Compare commits
35 Commits
master
...
qt-4_6_3-7
Author | SHA1 | Date | |
---|---|---|---|
|
23e5d3403d | ||
|
88e1d8ad3b | ||
|
5b94692e82 | ||
|
b497f348d8 | ||
|
e41116100d | ||
|
37a14a7af7 | ||
|
ff19172b12 | ||
|
d4493eb02b | ||
|
6d30a55d1e | ||
|
a5dc781fae | ||
|
b1a96b675c | ||
|
3ff9572cc0 | ||
|
3ba68ba31d | ||
|
191adcf24d | ||
|
a98a335da7 | ||
|
2dd6c16d3f | ||
|
78ace5e701 | ||
|
337d119fff | ||
|
86310914dc | ||
|
0d65ddcb06 | ||
|
6727595b76 | ||
|
06fc35cad4 | ||
|
9d7ee9d964 | ||
|
84c5c7acb5 | ||
|
169f92e76c | ||
|
3823f1dd39 | ||
|
8f5227af15 | ||
|
1dbbcc5dd9 | ||
|
3eb1514284 | ||
|
a6c166354c | ||
|
5e46fbec61 | ||
|
0a8c1d0838 | ||
|
c951f25012 | ||
|
f8e9fb5f0f | ||
|
a133c7c902 |
@ -8,3 +8,4 @@ hi32-phonon-gstreamer.png
|
||||
hi48-phonon-gstreamer.png
|
||||
hi64-phonon-gstreamer.png
|
||||
qt-everywhere-opensource-src-4.6.2.tar.gz
|
||||
qt-everywhere-opensource-src-4.6.3.tar.gz
|
||||
|
44
0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch
Normal file
44
0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From 0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c Mon Sep 17 00:00:00 2001
|
||||
From: Bradley T. Hughes <bradley.hughes@nokia.com>
|
||||
Date: Tue, 4 May 2010 16:25:18 +0200
|
||||
Subject: [PATCH] Use qrand() instead of rand()
|
||||
|
||||
This only affects X11 code, and are the only 2 places in Qt where rand() is
|
||||
used instead of qrand().
|
||||
|
||||
Task-number: QTBUG-9793
|
||||
Reviewed-by: TrustMe
|
||||
---
|
||||
src/gui/kernel/qwidget_x11.cpp | 2 +-
|
||||
src/gui/painting/qpaintengine_x11.cpp | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp
|
||||
index 37ac6bf..43f510c 100644
|
||||
--- a/src/gui/kernel/qwidget_x11.cpp
|
||||
+++ b/src/gui/kernel/qwidget_x11.cpp
|
||||
@@ -3000,7 +3000,7 @@ Picture QX11Data::getSolidFill(int screen, const QColor &c)
|
||||
return X11->solid_fills[i].picture;
|
||||
}
|
||||
// none found, replace one
|
||||
- int i = rand() % 16;
|
||||
+ int i = qrand() % 16;
|
||||
|
||||
if (X11->solid_fills[i].screen != screen && X11->solid_fills[i].picture) {
|
||||
XRenderFreePicture (X11->display, X11->solid_fills[i].picture);
|
||||
diff --git a/src/gui/painting/qpaintengine_x11.cpp b/src/gui/painting/qpaintengine_x11.cpp
|
||||
index da48fcb..aef8b80 100644
|
||||
--- a/src/gui/painting/qpaintengine_x11.cpp
|
||||
+++ b/src/gui/painting/qpaintengine_x11.cpp
|
||||
@@ -315,7 +315,7 @@ static Picture getPatternFill(int screen, const QBrush &b)
|
||||
return X11->pattern_fills[i].picture;
|
||||
}
|
||||
// none found, replace one
|
||||
- int i = rand() % 16;
|
||||
+ int i = qrand() % 16;
|
||||
|
||||
if (X11->pattern_fills[i].screen != screen && X11->pattern_fills[i].picture) {
|
||||
XRenderFreePicture (X11->display, X11->pattern_fills[i].picture);
|
||||
--
|
||||
1.6.1
|
||||
|
28
55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
Normal file
28
55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 55ef01d93f8257b5927660290fc1ead0b2b74ec9 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Hartmetz <ahartmetz@gmail.com>
|
||||
Date: Thu, 18 Mar 2010 02:41:14 +0100
|
||||
Subject: [PATCH] Add environment variable switch for graphicssystem so distros and
|
||||
non-developers can more easily pick a different default.
|
||||
|
||||
---
|
||||
src/gui/kernel/qapplication.cpp | 4 ++++
|
||||
1 files changed, 4 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/gui/kernel/qapplication.cpp b/src/gui/kernel/qapplication.cpp
|
||||
index 49713cf..af83047 100644
|
||||
--- a/src/gui/kernel/qapplication.cpp
|
||||
+++ b/src/gui/kernel/qapplication.cpp
|
||||
@@ -763,6 +763,10 @@ void QApplicationPrivate::construct(
|
||||
|
||||
qt_is_gui_used = (qt_appType != QApplication::Tty);
|
||||
process_cmdline();
|
||||
+ // the environment variable has the lowest precedence of runtime graphicssystem switches
|
||||
+ if (graphics_system_name.isEmpty()) {
|
||||
+ graphics_system_name = QString::fromLocal8Bit(qgetenv("QT_GRAPHICSSYSTEM"));
|
||||
+ }
|
||||
// Must be called before initialize()
|
||||
qt_init(this, qt_appType
|
||||
#ifdef Q_WS_X11
|
||||
--
|
||||
1.6.1
|
||||
|
@ -3,7 +3,7 @@ Name=Qt4 Linguist
|
||||
Comment=Add translations to Qt4 applications
|
||||
Exec=linguist-qt4
|
||||
Icon=linguist
|
||||
MimeType=application/x-linguist;
|
||||
MimeType=text/vnd.trolltech.linguist;application/x-linguist;
|
||||
Terminal=false
|
||||
Encoding=UTF-8
|
||||
Type=Application
|
||||
|
@ -1,60 +0,0 @@
|
||||
--- qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Threading.h.orig 2009-03-15 00:21:08.000000000 -0500
|
||||
+++ qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Threading.h 2009-03-15 00:22:38.000000000 -0500
|
||||
@@ -196,14 +196,14 @@
|
||||
#elif COMPILER(GCC)
|
||||
#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
|
||||
|
||||
-inline void atomicIncrement(int volatile* addend) { __gnu_cxx::__atomic_add(addend, 1); }
|
||||
-inline int atomicDecrement(int volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, -1) - 1; }
|
||||
+inline void atomicIncrement(_Atomic_word volatile* addend) { __gnu_cxx::__atomic_add(addend, 1); }
|
||||
+inline _Atomic_word atomicDecrement(_Atomic_word volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, -1) - 1; }
|
||||
|
||||
#endif
|
||||
|
||||
template<class T> class ThreadSafeShared : Noncopyable {
|
||||
public:
|
||||
- ThreadSafeShared(int initialRefCount = 1)
|
||||
+ ThreadSafeShared(_Atomic_word initialRefCount = 1)
|
||||
: m_refCount(initialRefCount)
|
||||
{
|
||||
}
|
||||
@@ -237,16 +237,16 @@
|
||||
return refCount() == 1;
|
||||
}
|
||||
|
||||
- int refCount() const
|
||||
+ _Atomic_word refCount() const
|
||||
{
|
||||
#if !USE(LOCKFREE_THREADSAFESHARED)
|
||||
MutexLocker locker(m_mutex);
|
||||
#endif
|
||||
- return static_cast<int const volatile &>(m_refCount);
|
||||
+ return static_cast<_Atomic_word const volatile &>(m_refCount);
|
||||
}
|
||||
|
||||
private:
|
||||
- int m_refCount;
|
||||
+ _Atomic_word m_refCount;
|
||||
#if !USE(LOCKFREE_THREADSAFESHARED)
|
||||
mutable Mutex m_mutex;
|
||||
#endif
|
||||
--- qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.orig 2009-03-15 00:21:37.000000000 -0500
|
||||
+++ qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2009-03-15 00:22:38.000000000 -0500
|
||||
@@ -214,9 +214,16 @@
|
||||
#endif
|
||||
|
||||
/* PLATFORM(SPARC64) */
|
||||
-#if defined(__sparc64__)
|
||||
+#if defined(__sparc64__) \
|
||||
+ || defined(__sparc__) && defined(_arch64__)
|
||||
#define WTF_PLATFORM_SPARC64 1
|
||||
#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||
+#else
|
||||
+/* PLATFORM(SPARC) */
|
||||
+#if defined(__sparc__)
|
||||
+#define WTF_PLATFORM_SPARC 1
|
||||
+#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||
+#endif
|
||||
#endif
|
||||
|
||||
/* PLATFORM(WIN_CE) && PLATFORM(QT)
|
@ -1,92 +0,0 @@
|
||||
diff --git a/src/gui/dialogs/qprintdialog_unix.cpp b/src/gui/dialogs/qprintdialog_unix.cpp
|
||||
index 23f5831..f34277a 100644
|
||||
--- a/src/gui/dialogs/qprintdialog_unix.cpp
|
||||
+++ b/src/gui/dialogs/qprintdialog_unix.cpp
|
||||
@@ -569,6 +569,34 @@ void QPrintDialogPrivate::setTabs(const QList<QWidget*> &tabWidgets)
|
||||
void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups)
|
||||
{
|
||||
options.duplex->setEnabled(cups && cups->ppdOption("Duplex"));
|
||||
+
|
||||
+ if(cups)
|
||||
+ {
|
||||
+ const ppd_option_t* duplex = cups->ppdOption("Duplex");
|
||||
+ if( duplex )
|
||||
+ {
|
||||
+ // copy default ppd duplex to qt dialog
|
||||
+ if( qstrcmp(duplex->defchoice, "DuplexTumble") == 0 )
|
||||
+ options.duplexShort->setChecked(true);
|
||||
+ else if ( qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0 )
|
||||
+ options.duplexLong->setChecked(true);
|
||||
+ else
|
||||
+ options.noDuplex->setChecked(true);
|
||||
+ }
|
||||
+
|
||||
+ // set default color
|
||||
+ if( cups->currentPPD()->color_device )
|
||||
+ options.color->setChecked(true);
|
||||
+ else
|
||||
+ options.grayscale->setChecked(true);
|
||||
+
|
||||
+ // set collation
|
||||
+ const ppd_option_t *collate = cups->ppdOption("Collate");
|
||||
+ if( collate )
|
||||
+ {
|
||||
+ options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0);
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
|
||||
diff --git a/src/gui/painting/qprinter.cpp b/src/gui/painting/qprinter.cpp
|
||||
index 4d2b50a..c7ab1b3 100644
|
||||
--- a/src/gui/painting/qprinter.cpp
|
||||
+++ b/src/gui/painting/qprinter.cpp
|
||||
@@ -627,6 +627,48 @@ QPrinter::QPrinter(PrinterMode mode)
|
||||
&& d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) {
|
||||
setOutputFormat(QPrinter::PdfFormat);
|
||||
}
|
||||
+
|
||||
+#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY)
|
||||
+ // fill in defaults from ppd file
|
||||
+ QCUPSSupport cups;
|
||||
+
|
||||
+ int printernum = -1;
|
||||
+ for(int i = 0; i < cups.availablePrintersCount(); i++)
|
||||
+ {
|
||||
+ if( printerName().toLocal8Bit() == cups.availablePrinters()[i].name )
|
||||
+ printernum = i;
|
||||
+ }
|
||||
+ if( printernum >= 0 )
|
||||
+ {
|
||||
+ cups.setCurrentPrinter(printernum);
|
||||
+
|
||||
+ const ppd_option_t* duplex = cups.ppdOption("Duplex");
|
||||
+ if( duplex )
|
||||
+ {
|
||||
+ // copy default ppd duplex to qt dialog
|
||||
+ if( qstrcmp(duplex->defchoice, "DuplexTumble") == 0 )
|
||||
+ setDuplex(DuplexShortSide);
|
||||
+ else if ( qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0 )
|
||||
+ setDuplex(DuplexLongSide);
|
||||
+ else
|
||||
+ setDuplex(DuplexNone);
|
||||
+ }
|
||||
+
|
||||
+ // set default color
|
||||
+ if( cups.currentPPD()->color_device )
|
||||
+ setColorMode(Color);
|
||||
+ else
|
||||
+ setColorMode(GrayScale);
|
||||
+
|
||||
+ // set collation
|
||||
+ const ppd_option_t *collate = cups.ppdOption("Collate");
|
||||
+ if( collate )
|
||||
+ {
|
||||
+ setCollateCopies(qstrcmp(collate->defchoice, "True")==0);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
}
|
||||
|
||||
/*!
|
84
qt-everywhere-opensource-src-4.6.2-cups.patch
Normal file
84
qt-everywhere-opensource-src-4.6.2-cups.patch
Normal file
@ -0,0 +1,84 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-11 16:55:22.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-28 04:34:16.000000000 +0100
|
||||
@@ -569,6 +569,32 @@
|
||||
void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups)
|
||||
{
|
||||
options.duplex->setEnabled(cups && cups->ppdOption("Duplex"));
|
||||
+
|
||||
+ if (cups) {
|
||||
+ const ppd_option_t* duplex = cups->ppdOption("Duplex");
|
||||
+ if (duplex) {
|
||||
+ // copy default ppd duplex to qt dialog
|
||||
+ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0)
|
||||
+ options.duplexShort->setChecked(true);
|
||||
+ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0)
|
||||
+ options.duplexLong->setChecked(true);
|
||||
+ else
|
||||
+ options.noDuplex->setChecked(true);
|
||||
+ }
|
||||
+
|
||||
+ if (cups->currentPPD()) {
|
||||
+ // set default color
|
||||
+ if (cups->currentPPD()->color_device)
|
||||
+ options.color->setChecked(true);
|
||||
+ else
|
||||
+ options.grayscale->setChecked(true);
|
||||
+ }
|
||||
+
|
||||
+ // set collation
|
||||
+ const ppd_option_t *collate = cups->ppdOption("Collate");
|
||||
+ if (collate)
|
||||
+ options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0);
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp 2010-02-11 16:55:22.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp 2010-02-28 04:55:15.000000000 +0100
|
||||
@@ -627,6 +627,44 @@
|
||||
&& d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) {
|
||||
setOutputFormat(QPrinter::PdfFormat);
|
||||
}
|
||||
+
|
||||
+#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY)
|
||||
+ // fill in defaults from ppd file
|
||||
+ QCUPSSupport cups;
|
||||
+
|
||||
+ int printernum = -1;
|
||||
+ for (int i = 0; i < cups.availablePrintersCount(); i++) {
|
||||
+ if (printerName().toLocal8Bit() == cups.availablePrinters()[i].name)
|
||||
+ printernum = i;
|
||||
+ }
|
||||
+ if (printernum >= 0) {
|
||||
+ cups.setCurrentPrinter(printernum);
|
||||
+
|
||||
+ const ppd_option_t* duplex = cups.ppdOption("Duplex");
|
||||
+ if (duplex) {
|
||||
+ // copy default ppd duplex to qt dialog
|
||||
+ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0)
|
||||
+ setDuplex(DuplexShortSide);
|
||||
+ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0)
|
||||
+ setDuplex(DuplexLongSide);
|
||||
+ else
|
||||
+ setDuplex(DuplexNone);
|
||||
+ }
|
||||
+
|
||||
+ if (cups.currentPPD()) {
|
||||
+ // set default color
|
||||
+ if (cups.currentPPD()->color_device)
|
||||
+ setColorMode(Color);
|
||||
+ else
|
||||
+ setColorMode(GrayScale);
|
||||
+ }
|
||||
+
|
||||
+ // set collation
|
||||
+ const ppd_option_t *collate = cups.ppdOption("Collate");
|
||||
+ if (collate)
|
||||
+ setCollateCopies(qstrcmp(collate->defchoice, "True")==0);
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
|
||||
/*!
