respin glib_eventloop_nullcheck.patch

do the deref check in the right place
- workaround glib_eventloop crasher induced by gdal/grass (bug #498111 )
2010-06-29 19:55:43 +00:00 · 2010-06-29 17:33:57 +00:00 · 2010-06-29 17:13:16 +00:00 · 2010-06-25 19:12:03 +00:00 · 2010-06-18 15:56:24 +00:00 · 2010-06-18 15:37:07 +00:00
31 changed files with 3555 additions and 175 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -8,3 +8,4 @@ hi32-phonon-gstreamer.png
 hi48-phonon-gstreamer.png
 hi64-phonon-gstreamer.png
 qt-everywhere-opensource-src-4.6.2.tar.gz
+qt-everywhere-opensource-src-4.6.3.tar.gz
--- a/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch
+++ b/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch
@ -0,0 +1,44 @@
+From 0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c Mon Sep 17 00:00:00 2001
+From: Bradley T. Hughes <bradley.hughes@nokia.com>
+Date: Tue, 4 May 2010 16:25:18 +0200
+Subject: [PATCH] Use qrand() instead of rand()
+
+This only affects X11 code, and are the only 2 places in Qt where rand() is
+used instead of qrand().
+
+Task-number: QTBUG-9793
+Reviewed-by: TrustMe
+---
+ src/gui/kernel/qwidget_x11.cpp        |    2 +-
+ src/gui/painting/qpaintengine_x11.cpp |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/gui/kernel/qwidget_x11.cpp b/src/gui/kernel/qwidget_x11.cpp
+index 37ac6bf..43f510c 100644
+--- a/src/gui/kernel/qwidget_x11.cpp
+++ b/src/gui/kernel/qwidget_x11.cpp
+@@ -3000,7 +3000,7 @@ Picture QX11Data::getSolidFill(int screen, const QColor &c)
+             return X11->solid_fills[i].picture;
+     }
+     // none found, replace one
+-    int i = rand() % 16;
+    int i = qrand() % 16;
+ 
+     if (X11->solid_fills[i].screen != screen && X11->solid_fills[i].picture) {
+         XRenderFreePicture (X11->display, X11->solid_fills[i].picture);
+diff --git a/src/gui/painting/qpaintengine_x11.cpp b/src/gui/painting/qpaintengine_x11.cpp
+index da48fcb..aef8b80 100644
+--- a/src/gui/painting/qpaintengine_x11.cpp
+++ b/src/gui/painting/qpaintengine_x11.cpp
+@@ -315,7 +315,7 @@ static Picture getPatternFill(int screen, const QBrush &b)
+             return X11->pattern_fills[i].picture;
+     }
+     // none found, replace one
+-    int i = rand() % 16;
+    int i = qrand() % 16;
+ 
+     if (X11->pattern_fills[i].screen != screen && X11->pattern_fills[i].picture) {
+ 	XRenderFreePicture (X11->display, X11->pattern_fills[i].picture);
+-- 
+1.6.1
+
--- a/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
+++ b/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
@ -0,0 +1,28 @@
+From 55ef01d93f8257b5927660290fc1ead0b2b74ec9 Mon Sep 17 00:00:00 2001
+From: Andreas Hartmetz <ahartmetz@gmail.com>
+Date: Thu, 18 Mar 2010 02:41:14 +0100
+Subject: [PATCH] Add environment variable switch for graphicssystem so distros and
+ non-developers can more easily pick a different default.
+
+---
+ src/gui/kernel/qapplication.cpp |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/src/gui/kernel/qapplication.cpp b/src/gui/kernel/qapplication.cpp
+index 49713cf..af83047 100644
+--- a/src/gui/kernel/qapplication.cpp
+++ b/src/gui/kernel/qapplication.cpp
+@@ -763,6 +763,10 @@ void QApplicationPrivate::construct(
+ 
+     qt_is_gui_used = (qt_appType != QApplication::Tty);
+     process_cmdline();
+    // the environment variable has the lowest precedence of runtime graphicssystem switches
+    if (graphics_system_name.isEmpty()) {
+        graphics_system_name = QString::fromLocal8Bit(qgetenv("QT_GRAPHICSSYSTEM"));
+    }
+     // Must be called before initialize()
+     qt_init(this, qt_appType
+ #ifdef Q_WS_X11
+-- 
+1.6.1
+
--- a/1
+++ b/1
@ -0,0 +1 @@
+F-13
--- a/linguist.desktop
+++ b/linguist.desktop
@ -3,7 +3,7 @@ Name=Qt4 Linguist
 Comment=Add translations to Qt4 applications
 Exec=linguist-qt4
 Icon=linguist
-MimeType=application/x-linguist;
+MimeType=text/vnd.trolltech.linguist;application/x-linguist;
 Terminal=false
 Encoding=UTF-8
 Type=Application
--- a/qt-4.5-sparc64.patch
+++ b/qt-4.5-sparc64.patch
@ -1,60 +0,0 @@
--- qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Threading.h.orig	2009-03-15 00:21:08.000000000 -0500
-+++ qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Threading.h	2009-03-15 00:22:38.000000000 -0500
-@@ -196,14 +196,14 @@
- #elif COMPILER(GCC)
- #define WTF_USE_LOCKFREE_THREADSAFESHARED 1
- 
-inline void atomicIncrement(int volatile* addend) { __gnu_cxx::__atomic_add(addend, 1); }
-inline int atomicDecrement(int volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, -1) - 1; }
-+inline void atomicIncrement(_Atomic_word volatile* addend) { __gnu_cxx::__atomic_add(addend, 1); }
-+inline _Atomic_word atomicDecrement(_Atomic_word volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, -1) - 1; }
- 
- #endif
- 
- template<class T> class ThreadSafeShared : Noncopyable {
- public:
-    ThreadSafeShared(int initialRefCount = 1)
-+    ThreadSafeShared(_Atomic_word initialRefCount = 1)
-         : m_refCount(initialRefCount)
-     {
-     }
-@@ -237,16 +237,16 @@
-         return refCount() == 1;
-     }
- 
-    int refCount() const
-+    _Atomic_word refCount() const
-     {
- #if !USE(LOCKFREE_THREADSAFESHARED)
-         MutexLocker locker(m_mutex);
- #endif
-        return static_cast<int const volatile &>(m_refCount);
-+        return static_cast<_Atomic_word const volatile &>(m_refCount);
-     }
- 
- private:
-    int m_refCount;
-+    _Atomic_word m_refCount;
- #if !USE(LOCKFREE_THREADSAFESHARED)
-     mutable Mutex m_mutex;
- #endif
--- qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.orig	2009-03-15 00:21:37.000000000 -0500
-+++ qt-x11-opensource-src-4.5.0/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h	2009-03-15 00:22:38.000000000 -0500
-@@ -214,9 +214,16 @@
- #endif
- 
- /* PLATFORM(SPARC64) */
-#if defined(__sparc64__)
-+#if defined(__sparc64__) \
-+    || defined(__sparc__) && defined(_arch64__)
- #define WTF_PLATFORM_SPARC64 1
- #define WTF_PLATFORM_BIG_ENDIAN 1
-+#else 
-+/* PLATFORM(SPARC) */
-+#if defined(__sparc__)
-+#define WTF_PLATFORM_SPARC 1
-+#define WTF_PLATFORM_BIG_ENDIAN 1
-+#endif
- #endif
- 
- /* PLATFORM(WIN_CE) && PLATFORM(QT)
--- a/qt-cups-1.patch
+++ b/qt-cups-1.patch
@ -1,92 +0,0 @@
-diff --git a/src/gui/dialogs/qprintdialog_unix.cpp b/src/gui/dialogs/qprintdialog_unix.cpp
-index 23f5831..f34277a 100644
--- a/src/gui/dialogs/qprintdialog_unix.cpp
-+++ b/src/gui/dialogs/qprintdialog_unix.cpp
-@@ -569,6 +569,34 @@ void QPrintDialogPrivate::setTabs(const QList<QWidget*> &tabWidgets)
- void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups)
- {
-     options.duplex->setEnabled(cups && cups->ppdOption("Duplex"));
-+
-+    if(cups)
-+      {
-+    	const ppd_option_t* duplex = cups->ppdOption("Duplex");
-+    	if( duplex )
-+    	  {
-+    	    // copy default ppd duplex to qt dialog
-+    	    if( qstrcmp(duplex->defchoice, "DuplexTumble") == 0 )
-+    	      options.duplexShort->setChecked(true);
-+    	    else if ( qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0 )
-+    	      options.duplexLong->setChecked(true);
-+    	    else
-+    	      options.noDuplex->setChecked(true);
-+    	  }
-+
-+    	// set default color
-+    	if( cups->currentPPD()->color_device )
-+    	  options.color->setChecked(true);
-+    	else
-+    	  options.grayscale->setChecked(true);
-+
-+    	// set collation
-+    	const ppd_option_t *collate = cups->ppdOption("Collate");
-+    	if( collate )
-+    	  {
-+    	    options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0);
-+    	  }
-+      }
- }
- #endif
- 
-diff --git a/src/gui/painting/qprinter.cpp b/src/gui/painting/qprinter.cpp
-index 4d2b50a..c7ab1b3 100644
--- a/src/gui/painting/qprinter.cpp
-+++ b/src/gui/painting/qprinter.cpp
-@@ -627,6 +627,48 @@ QPrinter::QPrinter(PrinterMode mode)
-                && d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) {
-         setOutputFormat(QPrinter::PdfFormat);
-     }
-+
-+#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY)
-+    // fill in defaults from ppd file
-+    QCUPSSupport cups;
-+    
-+    int printernum = -1;
-+    for(int i = 0; i < cups.availablePrintersCount(); i++)
-+      {
-+	if( printerName().toLocal8Bit() == cups.availablePrinters()[i].name )
-+	  printernum = i;
-+      }
-+    if( printernum >= 0 )
-+      {
-+	cups.setCurrentPrinter(printernum);
-+
-+    	const ppd_option_t* duplex = cups.ppdOption("Duplex");
-+    	if( duplex )
-+    	  {
-+    	    // copy default ppd duplex to qt dialog
-+    	    if( qstrcmp(duplex->defchoice, "DuplexTumble") == 0 )
-+	      setDuplex(DuplexShortSide);
-+    	    else if ( qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0 )
-+	      setDuplex(DuplexLongSide);
-+    	    else
-+	      setDuplex(DuplexNone);
-+    	  }
-+
-+    	// set default color
-+    	if( cups.currentPPD()->color_device )
-+	  setColorMode(Color);
-+    	else
-+	  setColorMode(GrayScale);
-+
-+    	// set collation
-+    	const ppd_option_t *collate = cups.ppdOption("Collate");
-+    	if( collate )
-+    	  {
-+    	    setCollateCopies(qstrcmp(collate->defchoice, "True")==0);
-+    	  }
-+      }
-+
-+#endif
- }
- 
- /*!
--- a/qt-everywhere-opensource-src-4.6.2-cups.patch
+++ b/qt-everywhere-opensource-src-4.6.2-cups.patch
@ -0,0 +1,84 @@
+diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp	2010-02-11 16:55:22.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp	2010-02-28 04:34:16.000000000 +0100
+@@ -569,6 +569,32 @@
+ void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups)
+ {
+     options.duplex->setEnabled(cups && cups->ppdOption("Duplex"));
+
+    if (cups) {
+        const ppd_option_t* duplex = cups->ppdOption("Duplex");
+        if (duplex) {
+            // copy default ppd duplex to qt dialog
+            if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0)
+                options.duplexShort->setChecked(true);
+            else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0)
+                options.duplexLong->setChecked(true);
+            else
+                options.noDuplex->setChecked(true);
+        }
+
+        if (cups->currentPPD()) {
+            // set default color
+            if (cups->currentPPD()->color_device)
+                options.color->setChecked(true);
+            else
+                options.grayscale->setChecked(true);
+        }
+
+        // set collation
+        const ppd_option_t *collate = cups->ppdOption("Collate");
+        if (collate)
+            options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0);
+    }
+ }
+ #endif
+ 
+diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp	2010-02-11 16:55:22.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp	2010-02-28 04:55:15.000000000 +0100
+@@ -627,6 +627,44 @@
+                && d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) {
+         setOutputFormat(QPrinter::PdfFormat);
+     }
+
+#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY)
+    // fill in defaults from ppd file
+    QCUPSSupport cups;
+
+    int printernum = -1;
+    for (int i = 0; i < cups.availablePrintersCount(); i++) {
+        if (printerName().toLocal8Bit() == cups.availablePrinters()[i].name)
+            printernum = i;
+    }
+    if (printernum >= 0) {
+        cups.setCurrentPrinter(printernum);
+
+        const ppd_option_t* duplex = cups.ppdOption("Duplex");
+        if (duplex) {
+            // copy default ppd duplex to qt dialog
+            if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0)
+                setDuplex(DuplexShortSide);
+            else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0)
+                setDuplex(DuplexLongSide);
+            else
+                setDuplex(DuplexNone);
+        }
+
+        if (cups.currentPPD()) {
+            // set default color
+            if (cups.currentPPD()->color_device)
+                setColorMode(Color);
+            else
+                setColorMode(GrayScale);
+        }
+
+        // set collation
+        const ppd_option_t *collate = cups.ppdOption("Collate");
+        if (collate)
+            setCollateCopies(qstrcmp(collate->defchoice, "True")==0);
+    }
+#endif
+ }
+ 
+ /*!
--- a/qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch
+++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch
@ -0,0 +1,267 @@
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSGrammar.y	2010-02-25 17:07:29.114742034 +0100
+@@ -416,7 +416,9 @@ valid_rule:
+   ;
+ 
+ rule:
+-    valid_rule
+    valid_rule {
+        static_cast<CSSParser*>(parser)->m_hadSyntacticallyValidCSSRule = true;
+    }
+   | invalid_rule
+   | invalid_at
+   | invalid_import
+@@ -1517,8 +1519,12 @@ invalid_rule:
+     ;
+ 
+ invalid_block:
+-    '{' error invalid_block_list error closing_brace
+-  | '{' error closing_brace
+    '{' error invalid_block_list error closing_brace {
+        static_cast<CSSParser*>(parser)->invalidBlockHit();
+    }
+  | '{' error closing_brace {
+        static_cast<CSSParser*>(parser)->invalidBlockHit();
+    }
+     ;
+ 
+ invalid_block_list:
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp	2010-02-25 17:13:34.292803953 +0100
+@@ -25,6 +25,7 @@
+ #include "CachedCSSStyleSheet.h"
+ #include "DocLoader.h"
+ #include "Document.h"
+#include "SecurityOrigin.h"
+ #include "MediaList.h"
+ #include "Settings.h"
+ #include <wtf/StdLibExtras.h>
+@@ -60,11 +61,21 @@ void CSSImportRule::setCSSStyleSheet(con
+         m_styleSheet->setParent(0);
+     m_styleSheet = CSSStyleSheet::create(this, url, charset);
+ 
+    bool crossOriginCSS = false;
+    bool validMIMEType = false;
+     CSSStyleSheet* parent = parentStyleSheet();
+     bool strict = !parent || parent->useStrictParsing();
+-    String sheetText = sheet->sheetText(strict);
+    bool enforceMIMEType = strict;
+
+    String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
+     m_styleSheet->parseString(sheetText, strict);
+ 
+    if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+        crossOriginCSS = true;
+
+    if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader())
+        m_styleSheet = CSSStyleSheet::create(this, url, charset);
+
+     if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) {
+         // Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
+         DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-25 17:07:29.101741771 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.cpp	2010-02-25 17:07:29.117741744 +0100
+@@ -139,6 +139,7 @@ CSSParser::CSSParser(bool strictParsing)
+     , m_currentShorthand(0)
+     , m_implicitShorthand(false)
+     , m_hasFontFaceOnlyValues(false)
+    , m_hadSyntacticallyValidCSSRule(false)
+     , m_defaultNamespace(starAtom)
+     , m_data(0)
+     , yy_start(1)
+@@ -5175,6 +5176,12 @@ WebKitCSSKeyframeRule* CSSParser::create
+     return keyframePtr;
+ }
+ 
+void CSSParser::invalidBlockHit()
+{
+    if (m_styleSheet && !m_hadSyntacticallyValidCSSRule)
+        m_styleSheet->setHasSyntacticallyValidCSSHeader(false);
+}
+
+ static int cssPropertyID(const UChar* propertyName, unsigned length)
+ {
+     if (!length)
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSParser.h	2010-02-25 17:07:29.117741744 +0100
+@@ -191,6 +191,7 @@ namespace WebCore {
+         bool addVariableDeclarationBlock(const CSSParserString&);
+         bool checkForVariables(CSSParserValueList*);
+         void addUnresolvedProperty(int propId, bool important);
+        void invalidBlockHit();
+         
+         Vector<CSSSelector*>* reusableSelectorVector() { return &m_reusableSelectorVector; }
+         
+@@ -212,6 +213,7 @@ namespace WebCore {
+         bool m_implicitShorthand;
+ 
+         bool m_hasFontFaceOnlyValues;
+        bool m_hadSyntacticallyValidCSSRule;
+ 
+         Vector<String> m_variableNames;
+         Vector<RefPtr<CSSValue> > m_variableValues;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp	2010-02-25 17:07:29.118741824 +0100
+@@ -41,6 +41,7 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe
+     , m_loadCompleted(false)
+     , m_strictParsing(!parentSheet || parentSheet->useStrictParsing())
+     , m_isUserStyleSheet(parentSheet ? parentSheet->isUserStyleSheet() : false)
+    , m_hasSyntacticallyValidCSSHeader(true)
+ {
+ }
+ 
+@@ -52,6 +53,7 @@ CSSStyleSheet::CSSStyleSheet(Node* paren
+     , m_loadCompleted(false)
+     , m_strictParsing(false)
+     , m_isUserStyleSheet(false)
+    , m_hasSyntacticallyValidCSSHeader(true)
+ {
+ }
+ 
+@@ -61,6 +63,7 @@ CSSStyleSheet::CSSStyleSheet(CSSRule* ow
+     , m_charset(charset)
+     , m_loadCompleted(false)
+     , m_strictParsing(!ownerRule || ownerRule->useStrictParsing())
+    , m_hasSyntacticallyValidCSSHeader(true)
+ {
+     CSSStyleSheet* parentSheet = ownerRule ? ownerRule->parentStyleSheet() : 0;
+     m_doc = parentSheet ? parentSheet->doc() : 0;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h	2010-02-25 17:07:29.118741824 +0100
+@@ -95,6 +95,8 @@ public:
+ 
+     void setIsUserStyleSheet(bool b) { m_isUserStyleSheet = b; }
+     bool isUserStyleSheet() const { return m_isUserStyleSheet; }
+    void setHasSyntacticallyValidCSSHeader(bool b) { m_hasSyntacticallyValidCSSHeader = b; }
+    bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; }
+ 
+ private:
+     CSSStyleSheet(Node* ownerNode, const String& href, const String& charset);
+@@ -110,6 +112,7 @@ private:
+     bool m_loadCompleted : 1;
+     bool m_strictParsing : 1;
+     bool m_isUserStyleSheet : 1;
+    bool m_hasSyntacticallyValidCSSHeader : 1;
+ };
+ 
+ } // namespace
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp	2010-02-25 17:07:29.118741824 +0100
+@@ -203,7 +203,10 @@ void ProcessingInstruction::setCSSStyleS
+ #endif
+     RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, url, charset);
+     m_sheet = newSheet;
+-    parseStyleSheet(sheet->sheetText());
+    // We don't need the cross-origin security check here because we are
+    // getting the sheet text in "strict" mode. This enforces a valid CSS MIME
+    // type.
+    parseStyleSheet(sheet->sheetText(true));
+     newSheet->setTitle(m_title);
+     newSheet->setMedia(MediaList::create(newSheet.get(), m_media));
+     newSheet->setDisabled(m_alternate);
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp	2010-02-25 17:07:29.119741915 +0100
+@@ -260,14 +260,27 @@ void HTMLLinkElement::setCSSStyleSheet(c
