[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Jun 29 04:09:46 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit a336bccbd1469f153621b5117d0039c046416542
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date: Mon Jun 28 18:05:34 2010 -0400
fix cve-2010-1386
diff --git a/WebCore/page/Geolocation.cpp b/WebCore/page/Geolocation.cpp
index e1f692b..d0b0b79 100644
--- a/WebCore/page/Geolocation.cpp
+++ b/WebCore/page/Geolocation.cpp
@@ -29,7 +29,6 @@
#include "Geolocation.h"
#include "Chrome.h"
-#include "Document.h"
#include "Frame.h"
#include "Page.h"
#include <wtf/CurrentTime.h>
@@ -232,6 +231,8 @@ void Geolocation::disconnectFrame()
Geoposition* Geolocation::lastPosition()
{
+ ASSERT(isAllowed());
+
#if ENABLE(CLIENT_BASED_GEOLOCATION)
if (!m_frame)
return 0;
@@ -379,22 +380,6 @@ void Geolocation::clearWatch(int watchId)
stopUpdating();
}
-void Geolocation::suspend()
-{
-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
- if (hasListeners())
- m_service->suspend();
-#endif
-}
-
-void Geolocation::resume()
-{
-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
- if (hasListeners())
- m_service->resume();
-#endif
-}
-
void Geolocation::setIsAllowed(bool allowed)
{
// This may be due to either a new position from the service, or a cached
diff --git a/WebCore/page/Geolocation.h b/WebCore/page/Geolocation.h
index c44b9e5..b8ec566 100644
--- a/WebCore/page/Geolocation.h
+++ b/WebCore/page/Geolocation.h
@@ -35,13 +35,6 @@
#include "PositionErrorCallback.h"
#include "PositionOptions.h"
#include "Timer.h"
-#include <wtf/HashMap.h>
-#include <wtf/HashSet.h>
-#include <wtf/OwnPtr.h>
-#include <wtf/PassRefPtr.h>
-#include <wtf/RefCounted.h>
-#include <wtf/RefPtr.h>
-#include <wtf/Vector.h>
namespace WebCore {
@@ -60,26 +53,15 @@ class Geolocation : public RefCounted<Geolocation>
public:
static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
- virtual ~Geolocation();
+ ~Geolocation();
void disconnectFrame();
- Geoposition* lastPosition();
-
void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
void clearWatch(int watchId);
- void suspend();
- void resume();
-
void setIsAllowed(bool);
- bool isAllowed() const { return m_allowGeolocation == Yes; }
- bool isDenied() const { return m_allowGeolocation == No; }
-
- void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
- bool shouldClearCache() const { return m_shouldClearCache; }
- Frame* frame() const { return m_frame; }
#if ENABLE(CLIENT_BASED_GEOLOCATION)
void setPosition(GeolocationPosition*);
@@ -89,6 +71,11 @@ public:
#endif
private:
+ Geoposition* lastPosition();
+
+ bool isAllowed() const { return m_allowGeolocation == Yes; }
+ bool isDenied() const { return m_allowGeolocation == No; }
+
Geolocation(Frame*);
class GeoNotifier : public RefCounted<GeoNotifier> {
diff --git a/WebCore/page/Geolocation.idl b/WebCore/page/Geolocation.idl
index 76056a3..58b219c 100644
--- a/WebCore/page/Geolocation.idl
+++ b/WebCore/page/Geolocation.idl
@@ -26,8 +26,6 @@
module core {
interface [OmitConstructor] Geolocation {
- readonly attribute Geoposition lastPosition;
-
[Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
[Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/debian/changelog b/debian/changelog
index c0ea2f8..5801793 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
* Use system libtool.
* Turn direct source changes into a patch.
+ * Fix cve-2010-1368: geolocation info disclosure.
