Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package qtwebkit-opensource-src Hi RT! qtwebkit-opensource-src had two security fixes, one of them being RC. The other one was an important one, and Moritz and I decided to wait for the first stable update, but then the RC bug appeared and we Qt/KDE team decided to pack them together. I'm attaching the debdiff. Kinds regards, Lisandro. unblock qtwebkit-opensource-src/5.3.2+dfsg-4 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system)
diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog --- qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog 2014-10-17 02:06:32.000000000 -0300 +++ qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog 2015-04-01 14:44:31.000000000 -0300 @@ -1,3 +1,16 @@ +qtwebkit-opensource-src (5.3.2+dfsg-4) unstable; urgency=medium + + [ Dmitry Shachnev ] + * Backport upstream fix that adds missing checks for HTMLUnknownElement. + Closes: #781194. + + [ Felix Geyer ] + * Backport upstream fix that prevents recording visited URLs to its favicon + database while using private browsing mode. + Closes: #780748. + + -- Felix Geyer <fge...@debian.org> Wed, 01 Apr 2015 19:44:29 +0200 + qtwebkit-opensource-src (5.3.2+dfsg-3) unstable; urgency=medium * Backport three patches to fix crashes: diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff --- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff 1969-12-31 21:00:00.000000000 -0300 +++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff 2015-04-01 14:20:30.000000000 -0300 @@ -0,0 +1,81 @@ +Description: need to check if some HTML child elements are HTMLUnknownElement + Based on upstream fix http://trac.webkit.org/changeset/156953 + . + The check for whether an element is an HTMLAudioElement or not was + incomplete. An element can have the 'audio' tag-name but still be + another element if media elements have been disabled. In this + case it will be an HTMLUnknownElement. +Origin: upstream, http://code.qt.io/cgit/qt/qtwebkit.git/commit/?id=d84668b5124b2dd9 +Bug-Debian: https://bugs.debian.org/781194 +Last-Update: 2015-04-01 + +--- a/Source/WebCore/dom/make_names.pl ++++ b/Source/WebCore/dom/make_names.pl +@@ -390,6 +390,10 @@ + my ($F, $tagName, $interfaceName, $constructorTagName) = @_; + + # Handle media elements. ++ # Note that wrapperOnlyIfMediaIsAvailable is a misnomer, because media availability ++ # does not just control the wrapper; it controls the element object that is created. ++ # FIXME: Could we instead do this entirely in the wrapper, and use custom wrappers ++ # instead of having all the support for this here in this script? + if ($enabledTags{$tagName}{wrapperOnlyIfMediaIsAvailable}) { + print F <<END + Settings* settings = document->settings(); +@@ -1042,14 +1046,11 @@ + print F "#if ${conditionalString}\n\n"; + } + +- # Hack for the media tags +- # FIXME: This should have been done via a CustomWrapper attribute and a separate *Custom file. + if ($enabledTags{$tagName}{wrapperOnlyIfMediaIsAvailable}) { + print F <<END + static JSDOMWrapper* create${JSInterfaceName}Wrapper(ExecState* exec, JSDOMGlobalObject* globalObject, PassRefPtr<$parameters{namespace}Element> element) + { +- Settings* settings = element->document()->settings(); +- if (!MediaPlayer::isAvailable() || (settings && !settings->mediaEnabled())) ++ if (element->isHTMLUnknownElement()) + return CREATE_DOM_WRAPPER(exec, globalObject, $parameters{namespace}Element, element.get()); + return CREATE_DOM_WRAPPER(exec, globalObject, ${JSInterfaceName}, element.get()); + } +--- a/Source/WebCore/html/HTMLAudioElement.h ++++ b/Source/WebCore/html/HTMLAudioElement.h +@@ -43,14 +43,19 @@ + HTMLAudioElement(const QualifiedName&, Document*, bool); + }; + +-inline bool isHTMLAudioElement(Node* node) ++inline bool isHTMLAudioElement(HTMLElement* element) + { +- return node->hasTagName(HTMLNames::audioTag); ++ return !element->isHTMLUnknownElement() && element->hasTagName(HTMLNames::audioTag); + } + + inline bool isHTMLAudioElement(Element* element) + { +- return