+     bool strictParsing = !document()->inCompatMode();
+     bool enforceMIMEType = strictParsing;
+ 
+    bool crossOriginCSS = false;
+    bool validMIMEType = false;
+     // Check to see if we should enforce the MIME type of the CSS resource in strict mode.
+     // Running in iWeb 2 is one example of where we don't want to - <rdar://problem/6099748>
+     if (enforceMIMEType && document()->page() && !document()->page()->settings()->enforceCSSMIMETypeInStrictMode())
+         enforceMIMEType = false;
+ 
+-    String sheetText = sheet->sheetText(enforceMIMEType);
+    String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
+     m_sheet->parseString(sheetText, strictParsing);
+ 
+    // If we're loading a stylesheet cross-origin, and the MIME type is not
+    // standard, require the CSS to at least start with a syntactically
+    // valid CSS rule.
+    // This prevents an attacker playing games by injecting CSS strings into
+    // HTML, XML, JSON, etc. etc.
+    if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+        crossOriginCSS = true;
+
+    if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader())
+        m_sheet = CSSStyleSheet::create(this, url, charset);
+
+     if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) {
+         // Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
+         DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp	2010-02-25 17:07:29.119741915 +0100
+@@ -71,11 +71,11 @@ String CachedCSSStyleSheet::encoding() c
+     return m_decoder->encoding().name();
+ }
+     
+-const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType) const 
+const String CachedCSSStyleSheet::sheetText(bool enforceMIMEType, bool* hasValidMIMEType) const 
+ { 
+     ASSERT(!isPurgeable());
+ 
+-    if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType))
+    if (!m_data || m_data->isEmpty() || !canUseSheet(enforceMIMEType, hasValidMIMEType))
+         return String();
+     
+     if (!m_decodedSheetText.isNull())
+@@ -122,12 +122,12 @@ void CachedCSSStyleSheet::error()
+     checkNotify();
+ }
+ 
+-bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType) const
+bool CachedCSSStyleSheet::canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const
+ {
+     if (errorOccurred())
+         return false;
+         
+-    if (!enforceMIMEType)
+    if (!enforceMIMEType && !hasValidMIMEType)
+         return true;
+ 
+     // This check exactly matches Firefox.  Note that we grab the Content-Type
+@@ -138,7 +138,12 @@ bool CachedCSSStyleSheet::canUseSheet(bo
+     // This code defaults to allowing the stylesheet for non-HTTP protocols so
+     // folks can use standards mode for local HTML documents.
+     String mimeType = extractMIMETypeFromMediaType(response().httpHeaderField("Content-Type"));
+-    return mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
+    bool typeOK = mimeType.isEmpty() || equalIgnoringCase(mimeType, "text/css") || equalIgnoringCase(mimeType, "application/x-unknown-content-type");
+    if (hasValidMIMEType)
+        *hasValidMIMEType = typeOK;
+    if (!enforceMIMEType)
+        return true;
+    return typeOK;
+ }
+  
+ }
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h.cve-2010-0051-lax-css-parsing-cross-domain-theft	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.h	2010-02-25 17:07:29.120741848 +0100
+@@ -40,7 +40,7 @@ namespace WebCore {
+         CachedCSSStyleSheet(const String& URL, const String& charset);
+         virtual ~CachedCSSStyleSheet();
+ 
+-        const String sheetText(bool enforceMIMEType = true) const;
+        const String sheetText(bool enforceMIMEType = true, bool* hasValidMIMEType = 0) const;
+ 
+         virtual void didAddClient(CachedResourceClient*);
+         
+@@ -56,7 +56,7 @@ namespace WebCore {
+         void checkNotify();
+     
+     private:
+-        bool canUseSheet(bool enforceMIMEType) const;
+        bool canUseSheet(bool enforceMIMEType, bool* hasValidMIMEType) const;
+ 
+     protected:
+         RefPtr<TextResourceDecoder> m_decoder;
--- a/qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
+++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
@ -0,0 +1,782 @@
+diff -U0 qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/ChangeLog	2010-05-03 15:55:37.703101680 +0200
+@@ -0,0 +1,90 @@
+2010-01-20  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Stylesheet href property shows redirected URL unlike other browsers
+        https://bugs.webkit.org/show_bug.cgi?id=33683
+
+        Teach StyleSheet the difference between original and final URLs in
+        redirect chains.  Unfortunately, StyleSheet needs to know both of these
+        URLs.  The original URL is needed for the href property and the final
+        URL is needed as the baseURL.
+
+        This change required touching a lot of lines of code because we need to
+        plumb this information to the StyleSheet object.  I audited all
+        existing clients of href() and setHref() to see whether they wanted the
+        original or final URLs.  I then updated the clients (except the JS
+        bindings themselves) to use the correct accessor.
+
+        Test: http/tests/security/stylesheet-href-redirect.html
+
+        * css/CSSImportRule.cpp:
+        (WebCore::CSSImportRule::setCSSStyleSheet):
+        (WebCore::CSSImportRule::insertedIntoParent):
+        * css/CSSImportRule.h:
+        * css/CSSStyleSheet.cpp:
+        (WebCore::CSSStyleSheet::CSSStyleSheet):
+        * css/CSSStyleSheet.h:
+        (WebCore::CSSStyleSheet::create): 
+        (WebCore::CSSStyleSheet::createInline): Added a new constructor to deal
+        with "inline" style sheets that don't have a distinct original and
+        final URL.
+        * css/StyleBase.cpp:
+        (WebCore::StyleBase::baseURL): This code wants to use the final URL,
+        not the original URL.  Updated it to grab the baseURL directly.
+        * css/StyleSheet.cpp:
+        (WebCore::StyleSheet::StyleSheet):
+        * css/StyleSheet.h:
+        (WebCore::StyleSheet::href):
+        (WebCore::StyleSheet::setBaseURL): This function really just updates
+        the base URL of the style sheet, so I made it more explicit.
+        (WebCore::StyleSheet::putativeBaseURL): We need an accessor for the
+        base URL, but baseURL is already taken.
+        * dom/Document.cpp:
+        (WebCore::Document::updateBaseURL):
+        (WebCore::Document::pageUserSheet):
+        (WebCore::Document::pageGroupUserSheets):
+        (WebCore::Document::elementSheet):
+        (WebCore::Document::mappedElementSheet):
+        * dom/ProcessingInstruction.cpp:
+        (WebCore::ProcessingInstruction::checkStyleSheet):
+        (WebCore::ProcessingInstruction::setCSSStyleSheet):
+        (WebCore::ProcessingInstruction::setXSLStyleSheet):
+        * dom/ProcessingInstruction.h:
+        * dom/StyleElement.cpp:
+        (WebCore::StyleElement::createSheet):
+        * html/HTMLLinkElement.cpp:
+        (WebCore::HTMLLinkElement::setCSSStyleSheet):
+        * html/HTMLLinkElement.h:
+        * loader/CachedCSSStyleSheet.cpp:
+        (WebCore::CachedCSSStyleSheet::didAddClient):
+        (WebCore::CachedCSSStyleSheet::checkNotify): This code now passes both
+        the original and final URL into setCSSStyleSheet so that the style
+        sheet can have both.
+        * loader/CachedResourceClient.h:
+        (WebCore::CachedResourceClient::setCSSStyleSheet):
+        (WebCore::CachedResourceClient::setXSLStyleSheet):
+        * loader/CachedXSLStyleSheet.cpp:
+        (WebCore::CachedXSLStyleSheet::didAddClient):
+        (WebCore::CachedXSLStyleSheet::checkNotify): I don't have any direct
+        evidence that we need to change the XSLStyleSheet behavior, which is
+        why I wasn't able to add a test for the behavior.  However, the objects
+        are parallel enough that it seemed like the right thing to do.
+        * xml/XSLImportRule.cpp:
+        (WebCore::XSLImportRule::setXSLStyleSheet):
+        (WebCore::XSLImportRule::loadSheet):
+        * xml/XSLImportRule.h:
+        * xml/XSLStyleSheet.h:
+        (WebCore::XSLStyleSheet::create):
+        (WebCore::XSLStyleSheet::createEmbedded):
+        * xml/XSLStyleSheetLibxslt.cpp:
+        (WebCore::XSLStyleSheet::XSLStyleSheet):
+        (WebCore::XSLStyleSheet::parseString):
+        (WebCore::XSLStyleSheet::loadChildSheets):
+        * xml/XSLStyleSheetQt.cpp:
+        (WebCore::XSLStyleSheet::XSLStyleSheet):
+        * xml/XSLTProcessorLibxslt.cpp:
+        (WebCore::xsltStylesheetPointer):
+        * xml/XSLTProcessorQt.cpp:
+        (WebCore::XSLTProcessor::transformToString):
+
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.652102626 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.cpp	2010-05-03 16:49:14.631038884 +0200
+@@ -55,11 +55,11 @@ CSSImportRule::~CSSImportRule()
+         m_cachedSheet->removeClient(this);
+ }
+ 
+-void CSSImportRule::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
+void CSSImportRule::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
+ {
+     if (m_styleSheet)
+         m_styleSheet->setParent(0);
+-    m_styleSheet = CSSStyleSheet::create(this, url, charset);
+    m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset);
+ 
+     bool crossOriginCSS = false;
+     bool validMIMEType = false;
+@@ -70,17 +70,17 @@ void CSSImportRule::setCSSStyleSheet(con
+     String sheetText = sheet->sheetText(enforceMIMEType, &validMIMEType);
+     m_styleSheet->parseString(sheetText, strict);
+ 
+-    if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+    if (!parent || !parent->doc() || !parent->doc()->securityOrigin()->canRequest(baseURL))
+         crossOriginCSS = true;
+ 
+     if (crossOriginCSS && !validMIMEType && !m_styleSheet->hasSyntacticallyValidCSSHeader())
+-        m_styleSheet = CSSStyleSheet::create(this, url, charset);
+        m_styleSheet = CSSStyleSheet::create(this, href, baseURL, charset);
+ 
+     if (strict && parent && parent->doc() && parent->doc()->settings() && parent->doc()->settings()->needsSiteSpecificQuirks()) {
+         // Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
+         DEFINE_STATIC_LOCAL(const String, slashKHTMLFixesDotCss, ("/KHTMLFixes.css"));
+         DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n"));
+-        if (url.endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) {
+        if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && sheetText == mediaWikiKHTMLFixesStyleSheet) {
+             ASSERT(m_styleSheet->length() == 1);
+             ExceptionCode ec;
+             m_styleSheet->deleteRule(0, ec);
+@@ -109,15 +109,16 @@ void CSSImportRule::insertedIntoParent()
+         return;
+ 
+     String absHref = m_strHref;
+-    if (!parentSheet->href().isNull())
+    if (!parentSheet->putativeBaseURL().isNull())
+         // use parent styleheet's URL as the base URL
+-        absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string();
+        absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string();
+ 
+     // Check for a cycle in our import chain.  If we encounter a stylesheet
+     // in our parent chain with the same URL, then just bail.
+     StyleBase* root = this;
+     for (StyleBase* curr = parent(); curr; curr = curr->parent()) {
+-        if (curr->isCSSStyleSheet() && absHref == static_cast<CSSStyleSheet*>(curr)->href())
+        // FIXME: This is wrong if the putativeBaseURL was updated via document::updateBaseURL. 
+        if (curr->isCSSStyleSheet() && absHref == static_cast<CSSStyleSheet*>(curr)->putativeBaseURL().string())
+             return;
+         root = curr;
+     }
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSImportRule.h	2010-05-03 15:55:37.740976769 +0200
+@@ -63,7 +63,7 @@ private:
+     virtual unsigned short type() const { return IMPORT_RULE; }
+ 
+     // from CachedResourceClient
+-    virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*);
+    virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*);
+ 
+     String m_strHref;
+     RefPtr<MediaList> m_lstMedia;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.660977242 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.cpp	2010-05-03 15:55:37.740976769 +0200
+@@ -33,8 +33,8 @@
+ 
+ namespace WebCore {
+ 
+-CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset)
+-    : StyleSheet(parentSheet, href)
+CSSStyleSheet::CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset)
+    : StyleSheet(parentSheet, href, baseURL)
+     , m_doc(parentSheet ? parentSheet->doc() : 0)
+     , m_namespaces(0)
+     , m_charset(charset)
+@@ -45,8 +45,8 @@ CSSStyleSheet::CSSStyleSheet(CSSStyleShe
+ {
+ }
+ 
+-CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const String& charset)
+-    : StyleSheet(parentNode, href)
+CSSStyleSheet::CSSStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, const String& charset)
+    : StyleSheet(parentNode, href, baseURL)
+     , m_doc(parentNode->document())
+     , m_namespaces(0)
+     , m_charset(charset)
+@@ -57,8 +57,8 @@ CSSStyleSheet::CSSStyleSheet(Node* paren
+ {
+ }
+ 
+-CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset)
+-    : StyleSheet(ownerRule, href)
+CSSStyleSheet::CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset)
+    : StyleSheet(ownerRule, href, baseURL)
+     , m_namespaces(0)
+     , m_charset(charset)
+     , m_loadCompleted(false)
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.660977242 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/CSSStyleSheet.h	2010-05-03 15:55:37.745101706 +0200
+@@ -38,27 +38,31 @@ class CSSStyleSheet : public StyleSheet 
+ public:
+     static PassRefPtr<CSSStyleSheet> create()
+     {
+-        return adoptRef(new CSSStyleSheet(static_cast<CSSStyleSheet*>(0), String(), String()));
+        return adoptRef(new CSSStyleSheet(static_cast<CSSStyleSheet*>(0), String(), KURL(), String()));
+     }
+     static PassRefPtr<CSSStyleSheet> create(Node* ownerNode)
+     {
+-        return adoptRef(new CSSStyleSheet(ownerNode, String(), String()));
+        return adoptRef(new CSSStyleSheet(ownerNode, String(), KURL(), String()));
+     }
+-    static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href)
+    static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const KURL& baseURL)
+     {
+-        return adoptRef(new CSSStyleSheet(ownerNode, href, String()));
+        return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, String()));
+     }
+-    static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const String& charset)
+    static PassRefPtr<CSSStyleSheet> create(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset)
+     {
+-        return adoptRef(new CSSStyleSheet(ownerNode, href, charset));
+        return adoptRef(new CSSStyleSheet(ownerNode, href, baseURL, charset));
+     }
+-    static PassRefPtr<CSSStyleSheet> create(CSSRule* ownerRule, const String& href, const String& charset)
+    static PassRefPtr<CSSStyleSheet> create(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset)
+     {
+-        return adoptRef(new CSSStyleSheet(ownerRule, href, charset));
+        return adoptRef(new CSSStyleSheet(ownerRule, href, baseURL, charset));
+    }
+    static PassRefPtr<CSSStyleSheet> createInline(Node* ownerNode, const KURL& baseURL)
+    {
+        return adoptRef(new CSSStyleSheet(ownerNode, baseURL.string(), baseURL, String()));
+     }
+ 
+     virtual ~CSSStyleSheet();
+-    
+
+     CSSRule* ownerRule() const;
+     PassRefPtr<CSSRuleList> cssRules(bool omitCharsetRules = false);
+     unsigned insertRule(const String& rule, unsigned index, ExceptionCode&);
+@@ -72,7 +76,7 @@ public:
+ 
+     void addNamespace(CSSParser*, const AtomicString& prefix, const AtomicString& uri);
+     const AtomicString& determineNamespace(const AtomicString& prefix);
+-    
+
+     virtual void styleSheetChanged();
+ 
+     virtual bool parseString(const String&, bool strict = true);
+@@ -99,10 +103,10 @@ public:
+     bool hasSyntacticallyValidCSSHeader() const { return m_hasSyntacticallyValidCSSHeader; }
+ 
+ private:
+-    CSSStyleSheet(Node* ownerNode, const String& href, const String& charset);
+-    CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const String& charset);
+-    CSSStyleSheet(CSSRule* ownerRule, const String& href, const String& charset);
+-    
+    CSSStyleSheet(Node* ownerNode, const String& href, const KURL& baseURL, const String& charset);
+    CSSStyleSheet(CSSStyleSheet* parentSheet, const String& href, const KURL& baseURL, const String& charset);
+    CSSStyleSheet(CSSRule* ownerRule, const String& href, const KURL& baseURL, const String& charset);
+
+     virtual bool isCSSStyleSheet() const { return true; }
+     virtual String type() const { return "text/css"; }
+ 
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleBase.cpp	2010-05-03 15:55:37.757976382 +0200
+@@ -56,9 +56,9 @@ KURL StyleBase::baseURL() const
+     StyleSheet* sheet = const_cast<StyleBase*>(this)->stylesheet();
+     if (!sheet)
+         return KURL();
+-    if (!sheet->href().isNull())
+-        return KURL(ParsedURLString, sheet->href());
+-    if (sheet->parent()) 
+    if (!sheet->putativeBaseURL().isNull())
+        return sheet->putativeBaseURL();
+    if (sheet->parent())
+         return sheet->parent()->baseURL();
+     if (!sheet->ownerNode()) 
+         return KURL();
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.cpp	2010-05-03 15:55:37.758976847 +0200
+@@ -26,27 +26,30 @@
+ 
+ namespace WebCore {
+ 
+-StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href)
+StyleSheet::StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL)
+     : StyleList(parentSheet)
+     , m_parentNode(0)
+-    , m_strHref(href)
+    , m_href(href)
+    , m_baseURL(baseURL)
+     , m_disabled(false)
+ {
+ }
+ 
+ 
+-StyleSheet::StyleSheet(Node* parentNode, const String& href)
+StyleSheet::StyleSheet(Node* parentNode, const String& href, const KURL& baseURL)
+     : StyleList(0)
+     , m_parentNode(parentNode)
+-    , m_strHref(href)
+    , m_href(href)
+    , m_baseURL(baseURL)
+     , m_disabled(false)
+ {
+ }
+ 
+-StyleSheet::StyleSheet(StyleBase* owner, const String& href)
+StyleSheet::StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL)
+     : StyleList(owner)
+     , m_parentNode(0)
