diff --git a/.gitignore b/.gitignore index 9b089bc..22c707f 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,5 @@ hi22-phonon-gstreamer.png hi32-phonon-gstreamer.png hi48-phonon-gstreamer.png hi64-phonon-gstreamer.png -qt-everywhere-opensource-src-4.7.0-beta2.tar.gz -/qt-everywhere-opensource-src-4.7.0-rc1.tar.gz -/qt-everywhere-opensource-src-4.7.0.tar.gz -/qt-everywhere-opensource-src-4.7.1.tar.gz +qt-everywhere-opensource-src-4.6.2.tar.gz +qt-everywhere-opensource-src-4.6.3.tar.gz diff --git a/0001-This-patch-uses-object-name-as-a-fallback-for-window.patch b/0001-This-patch-uses-object-name-as-a-fallback-for-window.patch new file mode 100644 index 0000000..1850cce --- /dev/null +++ b/0001-This-patch-uses-object-name-as-a-fallback-for-window.patch @@ -0,0 +1,117 @@ +From b48e2091871516496cf0b133249fbf5326a55831 Mon Sep 17 00:00:00 2001 +From: Lubos Lunak +Date: Sat, 23 Feb 2008 16:44:52 +0100 +Subject: [PATCH 01/13] This patch uses object name as a fallback for window role if no window + role is set explicitly using setWindowRole(). Since Qt3 always used + the object name as the window role and most Qt3/KDE3 code is ported to + call setObjectName(), + +this makes the window role set in many cases (which KWin uses for window identifying). + +NOTE: It is suggested to apply patch #0209 as well when this patch is used. + +qt-bugs@ issue : 167704 +Trolltech task ID : 168283 (status: "fixed" for Qt 4.4.0, but effectively refused) +--- + src/corelib/kernel/qobject.cpp | 8 ++++++++ + src/corelib/kernel/qobject_p.h | 3 +++ + src/gui/kernel/qwidget_p.h | 1 + + src/gui/kernel/qwidget_x11.cpp | 27 +++++++++++++++++++++------ + 4 files changed, 33 insertions(+), 6 deletions(-) + +diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp +index 6487194..ef0369e 100644 +--- a/src/corelib/kernel/qobject.cpp ++++ b/src/corelib/kernel/qobject.cpp +@@ -993,8 +993,16 @@ void QObject::setObjectName(const QString &name) + { + Q_D(QObject); + d->objectName = name; ++#if defined(Q_WS_X11) ++ d->checkWindowRole(); ++#endif + } + ++#if defined(Q_WS_X11) ++void QObjectPrivate::checkWindowRole() ++{ ++} ++#endif + + #ifdef QT3_SUPPORT + /*! \internal +diff --git a/src/corelib/kernel/qobject_p.h b/src/corelib/kernel/qobject_p.h +index 0bcccba..6ab9e10 100644 +--- a/src/corelib/kernel/qobject_p.h ++++ b/src/corelib/kernel/qobject_p.h +@@ -144,6 +144,9 @@ public: + mutable quint32 connectedSignals; + + QString objectName; ++#if defined(Q_WS_X11) ++ virtual void checkWindowRole(); ++#endif + + // Note: you must hold the signalSlotLock() before accessing the lists below or calling the functions + struct Connection +diff --git a/src/gui/kernel/qwidget_p.h b/src/gui/kernel/qwidget_p.h +index 774e390..176d6fa 100644 +--- a/src/gui/kernel/qwidget_p.h ++++ b/src/gui/kernel/qwidget_p.h +@@ -358,6 +358,7 @@ public: + + #if defined(Q_WS_X11) + void setWindowRole(); ++ virtual void checkWindowRole(); + void sendStartupMessage(const char *message) const; + void setNetWmWindowTypes(); + void x11UpdateIsOpaque(); +diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp +index 79ee8c9..b56849c 100644 +--- a/src/gui/kernel/qwidget_x11.cpp ++++ b/src/gui/kernel/qwidget_x11.cpp +@@ -778,13 +778,17 @@ void QWidgetPrivate::create_sys(WId window, bool initializeWindow, bool destroyO + data.fstrut_dirty = 1; + + // declare the widget's window role ++ QByteArray windowRole; + if (QTLWExtra *topData = maybeTopData()) { +- if (!topData->role.isEmpty()) { +- QByteArray windowRole = topData->role.toUtf8(); +- XChangeProperty(dpy, id, +- ATOM(WM_WINDOW_ROLE), XA_STRING, 8, PropModeReplace, +- (unsigned char *)windowRole.constData(), windowRole.length()); +- } ++ if (!topData->role.isEmpty()) ++ windowRole = topData->role.toUtf8(); ++ } ++ if (windowRole.isEmpty()) // use object name as a fallback ++ windowRole = objectName.toUtf8(); ++ if (!windowRole.isEmpty()) { ++ XChangeProperty(dpy, id, ++ ATOM(WM_WINDOW_ROLE), XA_STRING, 8, PropModeReplace, ++ (unsigned char *)windowRole.constData(), windowRole.length()); + } + + // set client leader property +@@ -2768,6 +2772,17 @@ void QWidgetPrivate::setWindowRole() + (unsigned char *)windowRole.constData(), windowRole.length()); + } + ++void QWidgetPrivate::checkWindowRole() ++{ ++ Q_Q(QWidget); ++ if( !q->windowRole().isEmpty() || !q->internalWinId()) ++ return; ++ QByteArray windowRole = objectName.toUtf8(); // use as a fallback ++ XChangeProperty(X11->display, q->internalWinId(), ++ ATOM(WM_WINDOW_ROLE), XA_STRING, 8, PropModeReplace, ++ (unsigned char *)windowRole.constData(), windowRole.length()); ++} ++ + Q_GLOBAL_STATIC(QX11PaintEngine, qt_widget_paintengine) + QPaintEngine *QWidget::paintEngine() const + { +-- +1.6.5.1 + diff --git a/0003-This-patch-changes-QObjectPrivateVersion-thus-preven.patch b/0003-This-patch-changes-QObjectPrivateVersion-thus-preven.patch new file mode 100644 index 0000000..f6b55e0 --- /dev/null +++ b/0003-This-patch-changes-QObjectPrivateVersion-thus-preven.patch @@ -0,0 +1,37 @@ +From 68eaa07de69e873b89d4aba341c6ed1ca81f6819 Mon Sep 17 00:00:00 2001 +From: Lubos Lunak +Date: Wed, 30 Jan 2008 14:24:01 +0100 +Subject: [PATCH 03/13] This patch changes QObjectPrivateVersion, thus preventing mixing + parts of upstream Qt and qt-copy. In general it is a bad idea to mix + e.g. libQtCore from one build and libQtGui from another one, and other + qt-copy patches could make changes in Qt internal structures that could + cause problems when mixed with upstream Qt. + +This patch does not make qt-copy binary incompatible with upstream Qt. +It only further enforces using the same sources for the whole Qt build. + +qt-bugs@ issue : none +Trolltech task ID : none +bugs.kde.org number : none +--- + src/corelib/kernel/qobject_p.h | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/corelib/kernel/qobject_p.h b/src/corelib/kernel/qobject_p.h +index 0bcccba..88192fd 100644 +--- a/src/corelib/kernel/qobject_p.h ++++ b/src/corelib/kernel/qobject_p.h +@@ -83,7 +83,9 @@ extern QSignalSpyCallbackSet Q_CORE_EXPORT qt_signal_spy_callback_set; + + inline QObjectData::~QObjectData() {} + +-enum { QObjectPrivateVersion = QT_VERSION }; ++// add 0x1000000 to mark it as qt-copy version, with possible modifications ++// in some Q*Private class ++enum { QObjectPrivateVersion = QT_VERSION + 0x1000000 }; + + class Q_CORE_EXPORT QObjectPrivate : public QObjectData + { +-- +1.6.5.1 + diff --git a/0006-Fix-configure.exe-to-do-an-out-of-source-build-on-wi.patch b/0006-Fix-configure.exe-to-do-an-out-of-source-build-on-wi.patch new file mode 100644 index 0000000..4999964 --- /dev/null +++ b/0006-Fix-configure.exe-to-do-an-out-of-source-build-on-wi.patch @@ -0,0 +1,67 @@ +From 8e28e0603a900e1b18ebfd14c4f87b16dabf4cf6 Mon Sep 17 00:00:00 2001 +From: Christian Ehrlicher +Date: Fri, 19 Sep 2008 17:41:26 +0200 +Subject: [PATCH 06/13] Fix configure.exe to do an out-of-source build on windows + +qt-bugs@ issue : N227213 +Trolltech task ID : none yet +--- + bin/syncqt | 6 +++++- + projects.pro | 3 +++ + src/tools/moc/main.cpp | 6 ++++++ + 3 files changed, 14 insertions(+), 1 deletions(-) + +diff --git a/bin/syncqt b/bin/syncqt +index 7a9f1d3..b5a8e1c 100755 +--- a/bin/syncqt ++++ b/bin/syncqt +@@ -365,9 +365,13 @@ sub fixPaths { + $match_dir = $tmp; + $i = $slash; + } ++ my $cnt_ofs = 0; ++ if($match_dir =~ /^[a-zA-Z]:$/) { ++ $cnt_ofs = 1; ++ } + if($match_dir) { + my $after = substr($dir, length($match_dir)); +- my $count = ($after =~ tr,/,,); ++ my $count = ($after =~ tr,/,,) - $cnt_ofs; + my $dots = ""; + for(my $i = 0; $i < $count; $i++) { + $dots .= "../"; +diff --git a/projects.pro b/projects.pro +index 2596c0a..3ba0688 100644 +--- a/projects.pro ++++ b/projects.pro +@@ -127,6 +127,9 @@ unix { + DEFAULT_QMAKESPEC ~= s,^.*mkspecs/,,g + mkspecs.commands += $(DEL_FILE) $(INSTALL_ROOT)$$mkspecs.path/default; $(SYMLINK) $$DEFAULT_QMAKESPEC $(INSTALL_ROOT)$$mkspecs.path/default + } ++win32 { ++ mkspecs.files += $$QT_BUILD_TREE/mkspecs/default ++} + INSTALLS += mkspecs + + false:macx { #mac install location +diff --git a/src/tools/moc/main.cpp b/src/tools/moc/main.cpp +index d519b09..7979836 100644 +--- a/src/tools/moc/main.cpp ++++ b/src/tools/moc/main.cpp +@@ -94,7 +94,13 @@ static QByteArray combinePath(const char *infile, const char *outfile) + inSplitted.prepend(QLatin1String("..")); + } + inSplitted.append(inFileInfo.fileName()); ++#ifdef Q_WS_WIN ++ const QString rel = inSplitted.join(QLatin1String("/")); ++ const QString abs = inFileInfo.absoluteFilePath(); ++ return QFile::encodeName(rel.length() < abs.length() ? rel : abs); ++#else + return QFile::encodeName(inSplitted.join(QLatin1String("/"))); ++#endif + } + + +-- +1.6.5.1 + diff --git a/0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch b/0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch new file mode 100644 index 0000000..e3b4370 --- /dev/null +++ b/0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch @@ -0,0 +1,73 @@ +From 0afcf33127c6ccbe5dfaae4f4c5e02f28dc10ae1 Mon Sep 17 00:00:00 2001 +From: Christian Ehrlicher +Date: Thu, 8 May 2008 21:25:49 +0200 +Subject: [PATCH 07/13] When using qmake outside qt src tree, it sometimes generates wrong + paths (wrong path separator) + +qt-bugs@ issue : none +Trolltech task ID : 214661 +--- + qmake/property.cpp | 29 ++++++++++++++++------------- + 1 files changed, 16 insertions(+), 13 deletions(-) + +diff --git a/qmake/property.cpp b/qmake/property.cpp +index 8ba89f9..dd78349 100644 +--- a/qmake/property.cpp ++++ b/qmake/property.cpp +@@ -81,29 +81,32 @@ QMakeProperty::keyBase(bool version) const + QString + QMakeProperty::value(QString v, bool just_check) + { ++ QString ret; + if(v == "QT_INSTALL_PREFIX") +- return QLibraryInfo::location(QLibraryInfo::PrefixPath); ++ ret = QLibraryInfo::location(QLibraryInfo::PrefixPath); + else if(v == "QT_INSTALL_DATA") +- return QLibraryInfo::location(QLibraryInfo::DataPath); ++ ret = QLibraryInfo::location(QLibraryInfo::DataPath); + else if(v == "QT_INSTALL_DOCS") +- return QLibraryInfo::location(QLibraryInfo::DocumentationPath); ++ ret = QLibraryInfo::location(QLibraryInfo::DocumentationPath); + else if(v == "QT_INSTALL_HEADERS") +- return QLibraryInfo::location(QLibraryInfo::HeadersPath); ++ ret = QLibraryInfo::location(QLibraryInfo::HeadersPath); + else if(v == "QT_INSTALL_LIBS") +- return QLibraryInfo::location(QLibraryInfo::LibrariesPath); ++ ret = QLibraryInfo::location(QLibraryInfo::LibrariesPath); + else if(v == "QT_INSTALL_BINS") +- return QLibraryInfo::location(QLibraryInfo::BinariesPath); ++ ret = QLibraryInfo::location(QLibraryInfo::BinariesPath); + else if(v == "QT_INSTALL_PLUGINS") +- return QLibraryInfo::location(QLibraryInfo::PluginsPath); ++ ret = QLibraryInfo::location(QLibraryInfo::PluginsPath); + else if(v == "QT_INSTALL_TRANSLATIONS") +- return QLibraryInfo::location(QLibraryInfo::TranslationsPath); ++ ret = QLibraryInfo::location(QLibraryInfo::TranslationsPath); + else if(v == "QT_INSTALL_CONFIGURATION") +- return QLibraryInfo::location(QLibraryInfo::SettingsPath); ++ ret = QLibraryInfo::location(QLibraryInfo::SettingsPath); + else if(v == "QT_INSTALL_EXAMPLES") +- return QLibraryInfo::location(QLibraryInfo::ExamplesPath); ++ ret = QLibraryInfo::location(QLibraryInfo::ExamplesPath); + else if(v == "QT_INSTALL_DEMOS") +- return QLibraryInfo::location(QLibraryInfo::DemosPath); +- else if(v == "QMAKE_MKSPECS") ++ ret = QLibraryInfo::location(QLibraryInfo::DemosPath); ++ if(!ret.isEmpty()) ++ return QDir::toNativeSeparators(ret); ++ if(v == "QMAKE_MKSPECS") + return qmake_mkspec_paths().join(Option::target_mode == Option::TARG_WIN_MODE ? ";" : ":"); + else if(v == "QMAKE_VERSION") + return qmake_version(); +@@ -116,7 +119,7 @@ QMakeProperty::value(QString v, bool just_check) + int slash = v.lastIndexOf('/'); + QVariant var = settings->value(keyBase(slash == -1) + v); + bool ok = var.isValid(); +- QString ret = var.toString(); ++ ret = var.toString(); + if(!ok) { + QString version = qmake_version(); + if(slash != -1) { +-- +1.6.5.1 + diff --git a/0008-This-patch-makes-the-raster-graphics-system-use-shar.patch b/0008-This-patch-makes-the-raster-graphics-system-use-shar.patch new file mode 100644 index 0000000..a506a04 --- /dev/null +++ b/0008-This-patch-makes-the-raster-graphics-system-use-shar.patch @@ -0,0 +1,93 @@ +From 8731ab999b849dac4716e3d29f5f55ed8e56438e Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Thu, 25 Jun 2009 13:50:29 +0200 +Subject: [PATCH 08/13] This patch makes the raster graphics system use shared images instead + of shared pixmaps. + +Shared memory pixmaps are deprecated since they are slower than shared +images with modern graphics hardware. They are also not supported by EXA +drivers and can be disabled in the latest version of the NVidia driver. + +qt-bugs@ issue : none +Qt Software task ID : none +bugs.kde.org number : none +--- + src/gui/image/qnativeimage.cpp | 10 ---------- + src/gui/image/qnativeimage_p.h | 1 - + src/gui/painting/qwindowsurface_raster.cpp | 13 ++++++++++--- + 3 files changed, 10 insertions(+), 14 deletions(-) + +diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp +index 3745708..3c21fce 100644 +--- a/src/gui/image/qnativeimage.cpp ++++ b/src/gui/image/qnativeimage.cpp +@@ -147,7 +147,6 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /* + { + if (!X11->use_mitshm) { + xshmimg = 0; +- xshmpm = 0; + image = QImage(width, height, format); + return; + } +@@ -191,11 +190,6 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /* + shmctl(xshminfo.shmid, IPC_RMID, 0); + return; + } +- xshmpm = XShmCreatePixmap(X11->display, DefaultRootWindow(X11->display), xshmimg->data, +- &xshminfo, width, height, dd); +- if (!xshmpm) { +- qWarning() << "QNativeImage: Unable to create shared Pixmap."; +- } + } + + +@@ -204,10 +198,6 @@ QNativeImage::~QNativeImage() + if (!xshmimg) + return; + +- if (xshmpm) { +- XFreePixmap(X11->display, xshmpm); +- xshmpm = 0; +- } + XShmDetach(X11->display, &xshminfo); + xshmimg->data = 0; + XDestroyImage(xshmimg); +diff --git a/src/gui/image/qnativeimage_p.h b/src/gui/image/qnativeimage_p.h +index 07d5dfe..ba01854 100644 +--- a/src/gui/image/qnativeimage_p.h ++++ b/src/gui/image/qnativeimage_p.h +@@ -90,7 +90,6 @@ public: + + #elif defined(Q_WS_X11) && !defined(QT_NO_MITSHM) + XImage *xshmimg; +- Pixmap xshmpm; + XShmSegmentInfo xshminfo; + + #elif defined(Q_WS_MAC) +diff --git a/src/gui/painting/qwindowsurface_raster.cpp b/src/gui/painting/qwindowsurface_raster.cpp +index d6fb03b..09963d9 100644 +--- a/src/gui/painting/qwindowsurface_raster.cpp ++++ b/src/gui/painting/qwindowsurface_raster.cpp +@@ -220,9 +220,16 @@ void QRasterWindowSurface::flush(QWidget *widget, const QRegion &rgn, const QPoi + + QRect br = rgn.boundingRect().translated(offset); + #ifndef QT_NO_MITSHM +- if (d_ptr->image->xshmpm) { +- XCopyArea(X11->display, d_ptr->image->xshmpm, widget->handle(), d_ptr->gc, +- br.x(), br.y(), br.width(), br.height(), wbr.x(), wbr.y()); ++ if (d_ptr->image->xshmimg && (br.width() * br.height() > 65536)) { ++ const QImage &src = d->image->image; ++ br = br.intersected(src.rect()); ++ // Hack to make sure we satisify the PutImage() constraints in the X server, ++ // since the doShmPutImage() route currently forces a migration to system ram. ++ wbr.setX(wbr.x() - br.x()); ++ br.setX(0); ++ br.setWidth(src.width()); ++ XShmPutImage(X11->display, widget->handle(), d_ptr->gc, d_ptr->image->xshmimg, ++ br.x(), br.y(), wbr.x(), wbr.y(), br.width(), br.height(), False); + XSync(X11->display, False); + } else + #endif +-- +1.6.5.1 + diff --git a/0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch b/0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch new file mode 100644 index 0000000..8e6396e --- /dev/null +++ b/0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch @@ -0,0 +1,30 @@ +From bb8255da422470c5012b6b1c4c24eb2afb6804dc Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Fri, 26 Jun 2009 11:41:45 +0200 +Subject: [PATCH 09/13] Restore a section of the file that got removed due to conflict resolution. + +Thanks to Kevin Kofler for pointing this out +--- + src/gui/kernel/qapplication_x11.cpp | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/gui/kernel/qapplication_x11.cpp b/src/gui/kernel/qapplication_x11.cpp +index 33aec9e..53f020b 100644 +--- a/src/gui/kernel/qapplication_x11.cpp ++++ b/src/gui/kernel/qapplication_x11.cpp +@@ -1955,9 +1955,9 @@ void qt_init(QApplicationPrivate *priv, int, + bool local = displayName.isEmpty() || displayName.lastIndexOf(QLatin1Char(':')) == 0; + if (local && (qgetenv("QT_X11_NO_MITSHM").toInt() == 0)) { + Visual *defaultVisual = DefaultVisual(X11->display, DefaultScreen(X11->display)); +- X11->use_mitshm = mitshm_pixmaps && (defaultVisual->red_mask == 0xff0000 +- && defaultVisual->green_mask == 0xff00 +- && defaultVisual->blue_mask == 0xff); ++ X11->use_mitshm = defaultVisual->red_mask == 0xff0000 ++ && defaultVisual->green_mask == 0xff00 ++ && defaultVisual->blue_mask == 0xff; + } + } + #endif // QT_NO_MITSHM +-- +1.6.5.1 + diff --git a/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch b/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch new file mode 100644 index 0000000..c995519 --- /dev/null +++ b/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch @@ -0,0 +1,44 @@ +From 0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c Mon Sep 17 00:00:00 2001 +From: Bradley T. Hughes +Date: Tue, 4 May 2010 16:25:18 +0200 +Subject: [PATCH] Use qrand() instead of rand() + +This only affects X11 code, and are the only 2 places in Qt where rand() is +used instead of qrand(). + +Task-number: QTBUG-9793 +Reviewed-by: TrustMe +--- + src/gui/kernel/qwidget_x11.cpp | 2 +- + src/gui/painting/qpaintengine_x11.cpp | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp +index 37ac6bf..43f510c 100644 +--- a/src/gui/kernel/qwidget_x11.cpp ++++ b/src/gui/kernel/qwidget_x11.cpp +@@ -3000,7 +3000,7 @@ Picture QX11Data::getSolidFill(int screen, const QColor &c) + return X11->solid_fills[i].picture; + } + // none found, replace one +- int i = rand() % 16; ++ int i = qrand() % 16; + + if (X11->solid_fills[i].screen != screen && X11->solid_fills[i].picture) { + XRenderFreePicture (X11->display, X11->solid_fills[i].picture); +diff --git a/src/gui/painting/qpaintengine_x11.cpp b/src/gui/painting/qpaintengine_x11.cpp +index da48fcb..aef8b80 100644 +--- a/src/gui/painting/qpaintengine_x11.cpp ++++ b/src/gui/painting/qpaintengine_x11.cpp +@@ -315,7 +315,7 @@ static Picture getPatternFill(int screen, const QBrush &b) + return X11->pattern_fills[i].picture; + } + // none found, replace one +- int i = rand() % 16; ++ int i = qrand() % 16; + + if (X11->pattern_fills[i].screen != screen && X11->pattern_fills[i].picture) { + XRenderFreePicture (X11->display, X11->pattern_fills[i].picture); +-- +1.6.1 + diff --git a/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch b/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch new file mode 100644 index 0000000..db936ac --- /dev/null +++ b/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch @@ -0,0 +1,28 @@ +From 55ef01d93f8257b5927660290fc1ead0b2b74ec9 Mon Sep 17 00:00:00 2001 +From: Andreas Hartmetz +Date: Thu, 18 Mar 2010 02:41:14 +0100 +Subject: [PATCH] Add environment variable switch for graphicssystem so distros and + non-developers can more easily pick a different default. + +--- + src/gui/kernel/qapplication.cpp | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/src/gui/kernel/qapplication.cpp b/src/gui/kernel/qapplication.cpp +index 49713cf..af83047 100644 +--- a/src/gui/kernel/qapplication.cpp ++++ b/src/gui/kernel/qapplication.cpp +@@ -763,6 +763,10 @@ void QApplicationPrivate::construct( + + qt_is_gui_used = (qt_appType != QApplication::Tty); + process_cmdline(); ++ // the environment variable has the lowest precedence of runtime graphicssystem switches ++ if (graphics_system_name.isEmpty()) { ++ graphics_system_name = QString::fromLocal8Bit(qgetenv("QT_GRAPHICSSYSTEM")); ++ } + // Must be called before initialize() + qt_init(this, qt_appType + #ifdef Q_WS_X11 +-- +1.6.1 + diff --git a/qt-4.6.3-bn-rendering-bz562049.patch b/qt-4.6.3-bn-rendering-bz562049.patch deleted file mode 100644 index 0e562e4..0000000 --- a/qt-4.6.3-bn-rendering-bz562049.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -rup qt-everywhere-opensource-src-4.6.3/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp qt-everywhere-opensource-src-4.6.3_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-06-02 07:33:13.000000000 +0530 -+++ qt-everywhere-opensource-src-4.6.3_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-09-04 13:27:33.000000000 +0530 -@@ -1741,6 +1741,11 @@ static int indic_nextSyllableBoundary(HB - if (state == Halant && uc[pos] == 0x200d /* ZWJ */) - break; - // the control character should be the last char in the item -+ if (state == Consonant && script == HB_Script_Bengali && uc[pos-1] == 0x09B0 && uc[pos] == 0x200d /* ZWJ */) -+ break; -+ if (state == Consonant && script == HB_Script_Kannada && uc[pos-1] == 0x0CB0 && uc[pos] == 0x200d /* ZWJ */) -+ break; -+ // Bengali and Kannada has a special exception for rendering yaphala with ra (to avoid reph) see http://www.unicode.org/faq/indic.html#15 - ++pos; - goto finish; - case Consonant: diff --git a/qt-4.6.3-bn-rendering-bz562058.patch b/qt-4.6.3-bn-rendering-bz562058.patch deleted file mode 100644 index ee76927..0000000 --- a/qt-4.6.3-bn-rendering-bz562058.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -rup qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp qt-everywhere-opensource-src-4.7.0-beta2_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp ---- qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-06-30 07:23:12.000000000 +0530 -+++ qt-everywhere-opensource-src-4.7.0-beta2_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-09-22 14:33:33.000000000 +0530 -@@ -37,7 +37,7 @@ static HB_Bool isLetter(HB_UChar16 ucs) - FLAG(HB_Letter_Titlecase) | - FLAG(HB_Letter_Modifier) | - FLAG(HB_Letter_Other); -- return FLAG(HB_GetUnicodeCharCategory(ucs)) & test; -+ return (FLAG(HB_GetUnicodeCharCategory(ucs)) & test) != 0; - } - - static HB_Bool isMark(HB_UChar16 ucs) diff --git a/qt-4.6.3-indic-rendering-bz631732.patch b/qt-4.6.3-indic-rendering-bz631732.patch deleted file mode 100644 index 507f876..0000000 --- a/qt-4.6.3-indic-rendering-bz631732.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -rup qt-everywhere-opensource-src-4.6.3/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp qt-everywhere-opensource-src-4.6.3_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp ---- qt-everywhere-opensource-src-4.6.3/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-06-02 07:33:13.000000000 +0530 -+++ qt-everywhere-opensource-src-4.6.3_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-09-10 18:37:23.000000000 +0530 -@@ -1779,10 +1779,6 @@ static int indic_nextSyllableBoundary(HB - case Matra: - if (state == Consonant || state == Nukta) - break; -- if (state == Matra) { -- // ### needs proper testing for correct two/three part matras -- break; -- } - // ### not sure if this is correct. If it is, does it apply only to Bengali or should - // it work for all Indic languages? - // the combination Independent_A + Vowel Sign AA is allowed. diff --git a/qt-4.6.3-indic-rendering-bz636399.patch b/qt-4.6.3-indic-rendering-bz636399.patch deleted file mode 100644 index bf49f30..0000000 --- a/qt-4.6.3-indic-rendering-bz636399.