS6^v)z?FrlN|NpFw|)r=1Q|R
zR6TFmLAiUu{YsY@xICN#om&ru0{+Uon6Ap&_Lt}J>r(ua7)Qa0FsdUeyxb7w$-nSE
zauJ+#=~vbGmCxz##BhbmD0$c@OmL!vjt1{MM5%u2G8xl})E>vNw{HrNqQ4`Uv?Bqh
zyToJnkdS}U#ChNSGKG_1BP}^J6@M*#2I&O+MGc5UiTm%Hg8wr=AmCs22EP#)asPdM
ze%tTQ1^$pbfd9`h{hiX^`}{vjlO+G#^}i$hz2g5vh$8*R`fIA-gMJ6#{W{dYcyW>a
G_WlD7z6Wjq
new file mode 100644
--- /dev/null
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_signed_long.js
@@ -0,0 +1,51 @@
+const PREF_XPI_SIGNATURES_DEV_ROOT    = "xpinstall.signatures.dev-root";
+
+// Disable update security
+Services.prefs.setBoolPref(PREF_EM_CHECK_UPDATE_SECURITY, false);
+
+// The test add-ons were signed by the dev root
+Services.prefs.setBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, true);
+
+const DATA = "data/signing_checks/";
+
+const ID_63 = "123456789012345678901234567890123456789012345@tests.mozilla.org"
+const ID_64 = "1234567890123456789012345678901234567890123456@tests.mozilla.org"
+const ID_65 = "12345678901234567890123456789012345678901234568@tests.mozilla.org"
+
+function run_test() {
+  createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1");
+  startupManager();
+
+  run_next_test();
+}
+
+// Installs the cases that should be working
+add_task(function* test_working() {
+  yield promiseInstallAllFiles([do_get_file(DATA + "long_63_plain.xpi"),
+                                do_get_file(DATA + "long_64_plain.xpi"),
+                                do_get_file(DATA + "long_65_hash.xpi")]);
+
+  let addons = yield promiseAddonsByIDs([ID_63, ID_64, ID_65]);
+
+  for (let addon of addons) {
+    do_check_neq(addon, null);
+    do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_SIGNED);
+
+    addon.uninstall();
+  }
+});
+
+// Installs the cases that should be broken
+add_task(function* test_broken() {
+ yield promiseInstallAllFiles([do_get_file(DATA + "long_63_hash.xpi"),
+                               do_get_file(DATA + "long_64_hash.xpi")]);
+
+  let addons = yield promiseAddonsByIDs([ID_63, ID_64]);
+
+  for (let addon of addons) {
+    do_check_neq(addon, null);
+    do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);
+
+    addon.uninstall();
+  }
+});
--- a/toolkit/mozapps/extensions/test/xpcshell/xpcshell-shared.ini
+++ b/toolkit/mozapps/extensions/test/xpcshell/xpcshell-shared.ini
@@ -242,16 +242,18 @@ fail-if = buildapp == "mulet" || os == "
 run-if = addon_signing
 [test_signed_verify.js]
 run-if = addon_signing
 [test_signed_inject.js]
 run-if = addon_signing
 [test_signed_install.js]
 run-if = addon_signing
 run-sequentially = Uses hardcoded ports in xpi files.
+[test_signed_long.js]
+run-if = addon_signing
 [test_signed_migrate.js]
 run-if = addon_signing
 [test_signed_multi.js]
 run-if = addon_signing
 [test_startup.js]
 # Bug 676992: test consistently fails on Android
 fail-if = os == "android"
 [test_syncGUID.js]
--- a/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini
+++ b/toolkit/mozapps/extensions/test/xpcshell/xpcshell.ini
@@ -23,12 +23,9 @@ skip-if = appname != "firefox"
 [test_provider_shutdown.js]
 [test_provider_unsafe_access_shutdown.js]
 [test_provider_unsafe_access_startup.js]
 [test_shutdown.js]
 [test_system_reset.js]
 [test_XPIcancel.js]
 [test_XPIStates.js]
 
-
-
-
 [include:xpcshell-shared.ini]