+-    , m_strHref(href)
+    , m_href(href)
+    , m_baseURL(baseURL)
+     , m_disabled(false)
+ {
+ }
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/css/StyleSheet.h	2010-05-03 15:55:37.758976847 +0200
+@@ -41,8 +41,18 @@ public:
+ 
+     Node* ownerNode() const { return m_parentNode; }
+     StyleSheet *parentStyleSheet() const;
+-    const String& href() const { return m_strHref; }
+-    void setHref(const String& href) { m_strHref = href; }
+
+    // Note that href is the URL that started the redirect chain that led to
+    // this style sheet. This property probably isn't useful for much except
+    // the JavaScript binding (which needs to use this value for security).
+    const String& href() const { return m_href; }
+
+    void setBaseURL(const KURL& baseURL) { m_baseURL = baseURL; }
+
+    // Notice that this object inherits a baseURL function from StyleBase that
+    // crawls the parent() relation looking for a non-0 putativeBaseURL.
+    const KURL& putativeBaseURL() const { return m_baseURL; }
+
+     const String& title() const { return m_strTitle; }
+     void setTitle(const String& s) { m_strTitle = s; }
+     MediaList* media() const { return m_media.get(); }
+@@ -58,15 +68,16 @@ public:
+     virtual bool parseString(const String&, bool strict = true) = 0;
+ 
+ protected:
+-    StyleSheet(Node* ownerNode, const String& href);
+-    StyleSheet(StyleSheet* parentSheet, const String& href);
+-    StyleSheet(StyleBase* owner, const String& href);
+    StyleSheet(Node* ownerNode, const String& href, const KURL& baseURL);
+    StyleSheet(StyleSheet* parentSheet, const String& href, const KURL& baseURL);
+    StyleSheet(StyleBase* owner, const String& href, const KURL& baseURL);
+ 
+ private:
+     virtual bool isStyleSheet() const { return true; }
+ 
+     Node* m_parentNode;
+-    String m_strHref;
+    String m_href;
+    KURL m_baseURL;
+     String m_strTitle;
+     RefPtr<MediaList> m_media;
+     bool m_disabled;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/Document.cpp	2010-05-03 15:55:37.760977901 +0200
+@@ -1920,9 +1920,9 @@ void Document::updateBaseURL()
+         m_baseURL = KURL();
+ 
+     if (m_elemSheet)
+-        m_elemSheet->setHref(m_baseURL.string());
+        m_elemSheet->setBaseURL(m_baseURL);
+     if (m_mappedElementSheet)
+-        m_mappedElementSheet->setHref(m_baseURL.string());
+        m_mappedElementSheet->setBaseURL(m_baseURL);
+ }
+ 
+ String Document::userAgent(const KURL& url) const
+@@ -1944,7 +1944,7 @@ CSSStyleSheet* Document::pageUserSheet()
+         return 0;
+     
+     // Parse the sheet and cache it.
+-    m_pageUserSheet = CSSStyleSheet::create(this, settings()->userStyleSheetLocation());
+    m_pageUserSheet = CSSStyleSheet::createInline(this, settings()->userStyleSheetLocation());
+     m_pageUserSheet->setIsUserStyleSheet(true);
+     m_pageUserSheet->parseString(userSheetText, !inCompatMode());
+     return m_pageUserSheet.get();
+@@ -1979,7 +1979,7 @@ const Vector<RefPtr<CSSStyleSheet> >* Do
+             const UserStyleSheet* sheet = sheets->at(i).get();
+             if (!UserContentURLPattern::matchesPatterns(url(), sheet->whitelist(), sheet->blacklist()))
+                 continue;
+-            RefPtr<CSSStyleSheet> parsedSheet = CSSStyleSheet::create(const_cast<Document*>(this), sheet->url());
+            RefPtr<CSSStyleSheet> parsedSheet = CSSStyleSheet::createInline(const_cast<Document*>(this), sheet->url());
+             parsedSheet->setIsUserStyleSheet(true);
+             parsedSheet->parseString(sheet->source(), !inCompatMode());
+             if (!m_pageGroupUserSheets)
+@@ -2001,14 +2001,14 @@ void Document::clearPageGroupUserSheets(
+ CSSStyleSheet* Document::elementSheet()
+ {
+     if (!m_elemSheet)
+-        m_elemSheet = CSSStyleSheet::create(this, m_baseURL.string());
+        m_elemSheet = CSSStyleSheet::createInline(this, m_baseURL);
+     return m_elemSheet.get();
+ }
+ 
+ CSSStyleSheet* Document::mappedElementSheet()
+ {
+     if (!m_mappedElementSheet)
+-        m_mappedElementSheet = CSSStyleSheet::create(this, m_baseURL.string());
+        m_mappedElementSheet = CSSStyleSheet::createInline(this, m_baseURL);
+     return m_mappedElementSheet.get();
+ }
+ 
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.661976647 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.cpp	2010-05-03 15:55:37.761977599 +0200
+@@ -138,7 +138,8 @@ void ProcessingInstruction::checkStyleSh
+             // We need to make a synthetic XSLStyleSheet that is embedded.  It needs to be able
+             // to kick off import/include loads that can hang off some parent sheet.
+             if (m_isXSL) {
+-                m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref);
+                KURL baseURL = KURL(ParsedURLString, m_localHref);
+                m_sheet = XSLStyleSheet::createEmbedded(this, m_localHref, baseURL);
+                 m_loading = false;
+             }
+ #endif
+@@ -196,12 +197,12 @@ bool ProcessingInstruction::sheetLoaded(
+     return false;
+ }
+ 
+-void ProcessingInstruction::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
+void ProcessingInstruction::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
+ {
+ #if ENABLE(XSLT)
+     ASSERT(!m_isXSL);
+ #endif
+-    RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, url, charset);
+    RefPtr<CSSStyleSheet> newSheet = CSSStyleSheet::create(this, href, baseURL, charset);
+     m_sheet = newSheet;
+     // We don't need the cross-origin security check here because we are
+     // getting the sheet text in "strict" mode. This enforces a valid CSS MIME
+@@ -213,10 +214,10 @@ void ProcessingInstruction::setCSSStyleS
+ }
+ 
+ #if ENABLE(XSLT)
+-void ProcessingInstruction::setXSLStyleSheet(const String& url, const String& sheet)
+void ProcessingInstruction::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet)
+ {
+     ASSERT(m_isXSL);
+-    m_sheet = XSLStyleSheet::create(this, url);
+    m_sheet = XSLStyleSheet::create(this, href, baseURL);
+     parseStyleSheet(sheet);
+ }
+ #endif
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/ProcessingInstruction.h	2010-05-03 15:55:37.761977599 +0200
+@@ -68,9 +68,9 @@ private:
+     virtual void removedFromDocument();
+ 
+     void checkStyleSheet();
+-    virtual void setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet*);
+    virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet*);
+ #if ENABLE(XSLT)
+-    virtual void setXSLStyleSheet(const String& url, const String& sheet);
+    virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet);
+ #endif
+ 
+     bool isLoading() const;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/dom/StyleElement.cpp	2010-05-03 15:55:37.762976937 +0200
+@@ -103,7 +103,7 @@ void StyleElement::createSheet(Element* 
+         if (screenEval.eval(mediaList.get()) || printEval.eval(mediaList.get())) {
+             document->addPendingSheet();
+             setLoading(true);
+-            m_sheet = CSSStyleSheet::create(e, String(), document->inputEncoding());
+            m_sheet = CSSStyleSheet::create(e, String(), KURL(), document->inputEncoding());
+             m_sheet->parseString(text, !document->inCompatMode());
+             m_sheet->setMedia(mediaList.get());
+             m_sheet->setTitle(e->title());
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.661976647 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.cpp	2010-05-03 17:02:45.528101154 +0200
+@@ -253,9 +253,9 @@ void HTMLLinkElement::finishParsingChild
+     HTMLElement::finishParsingChildren();
+ }
+ 
+-void HTMLLinkElement::setCSSStyleSheet(const String& url, const String& charset, const CachedCSSStyleSheet* sheet)
+void HTMLLinkElement::setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet)
+ {
+-    m_sheet = CSSStyleSheet::create(this, url, charset);
+    m_sheet = CSSStyleSheet::create(this, href, baseURL, charset);
+ 
+     bool strictParsing = !document()->inCompatMode();
+     bool enforceMIMEType = strictParsing;
+@@ -275,11 +275,11 @@ void HTMLLinkElement::setCSSStyleSheet(c
+     // valid CSS rule.
+     // This prevents an attacker playing games by injecting CSS strings into
+     // HTML, XML, JSON, etc. etc.
+-    if (!document()->securityOrigin()->canRequest(KURL(ParsedURLString, url)))
+    if (!document()->securityOrigin()->canRequest(baseURL))
+         crossOriginCSS = true;
+ 
+     if (crossOriginCSS && !validMIMEType && !m_sheet->hasSyntacticallyValidCSSHeader())
+-        m_sheet = CSSStyleSheet::create(this, url, charset);
+        m_sheet = CSSStyleSheet::create(this, href, baseURL, charset);
+ 
+     if (strictParsing && document()->settings() && document()->settings()->needsSiteSpecificQuirks()) {
+         // Work around <https://bugs.webkit.org/show_bug.cgi?id=28350>.
+@@ -287,7 +287,7 @@ void HTMLLinkElement::setCSSStyleSheet(c
+         DEFINE_STATIC_LOCAL(const String, mediaWikiKHTMLFixesStyleSheet, ("/* KHTML fix stylesheet */\n/* work around the horizontal scrollbars */\n#column-content { margin-left: 0; }\n\n"));
+         // There are two variants of KHTMLFixes.css. One is equal to mediaWikiKHTMLFixesStyleSheet,
+         // while the other lacks the second trailing newline.
+-        if (url.endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText)
+        if (baseURL.string().endsWith(slashKHTMLFixesDotCss) && !sheetText.isNull() && mediaWikiKHTMLFixesStyleSheet.startsWith(sheetText)
+                 && sheetText.length() >= mediaWikiKHTMLFixesStyleSheet.length() - 1) {
+             ASSERT(m_sheet->length() == 1);
+             ExceptionCode ec;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/html/HTMLLinkElement.h	2010-05-03 15:55:37.773083096 +0200
+@@ -79,7 +79,7 @@ public:
+     virtual void removedFromDocument();
+ 
+     // from CachedResourceClient
+-    virtual void setCSSStyleSheet(const String &url, const String& charset, const CachedCSSStyleSheet* sheet);
+    virtual void setCSSStyleSheet(const String& href, const KURL& baseURL, const String& charset, const CachedCSSStyleSheet* sheet);
+     bool isLoading() const;
+     virtual bool sheetLoaded();
+ 
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak	2010-05-03 15:55:37.661976647 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedCSSStyleSheet.cpp	2010-05-03 15:55:37.774976529 +0200
+@@ -52,9 +52,9 @@ CachedCSSStyleSheet::~CachedCSSStyleShee
+ void CachedCSSStyleSheet::didAddClient(CachedResourceClient *c)
+ {
+     if (!m_loading)
+-        c->setCSSStyleSheet(m_url, m_decoder->encoding().name(), this);
+        c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this);
+ }
+-    
+
+ void CachedCSSStyleSheet::allClientsRemoved()
+ {
+     if (isSafeToMakePurgeable())
+@@ -112,7 +112,7 @@ void CachedCSSStyleSheet::checkNotify()
+ 
+     CachedResourceClientWalker w(m_clients);
+     while (CachedResourceClient *c = w.next())
+-        c->setCSSStyleSheet(m_response.url().string(), m_decoder->encoding().name(), this);
+        c->setCSSStyleSheet(m_url, m_response.url(), m_decoder->encoding().name(), this);
+ }
+ 
+ void CachedCSSStyleSheet::error()
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedResourceClient.h	2010-05-03 15:55:37.775976911 +0200
+@@ -42,6 +42,7 @@ namespace WebCore {
+     class String;
+     class Image;
+     class IntRect;
+    class KURL;
+ 
+     /**
+      * @internal
+@@ -65,8 +66,8 @@ namespace WebCore {
+         // e.g., in the b/f cache or in a background tab).
+         virtual bool willRenderImage(CachedImage*) { return false; }
+ 
+-        virtual void setCSSStyleSheet(const String& /*URL*/, const String& /*charset*/, const CachedCSSStyleSheet*) { }
+-        virtual void setXSLStyleSheet(const String& /*URL*/, const String& /*sheet*/) { }
+        virtual void setCSSStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* charset */, const CachedCSSStyleSheet*) { }
+        virtual void setXSLStyleSheet(const String& /* href */, const KURL& /* baseURL */, const String& /* sheet */) { }
+ 
+         virtual void fontLoaded(CachedFont*) {};
+ 
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:19.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/loader/CachedXSLStyleSheet.cpp	2010-05-03 15:55:37.789038977 +0200
+@@ -48,7 +48,7 @@ CachedXSLStyleSheet::CachedXSLStyleSheet
+ void CachedXSLStyleSheet::didAddClient(CachedResourceClient* c)
+ {  
+     if (!m_loading)
+-        c->setXSLStyleSheet(m_url, m_sheet);
+        c->setXSLStyleSheet(m_url, m_response.url(), m_sheet);
+ }
+ 
+ void CachedXSLStyleSheet::setEncoding(const String& chs)
+@@ -83,10 +83,9 @@ void CachedXSLStyleSheet::checkNotify()
+     
+     CachedResourceClientWalker w(m_clients);
+     while (CachedResourceClient *c = w.next())
+-        c->setXSLStyleSheet(m_url, m_sheet);
+        c->setXSLStyleSheet(m_url, m_response.url(), m_sheet);
+ }
+ 
+-
+ void CachedXSLStyleSheet::error()
+ {
+     m_loading = false;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.cpp	2010-05-03 15:55:37.789038977 +0200
+@@ -52,13 +52,13 @@ XSLStyleSheet* XSLImportRule::parentStyl
+     return (parent() && parent()->isXSLStyleSheet()) ? static_cast<XSLStyleSheet*>(parent()) : 0;
+ }
+ 
+-void XSLImportRule::setXSLStyleSheet(const String& url, const String& sheet)
+void XSLImportRule::setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet)
+ {
+     if (m_styleSheet)
+         m_styleSheet->setParent(0);
+-    
+-    m_styleSheet = XSLStyleSheet::create(this, url);
+-    
+
+    m_styleSheet = XSLStyleSheet::create(this, href, baseURL);
+
+     XSLStyleSheet* parent = parentStyleSheet();
+     if (parent)
+         m_styleSheet->setParentStyleSheet(parent);
+@@ -87,14 +87,14 @@ void XSLImportRule::loadSheet()
+     
+     String absHref = m_strHref;
+     XSLStyleSheet* parentSheet = parentStyleSheet();
+-    if (!parentSheet->href().isNull())
+    if (!parentSheet->putativeBaseURL().isNull())
+         // use parent styleheet's URL as the base URL
+-        absHref = KURL(KURL(ParsedURLString, parentSheet->href()), m_strHref).string();
+        absHref = KURL(parentSheet->putativeBaseURL(), m_strHref).string();
+     
+     // Check for a cycle in our import chain.  If we encounter a stylesheet
+     // in our parent chain with the same URL, then just bail.
+     for (parent = this->parent(); parent; parent = parent->parent()) {
+-        if (parent->isXSLStyleSheet() && absHref == static_cast<XSLStyleSheet*>(parent)->href())
+        if (parent->isXSLStyleSheet() && absHref == static_cast<XSLStyleSheet*>(parent)->putativeBaseURL().string())
+             return;
+     }
+     
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLImportRule.h	2010-05-03 15:55:37.789981560 +0200
+@@ -57,7 +57,7 @@ private:
+     virtual bool isImportRule() { return true; }
+ 
+     // from CachedResourceClient
+-    virtual void setXSLStyleSheet(const String& url, const String& sheet);
+    virtual void setXSLStyleSheet(const String& href, const KURL& baseURL, const String& sheet);
+     
+     String m_strHref;
+     RefPtr<XSLStyleSheet> m_styleSheet;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheet.h	2010-05-03 15:55:37.827976887 +0200
+@@ -43,18 +43,18 @@ class XSLImportRule;
+ class XSLStyleSheet : public StyleSheet {
+ public:
+ #if !USE(QXMLQUERY)
+-    static PassRefPtr<XSLStyleSheet> create(XSLImportRule* parentImport, const String& href)
+    static PassRefPtr<XSLStyleSheet> create(XSLImportRule* parentImport, const String& href, const KURL& baseURL)
+     {
+-        return adoptRef(new XSLStyleSheet(parentImport, href));
+        return adoptRef(new XSLStyleSheet(parentImport, href, baseURL));
+     }
+ #endif
+-    static PassRefPtr<XSLStyleSheet> create(Node* parentNode, const String& href)
+    static PassRefPtr<XSLStyleSheet> create(Node* parentNode, const String& href, const KURL& baseURL)
+     {
+-        return adoptRef(new XSLStyleSheet(parentNode, href, false));
+        return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, false));
+     }
+-    static PassRefPtr<XSLStyleSheet> createEmbedded(Node* parentNode, const String& href)
+    static PassRefPtr<XSLStyleSheet> createEmbedded(Node* parentNode, const String& href, const KURL& baseURL)
+     {
+-        return adoptRef(new XSLStyleSheet(parentNode, href, true));
+        return adoptRef(new XSLStyleSheet(parentNode, href, baseURL, true));
+     }
+ 
+     virtual ~XSLStyleSheet();
+@@ -90,9 +90,9 @@ public:
+     bool processed() const { return m_processed; }
+ 
+ private:
+-    XSLStyleSheet(Node* parentNode, const String& href, bool embedded);
+    XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL, bool embedded);
+ #if !USE(QXMLQUERY)
+-    XSLStyleSheet(XSLImportRule* parentImport, const String& href);
+    XSLStyleSheet(XSLImportRule* parentImport, const String& href, const KURL& baseURL);
+ #endif
+ 
+     Document* m_ownerDocument;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetLibxslt.cpp	2010-05-03 15:55:37.837079694 +0200
+@@ -55,8 +55,8 @@ SOFT_LINK(libxslt, xsltLoadStylesheetPI,
+ 
+ namespace WebCore {
+ 
+-XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href)
+-    : StyleSheet(parentRule, href)
+XSLStyleSheet::XSLStyleSheet(XSLImportRule* parentRule, const String& href, const KURL& baseURL)
+    : StyleSheet(parentRule, href, baseURL)
+     , m_ownerDocument(0)
+     , m_embedded(false)
+     , m_processed(false) // Child sheets get marked as processed when the libxslt engine has finally seen them.
+@@ -66,8 +66,8 @@ XSLStyleSheet::XSLStyleSheet(XSLImportRu
+ {
+ }
+ 
+-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href,  bool embedded)
+-    : StyleSheet(parentNode, href)
+XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL,  bool embedded)
+    : StyleSheet(parentNode, href, baseURL)
+     , m_ownerDocument(parentNode->document())
+     , m_embedded(embedded)
+     , m_processed(true) // The root sheet starts off processed.
+@@ -168,7 +168,7 @@ bool XSLStyleSheet::parseString(const St
+     }
+ 
+     m_stylesheetDoc = xmlCtxtReadMemory(ctxt, buffer, size,
+-        href().utf8().data(),
+        putativeBaseURL().string().utf8().data(),
+         BOMHighByte == 0xFF ? "UTF-16LE" : "UTF-16BE",
+         XML_PARSE_NOENT | XML_PARSE_DTDATTR | XML_PARSE_NOWARNING | XML_PARSE_NOCDATA);
+     xmlFreeParserCtxt(ctxt);
