Merge lp:~ari-tczew/ubuntu/natty/webkit/lp-691104 into lp:ubuntu/natty/webkit

Proposed by Artur Rona
Status: Superseded
Proposed branch: lp:~ari-tczew/ubuntu/natty/webkit/lp-691104
Merge into: lp:ubuntu/natty/webkit
Diff against target: 493 lines (+435/-0)
10 files modified
debian/changelog (+52/-0)
debian/patches/05-fix-jit-on-kfreebsd-i386.patch (+51/-0)
debian/patches/cve-2010-2646.patch (+110/-0)
debian/patches/cve-2010-2651.patch (+38/-0)
debian/patches/cve-2010-2900.patch (+29/-0)
debian/patches/cve-2010-2901.patch (+98/-0)
debian/patches/cve-2010-3120.patch (+27/-0)
debian/patches/series (+7/-0)
debian/patches/typo_webkitwebsettings.patch (+18/-0)
debian/patches/ubuntu-gir-version.patch (+5/-0)
To merge this branch: bzr merge lp:~ari-tczew/ubuntu/natty/webkit/lp-691104
Reviewer Review Type Date Requested Status
Robert Ancell (community) Needs Resubmitting
Review via email: mp+43943@code.launchpad.net

Description of the change

I prepared a merge with Debian unstable, but there is a FTBFS. More information on bug report.

To post a comment you must log in.
Revision history for this message
Robert Ancell (robert-ancell) wrote :

Merge is on wrong branch, packaging is here:
lp:~ubuntu-desktop/webkit/ubuntu

Note that the branch has been updated.

review: Needs Resubmitting
Revision history for this message
Artur Rona (ari-tczew) wrote :

> Merge is on wrong branch, packaging is here:
> lp:~ubuntu-desktop/webkit/ubuntu
>
> Note that the branch has been updated.

I don't like when someone signs my work as its...

Unmerged revisions

22. By Artur Rona

  [ Artur Rona ]
  * Merge from debian unstable. Remaining changes: (LP: #691104)
    - debian/control: Drop Build-Depends on gir-repository-dev since
      we don't have this package in archive.
    - debian/patches/ubuntu-gir-version.patch: Use the 1.2 gobject
      introspection abi.