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -rup qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp qt-everywhere-opensource-src-4.7.0-beta2_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp ---- qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-06-30 07:23:12.000000000 +0530 -+++ qt-everywhere-opensource-src-4.7.0-beta2_mod/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2010-09-20 11:40:58.000000000 +0530 -@@ -660,18 +660,18 @@ static const unsigned char indicPosition - None, None, None, None, - - None, None, None, None, -- None, None, None, None, -- None, None, None, None, -- None, None, None, None, -+ None, Below, Below, Below, -+ Below, Below, Below, Below, -+ Below, Below, None, Below, - -- None, None, None, None, -- Below, None, None, None, -- Below, None, None, None, -+ Below, Below, Below, Below, -+ Below, Below, Below, Below, -+ Below, None, Below, Below, - Below, Below, Below, Post, - - Below, None, Below, Below, -- None, None, None, None, -- None, None, None, None, -+ None, Below, Below, Below, -+ Below, Below, None, None, - None, None, Post, Above, - - Post, Below, Below, Below, diff --git a/qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch b/qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch new file mode 100644 index 0000000..b300574 --- /dev/null +++ b/qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch @@ -0,0 +1,41 @@ +diff -ur qt-all-opensource-src-4.4.0-rc1/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp qt-all-opensource-src-4.4.0-rc1-as_IN-437440/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp +--- qt-all-opensource-src-4.4.0-rc1/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2008-04-02 18:33:48.000000000 +0200 ++++ qt-all-opensource-src-4.4.0-rc1-as_IN-437440/src/3rdparty/harfbuzz/src/harfbuzz-indic.cpp 2008-04-08 04:37:45.000000000 +0200 +@@ -552,7 +552,7 @@ + None, None, None, None, + None, None, None, None, + +- None, None, None, None, ++ Below, None, None, None, + None, None, None, None, + None, None, None, None, + None, None, None, None, +@@ -1169,7 +1169,7 @@ + HB_Script script = item->item.script; + assert(script >= HB_Script_Devanagari && script <= HB_Script_Sinhala); + const unsigned short script_base = 0x0900 + 0x80*(script-HB_Script_Devanagari); +- const unsigned short ra = script_base + 0x30; ++ unsigned short ra = script_base + 0x30; + const unsigned short halant = script_base + 0x4d; + const unsigned short nukta = script_base + 0x3c; + bool control = false; +@@ -1212,6 +1212,19 @@ + HB_UChar16 *uc = reordered; + bool beginsWithRa = false; + ++ // Exception in Bengali Script ++ // ++ // Bengali script supports two languages bengali and assamese ++ // Unfortunately for both languages there is different ra defined in same script chart ++ // for Bengali it ra is 'Base+ 0x30' and for assamese 'Base+0x70' ++ // Base is same 0x0980 ++ // To handle this exception we need to change ra to from const to normal variable ++ // and aslo need to change ra to 'Base+0x70' whenever we will get assamese language ++ //character in data ++ if((script == HB_Script_Bengali) && (*uc==0x09F0)){ ++ ra = script_base + 0x70; ++ } ++ + // Rule 1: find base consonant + // + // The shaping engine finds the base consonant of the diff --git a/qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch b/qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch new file mode 100644 index 0000000..e90609a --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch @@ -0,0 +1,21 @@ +diff -up qt-everywhere-opensource-src-4.6.0-beta1/tools/qdoc3/qdoc3.pro.qdoc3 qt-everywhere-opensource-src-4.6.0-beta1/tools/qdoc3/qdoc3.pro +--- qt-everywhere-opensource-src-4.6.0-beta1/tools/qdoc3/qdoc3.pro.qdoc3 2009-10-13 10:34:08.000000000 -0500 ++++ qt-everywhere-opensource-src-4.6.0-beta1/tools/qdoc3/qdoc3.pro 2009-10-16 14:55:27.024789581 -0500 +@@ -105,3 +105,6 @@ SOURCES += apigenerator.cpp \ + webxmlgenerator.cpp \ + yyindent.cpp + ++TARGET= qdoc3 ++target.path = $$[QT_INSTALL_BINS] ++INSTALLS += target +diff -up qt-everywhere-opensource-src-4.6.0-beta1/tools/tools.pro.qdoc3 qt-everywhere-opensource-src-4.6.0-beta1/tools/tools.pro +--- qt-everywhere-opensource-src-4.6.0-beta1/tools/tools.pro.qdoc3 2009-10-13 10:34:08.000000000 -0500 ++++ qt-everywhere-opensource-src-4.6.0-beta1/tools/tools.pro 2009-10-16 14:57:49.699789384 -0500 +@@ -14,6 +14,7 @@ no-png { + SUBDIRS += designer + } + SUBDIRS += linguist ++ SUBDIRS += qdoc3 + symbian: SUBDIRS = designer + wince*: SUBDIRS = qtestlib designer + unix:!mac:!embedded:contains(QT_CONFIG, qt3support):SUBDIRS += qtconfig diff --git a/qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch b/qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch new file mode 100644 index 0000000..6f7b4b4 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch @@ -0,0 +1,60 @@ +diff -up qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/audiooutput.cpp.gst-pulsaudio qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/audiooutput.cpp +--- qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/audiooutput.cpp.gst-pulsaudio 2009-11-27 02:27:50.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/audiooutput.cpp 2009-12-01 13:36:43.000000000 +0100 +@@ -148,7 +148,9 @@ bool AudioOutput::setOutputDevice(int ne + // Save previous state + GstState oldState = GST_STATE(m_audioSink); + const QByteArray oldDeviceValue = GstHelper::property(m_audioSink, "device"); +- const QByteArray deviceId = deviceList.at(deviceIdx).gstId; ++ const QByteArray deviceId = (deviceList.at(deviceIdx).gstId == "PulseAudio" ++ ? "default" ++ : deviceList.at(deviceIdx).gstId); + m_device = newDevice; + + // We test if the device can be opened by checking if it can go from NULL to READY state +diff -up qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/devicemanager.cpp.gst-pulsaudio qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/devicemanager.cpp +--- qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/devicemanager.cpp.gst-pulsaudio 2009-11-27 02:27:50.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.0/src/3rdparty/phonon/gstreamer/devicemanager.cpp 2009-12-01 13:04:18.000000000 +0100 +@@ -50,6 +50,8 @@ AudioDevice::AudioDevice(DeviceManager * + //get name from device + if (gstId == "default") { + description = "Default audio device"; ++ } else if (gstId == "PulseAudio") { ++ description = QObject::tr("Pass all audio through the PulseAudio Sound Server.\n").toUtf8(); + } else { + GstElement *aSink= manager->createAudioSink(); + +@@ -178,6 +180,18 @@ GstElement *DeviceManager::createAudioSi + } + } + ++ if (!sink) { ++ sink = gst_element_factory_make ("pulsesink", NULL); ++ if (canOpenDevice(sink)) { ++ m_backend->logMessage("AudioOutput using pulse audio sink"); ++ m_audioSink = "pulsesink"; ++ } ++ else if (sink) { ++ gst_object_unref(sink); ++ sink = 0; ++ } ++ } ++ + #ifdef USE_ALSASINK2 + if (!sink) { + sink = gst_element_factory_make ("_k_alsasink", NULL); +@@ -311,8 +325,12 @@ void DeviceManager::updateDeviceList() + QList list; + + if (audioSink) { +- list = GstHelper::extractProperties(audioSink, "device"); +- list.prepend("default"); ++ if (m_audioSink == "pulsesink") { ++ list.append("PulseAudio"); ++ } else { ++ list = GstHelper::extractProperties(audioSink, "device"); ++ list.prepend("default"); ++ } + + for (int i = 0 ; i < list.size() ; ++i) { + QByteArray gstId = list.at(i); diff --git a/qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch b/qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch new file mode 100644 index 0000000..e4e32b3 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch @@ -0,0 +1,267 @@ +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y 2010-02-25 17:07:29.114742034 +0100 +@@ -416,7 +416,9 @@ valid_rule: + ; + + rule: +- valid_rule ++ valid_rule { ++ static_cast(parser)->m_hadSyntacticallyValidCSSRule = true; ++ } + | invalid_rule + | invalid_at + | invalid_import +@@ -1517,8 +1519,12 @@ invalid_rule: + ; + + invalid_block: +- '{' error invalid_block_list error closing_brace +- | '{' error closing_brace ++ '{' error invalid_block_list error closing_brace { ++ static_cast(parser)->invalidBlockHit(); ++ } ++ | '{' error closing_brace { ++ static_cast(parser)->invalidBlockHit(); ++ } + ; + + invalid_block_list: +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp 2010-02-25 17:13:34.292803953 +0100 +@@ -25,6 +25,7 @@ + #include "CachedCSSStyleSheet.h" + #include "DocLoader.h" + #include "Document.h" ++#include "SecurityOrigin.h" + #include "MediaList.h" + #include "Settings.h" + #include +@@ -60,11 +61,21 @@ void CSSImportRule::setCSSStyleSheet(con + m_styleSheet->setParent(0); + m_styleSheet = CSSStyleSheet::create(this, url, charset); + ++ bool crossOriginCSS = false; ++ bool validMIMEType = false; + CSSStyleSheet* parent = parentStyleSheet(); + bool strict = !parent || parent->useStrictParsing(); +- String sheetText = sheet->sheetText(strict); ++ bool enforceMIMEType = strict; ++ ++ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType); + m_styleSheet->parseString(sheetText, strict); + ++ if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url))) ++ crossOriginCSS = true; ++ ++ if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader()) ++ m_styleSheet = CSSStyleSheet::create(this, url, charset); ++ + if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) { + // Work around . + DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css")); +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-25 17:07:29.101741771 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp 2010-02-25 17:07:29.117741744 +0100 +@@ -139,6 +139,7 @@ CSSParser::CSSParser(bool strictParsing) + , m_currentShorthand(0) + , m_implicitShorthand(false) + , m_hasFontFaceOnlyValues(false) ++ , m_hadSyntacticallyValidCSSRule(false) + , m_defaultNamespace(starAtom) + , m_data(0) + , yy_start(1) +@@ -5175,6 +5176,12 @@ WebKitCSSKeyframeRule* CSSParser::create + return keyframePtr; + } + ++void CSSParser::invalidBlockHit() ++{ ++ if (m_styleSheet && !m_hadSyntacticallyValidCSSRule) ++ m_styleSheet->setHasSyntacticallyValidCSSHeader(false); ++} ++ + static int cssPropertyID(const UChar* propertyName, unsigned length) + { + if (!length) +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h 2010-02-25 17:07:29.117741744 +0100 +@@ -191,6 +191,7 @@ namespace WebCore { + bool addVariableDeclarationBlock(const CSSParserString&); + bool checkForVariables(CSSParserValueList*); + void addUnresolvedProperty(int propId, bool important); ++ void invalidBlockHit(); + + Vector* reusableSelectorVector() { return &m_reusableSelectorVector; } + +@@ -212,6 +213,7 @@ namespace WebCore { + bool m_implicitShorthand; + + bool m_hasFontFaceOnlyValues; ++ bool m_hadSyntacticallyValidCSSRule; + + Vector m_variableNames; + Vector > m_variableValues; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp 2010-02-25 17:07:29.118741824 +0100 +@@ -41,6 +41,7 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe + , m_loadCompleted(false) + , m_strictParsing(!parentSheet || parentSheet->useStrictParsing()) + , m_isUserStyleSheet(parentSheet ? parentSheet->isUserStyleSheet() : false) ++ , m_hasSyntacticallyValidCSSHeader(true) + { + } + +@@ -52,6 +53,7 @@ CSSStyleSheet::CSSStyleSheet(Node* paren + , m_loadCompleted(false) + , m_strictParsing(false) + , m_isUserStyleSheet(false) ++ , m_hasSyntacticallyValidCSSHeader(true) + { + } + +@@ -61,6 +63,7 @@ CSSStyleSheet::CSSStyleSheet(CSSRule* ow + , m_charset(charset) + , m_loadCompleted(false) + , m_strictParsing(!ownerRule || ownerRule->useStrictParsing()) ++ , m_hasSyntacticallyValidCSSHeader(true) + { + CSSStyleSheet* parentSheet = ownerRule ? ownerRule->parentStyleSheet() : 0; + m_doc = parentSheet ? parentSheet->doc() : 0; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h 2010-02-25 17:07:29.118741824 +0100 +@@ -95,6 +95,8 @@ public: + + void setIsUserStyleSheet(bool b) { m_isUserStyleSheet = b; } + bool isUserStyleSheet() const { return m_isUserStyleSheet; } ++ void setHasSyntacticallyValidCSSHeader(bool b) { m_hasSyntacticallyValidCSSHeader = b; } ++ bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; } + + private: + CSSStyleSheet(Node* ownerNode, const String& href, const String& charset); +@@ -110,6 +112,7 @@ private: + bool m_loadCompleted : 1; + bool m_strictParsing : 1; + bool m_isUserStyleSheet : 1; ++ bool m_hasSyntacticallyValidCSSHeader : 1; + }; + + } // namespace +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp 2010-02-25 17:07:29.118741824 +0100 +@@ -203,7 +203,10 @@ void ProcessingInstruction::setCSSStyleS + #endif + RefPtr newSheet = CSSStyleSheet::create(this, url, charset); + m_sheet = newSheet; +- parseStyleSheet(sheet->sheetText()); ++ // We don't need the cross-origin security check here because we are ++ // getting the sheet text in "strict" mode. This enforces a valid CSS MIME ++ // type. ++ parseStyleSheet(sheet->sheetText(true)); + newSheet->setTitle(m_title); + newSheet->setMedia(MediaList::create(newSheet.get(), m_media)); + newSheet->setDisabled(m_alternate); +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp 2010-02-25 17:07:29.119741915 +0100 +@@ -260,14 +260,27 @@ void HTMLLinkElement::setCSSStyleSheet(c + bool strictParsing = !document()->inCompatMode(); + bool enforceMIMEType = strictParsing; + ++ bool crossOriginCSS = false; ++ bool validMIMEType = false; + // Check to see if we should enforce the MIME type of the CSS resource in strict mode. + // Running in iWeb 2 is one example of where we don't want to - + if (enforceMIMEType && document()->page() && !document()->page()->settings()->enforceCSSMIMETypeInStrictMode()) + enforceMIMEType = false; + +- String sheetText = sheet->sheetText(enforceMIMEType); ++ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType); + m_sheet->parseString(sheetText, strictParsing); + ++ // If we're loading a stylesheet cross-origin, and the MIME type is not ++ // standard, require the CSS to at least start with a syntactically ++ // valid CSS rule. ++ // This prevents an attacker playing games by injecting CSS strings into ++ // HTML, XML, JSON, etc. etc. ++ if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url))) ++ crossOriginCSS = true; ++ ++ if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader()) ++ m_sheet = CSSStyleSheet::create(this, url, charset); ++ + if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) { + // Work around . + DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css")); +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp 2010-02-25 17:07:29.119741915 +0100 +@@ -71,11 +71,11 @@ String CachedCSSStyleSheet::encoding() c + return m_decoder->encoding().name(); + } + +-const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType) const ++const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType, bool* hasValidMIMEType) const + { + ASSERT(!isPurgeable()); + +- if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType)) ++ if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType, hasValidMIMEType)) + return String(); + + if (!m_decodedSheetText.isNull()) +@@ -122,12 +122,12 @@ void CachedCSSStyleSheet::error() + checkNotify(); + } + +-bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType) const ++bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const + { + if (errorOccurred()) + return false; + +- if (!enforceMIMEType) ++ if (!enforceMIMEType && !hasValidMIMEType) + return true; + + // This check exactly matches Firefox. Note that we grab the Content-Type +@@ -138,7 +138,12 @@ bool CachedCSSStyleSheet::canUseSheet(bo + // This code defaults to allowing the stylesheet for non-HTTP protocols so + // folks can use standards mode for local HTML documents. + String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField("Content-Type")); +- return mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type"); ++ bool typeOK = mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type"); ++ if (hasValidMIMEType) ++ *hasValidMIMEType = typeOK; ++ if (!enforceMIMEType) ++ return true; ++ return typeOK; + } + + } +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h 2010-02-25 17:07:29.120741848 +0100 +@@ -40,7 +40,7 @@ namespace WebCore { + CachedCSSStyleSheet(const String& URL, const String& charset); + virtual ~CachedCSSStyleSheet(); + +- const String sheetText(bool enforceMIMEType = true) const; ++ const String sheetText(bool enforceMIMEType = true, bool* hasValidMIMEType = 0) const; + + virtual void didAddClient(CachedResourceClient*); + +@@ -56,7 +56,7 @@ namespace WebCore { + void checkNotify(); + + private: +- bool canUseSheet(bool enforceMIMEType) const; ++ bool canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const; + + protected: + RefPtr m_decoder; diff --git a/qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch b/qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch new file mode 100644 index 0000000..495759d --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch @@ -0,0 +1,782 @@ +diff -U0 qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog 2010-05-03 15:55:37.703101680 +0200 +@@ -0,0 +1,90 @@ ++2010-01-20 Adam Barth ++ ++ Reviewed by Darin Adler. ++ ++ Stylesheet href property shows redirected URL unlike other browsers ++ https://bugs.webkit.org/show_bug.cgi?id=33683 ++ ++ Teach StyleSheet the difference between original and final URLs in ++ redirect chains. Unfortunately, StyleSheet needs to know both of these ++ URLs. The original URL is needed for the href property and the final ++ URL is needed as the baseURL. ++ ++ This change required touching a lot of lines of code because we need to ++ plumb this information to the StyleSheet object. I audited all ++ existing clients of href() and setHref() to see whether they wanted the ++ original or final URLs. I then updated the clients (except the JS ++ bindings themselves) to use the correct accessor. ++ ++ Test: http/tests/security/stylesheet-href-redirect.html ++ ++ * css/CSSImportRule.cpp: ++ (WebCore::CSSImportRule::setCSSStyleSheet): ++ (WebCore::CSSImportRule::insertedIntoParent): ++ * css/CSSImportRule.h: ++ * css/CSSStyleSheet.cpp: ++ (WebCore::CSSStyleSheet::CSSStyleSheet): ++ * css/CSSStyleSheet.h: ++ (WebCore::CSSStyleSheet::create): ++ (WebCore::CSSStyleSheet::createInline): Added a new constructor to deal ++ with "inline" style sheets that don't have a distinct original and ++ final URL. ++ * css/StyleBase.cpp: ++ (WebCore::StyleBase::baseURL): This code wants to use the final URL, ++ not the original URL. Updated it to grab the baseURL directly. ++ * css/StyleSheet.cpp: ++ (WebCore::StyleSheet::StyleSheet): ++ * css/StyleSheet.h: ++ (WebCore::StyleSheet::href): ++ (WebCore::StyleSheet::setBaseURL): This function really just updates ++ the base URL of the style sheet, so I made it more explicit. ++ (WebCore::StyleSheet::putativeBaseURL): We need an accessor for the ++ base URL, but baseURL is already taken. ++ * dom/Document.cpp: ++ (WebCore::Document::updateBaseURL): ++ (WebCore::Document::pageUserSheet): ++ (WebCore::Document::pageGroupUserSheets): ++ (WebCore::Document::elementSheet): ++ (WebCore::Document::mappedElementSheet): ++ * dom/ProcessingInstruction.cpp: ++ (WebCore::ProcessingInstruction::checkStyleSheet): ++ (WebCore::ProcessingInstruction::setCSSStyleSheet): ++ (WebCore::ProcessingInstruction::setXSLStyleSheet): ++ * dom/ProcessingInstruction.h: ++ * dom/StyleElement.cpp: ++ (WebCore::StyleElement::createSheet): ++ * html/HTMLLinkElement.cpp: ++ (WebCore::HTMLLinkElement::setCSSStyleSheet): ++ * html/HTMLLinkElement.h: ++ * loader/CachedCSSStyleSheet.cpp: ++ (WebCore::CachedCSSStyleSheet::didAddClient): ++ (WebCore::CachedCSSStyleSheet::checkNotify): This code now passes both ++ the original and final URL into setCSSStyleSheet so that the style ++ sheet can have both. ++ * loader/CachedResourceClient.h: ++ (WebCore::CachedResourceClient::setCSSStyleSheet): ++ (WebCore::CachedResourceClient::setXSLStyleSheet): ++ * loader/CachedXSLStyleSheet.cpp: ++ (WebCore::CachedXSLStyleSheet::didAddClient): ++ (WebCore::CachedXSLStyleSheet::checkNotify): I don't have any direct ++ evidence that we need to change the XSLStyleSheet behavior, which is ++ why I wasn't able to add a test for the behavior. However, the objects ++ are parallel enough that it seemed like the right thing to do. ++ * xml/XSLImportRule.cpp: ++ (WebCore::XSLImportRule::setXSLStyleSheet): ++ (WebCore::XSLImportRule::loadSheet): ++ * xml/XSLImportRule.h: ++ * xml/XSLStyleSheet.h: ++ (WebCore::XSLStyleSheet::create): ++ (WebCore::XSLStyleSheet::createEmbedded): ++ * xml/XSLStyleSheetLibxslt.cpp: ++ (WebCore::XSLStyleSheet::XSLStyleSheet): ++ (WebCore::XSLStyleSheet::parseString): ++ (WebCore::XSLStyleSheet::loadChildSheets): ++ * xml/XSLStyleSheetQt.cpp: ++ (WebCore::XSLStyleSheet::XSLStyleSheet): ++ * xml/XSLTProcessorLibxslt.cpp: ++ (WebCore::xsltStylesheetPointer): ++ * xml/XSLTProcessorQt.cpp: ++ (WebCore::XSLTProcessor::transformToString): ++ +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.652102626 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp 2010-05-03 16:49:14.631038884 +0200 +@@ -55,11 +55,11 @@ CSSImportRule::~CSSImportRule() + m_cachedSheet->removeClient(this); + } + +-void CSSImportRule::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet) ++void CSSImportRule::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet) + { + if (m_styleSheet) + m_styleSheet->setParent(0); +- m_styleSheet = CSSStyleSheet::create(this, url, charset); ++ m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset); + + bool crossOriginCSS = false; + bool validMIMEType = false; +@@ -70,17 +70,17 @@ void CSSImportRule::setCSSStyleSheet(con + String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType); + m_styleSheet->parseString(sheetText, strict); + +- if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url))) ++ if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(baseURL)) + crossOriginCSS = true; + + if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader()) +- m_styleSheet = CSSStyleSheet::create(this, url, charset); ++ m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset); + + if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) { + // Work around . + DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css")); + DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n")); +- if (url.endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) { ++ if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) { + ASSERT(m_styleSheet->length() == 1); + ExceptionCode ec; + m_styleSheet->deleteRule(0, ec); +@@ -109,15 +109,16 @@ void CSSImportRule::insertedIntoParent() + return; + + String absHref = m_strHref; +- if (!parentSheet->href().isNull()) ++ if (!parentSheet->putativeBaseURL().isNull()) + // use parent styleheet's URL as the base URL +- absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string(); ++ absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string(); + + // Check for a cycle in our import chain. If we encounter a stylesheet + // in our parent chain with the same URL, then just bail. + StyleBase* root = this; + for (StyleBase* curr = parent(); curr; curr = curr->parent()) { +- if (curr->isCSSStyleSheet() && absHref == static_cast(curr)->href()) ++ // FIXME: This is wrong if the putativeBaseURL was updated via document::updateBaseURL. ++ if (curr->isCSSStyleSheet() && absHref == static_cast(curr)->putativeBaseURL().string()) + return; + root = curr; + } +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h 2010-05-03 15:55:37.740976769 +0200 +@@ -63,7 +63,7 @@ private: + virtual unsigned short type() const { return IMPORT_RULE; } + + // from CachedResourceClient +- virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*); ++ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*); + + String m_strHref; + RefPtr m_lstMedia; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.660977242 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp 2010-05-03 15:55:37.740976769 +0200 +@@ -33,8 +33,8 @@ + + namespace WebCore { + +-CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset) +- : StyleSheet(parentSheet, href) ++CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset) ++ : StyleSheet(parentSheet, href, baseURL) + , m_doc(parentSheet ? parentSheet->doc() : 0) + , m_namespaces(0) + , m_charset(charset) +@@ -45,8 +45,8 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe + { + } + +-CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const String& charset) +- : StyleSheet(parentNode, href) ++CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, const String& charset) ++ : StyleSheet(parentNode, href, baseURL) + , m_doc(parentNode->document()) + , m_namespaces(0) + , m_charset(charset) +@@ -57,8 +57,8 @@ CSSStyleSheet::CSSStyleSheet(Node* paren + { + } + +-CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset) +- : StyleSheet(ownerRule, href) ++CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset) ++ : StyleSheet(ownerRule, href, baseURL) + , m_namespaces(0) + , m_charset(charset) + , m_loadCompleted(false) +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.660977242 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h 2010-05-03 15:55:37.745101706 +0200 +@@ -38,27 +38,31 @@ class CSSStyleSheet : public StyleSheet + public: + static PassRefPtr create() + { +- return adoptRef(new CSSStyleSheet(static_cast(0), String(), String())); ++ return adoptRef(new CSSStyleSheet(static_cast(0), String(), KURL(), String())); + } + static PassRefPtr create(Node* ownerNode) + { +- return adoptRef(new CSSStyleSheet(ownerNode, String(), String())); ++ return adoptRef(new CSSStyleSheet(ownerNode, String(), KURL(), String())); + } +- static PassRefPtr create(Node* ownerNode, const String& href) ++ static PassRefPtr create(Node* ownerNode, const String& href, const KURL& baseURL) + { +- return adoptRef(new CSSStyleSheet(ownerNode, href, String())); ++ return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, String())); + } +- static PassRefPtr create(Node* ownerNode, const String& href, const String& charset) ++ static PassRefPtr create(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset) + { +- return adoptRef(new CSSStyleSheet(ownerNode, href, charset)); ++ return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, charset)); + } +- static PassRefPtr create(CSSRule* ownerRule, const String& href, const String& charset) ++ static PassRefPtr create(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset) + { +- return adoptRef(new CSSStyleSheet(ownerRule, href, charset)); ++ return adoptRef(new CSSStyleSheet(ownerRule, href, baseURL, charset)); ++ } ++ static PassRefPtr createInline(Node* ownerNode, const KURL& baseURL) ++ { ++ return adoptRef(new CSSStyleSheet(ownerNode, baseURL.string(), baseURL, String())); + } + + virtual ~CSSStyleSheet(); +- ++ + CSSRule* ownerRule() const; + PassRefPtr cssRules(bool omitCharsetRules = false); + unsigned insertRule(const String& rule, unsigned index, ExceptionCode&); +@@ -72,7 +76,7 @@ public: + + void addNamespace(CSSParser*, const AtomicString& prefix, const AtomicString& uri); + const AtomicString& determineNamespace(const AtomicString& prefix); +- ++ + virtual void styleSheetChanged(); + + virtual bool parseString(const String&, bool strict = true); +@@ -99,10 +103,10 @@ public: + bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; } + + private: +- CSSStyleSheet(Node* ownerNode, const String& href, const String& charset); +- CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset); +- CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset); +- ++ CSSStyleSheet(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset); ++ CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset); ++ CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset); ++ + virtual bool isCSSStyleSheet() const { return true; } + virtual String type() const { return "text/css"; } + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp 2010-05-03 15:55:37.757976382 +0200 +@@ -56,9 +56,9 @@ KURL StyleBase::baseURL() const + StyleSheet* sheet = const_cast(this)->stylesheet(); + if (!sheet) + return KURL(); +- if (!sheet->href().isNull()) +- return KURL(ParsedURLString, sheet->href()); +- if (sheet->parent()) ++ if (!sheet->putativeBaseURL().isNull()) ++ return sheet->putativeBaseURL(); ++ if (sheet->parent()) + return sheet->parent()->baseURL(); + if (!sheet->ownerNode()) + return KURL(); +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp 2010-05-03 15:55:37.758976847 +0200 +@@ -26,27 +26,30 @@ + + namespace WebCore { + +-StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href) ++StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL) + : StyleList(parentSheet) + , m_parentNode(0) +- , m_strHref(href) ++ , m_href(href) ++ , m_baseURL(baseURL) + , m_disabled(false) + { + } + + +-StyleSheet::StyleSheet(Node* parentNode, const String& href) ++StyleSheet::StyleSheet(Node* parentNode, const String& href, const KURL& baseURL) + : StyleList(0) + , m_parentNode(parentNode) +- , m_strHref(href) ++ , m_href(href) ++ , m_baseURL(baseURL) + , m_disabled(false) + { + } + +-StyleSheet::StyleSheet(StyleBase* owner, const String& href) ++StyleSheet::StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL) + : StyleList(owner) + , m_parentNode(0) +- , m_strHref(href) ++ , m_href(href) ++ , m_baseURL(baseURL) + , m_disabled(false) + { + } +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h 2010-05-03 15:55:37.758976847 +0200 +@@ -41,8 +41,18 @@ public: + + Node* ownerNode() const { return m_parentNode; } + StyleSheet *parentStyleSheet() const; +- const String& href() const { return m_strHref; } +- void setHref(const String& href) { m_strHref = href; } ++ ++ // Note that href is the URL that started the redirect chain that led to ++ // this style sheet. This property probably isn't useful for much except ++ // the JavaScript binding (which needs to use this value for security). ++ const String& href() const { return m_href; } ++ ++ void setBaseURL(const KURL& baseURL) { m_baseURL = baseURL; } ++ ++ // Notice that this object inherits a baseURL function from StyleBase that ++ // crawls the parent() relation looking for a non-0 putativeBaseURL. ++ const KURL& putativeBaseURL() const { return m_baseURL; } ++ + const String& title() const { return m_strTitle; } + void setTitle(const String& s) { m_strTitle = s; } + MediaList* media() const { return m_media.get(); } +@@ -58,15 +68,16 @@ public: + virtual bool parseString(const String&, bool strict = true) = 0; + + protected: +- StyleSheet(Node* ownerNode, const String& href); +- StyleSheet(StyleSheet* parentSheet, const String& href); +- StyleSheet(StyleBase* owner, const String& href); ++ StyleSheet(Node* ownerNode, const String& href, const KURL& baseURL); ++ StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL); ++ StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL); + + private: + virtual bool isStyleSheet() const { return true; } + + Node* m_parentNode; +- String m_strHref; ++ String m_href; ++ KURL m_baseURL; + String m_strTitle; + RefPtr m_media; + bool m_disabled; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp 2010-05-03 15:55:37.760977901 +0200 +@@ -1920,9 +1920,9 @@ void Document::updateBaseURL() + m_baseURL = KURL(); + + if (m_elemSheet) +- m_elemSheet->setHref(m_baseURL.string()); ++ m_elemSheet->setBaseURL(m_baseURL); + if (m_mappedElementSheet) +- m_mappedElementSheet->setHref(m_baseURL.string()); ++ m_mappedElementSheet->setBaseURL(m_baseURL); + } + + String Document::userAgent(const KURL& url) const +@@ -1944,7 +1944,7 @@ CSSStyleSheet* Document::pageUserSheet() + return 0; + + // Parse the sheet and cache it. +- m_pageUserSheet = CSSStyleSheet::create(this, settings()->userStyleSheetLocation()); ++ m_pageUserSheet = CSSStyleSheet::createInline(this, settings()->userStyleSheetLocation()); + m_pageUserSheet->setIsUserStyleSheet(true); + m_pageUserSheet->parseString(userSheetText, !inCompatMode()); + return m_pageUserSheet.get(); +@@ -1979,7 +1979,7 @@ const Vector >* Do + const UserStyleSheet* sheet = sheets->at(i).get(); + if (!UserContentURLPattern::matchesPatterns(url(), sheet->whitelist(), sheet->blacklist())) + continue; +- RefPtr parsedSheet = CSSStyleSheet::create(const_cast(this), sheet->url()); ++ RefPtr parsedSheet = CSSStyleSheet::createInline(const_cast(this), sheet->url()); + parsedSheet->setIsUserStyleSheet(true); + parsedSheet->parseString(sheet->source(), !inCompatMode()); + if (!m_pageGroupUserSheets) +@@ -2001,14 +2001,14 @@ void Document::clearPageGroupUserSheets( + CSSStyleSheet* Document::elementSheet() + { + if (!m_elemSheet) +- m_elemSheet = CSSStyleSheet::create(this, m_baseURL.string()); ++ m_elemSheet = CSSStyleSheet::createInline(this, m_baseURL); + return m_elemSheet.get(); + } + + CSSStyleSheet* Document::mappedElementSheet() + { + if (!m_mappedElementSheet) +- m_mappedElementSheet = CSSStyleSheet::create(this, m_baseURL.string()); ++ m_mappedElementSheet = CSSStyleSheet::createInline(this, m_baseURL); + return m_mappedElementSheet.get(); + } + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp 2010-05-03 15:55:37.761977599 +0200 +@@ -138,7 +138,8 @@ void ProcessingInstruction::checkStyleSh + // We need to make a synthetic XSLStyleSheet that is embedded. It needs to be able + // to kick off import/include loads that can hang off some parent sheet. + if (m_isXSL) { +- m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref); ++ KURL baseURL = KURL(ParsedURLString, m_localHref); ++ m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref, baseURL); + m_loading = false; + } + #endif +@@ -196,12 +197,12 @@ bool ProcessingInstruction::sheetLoaded( + return false; + } + +-void ProcessingInstruction::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet) ++void ProcessingInstruction::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet) + { + #if ENABLE(XSLT) + ASSERT(!m_isXSL); + #endif +- RefPtr newSheet = CSSStyleSheet::create(this, url, charset); ++ RefPtr newSheet = CSSStyleSheet::create(this, href, baseURL, charset); + m_sheet = newSheet; + // We don't need the cross-origin security check here because we are + // getting the sheet text in "strict" mode. This enforces a valid CSS MIME +@@ -213,10 +214,10 @@ void ProcessingInstruction::setCSSStyleS + } + + #if ENABLE(XSLT) +-void ProcessingInstruction::setXSLStyleSheet(const String& url, const String& sheet) ++void ProcessingInstruction::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet) + { + ASSERT(m_isXSL); +- m_sheet = XSLStyleSheet::create(this, url); ++ m_sheet = XSLStyleSheet::create(this, href, baseURL); + parseStyleSheet(sheet); + } + #endif +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h 2010-05-03 15:55:37.761977599 +0200 +@@ -68,9 +68,9 @@ private: + virtual void removedFromDocument(); + + void checkStyleSheet(); +- virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*); ++ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*); + #if ENABLE(XSLT) +- virtual void setXSLStyleSheet(const String& url, const String& sheet); ++ virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet); + #endif + + bool isLoading() const; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp 2010-05-03 15:55:37.762976937 +0200 +@@ -103,7 +103,7 @@ void StyleElement::createSheet(Element* + if (screenEval.eval(mediaList.get()) || printEval.eval(mediaList.get())) { + document->addPendingSheet(); + setLoading(true); +- m_sheet = CSSStyleSheet::create(e, String(), document->inputEncoding()); ++ m_sheet = CSSStyleSheet::create(e, String(), KURL(), document->inputEncoding()); + m_sheet->parseString(text, !document->inCompatMode()); + m_sheet->setMedia(mediaList.get()); + m_sheet->setTitle(e->title()); +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp 2010-05-03 17:02:45.528101154 +0200 +@@ -253,9 +253,9 @@ void HTMLLinkElement::finishParsingChild + HTMLElement::finishParsingChildren(); + } + +-void HTMLLinkElement::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet) ++void HTMLLinkElement::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet) + { +- m_sheet = CSSStyleSheet::create(this, url, charset); ++ m_sheet = CSSStyleSheet::create(this, href, baseURL, charset); + + bool strictParsing = !document()->inCompatMode(); + bool enforceMIMEType = strictParsing; +@@ -275,11 +275,11 @@ void HTMLLinkElement::setCSSStyleSheet(c + // valid CSS rule. + // This prevents an attacker playing games by injecting CSS strings into + // HTML, XML, JSON, etc. etc. +- if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url))) ++ if (!document()->securityOrigin()->canRequest(baseURL)) + crossOriginCSS = true; + + if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader()) +- m_sheet = CSSStyleSheet::create(this, url, charset); ++ m_sheet = CSSStyleSheet::create(this, href, baseURL, charset); + + if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) { + // Work around . +@@ -287,7 +287,7 @@ void HTMLLinkElement::setCSSStyleSheet(c + DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n")); + // There are two variants of KHTMLFixes.css. One is equal to mediaWikiKHTMLFixesStyleSheet, + // while the other lacks the second trailing newline. +- if (url.endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText) ++ if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText) + && sheetText.length() >= mediaWikiKHTMLFixesStyleSheet.length() - 1) { + ASSERT(m_sheet->length() == 1); + ExceptionCode ec; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h 2010-05-03 15:55:37.773083096 +0200 +@@ -79,7 +79,7 @@ public: + virtual void removedFromDocument(); + + // from CachedResourceClient +- virtual void setCSSStyleSheet(const String &url, const String& charset, const CachedCSSStyleSheet* sheet); ++ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet); + bool isLoading() const; + virtual bool sheetLoaded(); + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp 2010-05-03 15:55:37.774976529 +0200 +@@ -52,9 +52,9 @@ CachedCSSStyleSheet::~CachedCSSStyleShee + void CachedCSSStyleSheet::didAddClient(CachedResourceClient *c) + { + if (!m_loading) +- c->setCSSStyleSheet(m_url, m_decoder->encoding().name(), this); ++ c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this); + } +- ++ + void CachedCSSStyleSheet::allClientsRemoved() + { + if (isSafeToMakePurgeable()) +@@ -112,7 +112,7 @@ void CachedCSSStyleSheet::checkNotify() + + CachedResourceClientWalker w(m_clients); + while (CachedResourceClient *c = w.next()) +- c->setCSSStyleSheet(m_response.url().string(), m_decoder->encoding().name(), this); ++ c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this); + } + + void CachedCSSStyleSheet::error() +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h 2010-05-03 15:55:37.775976911 +0200 +@@ -42,6 +42,7 @@ namespace WebCore { + class String; + class Image; + class IntRect; ++ class KURL; + + /** + * @internal +@@ -65,8 +66,8 @@ namespace WebCore { + // e.g., in the b/f cache or in a background tab). + virtual bool willRenderImage(CachedImage*) { return false; } + +- virtual void setCSSStyleSheet(const String& /*URL*/, const String& /*charset*/, const CachedCSSStyleSheet*) { } +- virtual void setXSLStyleSheet(const String& /*URL*/, const String& /*sheet*/) { } ++ virtual void setCSSStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* charset */, const CachedCSSStyleSheet*) { } ++ virtual void setXSLStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* sheet */) { } + + virtual void fontLoaded(CachedFont*) {}; + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp 2010-05-03 15:55:37.789038977 +0200 +@@ -48,7 +48,7 @@ CachedXSLStyleSheet::CachedXSLStyleSheet + void CachedXSLStyleSheet::didAddClient(CachedResourceClient* c) + { + if (!m_loading) +- c->setXSLStyleSheet(m_url, m_sheet); ++ c->setXSLStyleSheet(m_url, m_response.url(), m_sheet); + } + + void CachedXSLStyleSheet::setEncoding(const String& chs) +@@ -83,10 +83,9 @@ void CachedXSLStyleSheet::checkNotify() + + CachedResourceClientWalker w(m_clients); + while (CachedResourceClient *c = w.next()) +- c->setXSLStyleSheet(m_url, m_sheet); ++ c->setXSLStyleSheet(m_url, m_response.url(), m_sheet); + } + +- + void CachedXSLStyleSheet::error() + { + m_loading = false; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp 2010-05-03 15:55:37.789038977 +0200 +@@ -52,13 +52,13 @@ XSLStyleSheet* XSLImportRule::parentStyl + return (parent() && parent()->isXSLStyleSheet()) ? static_cast(parent()) : 0; + } + +-void XSLImportRule::setXSLStyleSheet(const String& url, const String& sheet) ++void XSLImportRule::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet) + { + if (m_styleSheet) + m_styleSheet->setParent(0); +- +- m_styleSheet = XSLStyleSheet::create(this, url); +- ++ ++ m_styleSheet = XSLStyleSheet::create(this, href, baseURL); ++ + XSLStyleSheet* parent = parentStyleSheet(); + if (parent) + m_styleSheet->setParentStyleSheet(parent); +@@ -87,14 +87,14 @@ void XSLImportRule::loadSheet() + + String absHref = m_strHref; + XSLStyleSheet* parentSheet = parentStyleSheet(); +- if (!parentSheet->href().isNull()) ++ if (!parentSheet->putativeBaseURL().isNull()) + // use parent styleheet's URL as the base URL +- absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string(); ++ absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string(); + + // Check for a cycle in our import chain. If we encounter a stylesheet + // in our parent chain with the same URL, then just bail. + for (parent = this->parent(); parent; parent = parent->parent()) { +- if (parent->isXSLStyleSheet() && absHref == static_cast(parent)->href()) ++ if (parent->isXSLStyleSheet() && absHref == static_cast(parent)->putativeBaseURL().string()) + return; + } + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h 2010-05-03 15:55:37.789981560 +0200 +@@ -57,7 +57,7 @@ private: + virtual bool isImportRule() { return true; } + + // from CachedResourceClient +- virtual void setXSLStyleSheet(const String& url, const String& sheet); ++ virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet); + + String m_strHref; + RefPtr m_styleSheet; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h 2010-05-03 15:55:37.827976887 +0200 +@@ -43,18 +43,18 @@ class XSLImportRule; + class XSLStyleSheet : public StyleSheet { + public: + #if !USE(QXMLQUERY) +- static PassRefPtr create(XSLImportRule* parentImport, const String& href) ++ static PassRefPtr create(XSLImportRule* parentImport, const String& href, const KURL& baseURL) + { +- return adoptRef(new XSLStyleSheet(parentImport, href)); ++ return adoptRef(new XSLStyleSheet(parentImport, href, baseURL)); + } + #endif +- static PassRefPtr create(Node* parentNode, const String& href) ++ static PassRefPtr create(Node* parentNode, const String& href, const KURL& baseURL) + { +- return adoptRef(new XSLStyleSheet(parentNode, href, false)); ++ return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, false)); + } +- static PassRefPtr createEmbedded(Node* parentNode, const String& href) ++ static PassRefPtr createEmbedded(Node* parentNode, const String& href, const KURL& baseURL) + { +- return adoptRef(new XSLStyleSheet(parentNode, href, true)); ++ return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, true)); + } + + virtual ~XSLStyleSheet(); +@@ -90,9 +90,9 @@ public: + bool processed() const { return m_processed; } + + private: +- XSLStyleSheet(Node* parentNode, const String& href, bool embedded); ++ XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded); + #if !USE(QXMLQUERY) +- XSLStyleSheet(XSLImportRule* parentImport, const String& href); ++ XSLStyleSheet(XSLImportRule* parentImport, const String& href, const KURL& baseURL); + #endif + + Document* m_ownerDocument; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp 2010-05-03 15:55:37.837079694 +0200 +@@ -55,8 +55,8 @@ SOFT_LINK(libxslt, xsltLoadStylesheetPI, + + namespace WebCore { + +-XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href) +- : StyleSheet(parentRule, href) ++XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href, const KURL& baseURL) ++ : StyleSheet(parentRule, href, baseURL) + , m_ownerDocument(0) + , m_embedded(false) + , m_processed(false) // Child sheets get marked as processed when the libxslt engine has finally seen them. +@@ -66,8 +66,8 @@ XSLStyleSheet::XSLStyleSheet(XSLImportRu + { + } + +-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, bool embedded) +- : StyleSheet(parentNode, href) ++XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded) ++ : StyleSheet(parentNode, href, baseURL) + , m_ownerDocument(parentNode->document()) + , m_embedded(embedded) + , m_processed(true) // The root sheet starts off processed. +@@ -168,7 +168,7 @@ bool XSLStyleSheet::parseString(const St + } + + m_stylesheetDoc = xmlCtxtReadMemory(ctxt, buffer, size, +- href().utf8().data(), ++ putativeBaseURL().string().utf8().data(), + BOMHighByte == 0xFF ? "UTF-16LE" : "UTF-16BE", + XML_PARSE_NOENT | XML_PARSE_DTDATTR | XML_PARSE_NOWARNING | XML_PARSE_NOCDATA); + xmlFreeParserCtxt(ctxt); +@@ -192,7 +192,7 @@ void XSLStyleSheet::loadChildSheets() + if (m_embedded) { + // We have to locate (by ID) the appropriate embedded stylesheet element, so that we can walk the + // import/include list. +- xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(href().utf8().data())); ++ xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(putativeBaseURL().string().utf8().data())); + if (!idNode) + return; + stylesheetRoot = idNode->parent; +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp 2010-05-03 15:55:37.837977083 +0200 +@@ -33,8 +33,8 @@ + + namespace WebCore { + +-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, bool embedded) +- : StyleSheet(parentNode, href) ++XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded) ++ : StyleSheet(parentNode, href, baseURL) + , m_ownerDocument(parentNode->document()) + , m_embedded(embedded) + { +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp 2010-05-03 15:55:37.837977083 +0200 +@@ -226,7 +226,8 @@ static xsltStylesheetPtr xsltStylesheetP + { + if (!cachedStylesheet && stylesheetRootNode) { + cachedStylesheet = XSLStyleSheet::create(stylesheetRootNode->parent() ? stylesheetRootNode->parent() : stylesheetRootNode, +- stylesheetRootNode->document()->url().string()); ++ stylesheetRootNode->document()->url().string(), ++ stylesheetRootNode->document()->url()); // FIXME: Should we use baseURL here? + cachedStylesheet->parseString(createMarkup(stylesheetRootNode)); + } + +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp 2010-05-03 15:55:37.915979873 +0200 +@@ -120,7 +120,9 @@ bool XSLTProcessor::transformToString(No + RefPtr stylesheet = m_stylesheet; + if (!stylesheet && m_stylesheetRootNode) { + Node* node = m_stylesheetRootNode.get(); +- stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node, node->document()->url().string()); ++ stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node, ++ node->document()->url().string(), ++ node->document()->url()); // FIXME: Should we use baseURL here? + stylesheet->parseString(createMarkup(node)); + } + diff --git a/qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch b/qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch new file mode 100644 index 0000000..b94c380 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch @@ -0,0 +1,25 @@ +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me 2010-05-06 11:29:24.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp 2010-05-06 11:43:29.000000000 +0200 +@@ -112,7 +112,11 @@ SecurityOrigin::SecurityOrigin(const KUR + + // By default, only local SecurityOrigins can load local resources. + m_canLoadLocalResources = isLocal(); +- ++ if (m_canLoadLocalResources) { ++ // Directories should never be readable. ++ if (!url.hasPath() || url.path().endsWith("/")) ++ m_noAccess = true; ++ } + if (isDefaultPortForProtocol(m_port, m_protocol)) + m_port = 0; + } +@@ -207,6 +211,8 @@ bool SecurityOrigin::canRequest(const KU + return false; + + RefPtr targetOrigin = SecurityOrigin::create(url); ++ if (targetOrigin->m_noAccess) ++ return false; + + // We call isSameSchemeHostPort here instead of canAccess because we want + // to ignore document.domain effects. diff --git a/qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch b/qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch new file mode 100644 index 0000000..37e8abb --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch @@ -0,0 +1,48 @@ +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than 2010-02-11 16:55:20.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h 2010-03-23 14:29:41.000000000 +0100 +@@ -345,6 +345,11 @@ + #define WTF_PLATFORM_BIG_ENDIAN 1 + #endif + ++/* PLATFORM(S390X) */ ++#if defined(__s390x__) || defined(__s390x) ++#define WTF_PLATFORM_S390X 1 ++#endif ++ + /* PLATFORM(IA64) */ + /* a.k.a. Itanium Processor Family, IPF */ + #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +@@ -730,6 +735,8 @@ + /* Using JSVALUE32_64 causes padding/alignement issues for JITStubArg + on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */ + #define WTF_USE_JSVALUE32 1 ++#elif PLATFORM(S390X) ++#define WTF_USE_JSVALUE64 1 + #else + #define WTF_USE_JSVALUE32_64 1 + #endif +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than 2010-02-11 16:55:17.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2010-03-23 14:19:00.000000000 +0100 +@@ -362,6 +362,11 @@ + #define WTF_PLATFORM_IA64 1 + #endif + ++/* PLATFORM(S390X) */ ++#if defined(__s390x__) || defined(__s390x) ++#define WTF_PLATFORM_S390X 1 ++#endif ++ + /* PLATFORM(ALPHA) */ + #if defined(__alpha__) + #define WTF_PLATFORM_ALPHA 1 +@@ -729,7 +734,7 @@ + #endif + + #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64) +-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) ++#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X) + #define WTF_USE_JSVALUE64 1 + #elif PLATFORM(ARM) || PLATFORM(PPC64) + #define WTF_USE_JSVALUE32 1 diff --git a/qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch b/qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch new file mode 100644 index 0000000..09a5860 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch @@ -0,0 +1,16 @@ +diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h +--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc 2010-03-23 10:45:57.076490991 -0400 ++++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2010-03-23 10:47:37.044618125 -0400 +@@ -734,7 +734,11 @@ + #endif + + #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64) +-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X) ++#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) \ ++ || PLATFORM(IA64) \ ++ || PLATFORM(ALPHA) \ ++ || PLATFORM(SPARC64) \ ++ || PLATFORM(S390X) + #define WTF_USE_JSVALUE64 1 + #elif PLATFORM(ARM) || PLATFORM(PPC64) + #define WTF_USE_JSVALUE32 1 diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch new file mode 100644 index 0000000..368ff16 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch @@ -0,0 +1,15 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp 2010-06-15 13:11:55.974470742 +0200 +@@ -910,7 +910,10 @@ void Node::notifyLocalNodeListsAttribute + if (!data->nodeLists()) + return; + +- data->nodeLists()->invalidateCachesThatDependOnAttributes(); ++ if (!isAttributeNode()) ++ data->nodeLists()->invalidateCachesThatDependOnAttributes(); ++ else ++ data->nodeLists()->invalidateCaches(); + + if (data->nodeLists()->isEmpty()) { + data->clearNodeLists(); diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch new file mode 100644 index 0000000..ff8059e --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch @@ -0,0 +1,1416 @@ +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.cpp 2010-06-11 15:29:14.567278020 +0200 +@@ -0,0 +1,101 @@ ++/* ++ Copyright (C) Research In Motion Limited 2010. All rights reserved. ++ ++ This library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Library General Public ++ License as published by the Free Software Foundation; either ++ version 2 of the License, or (at your option) any later version. ++ ++ This library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Library General Public License for more details. ++ ++ You should have received a copy of the GNU Library General Public License ++ aint with this library; see the file COPYING.LIB. If not, write to ++ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ Boston, MA 02110-1301, USA. ++*/ ++ ++#include "config.h" ++ ++#if ENABLE(SVG) ++#include "RenderSVGShadowTreeRootContainer.h" ++ ++#include "MouseEvent.h" ++#include "SVGShadowTreeElements.h" ++#include "SVGUseElement.h" ++ ++namespace WebCore { ++ ++RenderSVGShadowTreeRootContainer::RenderSVGShadowTreeRootContainer(SVGUseElement* node) ++ : RenderSVGTransformableContainer(node) ++ , m_recreateTree(false) ++{ ++} ++ ++RenderSVGShadowTreeRootContainer::~RenderSVGShadowTreeRootContainer() ++{ ++ if (m_shadowRoot && m_shadowRoot->attached()) ++ m_shadowRoot->detach(); ++} ++ ++void RenderSVGShadowTreeRootContainer::updateStyle(Node::StyleChange change) ++{ ++ if (m_shadowRoot && m_shadowRoot->attached()) ++ m_shadowRoot->recalcStyle(change); ++} ++ ++void RenderSVGShadowTreeRootContainer::updateFromElement() ++{ ++ bool hadExistingTree = m_shadowRoot; ++ ++ SVGUseElement* useElement = static_cast(node()); ++ if (!m_shadowRoot) { ++ ASSERT(!m_recreateTree); ++ m_shadowRoot = new SVGShadowTreeRootElement(document(), useElement); ++ useElement->buildPendingResource(); ++ } ++ ++ ASSERT(m_shadowRoot->shadowParentNode() == useElement); ++ ++ bool shouldRecreateTree = m_recreateTree; ++ if (m_recreateTree) { ++ ASSERT(hadExistingTree); ++ ++ if (m_shadowRoot->attached()) ++ m_shadowRoot->detach(); ++ ++ m_shadowRoot->removeAllChildren(); ++ m_recreateTree = false; ++ } ++ ++ // Only rebuild the shadow tree, if we a) never had a tree or b) we were specifically asked to do so ++ // If the use element is a pending resource, and a) or b) is true, do nothing, and wait for the use ++ // element to be asked to buildPendingResource(), this will call us again, with m_recreateTrue=true. ++ if ((shouldRecreateTree || !hadExistingTree) && !useElement->isPendingResource()) { ++ useElement->buildShadowAndInstanceTree(m_shadowRoot.get()); ++ ++ // Attach shadow root element ++ m_shadowRoot->attachElement(style(), renderArena()); ++ ++ // Attach subtree, as if it was a regular non-shadow tree ++ for (Node* child = m_shadowRoot->firstChild(); child; child = child->nextSibling()) ++ child->attach(); ++ } ++ ++ ASSERT(!m_recreateTree); ++ RenderSVGTransformableContainer::updateFromElement(); ++} ++ ++void RenderSVGShadowTreeRootContainer::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle) ++{ ++ RenderSVGTransformableContainer::styleDidChange(diff, oldStyle); ++ ++ if (RenderObject* shadowRootRenderer = m_shadowRoot ? m_shadowRoot->renderer() : 0) ++ shadowRootRenderer->setStyle(style()); ++} ++ ++} ++ ++#endif +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.h 1970-01-01 01:00:00.