lp://qastaging/ubuntu/intrepid-updates/webkit
- Get this branch:
- bzr branch lp://qastaging/ubuntu/intrepid-updates/webkit
Branch merges
Branch information
Recent revisions
- 11. By Marc Deslauriers
-
* SECURITY UPDATE: remote code execution via document with a SVGPathList
data structure containing a negative index.
- WebCore/svg/SVGList. h: make sure index is valid.
- http://trac.webkit. org/changeset/ 43590
- CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
JavaScript garbage collector allocation failures.
- JavaScriptCore/kjs/collector. cpp: make sure numBlocks is valid.
- http://trac.webkit. org/changeset/ 41854
- CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
use-after-free.
- WebCore/html/HTMLParser .{cpp,h} : Fix incorrect handling of the head
element.
- http://trac.webkit. org/changeset/ 42532
- CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
attr function call with a large numerical argument.
- WebCore/css/{CSSParser, CSSPrimitiveVal ue}.cpp: fix attr handling.
- http://trac.webkit. org/changeset/ 42081
- CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
Attr DOM objects improper memory initialization.
- WebCore/css/CSSStyleSel ector.cpp, WebCore/ dom/{Attribute. h,
MappedAttribute.h, NamedMappedAttr Map.cpp, StyledElement. cpp},
WebCore/html/HTMLInputE lement. cpp, WebCore/ svg/{SVGStyledE lement,
SVGForeignObjectElement} .cpp: introduce and use isMappedAttribu te().
- http://trac.webkit. org/changeset/ 36918
- CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
local java applets.
- WebCore/html/HTMLApplet Element. cpp, WebCore/ loader/ FrameLoader. cpp:
Use same rule for loading java applets as webkit does for images.
- http://trac.webkit. org/changeset/ 41568
- CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
numeric character references.
- WebCore/html/HTMLTokeni zer.cpp: increase size of checkBuffer()
- http://trac.webkit. org/changeset/ 44799
- CVE-2009-1725 - 10. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via crafted CSS import statements.
- WebCore/dom/Document. *, WebCore/ loader/ DocLoader. *: upstream fix
to get rid of the Frame pointer on DocLoader.
- http://trac.webkit. org/changeset/ 34815
- CVE-2008-3632 - 9. By Mike Hommey <email address hidden>
-
* symbols.filter: As a workaround for #490173, hide all C++ mangled symbols.
This will be enough for now, while fixing FTBFS on ARM.
* debian/rules: Build with -Wl,--no-relax on alpha, to work around a
binutils bug causing FTBFS. - 8. By Mike Hommey <email address hidden>
-
[ Mike Hommey ]
* New upstream snapshot
* debian/copyright: Updated to fit additions/removals of files upstream.
* debian/control: Add libpango1.0-dev to build dependencies and tighten
libgtk2.0-dev build dependency. Closes: #477493.[ Luca Bruno ]
* debian/libwebkit- 1.0-1.install, debian/rules: Install GtkLauncher
and DumpRenderTree in /usr/lib/webkit- 1.0/libexec. Closes: #476514. - 7. By Mike Hommey <email address hidden>
-
* New upstream snapshot
* debian/copyright: Updated to fit additions/removals of files upstream.
* JavaScriptCore/wtf/TCSpinLock. h: Revert our work-around, now that a
proper patch has been applied upstream.
* WebCore/WebCore. pro: Don't use Qt version as SO version for QtWebKit.
* debian/control, debian/rules, debian/lib*0d. install: Bump SO version to
1d because of ABI incompatible changes, and change package names
accordingly.
* debian/rules: Don't remove -lqtwebico from QtWebKit.pc, since it's not
here anymore.
* debian/rules, debian/lib*1d. install:
- Install new Gtk port's DumpRenderTree tool.
- Rename both port's DumpRenderTree tools to <port name>DumpRenderTree
to avoid conflicting names.
* debian/lib*1d. postrm, debian/ lib*1d. preinst: Avoid conflicting files with
lib*0d packages (*Launcher programs) but allow to install both new and old
libraries by using diversions. - 6. By Mike Hommey <email address hidden>
-
* JavaScriptCore/
JavaScriptCore. pri: cherry-picked change from revision
28692 to fix FTBFS due to lack of -lpthread on the linker command line.
* debian/control: Add dependencies on necessary development packages
(essentially for header files) to our own development packages. - 5. By Mike Hommey <email address hidden>
-
* New upstream snapshot
* debian/copyright: Updated to fit additions/removals of files upstream.
* debian/control: Make libwebkitgtk-dev conflict with the old
libwebkitgdk-dev. Closes: #449001.
* debian/rules: Bump qtwebkit shlibs.
* WebKit/qt/Api/ qwebpage. cpp: cherry-picked change from revision 27904 to
fix crashes when an event is caught outside of the webkit frame in Qt.
This occurred, for example, when hovering over the QtLauncher toolbar. - 4. By Mike Hommey <email address hidden>
-
* New upstream snapshot
* debian/rules:
- Add support for DEB_BUILD_OPTIONS= noopt.
- Bump qtwebkit shlibs, and remove versioning on the webkitgtk ones,
as the library is new.
* debian/copyright: Updated to fit additions/removals of files upstream.
* debian/control, debian/rules, debian/libwebkitgtk- dev.install,
debian/libwebkitgtk0d. install: Replace occurences of gdk by gtk, and
rename libwebkitgdk*, to fit upstream rename of the Gtk port.
Closes: #445060. - 3. By Mike Hommey <email address hidden>
-
* JavaScriptCore/
wtf/Platform. h:
- Also test if __arm__ is defined, which should fix the FTBFS on arm.
- Use better defines for our various arm ports.
* JavaScriptCore/kjs/ustring. h, WebCore/ platform/ DeprecatedStrin g.h: Use
these new defines. Thanks Riku Voipio.
* debian/control: Build depend on Qt >= 4.3. Thanks Hubert Figuiere.
Closes: #439672.
* debian/rules: Explicitely use qmake-qt4 instead of qmake to avoid build
failures when qt3-dev-tools is installed. Thanks Michael Biebl.
Closes: #441007. - 2. By Mike Hommey <email address hidden>
-
* New upstream snapshot
* debian/copyright: Updated so as to fit what we actually remove (there were
missing removals previously, which were not appropriate for the most
anyways), and to fit the additions/removals of files upstream.
* JavaScriptCore/wtf/TCSpinLock. h: Work around an FTBFS on PPC due to a
probable regression in gcc (#438415).
* debian/rules:
+ Change the place we install QtLauncher from, since it moved.
+ Set binary packages' shlibs correctly.
+ Use $(CURDIR) variable more safely to avoid problem with build
directories with spaces.
* WebKitQt/Plugins/ Plugins. pro: Build plugins with hidden symbols, so that
they don't expose unwanted symbols.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/karmic/webkit