From f663ef01106428761cbcd12c2c606701e7976b18 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 8 Nov 2010 20:17:43 +0000 Subject: main/webkit: upgrade to 1.3.5 --- main/webkit/APKBUILD | 20 ++------ main/webkit/cve-2010-2646.patch | 110 ---------------------------------------- main/webkit/cve-2010-2651.patch | 38 -------------- main/webkit/cve-2010-2900.patch | 29 ----------- main/webkit/cve-2010-2901.patch | 98 ----------------------------------- main/webkit/cve-2010-3115.patch | 16 ------ main/webkit/cve-2010-3116.patch | 17 ------- main/webkit/cve-2010-3120.patch | 27 ---------- 8 files changed, 3 insertions(+), 352 deletions(-) delete mode 100644 main/webkit/cve-2010-2646.patch delete mode 100644 main/webkit/cve-2010-2651.patch delete mode 100644 main/webkit/cve-2010-2900.patch delete mode 100644 main/webkit/cve-2010-2901.patch delete mode 100644 main/webkit/cve-2010-3115.patch delete mode 100644 main/webkit/cve-2010-3116.patch delete mode 100644 main/webkit/cve-2010-3120.patch (limited to 'main') diff --git a/main/webkit/APKBUILD b/main/webkit/APKBUILD index 4eac1ff862..e76edfd194 100644 --- a/main/webkit/APKBUILD +++ b/main/webkit/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=webkit -pkgver=1.2.4 -pkgrel=1 +pkgver=1.3.5 +pkgrel=0 pkgdesc="portable web rendering engine WebKit for GTK+" url="http://webkitgtk.org/" license="LGPL BSD" @@ -17,13 +17,6 @@ makedepends=" install= subpackages="$pkgname-dev gtklauncher" source="http://webkitgtk.org/$pkgname-$pkgver.tar.gz - cve-2010-2646.patch - cve-2010-2651.patch - cve-2010-2900.patch - cve-2010-2901.patch - cve-2010-3115.patch - cve-2010-3116.patch - cve-2010-3120.patch " depends_dev="gtk+-dev libsoup-dev gstreamer-dev" @@ -63,11 +56,4 @@ gtklauncher() { "$subpkgdir"/usr/bin/GtkLauncher } -md5sums="dc3a92dd0e8c2e70263fbfdf809b51a5 webkit-1.2.4.tar.gz -3d2c4af2fa46388876de7a5747f50de0 cve-2010-2646.patch -4db553a178f951b857486bcc0955b663 cve-2010-2651.patch -abfec5aeaa5005279993d731dc919680 cve-2010-2900.patch -fa980cb721e6a2b43107633dc3782d62 cve-2010-2901.patch -fc5553d85c14f29128985bddc195782c cve-2010-3115.patch -b4787ffaac3f102e7bb267839a261496 cve-2010-3116.patch -b3e21cb4755c6cbab31dbe5063883c04 cve-2010-3120.patch" +md5sums="421104ef53ed865e0bb7b7f4e465de31 webkit-1.3.5.tar.gz" diff --git a/main/webkit/cve-2010-2646.patch b/main/webkit/cve-2010-2646.patch deleted file mode 100644 index 40568164cc..0000000000 --- a/main/webkit/cve-2010-2646.patch +++ /dev/null @@ -1,110 +0,0 @@ -description: fix cve-2010-2646 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/58873 -Index: webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/storage/StorageEventDispatcher.cpp 2010-09-07 01:13:45.000000000 -0400 -+++ webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp 2010-09-07 01:14:42.000000000 -0400 -@@ -54,8 +54,12 @@ - frames.append(frame); - } - -- for (unsigned i = 0; i < frames.size(); ++i) -- frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), frames[i]->domWindow()->sessionStorage())); -+ for (unsigned i = 0; i < frames.size(); ++i) { -+ ExceptionCode ec = 0; -+ Storage* storage = frames[i]->domWindow()->sessionStorage(ec); -+ if (!ec) -+ frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), storage)); -+ } - } else { - // Send events to every page. - const HashSet& pages = page->group().pages(); -Index: webkit-1.2.4/WebCore/page/DOMWindow.h -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/DOMWindow.h 2010-09-07 01:13:45.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/DOMWindow.h 2010-09-07 01:14:42.000000000 -0400 -@@ -206,7 +206,7 @@ - - #if ENABLE(DOM_STORAGE) - // HTML 5 key/value storage -- Storage* sessionStorage() const; -+ Storage* sessionStorage(ExceptionCode&) const; - Storage* localStorage(ExceptionCode&) const; - #endif - -Index: webkit-1.2.4/WebCore/page/DOMWindow.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/DOMWindow.cpp 2010-09-07 01:13:45.