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGShadowTreeRootContainer.h 2010-06-11 15:29:14.568278907 +0200 +@@ -0,0 +1,50 @@ ++/* ++ Copyright (C) Research In Motion Limited 2010. All rights reserved. ++ ++ This library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Library General Public ++ License as published by the Free Software Foundation; either ++ version 2 of the License, or (at your option) any later version. ++ ++ This library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Library General Public License for more details. ++ ++ You should have received a copy of the GNU Library General Public License ++ aint with this library; see the file COPYING.LIB. If not, write to ++ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ Boston, MA 02110-1301, USA. ++*/ ++ ++#ifndef RenderSVGShadowTreeRootContainer_h ++#define RenderSVGShadowTreeRootContainer_h ++ ++#if ENABLE(SVG) ++#include "RenderSVGTransformableContainer.h" ++ ++namespace WebCore { ++ ++class SVGUseElement; ++class SVGShadowTreeRootElement; ++ ++class RenderSVGShadowTreeRootContainer : public RenderSVGTransformableContainer { ++public: ++ RenderSVGShadowTreeRootContainer(SVGUseElement*); ++ virtual ~RenderSVGShadowTreeRootContainer(); ++ ++ void markShadowTreeForRecreation() { m_recreateTree = true; } ++ void updateStyle(Node::StyleChange); ++ virtual void updateFromElement(); ++ ++private: ++ virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle); ++ ++ bool m_recreateTree; ++ RefPtr m_shadowRoot; ++}; ++ ++} ++ ++#endif ++#endif +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGTransformableContainer.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGTransformableContainer.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderSVGTransformableContainer.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/RenderSVGTransformableContainer.cpp 2010-06-11 15:29:14.568278907 +0200 +@@ -1,5 +1,5 @@ + /* +- Copyright (C) 2004, 2005 Nikolas Zimmermann ++ Copyright (C) 2004, 2005 Nikolas Zimmermann + 2004, 2005, 2006 Rob Buis + 2009 Google, Inc. + +@@ -20,12 +20,12 @@ + */ + + #include "config.h" +-#if ENABLE(SVG) + ++#if ENABLE(SVG) + #include "RenderSVGTransformableContainer.h" + ++#include "SVGShadowTreeElements.h" + #include "SVGStyledTransformableElement.h" +-#include "SVGTransformList.h" + + namespace WebCore { + +@@ -47,6 +47,14 @@ + void RenderSVGTransformableContainer::calculateLocalTransform() + { + m_localTransform = static_cast(node())->animatedLocalTransform(); ++ if (!node()->hasTagName(SVGNames::gTag) || !static_cast(node())->isShadowTreeContainerElement()) ++ return; ++ ++ FloatSize translation = static_cast(node())->containerTranslation(); ++ if (translation.width() == 0 && translation.height() == 0) ++ return; ++ ++ m_localTransform.translateRight(translation.width(), translation.height()); + } + + } +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.cpp 2010-06-11 15:29:14.567278020 +0200 +@@ -0,0 +1,80 @@ ++/* ++ Copyright (C) Research In Motion Limited 2010. All rights reserved. ++ ++ This library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Library General Public ++ License as published by the Free Software Foundation; either ++ version 2 of the License, or (at your option) any later version. ++ ++ This library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Library General Public License for more details. ++ ++ You should have received a copy of the GNU Library General Public License ++ aint with this library; see the file COPYING.LIB. If not, write to ++ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ Boston, MA 02110-1301, USA. ++*/ ++ ++#include "config.h" ++ ++#if ENABLE(SVG) ++#include "SVGShadowTreeElements.h" ++ ++#include "Document.h" ++#include "FloatSize.h" ++#include "RenderObject.h" ++#include "SVGNames.h" ++ ++namespace WebCore { ++ ++// SVGShadowTreeContainerElement ++SVGShadowTreeContainerElement::SVGShadowTreeContainerElement(Document* document) ++ : SVGGElement(SVGNames::gTag, document) ++{ ++} ++ ++SVGShadowTreeContainerElement::~SVGShadowTreeContainerElement() ++{ ++} ++ ++FloatSize SVGShadowTreeContainerElement::containerTranslation() const ++{ ++ return FloatSize(m_xOffset.value(this), m_yOffset.value(this)); ++} ++ ++// SVGShadowTreeRootElement ++SVGShadowTreeRootElement::SVGShadowTreeRootElement(Document* document, Node* shadowParent) ++ : SVGShadowTreeContainerElement(document) ++ , m_shadowParent(shadowParent) ++{ ++ setInDocument(true); ++} ++ ++SVGShadowTreeRootElement::~SVGShadowTreeRootElement() ++{ ++} ++ ++void SVGShadowTreeRootElement::attachElement(PassRefPtr style, RenderArena* arena) ++{ ++ ASSERT(m_shadowParent); ++ ++ // Create the renderer with the specified style ++ RenderObject* renderer = createRenderer(arena, style.get()); ++ if (renderer) { ++ setRenderer(renderer); ++ renderer->setStyle(style); ++ } ++ ++ // Set these explicitly since this normally happens during an attach() ++ setAttached(); ++ ++ // Add the renderer to the render tree ++ if (renderer) ++ m_shadowParent->renderer()->addChild(renderer); ++} ++ ++} ++ ++#endif +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.h 1970-01-01 01:00:00.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/rendering/SVGShadowTreeElements.h 2010-06-11 15:29:14.568278907 +0200 +@@ -0,0 +1,67 @@ ++/* ++ Copyright (C) Research In Motion Limited 2010. All rights reserved. ++ ++ This library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Library General Public ++ License as published by the Free Software Foundation; either ++ version 2 of the License, or (at your option) any later version. ++ ++ This library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Library General Public License for more details. ++ ++ You should have received a copy of the GNU Library General Public License ++ aint with this library; see the file COPYING.LIB. If not, write to ++ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ Boston, MA 02110-1301, USA. ++*/ ++ ++#ifndef SVGShadowTreeElements_h ++#define SVGShadowTreeElements_h ++ ++#if ENABLE(SVG) ++#include "SVGGElement.h" ++#include "SVGLength.h" ++ ++namespace WebCore { ++ ++class FloatSize; ++ ++class SVGShadowTreeContainerElement : public SVGGElement { ++public: ++ SVGShadowTreeContainerElement(Document*); ++ virtual ~SVGShadowTreeContainerElement(); ++ ++ virtual bool isShadowTreeContainerElement() const { return true; } ++ ++ FloatSize containerTranslation() const; ++ void setContainerOffset(const SVGLength& x, const SVGLength& y) ++ { ++ m_xOffset = x; ++ m_yOffset = y; ++ } ++ ++private: ++ SVGLength m_xOffset; ++ SVGLength m_yOffset; ++}; ++ ++class SVGShadowTreeRootElement : public SVGShadowTreeContainerElement { ++public: ++ SVGShadowTreeRootElement(Document*, Node* shadowParent); ++ virtual ~SVGShadowTreeRootElement(); ++ ++ virtual bool isShadowNode() const { return m_shadowParent; } ++ virtual Node* shadowParentNode() { return m_shadowParent; } ++ ++ void attachElement(PassRefPtr, RenderArena*); ++ ++private: ++ Node* m_shadowParent; ++}; ++ ++} ++ ++#endif ++#endif +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElement.cpp 2010-06-11 15:29:14.559280466 +0200 +@@ -54,7 +54,6 @@ + + SVGElement::SVGElement(const QualifiedName& tagName, Document* document) + : StyledElement(tagName, document, CreateElementZeroRefCount) +- , m_shadowParent(0) + , m_cursorElement(0) + , m_cursorImageValue(0) + { +@@ -285,7 +284,11 @@ + + ContainerNode* SVGElement::eventParentNode() + { +- return m_shadowParent ? m_shadowParent : StyledElement::eventParentNode(); ++ if (Node* shadowParent = shadowParentNode()) { ++ ASSERT(shadowParent->isContainerNode()); ++ return static_cast(shadowParent); ++ } ++ return StyledElement::eventParentNode(); + } + + } +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElement.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElement.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElement.h 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElement.h 2010-06-11 15:29:14.564280678 +0200 +@@ -60,8 +60,6 @@ + virtual bool isGradientStop() const { return false; } + virtual bool isTextContent() const { return false; } + +- void setShadowParentNode(ContainerNode* node) { m_shadowParent = node; } +- + // For SVGTests + virtual bool isValid() const { return true; } + +@@ -95,13 +93,9 @@ + friend class SVGElementInstance; + + virtual bool isSVGElement() const { return true; } +- + virtual bool isSupported(StringImpl* feature, StringImpl* version) const; +- +- virtual bool isShadowNode() const { return m_shadowParent; } +- virtual Node* shadowParentNode() { return m_shadowParent; } +- virtual ContainerNode* eventParentNode(); + ++ virtual ContainerNode* eventParentNode(); + virtual void buildPendingResource() { } + + void mapInstanceToElement(SVGElementInstance*); +@@ -109,7 +103,6 @@ + + virtual bool haveLoadedRequiredResources(); + +- ContainerNode* m_shadowParent; + mutable SynchronizablePropertyController m_propertyController; + + SVGCursorElement* m_cursorElement; +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.cpp 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.cpp 2010-06-11 15:29:14.560280508 +0200 +@@ -33,10 +33,6 @@ + + #include + +-#if USE(JSC) +-#include "GCController.h" +-#endif +- + namespace WebCore { + + #ifndef NDEBUG +@@ -51,8 +47,7 @@ + } + + SVGElementInstance::SVGElementInstance(SVGUseElement* useElement, PassRefPtr originalElement) +- : m_needsUpdate(false) +- , m_useElement(useElement) ++ : m_useElement(useElement) + , m_element(originalElement) + , m_previousSibling(0) + , m_nextSibling(0) +@@ -93,20 +88,6 @@ + m_shadowTreeElement = element; + } + +-void SVGElementInstance::forgetWrapper() +-{ +-#if USE(JSC) +- // FIXME: This is fragile, as discussed with Sam. Need to find a better solution. +- // Think about the case where JS explicitely holds "var root = useElement.instanceRoot;". +- // We still have to recreate this wrapper somehow. The gc collection below, won't catch it. +- +- // If the use shadow tree has been rebuilt, just the JSSVGElementInstance objects +- // are still holding RefPtrs of SVGElementInstance objects, which prevent us to +- // be deleted (and the shadow tree is not destructed as well). Force JS GC. +- gcController().garbageCollectNow(); +-#endif +-} +- + void SVGElementInstance::appendChild(PassRefPtr child) + { + appendChildToContainer(child.get(), this); +@@ -114,27 +95,24 @@ + + void SVGElementInstance::invalidateAllInstancesOfElement(SVGElement* element) + { +- if (!element) ++ if (!element || !element->isStyled()) ++ return; ++ ++ if (static_cast(element)->instanceUpdatesBlocked()) + return; + + HashSet set = element->instancesForElement(); + if (set.isEmpty()) + return; + +- // Find all use elements referencing the instances - ask them _once_ to rebuild. ++ // Mark all use elements referencing 'element' for rebuilding + HashSet::const_iterator it = set.begin(); + const HashSet::const_iterator end = set.end(); + +- for (; it != end; ++it) +- (*it)->setNeedsUpdate(true); +-} +- +-void SVGElementInstance::setNeedsUpdate(bool value) +-{ +- m_needsUpdate = value; +- +- if (m_needsUpdate) +- correspondingUseElement()->setNeedsStyleRecalc(); ++ for (; it != end; ++it) { ++ ASSERT((*it)->correspondingElement() == element); ++ (*it)->correspondingUseElement()->invalidateShadowTree(); ++ } + } + + ScriptExecutionContext* SVGElementInstance::scriptExecutionContext() const +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.h 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGElementInstance.h 2010-06-11 15:29:14.556183347 +0200 +@@ -46,9 +46,6 @@ + + virtual ~SVGElementInstance(); + +- bool needsUpdate() const { return m_needsUpdate; } +- void setNeedsUpdate(bool); +- + virtual ScriptExecutionContext* scriptExecutionContext() const; + + virtual bool addEventListener(const AtomicString& eventType, PassRefPtr, bool useCapture); +@@ -129,7 +126,6 @@ + + void appendChild(PassRefPtr child); + void setShadowTreeElement(SVGElement*); +- void forgetWrapper(); + + template + friend void appendChildToContainer(GenericNode* child, GenericNodeContainer* container); +@@ -153,8 +149,6 @@ + virtual EventTargetData* eventTargetData(); + virtual EventTargetData* ensureEventTargetData(); + +- bool m_needsUpdate : 1; +- + SVGUseElement* m_useElement; + RefPtr m_element; + RefPtr m_shadowTreeElement; +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGGElement.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGGElement.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGGElement.h 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGGElement.h 2010-06-11 15:29:14.564280678 +0200 +@@ -37,6 +37,7 @@ + SVGGElement(const QualifiedName&, Document*); + virtual ~SVGGElement(); + ++ virtual bool isShadowTreeContainerElement() const { return false; } + virtual bool isValid() const { return SVGTests::isValid(); } + + virtual void parseMappedAttribute(MappedAttribute*); +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.cpp 2010-06-11 15:29:14.562280735 +0200 +@@ -45,11 +45,11 @@ + using namespace SVGNames; + + char SVGStyledElementIdentifier[] = "SVGStyledElement"; +-static HashSet* gElementsWithInstanceUpdatesBlocked = 0; + + SVGStyledElement::SVGStyledElement(const QualifiedName& tagName, Document* doc) + : SVGElement(tagName, doc) + , m_className(this, HTMLNames::classAttr) ++ , m_instanceUpdatesBlocked(false) + { + } + +@@ -270,19 +270,6 @@ + SVGResource::removeClient(this); + SVGElement::detach(); + } +- +-void SVGStyledElement::setInstanceUpdatesBlocked(bool blockUpdates) +-{ +- if (blockUpdates) { +- if (!gElementsWithInstanceUpdatesBlocked) +- gElementsWithInstanceUpdatesBlocked = new HashSet; +- gElementsWithInstanceUpdatesBlocked->add(this); +- } else { +- ASSERT(gElementsWithInstanceUpdatesBlocked); +- ASSERT(gElementsWithInstanceUpdatesBlocked->contains(this)); +- gElementsWithInstanceUpdatesBlocked->remove(this); +- } +-} + + } + +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.h 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGStyledElement.h 2010-06-11 15:29:14.554166596 +0200 +@@ -49,10 +49,9 @@ + + virtual bool rendererIsNeeded(RenderStyle*); + virtual SVGResource* canvasResource() { return 0; } +- ++ + virtual bool mapToEntry(const QualifiedName&, MappedAttributeEntry&) const; + virtual void parseMappedAttribute(MappedAttribute*); +- + virtual void svgAttributeChanged(const QualifiedName&); + + virtual void childrenChanged(bool changedByParser = false, Node* beforeChange = 0, Node* afterChange = 0, int childCountDelta = 0); +@@ -62,8 +61,9 @@ + + void invalidateResourcesInAncestorChain() const; + virtual void detach(); +- +- void setInstanceUpdatesBlocked(bool); ++ ++ bool instanceUpdatesBlocked() const { return m_instanceUpdatesBlocked; } ++ void setInstanceUpdatesBlocked(bool value) { m_instanceUpdatesBlocked = value; } + + protected: + virtual bool hasRelativeValues() const { return true; } +@@ -72,6 +72,7 @@ + + private: + ANIMATED_PROPERTY_DECLARATIONS(SVGStyledElement, SVGStyledElementIdentifier, HTMLNames::classAttrString, String, ClassName, className) ++ bool m_instanceUpdatesBlocked; + }; + + } // namespace WebCore +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGUseElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGUseElement.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGUseElement.cpp 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGUseElement.cpp 2010-06-11 15:43:17.347280236 +0200 +@@ -1,7 +1,7 @@ + /* + Copyright (C) 2004, 2005, 2006, 2007, 2008 Nikolas Zimmermann + 2004, 2005, 2006, 2007 Rob Buis +- Copyright (C) Research In Motion Limited 2009. All rights reserved. ++ Copyright (C) Research In Motion Limited 2009-2010. All rights reserved. + + This file is part of the KDE project + +@@ -35,12 +35,13 @@ + #include "MappedAttribute.h" + #include "NodeRenderStyle.h" + #include "RegisteredEventListener.h" +-#include "RenderSVGTransformableContainer.h" ++#include "RenderSVGShadowTreeRootContainer.h" + #include "SVGElementInstance.h" + #include "SVGElementInstanceList.h" + #include "SVGGElement.h" + #include "SVGLength.h" + #include "SVGPreserveAspectRatio.h" ++#include "SVGShadowTreeElements.h" + #include "SVGSMILElement.h" + #include "SVGSVGElement.h" + #include "SVGSymbolElement.h" +@@ -67,6 +68,8 @@ + , m_height(this, SVGNames::heightAttr, LengthModeHeight) + , m_href(this, XLinkNames::hrefAttr) + , m_externalResourcesRequired(this, SVGNames::externalResourcesRequiredAttr, false) ++ , m_isPendingResource(false) ++ , m_needsShadowTreeRecreation(false) + { + } + +@@ -76,6 +79,16 @@ + + SVGElementInstance* SVGUseElement::instanceRoot() const + { ++ // If there is no element instance tree, force immediate SVGElementInstance tree ++ // creation, as we can't wait for the lazy creation to happen if ie. JS wants to ++ // access the instanceRoot object right after creating the element on-the-fly ++ if (!m_targetElementInstance) { ++ if (RenderSVGShadowTreeRootContainer* shadowRoot = static_cast(renderer())) { ++ shadowRoot->markShadowTreeForRecreation(); ++ shadowRoot->updateFromElement(); ++ } ++ } ++ + return m_targetElementInstance.get(); + } + +@@ -114,14 +127,15 @@ + + void SVGUseElement::insertedIntoDocument() + { ++ // This functions exists to assure assumptions made in the code regarding SVGElementInstance creation/destruction are satisfied. + SVGElement::insertedIntoDocument(); +- buildPendingResource(); ++ ASSERT(!m_targetElementInstance); ++ ASSERT(!m_isPendingResource); + } + + void SVGUseElement::removedFromDocument() + { + m_targetElementInstance = 0; +- m_shadowTreeRootElement = 0; + SVGElement::removedFromDocument(); + } + +@@ -129,87 +143,120 @@ + { + SVGStyledTransformableElement::svgAttributeChanged(attrName); + +- if (!attached()) ++ if (!renderer()) + return; + +- if (attrName == SVGNames::xAttr || attrName == SVGNames::yAttr || +- attrName == SVGNames::widthAttr || attrName == SVGNames::heightAttr || +- SVGTests::isKnownAttribute(attrName) || +- SVGLangSpace::isKnownAttribute(attrName) || +- SVGExternalResourcesRequired::isKnownAttribute(attrName) || +- SVGURIReference::isKnownAttribute(attrName) || +- SVGStyledTransformableElement::isKnownAttribute(attrName)) { +- buildPendingResource(); ++ if (SVGURIReference::isKnownAttribute(attrName)) { ++ if (m_isPendingResource) { ++ document()->accessSVGExtensions()->removePendingResource(m_resourceId); ++ m_resourceId = String(); ++ m_isPendingResource = false; ++ } + +- if (m_shadowTreeRootElement) +- m_shadowTreeRootElement->setNeedsStyleRecalc(); ++ invalidateShadowTree(); ++ return; ++ } ++ ++ if (attrName == SVGNames::xAttr || attrName == SVGNames::yAttr) { ++ updateContainerOffsets(); ++ return; ++ } ++ ++ // Be very careful here, if svgAttributeChanged() has been called because a SVG CSS property changed, we do NOT want to reclone the tree! ++ if (SVGStyledElement::isKnownAttribute(attrName)) { ++ setNeedsStyleRecalc(); ++ return; ++ } ++ ++ // TODO: We should be able to remove the need for width/height to require a reclone, similar to the x/y logic. ++ if (attrName == SVGNames::widthAttr ++ || attrName == SVGNames::heightAttr ++ || SVGTests::isKnownAttribute(attrName) ++ || SVGLangSpace::isKnownAttribute(attrName) ++ || SVGExternalResourcesRequired::isKnownAttribute(attrName) ++ || SVGStyledTransformableElement::isKnownAttribute(attrName)) { ++ invalidateShadowTree(); + } + } + +-void SVGUseElement::childrenChanged(bool changedByParser, Node* beforeChange, Node* afterChange, int childCountDelta) ++static void updateContainerOffset(SVGElementInstance* targetInstance) + { +- SVGElement::childrenChanged(changedByParser, beforeChange, afterChange, childCountDelta); ++ // Depth-first used to write the method in early exit style, no particular other reason. ++ for (SVGElementInstance* instance = targetInstance->firstChild(); instance; instance = instance->nextSibling()) ++ updateContainerOffset(instance); + +- if (!attached()) ++ SVGElement* correspondingElement = targetInstance->correspondingElement(); ++ ASSERT(correspondingElement); ++ ++ if (!correspondingElement->hasTagName(SVGNames::useTag)) + return; + +- buildPendingResource(); ++ SVGElement* shadowTreeElement = targetInstance->shadowTreeElement(); ++ ASSERT(shadowTreeElement); ++ ASSERT(shadowTreeElement->hasTagName(SVGNames::gTag)); ++ ++ if (!static_cast(shadowTreeElement)->isShadowTreeContainerElement()) ++ return; + +- if (m_shadowTreeRootElement) +- m_shadowTreeRootElement->setNeedsStyleRecalc(); ++ // Spec: An additional transformation translate(x,y) is appended to the end ++ // (i.e., right-side) of the transform attribute on the generated 'g', where x ++ // and y represent the values of the x and y attributes on the 'use' element. ++ SVGUseElement* useElement = static_cast(correspondingElement); ++ SVGShadowTreeContainerElement* containerElement = static_cast(shadowTreeElement); ++ containerElement->setContainerOffset(useElement->x(), useElement->y()); + } +- +-static bool shadowTreeContainsChangedNodes(SVGElementInstance* target) ++ ++void SVGUseElement::updateContainerOffsets() + { +- if (!target) // when use is referencing an non-existing element, there will be no Instance tree built +- return false; ++ if (!m_targetElementInstance) ++ return; + +- if (target->needsUpdate()) +- return true; ++ // Update root container offset (not reachable through instance tree) ++ SVGElement* shadowRoot = m_targetElementInstance->shadowTreeElement(); ++ ASSERT(shadowRoot); + +- for (SVGElementInstance* instance = target->firstChild(); instance; instance = instance->nextSibling()) +- if (shadowTreeContainsChangedNodes(instance)) +- return true; ++ Node* parentNode = shadowRoot->parentNode(); ++ ASSERT(parentNode); ++ ASSERT(parentNode->isSVGElement()); ++ ASSERT(parentNode->hasTagName(SVGNames::gTag)); ++ ASSERT(static_cast(parentNode)->isShadowTreeContainerElement()); + +- return false; ++ SVGShadowTreeContainerElement* containerElement = static_cast(parentNode); ++ containerElement->setContainerOffset(x(), y()); ++ ++ // Update whole subtree, scanning for shadow container elements, marking a cloned use subtree ++ updateContainerOffset(m_targetElementInstance.get()); ++ ++ if (renderer()) ++ renderer()->setNeedsLayout(true); + } + + void SVGUseElement::recalcStyle(StyleChange change) + { +- if (attached() && needsStyleRecalc() && shadowTreeContainsChangedNodes(m_targetElementInstance.get())) { +- buildPendingResource(); +- +- if (m_shadowTreeRootElement) +- m_shadowTreeRootElement->setNeedsStyleRecalc(); ++ // Eventually mark shadow root element needing style recalc ++ if (needsStyleRecalc() && m_targetElementInstance) { ++ if (SVGElement* shadowRoot = m_targetElementInstance->shadowTreeElement()) ++ shadowRoot->setNeedsStyleRecalc(); + } + +- SVGStyledElement::recalcStyle(change); ++ SVGStyledTransformableElement::recalcStyle(change); + +- // The shadow tree root element is NOT a direct child element of us. +- // So we have to take care it receives style updates, manually. +- if (!m_shadowTreeRootElement || !m_shadowTreeRootElement->attached()) +- return; +- +- // Mimic Element::recalcStyle(). The main difference is that we don't call attach() on the +- // shadow tree root