+@@ -192,7 +192,7 @@ void XSLStyleSheet::loadChildSheets()
+     if (m_embedded) {
+         // We have to locate (by ID) the appropriate embedded stylesheet element, so that we can walk the
+         // import/include list.
+-        xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(href().utf8().data()));
+        xmlAttrPtr idNode = xmlGetID(document(), (const xmlChar*)(putativeBaseURL().string().utf8().data()));
+         if (!idNode)
+             return;
+         stylesheetRoot = idNode->parent;
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLStyleSheetQt.cpp	2010-05-03 15:55:37.837977083 +0200
+@@ -33,8 +33,8 @@
+ 
+ namespace WebCore {
+ 
+-XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href,  bool embedded)
+-    : StyleSheet(parentNode, href)
+XSLStyleSheet::XSLStyleSheet(Node* parentNode, const String& href, const KURL& baseURL,  bool embedded)
+    : StyleSheet(parentNode, href, baseURL)
+     , m_ownerDocument(parentNode->document())
+     , m_embedded(embedded)
+ {
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorLibxslt.cpp	2010-05-03 15:55:37.837977083 +0200
+@@ -226,7 +226,8 @@ static xsltStylesheetPtr xsltStylesheetP
+ {
+     if (!cachedStylesheet && stylesheetRootNode) {
+         cachedStylesheet = XSLStyleSheet::create(stylesheetRootNode->parent() ? stylesheetRootNode->parent() : stylesheetRootNode,
+-            stylesheetRootNode->document()->url().string());
+            stylesheetRootNode->document()->url().string(),
+            stylesheetRootNode->document()->url()); // FIXME: Should we use baseURL here?
+         cachedStylesheet->parseString(createMarkup(stylesheetRootNode));
+     }
+ 
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp.cve-2010-0648-stylesheet-redir-leak	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/xml/XSLTProcessorQt.cpp	2010-05-03 15:55:37.915979873 +0200
+@@ -120,7 +120,9 @@ bool XSLTProcessor::transformToString(No
+     RefPtr<XSLStyleSheet> stylesheet = m_stylesheet;
+     if (!stylesheet && m_stylesheetRootNode) {
+         Node* node = m_stylesheetRootNode.get();
+-        stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node, node->document()->url().string());
+        stylesheet = XSLStyleSheet::create(node->parent() ? node->parent() : node,
+            node->document()->url().string(),
+            node->document()->url()); // FIXME: Should we use baseURL here?
+         stylesheet->parseString(createMarkup(node));
+     }
+ 
--- a/qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
+++ b/qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
@ -0,0 +1,25 @@
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp.me	2010-05-06 11:29:24.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/WebCore/page/SecurityOrigin.cpp	2010-05-06 11:43:29.000000000 +0200
+@@ -112,7 +112,11 @@ SecurityOrigin::SecurityOrigin(const KUR
+ 
+     // By default, only local SecurityOrigins can load local resources.
+     m_canLoadLocalResources = isLocal();
+-
+    if (m_canLoadLocalResources) { 
+ 	     // Directories should never be readable. 
+ 	     if (!url.hasPath() || url.path().endsWith("/"))
+ 	         m_noAccess = true; 
+    }
+     if (isDefaultPortForProtocol(m_port, m_protocol))
+         m_port = 0;
+ }
+@@ -207,6 +211,8 @@ bool SecurityOrigin::canRequest(const KU
+         return false;
+ 
+     RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
+    if (targetOrigin->m_noAccess)
+        return false;
+ 
+     // We call isSameSchemeHostPort here instead of canAccess because we want
+     // to ignore document.domain effects.
--- a/qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
+++ b/qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
@ -0,0 +1,48 @@
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h.than	2010-02-11 16:55:20.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h	2010-03-23 14:29:41.000000000 +0100
+@@ -345,6 +345,11 @@
+ #define WTF_PLATFORM_BIG_ENDIAN 1
+ #endif
+ 
+/* PLATFORM(S390X) */
+#if defined(__s390x__) || defined(__s390x)
+#define WTF_PLATFORM_S390X 1
+#endif
+
+ /* PLATFORM(IA64) */
+ /* a.k.a. Itanium Processor Family, IPF */
+ #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+@@ -730,6 +735,8 @@
+ /* Using JSVALUE32_64 causes padding/alignement issues for JITStubArg
+ on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */
+ #define WTF_USE_JSVALUE32 1
+#elif PLATFORM(S390X)
+#define WTF_USE_JSVALUE64 1
+ #else
+ #define WTF_USE_JSVALUE32_64 1
+ #endif
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.than	2010-02-11 16:55:17.000000000 +0100
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h	2010-03-23 14:19:00.000000000 +0100
+@@ -362,6 +362,11 @@
+ #define WTF_PLATFORM_IA64 1
+ #endif
+ 
+/* PLATFORM(S390X) */
+#if defined(__s390x__) || defined(__s390x)
+#define WTF_PLATFORM_S390X 1
+#endif
+
+ /* PLATFORM(ALPHA) */
+ #if defined(__alpha__)
+ #define WTF_PLATFORM_ALPHA 1
+@@ -729,7 +734,7 @@
+ #endif
+ 
+ #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
+-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA)
+#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X)
+ #define WTF_USE_JSVALUE64 1
+ #elif PLATFORM(ARM) || PLATFORM(PPC64)
+ #define WTF_USE_JSVALUE32 1
--- a/qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
+++ b/qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
@ -0,0 +1,16 @@
+diff -up qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h
+--- qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h.sparc	2010-03-23 10:45:57.076490991 -0400
+++ qt-everywhere-opensource-src-4.6.2/src/3rdparty/webkit/JavaScriptCore/wtf/Platform.h	2010-03-23 10:47:37.044618125 -0400
+@@ -734,7 +734,11 @@
+ #endif
+ 
+ #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
+-#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) || PLATFORM(IA64) || PLATFORM(ALPHA) || PLATFORM(S390X)
+#if (PLATFORM(X86_64) && (PLATFORM(UNIX) || PLATFORM(WIN_OS))) \
+    || PLATFORM(IA64)    \
+    || PLATFORM(ALPHA)   \
+    || PLATFORM(SPARC64) \
+    || PLATFORM(S390X)
+ #define WTF_USE_JSVALUE64 1
+ #elif PLATFORM(ARM) || PLATFORM(PPC64)
+ #define WTF_USE_JSVALUE32 1
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
@ -0,0 +1,15 @@
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp.CVE-2010-1119	2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Node.cpp	2010-06-15 13:11:55.974470742 +0200
+@@ -910,7 +910,10 @@ void Node::notifyLocalNodeListsAttribute
+     if (!data->nodeLists())
+         return;
+ 
+-    data->nodeLists()->invalidateCachesThatDependOnAttributes();
+    if (!isAttributeNode())
+        data->nodeLists()->invalidateCachesThatDependOnAttributes();
+    else
+        data->nodeLists()->invalidateCaches();
+ 
+     if (data->nodeLists()->isEmpty()) {
+         data->clearNodeLists();
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
@ -0,0 +1,12 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1392/src/3rdparty/webkit/WebCore/rendering/RenderBlock.cpp	2010-06-10 20:24:02.864193022 +0200
+@@ -4484,7 +4484,7 @@
+ 
+     // Drill into inlines looking for our first text child.
+     RenderObject* currChild = firstLetterBlock->firstChild();
+-    while (currChild && currChild->needsLayout() && (!currChild->isReplaced() || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
+    while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
+         if (currChild->isFloatingOrPositioned()) {
+             if (currChild->style()->styleType() == FIRST_LETTER)
+                 break;
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
@ -0,0 +1,56 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp	2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1396/src/3rdparty/webkit/WebCore/dom/ContainerNode.cpp	2010-06-10 20:34:00.316318866 +0200
+@@ -395,33 +395,43 @@
+     document()->removeFocusedNodeOfSubtree(this, true);
+ 
+     forbidEventDispatch();
+-    int childCountDelta = 0;
+    Vector<RefPtr<Node> > removedChildren;
+     while (RefPtr<Node> n = m_firstChild) {
+-        childCountDelta--;
+-
+         Node* next = n->nextSibling();
+         
+-        // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744)
+        // Remove the node from the tree before calling detach or removedFromDocument (4427024, 4129744).
+        // removeChild() does this after calling detach(). There is no explanation for
+        // this discrepancy between removeChild() and its optimized version removeChildren().
+         n->setPreviousSibling(0);
+         n->setNextSibling(0);
+         n->setParent(0);
+-        
+
+         m_firstChild = next;
+         if (n == m_lastChild)
+             m_lastChild = 0;
+ 
+         if (n->attached())
+             n->detach();
+-        
+-        if (n->inDocument())
+-            n->removedFromDocument();
+
+        removedChildren.append(n.release());
+     }
+     allowEventDispatch();
+ 
+    size_t removedChildrenCount = removedChildren.size();
+
+     // Dispatch a single post-removal mutation event denoting a modified subtree.
+-    childrenChanged(false, 0, 0, childCountDelta);
+    childrenChanged(false, 0, 0, -static_cast<int>(removedChildrenCount));
+     dispatchSubtreeModifiedEvent();
+ 
+    for (size_t i = 0; i < removedChildrenCount; ++i) {
+        Node* removedChild = removedChildren[i].get();
+        if (removedChild->inDocument())
+            removedChild->removedFromDocument();
+        // removeChild() calls removedFromTree(true) if the child was not in the
+        // document. There is no explanation for this discrepancy between removeChild()
+        // and its optimized version removeChildren().
+    }
+
+     return true;
+ }
+ 
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
@ -0,0 +1,53 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.cpp	2010-06-10 20:41:45.295318418 +0200
+@@ -552,12 +552,6 @@
+         toRenderTextControl(renderer)->selectionChanged(userTriggered);
+ }
+ 
+-void Frame::invalidateSelection()
+-{
+-    selection()->setNeedsLayout();
+-    selectionLayoutChanged();
+-}
+-
+ void Frame::setCaretVisible(bool flag)
+ {
+     if (m_caretVisible == flag)
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/Frame.h	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/Frame.h	2010-06-10 20:41:45.291318453 +0200
+@@ -259,8 +259,6 @@
+         void selectionLayoutChanged();
+         void notifyRendererOfSelectionChange(bool userTriggered);
+ 
+-        void invalidateSelection();
+-
+         void setCaretVisible(bool = true);
+         void paintCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const;
+         void paintDragCaret(GraphicsContext*, int tx, int ty, const IntRect& clipRect) const;
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/page/FrameView.cpp	2010-06-10 20:41:45.293318191 +0200
+@@ -642,7 +642,8 @@
+         root->view()->popLayoutState();
+     m_layoutRoot = 0;
+ 
+-    m_frame->invalidateSelection();
+    m_frame->selection()->setNeedsLayout();
+    m_frame->selectionLayoutChanged();
+    
+     m_layoutSchedulingEnabled = true;
+ 
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1397/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp	2010-06-10 20:41:45.297318506 +0200
+@@ -1170,7 +1170,7 @@
+     // The caret rect needs to be invalidated after scrolling
+     Frame* frame = renderer()->document()->frame();
+     if (frame)
+-        frame->invalidateSelection();
+        frame->selection()->setNeedsLayout();
+ 
+     // Just schedule a full repaint of our object.
+     if (repaint)
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
@ -0,0 +1,244 @@
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398	2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp	2010-06-11 16:12:55.750525354 +0200
+@@ -35,6 +35,7 @@
+ #include "ClientRect.h"
+ #include "ClientRectList.h"
+ #include "Document.h"
+#include "DocumentFragment.h"
+ #include "ElementRareData.h"
+ #include "ExceptionCode.h"
+ #include "FocusController.h"
+@@ -42,6 +43,7 @@
+ #include "FrameView.h"
+ #include "HTMLElement.h"
+ #include "HTMLNames.h"
+#include "HTMLTokenizer.h"
+ #include "NamedNodeMap.h"
+ #include "NodeList.h"
+ #include "NodeRenderStyle.h"
+@@ -49,6 +51,7 @@
+ #include "RenderView.h"
+ #include "TextIterator.h"
+ #include "XMLNames.h"
+#include "XMLTokenizer.h"
+ 
+ #if ENABLE(SVG)
+ #include "SVGNames.h"
+@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData()
+ {
+     return new ElementRareData;
+ }
+
+PassRefPtr<DocumentFragment> Element::createContextualFragment(const String& markup)
+{
+    RefPtr<DocumentFragment> fragment = DocumentFragment::create(document());
+    
+    if (document()->isHTMLDocument())
+        parseHTMLDocumentFragment(markup, fragment.get());
+    else {
+        if (!parseXMLDocumentFragment(markup, fragment.get(), this))
+            // FIXME: We should propagate a syntax error exception out here.
+            return 0;
+    }
+    
+    // Exceptions are ignored because none ought to happen here.
+    ExceptionCode ignoredExceptionCode;
+    
+    // We need to pop <html> and <body> elements and remove <head> to
+    // accommodate folks passing complete HTML documents to make the
+    // child of an element.
+    
+    RefPtr<Node> nextNode;
+    for (RefPtr<Node> node = fragment->firstChild(); node; node = nextNode) {
+        nextNode = node->nextSibling();
+        if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) {
+            Node* firstChild = node->firstChild();
+            if (firstChild)
+                nextNode = firstChild;
+            RefPtr<Node> nextChild;
+            for (RefPtr<Node> child = firstChild; child; child = nextChild) {
+                nextChild = child->nextSibling();
+                node->removeChild(child.get(), ignoredExceptionCode);
+                ASSERT(!ignoredExceptionCode);
+                fragment->insertBefore(child, node.get(), ignoredExceptionCode);
+                ASSERT(!ignoredExceptionCode);
+            }
+            fragment->removeChild(node.get(), ignoredExceptionCode);
+            ASSERT(!ignoredExceptionCode);
+        } else if (node->hasTagName(headTag)) {
+            fragment->removeChild(node.get(), ignoredExceptionCode);
+            ASSERT(!ignoredExceptionCode);
+        }
+    }
+    
+    return fragment.release();
+}
+     
+ PassRefPtr<Node> Element::cloneNode(bool deep)
+ {
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398	2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h	2010-06-14 16:54:57.639394749 +0200
+@@ -28,6 +28,7 @@
+ #include "ContainerNode.h"
+ #include "QualifiedName.h"
+ #include "ScrollTypes.h"
+#include "DocumentFragment.h"
+ 
+ namespace WebCore {
+ 
+@@ -89,6 +90,8 @@ public:
+     DEFINE_ATTRIBUTE_EVENT_LISTENER(search);
+     DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart);
+ 
+    virtual PassRefPtr<DocumentFragment> createContextualFragment(const String&);
+
+     const AtomicString& getIDAttribute() const;
+     bool hasAttribute(const QualifiedName&) const;
+     const AtomicString& getAttribute(const QualifiedName&) const;
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398	2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp	2010-06-11 16:12:55.752525451 +0200
+@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range, 
+ 
+ PassRefPtr<DocumentFragment> createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL)
+ {
+-    ASSERT(document->documentElement()->isHTMLElement());
+-    // FIXME: What if the document element is not an HTML element?
+-    HTMLElement *element = static_cast<HTMLElement*>(document->documentElement());
+-
+-    RefPtr<DocumentFragment> fragment = element->createContextualFragment(markup);
+    RefPtr<DocumentFragment> fragment = document->documentElement()->createContextualFragment(markup);
+ 
+     if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL())
+         completeURLs(fragment.get(), baseURL);
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398	2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp	2010-06-11 16:12:55.753537613 +0200
+@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const
+     return createMarkup(this);
+ }
+ 
+-PassRefPtr<DocumentFragment> HTMLElement::createContextualFragment(const String &html)
+PassRefPtr<DocumentFragment> HTMLElement::createContextualFragment(const String &markup)
+ {
+-    // the following is in accordance with the definition as used by IE
+    // The following is in accordance with the definition as used by IE.
+     if (endTagRequirement() == TagStatusForbidden)
+         return 0;
+ 
+@@ -245,47 +245,7 @@ PassRefPtr<DocumentFragment> HTMLElement
+         hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag))
+         return 0;
+ 
+-    RefPtr<DocumentFragment> fragment = DocumentFragment::create(document());
+-    
+-    if (document()->isHTMLDocument())
+-         parseHTMLDocumentFragment(html, fragment.get());
+-    else {
+-        if (!parseXMLDocumentFragment(html, fragment.get(), this))
+-            // FIXME: We should propagate a syntax error exception out here.
+-            return 0;
+-    }
+-
+-    // Exceptions are ignored because none ought to happen here.
+-    int ignoredExceptionCode;
+-
+-    // we need to pop <html> and <body> elements and remove <head> to
+-    // accommodate folks passing complete HTML documents to make the
+-    // child of an element.
+-
+-    RefPtr<Node> nextNode;
+-    for (RefPtr<Node> node = fragment->firstChild(); node; node = nextNode) {
+-        nextNode = node->nextSibling();
+-        if (node->hasTagName(htmlTag) || node->hasTagName(bodyTag)) {
+-            Node *firstChild = node->firstChild();
+-            if (firstChild)
+-                nextNode = firstChild;
+-            RefPtr<Node> nextChild;
+-            for (RefPtr<Node> child = firstChild; child; child = nextChild) {
+-                nextChild = child->nextSibling();
+-                node->removeChild(child.get(), ignoredExceptionCode);
+-                ASSERT(!ignoredExceptionCode);
+-                fragment->insertBefore(child, node.get(), ignoredExceptionCode);
+-                ASSERT(!ignoredExceptionCode);
+-            }
+-            fragment->removeChild(node.get(), ignoredExceptionCode);
+-            ASSERT(!ignoredExceptionCode);
+-        } else if (node->hasTagName(headTag)) {