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/DOMWindow.cpp 2010-09-07 01:14:42.000000000 -0400 -@@ -567,7 +567,7 @@ - } - - #if ENABLE(DOM_STORAGE) --Storage* DOMWindow::sessionStorage() const -+Storage* DOMWindow::sessionStorage(ExceptionCode& ec) const - { - if (m_sessionStorage) - return m_sessionStorage.get(); -@@ -576,6 +576,11 @@ - if (!document) - return 0; - -+ if (!document->securityOrigin()->canAccessLocalStorage()) { -+ ec = SECURITY_ERR; -+ return 0; -+ } -+ - Page* page = document->page(); - if (!page) - return 0; -@@ -593,16 +598,16 @@ - { - if (m_localStorage) - return m_localStorage.get(); -- -+ - Document* document = this->document(); - if (!document) - return 0; -- -+ - if (!document->securityOrigin()->canAccessLocalStorage()) { - ec = SECURITY_ERR; - return 0; - } -- -+ - Page* page = document->page(); - if (!page) - return 0; -Index: webkit-1.2.4/WebCore/page/SecurityOrigin.h -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/SecurityOrigin.h 2010-09-07 01:13:45.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/SecurityOrigin.h 2010-09-07 01:14:42.000000000 -0400 -@@ -120,6 +120,11 @@ - bool canAccessLocalStorage() const { return !isUnique(); } - bool canAccessCookies() const { return !isUnique(); } - -+ // Technically, we should always allow access to sessionStorage, but we -+ // currently don't handle creating a sessionStorage area for unique -+ // origins. -+ bool canAccessSessionStorage() const { return !isUnique(); } -+ - bool isSecureTransitionTo(const KURL&) const; - - // The local SecurityOrigin is the most privileged SecurityOrigin. -Index: webkit-1.2.4/WebCore/page/DOMWindow.idl -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/DOMWindow.idl 2010-09-07 01:14:36.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/DOMWindow.idl 2010-09-07 01:14:42.000000000 -0400 -@@ -164,7 +164,8 @@ - raises(DOMException); - #endif - #if defined(ENABLE_DOM_STORAGE) && ENABLE_DOM_STORAGE -- readonly attribute [EnabledAtRuntime] Storage sessionStorage; -+ readonly attribute [EnabledAtRuntime] Storage sessionStorage -+ getter raises(DOMException); - readonly attribute [EnabledAtRuntime] Storage localStorage - getter raises(DOMException); - #endif diff --git a/main/webkit/cve-2010-2651.patch b/main/webkit/cve-2010-2651.patch deleted file mode 100644 index 09fe1f8c46..0000000000 --- a/main/webkit/cve-2010-2651.patch +++ /dev/null @@ -1,38 +0,0 @@ -description: fix cve-2010-2651 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/59247 -Index: webkit-1.2.4/WebCore/rendering/RenderBlock.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/rendering/RenderBlock.cpp 2010-09-03 15:18:07.000000000 -0400 -+++ webkit-1.2.4/WebCore/rendering/RenderBlock.cpp 2010-09-06 21:50:51.000000000 -0400 -@@ -4651,10 +4651,12 @@ - - // Drill into inlines looking for our first text child. - RenderObject* currChild = firstLetterBlock->firstChild(); -- while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) { -+ while (currChild && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) { - if (currChild->isFloatingOrPositioned()) { -- if (currChild->style()->styleType() == FIRST_LETTER) -+ if (currChild->style()->styleType() == FIRST_LETTER) { -+ currChild = currChild->firstChild(); - break; -+ } - currChild = currChild->nextSibling(); - } else - currChild = currChild->firstChild(); -@@ -4671,11 +4673,11 @@ - - // If the child already has style, then it has already been created, so we just want - // to update it. -- if (currChild->style()->styleType() == FIRST_LETTER) { -+ if (firstLetterContainer->style()->styleType() == FIRST_LETTER) { - RenderStyle* pseudo = firstLetterBlock->getCachedPseudoStyle(FIRST_LETTER, -- firstLetterContainer->firstLineStyle()); -- currChild->setStyle(pseudo); -- for (RenderObject* genChild = currChild->firstChild(); genChild; genChild = genChild->nextSibling()) { -+ firstLetterContainer->parent()->firstLineStyle()); -+ firstLetterContainer->setStyle(pseudo); -+ for (RenderObject* genChild = firstLetterContainer->firstChild(); genChild; genChild = genChild->nextSibling()) { - if (genChild->isText()) - genChild->setStyle(pseudo); - } diff --git a/main/webkit/cve-2010-2900.patch