element, but call attachShadowTree() here. Calling attach() will crash +- // as the shadow tree root element has no (direct) parent node. Yes, shadow trees are tricky. +- if (change >= Inherit || m_shadowTreeRootElement->needsStyleRecalc()) { +- RefPtr newStyle = document()->styleSelector()->styleForElement(m_shadowTreeRootElement.get()); +- StyleChange ch = Node::diff(m_shadowTreeRootElement->renderStyle(), newStyle.get()); +- if (ch == Detach) { +- ASSERT(m_shadowTreeRootElement->attached()); +- m_shadowTreeRootElement->detach(); +- attachShadowTree(); +- +- // attach recalulates the style for all children. No need to do it twice. +- m_shadowTreeRootElement->setNeedsStyleRecalc(NoStyleChange); +- m_shadowTreeRootElement->setChildNeedsStyleRecalc(false); +- return; +- } ++ bool needsStyleUpdate = !m_needsShadowTreeRecreation; ++ if (m_needsShadowTreeRecreation) { ++ static_cast(renderer())->markShadowTreeForRecreation(); ++ m_needsShadowTreeRecreation = false; + } + +- // Only change==Detach needs special treatment, for anything else recalcStyle() works. +- m_shadowTreeRootElement->recalcStyle(change); ++ RenderSVGShadowTreeRootContainer* shadowRoot = static_cast(renderer()); ++ if (!shadowRoot) ++ return; ++ ++ shadowRoot->updateFromElement(); ++ ++ if (!needsStyleUpdate) ++ return; ++ ++ shadowRoot->updateStyle(change); + } + + #ifdef DUMP_INSTANCE_TREE +@@ -218,17 +265,21 @@ + SVGElement* element = targetInstance->correspondingElement(); + ASSERT(element); + ++ SVGElement* shadowTreeElement = targetInstance->shadowTreeElement(); ++ ASSERT(shadowTreeElement); ++ + String elementId = element->getIDAttribute(); + String elementNodeName = element->nodeName(); ++ String shadowTreeElementNodeName = shadowTreeElement->nodeName(); + String parentNodeName = element->parentNode() ? element->parentNode()->nodeName() : "null"; + String firstChildNodeName = element->firstChild() ? element->firstChild()->nodeName() : "null"; + + for (unsigned int i = 0; i < depth; ++i) + text += " "; + +- text += String::format("SVGElementInstance this=%p, (parentNode=%s, firstChild=%s, correspondingElement=%s (%p), shadowTreeElement=%p, id=%s)\n", +- targetInstance, parentNodeName.latin1().data(), firstChildNodeName.latin1().data(), elementNodeName.latin1().data(), +- element, targetInstance->shadowTreeElement(), elementId.latin1().data()); ++ text += String::format("SVGElementInstance this=%p, (parentNode=%s (%p), firstChild=%s (%p), correspondingElement=%s (%p), shadowTreeElement=%s (%p), id=%s)\n", ++ targetInstance, parentNodeName.latin1().data(), element->parentNode(), firstChildNodeName.latin1().data(), element->firstChild(), ++ elementNodeName.latin1().data(), element, shadowTreeElementNodeName.latin1().data(), shadowTreeElement, elementId.latin1().data()); + + for (unsigned int i = 0; i < depth; ++i) + text += " "; +@@ -284,16 +335,36 @@ + + void SVGUseElement::buildPendingResource() + { ++ // If we're called the first time (during shadow tree root creation from RenderSVGShadowTreeRootContainer) ++ // we either determine that our target is available or not - then we add ourselves to the pending resource list ++ // Once the pending resource appears, it will call buildPendingResource(), so we're called a second time. + String id = SVGURIReference::getTarget(href()); + Element* targetElement = document()->getElementById(id); ++ ASSERT(!m_targetElementInstance); + + if (!targetElement) { +- // TODO: We want to deregister as pending resource, if our href() changed! +- // TODO: Move to svgAttributeChanged, once we're fixing use & the new dynamic update concept. ++ if (m_isPendingResource) ++ return; ++ ++ m_isPendingResource = true; ++ m_resourceId = id; + document()->accessSVGExtensions()->addPendingResource(id, this); + return; + } + ++ if (m_isPendingResource) { ++ ASSERT(!m_targetElementInstance); ++ m_isPendingResource = false; ++ invalidateShadowTree(); ++ } ++} ++ ++void SVGUseElement::buildShadowAndInstanceTree(SVGShadowTreeRootElement* shadowRoot) ++{ ++ String id = SVGURIReference::getTarget(href()); ++ Element* targetElement = document()->getElementById(id); ++ ASSERT(targetElement); ++ + // Do not build the shadow/instance tree for elements living in a shadow tree. + // The will be expanded soon anyway - see expandUseElementsInShadowTree(). + Node* parent = parentNode(); +@@ -308,17 +379,13 @@ + if (targetElement && targetElement->isSVGElement()) + target = static_cast(targetElement); + +- if (m_targetElementInstance) { +- m_targetElementInstance->forgetWrapper(); ++ if (m_targetElementInstance) + m_targetElementInstance = 0; +- } + + // Do not allow self-referencing. + // 'target' may be null, if it's a non SVG namespaced element. +- if (!target || target == this) { +- m_shadowTreeRootElement = 0; ++ if (!target || target == this) + return; +- } + + // Why a seperated instance/shadow tree? SVG demands it: + // The instance tree is accesable from JavaScript, and has to +@@ -340,45 +407,45 @@ + // Non-appearing content is easier to debug, then half-appearing content. + if (foundProblem) { + m_targetElementInstance = 0; +- m_shadowTreeRootElement = 0; + return; + } + + // Assure instance tree building was successfull + ASSERT(m_targetElementInstance); ++ ASSERT(!m_targetElementInstance->shadowTreeElement()); + ASSERT(m_targetElementInstance->correspondingUseElement() == this); + +- // Setup shadow tree root node +- m_shadowTreeRootElement = new SVGGElement(SVGNames::gTag, document()); +- m_shadowTreeRootElement->setInDocument(); +- m_shadowTreeRootElement->setShadowParentNode(this); +- +- // Spec: An additional transformation translate(x,y) is appended to the end +- // (i.e., right-side) of the transform attribute on the generated 'g', where x +- // and y represent the values of the x and y attributes on the 'use' element. +- if (x().value(this) != 0.0 || y().value(this) != 0.0) { +- String transformString = String::format("translate(%f, %f)", x().value(this), y().value(this)); +- m_shadowTreeRootElement->setAttribute(SVGNames::transformAttr, transformString); +- } ++ ASSERT(m_targetElementInstance->correspondingElement() == target); + + // Build shadow tree from instance tree + // This also handles the special cases: on , on . +- buildShadowTree(target, m_targetElementInstance.get()); ++ buildShadowTree(shadowRoot, target, m_targetElementInstance.get()); + + #if ENABLE(SVG) && ENABLE(SVG_USE) + // Expand all elements in the shadow tree. + // Expand means: replace the actual element by what it references. +- expandUseElementsInShadowTree(m_shadowTreeRootElement.get()); ++ expandUseElementsInShadowTree(shadowRoot, shadowRoot); + + // Expand all elements in the shadow tree. + // Expand means: replace the actual element by the element. +- expandSymbolElementsInShadowTree(m_shadowTreeRootElement.get()); +- ++ expandSymbolElementsInShadowTree(shadowRoot, shadowRoot); + #endif + + // Now that the shadow tree is completly expanded, we can associate + // shadow tree elements <-> instances in the instance tree. +- associateInstancesWithShadowTreeElements(m_shadowTreeRootElement->firstChild(), m_targetElementInstance.get()); ++ associateInstancesWithShadowTreeElements(shadowRoot->firstChild(), m_targetElementInstance.get()); ++ ++ // If no shadow tree element is present, this means that the reference root ++ // element was removed, as it is disallowed (ie. on ) ++ // Do NOT leave an inconsistent instance tree around, instead destruct it. ++ if (!m_targetElementInstance->shadowTreeElement()) { ++ shadowRoot->removeAllChildren(); ++ m_targetElementInstance = 0; ++ return; ++ } ++ ++ // Consistency checks - this is assumed in updateContainerOffset(). ++ ASSERT(m_targetElementInstance->shadowTreeElement()->parentNode() == shadowRoot); + + // Eventually dump instance tree + #ifdef DUMP_INSTANCE_TREE +@@ -395,8 +462,8 @@ + + PassRefPtr serializer = XMLSerializer::create(); + +- String markup = serializer->serializeToString(m_shadowTreeRootElement.get(), ec); +- ASSERT(ec == 0); ++ String markup = serializer->serializeToString(shadowRoot, ec); ++ ASSERT(!ec); + + fprintf(stderr, "Dumping shadow tree markup:\n%s\n", markup.latin1().data()); + #endif +@@ -404,30 +471,33 @@ + // Transfer event listeners assigned to the referenced element to our shadow tree elements. + transferEventListenersToShadowTree(m_targetElementInstance.get()); + +- // The DOM side is setup properly. Now we have to attach the root shadow +- // tree element manually - using attach() won't work for "shadow nodes". +- attachShadowTree(); ++ // Update container translation offsets ++ updateContainerOffsets(); + } + + RenderObject* SVGUseElement::createRenderer(RenderArena* arena, RenderStyle*) + { +- return new (arena) RenderSVGTransformableContainer(this); ++ return new (arena) RenderSVGShadowTreeRootContainer(this); ++} ++ ++static void updateFromElementCallback(Node* node) ++{ ++ if (RenderObject* renderer = node->renderer()) ++ renderer->updateFromElement(); + } + + void SVGUseElement::attach() + { + SVGStyledTransformableElement::attach(); + +- // If we're a pending resource, this doesn't have any effect. +- attachShadowTree(); ++ if (renderer()) ++ queuePostAttachCallback(updateFromElementCallback, this); + } + + void SVGUseElement::detach() + { + SVGStyledTransformableElement::detach(); +- +- if (m_shadowTreeRootElement) +- m_shadowTreeRootElement->detach(); ++ m_targetElementInstance = 0; + } + + static bool isDirectReference(Node* n) +@@ -443,10 +513,10 @@ + + Path SVGUseElement::toClipPath() const + { +- if (!m_shadowTreeRootElement) +- const_cast(this)->buildPendingResource(); ++ Node* n = m_targetElementInstance ? m_targetElementInstance->shadowTreeElement() : 0; ++ if (!n) ++ return Path(); + +- Node* n = m_shadowTreeRootElement->firstChild(); + if (n->isSVGElement() && static_cast(n)->isStyledTransformable()) { + if (!isDirectReference(n)) + // Spec: Indirect references are an error (14.3.5) +@@ -480,11 +550,12 @@ + continue; + + // Create SVGElementInstance object, for both container/non-container nodes. +- RefPtr instancePtr = SVGElementInstance::create(this, element); +- targetInstance->appendChild(instancePtr.get()); ++ RefPtr instance = SVGElementInstance::create(this, element); ++ SVGElementInstance* instancePtr = instance.get(); ++ targetInstance->appendChild(instance.release()); + + // Enter recursion, appending new instance tree nodes to the "instance" object. +- buildInstanceTree(element, instancePtr.get(), foundProblem); ++ buildInstanceTree(element, instancePtr, foundProblem); + } + + // Spec: If the referenced object is itself a 'use', or if there are 'use' subelements within the referenced +@@ -525,10 +596,11 @@ + + // Create an instance object, even if we're dealing with a cycle + RefPtr newInstance = SVGElementInstance::create(this, target); +- targetInstance->appendChild(newInstance); ++ SVGElementInstance* newInstancePtr = newInstance.get(); ++ targetInstance->appendChild(newInstance.release()); + + // Eventually enter recursion to build SVGElementInstance objects for the sub-tree children +- buildInstanceTree(target, newInstance.get(), foundProblem); ++ buildInstanceTree(target, newInstancePtr, foundProblem); + } + + void SVGUseElement::alterShadowTreeForSVGTag(SVGElement* target) +@@ -559,7 +631,7 @@ + } + } + +-void SVGUseElement::buildShadowTree(SVGElement* target, SVGElementInstance* targetInstance) ++void SVGUseElement::buildShadowTree(SVGShadowTreeRootElement* shadowRoot, SVGElement* target, SVGElementInstance* targetInstance) + { + // For instance on (direct case). + if (isDisallowedElement(target)) +@@ -581,8 +653,8 @@ + ASSERT(newChildPtr); + + ExceptionCode ec = 0; +- m_shadowTreeRootElement->appendChild(newChild.release(), ec); +- ASSERT(ec == 0); ++ shadowRoot->appendChild(newChild.release(), ec); ++ ASSERT(!ec); + + // Handle use referencing special case + if (target->hasTagName(SVGNames::svgTag)) +@@ -590,7 +662,7 @@ + } + + #if ENABLE(SVG) && ENABLE(SVG_USE) +-void SVGUseElement::expandUseElementsInShadowTree(Node* element) ++void SVGUseElement::expandUseElementsInShadowTree(SVGShadowTreeRootElement* shadowRoot, Node* element) + { + // Why expand the elements in the shadow tree here, and not just + // do this directly in buildShadowTree, if we encounter a element? +@@ -611,28 +683,14 @@ + // Don't ASSERT(target) here, it may be "pending", too. + if (target) { + // Setup sub-shadow tree root node +- RefPtr cloneParent = new SVGGElement(SVGNames::gTag, document()); ++ RefPtr cloneParent = new SVGShadowTreeContainerElement(document()); + + // Spec: In the generated content, the 'use' will be replaced by 'g', where all attributes from the + // 'use' element except for x, y, width, height and xlink:href are transferred to the generated 'g' element. + transferUseAttributesToReplacedElement(use, cloneParent.get()); + +- // Spec: An additional transformation translate(x,y) is appended to the end +- // (i.e., right-side) of the transform attribute on the generated 'g', where x +- // and y represent the values of the x and y attributes on the 'use' element. +- if (use->x().value(this) != 0.0 || use->y().value(this) != 0.0) { +- if (!cloneParent->hasAttribute(SVGNames::transformAttr)) { +- String transformString = String::format("translate(%f, %f)", use->x().value(this), use->y().value(this)); +- cloneParent->setAttribute(SVGNames::transformAttr, transformString); +- } else { +- String transformString = String::format(" translate(%f, %f)", use->x().value(this), use->y().value(this)); +- const AtomicString& transformAttribute = cloneParent->getAttribute(SVGNames::transformAttr); +- cloneParent->setAttribute(SVGNames::transformAttr, transformAttribute + transformString); +- } +- } +- + ExceptionCode ec = 0; +- ++ + // For instance on (direct case). + if (isDisallowedElement(target)) { + // We still have to setup the replacment (). Otherwhise +@@ -640,7 +698,7 @@ + // Replace with referenced content. + ASSERT(use->parentNode()); + use->parentNode()->replaceChild(cloneParent.release(), use, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + return; + } + +@@ -660,28 +718,28 @@ + ASSERT(newChildPtr); + + cloneParent->appendChild(newChild.release(), ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + // Replace with referenced content. + ASSERT(use->parentNode()); + use->parentNode()->replaceChild(cloneParent.release(), use, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + // Handle use referencing special case + if (target->hasTagName(SVGNames::svgTag)) + alterShadowTreeForSVGTag(newChildPtr); + + // Immediately stop here, and restart expanding. +- expandUseElementsInShadowTree(m_shadowTreeRootElement.get()); ++ expandUseElementsInShadowTree(shadowRoot, shadowRoot); + return; + } + } + + for (RefPtr child = element->firstChild(); child; child = child->nextSibling()) +- expandUseElementsInShadowTree(child.get()); ++ expandUseElementsInShadowTree(shadowRoot, child.get()); + } + +-void SVGUseElement::expandSymbolElementsInShadowTree(Node* element) ++void SVGUseElement::expandSymbolElementsInShadowTree(SVGShadowTreeRootElement* shadowRoot, Node* element) + { + if (element->hasTagName(SVGNames::symbolTag)) { + // Spec: The referenced 'symbol' and its contents are deep-cloned into the generated tree, +@@ -708,7 +766,7 @@ + for (Node* child = element->firstChild(); child; child = child->nextSibling()) { + RefPtr newChild = child->cloneNode(true); + svgElement->appendChild(newChild.release(), ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + } + + // We don't walk the target tree element-by-element, and clone each element, +@@ -722,43 +780,19 @@ + // Replace with . + ASSERT(element->parentNode()); + element->parentNode()->replaceChild(svgElement.release(), element, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + // Immediately stop here, and restart expanding. +- expandSymbolElementsInShadowTree(m_shadowTreeRootElement.get()); ++ expandSymbolElementsInShadowTree(shadowRoot, shadowRoot); + return; + } + + for (RefPtr child = element->firstChild(); child; child = child->nextSibling()) +- expandSymbolElementsInShadowTree(child.get()); ++ expandSymbolElementsInShadowTree(shadowRoot, child.get()); + } + + #endif +- +-void SVGUseElement::attachShadowTree() +-{ +- if (!m_shadowTreeRootElement || m_shadowTreeRootElement->attached() || !document()->shouldCreateRenderers() || !attached() || !renderer()) +- return; + +- // Inspired by RenderTextControl::createSubtreeIfNeeded(). +- if (renderer()->canHaveChildren() && childShouldCreateRenderer(m_shadowTreeRootElement.get())) { +- RefPtr style = m_shadowTreeRootElement->styleForRenderer(); +- +- if (m_shadowTreeRootElement->rendererIsNeeded(style.get())) { +- m_shadowTreeRootElement->setRenderer(m_shadowTreeRootElement->createRenderer(document()->renderArena(), style.get())); +- if (RenderObject* shadowRenderer = m_shadowTreeRootElement->renderer()) { +- shadowRenderer->setStyle(style.release()); +- renderer()->addChild(shadowRenderer, m_shadowTreeRootElement->nextRenderer()); +- m_shadowTreeRootElement->setAttached(); +- } +- } +- +- // This will take care of attaching all shadow tree child nodes. +- for (Node* child = m_shadowTreeRootElement->firstChild(); child; child = child->nextSibling()) +- child->attach(); +- } +-} +- + void SVGUseElement::transferEventListenersToShadowTree(SVGElementInstance* target) + { + if (!target) +@@ -846,14 +880,19 @@ + return instance; + + for (SVGElementInstance* current = instance->firstChild(); current; current = current->nextSibling()) { +- SVGElementInstance* search = instanceForShadowTreeElement(element, current); +- if (search) ++ if (SVGElementInstance* search = instanceForShadowTreeElement(element, current)) + return search; + } + + return 0; + } + ++void SVGUseElement::invalidateShadowTree() ++{ ++ m_needsShadowTreeRecreation = true; ++ setNeedsStyleRecalc(); ++} ++ + void SVGUseElement::transferUseAttributesToReplacedElement(SVGElement* from, SVGElement* to) const + { + ASSERT(from); +@@ -864,19 +903,19 @@ + ExceptionCode ec = 0; + + to->removeAttribute(SVGNames::xAttr, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + to->removeAttribute(SVGNames::yAttr, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + to->removeAttribute(SVGNames::widthAttr, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + to->removeAttribute(SVGNames::heightAttr, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + + to->removeAttribute(XLinkNames::hrefAttr, ec); +- ASSERT(ec == 0); ++ ASSERT(!ec); + } + + } +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGUseElement.h qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGUseElement.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/svg/SVGUseElement.h 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/svg/SVGUseElement.h 2010-06-11 15:29:14.557181915 +0200 +@@ -32,6 +32,7 @@ + + class SVGElementInstance; + class SVGLength; ++ class SVGShadowTreeRootElement; + + class SVGUseElement : public SVGStyledTransformableElement, + public SVGTests, +@@ -52,11 +53,9 @@ + virtual void buildPendingResource(); + + virtual void parseMappedAttribute(MappedAttribute*); +- virtual void childrenChanged(bool changedByParser = false, Node* beforeChange = 0, Node* afterChange = 0, int childCountDelta = 0); +- + virtual void svgAttributeChanged(const QualifiedName&); +- virtual void recalcStyle(StyleChange = NoChange); + ++ virtual void recalcStyle(StyleChange = NoChange); + virtual RenderObject* createRenderer(RenderArena*, RenderStyle*); + virtual void attach(); + virtual void detach(); +@@ -65,6 +64,12 @@ + + static void removeDisallowedElementsFromSubtree(Node* element); + SVGElementInstance* instanceForShadowTreeElement(Node* element) const; ++ void invalidateShadowTree(); ++ ++ private: ++ friend class RenderSVGShadowTreeRootContainer; ++ bool isPendingResource() const { return m_isPendingResource; } ++ void buildShadowAndInstanceTree(SVGShadowTreeRootElement*); + + private: + ANIMATED_PROPERTY_DECLARATIONS(SVGUseElement, SVGNames::useTagString, SVGNames::xAttrString, SVGLength, X, x) +@@ -86,26 +91,25 @@ + void handleDeepUseReferencing(SVGUseElement* use, SVGElementInstance* targetInstance, bool& foundCycle); + + // Shadow tree handling +- PassRefPtr buildShadowTreeForSymbolTag(SVGElement* target, SVGElementInstance* targetInstance); +- void alterShadowTreeForSVGTag(SVGElement* target); +- +- void buildShadowTree(SVGElement* target, SVGElementInstance* targetInstance); ++ void alterShadowTreeForSVGTag(SVGElement*); ++ void buildShadowTree(SVGShadowTreeRootElement*, SVGElement* target, SVGElementInstance* targetInstance); + + #if ENABLE(SVG) && ENABLE(SVG_USE) +- void expandUseElementsInShadowTree(Node* element); +- void expandSymbolElementsInShadowTree(Node* element); ++ void expandUseElementsInShadowTree(SVGShadowTreeRootElement*, Node* element); ++ void expandSymbolElementsInShadowTree(SVGShadowTreeRootElement*, Node* element); + #endif + +- void attachShadowTree(); +- + // "Tree connector" + void associateInstancesWithShadowTreeElements(Node* target, SVGElementInstance* targetInstance); + SVGElementInstance* instanceForShadowTreeElement(Node* element, SVGElementInstance* instance) const; + + void transferUseAttributesToReplacedElement(SVGElement* from, SVGElement* to) const; + void transferEventListenersToShadowTree(SVGElementInstance* target); ++ void updateContainerOffsets(); + +- RefPtr m_shadowTreeRootElement; ++ bool m_isPendingResource; ++ bool m_needsShadowTreeRecreation; ++ String m_resourceId; + RefPtr m_targetElementInstance; + }; + +diff -urN qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/WebCore.pro qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/WebCore.pro +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/WebCore.pro 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1303-1304/src/3rdparty/webkit/WebCore/WebCore.pro 2010-06-11 15:29:11.343280486 +0200 +@@ -2066,6 +2066,7 @@ + rendering/RenderSVGInlineText.h \ + rendering/RenderSVGModelObject.h \ + rendering/RenderSVGRoot.h \ ++ rendering/RenderSVGShadowTreeRootContainer.h \ + rendering/RenderSVGText.h \ + rendering/RenderSVGTextPath.h \ + rendering/RenderSVGTransformableContainer.h \ +@@ -2121,6 +2122,7 @@ + rendering/SVGRenderSupport.h \ + rendering/SVGRenderTreeAsText.h \ + rendering/SVGRootInlineBox.h \ ++ rendering/SVGShadowTreeElements.h \ + rendering/TextControlInnerElements.h \ + rendering/TransformState.h \ + svg/animation/SMILTimeContainer.h \ +@@ -3093,6 +3095,7 @@ + rendering/RenderSVGInlineText.cpp \ + rendering/RenderSVGModelObject.cpp \ + rendering/RenderSVGRoot.cpp \ ++ rendering/RenderSVGShadowTreeRootContainer.cpp \ + rendering/RenderSVGText.cpp \ + rendering/RenderSVGTextPath.cpp \ + rendering/RenderSVGTransformableContainer.cpp \ +@@ -3102,7 +3105,8 @@ + rendering/SVGInlineFlowBox.cpp \ + rendering/SVGInlineTextBox.cpp \ + rendering/SVGRenderSupport.cpp \ +- rendering/SVGRootInlineBox.cpp ++ rendering/SVGRootInlineBox.cpp \ ++ rendering/SVGShadowTreeElements.cpp + + + # GENERATOR 5-C: diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch new file mode 100644 index 0000000..914d4ee --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch @@ -0,0 +1,12 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp 2010-06-10 20:24:02.864193022 +0200 +@@ -4484,7 +4484,7 @@ + + // Drill into inlines looking for our first text child. + RenderObject* currChild = firstLetterBlock->firstChild(); +- while (currChild && currChild->needsLayout() && (!currChild->isReplaced() || currChild->isFloatingOrPositioned()) && !currChild->isText()) { ++ while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) { + if (currChild->isFloatingOrPositioned()) { + if (currChild->style()->styleType() == FIRST_LETTER) + break; diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch new file mode 100644 index 0000000..b1c6488 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch @@ -0,0 +1,56 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp 2010-06-10 20:34:00.316318866 +0200 +@@ -395,33 +395,43 @@ + document()->removeFocusedNodeOfSubtree(this, true); + + forbidEventDispatch(); +- int childCountDelta = 0; ++ Vector > removedChildren; + while (RefPtr n = m_firstChild) { +- childCountDelta--; +- + Node* next = n->nextSibling(); + +- // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744) ++ // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744). ++ // removeChild() does this after calling detach(). There is no explanation for ++ // this discrepancy between removeChild() and its optimized version removeChildren(). + n->setPreviousSibling(0); + n->setNextSibling(0); + n->setParent(0); +- ++ + m_firstChild = next; + if (n == m_lastChild) + m_lastChild = 0; + + if (n->attached()) + n->detach(); +- +- if (n->inDocument()) +- n->removedFromDocument(); ++ ++ removedChildren.append(n.release()); + } + allowEventDispatch(); + ++ size_t removedChildrenCount = removedChildren.size(); ++ + // Dispatch a single post-removal mutation event denoting a modified subtree. +- childrenChanged(false, 0, 0, childCountDelta); ++ childrenChanged(false, 0, 0, -static_cast(removedChildrenCount)); + dispatchSubtreeModifiedEvent(); + ++ for (size_t i = 0; i < removedChildrenCount; ++i) { ++ Node* removedChild = removedChildren[i].get(); ++ if (removedChild->inDocument()) ++ removedChild->removedFromDocument(); ++ // removeChild() calls removedFromTree(true) if the child was not in