  [ David Stansby ]
  * debian/patches/typo_webkitwebsettings.patch: Fix typo. (LP: #552718)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-10-21 13:40:42 +0000
3+++ debian/changelog 2010-12-16 18:14:15 +0000
4@@ -1,3 +1,55 @@
5+webkit (1.2.5-2.1ubuntu1) natty; urgency=low
6+
7+ [ Artur Rona ]
8+ * Merge from debian unstable. Remaining changes: (LP: #691104)
9+ - debian/control: Drop Build-Depends on gir-repository-dev since
10+ we don't have this package in archive.
11+ - debian/patches/ubuntu-gir-version.patch: Use the 1.2 gobject
12+ introspection abi.
13+
14+ [ David Stansby ]
15+ * debian/patches/typo_webkitwebsettings.patch: Fix typo. (LP: #552718)
16+
17+ -- Artur Rona <ari-tczew@ubuntu.com> Thu, 16 Dec 2010 15:02:49 +0100
18+
19+webkit (1.2.5-2.1) unstable; urgency=low
20+
21+ * Non-maintainer upload.
22+ * Add patch 05-fix-jit-on-kfreebsd-i386.patch by Petr Salinger and
23+ Michael Dorrington: Fixes Javascript JIT crashing on kfreebsd-i386
24+ (closes: #598956).
25+
26+ -- gregor herrmann <gregoa@debian.org> Wed, 10 Nov 2010 23:28:55 +0100
27+
28+webkit (1.2.5-2) unstable; urgency=high
29+
30+ * Unapply 02-pool-fixup-and-sparc-support.patch and
31+ 04-spoof-user-agent-to-google.patch in git. This prevents the
32+ creation of an unwanted debian-changes patch.
33+
34+ -- Michael Gilbert <michael.s.gilbert@gmail.com> Mon, 18 Oct 2010 22:00:36 -0400
35+
36+webkit (1.2.5-1) unstable; urgency=high
37+
38+ [ Gustavo Noronha Silva ]
39+
40+ * New upstream release
41+ - fixes the following CVES:
42+
43+ CVE-2010-1780 CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
44+ CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
45+ CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
46+
47+ [ Michael Gilbert ]
48+ * fix cve-2010-2646: security origin bypass using IFRAME elements.
49+ * fix cve-2010-2651: vulnerability in css style rendering.
50+ * fix cve-2010-2900: vulnerability with large canvas elements when using the
51+ SKIA library.
52+ * fix cve-2010-2901: vulnerability in the rendering implementation.
53+ * fix cve-2010-3120: vulnerability in geolocation feature.
54+
55+ -- Gustavo Noronha Silva <kov@debian.org> Sat, 16 Oct 2010 17:50:56 -0300
56+
57 webkit (1.2.5-0ubuntu3) natty; urgency=low
58
59 * debian/patches/ubuntu-gir-version.patch:
60
61=== added file 'debian/patches/05-fix-jit-on-kfreebsd-i386.patch'
62--- debian/patches/05-fix-jit-on-kfreebsd-i386.patch 1970-01-01 00:00:00 +0000
63+++ debian/patches/05-fix-jit-on-kfreebsd-i386.patch 2010-12-16 18:14:15 +0000
64@@ -0,0 +1,51 @@
65+Author: Petr Salinger
66+Tester: Michael Dorrington
67+Description: Fixes Javascript JIT crashing on kfreebsd-i386.
68+ Fixes Javascript JIT issue that causes webkit to crash on kfreebsd-i386,
69+ see <http://bugs.debian.org/598956>.
70+
71+ For reasoning of patch see:
72+ "Common practices and problems found when porting to GNU/k*BSD"
73+ <http://glibc-bsd.alioth.debian.org/porting/PORTING>
74+
75+ On kfreebsd-amd64, this issue does not occur.
76+
77+
78+--- webkit-1.2.4/JavaScriptCore/jit/JITOpcodes.cpp 2010-09-03 20:18:02.000000000 +0100
79++++ webkit-1.2.4-fix_jit_kfreebsd_i386/JavaScriptCore/jit/JITOpcodes.cpp 2010-10-07 06:09:55.000000000 +0100
80+@@ -165,7 +165,7 @@
81+ * stack pointer by the right amount after the call.
82+ */
83+
84+-#if COMPILER(MSVC) || OS(LINUX)
85++#if COMPILER(MSVC) || OS(LINUX) || defined(__GLIBC__)
86+ #if COMPILER(MSVC)
87+ #pragma pack(push)
88+ #pragma pack(4)
89+@@ -228,7 +228,7 @@
90+ storePtr(regT2, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
