head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.8
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.6
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.4
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.4.0.2
	pkgsrc-2011Q2-base:1.4;
locks; strict;
comment	@# @;


1.4
date	2011.06.09.11.00.01;	author drochner;	state dead;
branches;
next	1.3;

1.3
date	2011.04.13.16.19.15;	author drochner;	state Exp;
branches;
next	1.2;

1.2
date	2011.02.10.18.26.35;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2011.01.25.18.38.16;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.4
log
@update to 1.4.1
this switches to the new stable branch
(shlib major changed -> PKGREV bumps needed)
@
text
@$NetBSD: patch-bc,v 1.3 2011/04/13 16:19:15 drochner Exp $

CVE-2010-1806

--- WebCore/rendering/RenderObjectChildList.cpp.orig	2010-09-28 21:44:50.000000000 +0000
+++ WebCore/rendering/RenderObjectChildList.cpp
@@@@ -52,7 +52,11 @@@@ void RenderObjectChildList::destroyLefto
     while (firstChild()) {
         if (firstChild()->isListMarker() || (firstChild()->style()->styleType() == FIRST_LETTER && !firstChild()->isText()))
             firstChild()->remove();  // List markers are owned by their enclosing list and so don't get destroyed by this container. Similarly, first letters are destroyed by their remaining text fragment.
-        else {
+        else if (firstChild()->isRunIn() && firstChild()->node()) {
+            firstChild()->node()->setRenderer(0);
+            firstChild()->node()->setNeedsStyleRecalc();
+            firstChild()->destroy();
+        } else {
             // Destroy any anonymous children remaining in the render tree, as well as implicit (shadow) DOM elements like those used in the engine-based text fields.
             if (firstChild()->node())
                 firstChild()->node()->setRenderer(0);
@


1.3
log
@add patch from upstream to fix crash and possible code injection
by run-in styling (CVE-2010-1806), bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@update to 1.2.7
changes:
-fix some security problems (CVE-2010-4492, CVE-2010-4493, CVE-2011-0482,
 CVE-2010-4199, CVE-2010-4578)
-fix some crashes (which were partly patched in pkgsrc before)
@
text
@d1 1
a1 1
$NetBSD: patch-bc,v 1.1 2011/01/25 18:38:16 drochner Exp $
d3 17
a19 16
--- WebCore/page/FrameView.cpp.orig	2010-09-28 21:02:14.000000000 +0000
+++ WebCore/page/FrameView.cpp
@@@@ -972,8 +972,11 @@@@ bool FrameView::scrollToAnchor(const Str
             if (anchorNode && anchorNode->hasTagName(SVGNames::viewTag)) {
                 RefPtr<SVGViewElement> viewElement = anchorNode->hasTagName(SVGNames::viewTag) ? static_cast<SVGViewElement*>(anchorNode) : 0;
                 if (viewElement.get()) {
-                    RefPtr<SVGSVGElement> svg = static_cast<SVGSVGElement*>(SVGLocatable::nearestViewportElement(viewElement.get()));
-                    svg->inheritViewAttributes(viewElement.get());
+		    SVGElement* element = SVGLocatable::nearestViewportElement(viewElement.get());
+		    if (element->hasTagName(SVGNames::svgTag)) {
+			RefPtr<SVGSVGElement> svg = static_cast<SVGSVGElement*>(element);
+			svg->inheritViewAttributes(viewElement.get());
+		    }
                 }
             }
         }
@


1.1
log
@-fix the png-1.5 API problem using a new function introduced in beta08
 which is simpler and more runtime efficient
-pull in some stability patches from upstream
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@