From 78053ba949d0efb6788f212baea97e56dbb4989b7c0c2745c7c9d9e28e3fc030 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <bjorn.lie@gmail.com>
Date: Mon, 11 Jun 2018 08:07:40 +0000
Subject: [PATCH] Accepting request 615843 from
 home:mgorse:branches:GNOME:Factory

- Add webkit2gtk3-boo1095611-null-page-url.patch: don't crash if
  the page URL is null (CVE-2018-11646).

Add some CVE references in changes file

OBS-URL: https://build.opensuse.org/request/show/615843
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=163
---
 webkit2gtk3-boo1095611-null-page-url.patch | 25 ++++++++++++++++++++++
 webkit2gtk3.changes                        | 15 ++++++++++---
 webkit2gtk3.spec                           |  3 +++
 3 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 webkit2gtk3-boo1095611-null-page-url.patch

diff --git a/webkit2gtk3-boo1095611-null-page-url.patch b/webkit2gtk3-boo1095611-null-page-url.patch
new file mode 100644
index 0000000..4aac31e
--- /dev/null
+++ b/webkit2gtk3-boo1095611-null-page-url.patch
@@ -0,0 +1,25 @@
+Subversion Revision: 232297
+diff --git a/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp b/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
+index 372443e2d3bc121f54d876b54be413de0cecc6d2..adb39007e705e676363a8aa2b3df6aa537c56f3e 100644
+--- a/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
++++ b/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp
+@@ -192,6 +192,9 @@ static void webkitFaviconDatabaseSetIconURLForPageURL(WebKitFaviconDatabase* dat
+     if (!priv->isURLImportCompleted)
+         return;
+ 
++    if (pageURL.isEmpty())
++        return;
++
+     const String& currentIconURL = priv->pageURLToIconURLMap.get(pageURL);
+     if (iconURL == currentIconURL)
+         return;
+@@ -316,6 +319,9 @@ void webkitFaviconDatabaseSetIconForPageURL(WebKitFaviconDatabase* database, con
+     if (!webkitFaviconDatabaseIsOpen(database))
+         return;
+ 
++    if (pageURL.isEmpty())
++        return;
++
+     WebKitFaviconDatabasePrivate* priv = database->priv;
+     SetForScope<bool> change(priv->isSettingIcon, true);
+     priv->iconDatabase->setIconURLForPageURL(icon.url.string(), pageURL);
diff --git a/webkit2gtk3.changes b/webkit2gtk3.changes
index 5ca4cf5..2305010 100644
--- a/webkit2gtk3.changes
+++ b/webkit2gtk3.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jun  8 20:49:13 UTC 2018 - mgorse@suse.com
+
+- Add webkit2gtk3-boo1095611-null-page-url.patch: don't crash if
+  the page URL is null (CVE-2018-11646).
+
 -------------------------------------------------------------------
 Tue May  8 15:48:15 UTC 2018 - schwab@suse.de
 
@@ -18,7 +24,8 @@ Mon May  7 16:00:47 UTC 2018 - bjorn.lie@gmail.com
   + Fix several GObject introspection annotations.
   + Update user agent quiks to fix Outlook.com and Chase.com.
   + Fix several crashes and rendering issues.
-  + Security fixes: CVE-2018-4200 (boo#1092280).
+  + Security fixes: CVE-2018-4200 (boo#1092280), CVE-2018-11712
+  (boo#1096061).
 
 -------------------------------------------------------------------
 Tue May  1 17:00:12 UTC 2018 - bjorn.lie@gmail.com
@@ -52,6 +59,7 @@ Tue Apr 10 10:23:30 UTC 2018 - bjorn.lie@gmail.com
   + Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and
     ENABLE_XSLT are disabled.
   + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2018-4204.
   + Updated translations.
 
 -------------------------------------------------------------------
@@ -72,7 +80,7 @@ Mon Mar 12 16:18:01 UTC 2018 - dimstar@opensuse.org
     CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
     CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
     CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
-    CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.
+    CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713.
 
 -------------------------------------------------------------------
 Tue Mar  6 21:49:48 UTC 2018 - mgorse@suse.com
@@ -539,7 +547,8 @@ Thu May 25 09:33:35 UTC 2017 - zaitor@opensuse.org
   + Remove LATEST_RECORD_VERSION from GnuTLS priority string.
   + Fix several crashes and rendering issues.
   + bsc#1050469 - Security fixes: CVE-2017-2496, CVE-2017-2539,
-    CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059.
+    CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059,
+  CVE-2017-1000121, CVE-2017-1000122.
 
 -------------------------------------------------------------------
 Tue May 23 07:19:42 UTC 2017 - dimstar@opensuse.org
diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec
index a189958..0aa3530 100644
--- a/webkit2gtk3.spec
+++ b/webkit2gtk3.spec
@@ -54,6 +54,8 @@ Patch0:         webkitgtk-typelib-sharelib-link.patch
 Patch1:         webkit2gtk3-python3.patch
 # PATCh-FIX-UPSTREAM webkit2gtk3-boo1088932-a11y-state-set.patch boo#1088932 webkit#184366 mgorse@suse.com -- fix crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed.
 Patch2:         webkit2gtk3-boo1088932-a11y-state-set.patch
+# PATCH-FIX-UPSTREAM webkit2gtk3-boo1095611-null-page-url.patch boo#1095611 mgorse@suse.com -- fix crash if a page URL is null (CVE-2018-11646).
+Patch3:         webkit2gtk3-boo1095611-null-page-url.patch
 BuildRequires:  Mesa-libEGL-devel
 BuildRequires:  Mesa-libGL-devel
 BuildRequires:  Mesa-libGLESv1_CM-devel
@@ -263,6 +265,7 @@ invoking a Perl or Python script.
 %patch1 -p1
 %endif
 %patch2 -p1
+%patch3 -p1
 
 %build
 # Here we must muzzle our dog so it doesn't eat all the memory