[webkitgtk/f13/master] Fix regression from the earlier update Fixes rhbz#670142
Huzaifa Sidhpurwala
huzaifas at fedoraproject.org
Mon Jan 24 09:48:03 UTC 2011
commit b55889ddb8c261c788128ef4638205ab76926f3d
Author: Huzaifa Sidhpurwala <huzaifas at redhat.com>
Date: Mon Jan 24 15:16:18 2011 +0530
Fix regression from the earlier update
Fixes rhbz#670142
webkit-1.2.6-regression.patch | 34 ++++++++++++++++++++++++++++++++++
webkitgtk.spec | 8 +++++++-
2 files changed, 41 insertions(+), 1 deletions(-)
---
diff --git a/webkit-1.2.6-regression.patch b/webkit-1.2.6-regression.patch
new file mode 100644
index 0000000..5857f23
--- /dev/null
+++ b/webkit-1.2.6-regression.patch
@@ -0,0 +1,34 @@
+commit 34df60de3d8e524662995beb9243033c24a61797
+Author: Huzaifa Sidhpurwala <huzaifas at redhat.com>
+Date: Wed Jan 19 14:16:05 2011 +0530
+
+ Complete the backport and fix regression caused by:
+ f236c158708a2116a799174bd2722fd721e663c4
+
+diff --git a/JavaScriptCore/interpreter/Interpreter.cpp b/JavaScriptCore/interpreter/Interpreter.cpp
+index 2fcdae3..70bedb5 100644
+--- a/JavaScriptCore/interpreter/Interpreter.cpp
++++ b/JavaScriptCore/interpreter/Interpreter.cpp
+@@ -3465,17 +3465,17 @@ skip_id_custom_self:
+ goto vm_throw;
+ }
+ ASSERT(!callFrame->callee()->isHostFunction());
+- uint32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount();
+- uint32_t inplaceArgs = min(argCount, expectedParams);
+- uint32_t i = 0;
++ int32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount();
++ int32_t inplaceArgs = min(static_cast<int32_t> (argCount), expectedParams);
++ int32_t i = 0;
+ Register* argStore = callFrame->registers() + argsOffset;
+
+ // First step is to copy the "expected" parameters from their normal location relative to the callframe
+ for (; i < inplaceArgs; i++)
+ argStore[i] = callFrame->registers()[i - RegisterFile::CallFrameHeaderSize - expectedParams];
+ // Then we copy any additional arguments that may be further up the stack ('-1' to account for 'this')
+- for (; i < argCount; i++)
+- argStore[i] = callFrame->registers()[i - RegisterFile::CallFrameHeaderSize - expectedParams - argCount - 1];
++ for (; i < static_cast<int32_t> (argCount); i++)
++ argStore[i] = callFrame->registers()[i - RegisterFile::CallFrameHeaderSize - expectedParams - static_cast<int32_t> (argCount) - 1];
+ } else if (!arguments.isUndefinedOrNull()) {
+ if (!arguments.isObject()) {
+ exceptionValue = createInvalidParamError(callFrame, "Function.prototype.apply", arguments, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
diff --git a/webkitgtk.spec b/webkitgtk.spec
index 29dc3f2..765f801 100644
--- a/webkitgtk.spec
+++ b/webkitgtk.spec
@@ -35,7 +35,7 @@
Name: webkitgtk
Version: 1.2.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: GTK+ Web content engine library
Provides: WebKit-gtk = %{version}-%{release}
@@ -55,6 +55,7 @@ Source0: http://www.webkitgtk.org/webkit-%{version}.tar.gz
## bug. :)
#Patch1: webkit-1.1.13-no-execmem.patch
Patch2: webkit-1.1.14-nspluginwrapper.patch
+Patch3: webkit-1.2.6-regression.patch
BuildRequires: bison
BuildRequires: chrpath
@@ -116,6 +117,7 @@ LICENSE, README, and AUTHORS files.
%setup -qn "webkit-%{version}"
# %patch1 -p1 -b .no-execmem
%patch2 -p1 -b .nspluginwrapper
+%patch3 -p1
%build
CFLAGS="%optflags -DLIBSOUP_I_HAVE_READ_BUG_594377_AND_KNOW_SOUP_PASSWORD_MANAGER_MIGHT_GO_AWAY" %configure \
@@ -193,6 +195,10 @@ rm -rf %{buildroot}
%changelog
+* Mon Jan 25 2011 Huzaifa Sidhpurwala <huzaifas at redhat.com> - 1.2.6-2
+- Fix regression from the earlier security fix
+- Fixes rhbz #670142
+
* Tue Jan 04 2011 Huzaifa Sidhpurwala <huzaifas at redhat.com> - 1.2.6-1
- Update to 1.2.6.
- Fixes CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
More information about the scm-commits
mailing list