b/main/webkit/cve-2010-2900.patch deleted file mode 100644 index 1420be2a0a..0000000000 --- a/main/webkit/cve-2010-2900.patch +++ /dev/null @@ -1,29 +0,0 @@ -description: fix cve-2010-2900 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/63219 -Index: webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:28:56.000000000 -0400 -+++ webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:29:28.000000000 -0400 -@@ -64,6 +64,9 @@ - // in exchange for a smaller maximum canvas size. - const float HTMLCanvasElement::MaxCanvasArea = 32768 * 8192; // Maximum canvas area in CSS pixels - -+//In Skia, we will also limit width/height to 32767. -+static const float MaxSkiaDim = 32767.0F; // Maximum width/height in CSS pixels. -+ - HTMLCanvasElement::HTMLCanvasElement(const QualifiedName& tagName, Document* doc) - : HTMLElement(tagName, doc) - , m_size(defaultWidth, defaultHeight) -@@ -293,6 +296,11 @@ - if (!(wf >= 1 && hf >= 1 && wf * hf <= MaxCanvasArea)) - return IntSize(); - -+#if PLATFORM(SKIA) -+ if (wf > MaxSkiaDim || hf > MaxSkiaDim) -+ return IntSize(); -+#endif -+ - return IntSize(static_cast(wf), static_cast(hf)); - } - diff --git a/main/webkit/cve-2010-2901.patch b/main/webkit/cve-2010-2901.patch deleted file mode 100644 index a130342d49..0000000000 --- a/main/webkit/cve-2010-2901.patch +++ /dev/null @@ -1,98 +0,0 @@ -description: fix cve-2010-2901 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/63048 -Index: webkit-1.2.4/WebCore/rendering/RenderObject.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/rendering/RenderObject.cpp 2010-09-06 22:55:29.000000000 -0400 -+++ webkit-1.2.4/WebCore/rendering/RenderObject.cpp 2010-09-06 22:56:03.000000000 -0400 -@@ -560,6 +560,19 @@ - return 0; - } - -+RenderBoxModelObject* RenderObject::enclosingBoxModelObject() const -+{ -+ RenderObject* curr = const_cast(this); -+ while (curr) { -+ if (curr->isBoxModelObject()) -+ return toRenderBoxModelObject(curr); -+ curr = curr->parent(); -+ } -+ -+ ASSERT_NOT_REACHED(); -+ return 0; -+} -+ - RenderBlock* RenderObject::firstLineBlock() const - { - return 0; -Index: webkit-1.2.4/WebCore/rendering/RenderObject.h -=================================================================== ---- webkit-1.2.4.orig/WebCore/rendering/RenderObject.h 2010-09-06 22:55:29.000000000 -0400 -+++ webkit-1.2.4/WebCore/rendering/RenderObject.h 2010-09-06 22:56:03.000000000 -0400 -@@ -193,7 +193,8 @@ - - // Convenience function for getting to the nearest enclosing box of a RenderObject. - RenderBox* enclosingBox() const; -- -+ RenderBoxModelObject* enclosingBoxModelObject() const; -+ - virtual bool isEmpty() const { return firstChild() == 0; } - - #ifndef NDEBUG -Index: webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/rendering/InlineFlowBox.cpp 2010-09-06 22:55:28.000000000 -0400 -+++ webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp 2010-09-06 22:56:24.000000000 -0400 -@@ -639,11 +639,24 @@ - // outlines. - if (renderer()->style()->visibility() == VISIBLE && renderer()->hasOutline() && !isRootInlineBox()) { - RenderInline* inlineFlow = toRenderInline(renderer()); -- if ((inlineFlow->continuation() || inlineFlow->isInlineContinuation()) && !boxModelObject()->hasSelfPaintingLayer()) { -+ -+ RenderBlock* cb = 0; -+ bool containingBlockPaintsContinuationOutline = inlineFlow->continuation() || inlineFlow->isInlineContinuation(); -+ if (containingBlockPaintsContinuationOutline) { -+ cb = renderer()->containingBlock()->containingBlock(); -+ -+ for (RenderBoxModelObject* box = boxModelObject(); box != cb; box = box->parent()->enclosingBoxModelObject()) { -+ if (box->hasSelfPaintingLayer()) { -+ containingBlockPaintsContinuationOutline = false; -+ break; -+ } -+ } -+ } -+ -+ if (containingBlockPaintsContinuationOutline) { - // Add ourselves to the containing block of the entire continuation so that it can - // paint us atomically. -- RenderBlock* block = renderer()->containingBlock()->containingBlock(); -- block->addContinuationWithOutline(toRenderInline(renderer()->node()->renderer())); -+ cb->addContinuationWithOutline(toRenderInline(renderer()->node()->renderer())); - } else if (!inlineFlow->isInlineContinuation()) - paintInfo.outlineObjects->add(inlineFlow); - } -Index: webkit-1.2.4/WebCore/rendering/RenderBlock.