91+ storePtr(regT3, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
92+
93+-#if COMPILER(MSVC) || OS(LINUX)
94++#if COMPILER(MSVC) || OS(LINUX) || defined(__GLIBC__)
95+ // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
96+ addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
97+
98+@@ -1689,7 +1689,7 @@
99+ * not the rest of the callframe so we need a nice way to ensure we increment the
100+ * stack pointer by the right amount after the call.
101+ */
102+-#if COMPILER(MSVC) || OS(LINUX)
103++#if COMPILER(MSVC) || OS(LINUX) || defined(__GLIBC__)
104+ struct NativeCallFrameStructure {
105+ // CallFrame* callFrame; // passed in EDX
106+ JSObject* callee;
107+@@ -1742,7 +1742,7 @@
108+ loadPtr(Address(regT1, -(int)sizeof(Register)), regT1);
109+ storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue)));
110+
111+-#if COMPILER(MSVC) || OS(LINUX)
112++#if COMPILER(MSVC) || OS(LINUX) || defined(__GLIBC__)
113+ // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
114+ addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
115+
116
117=== added file 'debian/patches/cve-2010-2646.patch'
118--- debian/patches/cve-2010-2646.patch 1970-01-01 00:00:00 +0000
119+++ debian/patches/cve-2010-2646.patch 2010-12-16 18:14:15 +0000
120@@ -0,0 +1,110 @@
121+description: fix cve-2010-2646
122+author: Michael Gilbert <michael.s.gilbert@gmail.com>
123+origin: http://trac.webkit.org/changeset/58873
124+Index: webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp
125+===================================================================
126+--- webkit-1.2.4.orig/WebCore/storage/StorageEventDispatcher.cpp 2010-09-07 01:13:45.000000000 -0400
127++++ webkit-1.2.4/WebCore/storage/StorageEventDispatcher.cpp 2010-09-07 01:14:42.000000000 -0400
128+@@ -54,8 +54,12 @@
129+ frames.append(frame);
130+ }
131+
132+- for (unsigned i = 0; i < frames.size(); ++i)
133+- frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), frames[i]->domWindow()->sessionStorage()));
134++ for (unsigned i = 0; i < frames.size(); ++i) {
135++ ExceptionCode ec = 0;
136++ Storage* storage = frames[i]->domWindow()->sessionStorage(ec);
137++ if (!ec)
138++ frames[i]->document()->enqueueStorageEvent(StorageEvent::create(eventNames().storageEvent, key, oldValue, newValue, sourceFrame->document()->url(), storage));
139++ }
140+ } else {
141+ // Send events to every page.
142+ const HashSet<Page*>& pages = page->group().pages();
143+Index: webkit-1.2.4/WebCore/page/DOMWindow.h
144+===================================================================
145+--- webkit-1.2.4.orig/WebCore/page/DOMWindow.h 2010-09-07 01:13:45.000000000 -0400
146++++ webkit-1.2.4/WebCore/page/DOMWindow.h 2010-09-07 01:14:42.000000000 -0400
147+@@ -206,7 +206,7 @@
148+
149+ #if ENABLE(DOM_STORAGE)
150+ // HTML 5 key/value storage
151+- Storage* sessionStorage() const;
152++ Storage* sessionStorage(ExceptionCode&) const;
153+ Storage* localStorage(ExceptionCode&) const;
154+ #endif
155+
156+Index: webkit-1.2.4/WebCore/page/DOMWindow.cpp
157+===================================================================
158+--- webkit-1.2.4.orig/WebCore/page/DOMWindow.cpp 2010-09-07 01:13:45.000000000 -0400
159++++ webkit-1.2.4/WebCore/page/DOMWindow.cpp 2010-09-07 01:14:42.000000000 -0400
160+@@ -567,7 +567,7 @@
161+ }
162+
163+ #if ENABLE(DOM_STORAGE)
164+-Storage* DOMWindow::sessionStorage() const
165++Storage* DOMWindow::sessionStorage(ExceptionCode& ec) const
166+ {
167+ if (m_sessionStorage)
168+ return m_sessionStorage.get();
169+@@ -576,6 +576,11 @@
170+ if (!document)
