pool/webkit2gtk3
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 615843 from home:mgorse:branches:GNOME:Factory

Browse Source 
- Add webkit2gtk3-boo1095611-null-page-url.patch: don't crash if
  the page URL is null (CVE-2018-11646).

Add some CVE references in changes file

OBS-URL: https://build.opensuse.org/request/show/615843
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=163
This commit is contained in:
Bjørn Lie 2018-06-11 08:07:40 +00:00 committed by Git OBS Bridge
parent 6d6e925057
commit 78053ba949
3 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
webkit2gtk3-boo1095611-null-page-url.patch Normal file
View File

@ -0,0 +1,25 @@
Subversion Revision: 232297
diff --git a/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp b/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
index 372443e2d3bc121f54d876b54be413de0cecc6d2..adb39007e705e676363a8aa2b3df6aa537c56f3e 100644
--- a/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
+++ b/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
@@ -192,6 +192,9 @@ static void webkitFaviconDatabaseSetIconURLForPageURL(WebKitFaviconDatabase* dat
if (!priv->isURLImportCompleted)
return;
+ if (pageURL.isEmpty())
+ return;
+
const String& currentIconURL = priv->pageURLToIconURLMap.get(pageURL);
if (iconURL == currentIconURL)
return;
@@ -316,6 +319,9 @@ void webkitFaviconDatabaseSetIconForPageURL(WebKitFaviconDatabase* database, con
if (!webkitFaviconDatabaseIsOpen(database))
return;
+ if (pageURL.isEmpty())
+ return;
+
WebKitFaviconDatabasePrivate* priv = database->priv;
SetForScope<bool> change(priv->isSettingIcon, true);
priv->iconDatabase->setIconURLForPageURL(icon.url.string(), pageURL);

15
webkit2gtk3.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jun 8 20:49:13 UTC 2018 - mgorse@suse.com
- Add webkit2gtk3-boo1095611-null-page-url.patch: don't crash if
the page URL is null (CVE-2018-11646).
-------------------------------------------------------------------
Tue May 8 15:48:15 UTC 2018 - schwab@suse.de
@ -18,7 +24,8 @@ Mon May 7 16:00:47 UTC 2018 - bjorn.lie@gmail.com
+ Fix several GObject introspection annotations.
+ Update user agent quiks to fix Outlook.com and Chase.com.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2018-4200 (boo#1092280).
+ Security fixes: CVE-2018-4200 (boo#1092280), CVE-2018-11712
(boo#1096061).
-------------------------------------------------------------------
Tue May 1 17:00:12 UTC 2018 - bjorn.lie@gmail.com
@ -52,6 +59,7 @@ Tue Apr 10 10:23:30 UTC 2018 - bjorn.lie@gmail.com
+ Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and
ENABLE_XSLT are disabled.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2018-4204.
+ Updated translations.
-------------------------------------------------------------------
@ -72,7 +80,7 @@ Mon Mar 12 16:18:01 UTC 2018 - dimstar@opensuse.org
CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713.
-------------------------------------------------------------------
Tue Mar 6 21:49:48 UTC 2018 - mgorse@suse.com
@ -539,7 +547,8 @@ Thu May 25 09:33:35 UTC 2017 - zaitor@opensuse.org
+ Remove LATEST_RECORD_VERSION from GnuTLS priority string.
+ Fix several crashes and rendering issues.
+ bsc#1050469 - Security fixes: CVE-2017-2496, CVE-2017-2539,
CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059.
CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059,
CVE-2017-1000121, CVE-2017-1000122.
-------------------------------------------------------------------
Tue May 23 07:19:42 UTC 2017 - dimstar@opensuse.org

3
webkit2gtk3.spec
View File

@ -54,6 +54,8 @@ Patch0: webkitgtk-typelib-sharelib-link.patch
Patch1: webkit2gtk3-python3.patch
# PATCh-FIX-UPSTREAM webkit2gtk3-boo1088932-a11y-state-set.patch boo#1088932 webkit#184366 mgorse@suse.com -- fix crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed.
Patch2: webkit2gtk3-boo1088932-a11y-state-set.patch
# PATCH-FIX-UPSTREAM webkit2gtk3-boo1095611-null-page-url.patch boo#1095611 mgorse@suse.com -- fix crash if a page URL is null (CVE-2018-11646).
Patch3: webkit2gtk3-boo1095611-null-page-url.patch
BuildRequires: Mesa-libEGL-devel
BuildRequires: Mesa-libGL-devel
BuildRequires: Mesa-libGLESv1_CM-devel
@ -263,6 +265,7 @@ invoking a Perl or Python script.
%patch1 -p1
%endif
%patch2 -p1
%patch3 -p1
%build
# Here we must muzzle our dog so it doesn't eat all the memory