|
@ -0,0 +1,267 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y 2010-02-25 17:07:29.114742034 +0100
|
||||
@@ -416,7 +416,9 @@ valid_rule:
|
||||
;
|
||||
|
||||
rule:
|
||||
- valid_rule
|
||||
+ valid_rule {
|
||||
+ static_cast<CSSParser*>(parser)->m_hadSyntacticallyValidCSSRule = true;
|
||||
+ }
|
||||
| invalid_rule
|
||||
| invalid_at
|
||||
| invalid_import
|
||||
@@ -1517,8 +1519,12 @@ invalid_rule:
|
||||
;
|
||||
|
||||
invalid_block:
|
||||
- '{' error invalid_block_list error closing_brace
|
||||
- | '{' error closing_brace
|
||||
+ '{' error invalid_block_list error closing_brace {
|
||||
+ static_cast<CSSParser*>(parser)->invalidBlockHit();
|
||||
+ }
|
||||
+ | '{' error closing_brace {
|
||||
+ static_cast<CSSParser*>(parser)->invalidBlockHit();
|
||||
+ }
|
||||
;
|
||||
|
||||
invalid_block_list:
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp 2010-02-25 17:13:34.292803953 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "CachedCSSStyleSheet.h"
|
||||
#include "DocLoader.h"
|
||||
#include "Document.h"
|
||||
+#include "SecurityOrigin.h"
|
||||
#include "MediaList.h"
|
||||
#include "Settings.h"
|
||||
#include <wtf/StdLibExtras.h>
|
||||
@@ -60,11 +61,21 @@ void CSSImportRule::setCSSStyleSheet(con
|
||||
m_styleSheet->setParent(0);
|
||||
m_styleSheet = CSSStyleSheet::create(this, url, charset);
|
||||
|
||||
+ bool crossOriginCSS = false;
|
||||
+ bool validMIMEType = false;
|
||||
CSSStyleSheet* parent = parentStyleSheet();
|
||||
bool strict = !parent || parent->useStrictParsing();
|
||||
- String sheetText = sheet->sheetText(strict);
|
||||
+ bool enforceMIMEType = strict;
|
||||
+
|
||||
+ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
|
||||
m_styleSheet->parseString(sheetText, strict);
|
||||
|
||||
+ if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
|
||||
+ crossOriginCSS = true;
|
||||
+
|
||||
+ if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader())
|
||||
+ m_styleSheet = CSSStyleSheet::create(this, url, charset);
|
||||
+
|
||||
if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) {
|
||||
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
|
||||
DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-25 17:07:29.101741771 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp 2010-02-25 17:07:29.117741744 +0100
|
||||
@@ -139,6 +139,7 @@ CSSParser::CSSParser(bool strictParsing)
|
||||
, m_currentShorthand(0)
|
||||
, m_implicitShorthand(false)
|
||||
, m_hasFontFaceOnlyValues(false)
|
||||
+ , m_hadSyntacticallyValidCSSRule(false)
|
||||
, m_defaultNamespace(starAtom)
|
||||
, m_data(0)
|
||||
, yy_start(1)
|
||||
@@ -5175,6 +5176,12 @@ WebKitCSSKeyframeRule* CSSParser::create
|
||||
return keyframePtr;
|
||||
}
|
||||
|
||||
+void CSSParser::invalidBlockHit()
|
||||
+{
|
||||
+ if (m_styleSheet && !m_hadSyntacticallyValidCSSRule)
|
||||
+ m_styleSheet->setHasSyntacticallyValidCSSHeader(false);
|
||||
+}
|
||||
+
|
||||
static int cssPropertyID(const UChar* propertyName, unsigned length)
|
||||
{
|
||||
if (!length)
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h 2010-02-25 17:07:29.117741744 +0100
|
||||
@@ -191,6 +191,7 @@ namespace WebCore {
|
||||
bool addVariableDeclarationBlock(const CSSParserString&);
|
||||
bool checkForVariables(CSSParserValueList*);
|
||||
void addUnresolvedProperty(int propId, bool important);
|
||||
+ void invalidBlockHit();
|
||||
|
||||
Vector<CSSSelector*>* reusableSelectorVector() { return &m_reusableSelectorVector; }
|
||||
|
||||
@@ -212,6 +213,7 @@ namespace WebCore {
|
||||
bool m_implicitShorthand;
|
||||
|
||||
bool m_hasFontFaceOnlyValues;
|
||||
+ bool m_hadSyntacticallyValidCSSRule;
|
||||
|
||||
Vector<String> m_variableNames;
|
||||
Vector<RefPtr<CSSValue> > m_variableValues;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp 2010-02-25 17:07:29.118741824 +0100
|
||||
@@ -41,6 +41,7 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe
|
||||
, m_loadCompleted(false)
|
||||
, m_strictParsing(!parentSheet || parentSheet->useStrictParsing())
|
||||
, m_isUserStyleSheet(parentSheet ? parentSheet->isUserStyleSheet() : false)
|
||||
+ , m_hasSyntacticallyValidCSSHeader(true)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -52,6 +53,7 @@ CSSStyleSheet::CSSStyleSheet(Node* paren
|
||||
, m_loadCompleted(false)
|
||||
, m_strictParsing(false)
|
||||
, m_isUserStyleSheet(false)
|
||||
+ , m_hasSyntacticallyValidCSSHeader(true)
|
||||
{
|
||||
}
|
||||
|
||||
@@ -61,6 +63,7 @@ CSSStyleSheet::CSSStyleSheet(CSSRule* ow
|
||||
, m_charset(charset)
|
||||
, m_loadCompleted(false)
|
||||
, m_strictParsing(!ownerRule || ownerRule->useStrictParsing())
|
||||
+ , m_hasSyntacticallyValidCSSHeader(true)
|
||||
{
|
||||
CSSStyleSheet* parentSheet = ownerRule ? ownerRule->parentStyleSheet() : 0;
|
||||
m_doc = parentSheet ? parentSheet->doc() : 0;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h 2010-02-25 17:07:29.118741824 +0100
|
||||
@@ -95,6 +95,8 @@ public:
|
||||
|
||||
void setIsUserStyleSheet(bool b) { m_isUserStyleSheet = b; }
|
||||
bool isUserStyleSheet() const { return m_isUserStyleSheet; }
|
||||
+ void setHasSyntacticallyValidCSSHeader(bool b) { m_hasSyntacticallyValidCSSHeader = b; }
|
||||
+ bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; }
|
||||
|
||||
private:
|
||||
CSSStyleSheet(Node* ownerNode, const String& href, const String& charset);
|
||||
@@ -110,6 +112,7 @@ private:
|
||||
bool m_loadCompleted : 1;
|
||||
bool m_strictParsing : 1;
|
||||
bool m_isUserStyleSheet : 1;
|
||||
+ bool m_hasSyntacticallyValidCSSHeader : 1;
|
||||
};
|
||||
|
||||
} // namespace
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp 2010-02-25 17:07:29.118741824 +0100
|
||||
@@ -203,7 +203,10 @@ void ProcessingInstruction::setCSSStyleS
|
||||
#endif
|
||||
RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, url, charset);
|
||||
m_sheet = newSheet;
|
||||
- parseStyleSheet(sheet->sheetText());
|
||||
+ // We don't need the cross-origin security check here because we are
|
||||
+ // getting the sheet text in "strict" mode. This enforces a valid CSS MIME
|
||||
+ // type.
|
||||
+ parseStyleSheet(sheet->sheetText(true));
|
||||
newSheet->setTitle(m_title);
|
||||
newSheet->setMedia(MediaList::create(newSheet.get(), m_media));
|
||||
newSheet->setDisabled(m_alternate);
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp 2010-02-25 17:07:29.119741915 +0100
|
||||
@@ -260,14 +260,27 @@ void HTMLLinkElement::setCSSStyleSheet(c
|
||||
bool strictParsing = !document()->inCompatMode();
|
||||
bool enforceMIMEType = strictParsing;
|
||||
|
||||
+ bool crossOriginCSS = false;
|
||||
+ bool validMIMEType = false;
|
||||
// Check to see if we should enforce the MIME type of the CSS resource in strict mode.
|
||||
// Running in iWeb 2 is one example of where we don't want to - <rdar://problem/6099748>
|
||||
if (enforceMIMEType && document()->page() && !document()->page()->settings()->enforceCSSMIMETypeInStrictMode())
|
||||
enforceMIMEType = false;
|
||||
|
||||
- String sheetText = sheet->sheetText(enforceMIMEType);
|
||||
+ String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
|
||||
m_sheet->parseString(sheetText, strictParsing);
|
||||
|
||||
+ // If we're loading a stylesheet cross-origin, and the MIME type is not
|
||||
+ // standard, require the CSS to at least start with a syntactically
|
||||
+ // valid CSS rule.
|
||||
+ // This prevents an attacker playing games by injecting CSS strings into
|
||||
+ // HTML, XML, JSON, etc. etc.
|
||||
+ if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
|
||||
+ crossOriginCSS = true;
|
||||
+
|
||||
+ if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader())
|
||||
+ m_sheet = CSSStyleSheet::create(this, url, charset);
|
||||
+
|
||||
if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) {
|
||||
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
|
||||
DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp 2010-02-25 17:07:29.119741915 +0100
|
||||
@@ -71,11 +71,11 @@ String CachedCSSStyleSheet::encoding() c
|
||||
return m_decoder->encoding().name();
|
||||
}
|
||||
|
||||
-const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType) const
|
||||
+const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType, bool* hasValidMIMEType) const
|
||||
{
|
||||
ASSERT(!isPurgeable());
|
||||
|
||||
- if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType))
|
||||
+ if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType, hasValidMIMEType))
|
||||
return String();
|
||||
|
||||
if (!m_decodedSheetText.isNull())
|
||||
@@ -122,12 +122,12 @@ void CachedCSSStyleSheet::error()
|
||||
checkNotify();
|
||||
}
|
||||
|
||||
-bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType) const
|
||||
+bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const
|
||||
{
|
||||
if (errorOccurred())
|
||||
return false;
|
||||
|
||||
- if (!enforceMIMEType)
|
||||
+ if (!enforceMIMEType && !hasValidMIMEType)
|
||||
return true;
|
||||
|
||||
// This check exactly matches Firefox. Note that we grab the Content-Type
|
||||
@@ -138,7 +138,12 @@ bool CachedCSSStyleSheet::canUseSheet(bo
|
||||
// This code defaults to allowing the stylesheet for non-HTTP protocols so
|
||||
// folks can use standards mode for local HTML documents.
|
||||
String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField("Content-Type"));
|
||||
- return mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
|
||||
+ bool typeOK = mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
|
||||
+ if (hasValidMIMEType)
|
||||
+ *hasValidMIMEType = typeOK;
|
||||
+ if (!enforceMIMEType)
|
||||
+ return true;
|
||||
+ return typeOK;
|
||||
}
|
||||
|
||||
}
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h 2010-02-25 17:07:29.120741848 +0100
|
||||
@@ -40,7 +40,7 @@ namespace WebCore {
|
||||
CachedCSSStyleSheet(const String& URL, const String& charset);
|
||||
virtual ~CachedCSSStyleSheet();
|
||||
|
||||
- const String sheetText(bool enforceMIMEType = true) const;
|
||||
+ const String sheetText(bool enforceMIMEType = true, bool* hasValidMIMEType = 0) const;
|
||||
|
||||
virtual void didAddClient(CachedResourceClient*);
|
||||
|
||||
@@ -56,7 +56,7 @@ namespace WebCore {
|
||||
void checkNotify();
|
||||
|
||||
private:
|
||||
- bool canUseSheet(bool enforceMIMEType) const;
|
||||
+ bool canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const;
|
||||
|
||||
protected:
|
||||
RefPtr<TextResourceDecoder> m_decoder;
|
782
qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
Normal file
782
qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
Normal file
@ -0,0 +1,782 @@
|
||||
diff -U0 qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog 2010-05-03 15:55:37.703101680 +0200
|
||||
@@ -0,0 +1,90 @@
|
||||
+2010-01-20 Adam Barth <abarth@webkit.org>
|
||||
+
|
||||
+ Reviewed by Darin Adler.
|
||||
+
|
||||
+ Stylesheet href property shows redirected URL unlike other browsers
|
||||
+ https://bugs.webkit.org/show_bug.cgi?id=33683
|
||||
+
|
||||
+ Teach StyleSheet the difference between original and final URLs in
|
||||
+ redirect chains. Unfortunately, StyleSheet needs to know both of these
|
||||
+ URLs. The original URL is needed for the href property and the final
|
||||
+ URL is needed as the baseURL.
|
||||
+
|
||||
+ This change required touching a lot of lines of code because we need to
|
||||
+ plumb this information to the StyleSheet object. I audited all
|
||||
+ existing clients of href() and setHref() to see whether they wanted the
|
||||
+ original or final URLs. I then updated the clients (except the JS
|
||||
+ bindings themselves) to use the correct accessor.
|
||||
+
|
||||
+ Test: http/tests/security/stylesheet-href-redirect.html
|
||||
+
|
||||
+ * css/CSSImportRule.cpp:
|
||||
+ (WebCore::CSSImportRule::setCSSStyleSheet):
|
||||
+ (WebCore::CSSImportRule::insertedIntoParent):
|
||||
+ * css/CSSImportRule.h:
|
||||
+ * css/CSSStyleSheet.cpp:
|
||||
+ (WebCore::CSSStyleSheet::CSSStyleSheet):
|
||||
+ * css/CSSStyleSheet.h:
|
||||
+ (WebCore::CSSStyleSheet::create):
|
||||
+ (WebCore::CSSStyleSheet::createInline): Added a new constructor to deal
|
||||
+ with "inline" style sheets that don't have a distinct original and
|
||||
+ final URL.
|
||||
+ * css/StyleBase.cpp:
|
||||
+ (WebCore::StyleBase::baseURL): This code wants to use the final URL,
|
||||
+ not the original URL. Updated it to grab the baseURL directly.
|
||||
+ * css/StyleSheet.cpp:
|
||||
+ (WebCore::StyleSheet::StyleSheet):
|
||||
+ * css/StyleSheet.h:
|
||||
+ (WebCore::StyleSheet::href):
|
||||
+ (WebCore::StyleSheet::setBaseURL): This function really just updates
|
||||
+ the base URL of the style sheet, so I made it more explicit.