the ++ // document. There is no explanation for this discrepancy between removeChild() ++ // and its optimized version removeChildren(). ++ } ++ + return true; + } + diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch new file mode 100644 index 0000000..6f7baf1 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch @@ -0,0 +1,53 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp 2010-06-10 20:41:45.295318418 +0200 +@@ -552,12 +552,6 @@ + toRenderTextControl(renderer)->selectionChanged(userTriggered); + } + +-void Frame::invalidateSelection() +-{ +- selection()->setNeedsLayout(); +- selectionLayoutChanged(); +-} +- + void Frame::setCaretVisible(bool flag) + { + if (m_caretVisible == flag) +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h 2010-06-10 20:41:45.291318453 +0200 +@@ -259,8 +259,6 @@ + void selectionLayoutChanged(); + void notifyRendererOfSelectionChange(bool userTriggered); + +- void invalidateSelection(); +- + void setCaretVisible(bool = true); + void paintCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const; + void paintDragCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const; +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-10 20:41:45.293318191 +0200 +@@ -642,7 +642,8 @@ + root->view()->popLayoutState(); + m_layoutRoot = 0; + +- m_frame->invalidateSelection(); ++ m_frame->selection()->setNeedsLayout(); ++ m_frame->selectionLayoutChanged(); + + m_layoutSchedulingEnabled = true; + +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-10 20:41:45.297318506 +0200 +@@ -1170,7 +1170,7 @@ + // The caret rect needs to be invalidated after scrolling + Frame* frame = renderer()->document()->frame(); + if (frame) +- frame->invalidateSelection(); ++ frame->selection()->setNeedsLayout(); + + // Just schedule a full repaint of our object. + if (repaint) diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch new file mode 100644 index 0000000..443de30 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch @@ -0,0 +1,244 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-11 16:12:55.750525354 +0200 +@@ -35,6 +35,7 @@ + #include "ClientRect.h" + #include "ClientRectList.h" + #include "Document.h" ++#include "DocumentFragment.h" + #include "ElementRareData.h" + #include "ExceptionCode.h" + #include "FocusController.h" +@@ -42,6 +43,7 @@ + #include "FrameView.h" + #include "HTMLElement.h" + #include "HTMLNames.h" ++#include "HTMLTokenizer.h" + #include "NamedNodeMap.h" + #include "NodeList.h" + #include "NodeRenderStyle.h" +@@ -49,6 +51,7 @@ + #include "RenderView.h" + #include "TextIterator.h" + #include "XMLNames.h" ++#include "XMLTokenizer.h" + + #if ENABLE(SVG) + #include "SVGNames.h" +@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData() + { + return new ElementRareData; + } ++ ++PassRefPtr Element::createContextualFragment(const String& markup) ++{ ++ RefPtr fragment = DocumentFragment::create(document()); ++ ++ if (document()->isHTMLDocument()) ++ parseHTMLDocumentFragment(markup, fragment.get()); ++ else { ++ if (!parseXMLDocumentFragment(markup, fragment.get(), this)) ++ // FIXME: We should propagate a syntax error exception out here. ++ return 0; ++ } ++ ++ // Exceptions are ignored because none ought to happen here. ++ ExceptionCode ignoredExceptionCode; ++ ++ // We need to pop and elements and remove to ++ // accommodate folks passing complete HTML documents to make the ++ // child of an element. ++ ++ RefPtr nextNode; ++ for (RefPtr node = fragment->firstChild(); node; node = nextNode) { ++ nextNode = node->nextSibling(); ++ if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) { ++ Node* firstChild = node->firstChild(); ++ if (firstChild) ++ nextNode = firstChild; ++ RefPtr nextChild; ++ for (RefPtr child = firstChild; child; child = nextChild) { ++ nextChild = child->nextSibling(); ++ node->removeChild(child.get(), ignoredExceptionCode); ++ ASSERT(!ignoredExceptionCode); ++ fragment->insertBefore(child, node.get(), ignoredExceptionCode); ++ ASSERT(!ignoredExceptionCode); ++ } ++ fragment->removeChild(node.get(), ignoredExceptionCode); ++ ASSERT(!ignoredExceptionCode); ++ } else if (node->hasTagName(headTag)) { ++ fragment->removeChild(node.get(), ignoredExceptionCode); ++ ASSERT(!ignoredExceptionCode); ++ } ++ } ++ ++ return fragment.release(); ++} + + PassRefPtr Element::cloneNode(bool deep) + { +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-14 16:54:57.639394749 +0200 +@@ -28,6 +28,7 @@ + #include "ContainerNode.h" + #include "QualifiedName.h" + #include "ScrollTypes.h" ++#include "DocumentFragment.h" + + namespace WebCore { + +@@ -89,6 +90,8 @@ public: + DEFINE_ATTRIBUTE_EVENT_LISTENER(search); + DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart); + ++ virtual PassRefPtr createContextualFragment(const String&); ++ + const AtomicString& getIDAttribute() const; + bool hasAttribute(const QualifiedName&) const; + const AtomicString& getAttribute(const QualifiedName&) const; +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-11 16:12:55.752525451 +0200 +@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range, + + PassRefPtr createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL) + { +- ASSERT(document->documentElement()->isHTMLElement()); +- // FIXME: What if the document element is not an HTML element? +- HTMLElement *element = static_cast(document->documentElement()); +- +- RefPtr fragment = element->createContextualFragment(markup); ++ RefPtr fragment = document->documentElement()->createContextualFragment(markup); + + if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL()) + completeURLs(fragment.get(), baseURL); +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-11 16:12:55.753537613 +0200 +@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const + return createMarkup(this); + } + +-PassRefPtr HTMLElement::createContextualFragment(const String &html) ++PassRefPtr HTMLElement::createContextualFragment(const String &markup) + { +- // the following is in accordance with the definition as used by IE ++ // The following is in accordance with the definition as used by IE. + if (endTagRequirement() == TagStatusForbidden) + return 0; + +@@ -245,47 +245,7 @@ PassRefPtr HTMLElement + hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag)) + return 0; + +- RefPtr fragment = DocumentFragment::create(document()); +- +- if (document()->isHTMLDocument()) +- parseHTMLDocumentFragment(html, fragment.get()); +- else { +- if (!parseXMLDocumentFragment(html, fragment.get(), this)) +- // FIXME: We should propagate a syntax error exception out here. +- return 0; +- } +- +- // Exceptions are ignored because none ought to happen here. +- int ignoredExceptionCode; +- +- // we need to pop and elements and remove to +- // accommodate folks passing complete HTML documents to make the +- // child of an element. +- +- RefPtr nextNode; +- for (RefPtr node = fragment->firstChild(); node; node = nextNode) { +- nextNode = node->nextSibling(); +- if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) { +- Node *firstChild = node->firstChild(); +- if (firstChild) +- nextNode = firstChild; +- RefPtr nextChild; +- for (RefPtr child = firstChild; child; child = nextChild) { +- nextChild = child->nextSibling(); +- node->removeChild(child.get(), ignoredExceptionCode); +- ASSERT(!ignoredExceptionCode); +- fragment->insertBefore(child, node.get(), ignoredExceptionCode); +- ASSERT(!ignoredExceptionCode); +- } +- fragment->removeChild(node.get(), ignoredExceptionCode); +- ASSERT(!ignoredExceptionCode); +- } else if (node->hasTagName(headTag)) { +- fragment->removeChild(node.get(), ignoredExceptionCode); +- ASSERT(!ignoredExceptionCode); +- } +- } +- +- return fragment.release(); ++ return Element::createContextualFragment(markup); + } + + static inline bool hasOneChild(ContainerNode* node) +@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str + + void HTMLElement::setInnerText(const String& text, ExceptionCode& ec) + { +- // follow the IE specs about when this is allowed ++ // Follow the IE specs about when this is allowed. + if (endTagRequirement() == TagStatusForbidden) { + ec = NO_MODIFICATION_ALLOWED_ERR; + return; +@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str + + void HTMLElement::setOuterText(const String &text, ExceptionCode& ec) + { +- // follow the IE specs about when this is allowed ++ // Follow the IE specs about when this is allowed. + if (endTagRequirement() == TagStatusForbidden) { + ec = NO_MODIFICATION_ALLOWED_ERR; + return; +@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str + if (ec) + return; + +- // is previous node a text node? if so, merge into it ++ // Is previous node a text node? If so, merge into it. + Node* prev = t->previousSibling(); + if (prev && prev->isTextNode()) { + Text* textPrev = static_cast(prev); +@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str + t = textPrev; + } + +- // is next node a text node? if so, merge it in ++ // Is next node a text node? If so, merge it in. + Node* next = t->nextSibling(); + if (next && next->isTextNode()) { + Text* textNext = static_cast(next); +@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const + return 0; + } + +- // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative ++ // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative. + ec = NOT_SUPPORTED_ERR; + return 0; + } +@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const + Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec) + { + if (!newChild) { +- // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative ++ // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative. + ec = TYPE_MISMATCH_ERR; + return 0; + } +@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe + + void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr) + { +- // vertical alignment with respect to the current baseline of the text +- // right or left means floating images ++ // Vertical alignment with respect to the current baseline of the text ++ // right or left means floating images. + int floatValue = CSSValueInvalid; + int verticalAlignValue = CSSValueInvalid; + diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch new file mode 100644 index 0000000..ac27a59 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch @@ -0,0 +1,32 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp 2010-06-15 13:55:36.853463455 +0200 +@@ -1611,7 +1611,7 @@ void RenderObject::styleWillChange(Style + } + } + +-void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle*) ++void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle) + { + if (s_affectsParentBlock) + handleDynamicFloatPositionChange(); +@@ -1619,9 +1619,17 @@ void RenderObject::styleDidChange(StyleD + if (!m_parent) + return; + +- if (diff == StyleDifferenceLayout) ++ if (diff == StyleDifferenceLayout) { ++ // If the object already needs layout, then setNeedsLayout won't do ++ // any work. But if the containing block has changed, then we may need ++ // to make the new containing blocks for layout. The change that can ++ // directly affect the containing block of this object is a change to ++ // the position style. ++ if (m_needsLayout && oldStyle->position() != m_style->position()) ++ markContainingBlocksForLayout(); ++ + setNeedsLayoutAndPrefWidthsRecalc(); +- else if (diff == StyleDifferenceLayoutPositionedMovementOnly) ++ } else if (diff == StyleDifferenceLayoutPositionedMovementOnly) + setNeedsPositionedMovementLayout(); + + // Don't check for repaint here; we need to wait until the layer has been diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch new file mode 100644 index 0000000..296b25e --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch @@ -0,0 +1,45 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-11 00:09:43.741191104 +0200 +@@ -3039,22 +3039,33 @@ + // Locate the common ancestor render object for the two renderers. + RenderObject* ancestor = commonAncestor(oldHoverObj, newHoverObj); + ++ Vector nodesToRemoveFromChain; ++ Vector nodesToAddToChain; ++ + if (oldHoverObj != newHoverObj) { + // The old hover path only needs to be cleared up to (and not including) the common ancestor; + for (RenderObject* curr = oldHoverObj; curr && curr != ancestor; curr = curr->hoverAncestor()) { +- if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) { +- curr->node()->setActive(false); +- curr->node()->setHovered(false); +- } ++ if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) ++ nodesToRemoveFromChain.append(curr->node()); + } + } + + // Now set the hover state for our new object up to the root. + for (RenderObject* curr = newHoverObj; curr; curr = curr->hoverAncestor()) { +- if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) { +- curr->node()->setActive(request.active()); +- curr->node()->setHovered(true); +- } ++ if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) ++ nodesToAddToChain.append(curr->node()); ++ } ++ ++ size_t removeCount = nodesToRemoveFromChain.size(); ++ for (size_t i = 0; i < removeCount; ++i) { ++ nodesToRemoveFromChain[i]->setActive(false); ++ nodesToRemoveFromChain[i]->setHovered(false); ++ } ++ ++ size_t addCount = nodesToAddToChain.size(); ++ for (size_t i = 0; i < addCount; ++i) { ++ nodesToAddToChain[i]->setActive(request.active()); ++ nodesToAddToChain[i]->setHovered(true); + } + } + diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch new file mode 100644 index 0000000..f0bafb9 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch @@ -0,0 +1,33 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-11 13:42:31.190174662 +0200 +@@ -207,7 +207,7 @@ + PassRefPtr RenderText::originalText() const + { + Node* e = node(); +- return e ? static_cast(e)->dataImpl() : 0; ++ return (e && e->isTextNode()) ? static_cast(e)->dataImpl() : 0; + } + + void RenderText::absoluteRects(Vector& rects, int tx, int ty) +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-11 13:42:31.197153658 +0200 +@@ -47,7 +47,7 @@ + PassRefPtr RenderTextFragment::originalText() const + { + Node* e = node(); +- RefPtr result = (e ? static_cast(e)->dataImpl() : contentString()); ++ RefPtr result = ((e && e->isTextNode()) ? static_cast(e)->dataImpl() : contentString()); + if (result && (start() > 0 || start() < result->length())) + result = result->substring(start(), end()); + return result.release(); +@@ -76,7 +76,7 @@ + { + if (start()) { + Node* e = node(); +- StringImpl* original = (e ? static_cast(e)->dataImpl() : contentString()); ++ StringImpl* original = ((e && e->isTextNode()) ? static_cast(e)->dataImpl() : contentString()); + if (original) + return (*original)[start() - 1]; + } diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch new file mode 100644 index 0000000..0ba3cfa --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch @@ -0,0 +1,16 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp 2010-06-10 17:33:06.092192665 +0200 +@@ -88,8 +88,10 @@ + --number; + letters[lettersSize - 1] = alphabet[number % alphabetSize]; + int length = 1; +- while ((number /= alphabetSize) > 0) +- letters[lettersSize - ++length] = alphabet[number % alphabetSize - 1]; ++ while ((number /= alphabetSize) > 0) { ++ --number; ++ letters[lettersSize - ++length] = alphabet[number % alphabetSize]; ++ } + + ASSERT(length <= lettersSize); + return String(&letters[lettersSize - length], length); diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch new file mode 100644 index 0000000..2fd7849 --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch @@ -0,0 +1,13 @@ +diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp 2010-06-02 04:03:11.000000000 +0200 ++++ qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp 2010-06-11 14:45:02.625278334 +0200 +@@ -168,8 +168,7 @@ + + int usedSpan = 0; + int i = 0; +- while (usedSpan < span) { +- ASSERT(cCol + i < nEffCols); ++ while (usedSpan < span && cCol + i < nEffCols) { + int eSpan = m_table->spanOfEffCol(cCol + i); + // Only set if no col element has already set it. + if (m_width[cCol + i].isAuto() && w.type() != Auto) { diff --git a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch new file mode 100644 index 0000000..9da7dcf --- /dev/null +++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch @@ -0,0 +1,29 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp +--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 2010-06-11 16:12:55.786338275 +0200 ++++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-15 13:23:21.114401487 +0200 +@@ -1189,14 +1189,13 @@ void FrameView::scheduleRelayoutOfSubtre + { + ASSERT(m_frame->view() == this); + +- if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer() +- && m_frame->contentRenderer()->needsLayout())) { ++ if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) { + if (relayoutRoot) + relayoutRoot->markContainingBlocksForLayout(false); + return; + } + +- if (layoutPending()) { ++ if (layoutPending() || !m_layoutSchedulingEnabled) { + if (m_layoutRoot != relayoutRoot) { + if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) { + // Keep the current root +@@ -1213,7 +1212,7 @@ void FrameView::scheduleRelayoutOfSubtre + relayoutRoot->markContainingBlocksForLayout(false); + } + } +- } else { ++ } else if (m_layoutSchedulingEnabled) { + int delay = m_frame->document()->minimumLayoutDelay(); + m_layoutRoot = relayoutRoot; + m_delayedLayout = delay != 0; diff --git a/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch b/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch index d4e5924..f0c9eaa 100644 --- a/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch +++ b/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch @@ -1,7 +1,7 @@ -diff -ur qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck/src/gui/kernel/qguieventdispatcher_glib.cpp ---- qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp 2010-06-02 04:03:15.000000000 +0200 -+++ qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck/src/gui/kernel/qguieventdispatcher_glib.cpp 2010-12-08 22:22:38.000000000 +0100 -@@ -76,7 +76,7 @@ +diff -up qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp +--- qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck 2010-06-01 21:03:15.000000000 -0500 ++++ qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp 2010-06-29 14:58:12.299073784 -0500 +@@ -76,7 +76,7 @@ static gboolean x11EventSourcePrepare(GS GX11EventSource *source = reinterpret_cast(s); return (XEventsQueued(X11->display, QueuedAfterFlush) || (!(source->flags & QEventLoop::ExcludeUserInputEvents) @@ -10,7 +10,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_g } static gboolean x11EventSourceCheck(GSource *s) -@@ -84,7 +84,7 @@ +@@ -84,7 +84,7 @@ static gboolean x11EventSourceCheck(GSou GX11EventSource *source = reinterpret_cast(s); return (XEventsQueued(X11->display, QueuedAfterFlush) || (!(source->flags & QEventLoop::ExcludeUserInputEvents) @@ -19,51 +19,3 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_g } static gboolean x11EventSourceDispatch(GSource *s, GSourceFunc callback, gpointer user_data) -@@ -95,7 +95,7 @@ - do { - XEvent event; - if (!(source->flags & QEventLoop::ExcludeUserInputEvents) -- && !source->d->queuedUserInputEvents.isEmpty()) { -+ && source->d && !source->d->queuedUserInputEvents.isEmpty()) { - // process a pending user input event - event = source->d->queuedUserInputEvents.takeFirst(); - } else if (XEventsQueued(X11->display, QueuedAlready)) { -@@ -112,7 +112,8 @@ - case XKeyRelease: - case EnterNotify: - case LeaveNotify: -- source->d->queuedUserInputEvents.append(event); -+ if (source->d) -+ source->d->queuedUserInputEvents.append(event); - continue; - - case ClientMessage: -@@ -127,7 +128,8 @@ - break; - } - } -- source->d->queuedUserInputEvents.append(event); -+ if (source->d) -+ source->d->queuedUserInputEvents.append(event); - continue; - - default: -@@ -140,7 +142,7 @@ - } - - // send through event filter -- if (source->q->filterEvent(&event)) -+ if (source->q && source->q->filterEvent(&event)) - continue; - - if (qApp->x11ProcessEvent(&event) == 1) -@@ -152,7 +154,8 @@ - - out: - -- source->d->runTimersOnceWithNormalPriority(); -+ if (source->d) -+ source->d->runTimersOnceWithNormalPriority(); - - if (callback) - callback(user_data); diff --git a/qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch b/qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch deleted file mode 100644 index 32b9713..0000000 --- a/qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp ---- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp.CVE-2010-1822-crash-svg-image 2010-09-10 11:05:20.000000000 +0200 -+++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.cpp 2010-10-25 14:22:06.542771102 +0200 -@@ -86,6 +86,11 @@ RenderObject* SVGGElement::createRendere - return new (arena) RenderSVGTransformableContainer(this); - } - -+bool SVGGElement::rendererIsNeeded(RenderStyle*) -+{ -+ return parentNode() && parentNode()->isSVGElement(); -+} -+ - } - - #endif // ENABLE(SVG) -diff -up qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h ---- qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h.CVE-2010-1822-crash-svg-image 2010-09-10 11:05:21.000000000 +0200 -+++ qt-everywhere-opensource-src-4.7.0/src/3rdparty/webkit/WebCore/svg/SVGGElement.h 2010-10-25 14:28:37.467854695 +0200 -@@ -43,6 +43,7 @@ namespace WebCore { - virtual void parseMappedAttribute(MappedAttribute*); - virtual void svgAttributeChanged(const QualifiedName&); - virtual void synchronizeProperty(const QualifiedName&); -+ virtual bool rendererIsNeeded(RenderStyle*); - virtual void childrenChanged(bool changedByParser = false, Node* beforeChange = 0, Node* afterChange = 0, int childCountDelta = 0); - - virtual RenderObject* createRenderer(RenderArena*, RenderStyle*); diff --git a/qt-everywhere-opensource-src-4.7.0-QTBUG-6185.patch b/qt-everywhere-opensource-src-4.7.0-QTBUG-6185.patch new file mode 100644 index 0000000..0b99d08 --- /dev/null +++ b/qt-everywhere-opensource-src-4.7.0-QTBUG-6185.patch @@ -0,0 +1,34 @@ +From 9e9a7bc29319d52c3e563bc2c5282cb7e6890eba Mon Sep 17 00:00:00 2001 +From: Denis Dzyubenko +Date: Wed, 29 Sep 2010 14:02:10 +0200 +Subject: [PATCH] Fixes cursor shape when widget becomes native on X11. + +When a native window handle is created for a widget that has override +cursor set, we should reset the cursor on the parent and set the cursor +on the new window handle. + +Task-number: QTBUG-6185 +Reviewed-by: Olivier Goffart +--- + src/gui/kernel/qwidget_x11.cpp | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp +index e01489f..8d80e10 100644 +--- a/src/gui/kernel/qwidget_x11.cpp ++++ b/src/gui/kernel/qwidget_x11.cpp +@@ -889,8 +889,10 @@ void QWidgetPrivate::create_sys(WId window, bool initializeWindow, bool destroyO + q->setWindowOpacity(maybeTopData()->opacity/255.); + + } +- } else if (q->testAttribute(Qt::WA_SetCursor) && q->internalWinId()) { ++ } else if (q->internalWinId()) { + qt_x11_enforce_cursor(q); ++ if (QWidget *p = q->parentWidget()) // reset the cursor on the native parent ++ qt_x11_enforce_cursor(p); + } + + if (extra && !extra->mask.isEmpty() && q->internalWinId()) +-- +1.6.1 + diff --git a/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch b/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch new file mode 100644 index 0000000..42b3c54 --- /dev/null +++ b/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch @@ -0,0 +1,47 @@ +diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp +--- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init 2010-05-03 19:43:20.000000000 -0500 ++++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp 2010-06-18 10:11:20.738800727 -0500 +@@ -35,6 +35,8 @@ + + namespace WebCore { + ++typedef void gtkInitFunc(int *argc, char ***argv); ++ + bool PluginPackage::fetchInfo() + { + if (!load()) +@@ -110,6 +112,8 @@ bool PluginPackage::load() + NP_InitializeFuncPtr NP_Initialize; + NPError npErr; + ++ gtkInitFunc* gtkInit; ++ + NP_Initialize = (NP_InitializeFuncPtr)m_module->resolve("NP_Initialize"); + m_NPP_Shutdown = (NPP_ShutdownProcPtr)m_module->resolve("NP_Shutdown"); + +@@ -127,6 +131,25 @@ bool PluginPackage::load() + m_browserFuncs.getvalue = staticPluginQuirkRequiresGtkToolKit_NPN_GetValue; + } + ++ // WORKAROUND: Prevent gtk based plugin crashes such as BR# 40567 by ++ // explicitly forcing the initializing of Gtk, i.e. calling gtk_init, ++ // whenver the symbol is present in the plugin library loaded above. ++ // Note that this workaround is based on code from the NSPluginClass ctor ++ // in KDE's kdebase/apps/nsplugins/viewer/nsplugin.cpp file. ++ gtkInit = (gtkInitFunc*)m_module->resolve("gtk_init"); ++ if (gtkInit) { ++ // Prevent gtk_init() from replacing the X error handlers, since the Gtk ++ // handlers abort when they receive an X error, thus killing the viewer. ++#ifdef Q_WS_X11 ++ int (*old_error_handler)(Display*, XErrorEvent*) = XSetErrorHandler(0); ++ int (*old_io_error_handler)(Display*) = XSetIOErrorHandler(0); ++#endif ++ gtkInit(0, 0); ++#ifdef Q_WS_X11 ++ XSetErrorHandler(old_error_handler); ++ XSetIOErrorHandler(old_io_error_handler); ++#endif ++ } + #if defined(XP_UNIX) + npErr = NP_Initialize(&m_browserFuncs, &m_pluginFuncs); + #else diff --git a/qt-everywhere-opensource-src-4.7.0-beta1-s390x.patch b/qt-everywhere-opensource-src-4.7.0-beta1-s390x.patch deleted file mode 100644 index 1eedf83..0000000 --- a/qt-everywhere-opensource-src-4.7.0-beta1-s390x.