171+ return 0;
172+
173++ if (!document->securityOrigin()->canAccessLocalStorage()) {
174++ ec = SECURITY_ERR;
175++ return 0;
176++ }
177++
178+ Page* page = document->page();
179+ if (!page)
180+ return 0;
181+@@ -593,16 +598,16 @@
182+ {
183+ if (m_localStorage)
184+ return m_localStorage.get();
185+-
186++
187+ Document* document = this->document();
188+ if (!document)
189+ return 0;
190+-
191++
192+ if (!document->securityOrigin()->canAccessLocalStorage()) {
193+ ec = SECURITY_ERR;
194+ return 0;
195+ }
196+-
197++
198+ Page* page = document->page();
199+ if (!page)
200+ return 0;
201+Index: webkit-1.2.4/WebCore/page/SecurityOrigin.h
202+===================================================================
203+--- webkit-1.2.4.orig/WebCore/page/SecurityOrigin.h 2010-09-07 01:13:45.000000000 -0400
204++++ webkit-1.2.4/WebCore/page/SecurityOrigin.h 2010-09-07 01:14:42.000000000 -0400
205+@@ -120,6 +120,11 @@
206+ bool canAccessLocalStorage() const { return !isUnique(); }
207+ bool canAccessCookies() const { return !isUnique(); }
208+
209++ // Technically, we should always allow access to sessionStorage, but we
210++ // currently don't handle creating a sessionStorage area for unique
211++ // origins.
212++ bool canAccessSessionStorage() const { return !isUnique(); }
213++
214+ bool isSecureTransitionTo(const KURL&) const;
215+
216+ // The local SecurityOrigin is the most privileged SecurityOrigin.
217+Index: webkit-1.2.4/WebCore/page/DOMWindow.idl
218+===================================================================
219+--- webkit-1.2.4.orig/WebCore/page/DOMWindow.idl 2010-09-07 01:14:36.000000000 -0400
220++++ webkit-1.2.4/WebCore/page/DOMWindow.idl 2010-09-07 01:14:42.000000000 -0400
221+@@ -164,7 +164,8 @@
222+ raises(DOMException);
223+ #endif
224+ #if defined(ENABLE_DOM_STORAGE) && ENABLE_DOM_STORAGE
225+- readonly attribute [EnabledAtRuntime] Storage sessionStorage;
226++ readonly attribute [EnabledAtRuntime] Storage sessionStorage
227++ getter raises(DOMException);
228+ readonly attribute [EnabledAtRuntime] Storage localStorage
229+ getter raises(DOMException);
230+ #endif
231
232=== added file 'debian/patches/cve-2010-2651.patch'
233--- debian/patches/cve-2010-2651.patch 1970-01-01 00:00:00 +0000
234+++ debian/patches/cve-2010-2651.patch 2010-12-16 18:14:15 +0000
235@@ -0,0 +1,38 @@
236+description: fix cve-2010-2651
237+author: Michael Gilbert <michael.s.gilbert@gmail.com>
238+origin: http://trac.webkit.org/changeset/59247
239+Index: webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
240+===================================================================
241+--- webkit-1.2.4.orig/WebCore/rendering/RenderBlock.cpp 2010-09-03 15:18:07.000000000 -0400
242++++ webkit-1.2.4/WebCore/rendering/RenderBlock.cpp 2010-09-06 21:50:51.000000000 -0400
243+@@ -4651,10 +4651,12 @@
244+
245+ // Drill into inlines looking for our first text child.
246+ RenderObject* currChild = firstLetterBlock->firstChild();
247+- while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
248++ while (currChild && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
249+ if (currChild->isFloatingOrPositioned()) {
250+- if (currChild->style()->styleType() == FIRST_LETTER)
251++ if (currChild->style()->styleType() == FIRST_LETTER) {
252++ currChild = currChild->firstChild();
253+ break;
254++ }
255+ currChild = currChild->nextSibling();
256+ } else
257+ currChild = currChild->firstChild();
258+@@ -4671,11 +4673,11 @@
259+
260+ // If the child already has style, then it has already been created, so we just want