|
||||
+ (WebCore::StyleSheet::putativeBaseURL): We need an accessor for the
|
||||
+ base URL, but baseURL is already taken.
|
||||
+ * dom/Document.cpp:
|
||||
+ (WebCore::Document::updateBaseURL):
|
||||
+ (WebCore::Document::pageUserSheet):
|
||||
+ (WebCore::Document::pageGroupUserSheets):
|
||||
+ (WebCore::Document::elementSheet):
|
||||
+ (WebCore::Document::mappedElementSheet):
|
||||
+ * dom/ProcessingInstruction.cpp:
|
||||
+ (WebCore::ProcessingInstruction::checkStyleSheet):
|
||||
+ (WebCore::ProcessingInstruction::setCSSStyleSheet):
|
||||
+ (WebCore::ProcessingInstruction::setXSLStyleSheet):
|
||||
+ * dom/ProcessingInstruction.h:
|
||||
+ * dom/StyleElement.cpp:
|
||||
+ (WebCore::StyleElement::createSheet):
|
||||
+ * html/HTMLLinkElement.cpp:
|
||||
+ (WebCore::HTMLLinkElement::setCSSStyleSheet):
|
||||
+ * html/HTMLLinkElement.h:
|
||||
+ * loader/CachedCSSStyleSheet.cpp:
|
||||
+ (WebCore::CachedCSSStyleSheet::didAddClient):
|
||||
+ (WebCore::CachedCSSStyleSheet::checkNotify): This code now passes both
|
||||
+ the original and final URL into setCSSStyleSheet so that the style
|
||||
+ sheet can have both.
|
||||
+ * loader/CachedResourceClient.h:
|
||||
+ (WebCore::CachedResourceClient::setCSSStyleSheet):
|
||||
+ (WebCore::CachedResourceClient::setXSLStyleSheet):
|
||||
+ * loader/CachedXSLStyleSheet.cpp:
|
||||
+ (WebCore::CachedXSLStyleSheet::didAddClient):
|
||||
+ (WebCore::CachedXSLStyleSheet::checkNotify): I don't have any direct
|
||||
+ evidence that we need to change the XSLStyleSheet behavior, which is
|
||||
+ why I wasn't able to add a test for the behavior. However, the objects
|
||||
+ are parallel enough that it seemed like the right thing to do.
|
||||
+ * xml/XSLImportRule.cpp:
|
||||
+ (WebCore::XSLImportRule::setXSLStyleSheet):
|
||||
+ (WebCore::XSLImportRule::loadSheet):
|
||||
+ * xml/XSLImportRule.h:
|
||||
+ * xml/XSLStyleSheet.h:
|
||||
+ (WebCore::XSLStyleSheet::create):
|
||||
+ (WebCore::XSLStyleSheet::createEmbedded):
|
||||
+ * xml/XSLStyleSheetLibxslt.cpp:
|
||||
+ (WebCore::XSLStyleSheet::XSLStyleSheet):
|
||||
+ (WebCore::XSLStyleSheet::parseString):
|
||||
+ (WebCore::XSLStyleSheet::loadChildSheets):
|
||||
+ * xml/XSLStyleSheetQt.cpp:
|
||||
+ (WebCore::XSLStyleSheet::XSLStyleSheet):
|
||||
+ * xml/XSLTProcessorLibxslt.cpp:
|
||||
+ (WebCore::xsltStylesheetPointer):
|
||||
+ * xml/XSLTProcessorQt.cpp:
|
||||
+ (WebCore::XSLTProcessor::transformToString):
|
||||
+
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.652102626 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp 2010-05-03 16:49:14.631038884 +0200
|
||||
@@ -55,11 +55,11 @@ CSSImportRule::~CSSImportRule()
|
||||
m_cachedSheet->removeClient(this);
|
||||
}
|
||||
|
||||
-void CSSImportRule::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
+void CSSImportRule::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
{
|
||||
if (m_styleSheet)
|
||||
m_styleSheet->setParent(0);
|
||||
- m_styleSheet = CSSStyleSheet::create(this, url, charset);
|
||||
+ m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset);
|
||||
|
||||
bool crossOriginCSS = false;
|
||||
bool validMIMEType = false;
|
||||
@@ -70,17 +70,17 @@ void CSSImportRule::setCSSStyleSheet(con
|
||||
String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
|
||||
m_styleSheet->parseString(sheetText, strict);
|
||||
|
||||
- if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
|
||||
+ if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(baseURL))
|
||||
crossOriginCSS = true;
|
||||
|
||||
if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader())
|
||||
- m_styleSheet = CSSStyleSheet::create(this, url, charset);
|
||||
+ m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset);
|
||||
|
||||
if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) {
|
||||
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
|
||||
DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
|
||||
DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n"));
|
||||
- if (url.endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) {
|
||||
+ if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) {
|
||||
ASSERT(m_styleSheet->length() == 1);
|
||||
ExceptionCode ec;
|
||||
m_styleSheet->deleteRule(0, ec);
|
||||
@@ -109,15 +109,16 @@ void CSSImportRule::insertedIntoParent()
|
||||
return;
|
||||
|
||||
String absHref = m_strHref;
|
||||
- if (!parentSheet->href().isNull())
|
||||
+ if (!parentSheet->putativeBaseURL().isNull())
|
||||
// use parent styleheet's URL as the base URL
|
||||
- absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string();
|
||||
+ absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string();
|
||||
|
||||
// Check for a cycle in our import chain. If we encounter a stylesheet
|
||||
// in our parent chain with the same URL, then just bail.
|
||||
StyleBase* root = this;
|
||||
for (StyleBase* curr = parent(); curr; curr = curr->parent()) {
|
||||
- if (curr->isCSSStyleSheet() && absHref == static_cast<CSSStyleSheet*>(curr)->href())
|
||||
+ // FIXME: This is wrong if the putativeBaseURL was updated via document::updateBaseURL.
|
||||
+ if (curr->isCSSStyleSheet() && absHref == static_cast<CSSStyleSheet*>(curr)->putativeBaseURL().string())
|
||||
return;
|
||||
root = curr;
|
||||
}
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h 2010-05-03 15:55:37.740976769 +0200
|
||||
@@ -63,7 +63,7 @@ private:
|
||||
virtual unsigned short type() const { return IMPORT_RULE; }
|
||||
|
||||
// from CachedResourceClient
|
||||
- virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*);
|
||||
+ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*);
|
||||
|
||||
String m_strHref;
|
||||
RefPtr<MediaList> m_lstMedia;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.660977242 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp 2010-05-03 15:55:37.740976769 +0200
|
||||
@@ -33,8 +33,8 @@
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
-CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset)
|
||||
- : StyleSheet(parentSheet, href)
|
||||
+CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset)
|
||||
+ : StyleSheet(parentSheet, href, baseURL)
|
||||
, m_doc(parentSheet ? parentSheet->doc() : 0)
|
||||
, m_namespaces(0)
|
||||
, m_charset(charset)
|
||||
@@ -45,8 +45,8 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe
|
||||
{
|
||||
}
|
||||
|
||||
-CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const String& charset)
|
||||
- : StyleSheet(parentNode, href)
|
||||
+CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, const String& charset)
|
||||
+ : StyleSheet(parentNode, href, baseURL)
|
||||
, m_doc(parentNode->document())
|
||||
, m_namespaces(0)
|
||||
, m_charset(charset)
|
||||
@@ -57,8 +57,8 @@ CSSStyleSheet::CSSStyleSheet(Node* paren
|
||||
{
|
||||
}
|
||||
|
||||
-CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset)
|
||||
- : StyleSheet(ownerRule, href)
|
||||
+CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset)
|
||||
+ : StyleSheet(ownerRule, href, baseURL)
|
||||
, m_namespaces(0)
|
||||
, m_charset(charset)
|
||||
, m_loadCompleted(false)
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.660977242 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h 2010-05-03 15:55:37.745101706 +0200
|
||||
@@ -38,27 +38,31 @@ class CSSStyleSheet : public StyleSheet
|
||||
public:
|
||||
static PassRefPtr<CSSStyleSheet> create()
|
||||
{
|
||||
- return adoptRef(new CSSStyleSheet(static_cast<CSSStyleSheet*>(0), String(), String()));
|
||||
+ return adoptRef(new CSSStyleSheet(static_cast<CSSStyleSheet*>(0), String(), KURL(), String()));
|
||||
}
|
||||
static PassRefPtr<CSSStyleSheet> create(Node* ownerNode)
|
||||
{
|
||||
- return adoptRef(new CSSStyleSheet(ownerNode, String(), String()));
|
||||
+ return adoptRef(new CSSStyleSheet(ownerNode, String(), KURL(), String()));
|
||||
}
|
||||
- static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href)
|
||||
+ static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const KURL& baseURL)
|
||||
{
|
||||
- return adoptRef(new CSSStyleSheet(ownerNode, href, String()));
|
||||
+ return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, String()));
|
||||
}
|
||||
- static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const String& charset)
|
||||
+ static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset)
|
||||
{
|
||||
- return adoptRef(new CSSStyleSheet(ownerNode, href, charset));
|
||||
+ return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, charset));
|
||||
}
|
||||
- static PassRefPtr<CSSStyleSheet> create(CSSRule* ownerRule, const String& href, const String& charset)
|
||||
+ static PassRefPtr<CSSStyleSheet> create(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset)
|
||||
{
|
||||
- return adoptRef(new CSSStyleSheet(ownerRule, href, charset));
|
||||
+ return adoptRef(new CSSStyleSheet(ownerRule, href, baseURL, charset));
|
||||
+ }
|
||||
+ static PassRefPtr<CSSStyleSheet> createInline(Node* ownerNode, const KURL& baseURL)
|
||||
+ {
|
||||
+ return adoptRef(new CSSStyleSheet(ownerNode, baseURL.string(), baseURL, String()));
|
||||
}
|
||||
|
||||
virtual ~CSSStyleSheet();
|
||||
-
|
||||
+
|
||||
CSSRule* ownerRule() const;
|
||||
PassRefPtr<CSSRuleList> cssRules(bool omitCharsetRules = false);
|
||||
unsigned insertRule(const String& rule, unsigned index, ExceptionCode&);
|
||||
@@ -72,7 +76,7 @@ public:
|
||||
|
||||
void addNamespace(CSSParser*, const AtomicString& prefix, const AtomicString& uri);
|
||||
const AtomicString& determineNamespace(const AtomicString& prefix);
|
||||
-
|
||||
+
|
||||
virtual void styleSheetChanged();
|
||||
|
||||
virtual bool parseString(const String&, bool strict = true);
|
||||
@@ -99,10 +103,10 @@ public:
|
||||
bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; }
|
||||
|
||||
private:
|
||||
- CSSStyleSheet(Node* ownerNode, const String& href, const String& charset);
|
||||
- CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset);
|
||||
- CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset);
|
||||
-
|
||||
+ CSSStyleSheet(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset);
|
||||
+ CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset);
|
||||
+ CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset);
|
||||
+
|
||||
virtual bool isCSSStyleSheet() const { return true; }
|
||||
virtual String type() const { return "text/css"; }
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp 2010-05-03 15:55:37.757976382 +0200
|
||||
@@ -56,9 +56,9 @@ KURL StyleBase::baseURL() const
|
||||
StyleSheet* sheet = const_cast<StyleBase*>(this)->stylesheet();
|
||||
if (!sheet)
|
||||
return KURL();
|
||||
- if (!sheet->href().isNull())
|
||||
- return KURL(ParsedURLString, sheet->href());
|
||||
- if (sheet->parent())
|
||||
+ if (!sheet->putativeBaseURL().isNull())
|
||||
+ return sheet->putativeBaseURL();
|
||||
+ if (sheet->parent())
|
||||
return sheet->parent()->baseURL();
|
||||
if (!sheet->ownerNode())
|
||||
return KURL();
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp 2010-05-03 15:55:37.758976847 +0200
|
||||
@@ -26,27 +26,30 @@
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
-StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href)
|
||||
+StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL)
|
||||
: StyleList(parentSheet)
|
||||
, m_parentNode(0)
|
||||
- , m_strHref(href)
|
||||
+ , m_href(href)
|
||||
+ , m_baseURL(baseURL)
|
||||
, m_disabled(false)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
-StyleSheet::StyleSheet(Node* parentNode, const String& href)
|
||||
+StyleSheet::StyleSheet(Node* parentNode, const String& href, const KURL& baseURL)
|
||||
: StyleList(0)
|
||||
, m_parentNode(parentNode)
|
||||
- , m_strHref(href)
|
||||
+ , m_href(href)
|
||||
+ , m_baseURL(baseURL)
|
||||
, m_disabled(false)
|
||||
{
|
||||
}
|
||||
|
||||
-StyleSheet::StyleSheet(StyleBase* owner, const String& href)
|
||||
+StyleSheet::StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL)
|
||||
: StyleList(owner)
|
||||
, m_parentNode(0)
|
||||
- , m_strHref(href)
|
||||
+ , m_href(href)
|
||||
+ , m_baseURL(baseURL)
|
||||
, m_disabled(false)
|
||||
{
|
||||
}
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h 2010-05-03 15:55:37.758976847 +0200
|
||||
@@ -41,8 +41,18 @@ public:
|
||||
|
||||
Node* ownerNode() const { return m_parentNode; }
|
||||
StyleSheet *parentStyleSheet() const;
|
||||
- const String& href() const { return m_strHref; }
|
||||
- void setHref(const String& href) { m_strHref = href; }
|
||||
+
|
||||
+ // Note that href is the URL that started the redirect chain that led to
|
||||
+ // this style sheet. This property probably isn't useful for much except
|
||||
+ // the JavaScript binding (which needs to use this value for security).
|
||||
+ const String& href() const { return m_href; }
|
||||
+
|
||||
+ void setBaseURL(const KURL& baseURL) { m_baseURL = baseURL; }
|
||||
+
|
||||
+ // Notice that this object inherits a baseURL function from StyleBase that
|
||||
+ // crawls the parent() relation looking for a non-0 putativeBaseURL.