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.s390x qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h ---- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.s390x 2010-06-16 13:54:50.000000000 +0200 -+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h 2010-06-16 13:53:43.000000000 +0200 -@@ -179,6 +179,18 @@ - #define WTF_CPU_SPARC 1 - #endif - -+/* CPU(S390X) - S390 64-bit */ -+#if defined(__s390x__) -+#define WTF_CPU_S390X 1 -+#define WTF_CPU_BIG_ENDIAN 1 -+#endif -+ -+/* CPU(S390) - S390 32-bit */ -+#if defined(__s390__) -+#define WTF_CPU_S390 1 -+#define WTF_CPU_BIG_ENDIAN 1 -+#endif -+ - /* CPU(X86) - i386 / x86 32-bit */ - #if defined(__i386__) \ - || defined(i386) \ -@@ -860,7 +872,7 @@ - #endif - - #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64) --#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS) || OS(SOLARIS) || OS(HPUX))) || (CPU(IA64) && !CPU(IA64_32)) || CPU(ALPHA) || CPU(AIX64) || CPU(SPARC64) -+#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS) || OS(SOLARIS) || OS(HPUX))) || (CPU(IA64) && !CPU(IA64_32)) || CPU(ALPHA) || CPU(AIX64) || CPU(SPARC64) || CPU(S390X) - #define WTF_USE_JSVALUE64 1 - #elif CPU(ARM) || CPU(PPC64) - #define WTF_USE_JSVALUE32 1 -diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.s390x qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h ---- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.s390x 2010-06-16 13:49:00.000000000 +0200 -+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2010-06-16 13:50:01.000000000 +0200 -@@ -169,6 +169,18 @@ - #define WTF_CPU_SPARC 1 - #endif - -+/* CPU(S390X) - S390 64-bit */ -+#if defined(__s390x__) -+#define WTF_CPU_S390X 1 -+#define WTF_CPU_BIG_ENDIAN 1 -+#endif -+ -+/* CPU(S390) - S390 32-bit */ -+#if defined(__s390__) -+#define WTF_CPU_S390 1 -+#define WTF_CPU_BIG_ENDIAN 1 -+#endif -+ - /* CPU(X86) - i386 / x86 32-bit */ - #if defined(__i386__) \ - || defined(i386) \ -@@ -874,6 +886,7 @@ - #if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS))) \ - || (CPU(IA64) && !CPU(IA64_32)) \ - || CPU(ALPHA) \ -+ || CPU(S390X) \ - || CPU(SPARC64) - #define WTF_USE_JSVALUE64 1 - #elif CPU(ARM) || CPU(PPC64) || CPU(MIPS) diff --git a/qt-everywhere-opensource-src-4.7.0-bpp24.patch b/qt-everywhere-opensource-src-4.7.0-bpp24.patch deleted file mode 100644 index 910e15f..0000000 --- a/qt-everywhere-opensource-src-4.7.0-bpp24.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up qt-everywhere-opensource-src-4.7.0/src/gui/image/qpixmap_x11.cpp.me qt-everywhere-opensource-src-4.7.0/src/gui/image/qpixmap_x11.cpp ---- qt-everywhere-opensource-src-4.7.0/src/gui/image/qpixmap_x11.cpp.me 2010-10-15 22:04:09.000000000 +0200 -+++ qt-everywhere-opensource-src-4.7.0/src/gui/image/qpixmap_x11.cpp 2010-10-15 22:04:18.000000000 +0200 -@@ -900,9 +900,9 @@ void QX11PixmapData::fromImage(const QIm - case BPP24_888: // 24 bit MSB - CYCLE( - for (int x=0; x= QTextCursor::Left && op <= QTextCursor::WordRight - && blockIt.textDirection() == Qt::RightToLeft) { - if (op == QTextCursor::Left) diff --git a/qt-everywhere-opensource-src-4.7.1-webkit.patch b/qt-everywhere-opensource-src-4.7.1-webkit.patch deleted file mode 100644 index 7cebf10..0000000 --- a/qt-everywhere-opensource-src-4.7.1-webkit.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -up qt-everywhere-opensource-src-4.7.1/tools/assistant/tools/assistant/assistant.pro.webkit qt-everywhere-opensource-src-4.7.1/tools/assistant/tools/assistant/assistant.pro ---- qt-everywhere-opensource-src-4.7.1/tools/assistant/tools/assistant/assistant.pro.webkit 2010-11-06 02:55:11.000000000 +0100 -+++ qt-everywhere-opensource-src-4.7.1/tools/assistant/tools/assistant/assistant.pro 2010-12-06 18:39:53.667993686 +0100 -@@ -2,7 +2,7 @@ include(../../../shared/fontpanel/fontpa - TEMPLATE = app - LANGUAGE = C++ - TARGET = assistant --contains(QT_CONFIG, webkit):QT += webkit -+DEFINES += QT_NO_WEBKIT - CONFIG += qt \ - warn_on \ - help -@@ -40,12 +40,9 @@ HEADERS += aboutdialog.h \ - topicchooser.h \ - tracer.h \ - xbelsupport.h \ -- ../shared/collectionconfiguration.h --contains(QT_CONFIG, webkit) { -- HEADERS += helpviewer_qwv.h --} else { -- HEADERS += helpviewer_qtb.h -- } -+ ../shared/collectionconfiguration.h \ -+ helpviewer_qtb.h -+ - win32:HEADERS += remotecontrol_win.h - - SOURCES += aboutdialog.cpp \ -@@ -72,12 +69,8 @@ SOURCES += aboutdialog.cpp \ - searchwidget.cpp \ - topicchooser.cpp \ - xbelsupport.cpp \ -- ../shared/collectionconfiguration.cpp -- contains(QT_CONFIG, webkit) { -- SOURCES += helpviewer_qwv.cpp --} else { -- SOURCES += helpviewer_qtb.cpp --} -+ ../shared/collectionconfiguration.cpp \ -+ helpviewer_qtb.cpp - - FORMS += bookmarkdialog.ui \ - bookmarkmanagerwidget.ui \ diff --git a/qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch b/qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch new file mode 100644 index 0000000..1b6a1e8 --- /dev/null +++ b/qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch @@ -0,0 +1,10 @@ +--- qt-x11-opensource-src-4.2.2/qmake/project.cpp.QMAKEPATH 2006-11-27 11:26:03.000000000 -0600 ++++ qt-x11-opensource-src-4.2.2/qmake/project.cpp 2007-02-26 13:45:39.000000000 -0600 +@@ -498,6 +498,7 @@ + ret << ((*it) + concat); + } + ret << QLibraryInfo::location(QLibraryInfo::DataPath) + concat; ++ ret << QLibraryInfo::location(QLibraryInfo::PrefixPath) + concat; + + return ret; + } diff --git a/qt-x11-opensource-src-4.5.0-gcc_hack.patch b/qt-x11-opensource-src-4.5.0-gcc_hack.patch new file mode 100644 index 0000000..89e7149 --- /dev/null +++ b/qt-x11-opensource-src-4.5.0-gcc_hack.patch @@ -0,0 +1,14 @@ +diff -up qt-x11-opensource-src-4.5.0/src/corelib/tools/qstring.cpp.gcc_hack qt-x11-opensource-src-4.5.0/src/corelib/tools/qstring.cpp +--- qt-x11-opensource-src-4.5.0/src/corelib/tools/qstring.cpp.gcc_hack 2009-02-25 15:09:22.000000000 -0600 ++++ qt-x11-opensource-src-4.5.0/src/corelib/tools/qstring.cpp 2009-03-27 11:56:51.000000000 -0500 +@@ -102,8 +102,8 @@ static QHash *asciiC + // internal + int qFindString(const QChar *haystack, int haystackLen, int from, + const QChar *needle, int needleLen, Qt::CaseSensitivity cs); +-int qFindStringBoyerMoore(const QChar *haystack, int haystackLen, int from, +- const QChar *needle, int needleLen, Qt::CaseSensitivity cs); ++//int qFindStringBoyerMoore(const QChar *haystack, int haystackLen, int from, ++// const QChar *needle, int needleLen, Qt::CaseSensitivity cs); + + + // Unicode case-insensitive comparison diff --git a/qt-everywhere-opensource-src-4.7.0-beta2-kde4_plugins.patch b/qt-x11-opensource-src-4.5.1-kde4_plugins.patch similarity index 50% rename from qt-everywhere-opensource-src-4.7.0-beta2-kde4_plugins.patch rename to qt-x11-opensource-src-4.5.1-kde4_plugins.patch index 822ace8..a48860d 100644 --- a/qt-everywhere-opensource-src-4.7.0-beta2-kde4_plugins.patch +++ b/qt-x11-opensource-src-4.5.1-kde4_plugins.patch @@ -1,11 +1,10 @@ -diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp.kde4_plugins qt-everywhere-opensource-src-4.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp ---- qt-everywhere-opensource-src-4.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp.kde4_plugins 2010-06-29 20:53:15.000000000 -0500 -+++ qt-everywhere-opensource-src-4.7.0-beta2/src/corelib/kernel/qcoreapplication.cpp 2010-07-08 08:24:12.714604479 -0500 -@@ -2262,6 +2262,15 @@ QStringList QCoreApplication::libraryPat - if (!app_libpaths->contains(installPathPlugins)) +diff -up qt-x11-opensource-src-4.5.1/src/corelib/kernel/qcoreapplication.cpp.kde4_plugins qt-x11-opensource-src-4.5.1/src/corelib/kernel/qcoreapplication.cpp +--- qt-x11-opensource-src-4.5.1/src/corelib/kernel/qcoreapplication.cpp.kde4_plugins 2009-04-21 18:57:41.000000000 -0500 ++++ qt-x11-opensource-src-4.5.1/src/corelib/kernel/qcoreapplication.cpp 2009-05-06 13:53:40.258081854 -0500 +@@ -2061,6 +2061,15 @@ QStringList QCoreApplication::libraryPat app_libpaths->append(installPathPlugins); } -+ + + // hack in support for kde4 plugin paths -- Rex + QString kde4PathPlugins = QLibraryInfo::location(QLibraryInfo::LibrariesPath) + QLatin1String("/kde4/plugins"); + if (QFile::exists(kde4PathPlugins)) { @@ -14,6 +13,7 @@ diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/corelib/kernel/qcoreapplic + if (!app_libpaths->contains(kde4PathPlugins)) + app_libpaths->append(kde4PathPlugins); + } - #endif - ++ // If QCoreApplication is not yet instantiated, + // make sure we add the application path when we construct the QCoreApplication + if (self) self->d_func()->appendApplicationPathToLibraryPaths(); diff --git a/qt-everywhere-opensource-src-4.7.0-beta2-mysql_config.patch b/qt-x11-opensource-src-4.5.1-mysql_config.patch similarity index 59% rename from qt-everywhere-opensource-src-4.7.0-beta2-mysql_config.patch rename to qt-x11-opensource-src-4.5.1-mysql_config.patch index 47c066b..6dc7f40 100644 --- a/qt-everywhere-opensource-src-4.7.0-beta2-mysql_config.patch +++ b/qt-x11-opensource-src-4.5.1-mysql_config.patch @@ -1,8 +1,16 @@ -diff -up qt-everywhere-opensource-src-4.7.0-beta2/configure.mysql_config qt-everywhere-opensource-src-4.7.0-beta2/configure ---- qt-everywhere-opensource-src-4.7.0-beta2/configure.mysql_config 2010-06-29 20:53:10.000000000 -0500 -+++ qt-everywhere-opensource-src-4.7.0-beta2/configure 2010-07-08 08:30:32.148864934 -0500 -@@ -4849,8 +4849,15 @@ for _SQLDR in $CFG_SQL_AVAILABLE; do - [ -z "$CFG_MYSQL_CONFIG" ] && CFG_MYSQL_CONFIG=`"$WHICH" mysql_config` +diff -up qt-x11-opensource-src-4.5.1/configure.mysql_config qt-x11-opensource-src-4.5.1/configure +--- qt-x11-opensource-src-4.5.1/configure.mysql_config 2009-05-04 09:14:37.105826464 -0500 ++++ qt-x11-opensource-src-4.5.1/configure 2009-05-04 09:15:26.747077312 -0500 +@@ -4334,6 +4334,7 @@ if [ "$CFG_ACCESSIBILITY" = "auto" ]; th + CFG_ACCESSIBILITY=yes + fi + ++set -x + # auto-detect SQL-modules support + for _SQLDR in $CFG_SQL_AVAILABLE; do + case $_SQLDR in +@@ -4342,8 +4343,15 @@ for _SQLDR in $CFG_SQL_AVAILABLE; do + [ -z "$CFG_MYSQL_CONFIG" ] && CFG_MYSQL_CONFIG=`$WHICH mysql_config` if [ -x "$CFG_MYSQL_CONFIG" ]; then QT_CFLAGS_MYSQL=`$CFG_MYSQL_CONFIG --include 2>/dev/null` + $CFG_MYSQL_CONFIG --pkglibdir &>/dev/null && \ diff --git a/qt-everywhere-opensource-src-4.7.0-beta2-phonon_servicesfile.patch b/qt-x11-opensource-src-4.5.1-phonon.patch similarity index 52% rename from qt-everywhere-opensource-src-4.7.0-beta2-phonon_servicesfile.patch rename to qt-x11-opensource-src-4.5.1-phonon.patch index e5ef6a0..809bb9e 100644 --- a/qt-everywhere-opensource-src-4.7.0-beta2-phonon_servicesfile.patch +++ b/qt-x11-opensource-src-4.5.1-phonon.patch @@ -1,19 +1,7 @@ -diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/phonon/gstreamer/gstreamer.desktop.servicesfile qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/phonon/gstreamer/gstreamer.desktop ---- qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/phonon/gstreamer/gstreamer.desktop.servicesfile 2010-06-29 20:53:12.000000000 -0500 -+++ qt-everywhere-opensource-src-4.7.0-beta2/src/3rdparty/phonon/gstreamer/gstreamer.desktop 2010-07-08 08:25:50.419855085 -0500 -@@ -2,7 +2,7 @@ - Type=Service - X-KDE-ServiceTypes=PhononBackend - MimeType=application/x-annodex;video/quicktime;video/x-quicktime;audio/x-m4a;application/x-quicktimeplayer;video/mkv;video/msvideo;video/x-msvideo;video/x-flic;audio/x-aiff;audio/aiff;audio/x-pn-aiff;audio/x-realaudio;audio/basic;audio/x-basic;audio/x-pn-au;audio/x-8svx;audio/8svx;audio/x-16sv;audio/168sv;image/x-ilbm;image/ilbm;video/x-anim;video/anim;image/png;image/x-png;video/mng;video/x-mng;audio/x-ogg;audio/x-speex+ogg;application/ogg;application/ogg;audio/vnd.rn-realaudio;audio/x-pn-realaudio-plugin;audio/x-real-audio;application/vnd.rn-realmedia;video/mpeg;video/x-mpeg;audio/x-wav;audio/wav;audio/x-pn-wav;audio/x-pn-windows-acm;audio/mpeg2;audio/x-mpeg2;audio/mpeg3;audio/x-mpeg3;audio/mpeg;audio/x-mpeg;x-mpegurl;audio/x-mpegurl;audio/mp3;audio/mpeg; --X-KDE-Library=phonon_gstreamer -+X-KDE-Library=libphonon_gstreamer - X-KDE-PhononBackendInfo-InterfaceVersion=1 - X-KDE-PhononBackendInfo-Version=0.1 - X-KDE-PhononBackendInfo-Website=http://gstreamer.freedesktop.org/ -diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/phonon/phonon.pro.servicesfile qt-everywhere-opensource-src-4.7.0-beta2/src/phonon/phonon.pro ---- qt-everywhere-opensource-src-4.7.0-beta2/src/phonon/phonon.pro.servicesfile 2010-06-29 20:53:13.000000000 -0500 -+++ qt-everywhere-opensource-src-4.7.0-beta2/src/phonon/phonon.pro 2010-07-08 08:26:58.307612257 -0500 -@@ -122,6 +122,11 @@ contains(QT_CONFIG, dbus) { +diff -ur qt-orig/src/phonon/phonon.pro qt-x11-opensource-src-4.5.2/src/phonon/phonon.pro +--- qt-orig/src/phonon/phonon.pro 2009-06-20 06:57:57.000000000 +0200 ++++ qt-x11-opensource-src-4.5.2/src/phonon/phonon.pro 2009-06-25 19:30:00.000000000 +0200 +@@ -112,4 +112,9 @@ DEFINES += QT_NO_DBUS } @@ -23,12 +11,10 @@ diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/phonon/phonon.pro.services +INSTALLS += sources + contains(QT_CONFIG, reduce_exports): CONFIG += hide_symbols - - unix:!isEmpty(QT_CFLAGS_PULSEAUDIO) { -diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/plugins/phonon/gstreamer/gstreamer.pro.servicesfile qt-everywhere-opensource-src-4.7.0-beta2/src/plugins/phonon/gstreamer/gstreamer.pro ---- qt-everywhere-opensource-src-4.7.0-beta2/src/plugins/phonon/gstreamer/gstreamer.pro.servicesfile 2010-06-29 20:53:14.000000000 -0500 -+++ qt-everywhere-opensource-src-4.7.0-beta2/src/plugins/phonon/gstreamer/gstreamer.pro 2010-07-08 08:25:50.387854526 -0500 -@@ -64,6 +64,8 @@ SOURCES += $$PHONON_GSTREAMER_DIR/abstra +diff -ur qt-orig/src/plugins/phonon/gstreamer/gstreamer.pro qt-x11-opensource-src-4.5.2/src/plugins/phonon/gstreamer/gstreamer.pro +--- qt-orig/src/plugins/phonon/gstreamer/gstreamer.pro 2009-06-20 06:57:58.000000000 +0200 ++++ qt-x11-opensource-src-4.5.2/src/plugins/phonon/gstreamer/gstreamer.pro 2009-06-25 19:31:36.000000000 +0200 +@@ -62,6 +62,8 @@ } target.path = $$[QT_INSTALL_PLUGINS]/phonon_backend @@ -38,3 +24,15 @@ diff -up qt-everywhere-opensource-src-4.7.0-beta2/src/plugins/phonon/gstreamer/g +INSTALLS += target services include(../../qpluginbase.pri) +diff -ur qt-orig/src/3rdparty/phonon/gstreamer/gstreamer.desktop qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/gstreamer/gstreamer.desktop +--- qt-orig/src/3rdparty/phonon/gstreamer/gstreamer.desktop 2009-06-20 06:57:54.000000000 +0200 ++++ qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/gstreamer/gstreamer.desktop 2009-06-25 19:30:00.000000000 +0200 +@@ -2,7 +2,7 @@ + Type=Service + X-KDE-ServiceTypes=PhononBackend + MimeType=application/x-annodex;video/quicktime;video/x-quicktime;audio/x-m4a;application/x-quicktimeplayer;video/mkv;video/msvideo;video/x-msvideo;video/x-flic;audio/x-aiff;audio/aiff;audio/x-pn-aiff;audio/x-realaudio;audio/basic;audio/x-basic;audio/x-pn-au;audio/x-8svx;audio/8svx;audio/x-16sv;audio/168sv;image/x-ilbm;image/ilbm;video/x-anim;video/anim;image/png;image/x-png;video/mng;video/x-mng;audio/x-ogg;audio/x-speex+ogg;application/ogg;application/ogg;audio/vnd.rn-realaudio;audio/x-pn-realaudio-plugin;audio/x-real-audio;application/vnd.rn-realmedia;video/mpeg;video/x-mpeg;audio/x-wav;audio/wav;audio/x-pn-wav;audio/x-pn-windows-acm;audio/mpeg2;audio/x-mpeg2;audio/mpeg3;audio/x-mpeg3;audio/mpeg;audio/x-mpeg;x-mpegurl;audio/x-mpegurl;audio/mp3;audio/mpeg; +-X-KDE-Library=phonon_gstreamer ++X-KDE-Library=libphonon_gstreamer + X-KDE-PhononBackendInfo-InterfaceVersion=1 + X-KDE-PhononBackendInfo-Version=0.1 + X-KDE-PhononBackendInfo-Website=http://gstreamer.freedesktop.org/ diff --git a/qt-x11-opensource-src-4.5.2-pulseaudio.patch b/qt-x11-opensource-src-4.5.2-pulseaudio.patch new file mode 100644 index 0000000..871000a --- /dev/null +++ b/qt-x11-opensource-src-4.5.2-pulseaudio.patch @@ -0,0 +1,43 @@ +diff -up qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/phonon/globalconfig.cpp.phonon-pulseaudio qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/phonon/globalconfig.cpp +--- qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/phonon/globalconfig.cpp.phonon-pulseaudio 2009-06-20 06:57:54.000000000 +0200 ++++ qt-x11-opensource-src-4.5.2/src/3rdparty/phonon/phonon/globalconfig.cpp 2009-08-21 00:11:55.000000000 +0200 +@@ -31,6 +31,7 @@ + #include "phononnamespace_p.h" + + #include ++#include + #include + + QT_BEGIN_NAMESPACE +@@ -167,6 +168,15 @@ QList GlobalConfig::audioOutputDevi + | ((override & HideUnavailableDevices) ? FilterUnavailableDevices : 0) + ); + } ++ // make PulseAudio the global default (assume it is already default in this list) ++ if (!list.isEmpty()) { ++ int firstIndex = list.first(); ++ if (backendIface->objectDescriptionProperties(Phonon::AudioOutputDeviceType, ++ firstIndex)["name"].toString() == "PulseAudio") { ++ list.removeFirst(); ++ defaultList.prepend(firstIndex); ++ } ++ } + defaultList += list; + } + +@@ -222,6 +232,15 @@ QList GlobalConfig::audioCaptureDev + | ((override & HideUnavailableDevices) ? FilterUnavailableDevices : 0) + ); + } ++ // make PulseAudio the global default (assume it is already default in this list) ++ if (!list.isEmpty()) { ++ int firstIndex = list.first(); ++ if (backendIface->objectDescriptionProperties(Phonon::AudioCaptureDeviceType, ++ firstIndex)["name"].toString() == "PulseAudio") { ++ list.removeFirst(); ++ defaultList.prepend(firstIndex); ++ } ++ } + defaultList += list; + } + diff --git a/qt-x11-opensource-src-4.5.3-system_ca_certificates.patch b/qt-x11-opensource-src-4.5.3-system_ca_certificates.patch new file mode 100644 index 0000000..2dfa554 --- /dev/null +++ b/qt-x11-opensource-src-4.5.3-system_ca_certificates.patch @@ -0,0 +1,25 @@ +diff -up qt-x11-opensource-src-4.5.3/src/network/ssl/qsslsocket_openssl.cpp.system_ca_certificates qt-x11-opensource-src-4.5.3/src/network/ssl/qsslsocket_openssl.cpp +--- qt-x11-opensource-src-4.5.3/src/network/ssl/qsslsocket_openssl.cpp.system_ca_certificates 2009-09-29 06:01:38.000000000 -0500 ++++ qt-x11-opensource-src-4.5.3/src/network/ssl/qsslsocket_openssl.cpp 2009-10-02 11:20:10.674662746 -0500 +@@ -482,8 +482,20 @@ void QSslSocketPrivate::resetDefaultCiph + + QList QSslSocketPrivate::systemCaCertificates() + { ++ ++ QFile caBundle; ++ ++#ifdef Q_OS_UNIX ++ // Check known locations for the system's default bundle. ### On Windows, ++ // we should use CAPI to find the bundle, and not rely on default unix ++ // locations. ++ caBundle.setFileName(QLatin1String("/etc/pki/tls/certs/ca-bundle.crt")); ++ if (caBundle.open(QIODevice::ReadOnly | QIODevice::Text)) ++ return QSslCertificate::fromDevice(&caBundle); ++#endif ++ + // Qt provides a default bundle of certificates +- QFile caBundle(QLatin1String(":/trolltech/network/ssl/qt-ca-bundle.crt")); ++ caBundle.setFileName(QLatin1String(":/trolltech/network/ssl/qt-ca-bundle.crt")); + if (caBundle.open(QIODevice::ReadOnly | QIODevice::Text)) + return QSslCertificate::fromDevice(&caBundle); + diff --git a/qt.spec b/qt.spec index bffddc7..09e3ce2 100644 --- a/qt.spec +++ b/qt.spec @@ -4,24 +4,19 @@ # -no-pch disables precompiled headers, make ccache-friendly %define no_pch -no-pch -## disable javascript JIT compiler (selinux crasher) -## WAS https://bugs.webkit.org/show_bug.cgi?id=35154 -#define no_javascript_jit -no-javascript-jit +%define _default_patch_fuzz 3 -# enable kde-qt integration/patches +# enable kde-qt integration/patches (currently a no-op) %define kde_qt 1 -# See http://bugzilla.redhat.com/223663 -%define multilib_archs x86_64 %{ix86} ppc64 ppc s390x s390 sparc64 sparcv9 - Summary: Qt toolkit Name: qt Epoch: 1 -Version: 4.7.1 -Release: 5%{?dist} +Version: 4.6.3 +Release: 9%{?dist} # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details -License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT +License: LGPLv2 with exceptions or GPLv3 with exceptions Group: System Environment/Libraries Url: http://www.qtsoftware.com/ Source0: http://get.qt.nokia.com/qt/source/qt-everywhere-opensource-src-%{version}.tar.gz @@ -30,82 +25,87 @@ Obsoletes: qt4 < %{version}-%{release} Provides: qt4 = %{version}-%{release} %{?_isa:Provides: qt4%{?_isa} = %{version}-%{release}} -# default Qt config file Source4: Trolltech.conf -# header file to workaround multilib issue +# See http://bugzilla.redhat.com/223663 +%define multilib_archs x86_64 %{ix86} ppc64 ppc s390x s390 sparc64 sparcv9 Source5: qconfig-multilib.h -# set default QMAKE_CFLAGS_RELEASE +# multilib hacks Patch2: qt-x11-opensource-src-4.2.2-multilib-optflags.patch - -# get rid of timestamp which causes multilib problem +Patch3: qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch Patch4: qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch - -# enable ft lcdfilter +Patch5: qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch +# hack around gcc/ppc crasher, http://bugzilla.redhat.com/492185 +Patch13: qt-x11-opensource-src-4.5.0-gcc_hack.patch Patch15: qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch - # include kde4 plugin path, http://bugzilla.redhat.com/498809 -# omit for now, (seems?) causes unwelcome side-effects -- Rex -Patch16: qt-everywhere-opensource-src-4.7.0-beta2-kde4_plugins.patch - -# phonon gstreamer services -Patch19: qt-everywhere-opensource-src-4.7.0-beta2-phonon_servicesfile.patch - +Patch16: qt-x11-opensource-src-4.5.1-kde4_plugins.patch +# make PulseAudio the default device in Phonon +Patch17: qt-x11-opensource-src-4.5.2-pulseaudio.patch +Patch19: qt-x11-opensource-src-4.5.1-phonon.patch +Patch21: qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch +# use system ca-bundle certs, http://bugzilla.redhat.com/521911 +Patch22: qt-x11-opensource-src-4.5.3-system_ca_certificates.patch +Requires: ca-certificates # may be upstreamable, not sure yet # workaround for gdal/grass crashers wrt glib_eventloop null deref's Patch23: qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch -# remove dependency of webkit in assistant -Patch24: qt-everywhere-opensource-src-4.7.1-webkit.patch - ## upstreamable bits +# http://bugzilla.redhat.com/485677 +Patch51: qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch # fix invalid inline assembly in qatomic_{i386,x86_64}.h (de)ref implementations Patch53: qt-x11-opensource-src-4.5.0-fix-qatomic-inline-asm.patch - # fix invalid assumptions about mysql_config --libs # http://bugzilla.redhat.com/440673 -Patch54: qt-everywhere-opensource-src-4.7.0-beta2-mysql_config.patch - +Patch54: qt-x11-opensource-src-4.5.1-mysql_config.patch # http://bugs.kde.org/show_bug.cgi?id=180051#c22 Patch55: qt-everywhere-opensource-src-4.6.2-cups.patch - -# Add s390x as 64bit and s390 as 31bit bigendian platform -Patch56: qt-everywhere-opensource-src-4.7.0-beta1-s390x.patch - +# fix type cast issue on s390x +Patch56: qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch +# fix type cast issue on sparc64 +Patch57: qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch # qtwebkit to search nspluginwrapper paths too Patch58: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_pluginpath.patch -# indic incorrect rendering -Patch59: qt-4.6.3-bn-rendering-bz562049.patch -Patch60: qt-4.6.3-bn-rendering-bz562058.patch -Patch61: qt-4.6.3-indic-rendering-bz631732.patch -Patch62: qt-4.6.3-indic-rendering-bz636399.patch - -# fix 24bit color issue -Patch63: qt-everywhere-opensource-src-4.7.0-bpp24.patch - -# Fails to create debug build of Qt projects on mingw (rhbz#653674) -Patch64: qt-everywhere-opensource-src-4.7.1-QTBUG-14467.patch - -# upstream patches -# Reordering of Malayalam Rakar not working properly -Patch100: qt-everywhere-opensource-src-4.7.1-ml_IN-bz528303.patch - -# fix QTextCursor crash in Lokalize and Psi (QTBUG-15857, kde#249373, #660028) -# http://qt.gitorious.org/qt/qt/commit/6ae84f1183e91c910ca92a55e37f8254ace805c0 -Patch101: qt-everywhere-opensource-src-4.7.1-qtextcursor-crash.patch +# upstream or security patches +# https://bugs.webkit.org/show_bug.cgi?id=40567 +Patch100: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch +# http://bugreports.qt.nokia.com/browse/QTBUG-6185 +# http://qt.gitorious.org/qt/staging/commit/9e9a7bc29319d52c3e563bc2c5282cb7e6890eba +Patch101: qt-everywhere-opensource-src-4.7.0-QTBUG-6185.patch +Patch104: qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch +Patch106: qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch +Patch108: qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch +Patch109: qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch +Patch110: qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch +Patch111: qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch +Patch112: qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch +Patch113: qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch +Patch114: qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch +Patch115: qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch +Patch116: qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch +Patch117: qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch +Patch118: qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch +Patch119: qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch +Patch120: qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch # kde-qt git patches +Patch201: 0001-This-patch-uses-object-name-as-a-fallback-for-window.patch Patch202: 0002-This-patch-makes-override-redirect-windows-popup-men.patch +Patch203: 0003-This-patch-changes-QObjectPrivateVersion-thus-preven.patch Patch204: 0004-This-patch-adds-support-for-using-isystem-to-allow-p.patch