From 4bab2e5816700a94e967dec612a15eed3bcc13eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 13 Dec 2015 18:04:45 +0100 Subject: CVE TEMP-0807110-881366 --- debian/changelog | 10 + debian/control | 2 +- debian/patches/0001-buildflags.patch | 33 + debian/patches/0005-hardening.patch | 38 + debian/patches/0010-libexec.patch | 16 + debian/patches/0500-Port-to-webkit2gtk-40.patch | 1026 ++++++++++++++++++++ ...-Dont-pack-webview-into-a-scrolled-window.patch | 44 + ...l-soup-sessions-validate-TLS-certificates.patch | 39 + .../0503-facebook-Dont-disable-XSS-auditor.patch | 25 + debian/patches/500-buildflags.patch | 33 - debian/patches/hardening.patch | 38 - debian/patches/libexec.patch | 16 - debian/patches/series | 10 +- 13 files changed, 1239 insertions(+), 91 deletions(-) create mode 100644 debian/patches/0001-buildflags.patch create mode 100644 debian/patches/0005-hardening.patch create mode 100644 debian/patches/0010-libexec.patch create mode 100644 debian/patches/0500-Port-to-webkit2gtk-40.patch create mode 100644 debian/patches/0501-Dont-pack-webview-into-a-scrolled-window.patch create mode 100644 debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch create mode 100644 debian/patches/0503-facebook-Dont-disable-XSS-auditor.patch delete mode 100644 debian/patches/500-buildflags.patch delete mode 100644 debian/patches/hardening.patch delete mode 100644 debian/patches/libexec.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 212f652..0f073be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,16 @@ shotwell (0.22.0-3) UNRELEASED; urgency=medium * debian/rules: - To make build reproducible touch temporary c files with date of d/changelog + * CVE TEMP-0807110-881366 (Closes: #807110): + - Add patches from upstream to debian/patches: + + 0500-Port-to-webkit2gtk-40.patch + + 0501-Dont-pack-webview-into-a-scrolled-window.patch + + 0502-Have-all-soup-sessions-validate-TLS-certificates.patch + + 0503-facebook-Dont-disable-XSS-auditor.patch + - Port to webkit2gtk-4.0: + + debian/control Replace Build-Depeds libwebkitgtk-3.0-dev + with libwebkit2gtk-4.0-dev. + * Rename patches. -- Jörg Frings-Fürst Mon, 02 Nov 2015 22:21:02 +0100 diff --git a/debian/control b/debian/control index 51698dc..8b75b54 100644 --- a/debian/control +++ b/debian/control @@ -21,7 +21,7 @@ Build-Depends: librest-dev (>= 0.7), libsoup2.4-dev (>= 2.26.0), libsqlite3-dev (>= 3.5.9), - libwebkitgtk-3.0-dev (>= 1.4.0), + libwebkit2gtk-4.0-dev, libxml2 (>= 2.6.32), m4, valac (>= 0.22.0) diff --git a/debian/patches/0001-buildflags.patch b/debian/patches/0001-buildflags.patch new file mode 100644 index 0000000..a8030ec --- /dev/null +++ b/debian/patches/0001-buildflags.patch @@ -0,0 +1,33 @@ +Description: Poke requested Debian buildflags for hardening into Makefile +Author: Jörg Frings-Fürst +Last-Update: 2015-01-07 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/Makefile +=================================================================== +--- trunk.orig/Makefile ++++ trunk/Makefile +@@ -395,10 +395,11 @@ VALA_CFLAGS := `pkg-config --cflags $(EX + $(foreach def,$(DEFINES),-D$(def)) + + VALA_LDFLAGS := `pkg-config --libs $(EXT_PKGS) $(DIRECT_LIBS) gthread-2.0` ++VALA_LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now + + # REQUIRED_CFLAGS absolutely get appended to CFLAGS, whatever the + # the value of CFLAGS in the environment +-REQUIRED_CFLAGS := -fPIC ++REQUIRED_CFLAGS := -g -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 + + # setting CFLAGS in configure.mk overrides build type + ifndef CFLAGS +@@ -411,8 +412,8 @@ PLUGIN_CFLAGS = -O2 -g -pipe + endif + endif + +-CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) +-PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) ++CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fstack-protector-strong ++PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fPIC -fno-stack-protector + + # Required for gudev-1.0 + CFLAGS += -DG_UDEV_API_IS_SUBJECT_TO_CHANGE diff --git a/debian/patches/0005-hardening.patch b/debian/patches/0005-hardening.patch new file mode 100644 index 0000000..c60496f --- /dev/null +++ b/debian/patches/0005-hardening.patch @@ -0,0 +1,38 @@ +Description: pass compiler flags set in debian/rules to compiler +Author: Devid Antonio Filoni + +Index: trunk/Makefile +=================================================================== +--- trunk.orig/Makefile ++++ trunk/Makefile +@@ -35,7 +35,7 @@ CORE_SUPPORTED_LANGUAGES=$(shell cat po/ + LOCAL_LANG_DIR=locale-langpack + SYSTEM_LANG_DIR := $(DESTDIR)$(PREFIX)/share/locale + +-VALAFLAGS := -g --enable-checking --target-glib=2.32 --thread --fatal-warnings --enable-experimental --enable-deprecated $(USER_VALAFLAGS) ++VALAFLAGS := $(foreach w,$(CPPFLAGS) $(CFLAGS) $(LDFLAGS),-X $(w)) --enable-checking --target-glib=2.32 --thread --enable-experimental --enable-deprecated $(USER_VALAFLAGS) + ifdef UNITY_SUPPORT + VALAFLAGS := $(VALAFLAGS) --define UNITY_SUPPORT + endif +@@ -673,7 +673,7 @@ $(EXPANDED_C_FILES): $(VALA_STAMP) + @ + + $(EXPANDED_OBJ_FILES): %.o: %.c $(CONFIG_IN) Makefile +- $(CC) -c $(VALA_CFLAGS) $(CFLAGS) -o $@ $< ++ $(CC) -c $(VALA_CFLAGS) $(CPPFLAGS) $(CFLAGS) -o $@ $< + + $(PROGRAM): $(EXPANDED_OBJ_FILES) $(RESOURCES) $(LANG_STAMP) $(THUMBNAILER_BIN) misc/gschemas.compiled $(DOC_LANG_STAMP) + $(CC) $(EXPANDED_OBJ_FILES) $(CFLAGS) $(LDFLAGS) $(RESOURCES) $(VALA_LDFLAGS) $(EXPORT_FLAGS) -o $@ +Index: trunk/plugins/Makefile.plugin.mk +=================================================================== +--- trunk.orig/plugins/Makefile.plugin.mk ++++ trunk/plugins/Makefile.plugin.mk +@@ -41,7 +41,7 @@ DEFINES := -D_VERSION='"$(PLUGINS_VERSIO + all: $(PLUGIN).so + + .stamp: $(SRC_FILES) $(MAKE_FILES) $(HEADER_FILES) +- $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --fatal-warnings --save-temps --compile --enable-deprecated \ ++ $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --save-temps --compile --enable-deprecated \ + --vapidir=../ $(foreach pkg,$(PKGS),--pkg=$(pkg)) $(foreach pkg,$(CUSTOM_VAPI_PKGS),--pkg=$(pkg)) \ + -X -I../.. -X -fPIC \ + $(foreach dfn,$(DEFINES),-X $(dfn)) \ diff --git a/debian/patches/0010-libexec.patch b/debian/patches/0010-libexec.patch new file mode 100644 index 0000000..0e06218 --- /dev/null +++ b/debian/patches/0010-libexec.patch @@ -0,0 +1,16 @@ +Description: do not install files in libexec directory +Author: Luca Falavigna + +Index: shotwell-0.15.0/Makefile +=================================================================== +--- shotwell-0.15.0.orig/Makefile 2013-10-13 09:51:58.893357001 +0200 ++++ shotwell-0.15.0/Makefile 2013-10-13 09:54:33.885361749 +0200 +@@ -27,7 +27,7 @@ + + -include configure.mk + ifndef LIBEXECDIR +-LIBEXECDIR=$(PREFIX)/libexec/shotwell ++LIBEXECDIR=$(PREFIX)/share/shotwell + endif + + CORE_SUPPORTED_LANGUAGES=$(shell cat po/LINGUAS) diff --git a/debian/patches/0500-Port-to-webkit2gtk-40.patch b/debian/patches/0500-Port-to-webkit2gtk-40.patch new file mode 100644 index 0000000..51cd8de --- /dev/null +++ b/debian/patches/0500-Port-to-webkit2gtk-40.patch @@ -0,0 +1,1026 @@ +From afc5e103d2dd414f0d028565097d86c7e85fadbc Mon Sep 17 00:00:00 2001 +From: Iain Lane +Date: Tue, 30 Jun 2015 10:43:15 +0100 +Subject: [PATCH] Port to webkit2gtk-4.0 + +https://bugzilla.gnome.org/show_bug.cgi?id=751709 +--- + Makefile | 8 +- + debian/control | 2 +- + plugins/common/RESTSupport.vala | 24 +- + plugins/shotwell-publishing-extras/Makefile | 2 +- + .../YandexPublishing.vala | 67 ++- + .../shotwell-publishing/FacebookPublishing.vala | 36 +- + plugins/shotwell-publishing/Makefile | 2 +- + vapi/webkitgtk-3.0.deps | 8 - + vapi/webkitgtk-3.0.vapi | 653 --------------------- + 9 files changed, 97 insertions(+), 705 deletions(-) + delete mode 100644 vapi/webkitgtk-3.0.deps + delete mode 100644 vapi/webkitgtk-3.0.vapi + +diff --git a/Makefile b/Makefile +index fe354a7..1ce5668 100644 +--- a/Makefile ++++ b/Makefile +@@ -14,7 +14,7 @@ VALAC := $(shell which $(VALAC)) + endif + + VALAC_VERSION := `$(VALAC) --version | awk '{print $$2}'` +-MIN_VALAC_VERSION := 0.20.1 ++MIN_VALAC_VERSION := 0.28.0 + INSTALL_PROGRAM := install + INSTALL_DATA := install -m 644 + +@@ -120,12 +120,10 @@ VAPI_FILES = \ + LConv.vapi \ + libexif.vapi \ + libraw.vapi \ +- webkitgtk-3.0.vapi \ + unique-3.0.vapi \ + unity.vapi + + DEPS_FILES = \ +- webkitgtk-3.0.deps \ + unique-3.0.deps \ + unity.deps + +@@ -271,7 +269,7 @@ EXT_PKGS = \ + libsoup-2.4 \ + libxml-2.0 \ + sqlite3 \ +- webkitgtk-3.0 ++ webkit2gtk-4.0 + ifdef UNITY_SUPPORT + EXT_PKGS += unity + endif +@@ -303,7 +301,7 @@ EXT_PKG_VERSIONS = \ + libxml-2.0 >= 2.6.32 \ + rest-0.7 >= 0.7 \ + sqlite3 >= 3.5.9 \ +- webkitgtk-3.0 >= 1.4.0 \ ++ webkit2gtk-4.0 \ + gnome-doc-utils + + DIRECT_LIBS_VERSIONS = +diff --git a/plugins/common/RESTSupport.vala b/plugins/common/RESTSupport.vala +index fdde409..a4a0621 100644 +--- a/plugins/common/RESTSupport.vala ++++ b/plugins/common/RESTSupport.vala +@@ -741,10 +741,9 @@ public abstract class GooglePublisher : Object, Spit.Publishing.Publisher { + + webview = new WebKit.WebView(); + webview.get_settings().enable_plugins = false; +- webview.get_settings().enable_default_context_menu = false; + +- webview.load_finished.connect(on_page_load); +- webview.load_started.connect(on_load_started); ++ webview.load_changed.connect(on_page_load_changed); ++ webview.context_menu.connect(() => { return false; }); + + webview_frame.add(webview); + pane_widget.pack_start(webview_frame, true, true, 0); +@@ -754,7 +753,7 @@ public abstract class GooglePublisher : Object, Spit.Publishing.Publisher { + return cache_dirty; + } + +- private void on_page_load(WebKit.WebFrame origin_frame) { ++ private void on_page_load() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.LEFT_PTR)); + + string page_title = webview.get_title(); +@@ -772,9 +771,22 @@ public abstract class GooglePublisher : Object, Spit.Publishing.Publisher { + } + } + +- private void on_load_started(WebKit.WebFrame frame) { ++ private void on_load_started() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.WATCH)); + } ++ ++ private void on_page_load_changed (WebKit.LoadEvent load_event) { ++ switch (load_event) { ++ case WebKit.LoadEvent.STARTED: ++ on_load_started(); ++ break; ++ case WebKit.LoadEvent.FINISHED: ++ on_page_load(); ++ break; ++ } ++ ++ return; ++ } + + public Spit.Publishing.DialogPane.GeometryOptions get_preferred_geometry() { + return Spit.Publishing.DialogPane.GeometryOptions.NONE; +@@ -785,7 +797,7 @@ public abstract class GooglePublisher : Object, Spit.Publishing.Publisher { + } + + public void on_pane_installed() { +- webview.open(auth_sequence_start_url); ++ webview.load_uri(auth_sequence_start_url); + } + + public void on_pane_uninstalled() { +diff --git a/plugins/shotwell-publishing-extras/Makefile b/plugins/shotwell-publishing-extras/Makefile +index 9259fbb..91452cf 100644 +--- a/plugins/shotwell-publishing-extras/Makefile ++++ b/plugins/shotwell-publishing-extras/Makefile +@@ -5,7 +5,7 @@ PLUGIN_PKGS := \ + gtk+-3.0 \ + libsoup-2.4 \ + libxml-2.0 \ +- webkitgtk-3.0 \ ++ webkit2gtk-4.0 \ + gee-0.8 \ + rest-0.7 \ + json-glib-1.0 +diff --git a/plugins/shotwell-publishing-extras/YandexPublishing.vala b/plugins/shotwell-publishing-extras/YandexPublishing.vala +index 36a3ede..ec99c2b 100644 +--- a/plugins/shotwell-publishing-extras/YandexPublishing.vala ++++ b/plugins/shotwell-publishing-extras/YandexPublishing.vala +@@ -120,43 +120,70 @@ internal class WebAuthPane : Spit.Publishing.DialogPane, GLib.Object { + + webview = new WebKit.WebView(); + webview.get_settings().enable_plugins = false; +- webview.get_settings().enable_default_context_menu = false; + +- webview.load_finished.connect(on_page_load); +- webview.load_started.connect(on_load_started); +- webview.navigation_requested.connect(navigation_requested); ++ webview.load_changed.connect(on_page_load_changed); ++ webview.decide_policy.connect(on_decide_policy); ++ webview.context_menu.connect(() => { return false; }); + + webview_frame.add(webview); + pane_widget.pack_start(webview_frame, true, true, 0); + } + +- private void on_page_load(WebKit.WebFrame origin_frame) { ++ private void on_page_load() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.LEFT_PTR)); + } + +- private WebKit.NavigationResponse navigation_requested (WebKit.WebFrame frame, WebKit.NetworkRequest req) { +- debug("Navigating to '%s'", req.uri); ++ private bool on_decide_policy (WebKit.PolicyDecision decision, ++ WebKit.PolicyDecisionType type) { ++ switch (type) { ++ case WebKit.PolicyDecisionType.NAVIGATION_ACTION: ++ WebKit.NavigationPolicyDecision n_decision = (WebKit.NavigationPolicyDecision) decision; ++ WebKit.NavigationAction action = n_decision.navigation_action; ++ string uri = action.get_request().uri; ++ debug("Navigating to '%s'", uri); + +- MatchInfo info = null; ++ MatchInfo info = null; + +- if (re.match(req.uri, 0, out info)) { +- string access_token = info.fetch_all()[2]; ++ if (re.match(uri, 0, out info)) { ++ string access_token = info.fetch_all()[2]; + +- debug("Load completed: %s", access_token); +- pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.LEFT_PTR)); +- if (access_token != null) { +- login_succeeded(access_token); +- return WebKit.NavigationResponse.IGNORE; +- } else +- login_failed(); ++ debug("Load completed: %s", access_token); ++ pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.LEFT_PTR)); ++ if (access_token != null) { ++ login_succeeded(access_token); ++ decision.ignore(); ++ break; ++ } else ++ login_failed(); ++ } ++ decision.use(); ++ break; ++ case WebKit.PolicyDecisionType.RESPONSE: ++ decision.use(); ++ break; ++ default: ++ return false; + } +- return WebKit.NavigationResponse.ACCEPT; ++ return true; + } + +- private void on_load_started(WebKit.WebFrame frame) { ++ private void on_load_started() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.WATCH)); + } + ++ private void on_page_load_changed (WebKit.LoadEvent load_event) { ++ switch (load_event) { ++ case WebKit.LoadEvent.STARTED: ++ on_load_started(); ++ break; ++ case WebKit.LoadEvent.FINISHED: ++ on_page_load(); ++ break; ++ } ++ ++ return; ++ } ++ + public Gtk.Widget get_widget() { + return pane_widget; + } +@@ -166,7 +193,7 @@ internal class WebAuthPane : Spit.Publishing.DialogPane, GLib.Object { + } + + public void on_pane_installed() { +- webview.open(login_url); ++ webview.load_uri(login_url); + } + + public void on_pane_uninstalled() { +diff --git a/plugins/shotwell-publishing/FacebookPublishing.vala b/plugins/shotwell-publishing/FacebookPublishing.vala +index 1dd793d..4efe7f7 100644 +--- a/plugins/shotwell-publishing/FacebookPublishing.vala ++++ b/plugins/shotwell-publishing/FacebookPublishing.vala +@@ -535,7 +535,7 @@ public class FacebookPublisher : Spit.Publishing.Publisher, GLib.Object { + return; + + debug("EVENT: endpoint test transaction failed to detect a connection to the Facebook " + +- "endpoint"); ++ "endpoint" + error.message); + + on_generic_error(error); + } +@@ -829,15 +829,15 @@ internal class WebAuthenticationPane : Spit.Publishing.DialogPane, Object { + + webview = new WebKit.WebView(); + webview.get_settings().enable_plugins = false; +- webview.get_settings().enable_default_context_menu = false; ++ webview.get_settings().enable_xss_auditor = false; + +- webview.load_finished.connect(on_page_load); +- webview.load_started.connect(on_load_started); ++ webview.load_changed.connect(on_page_load_changed); ++ webview.context_menu.connect(() => { return true; }); + + webview_frame.add(webview); + pane_widget.pack_start(webview_frame, true, true, 0); + } +- ++ + private class LocaleLookup { + public string prefix; + public string translation; +@@ -945,10 +945,11 @@ internal class WebAuthenticationPane : Spit.Publishing.DialogPane, Object { + return "https://%s.facebook.com/dialog/oauth?client_id=%s&redirect_uri=https://www.facebook.com/connect/login_success.html&scope=publish_actions,user_photos,user_videos&response_type=token".printf(facebook_locale, APPLICATION_ID); + } + +- private void on_page_load(WebKit.WebFrame origin_frame) { ++ private void on_page_load() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.LEFT_PTR)); + +- string loaded_url = origin_frame.get_uri().dup(); ++ string loaded_url = webview.uri.dup(); ++ debug("loaded url: " + loaded_url); + + // strip parameters from the loaded url + if (loaded_url.contains("?")) { +@@ -960,7 +961,7 @@ internal class WebAuthenticationPane : Spit.Publishing.DialogPane, Object { + // were we redirected to the facebook login success page? + if (loaded_url.contains("login_success")) { + cache_dirty = true; +- login_succeeded(origin_frame.get_uri()); ++ login_succeeded(webview.uri); + return; + } + +@@ -971,10 +972,24 @@ internal class WebAuthenticationPane : Spit.Publishing.DialogPane, Object { + } + } + +- private void on_load_started(WebKit.WebFrame frame) { ++ private void on_load_started() { + pane_widget.get_window().set_cursor(new Gdk.Cursor(Gdk.CursorType.WATCH)); + } + ++ private void on_page_load_changed (WebKit.LoadEvent load_event) { ++ switch (load_event) { ++ case WebKit.LoadEvent.STARTED: ++ case WebKit.LoadEvent.REDIRECTED: ++ on_load_started(); ++ break; ++ case WebKit.LoadEvent.FINISHED: ++ on_page_load(); ++ break; ++ } ++ ++ return; ++ } ++ + public static bool is_cache_dirty() { + return cache_dirty; + } +@@ -988,7 +1003,7 @@ internal class WebAuthenticationPane : Spit.Publishing.DialogPane, Object { + } + + public void on_pane_installed() { +- webview.open(get_login_url()); ++ webview.load_uri(get_login_url()); + } + + public void on_pane_uninstalled() { +@@ -1527,6 +1542,7 @@ internal class GraphSession { + "Service %s returned HTTP status code %u %s", real_message.get_uri(), + msg.status_code, msg.reason_phrase); + } else { ++ debug(msg.reason_phrase); + error = new Spit.Publishing.PublishingError.NO_ANSWER( + "Failure communicating with %s (error code %u)", real_message.get_uri(), + msg.status_code); +diff --git a/plugins/shotwell-publishing/Makefile b/plugins/shotwell-publishing/Makefile +index 639fa88..6b3945b 100644 +--- a/plugins/shotwell-publishing/Makefile ++++ b/plugins/shotwell-publishing/Makefile +@@ -5,7 +5,7 @@ PLUGIN_PKGS := \ + gtk+-3.0 \ + libsoup-2.4 \ + libxml-2.0 \ +- webkitgtk-3.0 \ ++ webkit2gtk-4.0 \ + gexiv2 \ + rest-0.7 \ + gee-0.8 \ +diff --git a/vapi/webkitgtk-3.0.deps b/vapi/webkitgtk-3.0.deps +deleted file mode 100644 +index 91b1dfe..0000000 +--- a/vapi/webkitgtk-3.0.deps ++++ /dev/null +@@ -1,8 +0,0 @@ +-atk +-gio-2.0 +-cairo +-pango +-gdk-pixbuf-2.0 +-gdk-3.0 +-gtk+-3.0 +-libsoup-2.4 +diff --git a/vapi/webkitgtk-3.0.vapi b/vapi/webkitgtk-3.0.vapi +deleted file mode 100644 +index 9e0d347..0000000 +--- a/vapi/webkitgtk-3.0.vapi ++++ /dev/null +@@ -1,653 +0,0 @@ +-/* webkit-1.0.vapi generated by vapigen, do not modify. */ +- +-[CCode (cprefix = "WebKit", lower_case_cprefix = "webkit_")] +-namespace WebKit { +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class Download : GLib.Object { +- [CCode (has_construct_function = false)] +- public Download (WebKit.NetworkRequest request); +- public void cancel (); +- public uint64 get_current_size (); +- public unowned string get_destination_uri (); +- public double get_elapsed_time (); +- public unowned WebKit.NetworkRequest get_network_request (); +- public unowned WebKit.NetworkResponse get_network_response (); +- public double get_progress (); +- public WebKit.DownloadStatus get_status (); +- public unowned string get_suggested_filename (); +- public uint64 get_total_size (); +- public unowned string get_uri (); +- public void set_destination_uri (string destination_uri); +- public void start (); +- public uint64 current_size { get; } +- public string destination_uri { get; set; } +- public WebKit.NetworkRequest network_request { get; construct; } +- public WebKit.NetworkResponse network_response { get; construct; } +- public double progress { get; } +- public WebKit.DownloadStatus status { get; } +- public string suggested_filename { get; } +- public uint64 total_size { get; } +- public virtual signal bool error (int p0, int p1, string p2); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class GeolocationPolicyDecision : GLib.Object { +- [CCode (has_construct_function = false)] +- protected GeolocationPolicyDecision (); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class HitTestResult : GLib.Object { +- [CCode (has_construct_function = false)] +- protected HitTestResult (); +- [NoAccessorMethod] +- public WebKit.HitTestResultContext context { get; construct; } +- [NoAccessorMethod] +- public string image_uri { owned get; construct; } +- [NoAccessorMethod] +- public string link_uri { owned get; construct; } +- [NoAccessorMethod] +- public string media_uri { owned get; construct; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class NetworkRequest : GLib.Object { +- [CCode (has_construct_function = false)] +- public NetworkRequest (string uri); +- public unowned Soup.Message get_message (); +- public unowned string get_uri (); +- public void set_uri (string uri); +- public Soup.Message message { get; construct; } +- public string uri { get; set; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class