|
||||
+ const KURL& putativeBaseURL() const { return m_baseURL; }
|
||||
+
|
||||
const String& title() const { return m_strTitle; }
|
||||
void setTitle(const String& s) { m_strTitle = s; }
|
||||
MediaList* media() const { return m_media.get(); }
|
||||
@@ -58,15 +68,16 @@ public:
|
||||
virtual bool parseString(const String&, bool strict = true) = 0;
|
||||
|
||||
protected:
|
||||
- StyleSheet(Node* ownerNode, const String& href);
|
||||
- StyleSheet(StyleSheet* parentSheet, const String& href);
|
||||
- StyleSheet(StyleBase* owner, const String& href);
|
||||
+ StyleSheet(Node* ownerNode, const String& href, const KURL& baseURL);
|
||||
+ StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL);
|
||||
+ StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL);
|
||||
|
||||
private:
|
||||
virtual bool isStyleSheet() const { return true; }
|
||||
|
||||
Node* m_parentNode;
|
||||
- String m_strHref;
|
||||
+ String m_href;
|
||||
+ KURL m_baseURL;
|
||||
String m_strTitle;
|
||||
RefPtr<MediaList> m_media;
|
||||
bool m_disabled;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp 2010-05-03 15:55:37.760977901 +0200
|
||||
@@ -1920,9 +1920,9 @@ void Document::updateBaseURL()
|
||||
m_baseURL = KURL();
|
||||
|
||||
if (m_elemSheet)
|
||||
- m_elemSheet->setHref(m_baseURL.string());
|
||||
+ m_elemSheet->setBaseURL(m_baseURL);
|
||||
if (m_mappedElementSheet)
|
||||
- m_mappedElementSheet->setHref(m_baseURL.string());
|
||||
+ m_mappedElementSheet->setBaseURL(m_baseURL);
|
||||
}
|
||||
|
||||
String Document::userAgent(const KURL& url) const
|
||||
@@ -1944,7 +1944,7 @@ CSSStyleSheet* Document::pageUserSheet()
|
||||
return 0;
|
||||
|
||||
// Parse the sheet and cache it.
|
||||
- m_pageUserSheet = CSSStyleSheet::create(this, settings()->userStyleSheetLocation());
|
||||
+ m_pageUserSheet = CSSStyleSheet::createInline(this, settings()->userStyleSheetLocation());
|
||||
m_pageUserSheet->setIsUserStyleSheet(true);
|
||||
m_pageUserSheet->parseString(userSheetText, !inCompatMode());
|
||||
return m_pageUserSheet.get();
|
||||
@@ -1979,7 +1979,7 @@ const Vector<RefPtr<CSSStyleSheet> >* Do
|
||||
const UserStyleSheet* sheet = sheets->at(i).get();
|
||||
if (!UserContentURLPattern::matchesPatterns(url(), sheet->whitelist(), sheet->blacklist()))
|
||||
continue;
|
||||
- RefPtr<CSSStyleSheet> parsedSheet = CSSStyleSheet::create(const_cast<Document*>(this), sheet->url());
|
||||
+ RefPtr<CSSStyleSheet> parsedSheet = CSSStyleSheet::createInline(const_cast<Document*>(this), sheet->url());
|
||||
parsedSheet->setIsUserStyleSheet(true);
|
||||
parsedSheet->parseString(sheet->source(), !inCompatMode());
|
||||
if (!m_pageGroupUserSheets)
|
||||
@@ -2001,14 +2001,14 @@ void Document::clearPageGroupUserSheets(
|
||||
CSSStyleSheet* Document::elementSheet()
|
||||
{
|
||||
if (!m_elemSheet)
|
||||
- m_elemSheet = CSSStyleSheet::create(this, m_baseURL.string());
|
||||
+ m_elemSheet = CSSStyleSheet::createInline(this, m_baseURL);
|
||||
return m_elemSheet.get();
|
||||
}
|
||||
|
||||
CSSStyleSheet* Document::mappedElementSheet()
|
||||
{
|
||||
if (!m_mappedElementSheet)
|
||||
- m_mappedElementSheet = CSSStyleSheet::create(this, m_baseURL.string());
|
||||
+ m_mappedElementSheet = CSSStyleSheet::createInline(this, m_baseURL);
|
||||
return m_mappedElementSheet.get();
|
||||
}
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp 2010-05-03 15:55:37.761977599 +0200
|
||||
@@ -138,7 +138,8 @@ void ProcessingInstruction::checkStyleSh
|
||||
// We need to make a synthetic XSLStyleSheet that is embedded. It needs to be able
|
||||
// to kick off import/include loads that can hang off some parent sheet.
|
||||
if (m_isXSL) {
|
||||
- m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref);
|
||||
+ KURL baseURL = KURL(ParsedURLString, m_localHref);
|
||||
+ m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref, baseURL);
|
||||
m_loading = false;
|
||||
}
|
||||
#endif
|
||||
@@ -196,12 +197,12 @@ bool ProcessingInstruction::sheetLoaded(
|
||||
return false;
|
||||
}
|
||||
|
||||
-void ProcessingInstruction::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
+void ProcessingInstruction::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
{
|
||||
#if ENABLE(XSLT)
|
||||
ASSERT(!m_isXSL);
|
||||
#endif
|
||||
- RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, url, charset);
|
||||
+ RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, href, baseURL, charset);
|
||||
m_sheet = newSheet;
|
||||
// We don't need the cross-origin security check here because we are
|
||||
// getting the sheet text in "strict" mode. This enforces a valid CSS MIME
|
||||
@@ -213,10 +214,10 @@ void ProcessingInstruction::setCSSStyleS
|
||||
}
|
||||
|
||||
#if ENABLE(XSLT)
|
||||
-void ProcessingInstruction::setXSLStyleSheet(const String& url, const String& sheet)
|
||||
+void ProcessingInstruction::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet)
|
||||
{
|
||||
ASSERT(m_isXSL);
|
||||
- m_sheet = XSLStyleSheet::create(this, url);
|
||||
+ m_sheet = XSLStyleSheet::create(this, href, baseURL);
|
||||
parseStyleSheet(sheet);
|
||||
}
|
||||
#endif
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h 2010-05-03 15:55:37.761977599 +0200
|
||||
@@ -68,9 +68,9 @@ private:
|
||||
virtual void removedFromDocument();
|
||||
|
||||
void checkStyleSheet();
|
||||
- virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*);
|
||||
+ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*);
|
||||
#if ENABLE(XSLT)
|
||||
- virtual void setXSLStyleSheet(const String& url, const String& sheet);
|
||||
+ virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet);
|
||||
#endif
|
||||
|
||||
bool isLoading() const;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp 2010-05-03 15:55:37.762976937 +0200
|
||||
@@ -103,7 +103,7 @@ void StyleElement::createSheet(Element*
|
||||
if (screenEval.eval(mediaList.get()) || printEval.eval(mediaList.get())) {
|
||||
document->addPendingSheet();
|
||||
setLoading(true);
|
||||
- m_sheet = CSSStyleSheet::create(e, String(), document->inputEncoding());
|
||||
+ m_sheet = CSSStyleSheet::create(e, String(), KURL(), document->inputEncoding());
|
||||
m_sheet->parseString(text, !document->inCompatMode());
|
||||
m_sheet->setMedia(mediaList.get());
|
||||
m_sheet->setTitle(e->title());
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp 2010-05-03 17:02:45.528101154 +0200
|
||||
@@ -253,9 +253,9 @@ void HTMLLinkElement::finishParsingChild
|
||||
HTMLElement::finishParsingChildren();
|
||||
}
|
||||
|
||||
-void HTMLLinkElement::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
+void HTMLLinkElement::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
|
||||
{
|
||||
- m_sheet = CSSStyleSheet::create(this, url, charset);
|
||||
+ m_sheet = CSSStyleSheet::create(this, href, baseURL, charset);
|
||||
|
||||
bool strictParsing = !document()->inCompatMode();
|
||||
bool enforceMIMEType = strictParsing;
|
||||
@@ -275,11 +275,11 @@ void HTMLLinkElement::setCSSStyleSheet(c
|
||||
// valid CSS rule.
|
||||
// This prevents an attacker playing games by injecting CSS strings into
|
||||
// HTML, XML, JSON, etc. etc.
|
||||
- if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
|
||||
+ if (!document()->securityOrigin()->canRequest(baseURL))
|
||||
crossOriginCSS = true;
|
||||
|
||||
if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader())
|
||||
- m_sheet = CSSStyleSheet::create(this, url, charset);
|
||||
+ m_sheet = CSSStyleSheet::create(this, href, baseURL, charset);
|
||||
|
||||
if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) {
|
||||
// Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
|
||||
@@ -287,7 +287,7 @@ void HTMLLinkElement::setCSSStyleSheet(c
|
||||
DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n"));
|
||||
// There are two variants of KHTMLFixes.css. One is equal to mediaWikiKHTMLFixesStyleSheet,
|
||||
// while the other lacks the second trailing newline.
|
||||
- if (url.endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText)
|
||||
+ if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText)
|
||||
&& sheetText.length() >= mediaWikiKHTMLFixesStyleSheet.length() - 1) {
|
||||
ASSERT(m_sheet->length() == 1);
|
||||
ExceptionCode ec;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h 2010-05-03 15:55:37.773083096 +0200
|
||||
@@ -79,7 +79,7 @@ public:
|
||||
virtual void removedFromDocument();
|
||||
|
||||
// from CachedResourceClient
|
||||
- virtual void setCSSStyleSheet(const String &url, const String& charset, const CachedCSSStyleSheet* sheet);
|
||||
+ virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet);
|
||||
bool isLoading() const;
|
||||
virtual bool sheetLoaded();
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-05-03 15:55:37.661976647 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp 2010-05-03 15:55:37.774976529 +0200
|
||||
@@ -52,9 +52,9 @@ CachedCSSStyleSheet::~CachedCSSStyleShee
|
||||
void CachedCSSStyleSheet::didAddClient(CachedResourceClient *c)
|
||||
{
|
||||
if (!m_loading)
|
||||
- c->setCSSStyleSheet(m_url, m_decoder->encoding().name(), this);
|
||||
+ c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this);
|
||||
}
|
||||
-
|
||||
+
|
||||
void CachedCSSStyleSheet::allClientsRemoved()
|
||||
{
|
||||
if (isSafeToMakePurgeable())
|
||||
@@ -112,7 +112,7 @@ void CachedCSSStyleSheet::checkNotify()
|
||||
|
||||
CachedResourceClientWalker w(m_clients);
|
||||
while (CachedResourceClient *c = w.next())
|
||||
- c->setCSSStyleSheet(m_response.url().string(), m_decoder->encoding().name(), this);
|
||||
+ c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this);
|
||||
}
|
||||
|
||||
void CachedCSSStyleSheet::error()
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h 2010-05-03 15:55:37.775976911 +0200
|
||||
@@ -42,6 +42,7 @@ namespace WebCore {
|
||||
class String;
|
||||
class Image;
|
||||
class IntRect;
|
||||
+ class KURL;
|
||||
|
||||
/**
|
||||
* @internal
|
||||
@@ -65,8 +66,8 @@ namespace WebCore {
|
||||
// e.g., in the b/f cache or in a background tab).
|
||||
virtual bool willRenderImage(CachedImage*) { return false; }
|
||||
|
||||
- virtual void setCSSStyleSheet(const String& /*URL*/, const String& /*charset*/, const CachedCSSStyleSheet*) { }
|
||||
- virtual void setXSLStyleSheet(const String& /*URL*/, const String& /*sheet*/) { }
|
||||
+ virtual void setCSSStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* charset */, const CachedCSSStyleSheet*) { }
|
||||
+ virtual void setXSLStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* sheet */) { }
|
||||
|
||||
virtual void fontLoaded(CachedFont*) {};
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:19.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp 2010-05-03 15:55:37.789038977 +0200
|
||||
@@ -48,7 +48,7 @@ CachedXSLStyleSheet::CachedXSLStyleSheet
|
||||
void CachedXSLStyleSheet::didAddClient(CachedResourceClient* c)
|
||||
{
|
||||
if (!m_loading)
|
||||
- c->setXSLStyleSheet(m_url, m_sheet);
|
||||
+ c->setXSLStyleSheet(m_url, m_response.url(), m_sheet);
|
||||
}
|
||||
|
||||
void CachedXSLStyleSheet::setEncoding(const String& chs)
|
||||
@@ -83,10 +83,9 @@ void CachedXSLStyleSheet::checkNotify()
|
||||
|
||||
CachedResourceClientWalker w(m_clients);
|
||||
while (CachedResourceClient *c = w.next())
|
||||
- c->setXSLStyleSheet(m_url, m_sheet);
|
||||
+ c->setXSLStyleSheet(m_url, m_response.url(), m_sheet);
|
||||
}
|
||||
|
||||
-
|
||||
void CachedXSLStyleSheet::error()
|
||||
{
|
||||
m_loading = false;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp 2010-05-03 15:55:37.789038977 +0200
|
||||
@@ -52,13 +52,13 @@ XSLStyleSheet* XSLImportRule::parentStyl
|
||||
return (parent() && parent()->isXSLStyleSheet()) ? static_cast<XSLStyleSheet*>(parent()) : 0;
|
||||
}
|
||||
|
||||
-void XSLImportRule::setXSLStyleSheet(const String& url, const String& sheet)
|
||||
+void XSLImportRule::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet)
|
||||
{
|
||||
if (m_styleSheet)
|
||||
m_styleSheet->setParent(0);
|
||||
-
|
||||
- m_styleSheet = XSLStyleSheet::create(this, url);
|
||||
-
|
||||
+
|
||||
+ m_styleSheet = XSLStyleSheet::create(this, href, baseURL);
|
||||
+
|
||||
XSLStyleSheet* parent = parentStyleSheet();
|
||||
if (parent)
|
||||
m_styleSheet->setParentStyleSheet(parent);
|
||||
@@ -87,14 +87,14 @@ void XSLImportRule::loadSheet()
|
||||
|
||||
String absHref = m_strHref;
|
||||
XSLStyleSheet* parentSheet = parentStyleSheet();
|
||||
- if (!parentSheet->href().isNull())
|
||||
+ if (!parentSheet->putativeBaseURL().isNull())
|
||||
// use parent styleheet's URL as the base URL
|
||||
- absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string();
|
||||
+ absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string();
|
||||
|
||||
// Check for a cycle in our import chain. If we encounter a stylesheet
|
||||
// in our parent chain with the same URL, then just bail.