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/rendering/RenderBlock.cpp 2010-09-06 22:55:28.000000000 -0400 -+++ webkit-1.2.4/WebCore/rendering/RenderBlock.cpp 2010-09-06 22:56:03.000000000 -0400 -@@ -1766,8 +1766,18 @@ - if ((paintPhase == PaintPhaseOutline || paintPhase == PaintPhaseChildOutlines)) { - if (inlineContinuation() && inlineContinuation()->hasOutline() && inlineContinuation()->style()->visibility() == VISIBLE) { - RenderInline* inlineRenderer = toRenderInline(inlineContinuation()->node()->renderer()); -- if (!inlineRenderer->hasSelfPaintingLayer()) -- containingBlock()->addContinuationWithOutline(inlineRenderer); -+ RenderBlock* cb = containingBlock(); -+ -+ bool inlineEnclosedInSelfPaintingLayer = false; -+ for (RenderBoxModelObject* box = inlineRenderer; box != cb; box = box->parent()->enclosingBoxModelObject()) { -+ if (box->hasSelfPaintingLayer()) { -+ inlineEnclosedInSelfPaintingLayer = true; -+ break; -+ } -+ } -+ -+ if (!inlineEnclosedInSelfPaintingLayer) -+ cb->addContinuationWithOutline(inlineRenderer); - else if (!inlineRenderer->firstLineBox()) - inlineRenderer->paintOutline(paintInfo.context, tx - x() + inlineRenderer->containingBlock()->x(), - ty - y() + inlineRenderer->containingBlock()->y()); diff --git a/main/webkit/cve-2010-3115.patch b/main/webkit/cve-2010-3115.patch deleted file mode 100644 index 84661767f0..0000000000 --- a/main/webkit/cve-2010-3115.patch +++ /dev/null @@ -1,16 +0,0 @@ -description: fix cve-2010-3115 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/63925 -Index: webkit-1.2.4/WebCore/page/History.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/History.cpp 2010-09-03 16:12:23.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/History.cpp 2010-09-06 22:08:52.000000000 -0400 -@@ -82,7 +82,7 @@ - - KURL History::urlForState(const String& urlString) - { -- KURL baseURL = m_frame->loader()->baseURL(); -+ KURL baseURL = m_frame->document()->url(); - if (urlString.isEmpty()) - return baseURL; - diff --git a/main/webkit/cve-2010-3116.patch b/main/webkit/cve-2010-3116.patch deleted file mode 100644 index 73639baeb5..0000000000 --- a/main/webkit/cve-2010-3116.patch +++ /dev/null @@ -1,17 +0,0 @@ -description: fix cve-2010-3116 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/64293 -Index: webkit-1.2.4/WebCore/page/Page.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/Page.cpp 2010-09-03 15:18:06.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/Page.cpp 2010-09-06 22:11:32.000000000 -0400 -@@ -192,6 +192,9 @@ - frame->pageDestroyed(); - - m_editorClient->pageDestroyed(); -+ if (m_pluginData) -+ m_pluginData->disconnectPage(); -+ - #if ENABLE(INSPECTOR) - m_inspectorController->inspectedPageDestroyed(); - #endif diff --git a/main/webkit/cve-2010-3120.patch b/main/webkit/cve-2010-3120.patch deleted file mode 100644 index 976affc370..0000000000 --- a/main/webkit/cve-2010-3120.patch +++ /dev/null @@ -1,27 +0,0 @@ -description: fix cve-2010-3120 -author: Michael Gilbert -origin: http://trac.webkit.org/changeset/65329 -Index: webkit-1.2.4/WebCore/page/Geolocation.cpp -=================================================================== ---- webkit-1.2.4.orig/WebCore/page/Geolocation.cpp 2010-09-03 15:18:06.000000000 -0400 -+++ webkit-1.2.4/WebCore/page/Geolocation.cpp 2010-09-06 22:14:03.000000000 -0400 -@@ -252,6 +252,9 @@ - - void Geolocation::getCurrentPosition(PassRefPtr successCallback, PassRefPtr errorCallback, PassRefPtr options) - { -+ if (!m_frame) -+ return; -+ - RefPtr notifier = startRequest(successCallback, errorCallback, options); - ASSERT(notifier); - -@@ -260,6 +263,9 @@ - - int Geolocation::watchPosition(PassRefPtr successCallback, PassRefPtr errorCallback, PassRefPtr options) - { -+ if (!m_frame) -+ return 0; -+ - RefPtr notifier = startRequest(successCallback, errorCallback, options); - ASSERT(notifier); - -- cgit v1.2.3