Bug#781954: marked as done (unblock: qtwebkit-opensource-src/5.3.2+dfsg-4)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 05 Apr 2015 15:50:19 +0100
with message-id <1428245419.30466.9.camel@adam-barratt.org.uk>
and subject line Re: Bug#781954: unblock: qtwebkit-opensource-src/5.3.2+dfsg-4
has caused the Debian Bug report #781954,
regarding unblock: qtwebkit-opensource-src/5.3.2+dfsg-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
781954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781954
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: qtwebkit-opensource-src/5.3.2+dfsg-4
• From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
• Date: Sun, 05 Apr 2015 10:54:50 -0300
• Message-id: <[🔎] 20150405135450.3668.16852.reportbug@luna.lisandropm.com.ar>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package qtwebkit-opensource-src

Hi RT! qtwebkit-opensource-src had two security fixes, one of them being RC.
The other one was an important one, and Moritz and I decided to wait for the
first stable update, but then the RC bug appeared and we Qt/KDE team  decided
to pack them together.

I'm attaching the debdiff.

Kinds regards, Lisandro.

unblock qtwebkit-opensource-src/5.3.2+dfsg-4

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog
--- qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog	2014-10-17 02:06:32.000000000 -0300
+++ qtwebkit-opensource-src-5.3.2+dfsg/debian/changelog	2015-04-01 14:44:31.000000000 -0300
@@ -1,3 +1,16 @@
+qtwebkit-opensource-src (5.3.2+dfsg-4) unstable; urgency=medium
+
+  [ Dmitry Shachnev ]
+  * Backport upstream fix that adds missing checks for HTMLUnknownElement.
+    Closes: #781194.
+
+  [ Felix Geyer ]
+  * Backport upstream fix that prevents recording visited URLs to its favicon
+    database while using private browsing mode.
+    Closes: #780748.
+
+ -- Felix Geyer <fgeyer@debian.org>  Wed, 01 Apr 2015 19:44:29 +0200
+
 qtwebkit-opensource-src (5.3.2+dfsg-3) unstable; urgency=medium
 
   * Backport three patches to fix crashes:
diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff
--- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff	1969-12-31 21:00:00.000000000 -0300
+++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/check_html_unknown_elements.diff	2015-04-01 14:20:30.000000000 -0300
@@ -0,0 +1,81 @@
+Description: need to check if some HTML child elements are HTMLUnknownElement
+ Based on upstream fix http://trac.webkit.org/changeset/156953
+ .
+ The check for whether an element is an HTMLAudioElement or not was
+ incomplete. An element can have the 'audio' tag-name but still be
+ another element if media elements have been disabled. In this
+ case it will be an HTMLUnknownElement.
+Origin: upstream, http://code.qt.io/cgit/qt/qtwebkit.git/commit/?id=d84668b5124b2dd9
+Bug-Debian: https://bugs.debian.org/781194
+Last-Update: 2015-04-01
+
+--- a/Source/WebCore/dom/make_names.pl
++++ b/Source/WebCore/dom/make_names.pl
+@@ -390,6 +390,10 @@
+     my ($F, $tagName, $interfaceName, $constructorTagName) = @_;
+ 
+     # Handle media elements.
++    # Note that wrapperOnlyIfMediaIsAvailable is a misnomer, because media availability
++    # does not just control the wrapper; it controls the element object that is created.
++    # FIXME: Could we instead do this entirely in the wrapper, and use custom wrappers
++    # instead of having all the support for this here in this script?
+     if ($enabledTags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
+         print F <<END
+     Settings* settings = document->settings();
+@@ -1042,14 +1046,11 @@
+             print F "#if ${conditionalString}\n\n";
+         }
+ 
+-        # Hack for the media tags
+-        # FIXME: This should have been done via a CustomWrapper attribute and a separate *Custom file.
+         if ($enabledTags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
+             print F <<END
+ static JSDOMWrapper* create${JSInterfaceName}Wrapper(ExecState* exec, JSDOMGlobalObject* globalObject, PassRefPtr<$parameters{namespace}Element> element)
+ {
+-    Settings* settings = element->document()->settings();
+-    if (!MediaPlayer::isAvailable() || (settings && !settings->mediaEnabled()))
++    if (element->isHTMLUnknownElement())
+         return CREATE_DOM_WRAPPER(exec, globalObject, $parameters{namespace}Element, element.get());
+     return CREATE_DOM_WRAPPER(exec, globalObject, ${JSInterfaceName}, element.get());
+ }
+--- a/Source/WebCore/html/HTMLAudioElement.h
++++ b/Source/WebCore/html/HTMLAudioElement.h
+@@ -43,14 +43,19 @@
+     HTMLAudioElement(const QualifiedName&, Document*, bool);
+ };
+ 
+-inline bool isHTMLAudioElement(Node* node)
++inline bool isHTMLAudioElement(HTMLElement* element)
+ {
+-    return node->hasTagName(HTMLNames::audioTag);
++    return !element->isHTMLUnknownElement() && element->hasTagName(HTMLNames::audioTag);
+ }
+ 
+ inline bool isHTMLAudioElement(Element* element)
+ {
+-    return element->hasTagName(HTMLNames::audioTag);
++    return element->isHTMLElement() && isHTMLAudioElement(toHTMLElement(element));
++}
++
++inline bool isHTMLAudioElement(Node* node)
++{
++    return node->isHTMLElement() && isHTMLAudioElement(toHTMLElement(node));
+ }
+ 
+ inline HTMLAudioElement* toHTMLAudioElement(Node* node)
+--- a/Source/WebCore/html/HTMLMediaElement.cpp
++++ b/Source/WebCore/html/HTMLMediaElement.cpp
+@@ -2379,6 +2379,13 @@
+ 
+ bool HTMLMediaElement::paused() const
+ {
++    // As of this writing, JavaScript garbage collection calls this function directly. In the past
++    // we had problems where this was called on an object after a bad cast. The assertion below
++    // made our regression test detect the problem, so we should keep it because of that. But note
++    // that the value of the assertion relies on the compiler not being smart enough to know that
++    // isHTMLUnknownElement is guaranteed to return false for an HTMLMediaElement.
++    ASSERT(!isHTMLUnknownElement());
++
+     return m_paused;
+ }
+ 
diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series
--- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series	2014-10-14 15:52:18.000000000 -0300
+++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/series	2015-04-01 14:42:57.000000000 -0300
@@ -3,6 +3,7 @@
 fix_cloop_on_big_endian_machines.patch
 fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch
 blacklist_libkpartsplugin.patch
+webpageicons_db_privacy.patch
 