|
||||
for (parent = this->parent(); parent; parent = parent->parent()) {
|
||||
- if (parent->isXSLStyleSheet() && absHref == static_cast<XSLStyleSheet*>(parent)->href())
|
||||
+ if (parent->isXSLStyleSheet() && absHref == static_cast<XSLStyleSheet*>(parent)->putativeBaseURL().string())
|
||||
return;
|
||||
}
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h 2010-05-03 15:55:37.789981560 +0200
|
||||
@@ -57,7 +57,7 @@ private:
|
||||
virtual bool isImportRule() { return true; }
|
||||
|
||||
// from CachedResourceClient
|
||||
- virtual void setXSLStyleSheet(const String& url, const String& sheet);
|
||||
+ virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet);
|
||||
|
||||
String m_strHref;
|
||||
RefPtr<XSLStyleSheet> m_styleSheet;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h 2010-05-03 15:55:37.827976887 +0200
|
||||
@@ -43,18 +43,18 @@ class XSLImportRule;
|
||||
class XSLStyleSheet : public StyleSheet {
|
||||
public:
|
||||
#if !USE(QXMLQUERY)
|
||||
- static PassRefPtr<XSLStyleSheet> create(XSLImportRule* parentImport, const String& href)
|
||||
+ static PassRefPtr<XSLStyleSheet> create(XSLImportRule* parentImport, const String& href, const KURL& baseURL)
|
||||
{
|
||||
- return adoptRef(new XSLStyleSheet(parentImport, href));
|
||||
+ return adoptRef(new XSLStyleSheet(parentImport, href, baseURL));
|
||||
}
|
||||
#endif
|
||||
- static PassRefPtr<XSLStyleSheet> create(Node* parentNode, const String& href)
|
||||
+ static PassRefPtr<XSLStyleSheet> create(Node* parentNode, const String& href, const KURL& baseURL)
|
||||
{
|
||||
- return adoptRef(new XSLStyleSheet(parentNode, href, false));
|
||||
+ return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, false));
|
||||
}
|
||||
- static PassRefPtr<XSLStyleSheet> createEmbedded(Node* parentNode, const String& href)
|
||||
+ static PassRefPtr<XSLStyleSheet> createEmbedded(Node* parentNode, const String& href, const KURL& baseURL)
|
||||
{
|
||||
- return adoptRef(new XSLStyleSheet(parentNode, href, true));
|
||||
+ return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, true));
|
||||
}
|
||||
|
||||
virtual ~XSLStyleSheet();
|
||||
@@ -90,9 +90,9 @@ public:
|
||||
bool processed() const { return m_processed; }
|
||||
|
||||
private:
|
||||
- XSLStyleSheet(Node* parentNode, const String& href, bool embedded);
|
||||
+ XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded);
|
||||
#if !USE(QXMLQUERY)
|
||||
- XSLStyleSheet(XSLImportRule* parentImport, const String& href);
|
||||
+ XSLStyleSheet(XSLImportRule* parentImport, const String& href, const KURL& baseURL);
|
||||
#endif
|
||||
|
||||
Document* m_ownerDocument;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp 2010-05-03 15:55:37.837079694 +0200
|
||||
@@ -55,8 +55,8 @@ SOFT_LINK(libxslt, xsltLoadStylesheetPI,
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
-XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href)
|
||||
- : StyleSheet(parentRule, href)
|
||||
+XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href, const KURL& baseURL)
|
||||
+ : StyleSheet(parentRule, href, baseURL)
|
||||
, m_ownerDocument(0)
|
||||
, m_embedded(false)
|
||||
, m_processed(false) // Child sheets get marked as processed when the libxslt engine has finally seen them.
|
||||
@@ -66,8 +66,8 @@ XSLStyleSheet::XSLStyleSheet(XSLImportRu
|
||||
{
|
||||
}
|
||||
|
||||
-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, bool embedded)
|
||||
- : StyleSheet(parentNode, href)
|
||||
+XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded)
|
||||
+ : StyleSheet(parentNode, href, baseURL)
|
||||
, m_ownerDocument(parentNode->document())
|
||||
, m_embedded(embedded)
|
||||
, m_processed(true) // The root sheet starts off processed.
|
||||
@@ -168,7 +168,7 @@ bool XSLStyleSheet::parseString(const St
|
||||
}
|
||||
|
||||
m_stylesheetDoc = xmlCtxtReadMemory(ctxt, buffer, size,
|
||||
- href().utf8().data(),
|
||||
+ putativeBaseURL().string().utf8().data(),
|
||||
BOMHighByte == 0xFF ? "UTF-16LE" : "UTF-16BE",
|
||||
XML_PARSE_NOENT | XML_PARSE_DTDATTR | XML_PARSE_NOWARNING | XML_PARSE_NOCDATA);
|
||||
xmlFreeParserCtxt(ctxt);
|
||||
@@ -192,7 +192,7 @@ void XSLStyleSheet::loadChildSheets()
|
||||
if (m_embedded) {
|
||||
// We have to locate (by ID) the appropriate embedded stylesheet element, so that we can walk the
|
||||
// import/include list.
|
||||
- xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(href().utf8().data()));
|
||||
+ xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(putativeBaseURL().string().utf8().data()));
|
||||
if (!idNode)
|
||||
return;
|
||||
stylesheetRoot = idNode->parent;
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp 2010-05-03 15:55:37.837977083 +0200
|
||||
@@ -33,8 +33,8 @@
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, bool embedded)
|
||||
- : StyleSheet(parentNode, href)
|
||||
+XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded)
|
||||
+ : StyleSheet(parentNode, href, baseURL)
|
||||
, m_ownerDocument(parentNode->document())
|
||||
, m_embedded(embedded)
|
||||
{
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp 2010-05-03 15:55:37.837977083 +0200
|
||||
@@ -226,7 +226,8 @@ static xsltStylesheetPtr xsltStylesheetP
|
||||
{
|
||||
if (!cachedStylesheet && stylesheetRootNode) {
|
||||
cachedStylesheet = XSLStyleSheet::create(stylesheetRootNode->parent() ? stylesheetRootNode->parent() : stylesheetRootNode,
|
||||
- stylesheetRootNode->document()->url().string());
|
||||
+ stylesheetRootNode->document()->url().string(),
|
||||
+ stylesheetRootNode->document()->url()); // FIXME: Should we use baseURL here?
|
||||
cachedStylesheet->parseString(createMarkup(stylesheetRootNode));
|
||||
}
|
||||
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp 2010-05-03 15:55:37.915979873 +0200
|
||||
@@ -120,7 +120,9 @@ bool XSLTProcessor::transformToString(No
|
||||
RefPtr<XSLStyleSheet> stylesheet = m_stylesheet;
|
||||
if (!stylesheet && m_stylesheetRootNode) {
|
||||
Node* node = m_stylesheetRootNode.get();
|
||||
- stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node, node->document()->url().string());
|
||||
+ stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node,
|
||||
+ node->document()->url().string(),
|
||||
+ node->document()->url()); // FIXME: Should we use baseURL here?
|
||||
stylesheet->parseString(createMarkup(node));
|
||||
}
|
||||
|
25
qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
Normal file
25
qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
Normal file
@ -0,0 +1,25 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me 2010-05-06 11:29:24.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp 2010-05-06 11:43:29.000000000 +0200
|
||||
@@ -112,7 +112,11 @@ SecurityOrigin::SecurityOrigin(const KUR
|
||||
|
||||
// By default, only local SecurityOrigins can load local resources.
|
||||
m_canLoadLocalResources = isLocal();
|
||||
-
|
||||
+ if (m_canLoadLocalResources) {
|
||||
+ // Directories should never be readable.
|
||||
+ if (!url.hasPath() || url.path().endsWith("/"))
|
||||
+ m_noAccess = true;
|
||||
+ }
|
||||
if (isDefaultPortForProtocol(m_port, m_protocol))
|
||||
m_port = 0;
|
||||
}
|
||||
@@ -207,6 +211,8 @@ bool SecurityOrigin::canRequest(const KU
|
||||
return false;
|
||||
|
||||
RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
|
||||
+ if (targetOrigin->m_noAccess)
|
||||
+ return false;
|
||||
|
||||
// We call isSameSchemeHostPort here instead of canAccess because we want
|
||||
// to ignore document.domain effects.
|
48
qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
Normal file
48
qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
Normal file
@ -0,0 +1,48 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than 2010-02-11 16:55:20.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h 2010-03-23 14:29:41.000000000 +0100
|
||||
@@ -345,6 +345,11 @@
|
||||
#define WTF_PLATFORM_BIG_ENDIAN 1
|
||||
#endif
|
||||
|
||||
+/* PLATFORM(S390X) */
|
||||
+#if defined(__s390x__) || defined(__s390x)
|
||||
+#define WTF_PLATFORM_S390X 1
|
||||
+#endif
|
||||
+
|
||||
/* PLATFORM(IA64) */
|
||||
/* a.k.a. Itanium Processor Family, IPF */
|
||||
#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
|
||||
@@ -730,6 +735,8 @@
|
||||
/* Using JSVALUE32_64 causes padding/alignement issues for JITStubArg
|
||||
on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */
|
||||
#define WTF_USE_JSVALUE32 1
|
||||
+#elif PLATFORM(S390X)
|
||||
+#define WTF_USE_JSVALUE64 1
|
||||
#else
|
||||
#define WTF_USE_JSVALUE32_64 1
|
||||
#endif
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than 2010-02-11 16:55:17.000000000 +0100
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2010-03-23 14:19:00.000000000 +0100
|
||||
@@ -362,6 +362,11 @@
|
||||
#define WTF_PLATFORM_IA64 1
|
||||
#endif
|
||||
|
||||
+/* PLATFORM(S390X) */
|
||||
+#if defined(__s390x__) || defined(__s390x)
|
||||
+#define WTF_PLATFORM_S390X 1
|
||||
+#endif
|
||||
+
|
||||
/* PLATFORM(ALPHA) */
|
||||
#if defined(__alpha__)
|
||||
#define WTF_PLATFORM_ALPHA 1
|
||||
@@ -729,7 +734,7 @@
|
||||
#endif
|
||||
|
||||
#if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
|
||||
-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA)
|
||||
+#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X)
|
||||
#define WTF_USE_JSVALUE64 1
|
||||
#elif PLATFORM(ARM) || PLATFORM(PPC64)
|
||||
#define WTF_USE_JSVALUE32 1
|
16
qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
Normal file
16
qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h
|
||||
--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc 2010-03-23 10:45:57.076490991 -0400
|
||||
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h 2010-03-23 10:47:37.044618125 -0400
|
||||
@@ -734,7 +734,11 @@
|
||||
#endif
|
||||
|
||||
#if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
|
||||
-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X)
|
||||
+#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) \
|
||||
+ || PLATFORM(IA64) \
|
||||
+ || PLATFORM(ALPHA) \
|
||||
+ || PLATFORM(SPARC64) \
|
||||
+ || PLATFORM(S390X)
|
||||
#define WTF_USE_JSVALUE64 1
|
||||
#elif PLATFORM(ARM) || PLATFORM(PPC64)
|
||||
#define WTF_USE_JSVALUE32 1
|
15
qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
Normal file
15
qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp 2010-06-15 13:11:55.974470742 +0200
|
||||
@@ -910,7 +910,10 @@ void Node::notifyLocalNodeListsAttribute
|
||||
if (!data->nodeLists())
|
||||
return;
|
||||
|
||||
- data->nodeLists()->invalidateCachesThatDependOnAttributes();
|
||||
+ if (!isAttributeNode())
|
||||
+ data->nodeLists()->invalidateCachesThatDependOnAttributes();
|
||||
+ else
|
||||
+ data->nodeLists()->invalidateCaches();
|
||||
|
||||
if (data->nodeLists()->isEmpty()) {
|
||||
data->clearNodeLists();
|
1416
qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
Normal file
1416
qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
Normal file
File diff suppressed because it is too large
Load Diff
12
qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
Normal file
12
qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp 2010-06-10 20:24:02.864193022 +0200
|
||||
@@ -4484,7 +4484,7 @@
|
||||
|
||||
// Drill into inlines looking for our first text child.
|
||||
RenderObject* currChild = firstLetterBlock->firstChild();
|
||||
- while (currChild && currChild->needsLayout() && (!currChild->isReplaced() || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
|
||||
+ while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
|
||||
if (currChild->isFloatingOrPositioned()) {
|
||||
if (currChild->style()->styleType() == FIRST_LETTER)
|
||||
break;
|
56
qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
Normal file
56
qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
Normal file
@ -0,0 +1,56 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp 2010-06-10 20:34:00.316318866 +0200
|
||||
@@ -395,33 +395,43 @@
|
||||
document()->removeFocusedNodeOfSubtree(this, true);
|
||||
|
||||
forbidEventDispatch();
|
||||
- int childCountDelta = 0;
|
||||
+ Vector<RefPtr<Node> > removedChildren;
|
||||
while (RefPtr<Node> n = m_firstChild) {
|
||||
- childCountDelta--;
|
||||
-
|
||||
Node* next = n->nextSibling();
|
||||
|
||||
- // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744)
|
||||
+ // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744).
|
||||
+ // removeChild() does this after calling detach(). There is no explanation for
|
||||
+ // this discrepancy between removeChild() and its optimized version removeChildren().
|
||||
n->setPreviousSibling(0);
|
||||
n->setNextSibling(0);
|
||||
n->setParent(0);
|
||||
-
|
||||
+
|
||||
m_firstChild = next;
|
||||
if (n == m_lastChild)
|
||||
m_lastChild = 0;
|
||||
|
||||
if (n->attached())
|
||||
n->detach();
|
||||
-
|
||||
- if (n->inDocument())
|
||||
- n->removedFromDocument();
|
||||
+
|
||||
+ removedChildren.append(n.release());
|
||||
}
|
||||
allowEventDispatch();
|
||||
|
||||
+ size_t removedChildrenCount = removedChildren.size();
|
||||
+
|
||||
// Dispatch a single post-removal mutation event denoting a modified subtree.
|
||||
- childrenChanged(false, 0, 0, childCountDelta);
|
||||
+ childrenChanged(false, 0, 0, -static_cast<int>(removedChildrenCount));
|
||||
dispatchSubtreeModifiedEvent();
|
||||
|
||||
+ for (size_t i = 0; i < removedChildrenCount; ++i) {
|
||||
+ Node* removedChild = removedChildren[i].get();
|
||||
+ if (removedChild->inDocument())
|
||||
+ removedChild->removedFromDocument();
|
||||
+ // removeChild() calls removedFromTree(true) if the child was not in the
|
||||
+ // document. There is no explanation for this discrepancy between removeChild()
|
||||
+ // and its optimized version removeChildren().
|
||||
+ }
|
||||
+
|
||||
return true;
|
||||
}
|
||||
|
53
qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
Normal file
53
qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
Normal file
@ -0,0 +1,53 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp 2010-06-10 20:41:45.295318418 +0200
|
||||
@@ -552,12 +552,6 @@
|
||||
toRenderTextControl(renderer)->selectionChanged(userTriggered);
|
||||
}
|
||||
|
||||
-void Frame::invalidateSelection()
|
||||
-{
|
||||
- selection()->setNeedsLayout();
|
||||
- selectionLayoutChanged();
|
||||
-}
|
||||
-
|
||||
void Frame::setCaretVisible(bool flag)
|
||||
{
|
||||
if (m_caretVisible == flag)
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h 2010-06-10 20:41:45.291318453 +0200
|
||||
@@ -259,8 +259,6 @@
|
||||
void selectionLayoutChanged();
|
||||
void notifyRendererOfSelectionChange(bool userTriggered);
|
||||
|
||||
- void invalidateSelection();
|
||||
-
|
||||
void setCaretVisible(bool = true);
|
||||
void paintCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const;
|
||||
void paintDragCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const;
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-10 20:41:45.293318191 +0200
|
||||
@@ -642,7 +642,8 @@
|
||||
root->view()->popLayoutState();
|
||||
m_layoutRoot = 0;
|
||||
|
||||
- m_frame->invalidateSelection();
|
||||
+ m_frame->selection()->setNeedsLayout();
|
||||
+ m_frame->selectionLayoutChanged();
|
||||
|
||||
m_layoutSchedulingEnabled = true;
|
||||
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-10 20:41:45.297318506 +0200
|
||||
@@ -1170,7 +1170,7 @@
|
||||
// The caret rect needs to be invalidated after scrolling
|
||||
Frame* frame = renderer()->document()->frame();
|
||||
if (frame)
|
||||
- frame->invalidateSelection();
|
||||
+ frame->selection()->setNeedsLayout();
|
||||
|
||||
// Just schedule a full repaint of our object.
|
||||
if (repaint)
|
244
qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
Normal file
244
qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
Normal file
@ -0,0 +1,244 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-11 16:12:55.750525354 +0200
|
||||
@@ -35,6 +35,7 @@
|
||||
#include "ClientRect.h"
|
||||
#include "ClientRectList.h"
|
||||
#include "Document.h"
|
||||
+#include "DocumentFragment.h"
|
||||
#include "ElementRareData.h"
|
||||
#include "ExceptionCode.h"
|
||||
#include "FocusController.h"
|
||||
@@ -42,6 +43,7 @@
|
||||
#include "FrameView.h"
|
||||
#include "HTMLElement.h"
|
||||
#include "HTMLNames.h"
|
||||
+#include "HTMLTokenizer.h"
|
||||
#include "NamedNodeMap.h"
|
||||
#include "NodeList.h"
|
||||
#include "NodeRenderStyle.h"
|
||||
@@ -49,6 +51,7 @@
|
||||
#include "RenderView.h"
|
||||
#include "TextIterator.h"
|
||||
#include "XMLNames.h"
|
||||
+#include "XMLTokenizer.h"
|
||||
|
||||
#if ENABLE(SVG)
|
||||
#include "SVGNames.h"
|
||||
@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData()
|
||||
{
|
||||
return new ElementRareData;
|
||||
}
|
||||
+
|
||||
+PassRefPtr<DocumentFragment> Element::createContextualFragment(const String& markup)
|
||||
+{
|
||||
+ RefPtr<DocumentFragment> fragment = DocumentFragment::create(document());
|
||||
+
|
||||
+ if (document()->isHTMLDocument())
|
||||
+ parseHTMLDocumentFragment(markup, fragment.get());
|
||||
+ else {
|
||||
+ if (!parseXMLDocumentFragment(markup, fragment.get(), this))
|
||||
+ // FIXME: We should propagate a syntax error exception out here.
