Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-20 17:38:06 UTC

* New upstream security release
  - see LP: #1027283 for USN information

Author: Micah Gersten
Revision Date: 2012-07-20 17:38:06 UTC

* New upstream security release
  - see LP: #1027283 for USN information

Author: Micah Gersten
Revision Date: 2012-07-20 17:38:06 UTC

* New upstream security release
  - see LP: #1027283 for USN information

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Micah Gersten
Revision Date: 2012-07-24 10:03:22 UTC

* fix LP: #1028486 - libwebkitgtk-3.0-0 recommending universe codecs;
  revert the last change and switch the Recommends on gst codecs to a
  Suggests as this is a more upstreamable diff; Since this library can be
  used for anything from simple HTML rendering to a full fledged browser
  engine, we don't want to pull in all of the gst codecs at this level
  - update debian/control

Author: Robert Ancell
Revision Date: 2012-03-30 10:31:41 UTC

* debian/libwebkitgtk-1.0-0.symbols:
* debian/libwebkitgtk-3.0-0.symbols:
  - Update symbols

Author: Jason Conti
Revision Date: 2011-12-07 21:20:49 UTC

* debian/libwebkitgtk-3.0-dev.links:
  - Link webkitgtk.devhelp2.gz to webkitgtk-3.0.devhelp2.gz
* debian/patches/11_fix_doc_path.patch:
  - Use absolute path in makefile to fix out-of-tree build (LP: #900988)

Author: Jason Conti
Revision Date: 2011-12-07 21:20:49 UTC

* debian/libwebkitgtk-3.0-dev.links:
  - Link webkitgtk.devhelp2.gz to webkitgtk-3.0.devhelp2.gz
* debian/patches/11_fix_doc_path.patch:
  - Use absolute path in makefile to fix out-of-tree build (LP: #900988)

Author: Jason Conti
Revision Date: 2011-12-08 02:29:36 UTC

* debian/libwebkitgtk-3.0-dev.links:
  - Link webkitgtk.devhelp2.gz to webkitgtk-3.0.devhelp2.gz
* debian/patches/11_fix_doc_path.patch:
  - Use absolute path in makefile to fix out-of-tree build (LP: #900988)

Author: dobey
Revision Date: 2011-09-29 14:54:29 UTC

* debian/patches/10_cherrypick_r95940.patch:
  - Avoid crashing on scrollbar unparent/reparent (LP: #851044)

Author: Adam Conrad
Revision Date: 2011-09-29 22:49:02 UTC

Merge from lp:~dobey/ubuntu/oneiric/webkit/scroll-crasher-fix

Author: Micah Gersten
Revision Date: 2011-07-22 16:52:59 UTC

* SECURITY UPDATE: New upstream release to fix multiple security issues
  (LP: #814464)
  - CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
  - CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
  - CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
  - CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
  - CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
  - CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
  Gustavo Noronha Silva
  - add debian/patches/07-fix-bad-merge-that-broke-gifs.patch
  - add debian/patches/08-fix-crash-for-big-shadowed-areas.patch

Author: Micah Gersten
Revision Date: 2011-07-22 03:00:58 UTC

* SECURITY UPDATE: New upstream release to fix multiple security issues
  (LP: #814464)
  - CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
  - CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
  - CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
  - CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
  - CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
  - CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
  Gustavo Noronha Silva
  - add debian/patches/07-fix-bad-merge-that-broke-gifs.patch
  - add debian/patches/08-fix-crash-for-big-shadowed-areas.patch

Author: Micah Gersten
Revision Date: 2011-07-22 16:52:59 UTC

* SECURITY UPDATE: New upstream release to fix multiple security issues
  (LP: #814464)
  - CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
  - CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
  - CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
  - CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
  - CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
  - CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
  Gustavo Noronha Silva
  - add debian/patches/07-fix-bad-merge-that-broke-gifs.patch
  - add debian/patches/08-fix-crash-for-big-shadowed-areas.patch

Author: Micah Gersten
Revision Date: 2011-07-22 03:00:58 UTC

* SECURITY UPDATE: New upstream release to fix multiple security issues
  (LP: #814464)
  - CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
  - CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
  - CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
  - CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
  - CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
  - CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
  Gustavo Noronha Silva
  - add debian/patches/07-fix-bad-merge-that-broke-gifs.patch
  - add debian/patches/08-fix-crash-for-big-shadowed-areas.patch