+-            fragment->removeChild(node.get(), ignoredExceptionCode);
+-            ASSERT(!ignoredExceptionCode);
+-        }
+-    }
+-
+-    return fragment.release();
+    return Element::createContextualFragment(markup);
+ }
+ 
+ static inline bool hasOneChild(ContainerNode* node)
+@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str
+ 
+ void HTMLElement::setInnerText(const String& text, ExceptionCode& ec)
+ {
+-    // follow the IE specs about when this is allowed
+    // Follow the IE specs about when this is allowed.
+     if (endTagRequirement() == TagStatusForbidden) {
+         ec = NO_MODIFICATION_ALLOWED_ERR;
+         return;
+@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str
+ 
+ void HTMLElement::setOuterText(const String &text, ExceptionCode& ec)
+ {
+-    // follow the IE specs about when this is allowed
+    // Follow the IE specs about when this is allowed.
+     if (endTagRequirement() == TagStatusForbidden) {
+         ec = NO_MODIFICATION_ALLOWED_ERR;
+         return;
+@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str
+     if (ec)
+         return;
+ 
+-    // is previous node a text node? if so, merge into it
+    // Is previous node a text node? If so, merge into it.
+     Node* prev = t->previousSibling();
+     if (prev && prev->isTextNode()) {
+         Text* textPrev = static_cast<Text*>(prev);
+@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str
+         t = textPrev;
+     }
+ 
+-    // is next node a text node? if so, merge it in
+    // Is next node a text node? If so, merge it in.
+     Node* next = t->nextSibling();
+     if (next && next->isTextNode()) {
+         Text* textNext = static_cast<Text*>(next);
+@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const 
+         return 0;
+     }
+     
+-    // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative
+    // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative.
+     ec = NOT_SUPPORTED_ERR;
+     return 0;
+ }
+@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const 
+ Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec)
+ {
+     if (!newChild) {
+-        // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative
+        // IE throws COM Exception E_INVALIDARG; this is the best DOM exception alternative.
+         ec = TYPE_MISMATCH_ERR;
+         return 0;
+     }
+@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe
+ 
+ void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr)
+ {
+-    // vertical alignment with respect to the current baseline of the text
+-    // right or left means floating images
+    // Vertical alignment with respect to the current baseline of the text
+    // right or left means floating images.
+     int floatValue = CSSValueInvalid;
+     int verticalAlignValue = CSSValueInvalid;
+ 
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
@ -0,0 +1,32 @@
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp.CVE-2010-1400	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderObject.cpp	2010-06-15 13:55:36.853463455 +0200
+@@ -1611,7 +1611,7 @@ void RenderObject::styleWillChange(Style
+     }
+ }
+ 
+-void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle*)
+void RenderObject::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
+ {
+     if (s_affectsParentBlock)
+         handleDynamicFloatPositionChange();
+@@ -1619,9 +1619,17 @@ void RenderObject::styleDidChange(StyleD
+     if (!m_parent)
+         return;
+     
+-    if (diff == StyleDifferenceLayout)
+    if (diff == StyleDifferenceLayout) {
+        // If the object already needs layout, then setNeedsLayout won't do
+        // any work. But if the containing block has changed, then we may need
+        // to make the new containing blocks for layout. The change that can
+        // directly affect the containing block of this object is a change to
+        // the position style.
+        if (m_needsLayout && oldStyle->position() != m_style->position())
+            markContainingBlocksForLayout();
+
+         setNeedsLayoutAndPrefWidthsRecalc();
+-    else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
+    } else if (diff == StyleDifferenceLayoutPositionedMovementOnly)
+         setNeedsPositionedMovementLayout();
+ 
+     // Don't check for repaint here; we need to wait until the layer has been
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
@ -0,0 +1,45 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-2010-1412/src/3rdparty/webkit/WebCore/rendering/RenderLayer.cpp	2010-06-11 00:09:43.741191104 +0200
+@@ -3039,22 +3039,33 @@
+     // Locate the common ancestor render object for the two renderers.
+     RenderObject* ancestor = commonAncestor(oldHoverObj, newHoverObj);
+ 
+    Vector<Node*, 32> nodesToRemoveFromChain;
+    Vector<Node*, 32> nodesToAddToChain;
+
+     if (oldHoverObj != newHoverObj) {
+         // The old hover path only needs to be cleared up to (and not including) the common ancestor;
+         for (RenderObject* curr = oldHoverObj; curr && curr != ancestor; curr = curr->hoverAncestor()) {
+-            if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) {
+-                curr->node()->setActive(false);
+-                curr->node()->setHovered(false);
+-            }
+            if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain()))
+                nodesToRemoveFromChain.append(curr->node());
+         }
+     }
+ 
+     // Now set the hover state for our new object up to the root.
+     for (RenderObject* curr = newHoverObj; curr; curr = curr->hoverAncestor()) {
+-        if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain())) {
+-            curr->node()->setActive(request.active());
+-            curr->node()->setHovered(true);
+-        }
+        if (curr->node() && !curr->isText() && (!mustBeInActiveChain || curr->node()->inActiveChain()))
+            nodesToAddToChain.append(curr->node());
+    }
+
+    size_t removeCount = nodesToRemoveFromChain.size();
+    for (size_t i = 0; i < removeCount; ++i) {
+        nodesToRemoveFromChain[i]->setActive(false);
+        nodesToRemoveFromChain[i]->setHovered(false);
+    }
+
+    size_t addCount = nodesToAddToChain.size();
+    for (size_t i = 0; i < addCount; ++i) {
+        nodesToAddToChain[i]->setActive(request.active());
+        nodesToAddToChain[i]->setHovered(true);
+     }
+ }
+ 
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
@ -0,0 +1,33 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp	2010-06-11 13:42:31.190174662 +0200
+@@ -207,7 +207,7 @@
+ PassRefPtr<StringImpl> RenderText::originalText() const
+ {
+     Node* e = node();
+-    return e ? static_cast<Text*>(e)->dataImpl() : 0;
+    return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
+ }
+ 
+ void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp	2010-06-11 13:42:31.197153658 +0200
+@@ -47,7 +47,7 @@
+ PassRefPtr<StringImpl> RenderTextFragment::originalText() const
+ {
+     Node* e = node();
+-    RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
+    RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
+     if (result && (start() > 0 || start() < result->length()))
+         result = result->substring(start(), end());
+     return result.release();
+@@ -76,7 +76,7 @@
+ {
+     if (start()) {
+         Node* e = node();
+-        StringImpl*  original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
+        StringImpl*  original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
+         if (original)
+             return (*original)[start() - 1];
+     }
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
@ -0,0 +1,16 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1773/src/3rdparty/webkit/WebCore/rendering/RenderListMarker.cpp	2010-06-10 17:33:06.092192665 +0200
+@@ -88,8 +88,10 @@
+     --number;
+     letters[lettersSize - 1] = alphabet[number % alphabetSize];
+     int length = 1;
+-    while ((number /= alphabetSize) > 0)
+-        letters[lettersSize - ++length] = alphabet[number % alphabetSize - 1];
+    while ((number /= alphabetSize) > 0) {
+        --number;
+        letters[lettersSize - ++length] = alphabet[number % alphabetSize];
+    }
+ 
+     ASSERT(length <= lettersSize);
+     return String(&letters[lettersSize - length], length);
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
@ -0,0 +1,13 @@
+diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp	2010-06-02 04:03:11.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-1774/src/3rdparty/webkit/WebCore/rendering/FixedTableLayout.cpp	2010-06-11 14:45:02.625278334 +0200
+@@ -168,8 +168,7 @@
+                 
+                 int usedSpan = 0;
+                 int i = 0;
+-                while (usedSpan < span) {
+-                    ASSERT(cCol + i < nEffCols);
+                while (usedSpan < span && cCol + i < nEffCols) {
+                     int eSpan = m_table->spanOfEffCol(cCol + i);
+                     // Only set if no col element has already set it.
+                     if (m_width[cCol + i].isAuto() && w.type() != Auto) {
--- a/qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
+++ b/qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch
@ -0,0 +1,29 @@
+diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp.CVE-2010-1778	2010-06-11 16:12:55.786338275 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/page/FrameView.cpp	2010-06-15 13:23:21.114401487 +0200
+@@ -1189,14 +1189,13 @@ void FrameView::scheduleRelayoutOfSubtre
+ {
+     ASSERT(m_frame->view() == this);
+ 
+-    if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer()
+-            && m_frame->contentRenderer()->needsLayout())) {
+    if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) {
+         if (relayoutRoot)
+             relayoutRoot->markContainingBlocksForLayout(false);
+         return;
+     }
+ 
+-    if (layoutPending()) {
+    if (layoutPending() || !m_layoutSchedulingEnabled) {
+         if (m_layoutRoot != relayoutRoot) {
+             if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) {
+                 // Keep the current root
+@@ -1213,7 +1212,7 @@ void FrameView::scheduleRelayoutOfSubtre
+                 relayoutRoot->markContainingBlocksForLayout(false);
+             }
+         }
+-    } else {
+    } else if (m_layoutSchedulingEnabled) {
+         int delay = m_frame->document()->minimumLayoutDelay();
+         m_layoutRoot = relayoutRoot;
+         m_delayedLayout = delay != 0;
--- a/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch
+++ b/qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch
@ -0,0 +1,21 @@
+diff -up qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp
+--- qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp.glib_eventloop_nullcheck	2010-06-01 21:03:15.000000000 -0500
+++ qt-everywhere-opensource-src-4.6.3/src/gui/kernel/qguieventdispatcher_glib.cpp	2010-06-29 14:58:12.299073784 -0500
+@@ -76,7 +76,7 @@ static gboolean x11EventSourcePrepare(GS
+     GX11EventSource *source = reinterpret_cast<GX11EventSource *>(s);
+     return (XEventsQueued(X11->display, QueuedAfterFlush)
+             || (!(source->flags & QEventLoop::ExcludeUserInputEvents)
+-                && !source->d->queuedUserInputEvents.isEmpty()));
+                && source->d && !source->d->queuedUserInputEvents.isEmpty()));
+ }
+ 
+ static gboolean x11EventSourceCheck(GSource *s)
+@@ -84,7 +84,7 @@ static gboolean x11EventSourceCheck(GSou
+     GX11EventSource *source = reinterpret_cast<GX11EventSource *>(s);
+     return (XEventsQueued(X11->display, QueuedAfterFlush)
+             || (!(source->flags & QEventLoop::ExcludeUserInputEvents)
+-                && !source->d->queuedUserInputEvents.isEmpty()));
+                && source->d && !source->d->queuedUserInputEvents.isEmpty()));
+ }
+ 
+ static gboolean x11EventSourceDispatch(GSource *s, GSourceFunc callback, gpointer user_data)
--- a/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch
+++ b/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch
@ -0,0 +1,47 @@
+diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp
+--- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp.gtk_init	2010-05-03 19:43:20.000000000 -0500
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/qt/PluginPackageQt.cpp	2010-06-18 10:11:20.738800727 -0500
+@@ -35,6 +35,8 @@
+ 
+ namespace WebCore {
+ 
+typedef void gtkInitFunc(int *argc, char ***argv);
+
+ bool PluginPackage::fetchInfo()
+ {
+     if (!load())
+@@ -110,6 +112,8 @@ bool PluginPackage::load()
+     NP_InitializeFuncPtr NP_Initialize;
+     NPError npErr;
+ 
+    gtkInitFunc* gtkInit;
+
+     NP_Initialize = (NP_InitializeFuncPtr)m_module->resolve("NP_Initialize");
+     m_NPP_Shutdown = (NPP_ShutdownProcPtr)m_module->resolve("NP_Shutdown");
+ 
+@@ -127,6 +131,25 @@ bool PluginPackage::load()
+         m_browserFuncs.getvalue = staticPluginQuirkRequiresGtkToolKit_NPN_GetValue;
+     }
+ 
+    // WORKAROUND: Prevent gtk based plugin crashes such as BR# 40567 by
+    // explicitly forcing the initializing of Gtk, i.e. calling gtk_init,
+    // whenver the symbol is present in the plugin library loaded above.
+    // Note that this workaround is based on code from the NSPluginClass ctor
+    // in KDE's kdebase/apps/nsplugins/viewer/nsplugin.cpp file.
+    gtkInit = (gtkInitFunc*)m_module->resolve("gtk_init");
+    if (gtkInit) {
+        // Prevent gtk_init() from replacing the X error handlers, since the Gtk
+        // handlers abort when they receive an X error, thus killing the viewer.
+#ifdef Q_WS_X11
+        int (*old_error_handler)(Display*, XErrorEvent*) = XSetErrorHandler(0);
+        int (*old_io_error_handler)(Display*) = XSetIOErrorHandler(0);
+#endif
+        gtkInit(0, 0);
+#ifdef Q_WS_X11
+        XSetErrorHandler(old_error_handler);
+        XSetIOErrorHandler(old_io_error_handler);
+#endif
+    }
+ #if defined(XP_UNIX)
+     npErr = NP_Initialize(&m_browserFuncs, &m_pluginFuncs);
+ #else
--- a/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_pluginpath.patch
+++ b/qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_pluginpath.patch
@ -0,0 +1,19 @@
+diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp.pluginpath qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp
+--- qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp.pluginpath	2010-05-03 19:43:20.000000000 -0500
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/3rdparty/webkit/WebCore/plugins/PluginDatabase.cpp	2010-06-18 10:02:37.004788646 -0500
+@@ -345,6 +345,7 @@ Vector<String> PluginDatabase::defaultPl
+     paths.append("/usr/lib/firefox/plugins");
+     paths.append("/usr/lib64/browser-plugins");
+     paths.append("/usr/lib/browser-plugins");
+    paths.append("/usr/lib/mozilla/plugins-wrapped");
+     paths.append("/usr/lib/mozilla/plugins");
+     paths.append("/usr/local/netscape/plugins");
+     paths.append("/opt/mozilla/plugins");
+@@ -355,6 +356,7 @@ Vector<String> PluginDatabase::defaultPl
+     paths.append("/usr/lib/netscape/plugins-libc5");
+     paths.append("/usr/lib/netscape/plugins-libc6");
+     paths.append("/usr/lib64/netscape/plugins");
+    paths.append("/usr/lib64/mozilla/plugins-wrapped");
+     paths.append("/usr/lib64/mozilla/plugins");
+     paths.append("/usr/lib/nsbrowser/plugins");
+     paths.append("/usr/lib64/nsbrowser/plugins");
--- a/qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
+++ b/qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
@ -0,0 +1,36 @@
+diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp
+--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp.uic_multilib	2010-05-03 19:43:25.000000000 -0500
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/embed.cpp	2010-06-25 14:11:21.815474310 -0500
+@@ -152,7 +152,7 @@ void Ui3Reader::embed(const char *projec
+     for ( it = images.begin(); it != images.end(); ++it )
+         out << "**      " << *it << "\n";
+     out << "**\n";
+-    out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
+    out << "** Created: " << "\n";
+     out << "**      by: The User Interface Compiler for Qt version " << QT_VERSION_STR << "\n";
+     out << "**\n";
+     out << "** WARNING! All changes made in this file will be lost!\n";
+diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp
+--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp.uic_multilib	2010-05-03 19:43:25.000000000 -0500
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic3/uic.cpp	2010-06-25 14:11:32.910460623 -0500
+@@ -146,7 +146,7 @@ void Uic::writeCopyrightHeader(DomUI *ui
+         out << "/********************************************************************************\n";
+         out << "** Form generated from reading UI file '" << QFileInfo(opt.inputFile).fileName() << "'\n";
+         out << "**\n";
+-        out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
+        out << "** Created: " << "\n";
+         out << "**      " << QString::fromLatin1("by: Qt User Interface Compiler version %1\n").arg(QLatin1String(QT_VERSION_STR));
+         out << "**\n";
+         out << "** WARNING! All changes made in this file will be lost when recompiling UI file!\n";
+diff -up qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp.uic_multilib qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp
+--- qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp.uic_multilib	2010-05-03 19:43:25.000000000 -0500
+++ qt-everywhere-opensource-src-4.7.0-beta1/src/tools/uic/uic.cpp	2010-06-25 14:10:45.360711498 -0500
+@@ -139,7 +139,7 @@ void Uic::writeCopyrightHeader(DomUI *ui
+         out << "/********************************************************************************\n";
+         out << "** Form generated from reading UI file '" << QFileInfo(opt.inputFile).fileName() << "'\n";
+         out << "**\n";
+-        out << "** Created: " << QDateTime::currentDateTime().toString() << "\n";
+        out << "** Created: " << "\n";
+         out << "**      " << QString::fromLatin1("by: Qt User Interface Compiler version %1\n").arg(QLatin1String(QT_VERSION_STR));
+         out << "**\n";
+         out << "** WARNING! All changes made in this file will be lost when recompiling UI file!\n";
--- a/qt.spec
+++ b/qt.spec
@ -12,8 +12,8 @@
 Summary: Qt toolkit
 Name:    qt
 Epoch:   1
-Version: 4.6.2
-Release: 2%{?dist}
+Version: 4.6.3
+Release: 7%{?dist}

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -34,6 +34,7 @@ Source5: qconfig-multilib.h
 # multilib hacks 
 Patch2: qt-x11-opensource-src-4.2.2-multilib-optflags.patch
 Patch3: qt-x11-opensource-src-4.2.2-multilib-QMAKEPATH.patch
+Patch4: qt-everywhere-opensource-src-4.7.0-beta1-uic_multilib.patch
 Patch5: qt-all-opensource-src-4.4.0-rc1-as_IN-437440.patch
 # hack around gcc/ppc crasher, http://bugzilla.redhat.com/492185
 Patch13: qt-x11-opensource-src-4.5.0-gcc_hack.patch
@ -47,20 +48,45 @@ Patch21: qt-everywhere-opensource-src-4.6.0-gst-pulsaudio.patch
 # use system ca-bundle certs, http://bugzilla.redhat.com/521911
 Patch22: qt-x11-opensource-src-4.5.3-system_ca_certificates.patch 
 Requires: ca-certificates
+# may be upstreamable, not sure yet
+# workaround for gdal/grass crashers wrt glib_eventloop null deref's
+Patch23: qt-everywhere-opensource-src-4.6.3-glib_eventloop_nullcheck.patch

 ## upstreamable bits
 # http://bugzilla.redhat.com/485677
 Patch51: qt-everywhere-opensource-src-4.6.0-beta1-qdoc3.patch 
-Patch52: qt-4.5-sparc64.patch
 # fix invalid inline assembly in qatomic_{i386,x86_64}.h (de)ref implementations
 Patch53: qt-x11-opensource-src-4.5.0-fix-qatomic-inline-asm.patch
 # fix invalid assumptions about mysql_config --libs
 # http://bugzilla.redhat.com/440673
 Patch54: qt-x11-opensource-src-4.5.1-mysql_config.patch
 # http://bugs.kde.org/show_bug.cgi?id=180051#c22
-Patch55: qt-cups-1.patch
+Patch55: qt-everywhere-opensource-src-4.6.2-cups.patch
+# fix type cast issue on s390x
+Patch56: qt-everywhere-opensource-src-4.6.2-webkit-s390x.patch
+# fix type cast issue on sparc64
+Patch57: qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch
+# qtwebkit to search nspluginwrapper paths too
+Patch58: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_pluginpath.patch