261+ // to update it.
262+- if (currChild->style()->styleType() == FIRST_LETTER) {
263++ if (firstLetterContainer->style()->styleType() == FIRST_LETTER) {
264+ RenderStyle* pseudo = firstLetterBlock->getCachedPseudoStyle(FIRST_LETTER,
265+- firstLetterContainer->firstLineStyle());
266+- currChild->setStyle(pseudo);
267+- for (RenderObject* genChild = currChild->firstChild(); genChild; genChild = genChild->nextSibling()) {
268++ firstLetterContainer->parent()->firstLineStyle());
269++ firstLetterContainer->setStyle(pseudo);
270++ for (RenderObject* genChild = firstLetterContainer->firstChild(); genChild; genChild = genChild->nextSibling()) {
271+ if (genChild->isText())
272+ genChild->setStyle(pseudo);
273+ }
274
275=== added file 'debian/patches/cve-2010-2900.patch'
276--- debian/patches/cve-2010-2900.patch 1970-01-01 00:00:00 +0000
277+++ debian/patches/cve-2010-2900.patch 2010-12-16 18:14:15 +0000
278@@ -0,0 +1,29 @@
279+description: fix cve-2010-2900
280+author: Michael Gilbert <michael.s.gilbert@gmail.com>
281+origin: http://trac.webkit.org/changeset/63219
282+Index: webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp
283+===================================================================
284+--- webkit-1.2.4.orig/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:28:56.000000000 -0400
285++++ webkit-1.2.4/WebCore/html/HTMLCanvasElement.cpp 2010-09-06 22:29:28.000000000 -0400
286+@@ -64,6 +64,9 @@
287+ // in exchange for a smaller maximum canvas size.
288+ const float HTMLCanvasElement::MaxCanvasArea = 32768 * 8192; // Maximum canvas area in CSS pixels
289+
290++//In Skia, we will also limit width/height to 32767.
291++static const float MaxSkiaDim = 32767.0F; // Maximum width/height in CSS pixels.
292++
293+ HTMLCanvasElement::HTMLCanvasElement(const QualifiedName& tagName, Document* doc)
294+ : HTMLElement(tagName, doc)
295+ , m_size(defaultWidth, defaultHeight)
296+@@ -293,6 +296,11 @@
297+ if (!(wf >= 1 && hf >= 1 && wf * hf <= MaxCanvasArea))
298+ return IntSize();
299+
300++#if PLATFORM(SKIA)
301++ if (wf > MaxSkiaDim || hf > MaxSkiaDim)
302++ return IntSize();
303++#endif
304++
305+ return IntSize(static_cast<unsigned>(wf), static_cast<unsigned>(hf));
306+ }
307+
308
309=== added file 'debian/patches/cve-2010-2901.patch'
310--- debian/patches/cve-2010-2901.patch 1970-01-01 00:00:00 +0000
311+++ debian/patches/cve-2010-2901.patch 2010-12-16 18:14:15 +0000
312@@ -0,0 +1,98 @@
313+description: fix cve-2010-2901
314+author: Michael Gilbert <michael.s.gilbert@gmail.com>
315+origin: http://trac.webkit.org/changeset/63048
316+Index: webkit-1.2.4/WebCore/rendering/RenderObject.cpp
317+===================================================================
318+--- webkit-1.2.4.orig/WebCore/rendering/RenderObject.cpp 2010-09-06 22:55:29.000000000 -0400
319++++ webkit-1.2.4/WebCore/rendering/RenderObject.cpp 2010-09-06 22:56:03.000000000 -0400
320+@@ -560,6 +560,19 @@
321+ return 0;
322+ }
323+
324++RenderBoxModelObject* RenderObject::enclosingBoxModelObject() const
325++{
326++ RenderObject* curr = const_cast<RenderObject*>(this);
327++ while (curr) {
328++ if (curr->isBoxModelObject())
329++ return toRenderBoxModelObject(curr);
330++ curr = curr->parent();
331++ }
332++
333++ ASSERT_NOT_REACHED();
334++ return 0;
335++}
336++
337+ RenderBlock* RenderObject::firstLineBlock() const
338+ {
339+ return 0;
340+Index: webkit-1.2.4/WebCore/rendering/RenderObject.h
341+===================================================================
342+--- webkit-1.2.4.orig/WebCore/rendering/RenderObject.h 2010-09-06 22:55:29.000000000 -0400