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ // Exceptions are ignored because none ought to happen here.
|
||||
+ ExceptionCode ignoredExceptionCode;
|
||||
+
|
||||
+ // We need to pop <html> and <body> elements and remove <head> to
|
||||
+ // accommodate folks passing complete HTML documents to make the
|
||||
+ // child of an element.
|
||||
+
|
||||
+ RefPtr<Node> nextNode;
|
||||
+ for (RefPtr<Node> node = fragment->firstChild(); node; node = nextNode) {
|
||||
+ nextNode = node->nextSibling();
|
||||
+ if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) {
|
||||
+ Node* firstChild = node->firstChild();
|
||||
+ if (firstChild)
|
||||
+ nextNode = firstChild;
|
||||
+ RefPtr<Node> nextChild;
|
||||
+ for (RefPtr<Node> child = firstChild; child; child = nextChild) {
|
||||
+ nextChild = child->nextSibling();
|
||||
+ node->removeChild(child.get(), ignoredExceptionCode);
|
||||
+ ASSERT(!ignoredExceptionCode);
|
||||
+ fragment->insertBefore(child, node.get(), ignoredExceptionCode);
|
||||
+ ASSERT(!ignoredExceptionCode);
|
||||
+ }
|
||||
+ fragment->removeChild(node.get(), ignoredExceptionCode);
|
||||
+ ASSERT(!ignoredExceptionCode);
|
||||
+ } else if (node->hasTagName(headTag)) {
|
||||
+ fragment->removeChild(node.get(), ignoredExceptionCode);
|
||||
+ ASSERT(!ignoredExceptionCode);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return fragment.release();
|
||||
+}
|
||||
|
||||
PassRefPtr<Node> Element::cloneNode(bool deep)
|
||||
{
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-14 16:54:57.639394749 +0200
|
||||
@@ -28,6 +28,7 @@
|
||||
#include "ContainerNode.h"
|
||||
#include "QualifiedName.h"
|
||||
#include "ScrollTypes.h"
|
||||
+#include "DocumentFragment.h"
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
@@ -89,6 +90,8 @@ public:
|
||||
DEFINE_ATTRIBUTE_EVENT_LISTENER(search);
|
||||
DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart);
|
||||
|
||||
+ virtual PassRefPtr<DocumentFragment> createContextualFragment(const String&);
|
||||
+
|
||||
const AtomicString& getIDAttribute() const;
|
||||
bool hasAttribute(const QualifiedName&) const;
|
||||
const AtomicString& getAttribute(const QualifiedName&) const;
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-11 16:12:55.752525451 +0200
|
||||
@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range,
|
||||
|
||||
PassRefPtr<DocumentFragment> createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL)
|
||||
{
|
||||
- ASSERT(document->documentElement()->isHTMLElement());
|
||||
- // FIXME: What if the document element is not an HTML element?
|
||||
- HTMLElement *element = static_cast<HTMLElement*>(document->documentElement());
|
||||
-
|
||||
- RefPtr<DocumentFragment> fragment = element->createContextualFragment(markup);
|
||||
+ RefPtr<DocumentFragment> fragment = document->documentElement()->createContextualFragment(markup);
|
||||
|
||||
if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL())
|
||||
completeURLs(fragment.get(), baseURL);
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-11 16:12:55.753537613 +0200
|
||||
@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const
|
||||
return createMarkup(this);
|
||||
}
|
||||
|
||||
-PassRefPtr<DocumentFragment> HTMLElement::createContextualFragment(const String &html)
|
||||
+PassRefPtr<DocumentFragment> HTMLElement::createContextualFragment(const String &markup)
|
||||
{
|
||||
- // the following is in accordance with the definition as used by IE
|
||||
+ // The following is in accordance with the definition as used by IE.
|
||||
if (endTagRequirement() == TagStatusForbidden)
|
||||
return 0;
|
||||
|
||||
@@ -245,47 +245,7 @@ PassRefPtr<DocumentFragment> HTMLElement
|
||||
hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag))
|
||||
return 0;
|
||||
|
||||
- RefPtr<DocumentFragment> fragment = DocumentFragment::create(document());
|
||||
-
|
||||
- if (document()->isHTMLDocument())
|
||||
- parseHTMLDocumentFragment(html, fragment.get());
|
||||
- else {
|
||||
- if (!parseXMLDocumentFragment(html, fragment.get(), this))
|
||||
- // FIXME: We should propagate a syntax error exception out here.
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- // Exceptions are ignored because none ought to happen here.
|
||||
- int ignoredExceptionCode;
|
||||
-
|
||||
- // we need to pop <html> and <body> elements and remove <head> to
|
||||
- // accommodate folks passing complete HTML documents to make the
|
||||
- // child of an element.
|
||||
-
|
||||
- RefPtr<Node> nextNode;
|
||||
- for (RefPtr<Node> node = fragment->firstChild(); node; node = nextNode) {
|
||||
- nextNode = node->nextSibling();
|
||||
- if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) {
|
||||
- Node *firstChild = node->firstChild();
|
||||
- if (firstChild)
|
||||
- nextNode = firstChild;
|
||||
- RefPtr<Node> nextChild;
|
||||
- for (RefPtr<Node> child = firstChild; child; child = nextChild) {
|
||||
- nextChild = child->nextSibling();
|
||||
- node->removeChild(child.get(), ignoredExceptionCode);
|
||||
- ASSERT(!ignoredExceptionCode);
|
||||
- fragment->insertBefore(child, node.get(), ignoredExceptionCode);
|
||||
- ASSERT(!ignoredExceptionCode);
|
||||
- }
|
||||
- fragment->removeChild(node.get(), ignoredExceptionCode);
|
||||
- ASSERT(!ignoredExceptionCode);
|
||||
- } else if (node->hasTagName(headTag)) {
|
||||
- fragment->removeChild(node.get(), ignoredExceptionCode);
|
||||
- ASSERT(!ignoredExceptionCode);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- return fragment.release();
|
||||
+ return Element::createContextualFragment(markup);
|
||||
}
|
||||
|
||||
static inline bool hasOneChild(ContainerNode* node)
|
||||
@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str
|
||||
|
||||
void HTMLElement::setInnerText(const String& text, ExceptionCode& ec)
|
||||
{
|
||||
- // follow the IE specs about when this is allowed
|
||||
+ // Follow the IE specs about when this is allowed.
|
||||
if (endTagRequirement() == TagStatusForbidden) {
|
||||
ec = NO_MODIFICATION_ALLOWED_ERR;
|
||||
return;
|
||||
@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str
|
||||
|
||||
void HTMLElement::setOuterText(const String &text, ExceptionCode& ec)
|
||||
{
|
||||
- // follow the IE specs about when this is allowed
|
||||
+ // Follow the IE specs about when this is allowed.
|
||||
if (endTagRequirement() == TagStatusForbidden) {
|
||||
ec = NO_MODIFICATION_ALLOWED_ERR;
|
||||
return;
|
||||
@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str
|
||||
if (ec)
|
||||
return;
|
||||
|
||||
- // is previous node a text node? if so, merge into it
|
||||
+ // Is previous node a text node? If so, merge into it.
|
||||
Node* prev = t->previousSibling();
|
||||
if (prev && prev->isTextNode()) {
|
||||
Text* textPrev = static_cast<Text*>(prev);
|
||||
@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str
|
||||
t = textPrev;
|
||||
}
|
||||
|
||||
- // is next node a text node? if so, merge it in
|
||||
+ // Is next node a text node? If so, merge it in.
|
||||
Node* next = t->nextSibling();
|
||||
if (next && next->isTextNode()) {
|
||||
Text* textNext = static_cast<Text*>(next);
|
||||
@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const
|
||||
return 0;
|
||||
}
|
||||
|
||||
- // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative
|
||||
+ // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative.
|
||||
ec = NOT_SUPPORTED_ERR;
|
||||
return 0;
|
||||
}
|
||||
@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const
|
||||
Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec)
|
||||
{
|
||||
if (!newChild) {
|
||||
- // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative
|
||||
+ // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative.
|
||||
ec = TYPE_MISMATCH_ERR;
|
||||
return 0;
|
||||
}
|
||||
@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe
|
||||
|
||||
void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr)
|
||||
{
|
||||
- // vertical alignment with respect to the current baseline of the text
|
||||
- // right or left means floating images
|
||||
+ // Vertical alignment with respect to the current baseline of the text
|
||||
+ // right or left means floating images.
|
||||
int floatValue = CSSValueInvalid;
|
||||
int verticalAlignValue = CSSValueInvalid;
|
||||
|
32
qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
Normal file
32
qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
Normal file
@ -0,0 +1,32 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp 2010-06-15 13:55:36.853463455 +0200
|
||||
@@ -1611,7 +1611,7 @@ void RenderObject::styleWillChange(Style
|
||||
}
|
||||
}
|
||||
|
||||
-void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle*)
|
||||
+void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
|
||||
{
|
||||
if (s_affectsParentBlock)
|
||||
handleDynamicFloatPositionChange();
|
||||
@@ -1619,9 +1619,17 @@ void RenderObject::styleDidChange(StyleD
|
||||
if (!m_parent)
|
||||
return;
|
||||
|
||||
- if (diff == StyleDifferenceLayout)
|
||||
+ if (diff == StyleDifferenceLayout) {
|
||||
+ // If the object already needs layout, then setNeedsLayout won't do
|
||||
+ // any work. But if the containing block has changed, then we may need
|
||||
+ // to make the new containing blocks for layout. The change that can
|
||||
+ // directly affect the containing block of this object is a change to
|
||||
+ // the position style.
|
||||
+ if (m_needsLayout && oldStyle->position() != m_style->position())
|
||||
+ markContainingBlocksForLayout();
|
||||
+
|
||||
setNeedsLayoutAndPrefWidthsRecalc();
|
||||
- else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
|
||||
+ } else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
|
||||
setNeedsPositionedMovementLayout();
|
||||
|
||||
// Don't check for repaint here; we need to wait until the layer has been
|
45
qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
Normal file
45
qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
Normal file
@ -0,0 +1,45 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp 2010-06-11 00:09:43.741191104 +0200
|
||||
@@ -3039,22 +3039,33 @@
|
||||
// Locate the common ancestor render object for the two renderers.
|
||||
RenderObject* ancestor = commonAncestor(oldHoverObj, newHoverObj);
|
||||
|
||||
+ Vector<Node*, 32> nodesToRemoveFromChain;
|
||||
+ Vector<Node*, 32> nodesToAddToChain;
|
||||
+
|
||||
if (oldHoverObj != newHoverObj) {
|
||||
// The old hover path only needs to be cleared up to (and not including) the common ancestor;
|
||||
for (RenderObject* curr = oldHoverObj; curr && curr != ancestor; curr = curr->hoverAncestor()) {
|
||||
- if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) {
|
||||
- curr->node()->setActive(false);
|
||||
- curr->node()->setHovered(false);
|
||||
- }
|
||||
+ if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain()))
|
||||
+ nodesToRemoveFromChain.append(curr->node());
|
||||
}
|
||||
}
|
||||
|
||||
// Now set the hover state for our new object up to the root.
|
||||
for (RenderObject* curr = newHoverObj; curr; curr = curr->hoverAncestor()) {
|
||||
- if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) {
|
||||
- curr->node()->setActive(request.active());
|
||||
- curr->node()->setHovered(true);
|
||||
- }
|
||||
+ if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain()))
|
||||
+ nodesToAddToChain.append(curr->node());
|
||||
+ }
|
||||
+
|
||||
+ size_t removeCount = nodesToRemoveFromChain.size();
|
||||
+ for (size_t i = 0; i < removeCount; ++i) {
|
||||
+ nodesToRemoveFromChain[i]->setActive(false);
|
||||
+ nodesToRemoveFromChain[i]->setHovered(false);
|
||||
+ }
|
||||
+
|
||||
+ size_t addCount = nodesToAddToChain.size();
|
||||
+ for (size_t i = 0; i < addCount; ++i) {
|
||||
+ nodesToAddToChain[i]->setActive(request.active());
|
||||
+ nodesToAddToChain[i]->setHovered(true);
|
||||
}
|
||||
}
|
||||
|
33
qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
Normal file
33
qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-11 13:42:31.190174662 +0200
|
||||
@@ -207,7 +207,7 @@
|
||||
PassRefPtr<StringImpl> RenderText::originalText() const
|
||||
{
|
||||
Node* e = node();
|
||||
- return e ? static_cast<Text*>(e)->dataImpl() : 0;
|
||||
+ return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
|
||||
}
|
||||
|
||||
void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-11 13:42:31.197153658 +0200
|
||||
@@ -47,7 +47,7 @@
|
||||
PassRefPtr<StringImpl> RenderTextFragment::originalText() const
|
||||
{
|
||||
Node* e = node();
|
||||
- RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
|
||||
+ RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
|
||||
if (result && (start() > 0 || start() < result->length()))
|
||||
result = result->substring(start(), end());
|
||||
return result.release();
|
||||
@@ -76,7 +76,7 @@
|
||||
{
|
||||
if (start()) {
|
||||
Node* e = node();
|
||||
- StringImpl* original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
|
||||
+ StringImpl* original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
|
||||
if (original)
|
||||
return (*original)[start() - 1];
|
||||
}
|
16
qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
Normal file
16
qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp 2010-06-10 17:33:06.092192665 +0200
|
||||
@@ -88,8 +88,10 @@
|
||||
--number;
|
||||
letters[lettersSize - 1] = alphabet[number % alphabetSize];
|
||||
int length = 1;
|
||||
- while ((number /= alphabetSize) > 0)
|
||||
- letters[lettersSize - ++length] = alphabet[number % alphabetSize - 1];
|
||||
+ while ((number /= alphabetSize) > 0) {
|
||||
+ --number;
|
||||
+ letters[lettersSize - ++length] = alphabet[number % alphabetSize];
|
||||
+ }
|
||||
|
||||
ASSERT(length <= lettersSize);
|
||||
return String(&letters[lettersSize - length], length);
|
13
qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
Normal file
13
qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp 2010-06-02 04:03:11.000000000 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp 2010-06-11 14:45:02.625278334 +0200
|
||||
@@ -168,8 +168,7 @@
|
||||
|
||||
int usedSpan = 0;
|
||||
int i = 0;
|
||||
- while (usedSpan < span) {
|
||||
- ASSERT(cCol + i < nEffCols);
|
||||
+ while (usedSpan < span && cCol + i < nEffCols) {
|
||||
int eSpan = m_table->spanOfEffCol(cCol + i);
|
||||
// Only set if no col element has already set it.
