[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#769136: marked as done (unblock: webkitgtk/2.4.7-2)

Your message dated Tue, 11 Nov 2014 18:28:23 +0100
with message-id <54624737.70104@debian.org>
and subject line Re: Bug#769136: unblock: webkitgtk/2.4.7-2
has caused the Debian Bug report #769136,
regarding unblock: webkitgtk/2.4.7-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
769136: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769136
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package webkitgtk

This package contains fixes for two bugs:

http://bugs.debian.org/768929

   The Flash plugin (and possibly others) can cause a stack buffer
   overflow. Although the GCC stack protector can detect it, it
   renders the plugin completely unusable. The fix is trivial and has
   already been applied upstream.

http://bugs.debian.org/761492

   The WebKit event dispatcher code tries to access the elements of an
   event list without checking first if it's null. This can be
   reproduced with certain websites and crashes the web process. The
   patch is very simple and is a backport from the 2.6 stable series.

unblock webkitgtk/2.4.7-2

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru webkitgtk-2.4.7/debian/changelog webkitgtk-2.4.7/debian/changelog
--- webkitgtk-2.4.7/debian/changelog	2014-10-23 09:10:22.000000000 +0000
+++ webkitgtk-2.4.7/debian/changelog	2014-11-11 10:44:21.000000000 +0000
@@ -1,3 +1,12 @@
+webkitgtk (2.4.7-2) unstable; urgency=medium
+
+  * debian/patches/touch-event.patch:
+    + Fix crash in EventPath::updateTouchLists() (Closes: #761492).
+  * debian/patches/flash-crash.patch:
+    + Fix crash in the Flash player (Closes: #768929).
+
+ -- Alberto Garcia <berto@igalia.com>  Tue, 11 Nov 2014 12:43:45 +0200
+
 webkitgtk (2.4.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru webkitgtk-2.4.7/debian/patches/flash-crash.patch webkitgtk-2.4.7/debian/patches/flash-crash.patch
--- webkitgtk-2.4.7/debian/patches/flash-crash.patch	1970-01-01 00:00:00.000000000 +0000
+++ webkitgtk-2.4.7/debian/patches/flash-crash.patch	2014-11-11 10:44:21.000000000 +0000
@@ -0,0 +1,19 @@
+From: Alberto Garcia <berto@igalia.com>
+Subject: Fix crash in the Flash plugin
+Bug: https://bugs.webkit.org/show_bug.cgi?id=137849
+Bug-Debian: http://bugs.debian.org/768929
+Index: webkitgtk/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp
++++ webkitgtk/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp
+@@ -201,7 +201,9 @@ void NetscapePlugin::platformPreInitiali
+ bool NetscapePlugin::platformPostInitialize()
+ {
+     uint64_t windowID = 0;
+-    bool needsXEmbed = false;
++    // NPPVpluginNeedsXEmbed is a boolean value, but at least the
++    // Flash player plugin is using an 'int' instead.
++    int needsXEmbed = 0;
+     if (m_isWindowed) {
+         NPP_GetValue(NPPVpluginNeedsXEmbed, &needsXEmbed);
+         if (needsXEmbed) {
diff -Nru webkitgtk-2.4.7/debian/patches/series webkitgtk-2.4.7/debian/patches/series
--- webkitgtk-2.4.7/debian/patches/series	2014-10-23 09:10:22.000000000 +0000
+++ webkitgtk-2.4.7/debian/patches/series	2014-11-11 10:44:21.000000000 +0000
@@ -11,3 +11,5 @@
 x32_support.patch
 fix-arm64-build.patch
 fix-mips64-build.patch
+touch-event.patch
+flash-crash.patch
diff -Nru webkitgtk-2.4.7/debian/patches/touch-event.patch webkitgtk-2.4.7/debian/patches/touch-event.patch
--- webkitgtk-2.4.7/debian/patches/touch-event.patch	1970-01-01 00:00:00.000000000 +0000
+++ webkitgtk-2.4.7/debian/patches/touch-event.patch	2014-11-11 10:44:21.000000000 +0000
@@ -0,0 +1,51 @@
+From: Miyoung Shin <myid.shin@samsung.com>
+Subject: Fix crash during dispatching touchEvent created by JS
+Bug-Debian: https://bugs.debian.org/761492
+Bug: https://bugs.webkit.org/show_bug.cgi?id=138211
+Index: webkitgtk/Source/WebCore/dom/EventDispatcher.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/dom/EventDispatcher.cpp
++++ webkitgtk/Source/WebCore/dom/EventDispatcher.cpp
+@@ -91,7 +91,7 @@ public:
+     EventContext& contextAt(size_t i) { return *m_path[i]; }
+ 
+ #if ENABLE(TOUCH_EVENTS)
+-    void updateTouchLists(const TouchEvent&);
++    bool updateTouchLists(const TouchEvent&);
+ #endif
+     void setRelatedTarget(EventTarget&);
+ 
+@@ -312,8 +312,10 @@ bool EventDispatcher::dispatchEvent(Node
+     if (EventTarget* relatedTarget = event->relatedTarget())
+         eventPath.setRelatedTarget(*relatedTarget);
+ #if ENABLE(TOUCH_EVENTS) && !PLATFORM(IOS)
+-    if (event->isTouchEvent())
+-        eventPath.updateTouchLists(*toTouchEvent(event.get()));
++    if (event->isTouchEvent()) {
++        if (!eventPath.updateTouchLists(*toTouchEvent(event.get())))
++            return true;
++    }
+ #endif
+ 
+     ChildNodesLazySnapshot::takeChildNodesLazySnapshot();
+@@ -432,8 +434,11 @@ static void addRelatedNodeResolversForTo
+         touchTargetResolvers.append(EventRelatedNodeResolver(*touchList->item(i), type));
+ }
+ 
+-void EventPath::updateTouchLists(const TouchEvent& touchEvent)
++bool EventPath::updateTouchLists(const TouchEvent& touchEvent)
+ {
++    if (!touchEvent.touches() || !touchEvent.targetTouches() || !touchEvent.changedTouches())
++        return false;
++
+     Vector<EventRelatedNodeResolver, 16> touchTargetResolvers;
+     const size_t touchNodeCount = touchEvent.touches()->length() + touchEvent.targetTouches()->length() + touchEvent.changedTouches()->length();
+     touchTargetResolvers.reserveInitialCapacity(touchNodeCount);
+@@ -454,6 +459,7 @@ void EventPath::updateTouchLists(const T
+             context.touchList(currentResolver.touchListType())->append(currentResolver.touch()->cloneWithNewTarget(nodeInCurrentTreeScope));
+         }
+     }
++    return true;
+ }
+ #endif
+

--- End Message ---
--- Begin Message --- 
On 11/11/14 17:50, Alberto Garcia wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package webkitgtk
> 
> This package contains fixes for two bugs:
> 
> http://bugs.debian.org/768929
> 
>    The Flash plugin (and possibly others) can cause a stack buffer
>    overflow. Although the GCC stack protector can detect it, it
>    renders the plugin completely unusable. The fix is trivial and has
>    already been applied upstream.
> 
> http://bugs.debian.org/761492
> 
>    The WebKit event dispatcher code tries to access the elements of an
>    event list without checking first if it's null. This can be
>    reproduced with certain websites and crashes the web process. The
>    patch is very simple and is a backport from the 2.6 stable series.
> 
> unblock webkitgtk/2.4.7-2

Unblocked.

Emilio

--- End Message ---
Reply to: