From 6d30a55d1ec2ae35871a446b4211807d78be8e0b Mon Sep 17 00:00:00 2001 From: Jaroslav Reznik Date: Mon, 14 Jun 2010 14:58:01 +0000 Subject: [PATCH] CVE-2010-1398 fix --- ...e-opensource-src-4.6.3-CVE-2010-1398.patch | 56 +++++++++++-------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch index 18e1d16..443de30 100644 --- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch @@ -1,6 +1,6 @@ -diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-02 04:03:12.000000000 +0200 -+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-10 21:10:21.197317643 +0200 +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-11 16:12:55.750525354 +0200 @@ -35,6 +35,7 @@ #include "ClientRect.h" #include "ClientRectList.h" @@ -25,7 +25,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem #if ENABLE(SVG) #include "SVGNames.h" -@@ -91,6 +94,51 @@ +@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData() { return new ElementRareData; } @@ -77,10 +77,18 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem PassRefPtr Element::cloneNode(bool deep) { -diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-02 04:03:12.000000000 +0200 -+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-10 21:09:56.802317368 +0200 -@@ -89,6 +89,8 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-14 16:54:57.639394749 +0200 +@@ -28,6 +28,7 @@ + #include "ContainerNode.h" + #include "QualifiedName.h" + #include "ScrollTypes.h" ++#include "DocumentFragment.h" + + namespace WebCore { + +@@ -89,6 +90,8 @@ public: DEFINE_ATTRIBUTE_EVENT_LISTENER(search); DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart); @@ -89,10 +97,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem const AtomicString& getIDAttribute() const; bool hasAttribute(const QualifiedName&) const; const AtomicString& getAttribute(const QualifiedName&) const; -diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-02 04:03:10.000000000 +0200 -+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-10 21:05:12.880192498 +0200 -@@ -1054,11 +1054,7 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-11 16:12:55.752525451 +0200 +@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range, PassRefPtr createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL) { @@ -105,10 +113,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/ if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL()) completeURLs(fragment.get(), baseURL); -diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-02 04:03:10.000000000 +0200 -+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-10 21:13:26.701317282 +0200 -@@ -235,9 +235,9 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-11 16:12:55.753537613 +0200 +@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const return createMarkup(this); } @@ -120,7 +128,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM if (endTagRequirement() == TagStatusForbidden) return 0; -@@ -245,47 +245,7 @@ +@@ -245,47 +245,7 @@ PassRefPtr HTMLElement hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag)) return 0; @@ -169,7 +177,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM } static inline bool hasOneChild(ContainerNode* node) -@@ -371,7 +331,7 @@ +@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str void HTMLElement::setInnerText(const String& text, ExceptionCode& ec) { @@ -178,7 +186,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM if (endTagRequirement() == TagStatusForbidden) { ec = NO_MODIFICATION_ALLOWED_ERR; return; -@@ -441,7 +401,7 @@ +@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str void HTMLElement::setOuterText(const String &text, ExceptionCode& ec) { @@ -187,7 +195,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM if (endTagRequirement() == TagStatusForbidden) { ec = NO_MODIFICATION_ALLOWED_ERR; return; -@@ -469,7 +429,7 @@ +@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str if (ec) return; @@ -196,7 +204,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM Node* prev = t->previousSibling(); if (prev && prev->isTextNode()) { Text* textPrev = static_cast(prev); -@@ -482,7 +442,7 @@ +@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str t = textPrev; } @@ -205,7 +213,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM Node* next = t->nextSibling(); if (next && next->isTextNode()) { Text* textNext = static_cast(next); -@@ -522,7 +482,7 @@ +@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const return 0; } @@ -214,7 +222,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM ec = NOT_SUPPORTED_ERR; return 0; } -@@ -530,7 +490,7 @@ +@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec) { if (!newChild) { @@ -223,7 +231,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM ec = TYPE_MISMATCH_ERR; return 0; } -@@ -567,8 +527,8 @@ +@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr) {