[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c

Michael Gilbert michael.s.gilbert at gmail.com
Tue Jun 29 04:09:46 UTC 2010


The following commit has been merged in the debian/unstable branch:
commit a336bccbd1469f153621b5117d0039c046416542
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date:   Mon Jun 28 18:05:34 2010 -0400

    fix cve-2010-1386

diff --git a/WebCore/page/Geolocation.cpp b/WebCore/page/Geolocation.cpp
index e1f692b..d0b0b79 100644
--- a/WebCore/page/Geolocation.cpp
+++ b/WebCore/page/Geolocation.cpp
@@ -29,7 +29,6 @@
 #include "Geolocation.h"
 
 #include "Chrome.h"
-#include "Document.h"
 #include "Frame.h"
 #include "Page.h"
 #include <wtf/CurrentTime.h>
@@ -232,6 +231,8 @@ void Geolocation::disconnectFrame()
 
 Geoposition* Geolocation::lastPosition()
 {
+    ASSERT(isAllowed());
+
 #if ENABLE(CLIENT_BASED_GEOLOCATION)
     if (!m_frame)
         return 0;
@@ -379,22 +380,6 @@ void Geolocation::clearWatch(int watchId)
         stopUpdating();
 }
 
-void Geolocation::suspend()
-{
-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
-    if (hasListeners())
-        m_service->suspend();
-#endif
-}
-
-void Geolocation::resume()
-{
-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
-    if (hasListeners())
-        m_service->resume();
-#endif
-}
-
 void Geolocation::setIsAllowed(bool allowed)
 {
     // This may be due to either a new position from the service, or a cached
diff --git a/WebCore/page/Geolocation.h b/WebCore/page/Geolocation.h
index c44b9e5..b8ec566 100644
--- a/WebCore/page/Geolocation.h
+++ b/WebCore/page/Geolocation.h
@@ -35,13 +35,6 @@
 #include "PositionErrorCallback.h"
 #include "PositionOptions.h"
 #include "Timer.h"
-#include <wtf/HashMap.h>
-#include <wtf/HashSet.h>
-#include <wtf/OwnPtr.h>
-#include <wtf/PassRefPtr.h>
-#include <wtf/RefCounted.h>
-#include <wtf/RefPtr.h>
-#include <wtf/Vector.h>
 
 namespace WebCore {
 
@@ -60,26 +53,15 @@ class Geolocation : public RefCounted<Geolocation>
 public:
     static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
 
-    virtual ~Geolocation();
+    ~Geolocation();
 
     void disconnectFrame();
     
-    Geoposition* lastPosition();
-
     void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
     int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
     void clearWatch(int watchId);
 
-    void suspend();
-    void resume();
-
     void setIsAllowed(bool);
-    bool isAllowed() const { return m_allowGeolocation == Yes; }
-    bool isDenied() const { return m_allowGeolocation == No; }
-    
-    void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
-    bool shouldClearCache() const { return m_shouldClearCache; }
-    Frame* frame() const { return m_frame; }
 
 #if ENABLE(CLIENT_BASED_GEOLOCATION)
     void setPosition(GeolocationPosition*);
@@ -89,6 +71,11 @@ public:
 #endif
 
 private:
+    Geoposition* lastPosition();
+
+    bool isAllowed() const { return m_allowGeolocation == Yes; }
+    bool isDenied() const { return m_allowGeolocation == No; }
+
     Geolocation(Frame*);
 
     class GeoNotifier : public RefCounted<GeoNotifier> {
diff --git a/WebCore/page/Geolocation.idl b/WebCore/page/Geolocation.idl
index 76056a3..58b219c 100644
--- a/WebCore/page/Geolocation.idl
+++ b/WebCore/page/Geolocation.idl
@@ -26,8 +26,6 @@
 module core {
 
     interface [OmitConstructor] Geolocation {
-        readonly attribute Geoposition lastPosition;
-
         [Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
 
         [Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/debian/changelog b/debian/changelog
index c0ea2f8..5801793 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
 
   * Use system libtool.
   * Turn direct source changes into a patch.
+  * Fix cve-2010-1368: geolocation info disclosure.
 