 # debian patches
 reduce_memory_usage.patch
@@ -11,3 +12,4 @@
 hurd.diff
 webkit_qt_hide_symbols.diff
 fix_nonlinux_glibc_linkage.diff
+check_html_unknown_elements.diff
diff -Nru qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch
--- qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch	1969-12-31 21:00:00.000000000 -0300
+++ qtwebkit-opensource-src-5.3.2+dfsg/debian/patches/webpageicons_db_privacy.patch	2015-04-01 14:41:23.000000000 -0300
@@ -0,0 +1,47 @@
+From 2810aea1f6c9cca48b93130a7c245f9a2f85637e Mon Sep 17 00:00:00 2001
+From: Florian Bruhin <git@the-compiler.org>
+Date: Wed, 18 Mar 2015 18:47:19 +0100
+Subject: Fix URLs visited during private browsing showing up in
+ WebpageIcons.db.
+
+Ported from http://trac.webkit.org/changeset/181565 by beidson@apple.com.
+
+Upstream patch by Sam Weinig, reviewed by Brady Eidson.
+
+* loader/icon/IconController.cpp:
+
+(WebCore::IconController::startLoader): Bail early here if the page is using an ephemeral session.
+(WebCore::IconController::continueLoadWithDecision): Instead of here.
+
+Change-Id: I263bb6122606caa3488d641b127dd377012ee424
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
+---
+ Source/WebCore/loader/icon/IconController.cpp | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Source/WebCore/loader/icon/IconController.cpp b/Source/WebCore/loader/icon/IconController.cpp
+index 8f23f6d..a808352 100644
+--- a/Source/WebCore/loader/icon/IconController.cpp
++++ b/Source/WebCore/loader/icon/IconController.cpp
+@@ -159,6 +159,10 @@ void IconController::startLoader()
+     }
+ 
+     if (iconDatabase().supportsAsynchronousMode()) {
++        //  FIXME (<rdar://problem/9168605>) - We should support in-memory-only private browsing icons in asynchronous icon database mode.
++        if (iconDatabase().supportsAsynchronousMode() && m_frame->page()->settings()->privateBrowsingEnabled())
++            return;
++
+         m_frame->loader()->documentLoader()->getIconLoadDecisionForIconURL(urlString);
+         // Commit the icon url mapping to the database just in case we don't end up loading later.
+         commitToDatabase(iconURL);
+@@ -202,10 +206,6 @@ void IconController::continueLoadWithDecision(IconLoadDecision iconLoadDecision)
+ {
+     ASSERT(iconLoadDecision != IconLoadUnknown);
+ 
+-    //  FIXME (<rdar://problem/9168605>) - We should support in-memory-only private browsing icons in asynchronous icon database mode.
+-    if (iconDatabase().supportsAsynchronousMode() && m_frame->page()->settings()->privateBrowsingEnabled())
+-        return;
+-
+     if (iconLoadDecision == IconLoadNo) {
+         KURL iconURL(url());
+         String urlString(iconURL.string());

--- End Message ---

--- Begin Message ---

• To: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>, 781954-done@bugs.debian.org
• Subject: Re: Bug#781954: unblock: qtwebkit-opensource-src/5.3.2+dfsg-4
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sun, 05 Apr 2015 15:50:19 +0100
• Message-id: <1428245419.30466.9.camel@adam-barratt.org.uk>
• In-reply-to: <[🔎] 20150405135450.3668.16852.reportbug@luna.lisandropm.com.ar>
• References: <[🔎] 20150405135450.3668.16852.reportbug@luna.lisandropm.com.ar>

On Sun, 2015-04-05 at 10:54 -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
> Please unblock package qtwebkit-opensource-src
> 
> Hi RT! qtwebkit-opensource-src had two security fixes, one of them being RC.
> The other one was an important one, and Moritz and I decided to wait for the
> first stable update, but then the RC bug appeared and we Qt/KDE team  decided
> to pack them together.

==> nthykier
  #2015-04-02
  # #781194
  unblock qtwebkit-opensource-src/5.3.2+dfsg-4

:-)

Regards,

Adam

--- End Message ---