|
||||
if (m_width[cCol + i].isAuto() && w.type() != Auto) {
|
29
qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
Normal file
29
qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
Normal file
@ -0,0 +1,29 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 2010-06-11 16:12:55.786338275 +0200
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp 2010-06-15 13:23:21.114401487 +0200
|
||||
@@ -1189,14 +1189,13 @@ void FrameView::scheduleRelayoutOfSubtre
|
||||
{
|
||||
ASSERT(m_frame->view() == this);
|
||||
|
||||
- if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer()
|
||||
- && m_frame->contentRenderer()->needsLayout())) {
|
||||
+ if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) {
|
||||
if (relayoutRoot)
|
||||
relayoutRoot->markContainingBlocksForLayout(false);
|
||||
return;
|
||||
}
|
||||
|
||||
- if (layoutPending()) {
|
||||
+ if (layoutPending() || !m_layoutSchedulingEnabled) {
|
||||
if (m_layoutRoot != relayoutRoot) {
|
||||
if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) {
|
||||
// Keep the current root
|
||||
@@ -1213,7 +1212,7 @@ void FrameView::scheduleRelayoutOfSubtre
|
||||
relayoutRoot->markContainingBlocksForLayout(false);
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
+ } else if (m_layoutSchedulingEnabled) {
|
||||
int delay = m_frame->document()->minimumLayoutDelay();
|
||||
m_layoutRoot = relayoutRoot;
|
||||
m_delayedLayout = delay != 0;
|
@ -0,0 +1,21 @@
|
||||
diff -up qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp
|
||||
--- qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck 2010-06-01 21:03:15.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp 2010-06-29 14:58:12.299073784 -0500
|
||||
@@ -76,7 +76,7 @@ static gboolean x11EventSourcePrepare(GS
|
||||
GX11EventSource *source = reinterpret_cast<GX11EventSource *>(s);
|
||||
return (XEventsQueued(X11->display, QueuedAfterFlush)
|
||||
|| (!(source->flags & QEventLoop::ExcludeUserInputEvents)
|
||||
- && !source->d->queuedUserInputEvents.isEmpty()));
|
||||
+ && source->d && !source->d->queuedUserInputEvents.isEmpty()));
|
||||
}
|
||||
|
||||
static gboolean x11EventSourceCheck(GSource *s)
|
||||
@@ -84,7 +84,7 @@ static gboolean x11EventSourceCheck(GSou
|
||||
GX11EventSource *source = reinterpret_cast<GX11EventSource *>(s);
|
||||
return (XEventsQueued(X11->display, QueuedAfterFlush)
|
||||
|| (!(source->flags & QEventLoop::ExcludeUserInputEvents)
|
||||
- && !source->d->queuedUserInputEvents.isEmpty()));
|
||||
+ && source->d && !source->d->queuedUserInputEvents.isEmpty()));
|
||||
}
|
||||
|
||||
static gboolean x11EventSourceDispatch(GSource *s, GSourceFunc callback, gpointer user_data)
|
@ -0,0 +1,47 @@
|
||||
diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init 2010-05-03 19:43:20.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp 2010-06-18 10:11:20.738800727 -0500
|
||||
@@ -35,6 +35,8 @@
|
||||
|
||||
namespace WebCore {
|
||||
|
||||
+typedef void gtkInitFunc(int *argc, char ***argv);
|
||||
+
|
||||
bool PluginPackage::fetchInfo()
|
||||
{
|
||||
if (!load())
|
||||
@@ -110,6 +112,8 @@ bool PluginPackage::load()
|
||||
NP_InitializeFuncPtr NP_Initialize;
|
||||
NPError npErr;
|
||||
|
||||
+ gtkInitFunc* gtkInit;
|
||||
+
|
||||
NP_Initialize = (NP_InitializeFuncPtr)m_module->resolve("NP_Initialize");
|
||||
m_NPP_Shutdown = (NPP_ShutdownProcPtr)m_module->resolve("NP_Shutdown");
|
||||
|
||||
@@ -127,6 +131,25 @@ bool PluginPackage::load()
|
||||
m_browserFuncs.getvalue = staticPluginQuirkRequiresGtkToolKit_NPN_GetValue;
|
||||
}
|
||||
|
||||
+ // WORKAROUND: Prevent gtk based plugin crashes such as BR# 40567 by
|
||||
+ // explicitly forcing the initializing of Gtk, i.e. calling gtk_init,
|
||||
+ // whenver the symbol is present in the plugin library loaded above.
|
||||
+ // Note that this workaround is based on code from the NSPluginClass ctor
|
||||
+ // in KDE's kdebase/apps/nsplugins/viewer/nsplugin.cpp file.
|
||||
+ gtkInit = (gtkInitFunc*)m_module->resolve("gtk_init");
|
||||
+ if (gtkInit) {
|
||||
+ // Prevent gtk_init() from replacing the X error handlers, since the Gtk
|
||||
+ // handlers abort when they receive an X error, thus killing the viewer.
|
||||
+#ifdef Q_WS_X11
|
||||
+ int (*old_error_handler)(Display*, XErrorEvent*) = XSetErrorHandler(0);
|
||||
+ int (*old_io_error_handler)(Display*) = XSetIOErrorHandler(0);
|
||||
+#endif
|
||||
+ gtkInit(0, 0);
|
||||
+#ifdef Q_WS_X11
|
||||
+ XSetErrorHandler(old_error_handler);
|
||||
+ XSetIOErrorHandler(old_io_error_handler);
|
||||
+#endif
|
||||
+ }
|
||||
#if defined(XP_UNIX)
|
||||
npErr = NP_Initialize(&m_browserFuncs, &m_pluginFuncs);
|
||||
#else
|
@ -0,0 +1,19 @@
|
||||
diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp.pluginpath qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp.pluginpath 2010-05-03 19:43:20.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp 2010-06-18 10:02:37.004788646 -0500
|
||||
@@ -345,6 +345,7 @@ Vector<String> PluginDatabase::defaultPl
|
||||
paths.append("/usr/lib/firefox/plugins");
|
||||
paths.append("/usr/lib64/browser-plugins");
|
||||
paths.append("/usr/lib/browser-plugins");
|
||||
+ paths.append("/usr/lib/mozilla/plugins-wrapped");
|
||||
paths.append("/usr/lib/mozilla/plugins");
|
||||
paths.append("/usr/local/netscape/plugins");
|
||||
paths.append("/opt/mozilla/plugins");
|
||||
@@ -355,6 +356,7 @@ Vector<String> PluginDatabase::defaultPl
|
||||
paths.append("/usr/lib/netscape/plugins-libc5");
|
||||
paths.append("/usr/lib/netscape/plugins-libc6");
|
||||
paths.append("/usr/lib64/netscape/plugins");
|
||||
+ paths.append("/usr/lib64/mozilla/plugins-wrapped");
|
||||
paths.append("/usr/lib64/mozilla/plugins");
|
||||
paths.append("/usr/lib/nsbrowser/plugins");
|
||||
paths.append("/usr/lib64/nsbrowser/plugins");
|
36
qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
Normal file
36
qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp.uic_multilib 2010-05-03 19:43:25.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp 2010-06-25 14:11:21.815474310 -0500
|
||||
@@ -152,7 +152,7 @@ void Ui3Reader::embed(const char *projec
|
||||
for ( it = images.begin(); it != images.end(); ++it )
|
||||
out << "** " << *it << "\n";
|
||||
out << "**\n";
|
||||
- out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
|
||||
+ out << "** Created: " << "\n";
|
||||
out << "** by: The User Interface Compiler for Qt version " << QT_VERSION_STR << "\n";
|
||||
out << "**\n";
|
||||
out << "** WARNING! All changes made in this file will be lost!\n";
|
||||
diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp.uic_multilib 2010-05-03 19:43:25.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp 2010-06-25 14:11:32.910460623 -0500
|
||||
@@ -146,7 +146,7 @@ void Uic::writeCopyrightHeader(DomUI *ui
|
||||
out << "/********************************************************************************\n";
|
||||
out << "** Form generated from reading UI file '" << QFileInfo(opt.inputFile).fileName() << "'\n";
|
||||
out << "**\n";
|
||||
- out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
|
||||
+ out << "** Created: " << "\n";
|
||||
out << "** " << QString::fromLatin1("by: Qt User Interface Compiler version %1\n").arg(QLatin1String(QT_VERSION_STR));
|
||||
out << "**\n";
|
||||
out << "** WARNING! All changes made in this file will be lost when recompiling UI file!\n";
|
||||
diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp
|
||||
--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp.uic_multilib 2010-05-03 19:43:25.000000000 -0500
|
||||
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp 2010-06-25 14:10:45.360711498 -0500
|
||||
@@ -139,7 +139,7 @@ void Uic::writeCopyrightHeader(DomUI *ui
|
||||
out << "/********************************************************************************\n";
|
||||
out << "** Form generated from reading UI file '" << QFileInfo(opt.inputFile).fileName() << "'\n";
|
||||
out << "**\n";
|
||||
- out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
|
||||
+ out << "** Created: " << "\n";
|
||||
out << "** " << QString::fromLatin1("by: Qt User Interface Compiler version %1\n").arg(QLatin1String(QT_VERSION_STR));
|
||||
out << "**\n";
|
||||
out << "** WARNING! All changes made in this file will be lost when recompiling UI file!\n";
|
191
qt.spec
191
qt.spec
@ -12,8 +12,8 @@
|
||||
Summary: Qt toolkit
|
||||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.6.2
|
||||
Release: 2%{?dist}
|
||||
Version: 4.6.3
|
||||
Release: 7%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
@ -34,6 +34,7 @@ Source5: qconfig-multilib.h
|
||||
# multilib hacks
|
||||
Patch2: qt-x11-opensource-src-4.2.2-multilib-optflags.patch
|
||||
Patch3: qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch
|
||||
Patch4: qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
|
||||
Patch5: qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch
|
||||
# hack around gcc/ppc crasher, http://bugzilla.redhat.com/492185
|
||||
Patch13: qt-x11-opensource-src-4.5.0-gcc_hack.patch
|
||||
@ -47,20 +48,45 @@ Patch21: qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch
|
||||
# use system ca-bundle certs, http://bugzilla.redhat.com/521911
|
||||
Patch22: qt-x11-opensource-src-4.5.3-system_ca_certificates.patch
|
||||
Requires: ca-certificates
|
||||
# may be upstreamable, not sure yet
|
||||
# workaround for gdal/grass crashers wrt glib_eventloop null deref's
|
||||
Patch23: qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch
|
||||
|
||||
## upstreamable bits
|
||||
# http://bugzilla.redhat.com/485677
|
||||
Patch51: qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch
|
||||
Patch52: qt-4.5-sparc64.patch
|
||||
# fix invalid inline assembly in qatomic_{i386,x86_64}.h (de)ref implementations
|
||||
Patch53: qt-x11-opensource-src-4.5.0-fix-qatomic-inline-asm.patch
|
||||
# fix invalid assumptions about mysql_config --libs
|
||||
# http://bugzilla.redhat.com/440673
|
||||
Patch54: qt-x11-opensource-src-4.5.1-mysql_config.patch
|
||||
# http://bugs.kde.org/show_bug.cgi?id=180051#c22
|
||||
Patch55: qt-cups-1.patch
|
||||
Patch55: qt-everywhere-opensource-src-4.6.2-cups.patch
|
||||
# fix type cast issue on s390x
|
||||
Patch56: qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
|
||||
# fix type cast issue on sparc64
|
||||
Patch57: qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
|
||||
# qtwebkit to search nspluginwrapper paths too
|
||||
Patch58: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_pluginpath.patch
|
||||
|
||||
# security patches
|
||||
# upstream or security patches
|
||||
# https://bugs.webkit.org/show_bug.cgi?id=40567
|
||||
Patch100: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch
|
||||
Patch104: qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch
|
||||
Patch106: qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
|
||||
Patch108: qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
|
||||
Patch109: qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
|
||||
Patch110: qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
|
||||
Patch111: qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
|
||||
Patch112: qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
|
||||
Patch113: qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
|
||||
Patch114: qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
|
||||
Patch115: qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
|
||||
Patch116: qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
|
||||
Patch117: qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
|
||||
Patch118: qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
|
||||
Patch119: qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
|
||||
Patch120: qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
|
||||
|
||||
# kde-qt git patches
|
||||
Patch201: 0001-This-patch-uses-object-name-as-a-fallback-for-window.patch
|
||||
@ -73,7 +99,9 @@ Patch207: 0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch
|
||||
Patch208: 0008-This-patch-makes-the-raster-graphics-system-use-shar.patch
|
||||
Patch209: 0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch
|
||||
Patch212: 0012-Add-context-to-tr-calls-in-QShortcut.patch
|
||||
|
||||
Patch217: http://qt.gitorious.org/+kde-developers/qt/kde-qt/commit/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
|
||||
# QTBUG-9793
|
||||
Patch218: http://qt.gitorious.org/qt/qt/commit/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch
|
||||
|
||||
Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg
|
||||
Source11: hi16-phonon-gstreamer.png
|
||||
@ -139,6 +167,7 @@ Source31: hi48-app-qt4-logo.png
|
||||
Prereq: /etc/ld.so.conf.d
|
||||
%endif
|
||||
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: dbus-devel >= 0.62
|
||||
BuildRequires: cups-devel
|
||||
BuildRequires: desktop-file-utils
|
||||
@ -260,6 +289,8 @@ Provides: phonon-devel = %{phonon_version}-%{phonon_release}
|
||||
%if 0%{?webkit:1}
|
||||
Obsoletes: WebKit-qt-devel < 1.0.0-1
|
||||
Provides: WebKit-qt-devel = 1.0.0-1
|
||||
Provides: qt4-webkit-devel = %{version}-%{release}
|
||||
Provides: qt4-webkit-devel%{?_isa} = %{version}-%{release}
|
||||
%endif
|
||||
Obsoletes: qt4-designer < %{version}-%{release}
|
||||
Provides: qt4-designer = %{version}-%{release}
|
||||
@ -269,6 +300,8 @@ Obsoletes: qt4-devel < %{version}-%{release}
|
||||
Provides: qt4-devel = %{version}-%{release}
|
||||
%{?_isa:Provides: qt4-devel%{?_isa} = %{version}-%{release}}
|
||||
Provides: qt4-static = %{version}-%{release}
|
||||
Provides: qt-assistant-adp-devel = %{version}-0.%{release}
|
||||
%{?_isa:Provides: qt-assistant-adp-devel%{?_isa} = %{version}-0.%{release}}
|
||||
|
||||
%description devel
|
||||
This package contains the files necessary to develop
|
||||
@ -365,6 +398,8 @@ Provides: qt4-phonon = %{version}-%{release}
|
||||
%if 0%{?webkit:1}
|
||||
Obsoletes: WebKit-qt < 1.0.0-1
|
||||
Provides: WebKit-qt = 1.0.0-1
|
||||
Provides: qt4-webkit = %{version}-%{release}
|
||||
Provides: qt4-webkit%{?_isa} = %{version}-%{release}
|
||||
%endif
|
||||
%if 0%{?sqlite:1}
|
||||
Requires: %{name}-sqlite%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
@ -374,6 +409,8 @@ Provides: %{name}-assistant = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
Obsoletes: qt4-x11 < %{version}-%{release}
|
||||
Provides: qt4-x11 = %{version}-%{release}
|
||||
Provides: qt-assistant-adp = %{version}-0.%{release}
|
||||
%{?_isa:Provides: qt-assistant-adp%{?_isa} = %{version}-0.%{release}}
|
||||
Requires(post): /sbin/ldconfig
|
||||
Requires(postun): /sbin/ldconfig
|
||||
|
||||
@ -390,6 +427,8 @@ Qt libraries used for drawing widgets and OpenGL items.