  -- Michael Gilbert <michael.s.gilbert at gmail.com>  Thu, 27 May 2010 20:36:41 -0400
 
diff --git a/debian/patches/cve-2010-1386.patch b/debian/patches/cve-2010-1386.patch
new file mode 100644
index 0000000..1b74d27
--- /dev/null
+++ b/debian/patches/cve-2010-1386.patch
@@ -0,0 +1,117 @@
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: webkit svn56188
+Index: webkit-1.2.1/WebCore/page/Geolocation.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.cpp	2010-06-28 17:07:35.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.cpp	2010-06-28 17:11:07.000000000 -0400
+@@ -29,7 +29,6 @@
+ #include "Geolocation.h"
+ 
+ #include "Chrome.h"
+-#include "Document.h"
+ #include "Frame.h"
+ #include "Page.h"
+ #include <wtf/CurrentTime.h>
+@@ -232,6 +231,8 @@
+ 
+ Geoposition* Geolocation::lastPosition()
+ {
++    ASSERT(isAllowed());
++
+ #if ENABLE(CLIENT_BASED_GEOLOCATION)
+     if (!m_frame)
+         return 0;
+@@ -379,22 +380,6 @@
+         stopUpdating();
+ }
+ 
+-void Geolocation::suspend()
+-{
+-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+-    if (hasListeners())
+-        m_service->suspend();
+-#endif
+-}
+-
+-void Geolocation::resume()
+-{
+-#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+-    if (hasListeners())
+-        m_service->resume();
+-#endif
+-}
+-
+ void Geolocation::setIsAllowed(bool allowed)
+ {
+     // This may be due to either a new position from the service, or a cached
+Index: webkit-1.2.1/WebCore/page/Geolocation.h
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.h	2010-06-28 17:07:35.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.h	2010-06-28 17:11:31.000000000 -0400
+@@ -35,13 +35,6 @@
+ #include "PositionErrorCallback.h"
+ #include "PositionOptions.h"
+ #include "Timer.h"
+-#include <wtf/HashMap.h>
+-#include <wtf/HashSet.h>
+-#include <wtf/OwnPtr.h>
+-#include <wtf/PassRefPtr.h>
+-#include <wtf/RefCounted.h>
+-#include <wtf/RefPtr.h>
+-#include <wtf/Vector.h>
+ 
+ namespace WebCore {
+ 
+@@ -60,26 +53,15 @@
+ public:
+     static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
+ 
+-    virtual ~Geolocation();
++    ~Geolocation();
+ 
+     void disconnectFrame();
+     
+-    Geoposition* lastPosition();
+-
+     void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
+     int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
+     void clearWatch(int watchId);
+ 
+-    void suspend();
+-    void resume();
+-
+     void setIsAllowed(bool);
+-    bool isAllowed() const { return m_allowGeolocation == Yes; }
+-    bool isDenied() const { return m_allowGeolocation == No; }
+-    
+-    void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
+-    bool shouldClearCache() const { return m_shouldClearCache; }
+-    Frame* frame() const { return m_frame; }
+ 
+ #if ENABLE(CLIENT_BASED_GEOLOCATION)
+     void setPosition(GeolocationPosition*);
+@@ -89,6 +71,11 @@
+ #endif
+ 
+ private:
++    Geoposition* lastPosition();
++
++    bool isAllowed() const { return m_allowGeolocation == Yes; }
++    bool isDenied() const { return m_allowGeolocation == No; }
++
+     Geolocation(Frame*);
+ 
+     class GeoNotifier : public RefCounted<GeoNotifier> {
+Index: webkit-1.2.1/WebCore/page/Geolocation.idl
+===================================================================
+--- webkit-1.2.1.orig/WebCore/page/Geolocation.idl	2010-06-28 17:11:05.000000000 -0400
++++ webkit-1.2.1/WebCore/page/Geolocation.idl	2010-06-28 17:11:07.000000000 -0400
+@@ -26,8 +26,6 @@
+ module core {
+ 
+     interface [OmitConstructor] Geolocation {
+-        readonly attribute Geoposition lastPosition;
+-
+         [Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
+ 
+         [Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/debian/patches/series b/debian/patches/series
index 1b2f88b..bb32afc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
 01-fix-bashism-in-build.diff
 02-pool-fixup-and-sparc-support.patch
 03-use-system-libtool.patch
+
+# security patches
+cve-2010-1386.patch

-- 
WebKit Debian packaging



More information about the Pkg-webkit-commits mailing list