element->hasTagName(HTMLNames::audioTag); ++ return element->isHTMLElement() && isHTMLAudioElement(toHTMLElement(element)); ++} ++ ++inline bool isHTMLAudioElement(Node* node) ++{ ++ return node->isHTMLElement() && isHTMLAudioElement(toHTMLElement(node)); + } + + inline HTMLAudioElement* toHTMLAudioElement(Node* node) +--- a/Source/WebCore/html/HTMLMediaElement.cpp ++++ b/Source/WebCore/html/HTMLMediaElement.cpp +@@ -2379,6 +2379,13 @@ + + bool HTMLMediaElement::paused() const + { ++ // As of this writing, JavaScript garbage collection calls this function directly. In the past ++ // we had problems where this was called on an object after a bad cast. The assertion below ++ // made our regression test detect the problem, so we should keep it because of that. But note ++ // that the value of the assertion relies on the compiler not being smart enough to know that ++ // isHTMLUnknownElement is guaranteed to return false for an HTMLMediaElement. ++ ASSERT(!isHTMLUnknownElement()); ++ + return m_paused; + } + diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series --- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series 2014-10-14 15:52:18.000000000 -0300 +++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series 2015-04-01 14:42:57.000000000 -0300 @@ -3,6 +3,7 @@ fix_cloop_on_big_endian_machines.patch fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch blacklist_libkpartsplugin.patch +webpageicons_db_privacy.patch # debian patches reduce_memory_usage.patch @@ -11,3 +12,4 @@ hurd.diff webkit_qt_hide_symbols.diff fix_nonlinux_glibc_linkage.diff +check_html_unknown_elements.diff diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch --- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch 1969-12-31 21:00:00.000000000 -0300 +++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch 2015-04-01 14:41:23.000000000 -0300 @@ -0,0 +1,47 @@ +From 2810aea1f6c9cca48b93130a7c245f9a2f85637e Mon Sep 17 00:00:00 2001 +From: Florian Bruhin <g...@the-compiler.org> +Date: Wed, 18 Mar 2015 18:47:19 +0100 +Subject: Fix URLs visited during private browsing showing up in + WebpageIcons.db. + +Ported from http://trac.webkit.org/changeset/181565 by beid...@apple.com. + +Upstream patch by Sam Weinig, reviewed by Brady Eidson. + +* loader/icon/IconController.cpp: + +(WebCore::IconController::startLoader): Bail early here if the page is using an ephemeral session. +(WebCore::IconController::continueLoadWithDecision): Instead of here. + +Change-Id: I263bb6122606caa3488d641b127dd377012ee424 +Reviewed-by: Allan Sandfeld Jensen <allan.jen...@theqtcompany.com> +--- + Source/WebCore/loader/icon/IconController.cpp | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Source/WebCore/loader/icon/IconController.cpp b/Source/WebCore/loader/icon/IconController.cpp +index 8f23f6d..a808352 100644 +--- a/Source/WebCore/loader/icon/IconController.cpp ++++ b/Source/WebCore/loader/icon/IconController.cpp +@@ -159,6 +159,10 @@ void IconController::startLoader() + } + + if (iconDatabase().supportsAsynchronousMode()) { ++ // FIXME (<rdar://problem/9168605>) - We should support in-memory-only private browsing icons in asynchronous icon database mode. ++ if (iconDatabase().supportsAsynchronousMode() && m_frame->page()->settings()->privateBrowsingEnabled()) ++ return; ++ + m_frame->loader()->documentLoader()->getIconLoadDecisionForIconURL(urlString); + // Commit the icon url mapping to the database just in case we don't end up loading later. + commitToDatabase(iconURL); +@@ -202,10 +206,6 @@ void IconController::continueLoadWithDecision(IconLoadDecision iconLoadDecision) + { + ASSERT(iconLoadDecision != IconLoadUnknown); + +- // FIXME (<rdar://problem/9168605>) - We should support in-memory-only private browsing icons in asynchronous icon database mode. +- if (iconDatabase().supportsAsynchronousMode() && m_frame->page()->settings()->privateBrowsingEnabled()) +- return; +- + if (iconLoadDecision == IconLoadNo) { + KURL iconURL(url()); + String urlString(iconURL.string());