NetworkResponse : GLib.Object { +- [CCode (has_construct_function = false)] +- public NetworkResponse (string uri); +- public unowned Soup.Message get_message (); +- public unowned string get_uri (); +- public void set_uri (string uri); +- public Soup.Message message { get; construct; } +- public string uri { get; set; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class SecurityOrigin : GLib.Object { +- [CCode (has_construct_function = false)] +- protected SecurityOrigin (); +- public unowned GLib.List get_all_web_databases (); +- public unowned string get_host (); +- public uint get_port (); +- public unowned string get_protocol (); +- public uint64 get_web_database_quota (); +- public uint64 get_web_database_usage (); +- public void set_web_database_quota (uint64 quota); +- public string host { get; } +- public uint port { get; } +- public string protocol { get; } +- public uint64 web_database_quota { get; set; } +- public uint64 web_database_usage { get; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class SoupAuthDialog : GLib.Object, Soup.SessionFeature { +- [CCode (has_construct_function = false)] +- protected SoupAuthDialog (); +- public virtual signal unowned Gtk.Widget current_toplevel (Soup.Message message); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebBackForwardList : GLib.Object { +- [CCode (has_construct_function = false)] +- protected WebBackForwardList (); +- public void add_item (WebKit.WebHistoryItem history_item); +- public void clear (); +- public bool contains_item (WebKit.WebHistoryItem history_item); +- public unowned WebKit.WebHistoryItem get_back_item (); +- public int get_back_length (); +- public unowned GLib.List get_back_list_with_limit (int limit); +- public unowned WebKit.WebHistoryItem get_current_item (); +- public unowned WebKit.WebHistoryItem get_forward_item (); +- public int get_forward_length (); +- public unowned GLib.List get_forward_list_with_limit (int limit); +- public int get_limit (); +- public unowned WebKit.WebHistoryItem get_nth_item (int index); +- public void go_back (); +- public void go_forward (); +- public void go_to_item (WebKit.WebHistoryItem history_item); +- public void set_limit (int limit); +- [CCode (has_construct_function = false)] +- public WebBackForwardList.with_web_view (WebKit.WebView web_view); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebDataSource : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebDataSource (); +- public unowned GLib.StringBuilder get_data (); +- public unowned string get_encoding (); +- public unowned WebKit.NetworkRequest get_initial_request (); +- public unowned WebKit.WebResource get_main_resource (); +- public unowned WebKit.NetworkRequest get_request (); +- public unowned GLib.List get_subresources (); +- public unowned string get_unreachable_uri (); +- public unowned WebKit.WebFrame get_web_frame (); +- public bool is_loading (); +- [CCode (has_construct_function = false)] +- public WebDataSource.with_request (WebKit.NetworkRequest request); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebDatabase : GLib.Object { +- [CCode (has_construct_function = false)] +- protected WebDatabase (); +- public unowned string get_display_name (); +- public uint64 get_expected_size (); +- public unowned string get_filename (); +- public unowned string get_name (); +- public unowned WebKit.SecurityOrigin get_security_origin (); +- public uint64 get_size (); +- public void remove (); +- public string display_name { get; } +- public uint64 expected_size { get; } +- public string filename { get; } +- public string name { get; construct; } +- public WebKit.SecurityOrigin security_origin { get; construct; } +- public uint64 size { get; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebFrame : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebFrame (WebKit.WebView web_view); +- public unowned WebKit.WebFrame find_frame (string name); +- public unowned WebKit.WebDataSource get_data_source (); +- public Gtk.PolicyType get_horizontal_scrollbar_policy (); +- public WebKit.LoadStatus get_load_status (); +- public unowned string get_name (); +- public unowned WebKit.NetworkResponse get_network_response (); +- public unowned WebKit.WebFrame get_parent (); +- public unowned WebKit.WebDataSource get_provisional_data_source (); +- public unowned WebKit.SecurityOrigin get_security_origin (); +- public unowned string get_title (); +- public unowned string get_uri (); +- public Gtk.PolicyType get_vertical_scrollbar_policy (); +- public unowned WebKit.WebView get_web_view (); +- public void load_alternate_string (string content, string base_url, string unreachable_url); +- public void load_request (WebKit.NetworkRequest request); +- public void load_string (string content, string mime_type, string encoding, string base_uri); +- public void load_uri (string uri); +- public void print (); +- public Gtk.PrintOperationResult print_full (Gtk.PrintOperation operation, Gtk.PrintOperationAction action) throws GLib.Error; +- public void reload (); +- public void stop_loading (); +- public Gtk.PolicyType horizontal_scrollbar_policy { get; } +- public WebKit.LoadStatus load_status { get; } +- public string name { get; } +- public string title { get; } +- public string uri { get; } +- public Gtk.PolicyType vertical_scrollbar_policy { get; } +- public virtual signal void cleared (); +- public virtual signal void hovering_over_link (string p0, string p1); +- public virtual signal void load_committed (); +- public virtual signal void load_done (bool p0); +- public virtual signal bool scrollbars_policy_changed (); +- public virtual signal void title_changed (string p0); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebHistoryItem : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebHistoryItem (); +- public unowned WebKit.WebHistoryItem copy (); +- public unowned string get_alternate_title (); +- public double get_last_visited_time (); +- public unowned string get_original_uri (); +- public unowned string get_title (); +- public unowned string get_uri (); +- public void set_alternate_title (string title); +- [CCode (has_construct_function = false)] +- public WebHistoryItem.with_data (string uri, string title); +- public string alternate_title { get; set; } +- public double last_visited_time { get; } +- public string original_uri { get; } +- public string title { get; } +- public string uri { get; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebInspector : GLib.Object { +- [CCode (has_construct_function = false)] +- protected WebInspector (); +- public void close (); +- public unowned string get_inspected_uri (); +- public unowned WebKit.WebView get_web_view (); +- public void inspect_coordinates (double x, double y); +- public void show (); +- public string inspected_uri { get; } +- [NoAccessorMethod] +- public bool javascript_profiling_enabled { get; set; } +- [NoAccessorMethod] +- public bool timeline_profiling_enabled { get; set; } +- public WebKit.WebView web_view { get; } +- public virtual signal bool attach_window (); +- public