343++++ webkit-1.2.4/WebCore/rendering/RenderObject.h 2010-09-06 22:56:03.000000000 -0400
344+@@ -193,7 +193,8 @@
345+
346+ // Convenience function for getting to the nearest enclosing box of a RenderObject.
347+ RenderBox* enclosingBox() const;
348+-
349++ RenderBoxModelObject* enclosingBoxModelObject() const;
350++
351+ virtual bool isEmpty() const { return firstChild() == 0; }
352+
353+ #ifndef NDEBUG
354+Index: webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp
355+===================================================================
356+--- webkit-1.2.4.orig/WebCore/rendering/InlineFlowBox.cpp 2010-09-06 22:55:28.000000000 -0400
357++++ webkit-1.2.4/WebCore/rendering/InlineFlowBox.cpp 2010-09-06 22:56:24.000000000 -0400
358+@@ -639,11 +639,24 @@
359+ // outlines.
360+ if (renderer()->style()->visibility() == VISIBLE && renderer()->hasOutline() && !isRootInlineBox()) {
361+ RenderInline* inlineFlow = toRenderInline(renderer());
362+- if ((inlineFlow->continuation() || inlineFlow->isInlineContinuation()) && !boxModelObject()->hasSelfPaintingLayer()) {
363++
364++ RenderBlock* cb = 0;
365++ bool containingBlockPaintsContinuationOutline = inlineFlow->continuation() || inlineFlow->isInlineContinuation();
366++ if (containingBlockPaintsContinuationOutline) {
367++ cb = renderer()->containingBlock()->containingBlock();
368++
369++ for (RenderBoxModelObject* box = boxModelObject(); box != cb; box = box->parent()->enclosingBoxModelObject()) {
370++ if (box->hasSelfPaintingLayer()) {
371++ containingBlockPaintsContinuationOutline = false;
372++ break;
373++ }
374++ }
375++ }
376++
377++ if (containingBlockPaintsContinuationOutline) {
378+ // Add ourselves to the containing block of the entire continuation so that it can
379+ // paint us atomically.
380+- RenderBlock* block = renderer()->containingBlock()->containingBlock();
381+- block->addContinuationWithOutline(toRenderInline(renderer()->node()->renderer()));
382++ cb->addContinuationWithOutline(toRenderInline(renderer()->node()->renderer()));
383+ } else if (!inlineFlow->isInlineContinuation())
384+ paintInfo.outlineObjects->add(inlineFlow);
385+ }
386+Index: webkit-1.2.4/WebCore/rendering/RenderBlock.cpp
387+===================================================================
388+--- webkit-1.2.4.orig/WebCore/rendering/RenderBlock.cpp 2010-09-06 22:55:28.000000000 -0400
389++++ webkit-1.2.4/WebCore/rendering/RenderBlock.cpp 2010-09-06 22:56:03.000000000 -0400
390+@@ -1766,8 +1766,18 @@
391+ if ((paintPhase == PaintPhaseOutline || paintPhase == PaintPhaseChildOutlines)) {
392+ if (inlineContinuation() && inlineContinuation()->hasOutline() && inlineContinuation()->style()->visibility() == VISIBLE) {
393+ RenderInline* inlineRenderer = toRenderInline(inlineContinuation()->node()->renderer());
394+- if (!inlineRenderer->hasSelfPaintingLayer())
395+- containingBlock()->addContinuationWithOutline(inlineRenderer);
396++ RenderBlock* cb = containingBlock();
397++
398++ bool inlineEnclosedInSelfPaintingLayer = false;
399++ for (RenderBoxModelObject* box = inlineRenderer; box != cb; box = box->parent()->enclosingBoxModelObject()) {
400++ if (box->hasSelfPaintingLayer()) {
401++ inlineEnclosedInSelfPaintingLayer = true;
402++ break;
403++ }
404++ }
405++
406++ if (!inlineEnclosedInSelfPaintingLayer)
407++ cb->addContinuationWithOutline(inlineRenderer);
408+ else if (!inlineRenderer->firstLineBox())
409+ inlineRenderer->paintOutline(paintInfo.context, tx - x() + inlineRenderer->containingBlock()->x(),