-# security patches
+# upstream or security patches
+# https://bugs.webkit.org/show_bug.cgi?id=40567
+Patch100: qt-everywhere-opensource-src-4.7.0-beta1-qtwebkit_gtk_init.patch
+Patch104: qt-everywhere-opensource-src-4.6.2-cve-2010-0051-lax-css-parsing-cross-domain-theft.patch
+Patch106: qt-everywhere-opensource-src-4.6.2-cve-2010-0656.patch
+Patch108: qt-everywhere-opensource-src-4.6.2-cve-2010-0648.patch
+Patch109: qt-everywhere-opensource-src-4.6.3-CVE-2010-1303_1304.patch
+Patch110: qt-everywhere-opensource-src-4.6.3-CVE-2010-1392.patch
+Patch111: qt-everywhere-opensource-src-4.6.3-CVE-2010-1396.patch
+Patch112: qt-everywhere-opensource-src-4.6.3-CVE-2010-1397.patch
+Patch113: qt-everywhere-opensource-src-4.6.3-CVE-2010-1398.patch
+Patch114: qt-everywhere-opensource-src-4.6.3-CVE-2010-1400.patch
+Patch115: qt-everywhere-opensource-src-4.6.3-CVE-2010-1412.patch
+Patch116: qt-everywhere-opensource-src-4.6.3-CVE-2010-1770.patch
+Patch117: qt-everywhere-opensource-src-4.6.3-CVE-2010-1773.patch
+Patch118: qt-everywhere-opensource-src-4.6.3-CVE-2010-1774.patch
+Patch119: qt-everywhere-opensource-src-4.6.3-CVE-2010-1119.patch
+Patch120: qt-everywhere-opensource-src-4.6.3-CVE-2010-1778.patch

 # kde-qt git patches
 Patch201: 0001-This-patch-uses-object-name-as-a-fallback-for-window.patch
@ -73,7 +99,9 @@ Patch207: 0007-When-using-qmake-outside-qt-src-tree-it-sometimes-ge.patch
 Patch208: 0008-This-patch-makes-the-raster-graphics-system-use-shar.patch
 Patch209: 0009-Restore-a-section-of-the-file-that-got-removed-due-t.patch
 Patch212: 0012-Add-context-to-tr-calls-in-QShortcut.patch
-
+Patch217: http://qt.gitorious.org/+kde-developers/qt/kde-qt/commit/55ef01d93f8257b5927660290fc1ead0b2b74ec9.patch
+# QTBUG-9793
+Patch218: http://qt.gitorious.org/qt/qt/commit/0ebc9783d8ca0c4b27208bbc002c53c52c19ab4c.patch

 Source10: http://gstreamer.freedesktop.org/data/images/artwork/gstreamer-logo.svg
 Source11: hi16-phonon-gstreamer.png
@ -139,6 +167,7 @@ Source31: hi48-app-qt4-logo.png
 Prereq: /etc/ld.so.conf.d
 %endif

+BuildRequires: alsa-lib-devel
 BuildRequires: dbus-devel >= 0.62
 BuildRequires: cups-devel
 BuildRequires: desktop-file-utils
@ -260,6 +289,8 @@ Provides:  phonon-devel = %{phonon_version}-%{phonon_release}
 %if 0%{?webkit:1}
 Obsoletes: WebKit-qt-devel < 1.0.0-1
 Provides:  WebKit-qt-devel = 1.0.0-1
+Provides:  qt4-webkit-devel = %{version}-%{release}
+Provides:  qt4-webkit-devel%{?_isa} = %{version}-%{release}
 %endif
 Obsoletes: qt4-designer < %{version}-%{release}
 Provides:  qt4-designer = %{version}-%{release}
@ -269,6 +300,8 @@ Obsoletes: qt4-devel < %{version}-%{release}
 Provides:  qt4-devel = %{version}-%{release}
 %{?_isa:Provides: qt4-devel%{?_isa} = %{version}-%{release}}
 Provides:  qt4-static = %{version}-%{release}
+Provides: qt-assistant-adp-devel = %{version}-0.%{release}
+%{?_isa:Provides: qt-assistant-adp-devel%{?_isa} = %{version}-0.%{release}}

 %description devel
 This package contains the files necessary to develop
@ -365,6 +398,8 @@ Provides:  qt4-phonon = %{version}-%{release}
 %if 0%{?webkit:1}
 Obsoletes: WebKit-qt < 1.0.0-1
 Provides:  WebKit-qt = 1.0.0-1
+Provides:  qt4-webkit = %{version}-%{release}
+Provides:  qt4-webkit%{?_isa} = %{version}-%{release}
 %endif
 %if 0%{?sqlite:1}
 Requires: %{name}-sqlite%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
@ -374,6 +409,8 @@ Provides: %{name}-assistant = %{version}-%{release}
 Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 Obsoletes: qt4-x11 < %{version}-%{release}
 Provides:  qt4-x11 = %{version}-%{release}
+Provides: qt-assistant-adp = %{version}-0.%{release}
+%{?_isa:Provides: qt-assistant-adp%{?_isa} = %{version}-0.%{release}}
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig

@ -390,6 +427,8 @@ Qt libraries used for drawing widgets and OpenGL items.
 %if "%{_qt4_datadir}" != "%{_qt4_prefix}"
 %patch3 -p1 -b .multilib-QMAKEPATH
 %endif
+%patch4 -p1 -b .uic_multilib
+
 %patch5 -p1 -b .bz#437440-as_IN-437440
 %patch13 -p1 -b .gcc_hack
 %patch15 -p1 -b .enable_ft_lcdfilter
@ -398,16 +437,37 @@ Qt libraries used for drawing widgets and OpenGL items.
 %patch19 -p1 -b .servicesfile
 %patch21 -p1 -b .gst-pulsaudio
 %patch22 -p1 -b .system_ca_certificates
+%patch23 -p1 -b .glib_eventloop_nullcheck
 %patch51 -p1 -b .qdoc3
-## FIXME: port patch
-#patch52 -p1 -b .sparc64
 ## TODO: still worth carrying?  if so, upstream it.
 %patch53 -p1 -b .qatomic-inline-asm
 ## TODO: upstream me
 %patch54 -p1 -b .mysql_config
 %patch55 -p1 -b .cups-1
+%patch56 -p1 -b .typecast_s390x
+%patch57 -p1 -b .typecast_sparc64
+%patch58 -p1 -b .qtwebkit_pluginpath
+
+# upstream patches
+%patch100 -p1 -b .qtwebkit_gtk_init

 # security fixes
+%patch104 -p1 -b .cve-2010-0051-lax-css-parsing-cross-domain-theft
+%patch106 -p1 -b .cve-2010-0656
+%patch108 -p1 -b .cve-2010-0648
+%patch109 -p1 -b .CVE-2010-1303_1304
+%patch110 -p1 -b .CVE-2010-1392
+%patch111 -p1 -b .CVE-2010-1396
+%patch112 -p1 -b .CVE-2010-1397
+%patch113 -p1 -b .CVE-2010-1398
+%patch114 -p1 -b .CVE-2010-1400
+%patch115 -p1 -b .CVE-2010-1412
+%patch116 -p1 -b .CVE-2010-1770
+%patch117 -p1 -b .CVE-2010-1773
+%patch118 -p1 -b .CVE-2010-1774
+%patch119 -p1 -b .CVE-2010-1119
+%patch120 -p1 -b .CVE-2010-1778
+