virtual signal bool close_window (); +- public virtual signal bool detach_window (); +- public virtual signal void finished (); +- public virtual signal unowned WebKit.WebView inspect_web_view (WebKit.WebView p0); +- public virtual signal bool show_window (); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebNavigationAction : GLib.Object { +- [CCode (has_construct_function = false)] +- protected WebNavigationAction (); +- public int get_button (); +- public int get_modifier_state (); +- public unowned string get_original_uri (); +- public WebKit.WebNavigationReason get_reason (); +- public unowned string get_target_frame (); +- public void set_original_uri (string originalUri); +- public void set_reason (WebKit.WebNavigationReason reason); +- public int button { get; construct; } +- public int modifier_state { get; construct; } +- public string original_uri { get; set construct; } +- public WebKit.WebNavigationReason reason { get; set construct; } +- public string target_frame { get; construct; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebPolicyDecision : GLib.Object { +- [CCode (has_construct_function = false)] +- protected WebPolicyDecision (); +- public void download (); +- public void ignore (); +- public void use (); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebResource : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebResource (string data, ssize_t size, string uri, string mime_type, string encoding, string frame_name); +- public unowned GLib.StringBuilder get_data (); +- public unowned string get_encoding (); +- public unowned string get_frame_name (); +- public unowned string get_mime_type (); +- public unowned string get_uri (); +- public string encoding { get; } +- public string frame_name { get; } +- public string mime_type { get; } +- public string uri { get; construct; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebSettings : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebSettings (); +- public WebKit.WebSettings copy (); +- public unowned string get_user_agent (); +- [NoAccessorMethod] +- public bool auto_load_images { get; set construct; } +- [NoAccessorMethod] +- public bool auto_resize_window { get; set construct; } +- [NoAccessorMethod] +- public bool auto_shrink_images { get; set construct; } +- [NoAccessorMethod] +- public string cursive_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public string default_encoding { owned get; set construct; } +- [NoAccessorMethod] +- public string default_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public int default_font_size { get; set construct; } +- [NoAccessorMethod] +- public int default_monospace_font_size { get; set construct; } +- [NoAccessorMethod] +- public WebKit.EditingBehavior editing_behavior { get; set construct; } +- [NoAccessorMethod] +- public bool enable_caret_browsing { get; set construct; } +- [NoAccessorMethod] +- public bool enable_default_context_menu { get; set construct; } +- [NoAccessorMethod] +- public bool enable_developer_extras { get; set construct; } +- [NoAccessorMethod] +- public bool enable_dom_paste { get; set construct; } +- [NoAccessorMethod] +- public bool enable_file_access_from_file_uris { get; set construct; } +- [NoAccessorMethod] +- public bool enable_html5_database { get; set construct; } +- [NoAccessorMethod] +- public bool enable_html5_local_storage { get; set construct; } +- [NoAccessorMethod] +- public bool enable_java_applet { get; set construct; } +- [NoAccessorMethod] +- public bool enable_offline_web_application_cache { get; set construct; } +- [NoAccessorMethod] +- public bool enable_page_cache { get; set construct; } +- [NoAccessorMethod] +- public bool enable_plugins { get; set construct; } +- [NoAccessorMethod] +- public bool enable_private_browsing { get; set construct; } +- [NoAccessorMethod] +- public bool enable_scripts { get; set construct; } +- [NoAccessorMethod] +- public bool enable_site_specific_quirks { get; set construct; } +- [NoAccessorMethod] +- public bool enable_spatial_navigation { get; set construct; } +- [NoAccessorMethod] +- public bool enable_spell_checking { get; set construct; } +- [NoAccessorMethod] +- public bool enable_universal_access_from_file_uris { get; set construct; } +- [NoAccessorMethod] +- public bool enable_xss_auditor { get; set construct; } +- [NoAccessorMethod] +- public bool enforce_96_dpi { get; set construct; } +- [NoAccessorMethod] +- public string fantasy_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public bool javascript_can_access_clipboard { get; set construct; } +- [NoAccessorMethod] +- public bool javascript_can_open_windows_automatically { get; set construct; } +- [NoAccessorMethod] +- public int minimum_font_size { get; set construct; } +- [NoAccessorMethod] +- public int minimum_logical_font_size { get; set construct; } +- [NoAccessorMethod] +- public string monospace_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public bool print_backgrounds { get; set construct; } +- [NoAccessorMethod] +- public bool resizable_text_areas { get; set construct; } +- [NoAccessorMethod] +- public string sans_serif_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public string serif_font_family { owned get; set construct; } +- [NoAccessorMethod] +- public string spell_checking_languages { owned get; set construct; } +- [NoAccessorMethod] +- public bool tab_key_cycles_through_elements { get; set construct; } +- [NoAccessorMethod] +- public string user_agent { owned get; set construct; } +- [NoAccessorMethod] +- public string user_stylesheet_uri { owned get; set construct; } +- [NoAccessorMethod] +- public float zoom_step { get; set construct; } +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebView : Gtk.Container, Atk.Implementor, Gtk.Buildable { +- [CCode (type = "GtkWidget*", has_construct_function = false)] +- public WebView (); +- public bool can_copy_clipboard (); +- public bool can_cut_clipboard (); +- public bool can_go_back (); +- public bool can_go_back_or_forward (int steps); +- public bool can_go_forward (); +- public bool can_paste_clipboard (); +- public bool can_redo (); +- public bool can_show_mime_type (string mime_type); +- public bool can_undo (); +- [NoWrapper] +- public virtual unowned string choose_file (WebKit.WebFrame frame, string old_file); +- public void delete_selection (); +- public void execute_script (string script); +- public unowned WebKit.WebBackForwardList get_back_forward_list (); +- public unowned Gtk.TargetList get_copy_target_list (); +- public unowned string get_custom_encoding (); +- public bool get_editable (); +- public unowned string get_encoding (); +- public unowned WebKit.WebFrame get_focused_frame (); +- public bool get_full_content_zoom (); +- public unowned WebKit.HitTestResult get_hit_test_result (Gdk.EventButton event); +- public unowned string get_icon_uri (); +- public unowned WebKit.WebInspector get_inspector (); +- public WebKit.LoadStatus get_load_status (); +- public unowned WebKit.WebFrame get_main_frame (); +- public unowned Gtk.TargetList get_paste_target_list (); +- public double get_progress (); +- public unowned WebKit.WebSettings get_settings (); +- public unowned string get_title (); +- public bool get_transparent (); +- public unowned string get_uri (); +- public bool get_view_source_mode (); +- public unowned WebKit.WebWindowFeatures get_window_features (); +- public float get_zoom_level (); +- public void go_back (); +- public void go_back_or_forward (int steps); +- public void go_forward (); +- public bool go_to_back_forward_item (WebKit.WebHistoryItem item); +- public bool has_selection (); +- public void load_html_string (string content, string base_uri); +- public void load_request (WebKit.NetworkRequest request); +- public void load_string (string content, string mime_type, string encoding, string base_uri); +- public void load_uri (string uri); +- public uint mark_text_matches (string str, bool case_sensitive, uint limit); +- public void open (string uri); +- public void reload (); +- public void reload_bypass_cache (); +- public bool search_text (string text, bool case_sensitive, bool forward, bool wrap); +- public void set_custom_encoding (string encoding); +- public void set_editable (bool flag); +- public void set_full_content_zoom (bool full_content_zoom); +- public void set_highlight_text_matches (bool highlight); +- public void set_maintains_back_forward_list (bool flag); +- public void set_settings (WebKit.WebSettings settings); +- public void set_transparent (bool flag); +- public void set_view_source_mode (bool view_source_mode); +- public void set_zoom_level (float zoom_level); +- public void stop_loading (); +- public void unmark_text_matches (); +- public void zoom_in (); +- public void zoom_out (); +- public Gtk.TargetList copy_target_list { get; } +- public string custom_encoding { get; set; } +- public bool editable { get; set; } +- public string encoding { get; } +- public bool full_content_zoom { get; set; } +- public string icon_uri { get; } +- [NoAccessorMethod] +- public Gtk.IMContext im_context { owned get; } +- public WebKit.LoadStatus load_status { get; } +- public Gtk.TargetList paste_target_list { get; } +- public double progress { get; } +- public WebKit.WebSettings settings { get; set; } +- public string title { get; } +- public bool transparent { get; set; } +- public string uri { get; } +- [NoAccessorMethod] +- public WebKit.WebInspector web_inspector { owned get; } +- [NoAccessorMethod] +- public WebKit.WebWindowFeatures window_features { owned get; set; } +- public float zoom_level { get; set; } +- public virtual signal bool close_web_view (); +- public virtual signal bool console_message (string message, int line_number, string source_id); +- [HasEmitter] +- public virtual signal void copy_clipboard (); +- public virtual signal unowned Gtk.Widget create_plugin_widget (string p0, string p1, GLib.HashTable p2); +- public virtual signal WebKit.WebView create_web_view (WebKit.WebFrame web_frame); +- [HasEmitter] +- public virtual signal void cut_clipboard (); +- public virtual signal void database_quota_exceeded (GLib.Object p0, GLib.Object p1); +- public virtual signal void document_load_finished (WebKit.WebFrame p0); +- public virtual signal bool download_requested (GLib.Object p0); +- public virtual signal void geolocation_policy_decision_cancelled (WebKit.WebFrame p0); +- public virtual signal bool geolocation_policy_decision_requested (WebKit.WebFrame p0, WebKit.GeolocationPolicyDecision p1); +- public virtual signal void hovering_over_link (string? p0, string p1); +- public virtual signal void icon_loaded (string p0); +- public virtual signal void load_committed (WebKit.WebFrame p0); +- public virtual signal bool load_error (WebKit.WebFrame p0, string p1, GLib.Error p2); +- public virtual signal void load_finished (WebKit.WebFrame p0); +- public virtual signal void load_progress_changed (int p0); +- public virtual signal void load_started (WebKit.WebFrame p0); +- public virtual signal bool mime_type_policy_decision_requested (WebKit.WebFrame p0, WebKit.NetworkRequest p1, string p2, WebKit.WebPolicyDecision p3); +- [HasEmitter] +- public virtual signal bool move_cursor (Gtk.MovementStep step, int count); +- public virtual signal bool navigation_policy_decision_requested (WebKit.WebFrame p0, WebKit.NetworkRequest p1, WebKit.WebNavigationAction p2, WebKit.WebPolicyDecision p3); +- public virtual signal WebKit.NavigationResponse navigation_requested (WebKit.WebFrame frame, WebKit.NetworkRequest request); +- public virtual signal bool new_window_policy_decision_requested (WebKit.WebFrame p0, WebKit.NetworkRequest p1, WebKit.WebNavigationAction p2, WebKit.WebPolicyDecision p3); +- [HasEmitter] +- public virtual signal void paste_clipboard (); +- public virtual signal void populate_popup (Gtk.Menu p0); +- public virtual signal bool print_requested (WebKit.WebFrame p0); +- [HasEmitter] +- public virtual signal void redo (); +- public virtual signal void resource_request_starting (WebKit.WebFrame p0, WebKit.WebResource p1, WebKit.NetworkRequest p2, WebKit.NetworkResponse p3); +- public virtual signal bool script_alert (WebKit.WebFrame frame, string alert_message); +- public virtual signal bool script_confirm (WebKit.WebFrame frame, string confirm_message, void* did_confirm); +- public virtual signal bool script_prompt (WebKit.WebFrame frame, string message, string default_value, void* value); +- [HasEmitter] +- public virtual signal void select_all (); +- public virtual signal void selection_changed (); +- public virtual signal void set_scroll_adjustments (Gtk.Adjustment hadjustment, Gtk.Adjustment vadjustment); +- public virtual signal void status_bar_text_changed (string p0); +- public virtual signal void title_changed (WebKit.WebFrame p0, string p1); +- [HasEmitter] +- public virtual signal void undo (); +- public virtual signal bool web_view_ready (); +- public virtual signal void window_object_cleared (WebKit.WebFrame frame, void* context, void* window_object); +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public class WebWindowFeatures : GLib.Object { +- [CCode (has_construct_function = false)] +- public WebWindowFeatures (); +- public bool equal (WebKit.WebWindowFeatures features2); +- [NoAccessorMethod] +- public bool fullscreen { get; set construct; } +- [NoAccessorMethod] +- public int height { get; set construct; } +- [NoAccessorMethod] +- public bool locationbar_visible { get; set construct; } +- [NoAccessorMethod] +- public bool menubar_visible { get; set construct; } +- [NoAccessorMethod] +- public bool scrollbar_visible { get; set construct; } +- [NoAccessorMethod] +- public bool statusbar_visible { get; set construct; } +- [NoAccessorMethod] +- public bool toolbar_visible { get; set construct; } +- [NoAccessorMethod] +- public int width { get; set construct; } +- [NoAccessorMethod] +- public int x { get; set construct; } +- [NoAccessorMethod] +- public int y { get; set construct; } +- } +- [CCode (cprefix = "WEBKIT_CACHE_MODEL_", cheader_filename = "webkit/webkit.h")] +- public enum CacheModel { +- DOCUMENT_VIEWER, +- WEB_BROWSER +- } +- [CCode (cprefix = "WEBKIT_DOWNLOAD_ERROR_", cheader_filename = "webkit/webkit.h")] +- public enum DownloadError { +- CANCELLED_BY_USER, +- DESTINATION, +- NETWORK +- } +- [CCode (cprefix = "WEBKIT_DOWNLOAD_STATUS_", cheader_filename = "webkit/webkit.h")] +- public enum DownloadStatus { +- ERROR, +- CREATED, +- STARTED, +- CANCELLED, +- FINISHED +- } +- [CCode (cprefix = "WEBKIT_EDITING_BEHAVIOR_", cheader_filename = "webkit/webkit.h")] +- public enum EditingBehavior { +- MAC, +- WINDOWS +- } +- [CCode (cprefix = "WEBKIT_HIT_TEST_RESULT_CONTEXT_", cheader_filename = "webkit/webkit.h")] +- [Flags] +- public enum HitTestResultContext { +- DOCUMENT, +- LINK, +- IMAGE, +- MEDIA, +- SELECTION, +- EDITABLE +- } +- [CCode (cprefix = "WEBKIT_LOAD_", cheader_filename = "webkit/webkit.h")] +- public enum LoadStatus { +- PROVISIONAL, +- COMMITTED, +- FINISHED, +- FIRST_VISUALLY_NON_EMPTY_LAYOUT, +- FAILED +- } +- [CCode (cprefix = "WEBKIT_NAVIGATION_RESPONSE_", cheader_filename = "webkit/webkit.h")] +- public enum NavigationResponse { +- ACCEPT, +- IGNORE, +- DOWNLOAD +- } +- [CCode (cprefix = "WEBKIT_NETWORK_ERROR_", cheader_filename = "webkit/webkit.h")] +- public enum NetworkError { +- FAILED, +- TRANSPORT, +- UNKNOWN_PROTOCOL, +- CANCELLED, +- FILE_DOES_NOT_EXIST +- } +- [CCode (cprefix = "WEBKIT_PLUGIN_ERROR_", cheader_filename = "webkit/webkit.h")] +- public enum PluginError { +- FAILED, +- CANNOT_FIND_PLUGIN, +- CANNOT_LOAD_PLUGIN, +- JAVA_UNAVAILABLE, +- CONNECTION_CANCELLED, +- WILL_HANDLE_LOAD +- } +- [CCode (cprefix = "WEBKIT_POLICY_ERROR_", cheader_filename = "webkit/webkit.h")] +- public enum PolicyError { +- FAILED, +- CANNOT_SHOW_MIME_TYPE, +- CANNOT_SHOW_URL, +- FRAME_LOAD_INTERRUPTED_BY_POLICY_CHANGE, +- CANNOT_USE_RESTRICTED_PORT +- } +- [CCode (cprefix = "WEBKIT_WEB_NAVIGATION_REASON_", cheader_filename = "webkit/webkit.h")] +- public enum WebNavigationReason { +- LINK_CLICKED, +- FORM_SUBMITTED, +- BACK_FORWARD, +- RELOAD, +- FORM_RESUBMITTED, +- OTHER +- } +- [CCode (cprefix = "WEBKIT_WEB_VIEW_TARGET_INFO_", cheader_filename = "webkit/webkit.h")] +- public enum WebViewTargetInfo { +- HTML, +- TEXT, +- IMAGE, +- URI_LIST, +- NETSCAPE_URL +- } +- [CCode (cheader_filename = "webkit/webkit.h")] +- public const int MAJOR_VERSION; +- [CCode (cheader_filename = "webkit/webkit.h")] +- public const int MICRO_VERSION; +- [CCode (cheader_filename = "webkit/webkit.h")] +- public const int MINOR_VERSION; +- [CCode (cheader_filename = "webkit/webkit.h")] +- public const int USER_AGENT_MAJOR_VERSION; +- [CCode (cheader_filename = "webkit/webkit.h")] +- public const int USER_AGENT_MINOR_VERSION; +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static bool check_version (uint major, uint minor, uint micro); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void geolocation_policy_allow (WebKit.GeolocationPolicyDecision decision); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void geolocation_policy_deny (WebKit.GeolocationPolicyDecision decision); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static WebKit.CacheModel get_cache_model (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static unowned Soup.Session get_default_session (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static uint64 get_default_web_database_quota (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static unowned string get_web_database_directory_path (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static uint major_version (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static uint micro_version (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static uint minor_version (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static GLib.Quark network_error_quark (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static GLib.Quark plugin_error_quark (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static GLib.Quark policy_error_quark (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void remove_all_web_databases (); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void set_cache_model (WebKit.CacheModel cache_model); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void set_default_web_database_quota (uint64 defaultQuota); +- [CCode (cheader_filename = "webkit/webkit.h")] +- public static void set_web_database_directory_path (string path); +-} +-- +2.5.0 \ No newline at end of file diff --git a/debian/patches/0501-Dont-pack-webview-into-a-scrolled-window.patch b/debian/patches/0501-Dont-pack-webview-into-a-scrolled-window.patch new file mode 100644 index 0000000..a5820dd --- /dev/null +++ b/debian/patches/0501-Dont-pack-webview-into-a-scrolled-window.patch @@ -0,0 +1,44 @@ +From 130ebe6f1eda9564e89ab617bdfa30a50f828e47 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 4 Dec 2015 17:33:43 +0100 +Subject: [PATCH] Don't pack webview into a scrolled window + +The scrollbar is drawn by WebKitWebView in WK2. + +https://bugzilla.gnome.org/show_bug.cgi?id=751709 +--- + plugins/common/RESTSupport.vala | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +Index: trunk/plugins/common/RESTSupport.vala +=================================================================== +--- trunk.orig/plugins/common/RESTSupport.vala ++++ trunk/plugins/common/RESTSupport.vala +@@ -725,7 +725,6 @@ public abstract class GooglePublisher : + + private WebKit.WebView webview; + private Gtk.Box pane_widget; +- private Gtk.ScrolledWindow webview_frame; + private string auth_sequence_start_url; + + public signal void authorized(string auth_code); +@@ -735,18 +734,13 @@ public abstract class GooglePublisher : + + pane_widget = new Gtk.Box(Gtk.Orientation.VERTICAL, 0); + +- webview_frame = new Gtk.ScrolledWindow(null, null); +- webview_frame.set_shadow_type(Gtk.ShadowType.ETCHED_IN); +- webview_frame.set_policy(Gtk.PolicyType.AUTOMATIC, Gtk.PolicyType.AUTOMATIC); +- + webview = new WebKit.WebView(); + webview.get_settings().enable_plugins = false; + + webview.load_changed.connect(on_page_load_changed); + webview.context_menu.connect(() => { return false; }); + +- webview_frame.add(webview); +- pane_widget.pack_start(webview_frame, true, true, 0); ++ pane_widget.pack_start(webview, true, true, 0); + } + + public static bool is_cache_dirty() { diff --git a/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch new file mode 100644 index 0000000..df24283 --- /dev/null +++ b/debian/patches/0502-Have-all-soup-sessions-validate-TLS-certificates.patch @@ -0,0 +1,39 @@ +From ac6efab13554d1ef39eb8b86744234d72773c2da Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 4 Dec 2015 17:34:17 +0100 +Subject: [PATCH] Have all soup sessions validate TLS certificates + +Note that this commit is *not* sufficient to fix certificate verification +on its own. The port to WK2 is also required, else WebKit's soup session +will not verify certificates. + +https://bugzilla.gnome.org/show_bug.cgi?id=751709 +--- + plugins/common/RESTSupport.vala | 1 + + plugins/shotwell-publishing/FacebookPublishing.vala | 1 + + 2 files changed, 2 insertions(+) + +Index: trunk/plugins/common/RESTSupport.vala +=================================================================== +--- trunk.orig/plugins/common/RESTSupport.vala ++++ trunk/plugins/common/RESTSupport.vala +@@ -20,6 +20,7 @@ public abstract class Session { + public Session(string? endpoint_url = null) { + this.endpoint_url = endpoint_url; + soup_session = new Soup.SessionAsync(); ++ this.soup_session.ssl_use_system_ca_file = true; + } + + protected void notify_wire_message_unqueued(Soup.Message message) { +Index: trunk/plugins/shotwell-publishing/FacebookPublishing.vala +=================================================================== +--- trunk.orig/plugins/shotwell-publishing/FacebookPublishing.vala ++++ trunk/plugins/shotwell-publishing/FacebookPublishing.vala +@@ -1473,6 +1473,7 @@ internal class GraphSession { + this.soup_session.timeout = 15; + this.access_token = null; + this.current_message = null; ++ this.soup_session.ssl_use_system_ca_file = true; + } + + ~GraphSession() { diff --git a/debian/patches/0503-facebook-Dont-disable-XSS-auditor.patch b/debian/patches/0503-facebook-Dont-disable-XSS-auditor.patch new file mode 100644 index 0000000..976b6ec --- /dev/null +++ b/debian/patches/0503-facebook-Dont-disable-XSS-auditor.patch @@ -0,0 +1,25 @@ +From 2a1dd48e702b0e8524a4ed212252aa4c49c6b0f0 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 4 Dec 2015 18:08:54 +0100 +Subject: [PATCH] facebook: Don't disable XSS auditor + +This is a separate commit to make it possible to revert easily, as +I don't know why it was disabled. + +https://bugzilla.gnome.org/show_bug.cgi?id=751709 +--- + plugins/shotwell-publishing/FacebookPublishing.vala | 1 - + 1 file changed, 1 deletion(-) + +Index: trunk/plugins/shotwell-publishing/FacebookPublishing.vala +=================================================================== +--- trunk.orig/plugins/shotwell-publishing/FacebookPublishing.vala ++++ trunk/plugins/shotwell-publishing/FacebookPublishing.vala +@@ -829,7 +829,6 @@ internal class WebAuthenticationPane : S + + webview = new WebKit.WebView(); + webview.get_settings().enable_plugins = false; +- webview.get_settings().enable_xss_auditor = false; + + webview.load_changed.connect(on_page_load_changed); + webview.context_menu.connect(() => { return true; }); diff --git a/debian/patches/500-buildflags.patch b/debian/patches/500-buildflags.patch deleted file mode 100644 index a8030ec..0000000 --- a/debian/patches/500-buildflags.patch +++ /dev/null @@ -1,33 +0,0 @@ -Description: Poke requested Debian buildflags for hardening into Makefile -Author: Jörg Frings-Fürst -Last-Update: 2015-01-07 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/Makefile -=================================================================== ---- trunk.orig/Makefile -+++ trunk/Makefile -@@ -395,10 +395,11 @@ VALA_CFLAGS := `pkg-config --cflags $(EX - $(foreach def,$(DEFINES),-D$(def)) - - VALA_LDFLAGS := `pkg-config --libs $(EXT_PKGS) $(DIRECT_LIBS) gthread-2.0` -+VALA_LDFLAGS += -fPIE -pie -Wl,-z,relro -Wl,-z,now - - # REQUIRED_CFLAGS absolutely get appended to CFLAGS, whatever the - # the value of CFLAGS in the environment --REQUIRED_CFLAGS := -fPIC -+REQUIRED_CFLAGS := -g -O2 -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 - - # setting CFLAGS in configure.mk overrides build type - ifndef CFLAGS -@@ -411,8 +412,8 @@ PLUGIN_CFLAGS = -O2 -g -pipe - endif - endif - --CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) --PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -+CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fstack-protector-strong -+PLUGIN_CFLAGS += $(PROFILE_FLAGS) $(REQUIRED_CFLAGS) -fPIC -fno-stack-protector - - # Required for gudev-1.0 - CFLAGS += -DG_UDEV_API_IS_SUBJECT_TO_CHANGE diff --git a/debian/patches/hardening.patch b/debian/patches/hardening.patch deleted file mode 100644 index c60496f..0000000 --- a/debian/patches/hardening.patch +++ /dev/null @@ -1,38 +0,0 @@ -Description: pass compiler flags set in debian/rules to compiler -Author: Devid Antonio Filoni - -Index: trunk/Makefile -=================================================================== ---- trunk.orig/Makefile -+++ trunk/Makefile -@@ -35,7 +35,7 @@ CORE_SUPPORTED_LANGUAGES=$(shell cat po/ - LOCAL_LANG_DIR=locale-langpack - SYSTEM_LANG_DIR := $(DESTDIR)$(PREFIX)/share/locale - --VALAFLAGS := -g --enable-checking --target-glib=2.32 --thread --fatal-warnings --enable-experimental --enable-deprecated $(USER_VALAFLAGS) -+VALAFLAGS := $(foreach w,$(CPPFLAGS) $(CFLAGS) $(LDFLAGS),-X $(w)) --enable-checking --target-glib=2.32 --thread --enable-experimental --enable-deprecated $(USER_VALAFLAGS) - ifdef UNITY_SUPPORT - VALAFLAGS := $(VALAFLAGS) --define UNITY_SUPPORT - endif -@@ -673,7 +673,7 @@ $(EXPANDED_C_FILES): $(VALA_STAMP) - @ - - $(EXPANDED_OBJ_FILES): %.o: %.c $(CONFIG_IN) Makefile -- $(CC) -c $(VALA_CFLAGS) $(CFLAGS) -o $@ $< -+ $(CC) -c $(VALA_CFLAGS) $(CPPFLAGS) $(CFLAGS) -o $@ $< - - $(PROGRAM): $(EXPANDED_OBJ_FILES) $(RESOURCES) $(LANG_STAMP) $(THUMBNAILER_BIN) misc/gschemas.compiled $(DOC_LANG_STAMP) - $(CC) $(EXPANDED_OBJ_FILES) $(CFLAGS) $(LDFLAGS) $(RESOURCES) $(VALA_LDFLAGS) $(EXPORT_FLAGS) -o $@ -Index: trunk/plugins/Makefile.plugin.mk -=================================================================== ---- trunk.orig/plugins/Makefile.plugin.mk -+++ trunk/plugins/Makefile.plugin.mk -@@ -41,7 +41,7 @@ DEFINES := -D_VERSION='"$(PLUGINS_VERSIO - all: $(PLUGIN).so - - .stamp: $(SRC_FILES) $(MAKE_FILES) $(HEADER_FILES) -- $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --fatal-warnings --save-temps --compile --enable-deprecated \ -+ $(VALAC) --target-glib=$(MIN_GLIB_VERSION) -g --enable-checking --save-temps --compile --enable-deprecated \ - --vapidir=../ $(foreach pkg,$(PKGS),--pkg=$(pkg)) $(foreach pkg,$(CUSTOM_VAPI_PKGS),--pkg=$(pkg)) \ - -X -I../.. -X -fPIC \ - $(foreach dfn,$(DEFINES),-X $(dfn)) \ diff --git a/debian/patches/libexec.patch b/debian/patches/libexec.patch deleted file mode 100644 index 0e06218..0000000 --- a/debian/patches/libexec.patch +++ /dev/null @@ -1,16 +0,0 @@ -Description: do not install files in libexec directory -Author: Luca Falavigna - -Index: shotwell-0.15.0/Makefile -=================================================================== ---- shotwell-0.15.0.orig/Makefile 2013-10-13 09:51:58.893357001 +0200 -+++ shotwell-0.15.0/Makefile 2013-10-13 09:54:33.885361749 +0200 -@@ -27,7 +27,7 @@ - - -include configure.mk - ifndef LIBEXECDIR --LIBEXECDIR=$(PREFIX)/libexec/shotwell -+LIBEXECDIR=$(PREFIX)/share/shotwell - endif - - CORE_SUPPORTED_LANGUAGES=$(shell cat po/LINGUAS) diff --git a/debian/patches/series b/debian/patches/series index bfb8f07..07037ee 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,7 @@ -500-buildflags.patch -hardening.patch -libexec.patch +0001-buildflags.patch +0005-hardening.patch +0010-libexec.patch +0500-Port-to-webkit2gtk-40.patch +0501-Dont-pack-webview-into-a-scrolled-window.patch +0502-Have-all-soup-sessions-validate-TLS-certificates.patch +0503-facebook-Dont-disable-XSS-auditor.patch -- cgit v1.2.3