Author: Rodrigo Moya
Revision Date: 2011-04-20 10:26:39 UTC

* debian/patches/04_fix_header_for_strict.patch:
  - Add upstream patch to fix headers for compilation with strict mode

Author: Marc Deslauriers
Revision Date: 2010-10-13 13:23:26 UTC

* SECURITY UPDATE: Rebuilt new stable release 1.2.5 for karmic to fix
  multiple security issues. (LP: #660075)
   - CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047
   - CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
   - CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314
   - CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656
   - CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390
   - CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
   - CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398
   - CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
   - CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407
   - CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412
   - CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417
   - CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422
   - CVE-2010-1501, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758
   - CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
   - CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770
   - CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774
   - CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783
   - CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
   - CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793
   - CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815
   - CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113
   - CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3248
   - CVE-2010-3257, CVE-2010-3259
* debian/control, debian/rules, debian/gir1.0-webkit-1.0.install,
  debian/libwebkit-dev.install: don't build introspection support for
  karmic.
* debian/patches/ubuntu-gir-version.patch: removed for karmic
* debian/patches/karmic-libsoup-version.patch: Revert libsoup
  Content-Encoding support since we only have libsoup2.4 2.28.1 in
  karmic.
* debian/control: changed libsoup2.4 dependency for version in karmic
* debian/rules, debian/control: Don't use source format 3.0 for karmic,
  but add quilt patch system.

Author: Marc Deslauriers
Revision Date: 2010-10-13 13:23:26 UTC

* SECURITY UPDATE: Rebuilt new stable release 1.2.5 for karmic to fix
  multiple security issues. (LP: #660075)
   - CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047
   - CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
   - CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314
   - CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656
   - CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390
   - CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
   - CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398
   - CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
   - CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407
   - CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412
   - CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417
   - CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422
   - CVE-2010-1501, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758
   - CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
   - CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770
   - CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774
   - CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783
   - CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
   - CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793
   - CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815
   - CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113
   - CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3248
   - CVE-2010-3257, CVE-2010-3259
* debian/control, debian/rules, debian/gir1.0-webkit-1.0.install,
  debian/libwebkit-dev.install: don't build introspection support for
  karmic.
* debian/patches/ubuntu-gir-version.patch: removed for karmic
* debian/patches/karmic-libsoup-version.patch: Revert libsoup
  Content-Encoding support since we only have libsoup2.4 2.28.1 in
  karmic.
* debian/control: changed libsoup2.4 dependency for version in karmic
* debian/rules, debian/control: Don't use source format 3.0 for karmic,
  but add quilt patch system.

Author: Marc Deslauriers
Revision Date: 2010-10-13 13:43:51 UTC

* SECURITY UPDATE: Updated to new stable release 1.2.5 to fix multiple
  security issues. (LP: #660075)
  - CVE-2010-1780
  - CVE-2010-1807
  - CVE-2010-1812
  - CVE-2010-1814
  - CVE-2010-1815
  - CVE-2010-3113
  - CVE-2010-3114
  - CVE-2010-3115
  - CVE-2010-3116
  - CVE-2010-3257
  - CVE-2010-3259

Author: Marc Deslauriers
Revision Date: 2010-10-13 13:23:26 UTC

* SECURITY UPDATE: Rebuilt new stable release 1.2.5 for karmic to fix
  multiple security issues. (LP: #660075)
   - CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047
   - CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
   - CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314
   - CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656
   - CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390
   - CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
   - CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398
   - CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
   - CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407
   - CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412
   - CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417
   - CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422
   - CVE-2010-1501, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758
   - CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
   - CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770
   - CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774
   - CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783
   - CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
   - CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793
   - CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815
   - CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113
   - CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3248
   - CVE-2010-3257, CVE-2010-3259
* debian/control, debian/rules, debian/gir1.0-webkit-1.0.install,
  debian/libwebkit-dev.install: don't build introspection support for
  karmic.
* debian/patches/ubuntu-gir-version.patch: removed for karmic
* debian/patches/karmic-libsoup-version.patch: Revert libsoup
  Content-Encoding support since we only have libsoup2.4 2.28.1 in
  karmic.
* debian/control: changed libsoup2.4 dependency for version in karmic
* debian/rules, debian/control: Don't use source format 3.0 for karmic,
  but add quilt patch system.