 # kde-qt branch
 %patch201 -p1 -b .kde-qt-0001
@ -418,15 +478,24 @@ Qt libraries used for drawing widgets and OpenGL items.
 %patch206 -p1 -b .kde-qt-0006
 %patch207 -p1 -b .kde-qt-0007
 %patch212 -p1 -b .kde-qt-0012
+%patch217 -p1 -b .QT_GRAPHICSSYSTEM
+%patch218 -p1 -b .QTBUG-9793

 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`

 %define platform linux-g++
-%if "%{_qt4_datadir}" != "%{_qt4_prefix}" && "%{_lib}" == "lib64"                                  
+
+# some 64bit platforms assume -64 suffix, https://bugzilla.redhat.com/569542
+%if "%{?__isa_bits}"  == "64"
 %define platform linux-g++-64                                                                      
 %endif

+# https://bugzilla.redhat.com/478481
+%ifarch x86_64
+%define platform linux-g++
+%endif
+
 sed -i \
  -e "s|-O2|$RPM_OPT_FLAGS|g" \
  -e "s|g++.conf|g++-multilib.conf|g" mkspecs/%{platform}/qmake.conf
@ -454,12 +523,6 @@ if [ "%{_lib}" == "lib64" ] ; then
  sed -i -e "s,/lib /usr/lib,/%{_lib} /usr/%{_lib},g" config.tests/{unix,x11}/*.test
 fi

-# let makefile create missing .qm files, the .qm files should be included in qt upstream
-for f in translations/*.ts ; do
-  touch ${f%.ts}.qm
-done
-
-
 %build

 # build shared, threaded (default) libraries
@ -525,9 +588,6 @@ done

 make %{?_smp_mflags}

-# recreate .qm files
-LD_LIBRARY_PATH=`pwd`/lib bin/lrelease translations/*.ts
-

 %install
 rm -rf %{buildroot}
@ -564,6 +624,8 @@ done

 # nuke dangling reference(s) to %buildroot
 sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" %{buildroot}%{_qt4_libdir}/*.prl
+sed -i -e "s|-L%{_builddir}/qt-everywhere-opensource-src-%{version}/lib||g" \
+          %{buildroot}%{_qt4_libdir}/pkgconfig/*.pc

 # nuke QMAKE_PRL_LIBS, seems similar to static linking and .la files (#520323)
 sed -i -e "s|^QMAKE_PRL_LIBS|#QMAKE_PRL_LIBS|" %{buildroot}%{_qt4_libdir}/*.prl
@ -691,10 +753,10 @@ cat >%{buildroot}%{_sysconfdir}/rpm/macros.qt4<<EOF
 %%_qt4_translationdir %%{_datadir}/qt4/translations 
 EOF

-# create/own %%_qt4_plugindir/styles
-mkdir %{buildroot}%{_qt4_plugindir}/styles
-# create/own %%_qt4_plugindir/gui_platform
+# create/own stuff under %%_qt4_plugindir
+mkdir %{buildroot}%{_qt4_plugindir}/crypto
 mkdir %{buildroot}%{_qt4_plugindir}/gui_platform
+mkdir %{buildroot}%{_qt4_plugindir}/styles

 %if 0%{?phonon_internal}
 mkdir -p %{buildroot}%{_qt4_plugindir}/phonon_backend
@ -827,6 +889,7 @@ fi
 %{_qt4_libdir}/libQtXmlPatterns.so.4*
 %dir %{_qt4_plugindir}
 %dir %{_qt4_plugindir}/sqldrivers/
+%dir %{_qt4_plugindir}/crypto/
 %{_qt4_translationdir}/

 %if 0%{?demos}
@ -987,6 +1050,7 @@ fi
 %{_qt4_libdir}/libQtSvg.so.4*
 %{?webkit:%{_qt4_libdir}/libQtWebKit.so.4*}
 %{_qt4_plugindir}/*
+%exclude %{_qt4_plugindir}/crypto
 %exclude %{_qt4_plugindir}/sqldrivers
 #if "%{?phonon_backend}" == "-phonon-backend"
 %if 0%{?phonon_backend_packaged}
@ -1005,6 +1069,91 @@ fi


 %changelog
+* Tue Jun 29 2010 Rex Dieter <rdieter@fedoraproject.org. 4.6.3-7
+- workaround glib_eventloop crasher induced by gdal/grass (bug #498111)
+
+* Fri Jun 20 2010 Rex Dieter <rdieter@fedoraproject.org> 4.6.3-5
+- avoid timestamps in uic-generated files to be multilib-friendly
+
+* Fri Jun 18 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.3-4
+- QtWebKit does not search correct plugin path(s) (#568860)
+- QtWebKit browsers crash with flash-plugin (rh#605677,webkit#40567)
+
+* Tue Jun 15 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-3
+- WebKit security update:
+  CVE-2010-1119, CVE-2010-1400, CVE-2010-1778
+
+* Fri Jun 11 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.3-2
+- WebKit security update:
+  CVE-2010-1303_1304, CVE-2010-1392, CVE-2010-1396, CVE-2010-1397,
+  CVE-2010-1398, CVE-2010-1412, CVE-2010-1770,
+  CVE-2010-1773, CVE-2010-1774
+
+* Tue Jun 08 2010 Than Ngo <than@redhat.com> - 4.6.3-1
+- 4.6.3
+
+* Thu May 27 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-20 
+- Unsafe use of rand() in X11 (QTBUG-9793)
+
+* Mon May 17 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-19
+- support QT_GRAPHICSSYSTEM env
+
+* Thu May 06 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-18
+- +Provides: qt4-webkit(-devel)
+
+* Thu May 06 2010 Than Ngo <than@redhat.com> - 4.6.2-17
+- bz#589169, fix multiple flaws in webkit
+  CVE-2010-0047, CVE-2010-0648, CVE-2010-0656
+
+* Thu Apr 29 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-16
+- restore qt-everywhere-opensource-src-4.6.2-cups.patch (#586725)
+
+* Wed Apr 28 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-15
+- own %%{_qt4_plugindir}/crypto
+
+* Thu Apr 15 2010 Than Ngo <than@redhat.com> - 4.6.2-14
+- backport from 4.7 branch to get the printDialog to check
+  for default paperSize via CUPS, it replaces the patch 
+  qt-everywhere-opensource-src-4.6.2-cups.patch
+
+* Tue Apr 06 2010 Than Ngo <than@redhat.com> - 4.6.2-13
+- backport from 4.7 branch to fix s390(x) atomic ops crashes
+
+* Fri Apr 02 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-12 
+- Associate text/vnd.trolltech.linguist with linguist (#579082)
+
+* Tue Mar 23 2010 Tom "spot" Callaway <tcallawa@redhat.com> - 4.6.2-11
+- fix type cast issue on sparc64
+- drop "recreate .qm file", it's not needed anymore
+
+* Tue Mar 23 2010 Than Ngo <than@redhat.com> - 4.6.2-10
+- fix type cast issue on s390x
+
+* Mon Mar 22 2010 Than Ngo <than@redhat.com> - 4.6.2-9
+- backport patch to fix a crash when reparenting an item
+  in QGraphicsView, QTBUG-6932
+- drop dangling reference(s) to %%buildroot in *.pc
+
+* Wed Mar 17 2010 Jaroslav Reznik <jreznik@redhat.com> - 4.6.2-8
+- WebKit security update:
+  CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051,
+  CVE-2010-0052, CVE-2010-0054
+
+* Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-7
+- BR alsa-lib-devel (for QtMultimedia)
+
+* Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-6
+- Provides: qt-assistant-adp(-devel)
+
+* Fri Mar 05 2010 Than Ngo <than@redhat.com> - 4.6.2-5
+- Make tablet detection work with new wacom drivers (#569132)
+
+* Mon Mar 01 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-4
+- fix 64bit platform logic, use linux-g++-64 everywhere except x86_64 (#569542)
+
+* Sun Feb 28 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-3
+- fix CUPS patch not to crash if currentPPD is NULL (#566304)
+
 * Tue Feb 16 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-2
 - macros.qt4: s/qt45/qt46/

--- a/2
+++ b/2
@ -7,4 +7,4 @@ d9f511e4b51983b4e10eb58b320416d5  hi128-app-qt4-logo.png
 12db12c009b722a6dc141f78feb7e330  hi32-phonon-gstreamer.png
 86c34a1b81d44980b1381f94ed6b7a23  hi48-phonon-gstreamer.png
 153505c71ec021b0a3bd4b74f2492e93  hi64-phonon-gstreamer.png
-eb651ee4b157c01696aa56777fc6e0e5  qt-everywhere-opensource-src-4.6.2.tar.gz
+5c69f16d452b0bb3d44bc3c10556c072  qt-everywhere-opensource-src-4.6.3.tar.gz
Author	SHA1	Message	Date
Rex Dieter	23e5d3403d	respin glib_eventloop_nullcheck.patch	2010-06-29 19:55:43 +00:00
Rex Dieter	88e1d8ad3b	do the deref check in the right place	2010-06-29 17:33:57 +00:00
Rex Dieter	5b94692e82	- workaround glib_eventloop crasher induced by gdal/grass (bug #498111 )	2010-06-29 17:13:16 +00:00
Rex Dieter	b497f348d8	- avoid timestamps in uic-generated files to be multilib-friendly	2010-06-25 19:12:03 +00:00
Rex Dieter	e41116100d	inadvertantly disabled patch13 (gcc_hack). probably safe to remove it, but let's leave it for now (it's removed in devel/ branch)	2010-06-18 15:56:24 +00:00
Rex Dieter	37a14a7af7	- QtWebKit does not search correct plugin path(s) (#568860 ) - QtWebKit browsers crash with flash-plugin (rh#605677,webkit#40567)	2010-06-18 15:37:07 +00:00
Jaroslav Reznik	ff19172b12	- WebKit security update: CVE-2010-1119, CVE-2010-1400, CVE-2010-1778	2010-06-15 13:17:58 +00:00
Jaroslav Reznik	d4493eb02b	disable CVE-2010-1400 patch before proper backporting it	2010-06-14 15:44:34 +00:00
Jaroslav Reznik	6d30a55d1e	CVE-2010-1398 fix	2010-06-14 14:58:01 +00:00
Jaroslav Reznik	a5dc781fae	- WebKit security update: CVE-2010-1303_1304, CVE-2010-1392, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1400, CVE-2010-1412, CVE-2010-1770, CVE-2010-1773, CVE-2010-1774	2010-06-11 14:23:51 +00:00
Than Ngo	b1a96b675c	remove, it's already included in 4.6.3	2010-06-09 12:17:22 +00:00
Than Ngo	3ff9572cc0	remove patches which are already included in 4.6.3	2010-06-09 12:12:30 +00:00
Than Ngo	3ba68ba31d	4.6.3	2010-06-08 10:01:11 +00:00
Rex Dieter	191adcf24d	- Unsafe use of rand() in X11 (QTBUG-9793)	2010-05-27 17:02:10 +00:00
Rex Dieter	a98a335da7	- support QT_GRAPHICSSYSTEM env	2010-05-17 19:56:50 +00:00
Rex Dieter	2dd6c16d3f	- +Provides: qt4-webkit(-devel)	2010-05-07 03:58:01 +00:00
Than Ngo	78ace5e701	- bz#589169, fix multiple flaws in webkit CVE-2010-0047, CVE-2010-0648, CVE-2010-0656	2010-05-06 16:00:04 +00:00
Kevin Kofler	337d119fff	Release++ (to match changelog).	2010-04-29 07:48:18 +00:00
Kevin Kofler	86310914dc	- restore qt-everywhere-opensource-src-4.6.2-cups.patch (#586725 )	2010-04-29 07:26:41 +00:00
Rex Dieter	0d65ddcb06	cvs-only (no builds... yet) Wed Apr 28 2010 Rex Dieter <rdieter@fedoraproject.org> - 4.6.2-15 - own %{_qt4_plugindir}/crypto	2010-04-28 14:30:33 +00:00
Than Ngo	6727595b76	- backport from 4.7 branch to get the printDialog to check for default paperSize via CUPS, it replaces the patch qt-everywhere-opensource-src-4.6.2-cups.patch	2010-04-15 13:07:12 +00:00
Than Ngo	06fc35cad4	backport from 4.7 branch to fix s390(x) atomic ops crashes	2010-04-06 14:33:56 +00:00
Rex Dieter	9d7ee9d964	typo	2010-04-02 16:37:20 +00:00
Rex Dieter	84c5c7acb5	- Associate text/vnd.trolltech.linguist with linguist (#579082 )	2010-04-02 14:30:27 +00:00
Than Ngo	169f92e76c	apply qt-everywhere-opensource-src-4.6.2-webkit-sparc64.patch	2010-03-25 10:52:44 +00:00
Than Ngo	3823f1dd39	- drop "recreate .qm file", it's not needed anymore	2010-03-25 10:49:38 +00:00
Tom Callaway	8f5227af15	fix type cast in webkit bundled copy for sparc64	2010-03-23 14:57:25 +00:00
Than Ngo	1dbbcc5dd9	- fix type cast issue on s390x	2010-03-23 13:35:42 +00:00
Than Ngo	3eb1514284	- backport patch to fix ix a crash when reparenting an item in QGraphicsView, QTBUG-6932 - drop dangling reference(s) to %%buildroot in *.pc	2010-03-22 10:44:36 +00:00
Jaroslav Reznik	a6c166354c	- WebKit security update: CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0054	2010-03-17 15:34:06 +00:00
Kevin Kofler	5e46fbec61	Sync from devel: Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-7 - BR alsa-lib-devel (for QtMultimedia) Sat Mar 13 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-6 - Provides: qt-assistant-adp(-devel)	2010-03-14 00:16:22 +00:00
Than Ngo	0a8c1d0838	Make tablet detection work with new wacom drivers (#569132 )	2010-03-05 14:08:04 +00:00
Rex Dieter	c951f25012	- fix 64bit platform logic, use linux-g++-64 everywhere except x86_64 (#569542)	2010-03-01 17:45:56 +00:00
Kevin Kofler	f8e9fb5f0f	Sync from devel: Sun Feb 28 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.6.2-3 - fix CUPS patch not to crash if currentPPD is NULL (#566304)	2010-02-28 13:26:18 +00:00
Jesse Keating	a133c7c902	Initialize branch F-13 for qt	2010-02-17 03:01:21 +00:00