|
||||
%if "%{_qt4_datadir}" != "%{_qt4_prefix}"
|
||||
%patch3 -p1 -b .multilib-QMAKEPATH
|
||||
%endif
|
||||
%patch4 -p1 -b .uic_multilib
|
||||
|
||||
%patch5 -p1 -b .bz#437440-as_IN-437440
|
||||
%patch13 -p1 -b .gcc_hack
|
||||
%patch15 -p1 -b .enable_ft_lcdfilter
|
||||
@ -398,16 +437,37 @@ Qt libraries used for drawing widgets and OpenGL items.
|
||||
%patch19 -p1 -b .servicesfile
|
||||
%patch21 -p1 -b .gst-pulsaudio
|
||||
%patch22 -p1 -b .system_ca_certificates
|
||||
%patch23 -p1 -b .glib_eventloop_nullcheck
|
||||
%patch51 -p1 -b .qdoc3
|
||||
## FIXME: port patch
|
||||
#patch52 -p1 -b .sparc64
|
||||
## TODO: still worth carrying? if so, upstream it.
|
||||
%patch53 -p1 -b .qatomic-inline-asm
|
||||
## TODO: upstream me
|
||||
%patch54 -p1 -b .mysql_config
|
||||
%patch55 -p1 -b .cups-1
|
||||
%patch56 -p1 -b .typecast_s390x
|
||||
%patch57 -p1 -b .typecast_sparc64
|
||||
%patch58 -p1 -b .qtwebkit_pluginpath
|
||||
|
||||
# upstream patches
|
||||
%patch100 -p1 -b .qtwebkit_gtk_init
|
||||
|
||||
# security fixes
|
||||
%patch104 -p1 -b .cve-2010-0051-lax-css-parsing-cross-domain-theft
|
||||
%patch106 -p1 -b .cve-2010-0656
|
||||
%patch108 -p1 -b .cve-2010-0648
|
||||
%patch109 -p1 -b .CVE-2010-1303_1304
|
||||
%patch110 -p1 -b .CVE-2010-1392
|
||||
%patch111 -p1 -b .CVE-2010-1396
|
||||
%patch112 -p1 -b .CVE-2010-1397
|
||||
%patch113 -p1 -b .CVE-2010-1398
|
||||
%patch114 -p1 -b .CVE-2010-1400
|
||||
%patch115 -p1 -b .CVE-2010-1412
|
||||
%patch116 -p1 -b .CVE-2010-1770
|
||||
%patch117 -p1 -b .CVE-2010-1773
|
||||
%patch118 -p1 -b .CVE-2010-1774
|
||||
%patch119 -p1 -b .CVE-2010-1119
|
||||
%patch120 -p1 -b .CVE-2010-1778
|
||||
|
||||
|
||||
# kde-qt branch
|
||||
%patch201 -p1 -b .kde-qt-0001
|
||||
@ -418,15 +478,24 @@ Qt libraries used for drawing widgets and OpenGL items.
|
||||
%patch206 -p1 -b .kde-qt-0006
|
||||
%patch207 -p1 -b .kde-qt-0007
|
||||
%patch212 -p1 -b .kde-qt-0012
|
||||
%patch217 -p1 -b .QT_GRAPHICSSYSTEM
|
||||
%patch218 -p1 -b .QTBUG-9793
|
||||
|
||||
# drop -fexceptions from $RPM_OPT_FLAGS
|
||||
RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
|
||||
|
||||
%define platform linux-g++
|
||||
%if "%{_qt4_datadir}" != "%{_qt4_prefix}" && "%{_lib}" == "lib64"
|
||||
|
||||
# some 64bit platforms assume -64 suffix, https://bugzilla.redhat.com/569542
|
||||
%if "%{?__isa_bits}" == "64"
|
||||
%define platform linux-g++-64
|
||||
%endif
|
||||
|
||||
# https://bugzilla.redhat.com/478481
|
||||
%ifarch x86_64
|
||||
%define platform linux-g++
|
||||
%endif
|
||||
|
||||
sed -i \
|
||||
-e "s|-O2|$RPM_OPT_FLAGS|g" \
|
||||
-e "s|g++.conf|g++-multilib.conf|g" mkspecs/%{platform}/qmake.conf
|
||||
@ -454,12 +523,6 @@ if [ "%{_lib}" == "lib64" ] ; then
|
||||
sed -i -e "s,/lib /usr/lib,/%{_lib} /usr/%{_lib},g" config.tests/{unix,x11}/*.test
|
||||
fi
|
||||
|
||||
# let makefile create missing .qm files, the .qm files should be included in qt upstream
|
||||
for f in translations/*.ts ; do
|
||||
touch ${f%.ts}.qm
|
||||
done
|
||||
|
||||
|
||||
%build
|
||||
|
||||
# build shared, threaded (default) libraries
|
||||
@ -525,9 +588,6 @@ done
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
# recreate .qm files
|
||||
LD_LIBRARY_PATH=`pwd`/lib bin/lrelease translations/*.ts
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
@ -564,6 +624,8 @@ done
|
||||
|
||||
# nuke dangling reference(s) to %buildroot
|
||||
sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" %{buildroot}%{_qt4_libdir}/*.prl
|
||||
sed -i -e "s|-L%{_builddir}/qt-everywhere-opensource-src-%{version}/lib||g" \
|
||||
%{buildroot}%{_qt4_libdir}/pkgconfig/*.pc
|
||||
|
||||
# nuke QMAKE_PRL_LIBS, seems similar to static linking and .la files (#520323)
|
||||
sed -i -e "s|^QMAKE_PRL_LIBS|#QMAKE_PRL_LIBS|" %{buildroot}%{_qt4_libdir}/*.prl
|
||||
@ -691,10 +753,10 @@ cat >%{buildroot}%{_sysconfdir}/rpm/macros.qt4<<EOF
|
||||
%%_qt4_translationdir %%{_datadir}/qt4/translations
|
||||
EOF
|
||||
|
||||
# create/own %%_qt4_plugindir/styles
|
||||
mkdir %{buildroot}%{_qt4_plugindir}/styles
|
||||
# create/own %%_qt4_plugindir/gui_platform
|
||||
# create/own stuff under %%_qt4_plugindir
|
||||
mkdir %{buildroot}%{_qt4_plugindir}/crypto
|
||||
mkdir %{buildroot}%{_qt4_plugindir}/gui_platform
|
||||
mkdir %{buildroot}%{_qt4_plugindir}/styles
|
||||
|
||||
%if 0%{?phonon_internal}
|
||||
mkdir -p %{buildroot}%{_qt4_plugindir}/phonon_backend
|
||||
@ -827,6 +889,7 @@ fi
|
||||
%{_qt4_libdir}/libQtXmlPatterns.so.4*
|
||||
%dir %{_qt4_plugindir}
|
||||
%dir %{_qt4_plugindir}/sqldrivers/
|
||||
%dir %{_qt4_plugindir}/crypto/
|
||||
%{_qt4_translationdir}/
|
||||
|
||||
%if 0%{?demos}
|
||||
@ -987,6 +1050,7 @@ fi
|
||||
%{_qt4_libdir}/libQtSvg.so.4*
|
||||
%{?webkit:%{_qt4_libdir}/libQtWebKit.so.4*}
|
||||
%{_qt4_plugindir}/*
|
||||
%exclude %{_qt4_plugindir}/crypto
|
||||
%exclude %{_qt4_plugindir}/sqldrivers
|
||||
#if "%{?phonon_backend}" == "-phonon-backend"
|
||||
%if 0%{?phonon_backend_packaged}
|
||||
@ -1005,6 +1069,91 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jun 29 2010 Rex Dieter <rdieter@fedoraproject.org. 4.6.3-7
|
||||
- workaround glib_eventloop crasher induced by gdal/grass (bug #498111)
|
||||
|
||||
* Fri Jun 20 2010 Rex Dieter <rdieter@fedoraproject.org> 4.6.3-5
|
||||
- avoid timestamps in uic-generated files to be multilib-friendly
|
||||
|
||||
* Fri Jun 18 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.3-4
|
||||
- QtWebKit does not search correct plugin path(s) (#568860)
|
||||
- QtWebKit browsers crash with flash-plugin (rh#605677,webkit#40567)
|
||||
|
||||
* Tue Jun 15 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-3
|
||||
- WebKit security update:
|
||||
CVE-2010-1119, CVE-2010-1400, CVE-2010-1778
|
||||
|
||||
* Fri Jun 11 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-2
|
||||
- WebKit security update:
|
||||
CVE-2010-1303_1304, CVE-2010-1392, CVE-2010-1396, CVE-2010-1397,
|
||||
CVE-2010-1398, CVE-2010-1412, CVE-2010-1770,
|
||||
CVE-2010-1773, CVE-2010-1774
|
||||
|
||||
* Tue Jun 08 2010 Than Ngo <than@redhat.com> - 4.6.3-1
|
||||
- 4.6.3
|
||||
|
||||
* Thu May 27 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-20
|
||||
- Unsafe use of rand() in X11 (QTBUG-9793)
|
||||
|
||||
* Mon May 17 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-19
|
||||
- support QT_GRAPHICSSYSTEM env
|
||||
|
||||
* Thu May 06 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-18
|
||||
- +Provides: qt4-webkit(-devel)
|
||||
|
||||
* Thu May 06 2010 Than Ngo <than@redhat.com> - 4.6.2-17
|
||||
- bz#589169, fix multiple flaws in webkit
|
||||
CVE-2010-0047, CVE-2010-0648, CVE-2010-0656
|
||||
|
||||
* Thu Apr 29 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-16
|
||||
- restore qt-everywhere-opensource-src-4.6.2-cups.patch (#586725)
|
||||
|
||||
* Wed Apr 28 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-15
|
||||
- own %%{_qt4_plugindir}/crypto
|
||||
|
||||
* Thu Apr 15 2010 Than Ngo <than@redhat.com> - 4.6.2-14
|
||||
- backport from 4.7 branch to get the printDialog to check
|
||||
for default paperSize via CUPS, it replaces the patch
|
||||
qt-everywhere-opensource-src-4.6.2-cups.patch
|
||||
|
||||
* Tue Apr 06 2010 Than Ngo <than@redhat.com> - 4.6.2-13
|
||||
- backport from 4.7 branch to fix s390(x) atomic ops crashes
|
||||
|
||||
* Fri Apr 02 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-12
|
||||
- Associate text/vnd.trolltech.linguist with linguist (#579082)
|
||||
|
||||
* Tue Mar 23 2010 Tom "spot" Callaway <tcallawa@redhat.com> - 4.6.2-11
|
||||
- fix type cast issue on sparc64
|
||||
- drop "recreate .qm file", it's not needed anymore
|
||||
|
||||
* Tue Mar 23 2010 Than Ngo <than@redhat.com> - 4.6.2-10
|
||||
- fix type cast issue on s390x
|
||||
|
||||
* Mon Mar 22 2010 Than Ngo <than@redhat.com> - 4.6.2-9
|
||||
- backport patch to fix a crash when reparenting an item
|
||||
in QGraphicsView, QTBUG-6932
|
||||
- drop dangling reference(s) to %%buildroot in *.pc
|
||||
|
||||
* Wed Mar 17 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.2-8
|
||||
- WebKit security update:
|
||||
CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051,
|
||||
CVE-2010-0052, CVE-2010-0054
|
||||
|
||||
* Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-7
|
||||
- BR alsa-lib-devel (for QtMultimedia)
|
||||
|
||||
* Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-6
|
||||
- Provides: qt-assistant-adp(-devel)
|
||||
|
||||
* Fri Mar 05 2010 Than Ngo <than@redhat.com> - 4.6.2-5
|
||||
- Make tablet detection work with new wacom drivers (#569132)
|
||||
|
||||
* Mon Mar 01 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-4
|
||||
- fix 64bit platform logic, use linux-g++-64 everywhere except x86_64 (#569542)
|
||||
|
||||
* Sun Feb 28 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-3
|
||||
- fix CUPS patch not to crash if currentPPD is NULL (#566304)
|
||||
|
||||
* Tue Feb 16 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-2
|
||||
- macros.qt4: s/qt45/qt46/
|
||||
|
||||
|
2
sources
2
sources
@ -7,4 +7,4 @@ d9f511e4b51983b4e10eb58b320416d5 hi128-app-qt4-logo.png
|
||||
12db12c009b722a6dc141f78feb7e330 hi32-phonon-gstreamer.png
|
||||
86c34a1b81d44980b1381f94ed6b7a23 hi48-phonon-gstreamer.png
|
||||
153505c71ec021b0a3bd4b74f2492e93 hi64-phonon-gstreamer.png
|
||||
eb651ee4b157c01696aa56777fc6e0e5 qt-everywhere-opensource-src-4.6.2.tar.gz
|
||||
5c69f16d452b0bb3d44bc3c10556c072 qt-everywhere-opensource-src-4.6.3.tar.gz
|
||||
|
Loading…
Reference in New Issue
Block a user