[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c

Michael Gilbert michael.s.gilbert at gmail.com
Tue Jun 29 04:11:15 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 8c7b484b30916b2d4fbe868f020d6f40eab11219
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date:   Mon Jun 28 21:14:35 2010 -0400

    fix cve-2010-1416

diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.cpp b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
index 8add19c..6fe74f9 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
@@ -1211,7 +1211,7 @@ PassRefPtr<CanvasPattern> CanvasRenderingContext2D::createPattern(HTMLImageEleme
     if (!cachedImage || !image->cachedImage()->image())
         return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
 
-    bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url()));
+    bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url())) && cachedImage->image()->hasSingleSecurityOrigin();
     return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
 }
 
diff --git a/debian/changelog b/debian/changelog
index d72c6e4..284560f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
   * Fix cve-2010-1392: possible code execution in html button logic.
   * Fix cve-2010-1405: possible code execution in vertical positioning logic.
   * Fix cve-2010-1407: iframe information disclosure.
+  * Fix cve-2010-1416: svg cross-site information disclosure.
 
  -- Michael Gilbert <michael.s.gilbert at gmail.com>  Thu, 27 May 2010 20:36:41 -0400
 
diff --git a/debian/patches/cve-2010-1405.patch b/debian/patches/cve-2010-1405.patch
index 9574d32..9d8ffe4 100644
--- a/debian/patches/cve-2010-1405.patch
+++ b/debian/patches/cve-2010-1405.patch
@@ -1,4 +1,4 @@
-description: fix cve-2010-1392
+description: fix cve-2010-1405
 author: Michael Gilbert <michael.s.gilbert at gmail.com>
 origin: http://trac.webkit.org/changeset/56186
 Index: webkit-1.2.1/WebCore/rendering/RenderBlock.cpp
diff --git a/debian/patches/cve-2010-1407.patch b/debian/patches/cve-2010-1407.patch
index 7280993..8750109 100644
--- a/debian/patches/cve-2010-1407.patch
+++ b/debian/patches/cve-2010-1407.patch
@@ -1,4 +1,4 @@
-description: fix cve-2010-1392
+description: fix cve-2010-1407
 author: Michael Gilbert <michael.s.gilbert at gmail.com>
 origin: http://trac.webkit.org/changeset/56365
 Index: webkit-1.2.1/WebCore/loader/HistoryController.cpp
diff --git a/debian/patches/cve-2010-1416.patch b/debian/patches/cve-2010-1416.patch
new file mode 100644
index 0000000..8736cfd
--- /dev/null
+++ b/debian/patches/cve-2010-1416.patch
@@ -0,0 +1,16 @@
+description: fix cve-2010-1416
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: http://trac.webkit.org/changeset/56810
+Index: webkit-1.2.1/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/html/canvas/CanvasRenderingContext2D.cpp	2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebCore/html/canvas/CanvasRenderingContext2D.cpp	2010-06-28 21:12:50.000000000 -0400
+@@ -1211,7 +1211,7 @@
+     if (!cachedImage || !image->cachedImage()->image())
+         return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
+ 
+-    bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url()));
++    bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url())) && cachedImage->image()->hasSingleSecurityOrigin();
+     return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index ee9015d..24becaa 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ cve-2010-1386.patch
 cve-2010-1392.patch
 cve-2010-1405.patch
 cve-2010-1407.patch
+cve-2010-1416.patch

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list