diff options
| -rw-r--r-- | www/webkit-gtk/Makefile | 4 | ||||
| -rw-r--r-- | www/webkit-gtk/distinfo | 4 | ||||
| -rw-r--r-- | www/webkit-gtk/patches/patch-bc | 19 | ||||
| -rw-r--r-- | www/webkit-gtk/patches/patch-bd | 15 |
4 files changed, 39 insertions, 3 deletions
diff --git a/www/webkit-gtk/Makefile b/www/webkit-gtk/Makefile index f19ff6810e1..c27236c6801 100644 --- a/www/webkit-gtk/Makefile +++ b/www/webkit-gtk/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.38 2011/03/15 21:58:56 drochner Exp $ +# $NetBSD: Makefile,v 1.39 2011/04/13 16:19:14 drochner Exp $ DISTNAME= webkit-1.2.7 PKGNAME= ${DISTNAME:S/webkit/webkit-gtk/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= http://www.webkitgtk.org/ diff --git a/www/webkit-gtk/distinfo b/www/webkit-gtk/distinfo index 7e1f7d8ae75..1139f68e1d4 100644 --- a/www/webkit-gtk/distinfo +++ b/www/webkit-gtk/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2011/03/15 21:58:56 drochner Exp $ +$NetBSD: distinfo,v 1.33 2011/04/13 16:19:14 drochner Exp $ SHA1 (webkit-1.2.7.tar.gz) = e9afc573d2459794c3749ba404f2187f9dcc9ed3 RMD160 (webkit-1.2.7.tar.gz) = f36b3ae05693e0eeb4d1936ceee52b6fe1517e57 @@ -10,3 +10,5 @@ SHA1 (patch-ag) = 0da0f8e1299ab061118e0338af521a1f07f4722b SHA1 (patch-ah) = 9e0178a9fe7175e29e16155bd190b852ced7d01f SHA1 (patch-ba) = 6caffef625e9c04e971fbbd0763b4f9c834491e3 SHA1 (patch-bb) = 5e59576629e9ecfbbe576c3d0afe047bda449291 +SHA1 (patch-bc) = 0d6d3e2e2f5b2d199aaa94084f9d5a96b39c2708 +SHA1 (patch-bd) = 2e105ade29ff04cdcb5385d19aee467090b6765a diff --git a/www/webkit-gtk/patches/patch-bc b/www/webkit-gtk/patches/patch-bc new file mode 100644 index 00000000000..7dfc1d0933d --- /dev/null +++ b/www/webkit-gtk/patches/patch-bc @@ -0,0 +1,19 @@ +$NetBSD: patch-bc,v 1.3 2011/04/13 16:19:15 drochner Exp $ + +CVE-2010-1806 + +--- WebCore/rendering/RenderObjectChildList.cpp.orig 2010-09-28 21:44:50.000000000 +0000 ++++ WebCore/rendering/RenderObjectChildList.cpp +@@ -52,7 +52,11 @@ void RenderObjectChildList::destroyLefto + while (firstChild()) { + if (firstChild()->isListMarker() || (firstChild()->style()->styleType() == FIRST_LETTER && !firstChild()->isText())) + firstChild()->remove(); // List markers are owned by their enclosing list and so don't get destroyed by this container. Similarly, first letters are destroyed by their remaining text fragment. +- else { ++ else if (firstChild()->isRunIn() && firstChild()->node()) { ++ firstChild()->node()->setRenderer(0); ++ firstChild()->node()->setNeedsStyleRecalc(); ++ firstChild()->destroy(); ++ } else { + // Destroy any anonymous children remaining in the render tree, as well as implicit (shadow) DOM elements like those used in the engine-based text fields. + if (firstChild()->node()) + firstChild()->node()->setRenderer(0); diff --git a/www/webkit-gtk/patches/patch-bd b/www/webkit-gtk/patches/patch-bd new file mode 100644 index 00000000000..c9668249c8c --- /dev/null +++ b/www/webkit-gtk/patches/patch-bd @@ -0,0 +1,15 @@ +$NetBSD: patch-bd,v 1.3 2011/04/13 16:19:15 drochner Exp $ + +CVE-2010-1806 + +--- WebCore/rendering/RenderBlock.cpp.orig 2011-02-07 17:29:58.000000000 +0000 ++++ WebCore/rendering/RenderBlock.cpp +@@ -544,6 +544,8 @@ void RenderBlock::removeChild(RenderObje + (!oldChild->isRenderBlock() || !toRenderBlock(oldChild)->inlineContinuation()) && + (!prev || (prev->isAnonymousBlock() && prev->childrenInline())) && + (!next || (next->isAnonymousBlock() && next->childrenInline())); ++ if (prev && prev->firstChild() && prev->firstChild()->isInline() && prev->firstChild()->isRunIn()) ++ canDeleteAnonymousBlocks = false; + if (canDeleteAnonymousBlocks && prev && next) { + // Take all the children out of the |next| block and put them in + // the |prev| block. |