-- Michael Gilbert <michael.s.gilbert at gmail.com> Thu, 27 May 2010 20:36:41 -0400
diff --git a/debian/patches/cve-2010-1386.patch b/debian/patches/cve-2010-1386.patch
new file mode 100644
index 0000000..1b74d27
--- /dev/null
+++ b/debian/patches/cve-2010-1386.patch
@@ -0,0 +1,117 @@
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: webkit svn56188
+Index: webkit-1.2.1/WebCore/page/Geolocation.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.cpp 2010-06-28 17:07:35.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.cpp 2010-06-28 17:11:07.000000000 -0400
+@@ -29,7 +29,6 @@
+ #include "Geolocation.h"
+
+ #include "Chrome.h"
+-#include "Document.h"
+ #include "Frame.h"
+ #include "Page.h"
+ #include <wtf/CurrentTime.h>
+@@ -232,6 +231,8 @@
+
+ Geoposition* Geolocation::lastPosition()
+ {
++ ASSERT(isAllowed());
++
+ #if ENABLE(CLIENT_BASED_GEOLOCATION)
+ if (!m_frame)
+ return 0;
+@@ -379,22 +380,6 @@
+ stopUpdating();
+ }
+
+-void Geolocation::suspend()
+-{
+-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+- if (hasListeners())
+- m_service->suspend();
+-#endif
+-}
+-
+-void Geolocation::resume()
+-{
+-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+- if (hasListeners())
+- m_service->resume();
+-#endif
+-}
+-
+ void Geolocation::setIsAllowed(bool allowed)
+ {
+ // This may be due to either a new position from the service, or a cached
+Index: webkit-1.2.1/WebCore/page/Geolocation.h
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.h 2010-06-28 17:07:35.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.h 2010-06-28 17:11:31.000000000 -0400
+@@ -35,13 +35,6 @@
+ #include "PositionErrorCallback.h"
+ #include "PositionOptions.h"
+ #include "Timer.h"
+-#include <wtf/HashMap.h>
+-#include <wtf/HashSet.h>
+-#include <wtf/OwnPtr.h>
+-#include <wtf/PassRefPtr.h>
+-#include <wtf/RefCounted.h>
+-#include <wtf/RefPtr.h>
+-#include <wtf/Vector.h>
+
+ namespace WebCore {
+
+@@ -60,26 +53,15 @@
+ public:
+ static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
+
+- virtual ~Geolocation();
++ ~Geolocation();
+
+ void disconnectFrame();
+
+- Geoposition* lastPosition();
+-
+ void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
+ int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
+ void clearWatch(int watchId);
+
+- void suspend();
+- void resume();
+-
+ void setIsAllowed(bool);
+- bool isAllowed() const { return m_allowGeolocation == Yes; }
+- bool isDenied() const { return m_allowGeolocation == No; }
+-
+- void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
+- bool shouldClearCache() const { return m_shouldClearCache; }
+- Frame* frame() const { return m_frame; }
+
+ #if ENABLE(CLIENT_BASED_GEOLOCATION)
+ void setPosition(GeolocationPosition*);
+@@ -89,6 +71,11 @@
+ #endif
+
+ private:
++ Geoposition* lastPosition();
++
++ bool isAllowed() const { return m_allowGeolocation == Yes; }
++ bool isDenied() const { return m_allowGeolocation == No; }
++
+ Geolocation(Frame*);
+
+ class GeoNotifier : public RefCounted<GeoNotifier> {
+Index: webkit-1.2.1/WebCore/page/Geolocation.idl
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.idl 2010-06-28 17:11:05.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.idl 2010-06-28 17:11:07.000000000 -0400
+@@ -26,8 +26,6 @@
+ module core {
+
+ interface [OmitConstructor] Geolocation {
+- readonly attribute Geoposition lastPosition;
+-
+ [Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
+
+ [Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/debian/patches/series b/debian/patches/series
index 1b2f88b..bb32afc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
01-fix-bashism-in-build.diff
02-pool-fixup-and-sparc-support.patch
03-use-system-libtool.patch
+
+# security patches
+cve-2010-1386.patch
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list