Patch205: 0005-When-tabs-are-inserted-or-removed-in-a-QTabBar.patch +Patch206: 0006-Fix-configure.exe-to-do-an-out-of-source-build-on-wi.patch +Patch207: 0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch +Patch208: 0008-This-patch-makes-the-raster-graphics-system-use-shar.patch +Patch209: 0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch Patch212: 0012-Add-context-to-tr-calls-in-QShortcut.patch +Patch217: http://qt.gitorious.org/+kde-developers/qt/kde-qt/commit/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch +# QTBUG-9793 +Patch218: http://qt.gitorious.org/qt/qt/commit/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch -# security patches -Patch300: qt-everywhere-opensource-src-4.7.0-CVE-2010-1822-crash-svg-image.patch - -# gstreamer logos Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg Source11: hi16-phonon-gstreamer.png Source12: hi22-phonon-gstreamer.png @@ -114,7 +114,6 @@ Source14: hi48-phonon-gstreamer.png Source15: hi64-phonon-gstreamer.png Source16: hi128-phonon-gstreamer.png -# desktop files Source20: assistant.desktop Source21: designer.desktop Source22: linguist.desktop @@ -143,11 +142,12 @@ Source31: hi48-app-qt4-logo.png # if -phonon-backend, include in packaging (else it's omitted) %define phonon_backend_packaged 1 %endif -%define phonon_version 4.3.80 +%define phonon_version 4.3.50 %define phonon_version_major 4.3 %define phonon_release 1 %define webkit -webkit %define gtkstyle -gtkstyle +%define nas -no-nas-sound %define dbus -dbus-linked # See http://bugzilla.redhat.com/196901 @@ -161,35 +161,42 @@ Source31: hi48-app-qt4-logo.png %define _qt4_docdir %{_docdir}/qt4 %define _qt4_examplesdir %{_qt4_prefix}/examples %define _qt4_headerdir %{_includedir} -%define _qt4_importdir %{_qt4_prefix}/imports %define _qt4_libdir %{_libdir} %define _qt4_plugindir %{_qt4_prefix}/plugins %define _qt4_sysconfdir %{_sysconfdir} %define _qt4_translationdir %{_datadir}/qt4/translations +%if "%{_qt4_libdir}" != "%{_libdir}" +Prereq: /etc/ld.so.conf.d +%endif + BuildRequires: alsa-lib-devel BuildRequires: dbus-devel >= 0.62 BuildRequires: cups-devel BuildRequires: desktop-file-utils BuildRequires: findutils BuildRequires: fontconfig-devel -BuildRequires: glib2-devel +BuildRequires: freetype-devel BuildRequires: libjpeg-devel BuildRequires: libmng-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel -BuildRequires: NetworkManager-devel +BuildRequires: freetype-devel +BuildRequires: zlib-devel +BuildRequires: glib2-devel BuildRequires: openssl-devel BuildRequires: pkgconfig -BuildRequires: pulseaudio-libs-devel -BuildRequires: zlib-devel ## In theory, should be as simple as: #define x_deps libGL-devel libGLU-devel ## but, "xorg-x11-devel: missing dep on libGL/libGLU" - http://bugzilla.redhat.com/211898 -%define x_deps libICE-devel libSM-devel libXcursor-devel libXext-devel libXfixes-devel libXft-devel libXi-devel libXinerama-devel libXrandr-devel libXrender-devel libXt-devel libXv-devel libX11-devel xorg-x11-proto-devel libGL-devel libGLU-devel +%define x_deps libICE-devel libSM-devel libXcursor-devel libXext-devel libXfixes-devel libXft-devel libXi-devel libXinerama-devel libXrandr-devel libXrender-devel libXt-devel libX11-devel xorg-x11-proto-devel libGL-devel libGLU-devel BuildRequires: %{x_deps} +%if "%{?nas}" != "-no-nas-sound" +BuildRequires: nas-devel +%endif + %if "%{?mysql}" != "-no-sql-mysql" BuildRequires: mysql-devel >= 4.0 %endif @@ -226,7 +233,6 @@ Obsoletes: qgtkstyle < 0.1 Provides: qgtkstyle = 0.1-1 Obsoletes: qt4-config < 4.5.0 Provides: qt4-config = %{version}-%{release} -Requires: ca-certificates %description Qt is a software toolkit for developing applications. @@ -283,6 +289,12 @@ Provides: qt4-phonon-devel = %{version}-%{release} Obsoletes: phonon-devel < 4.3.1-100 Provides: phonon-devel = %{phonon_version}-%{phonon_release} %endif +%if 0%{?webkit:1} +Obsoletes: WebKit-qt-devel < 1.0.0-1 +Provides: WebKit-qt-devel = 1.0.0-1 +Provides: qt4-webkit-devel = %{version}-%{release} +Provides: qt4-webkit-devel%{?_isa} = %{version}-%{release} +%endif Obsoletes: qt4-designer < %{version}-%{release} Provides: qt4-designer = %{version}-%{release} # as long as libQtUiTools.a is included @@ -291,6 +303,8 @@ Obsoletes: qt4-devel < %{version}-%{release} Provides: qt4-devel = %{version}-%{release} %{?_isa:Provides: qt4-devel%{?_isa} = %{version}-%{release}} Provides: qt4-static = %{version}-%{release} +Provides: qt-assistant-adp-devel = %{version}-0.%{release} +%{?_isa:Provides: qt-assistant-adp-devel%{?_isa} = %{version}-0.%{release}} %description devel This package contains the files necessary to develop @@ -372,36 +386,6 @@ Provides: qt4-tds = %{version}-%{release} %description tds %{summary}. -%if 0%{?webkit:1} -%package webkit -Summary: Qt WebKit library -Group: System Environment/Libraries -Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} -Provides: qt4-webkit = %{version}-%{release} -Provides: qt4-webkit%{?_isa} = %{version}-%{release} -#Provides: QtWebKit = 1.0.0-1 -Obsoletes: WebKit-qt < 1.0.0-1 -Provides: WebKit-qt = 1.0.0-1 -%description webkit -%{summary}. - -%package webkit-devel -Summary: Development files for %{name}-webkit-devel -Group: System Environment/Libraries -# for upgrade path prior to -webkit splits -Obsoletes: qt-devel < 1:4.7.0-0.9 -Obsoletes: qt4-devel < 4.7.0-0.9 -Requires: %{name}-webkit%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} -Requires: %{name}-devel%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} -Provides: qt4-webkit-devel = %{version}-%{release} -Provides: qt4-webkit-devel%{?_isa} = %{version}-%{release} -#Provides: QtWebKit-devel = 1.0.0-1 -Obsoletes: WebKit-qt < 1.0.0-1 -Provides: WebKit-qt = 1.0.0-1 -%description webkit-devel -%{summary}. -%endif - %package x11 Summary: Qt GUI-related libraries Group: System Environment/Libraries @@ -414,6 +398,12 @@ Provides: phonon = %{phonon_version}-%{phonon_release} Provides: phonon%{?_isa} = %{phonon_version}-%{phonon_release} Provides: qt4-phonon = %{version}-%{release} %endif +%if 0%{?webkit:1} +Obsoletes: WebKit-qt < 1.0.0-1 +Provides: WebKit-qt = 1.0.0-1 +Provides: qt4-webkit = %{version}-%{release} +Provides: qt4-webkit%{?_isa} = %{version}-%{release} +%endif %if 0%{?sqlite:1} Requires: %{name}-sqlite%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} %endif @@ -422,6 +412,8 @@ Provides: %{name}-assistant = %{version}-%{release} Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: qt4-x11 < %{version}-%{release} Provides: qt4-x11 = %{version}-%{release} +Provides: qt-assistant-adp = %{version}-0.%{release} +%{?_isa:Provides: qt-assistant-adp%{?_isa} = %{version}-0.%{release}} Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig @@ -432,41 +424,66 @@ Qt libraries used for drawing widgets and OpenGL items. %prep %setup -q -n qt-everywhere-opensource-src-%{version} -%patch15 -p1 -b .enable_ft_lcdfilter -#patch16 -p1 -b .kde4_plugins -%patch19 -p1 -b .phonon_servicesfile -%patch23 -p1 -b .glib_eventloop_nullcheck -%if 0%{?fedora} > 14 -%patch24 -p1 -b .webkit +# don't use -b on mkspec files, else they get installed too. +# multilib hacks no longer required +%patch2 -p1 +%if "%{_qt4_datadir}" != "%{_qt4_prefix}" +%patch3 -p1 -b .multilib-QMAKEPATH %endif +%patch4 -p1 -b .uic_multilib + +%patch5 -p1 -b .bz#437440-as_IN-437440 +%patch13 -p1 -b .gcc_hack +%patch15 -p1 -b .enable_ft_lcdfilter +%patch16 -p1 -b .kde4_plugins +%patch17 -p1 -b .phonon-pulseaudio +%patch19 -p1 -b .servicesfile +%patch21 -p1 -b .gst-pulsaudio +%patch22 -p1 -b .system_ca_certificates +%patch23 -p1 -b .glib_eventloop_nullcheck +%patch51 -p1 -b .qdoc3 ## TODO: still worth carrying? if so, upstream it. %patch53 -p1 -b .qatomic-inline-asm ## TODO: upstream me %patch54 -p1 -b .mysql_config %patch55 -p1 -b .cups-1 -%patch56 -p1 -b .s390x +%patch56 -p1 -b .typecast_s390x +%patch57 -p1 -b .typecast_sparc64 %patch58 -p1 -b .qtwebkit_pluginpath -%patch59 -p1 -b .bn-rendering-bz562049 -%patch60 -p1 -b .bn-rendering-bz562058 -%patch61 -p1 -b .indic-rendering-bz631732 -%patch62 -p1 -b .indic-rendering-bz636399 -%patch63 -p1 -b .bpp24 -%patch64 -p1 -b .QTBUG-14467 # upstream patches -%patch100 -p1 -b .ml_IN-rendering -%patch101 -p1 -b .qtextcursor-crash - -# kde-qt branch -%if 0%{?kde_qt} -%patch202 -p1 -b .kde-qt-0002 -%patch204 -p1 -b .kde-qt-0004 -%patch205 -p1 -b .kde-qt-0005 -%patch212 -p1 -b .kde-qt-0012 -%endif +%patch100 -p1 -b .qtwebkit_gtk_init +%patch101 -p1 -b .QTBUG-6185 # security fixes -%patch300 -p1 -b .CVE-2010-1822-crash-svg-image +%patch104 -p1 -b .cve-2010-0051-lax-css-parsing-cross-domain-theft +%patch106 -p1 -b .cve-2010-0656 +%patch108 -p1 -b .cve-2010-0648 +%patch109 -p1 -b .CVE-2010-1303_1304 +%patch110 -p1 -b .CVE-2010-1392 +%patch111 -p1 -b .CVE-2010-1396 +%patch112 -p1 -b .CVE-2010-1397 +%patch113 -p1 -b .CVE-2010-1398 +%patch114 -p1 -b .CVE-2010-1400 +%patch115 -p1 -b .CVE-2010-1412 +%patch116 -p1 -b .CVE-2010-1770 +%patch117 -p1 -b .CVE-2010-1773 +%patch118 -p1 -b .CVE-2010-1774 +%patch119 -p1 -b .CVE-2010-1119 +%patch120 -p1 -b .CVE-2010-1778 + + +# kde-qt branch +%patch201 -p1 -b .kde-qt-0001 +%patch202 -p1 -b .kde-qt-0002 +%patch203 -p1 -b .kde-qt-0003 +%patch204 -p1 -b .kde-qt-0004 +%patch205 -p1 -b .kde-qt-0005 +%patch206 -p1 -b .kde-qt-0006 +%patch207 -p1 -b .kde-qt-0007 +%patch212 -p1 -b .kde-qt-0012 +%patch217 -p1 -b .QT_GRAPHICSSYSTEM +%patch218 -p1 -b .QTBUG-9793 # drop -fexceptions from $RPM_OPT_FLAGS RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'` @@ -483,13 +500,6 @@ RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'` %define platform linux-g++ %endif -# multilib hacks -# multilib hacks no longer required -%patch2 -p1 -b .multilib -# drop backup file(s), else they get installed too, http://bugzilla.redhat.com/639463 -rm -fv mkspecs/linux-g++*/qmake.conf.multilib -%patch4 -p1 -b .uic_multilib - sed -i \ -e "s|-O2|$RPM_OPT_FLAGS|g" \ -e "s|g++.conf|g++-multilib.conf|g" mkspecs/%{platform}/qmake.conf @@ -497,6 +507,13 @@ sed -i \ sed -e "s|^QMAKE_CFLAGS_RELEASE|#QMAKE_CFLAGS_RELEASE|g" \ mkspecs/common/g++.conf > mkspecs/common/g++-multilib.conf +## FIXME, http://bugzilla.redhat.com/230224 +# On the surface, looks like a good idea to strip -I/usr/include, -L/usr/lib, +# but it turns out qmake-consuming apps expect/use QMAKE_INCDIR_QT directly +# (e.g. PyQt4, texmaker), and don't cope with null values +#if "%{_qt4_headerdir}" == "%{_includedir}" +#sed -i -e "s|^QMAKE_INCDIR_QT.*=.*|QMAKE_INCDIR_QT =|" mkspecs/common/linux.conf +#endif %if "%{_qt4_libdir}" == "%{_libdir}" sed -i -e "s|^QMAKE_LIBDIR_QT.*=.*|QMAKE_LIBDIR_QT =|" mkspecs/common/linux.conf %endif @@ -510,17 +527,8 @@ if [ "%{_lib}" == "lib64" ] ; then sed -i -e "s,/lib /usr/lib,/%{_lib} /usr/%{_lib},g" config.tests/{unix,x11}/*.test fi -# let makefile create missing .qm files, the .qm files should be included in qt upstream -for f in translations/*.ts ; do - touch ${f%.ts}.qm -done - - %build -# add '-importdir %{_qt4_importdir}' when it works, right now fails with: -# %{_qt4_importdir} unknown argument - # build shared, threaded (default) libraries ./configure -v \ -confirm-license \ @@ -551,7 +559,7 @@ done %{?phonon} %{!?phonon:-no-phonon} \ %{?phonon_backend} \ %{?no_pch} \ - %{?no_javascript_jit} \ + -no-javascript-jit \ -sm \ -stl \ -system-libmng \ @@ -572,6 +580,7 @@ done -xmlpatterns \ %{?dbus} %{!?dbus:-no-dbus} \ %{?webkit} %{!?webkit:-no-webkit } \ + %{?nas} \ %{?mysql} \ %{?psql} \ %{?odbc} \ @@ -583,9 +592,6 @@ done make %{?_smp_mflags} -# recreate .qm files -LD_LIBRARY_PATH=`pwd`/lib bin/lrelease translations/*.ts - %install rm -rf %{buildroot} @@ -600,37 +606,38 @@ desktop-file-install \ ## pkg-config # strip extraneous dirs/libraries +# FIXME?: qt-4.5 seems to use Libs.private properly, so this hackery should +# no longer be required -- Rex # safe ones glib2_libs=$(pkg-config --libs glib-2.0 gobject-2.0 gthread-2.0) ssl_libs=$(pkg-config --libs openssl) for dep in \ -laudio -ldbus-1 -lfreetype -lfontconfig ${glib2_libs} \ - -ljpeg -lm -lmng -lpng -lpulse -lpulse-mainloop-glib ${ssl_libs} -lsqlite3 -lz \ - -L/usr/X11R6/lib -L/usr/X11R6/%{_lib} -L%{_libdir} ; do - sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/lib*.la -# sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc + -ljpeg -lm -lmng -lpng ${ssl_libs} -lsqlite3 -lz \ + -L/usr/X11R6/%{_lib} -L%{_libdir} ; do + sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/lib*.la ||: + sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/*.prl done # riskier -for dep in -ldl -lphonon -lpthread -lICE -lSM -lX11 -lXcursor -lXext -lXfixes -lXft -lXinerama -lXi -lXrandr -lXrender -lXt ; do - sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/lib*.la -# sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc +for dep in -lXrender -lXrandr -lXcursor -lXfixes -lXinerama -lXi -lXft -lXt -lXext -lX11 -lSM -lICE -ldl -lpthread ; do + sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/lib*.la ||: + sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc sed -i -e "s|$dep ||g" %{buildroot}%{_qt4_libdir}/*.prl done # nuke dangling reference(s) to %buildroot sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" %{buildroot}%{_qt4_libdir}/*.prl -sed -i -e "s|-L%{_builddir}/qt-everywhere-opensource-src-%{version}%{?pre:-%{pre}}/lib||g" \ - %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc \ - %{buildroot}%{_qt4_libdir}/*.prl +sed -i -e "s|-L%{_builddir}/qt-everywhere-opensource-src-%{version}/lib||g" \ + %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc # nuke QMAKE_PRL_LIBS, seems similar to static linking and .la files (#520323) -# don't nuke, just drop -lphonon (above) -#sed -i -e "s|^QMAKE_PRL_LIBS|#QMAKE_PRL_LIBS|" %{buildroot}%{_qt4_libdir}/*.prl +sed -i -e "s|^QMAKE_PRL_LIBS|#QMAKE_PRL_LIBS|" %{buildroot}%{_qt4_libdir}/*.prl # .la files, die, die, die. rm -f %{buildroot}%{_qt4_libdir}/lib*.la + %if 0 #if "%{_qt4_docdir}" != "%{_qt4_prefix}/doc" # -doc make symbolic link to _qt4_docdir @@ -719,9 +726,7 @@ demosdir=%{_qt4_demosdir} docdir=%{_qt4_docdir} examplesdir=%{_qt4_examplesdir} headerdir=%{_qt4_headerdir} -importdir=%{_qt4_importdir} libdir=%{_qt4_libdir} -moc=%{_qt4_bindir}/moc plugindir=%{_qt4_plugindir} qmake=%{_qt4_bindir}/qmake sysconfdir=%{_qt4_sysconfdir} @@ -736,7 +741,7 @@ EOF mkdir -p %{buildroot}%{_sysconfdir}/rpm cat >%{buildroot}%{_sysconfdir}/rpm/macros.qt4<%{buildroot}%{_sysconfdir}/rpm/macros.qt4<qt-x11.lang +cat assistant.lang assistant_adp.lang qt_help.lang qtconfig.lang >qt-x11.lang %find_lang designer --with-qt --without-mo %find_lang linguist --with-qt --without-mo @@ -825,12 +830,6 @@ touch --no-create %{_datadir}/icons/hicolor ||: gtk-update-icon-cache -q %{_datadir}/icons/hicolor 2> /dev/null ||: fi -%if 0%{?webkit:1} -%post webkit -p /sbin/ldconfig - -%postun webkit -p /sbin/ldconfig -%endif - %post x11 /sbin/ldconfig touch --no-create %{_datadir}/icons/hicolor ||: @@ -908,8 +907,8 @@ fi %{_qt4_libdir}/libQtXml.so.4* %{_qt4_libdir}/libQtXmlPatterns.so.4* %dir %{_qt4_plugindir} -%dir %{_qt4_plugindir}/crypto/ %dir %{_qt4_plugindir}/sqldrivers/ +%dir %{_qt4_plugindir}/crypto/ %dir %{_qt4_translationdir}/ %if 0%{?demos} @@ -998,16 +997,6 @@ fi %{_datadir}/applications/*linguist.desktop %{_datadir}/icons/hicolor/*/apps/linguist* %{?docs:%{_qt4_docdir}/qch/linguist.qch} -%if 0%{?webkit:1} -%exclude %{_qt4_headerdir}/Qt/QtWebKit -%exclude %{_qt4_headerdir}/Qt/qgraphicswebview.h -%exclude %{_qt4_headerdir}/Qt/qweb*.h -%exclude %{_qt4_headerdir}/QtWebKit/ -%exclude %{_qt4_libdir}/libQtWebKit.prl -%exclude %{_qt4_libdir}/libQtWebKit.so -%exclude %{_qt4_libdir}/libQtWebKit_debug.so -%exclude %{_libdir}/pkgconfig/QtWebKit.pc -%endif %if 0%{?docs} %files doc @@ -1059,39 +1048,18 @@ fi %{_qt4_plugindir}/sqldrivers/libqsqltds* %endif -%if 0%{?webkit:1} -%files webkit -%defattr(-,root,root,-) -%{_qt4_libdir}/libQtWebKit.so.4* -%{_qt4_importdir}/QtWebKit/ -%{_qt4_plugindir}/designer/libqwebview.so - -%files webkit-devel -%defattr(-,root,root,-) -%{_qt4_headerdir}/Qt/QtWebKit -%{_qt4_headerdir}/Qt/qgraphicswebview.h -%{_qt4_headerdir}/Qt/qweb*.h -%{_qt4_headerdir}/QtWebKit/ -%{_qt4_libdir}/libQtWebKit.prl -%{_qt4_libdir}/libQtWebKit.so -%{_qt4_libdir}/libQtWebKit_debug.so -%{_libdir}/pkgconfig/QtWebKit.pc -%endif - %files x11 -f qt-x11.lang %defattr(-,root,root,-) %{_sysconfdir}/rpm/macros.* -%dir %{_qt4_importdir}/ -%{_qt4_importdir}/Qt/ %if 0%{?phonon_internal} %{_qt4_libdir}/libphonon.so.4* %dir %{_datadir}/kde4/services/phononbackends/ %{_datadir}/dbus-1/interfaces/org.kde.Phonon.AudioOutput.xml %endif %{_qt4_libdir}/libQt3Support.so.4* +%{_qt4_libdir}/libQtAssistantClient.so.4* %{_qt4_libdir}/libQtCLucene.so.4* %{_qt4_libdir}/libQtDesigner.so.4* -%{_qt4_libdir}/libQtDeclarative.so.4* %{_qt4_libdir}/libQtDesignerComponents.so.4* %{_qt4_libdir}/libQtGui.so.4* %{_qt4_libdir}/libQtHelp.so.4* @@ -1099,12 +1067,10 @@ fi %{_qt4_libdir}/libQtOpenGL.so.4* %{_qt4_libdir}/libQtScriptTools.so.4* %{_qt4_libdir}/libQtSvg.so.4* +%{?webkit:%{_qt4_libdir}/libQtWebKit.so.4*} %{_qt4_plugindir}/* %exclude %{_qt4_plugindir}/crypto %exclude %{_qt4_plugindir}/sqldrivers -%if 0%{?webkit:1} -%exclude %{_qt4_plugindir}/designer/libqwebview.so -%endif #if "%{?phonon_backend}" == "-phonon-backend" %if 0%{?phonon_backend_packaged} %exclude %{_qt4_plugindir}/phonon_backend/*_gstreamer.so @@ -1112,165 +1078,93 @@ fi %if "%{_qt4_bindir}" != "%{_bindir}" %{_bindir}/assistant* %{?dbus:%{_bindir}/qdbusviewer} -%{_bindir}/qmlviewer %{_bindir}/qt*config* %endif %{_qt4_bindir}/assistant* %{?dbus:%{_qt4_bindir}/qdbusviewer} -%{_qt4_bindir}/qmlviewer %{_qt4_bindir}/qt*config* %{_datadir}/applications/*qtconfig.desktop %{_datadir}/icons/hicolor/*/apps/qt4-logo.* %changelog -* Wed Dec 08 2010 Kevin Kofler 4.7.1-5 -- make the Assistant QtWebKit dependency removal (#660287) F15+ only for now -- fix QTextCursor crash in Lokalize and Psi (QTBUG-15857, kde#249373, #660028) -- add some more NULL checks to the glib_eventloop_nullcheck patch (#622164) - -* Mon Dec 06 2010 Than Ngo 4.7.1-4 -- bz#660287, using QTextBrowser in assistant to drop qtwebkit dependency - -* Tue Nov 23 2010 Rex Dieter - 4.7.1-3 -- Fails to create debug build of Qt projects on mingw (#653674, QTBUG-14467) - -* Mon Nov 22 2010 Than Ngo - 4.7.1-2 -- bz#528303, Reordering of Malayalam Rakar not working properly - -* Thu Nov 11 2010 Than Ngo - 4.7.1-1 -- 4.7.1 - -* Mon Oct 25 2010 Jaroslav Reznik - 4.7.0-8 -- QtWebKit, CVE-2010-1822: crash by processing certain SVG images (#640290) - -* Mon Oct 18 2010 Rex Dieter - 4.7.0-7 -- qt-devel contains residues from patch run (#639463) - -* Fri Oct 15 2010 Than Ngo - 4.7.0-6 -- apply patch to fix the color issue in 24bit mode (cirrus driver) - -* Thu Sep 30 2010 Rex Dieter - 4.7.0-5 +* Thu Sep 30 2010 Rex Dieter - 4.6.3-9 - Wrong Cursor when widget become native on X11 (QTBUG-6185) -* Mon Sep 27 2010 Than Ngo - 4.7.0-4 -- apply upstream patch to fix QTreeView-regression (QTBUG-13567) - -* Thu Sep 23 2010 Than Ngo - 4.7.0-3 -- fix typo in license - -* Thu Sep 23 2010 Than Ngo - 4.7.0-2 -- fix bz#562049, bn-IN Incorrect rendering -- fix bz#562058, bn_IN init feature is not applied properly -- fix bz#631732, indic invalid syllable's are not recognized properly -- fix bz#636399, oriya script open type features are not applied properly - -* Tue Sep 21 2010 Than Ngo - 4.7.0-1 -- 4.7.0 - -* Thu Sep 09 2010 Rex Dieter - 4.7.0-0.31.rc1 -- -webkit-devel: add missing %%defattr -- -webkit: move qml/webkit bits here - -* Wed Sep 08 2010 Rex Dieter - 4.7.0-0.30.rc1 -- Crash in drawPixmap in Qt 4.7rc1 (#631845, QTBUG-12826) - -* Mon Aug 30 2010 Than Ngo - 4.7.0-0.29.rc1 -- drop the patch, it's already fixed in upstream - -* Thu Aug 26 2010 Than Ngo - 4.7.0-0.28.rc1 -- 4.7.0 rc1 - -* Thu Jul 08 2010 Rex Dieter - 4.7.0-0.26.beta2 -- rebase patches, avoiding use of patch fuzz -- omit old qt-copy/kde-qt patches, pending review -- omit kde4_plugin patch -- ftbfs:s/qml/qmlviewer, libQtMediaServices no longer included - -* Thu Jul 08 2010 Rex Dieter - 4.7.0-0.25.beta2 -- 4.7.0-beta2 - -* Tue Jul 01 2010 Rex Dieter - 4.7.0-0.24.beta1 -- X11Embed broken (rh#609757, QTBUG-10809) - -* Tue Jul 01 2010 Kevin Kofler - 4.7.0-0.23.beta1 +* Tue Jul 01 2010 Kevin Kofler - 4.6.3-8 - use find_lang to package the qm files (#609749) - put the qm files into the correct subpackages - remove qvfb translations, we don't ship qvfb -* Tue Jun 29 2010 Rex Dieter - 4.6.3-7 - workaround glib_eventloop crasher induced by gdal/grass (bug #498111) -* Fri Jun 20 2010 Rex Dieter 4.7.0-0.20.beta1 +* Fri Jun 20 2010 Rex Dieter - 4.6.3-5 - avoid timestamps in uic-generated files to be multilib-friendly -* Fri Jun 18 2010 Rex Dieter 4.7.0-0.19.beta1 -- revert -no-javascript-jit change, false-alarm (#604003) +* Fri Jun 18 2010 Rex Dieter - 4.6.3-4 - QtWebKit does not search correct plugin path(s) (#568860) - QtWebKit browsers crash with flash-plugin (rh#605677,webkit#40567) -- drop qt-x11-opensource-src-4.5.0-gcc_hack.patch -* Wed Jun 16 2010 Rex Dieter 4.7.0-0.18.beta1 -- -no-javascript-jit on i686 (#604003) +* Tue Jun 15 2010 Jaroslav Reznik - 4.6.3-3 +- WebKit security update: + CVE-2010-1119, CVE-2010-1400, CVE-2010-1778 -* Wed Jun 16 2010 Karsten Hopp 4.7.0-0.17.beta1 -- add s390 and s390x to 3rdparty/webkit/JavaScriptCore/wtf/Platform.h and - 3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h +* Fri Jun 11 2010 Jaroslav Reznik - 4.6.3-2 +- WebKit security update: + CVE-2010-1303_1304, CVE-2010-1392, CVE-2010-1396, CVE-2010-1397, + CVE-2010-1398, CVE-2010-1412, CVE-2010-1770, + CVE-2010-1773, CVE-2010-1774 -* Fri Jun 11 2010 Rex Dieter - 4.7.0-0.16.beta1 -- scrub -lpulse-mainloop-glib from .prl files (#599844) -- scrub references to %%buildroot in .pc, .prl files +* Tue Jun 08 2010 Than Ngo - 4.6.3-1 +- 4.6.3 -* Thu May 27 2010 Rex Dieter - 4.7.0-0.15.beta1 +* Thu May 27 2010 Rex Dieter - 4.6.2-20 - Unsafe use of rand() in X11 (QTBUG-9793) -* Fri May 21 2010 Rex Dieter - 4.7.0-0.14.beta1 -- drop -no-javascript-jit (webkit#35154) +* Mon May 17 2010 Rex Dieter - 4.6.2-19 +- support QT_GRAPHICSSYSTEM env -* Mon May 17 2010 Rex Dieter - 4.7.0-0.13.beta1 -- QT_GRAPHICSSYSTEM env support +* Thu May 06 2010 Rex Dieter - 4.6.2-18 +- +Provides: qt4-webkit(-devel) -* Sun May 16 2010 Rex Dieter - 4.7.0-0.12.beta1 -- -webkit-devel: move Qt/qweb*.h here (#592680) +* Thu May 06 2010 Than Ngo - 4.6.2-17 +- bz#589169, fix multiple flaws in webkit + CVE-2010-0047, CVE-2010-0648, CVE-2010-0656 -* Fri May 07 2010 Rex Dieter - 4.7.0-0.11.beta1 -- -webkit-devel: Obsoletes: qt-devel ... (upgrade path) +* Thu Apr 29 2010 Kevin Kofler - 4.6.2-16 +- restore qt-everywhere-opensource-src-4.6.2-cups.patch (#586725) -* Thu May 06 2010 Rex Dieter - 4.7.0-0.10.beta1 -- -webkit-devel: Provides: qt4-webkit-devel , Requires: %%name-devel - -* Thu May 06 2010 Rex Dieter - 4.7.0-0.9.beta1 -- 4.7.0-beta1 -- -webkit-devel : it lives! brainz! - -* Fri Apr 30 2010 Rex Dieter - 4.7.0-0.8.tp -- prepping for separate QtWebKit(-2.0) -- -webkit subpkg, Provides: QtWebKit ... -- -devel: Provides: QtWebKit-devel ... -- TODO: -webkit-devel (and see what breaks) - -* Wed Apr 28 2010 Rex Dieter - 4.7.0-0.7.tp +* Wed Apr 28 2010 Rex Dieter - 4.6.2-15 - own %%{_qt4_plugindir}/crypto -* Sat Apr 03 2010 Kevin Kofler - 4.7.0-0.6.tp -- backport fix for QTBUG-9354 which breaks kdeutils build +* Thu Apr 15 2010 Than Ngo - 4.6.2-14 +- backport from 4.7 branch to get the printDialog to check + for default paperSize via CUPS, it replaces the patch + qt-everywhere-opensource-src-4.6.2-cups.patch -* Fri Apr 02 2010 Rex Dieter - 4.7.0-0.5.tp +* Tue Apr 06 2010 Than Ngo - 4.6.2-13 +- backport from 4.7 branch to fix s390(x) atomic ops crashes + +* Fri Apr 02 2010 Rex Dieter - 4.6.2-12 - Associate text/vnd.trolltech.linguist with linguist (#579082) -* Tue Mar 23 2010 Tom "spot" Callaway - 4.7.0-0.4.tp +* Tue Mar 23 2010 Tom "spot" Callaway - 4.6.2-11 - fix type cast issue on sparc64 +- drop "recreate .qm file", it's not needed anymore -* Sun Mar 21 2010 Kevin Kofler - 4.7.0-0.3.tp -- also strip -lpulse from .prl files (fixes PyQt4 QtMultimedia binding build) +* Tue Mar 23 2010 Than Ngo - 4.6.2-10 +- fix type cast issue on s390x -* Tue Mar 16 2010 Rex Dieter - 4.7.0-0.2.tp -- qt-4.7.0-tp -- macros.qt4 : +%%_qt4_importdir -- don't strip libs from pkgconfig files, Libs.private is now used properly -- add -lphonon to stripped libs instead of brutally hacking out - QMAKE_PRL_LIBS altogether (#520323) -- qt-assistant-adp packaged separately now, not included here +* Mon Mar 22 2010 Than Ngo - 4.6.2-9 +- backport patch to fix a crash when reparenting an item + in QGraphicsView, QTBUG-6932 +- drop dangling reference(s) to %%buildroot in *.pc + +* Wed Mar 17 2010 Jaroslav Reznik - 4.6.2-8 +- WebKit security update: + CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, + CVE-2010-0052, CVE-2010-0054 * Sat Mar 13 2010 Kevin Kofler - 4.6.2-7 - BR alsa-lib-devel (for QtMultimedia) diff --git a/sources b/sources index d3a73b7..b8d4ee3 100644 --- a/sources +++ b/sources @@ -7,4 +7,4 @@ d9f511e4b51983b4e10eb58b320416d5 hi128-app-qt4-logo.png 12db12c009b722a6dc141f78feb7e330 hi32-phonon-gstreamer.png 86c34a1b81d44980b1381f94ed6b7a23 hi48-phonon-gstreamer.png 153505c71ec021b0a3bd4b74f2492e93 hi64-phonon-gstreamer.png -6f88d96507c84e9fea5bf3a71ebeb6d7 qt-everywhere-opensource-src-4.7.1.tar.gz +5c69f16d452b0bb3d44bc3c10556c072 qt-everywhere-opensource-src-4.6.3.tar.gz