Author: Marc Deslauriers
Revision Date: 2010-10-13 13:39:02 UTC

* SECURITY UPDATE: Rebuilt new stable release 1.2.5 for lucid to fix
  multiple security issues. (LP: #660075)
   - CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407
   - CVE-2010-1412, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418
   - CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1501
   - CVE-2010-1664, CVE-2010-1665, CVE-2010-1758, CVE-2010-1759
   - CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1767
   - CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773
   - CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782
   - CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786
   - CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792
   - CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814
   - CVE-2010-1815, CVE-2010-2264, CVE-2010-2647, CVE-2010-2648
   - CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116
   - CVE-2010-3248, CVE-2010-3257, CVE-2010-3259
* debian/patches/ubuntu-gir-version.patch: removed for lucid
* debian/control: add gir-repository-dev back to build-depends for lucid

Author: Sebastien Bacher
Revision Date: 2010-09-06 16:18:25 UTC

* Resync on Debian,
  remaining changes:
* debian/control:
  - don't build-depends on gir-repository-dev it's not required
* debian/patches/ubuntu-gir-version.patch:
  - use the current gobject introspection abi

Author: Gustavo Noronha Silva
Revision Date: 2010-04-07 20:18:57 UTC

New upstream release - this is the first release in the 1.2 stable
branch

Author: Gustavo Noronha Silva
Revision Date: 2009-10-06 21:17:08 UTC

* New upstream (semi-stable) release
* Fix building on IA64 (Closes: #547797)
  Thanks to Colin Watson <cjwatson@ubuntu.com>
* Fix building on alpha (Closes: #548499)
* Fix building on amd64 FreeBSD

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:47:11 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - http://trac.webkit.org/changeset/43795
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:47:11 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - http://trac.webkit.org/changeset/43795
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:49:07 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:49:07 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725

Author: Mike Hommey
Revision Date: 2008-09-27 08:57:48 UTC

WebCore/dom/Document.*, WebCore/loader/DocLoader.*: Avoid DoS via
crafted CSS import statements. Fixes: CVE-2008-3632. Closes: #499771.

Author: Mike Hommey
Revision Date: 2008-07-10 21:10:27 UTC

* symbols.filter: As a workaround for #490173, hide all C++ mangled symbols.
  This will be enough for now, while fixing FTBFS on ARM.
* debian/rules: Build with -Wl,--no-relax on alpha, to work around a
  binutils bug causing FTBFS.

Author: Mike Hommey
Revision Date: 2008-01-25 00:31:51 UTC

* New upstream snapshot
* debian/copyright: Updated to fit additions/removals of files upstream.
* JavaScriptCore/wtf/TCSpinLock.h: Revert our work-around, now that a
  proper patch has been applied upstream.
* WebCore/WebCore.pro: Don't use Qt version as SO version for QtWebKit.
* debian/control, debian/rules, debian/lib*0d.install: Bump SO version to
  1d because of ABI incompatible changes, and change package names
  accordingly.
* debian/rules: Don't remove -lqtwebico from QtWebKit.pc, since it's not
  here anymore.
* debian/rules, debian/lib*1d.install:
  - Install new Gtk port's DumpRenderTree tool.
  - Rename both port's DumpRenderTree tools to <port name>DumpRenderTree
    to avoid conflicting names.
* debian/lib*1d.postrm, debian/lib*1d.preinst: Avoid conflicting files with
  lib*0d packages (*Launcher programs) but allow to install both new and old
  libraries by using diversions.

Author: Jonathan Riddell
Revision Date: 2007-11-30 18:36:04 UTC

Automated backport upload; no source changes.

Author: Mike Hommey
Revision Date: 2007-09-06 08:12:21 UTC

* JavaScriptCore/wtf/Platform.h:
  - Also test if __arm__ is defined, which should fix the FTBFS on arm.
  - Use better defines for our various arm ports.
* JavaScriptCore/kjs/ustring.h, WebCore/platform/DeprecatedString.h: Use
  these new defines. Thanks Riku Voipio.
* debian/control: Build depend on Qt >= 4.3. Thanks Hubert Figuiere.
  Closes: #439672.
* debian/rules: Explicitely use qmake-qt4 instead of qmake to avoid build
  failures when qt3-dev-tools is installed. Thanks Michael Biebl.
  Closes: #441007.