- WebKit security update: CVE-2010-1119, CVE-2010-1400, CVE-2010-1778
This commit is contained in:
parent
d4493eb02b
commit
ff19172b12
15
qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
Normal file
15
qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp 2010-06-15 13:11:55.974470742 +0200
|
||||
@@ -910,7 +910,10 @@ void Node::notifyLocalNodeListsAttribute
|
||||
if (!data->nodeLists())
|
||||
return;
|
||||
|
||||
- data->nodeLists()->invalidateCachesThatDependOnAttributes();
|
||||
+ if (!isAttributeNode())
|
||||
+ data->nodeLists()->invalidateCachesThatDependOnAttributes();
|
||||
+ else
|
||||
+ data->nodeLists()->invalidateCaches();
|
||||
|
||||
if (data->nodeLists()->isEmpty()) {
|
||||
data->clearNodeLists();
|
@ -1,11 +1,21 @@
|
||||
Pouze v qt-everywhere-opensource-src-4.6.3-CVE-2010-1400/src/3rdparty/webkit/WebCore: changeset_r54521.diff
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1400/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1400/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp 2010-06-10 21:43:55.916193363 +0200
|
||||
@@ -1684,6 +1684,15 @@
|
||||
if (repaintContainer == this)
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp 2010-06-15 13:55:36.853463455 +0200
|
||||
@@ -1611,7 +1611,7 @@ void RenderObject::styleWillChange(Style
|
||||
}
|
||||
}
|
||||
|
||||
-void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle*)
|
||||
+void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
|
||||
{
|
||||
if (s_affectsParentBlock)
|
||||
handleDynamicFloatPositionChange();
|
||||
@@ -1619,9 +1619,17 @@ void RenderObject::styleDidChange(StyleD
|
||||
if (!m_parent)
|
||||
return;
|
||||
|
||||
- if (diff == StyleDifferenceLayout)
|
||||
+ if (diff == StyleDifferenceLayout) {
|
||||
+ // If the object already needs layout, then setNeedsLayout won't do
|
||||
+ // any work. But if the containing block has changed, then we may need
|
||||
+ // to make the new containing blocks for layout. The change that can
|
||||
@ -14,7 +24,9 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/renderin
|
||||
+ if (m_needsLayout && oldStyle->position() != m_style->position())
|
||||
+ markContainingBlocksForLayout();
|
||||
+
|
||||
+
|
||||
RenderObject* o = parent();
|
||||
if (!o)
|
||||
return;
|
||||
setNeedsLayoutAndPrefWidthsRecalc();
|
||||
- else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
|
||||
+ } else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
|
||||
setNeedsPositionedMovementLayout();
|
||||
|
||||
// Don't check for repaint here; we need to wait until the layer has been
|
||||
|
29
qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
Normal file
29
qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
Normal file
@ -0,0 +1,29 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 2010-06-11 16:12:55.786338275 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-15 13:23:21.114401487 +0200
|
||||
@@ -1189,14 +1189,13 @@ void FrameView::scheduleRelayoutOfSubtre
|
||||
{
|
||||
ASSERT(m_frame->view() == this);
|
||||
|
||||
- if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer()
|
||||
- && m_frame->contentRenderer()->needsLayout())) {
|
||||
+ if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) {
|
||||
if (relayoutRoot)
|
||||
relayoutRoot->markContainingBlocksForLayout(false);
|
||||
return;
|
||||
}
|
||||
|
||||
- if (layoutPending()) {
|
||||
+ if (layoutPending() || !m_layoutSchedulingEnabled) {
|
||||
if (m_layoutRoot != relayoutRoot) {
|
||||
if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) {
|
||||
// Keep the current root
|
||||
@@ -1213,7 +1212,7 @@ void FrameView::scheduleRelayoutOfSubtre
|
||||
relayoutRoot->markContainingBlocksForLayout(false);
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
+ } else if (m_layoutSchedulingEnabled) {
|
||||
int delay = m_frame->document()->minimumLayoutDelay();
|
||||
m_layoutRoot = relayoutRoot;
|
||||
m_delayedLayout = delay != 0;
|
16
qt.spec
16
qt.spec
@ -13,7 +13,7 @@ Summary: Qt toolkit
|
||||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.6.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
@ -72,13 +72,13 @@ Patch110: qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
|
||||
Patch111: qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
|
||||
Patch112: qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
|
||||
Patch113: qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
|
||||
# oldStyle undefined in RenderObject::mapLocalToContainer
|
||||
# disable before backporting
|
||||
#Patch114: qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
|
||||
Patch114: qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
|
||||
Patch115: qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
|
||||
Patch116: qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
|
||||
Patch117: qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
|
||||
Patch118: qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
|
||||
Patch119: qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
|
||||
Patch120: qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
|
||||
|
||||
# kde-qt git patches
|
||||
Patch201: 0001-This-patch-uses-object-name-as-a-fallback-for-window.patch
|
||||
@ -445,11 +445,13 @@ Qt libraries used for drawing widgets and OpenGL items.
|
||||
%patch111 -p1 -b .CVE-2010-1396
|
||||
%patch112 -p1 -b .CVE-2010-1397
|
||||
%patch113 -p1 -b .CVE-2010-1398
|
||||
#patch114 -p1 -b .CVE-2010-1400
|
||||
%patch114 -p1 -b .CVE-2010-1400
|
||||
%patch115 -p1 -b .CVE-2010-1412
|
||||
%patch116 -p1 -b .CVE-2010-1770
|
||||
%patch117 -p1 -b .CVE-2010-1773
|
||||
%patch118 -p1 -b .CVE-2010-1774
|
||||
%patch119 -p1 -b .CVE-2010-1119
|
||||
%patch120 -p1 -b .CVE-2010-1778
|
||||
|
||||
|
||||
# kde-qt branch
|
||||
@ -1052,6 +1054,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jun 15 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-3
|
||||
- WebKit security update:
|
||||
CVE-2010-1119, CVE-2010-1400, CVE-2010-1778
|
||||
|
||||
* Fri Jun 11 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-2
|
||||
- WebKit security update:
|
||||
CVE-2010-1303_1304, CVE-2010-1392, CVE-2010-1396, CVE-2010-1397,
|
||||
|
Loading…
Reference in New Issue
Block a user