410+ ty - y() + inlineRenderer->containingBlock()->y());
411
412=== added file 'debian/patches/cve-2010-3120.patch'
413--- debian/patches/cve-2010-3120.patch 1970-01-01 00:00:00 +0000
414+++ debian/patches/cve-2010-3120.patch 2010-12-16 18:14:15 +0000
415@@ -0,0 +1,27 @@
416+description: fix cve-2010-3120
417+author: Michael Gilbert <michael.s.gilbert@gmail.com>
418+origin: http://trac.webkit.org/changeset/65329
419+Index: webkit-1.2.4/WebCore/page/Geolocation.cpp
420+===================================================================
421+--- webkit-1.2.4.orig/WebCore/page/Geolocation.cpp 2010-09-03 15:18:06.000000000 -0400
422++++ webkit-1.2.4/WebCore/page/Geolocation.cpp 2010-09-06 22:14:03.000000000 -0400
423+@@ -252,6 +252,9 @@
424+
425+ void Geolocation::getCurrentPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
426+ {
427++ if (!m_frame)
428++ return;
429++
430+ RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
431+ ASSERT(notifier);
432+
433+@@ -260,6 +263,9 @@
434+
435+ int Geolocation::watchPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
436+ {
437++ if (!m_frame)
438++ return 0;
439++
440+ RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
441+ ASSERT(notifier);
442+
443
444=== modified file 'debian/patches/series'
445--- debian/patches/series 2010-10-21 13:40:42 +0000
446+++ debian/patches/series 2010-12-16 18:14:15 +0000
447@@ -1,3 +1,10 @@
448 02-pool-fixup-and-sparc-support.patch
449 04-spoof-user-agent-to-google.patch
450+05-fix-jit-on-kfreebsd-i386.patch
451+cve-2010-2646.patch
452+cve-2010-2651.patch
453+cve-2010-2900.patch
454+cve-2010-2901.patch
455+cve-2010-3120.patch
456 ubuntu-gir-version.patch
457+typo_webkitwebsettings.patch
458
459=== added file 'debian/patches/typo_webkitwebsettings.patch'
460--- debian/patches/typo_webkitwebsettings.patch 1970-01-01 00:00:00 +0000
461+++ debian/patches/typo_webkitwebsettings.patch 2010-12-16 18:14:15 +0000
462@@ -0,0 +1,18 @@
463+From: Artur Rona <ari-tczew@ubuntu.com>
464+Description: Fix typo in WebKit/gtk/webkit/webkitwebsettings.cpp.
465+Bug-Ubuntu: https://launchpad.net/bugs/552718
466+Origin: upstream, http://trac.webkit.org/changeset/64629/
467+Author: David Stansby <dstansby@gmail.com>
468+
469+diff -pruN -x '*~' webkit-1.2.5.orig/WebKit/gtk/webkit/webkitwebsettings.cpp webkit-1.2.5/WebKit/gtk/webkit/webkitwebsettings.cpp
470+--- webkit-1.2.5.orig/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-12-16 13:31:40.000000000 +0100
471++++ webkit-1.2.5/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-12-16 15:42:22.000000000 +0100
472+@@ -578,7 +578,7 @@ static void webkit_web_settings_class_in
473+ PROP_ENABLE_XSS_AUDITOR,
474+ g_param_spec_boolean("enable-xss-auditor",
475+ _("Enable XSS Auditor"),
476+- _("Whether to enable teh XSS auditor"),
477++ _("Whether to enable the XSS auditor"),
478+ TRUE,
479+ flags));
480+ /**
481
482=== modified file 'debian/patches/ubuntu-gir-version.patch'
483--- debian/patches/ubuntu-gir-version.patch 2010-10-21 13:40:42 +0000
484+++ debian/patches/ubuntu-gir-version.patch 2010-12-16 18:14:15 +0000
485@@ -1,3 +1,8 @@
486+From: Artur Rona <ari-tczew@ubuntu.com>
487+Description: Use the 1.2 gobject introspection abi.
488+Forwarded: not-needed
489+Author: Robert Ancell <robert.ancell@canonical.com>
490+
491 Index: webkit-1.2.5/WebKit/gtk/JSCore-1.0.gir
492 ===================================================================
493 --- webkit-1.2.5.orig/WebKit/gtk/JSCore-1.0.gir 2010-09-10 23:20:33.000000000 +1000

Subscribers

People subscribed via source and target branches

to all changes: