[Swfdec-commits] Branch '0.6' - 5 commits - configure.ac NEWS swfdec/swfdec_load_object.c test/trace

Wed Apr 9 02:00:17 PDT 2008

NEWS                                          |    7 +++++++
 configure.ac                                  |    2 +-
 swfdec/swfdec_load_object.c                   |   11 ++++++++---
 test/trace/Makefile.am                        |    9 +++++++++
 test/trace/sec-0.6.2-local-access-5.swf       |binary
 test/trace/sec-0.6.2-local-access-5.swf.trace |    2 ++
 test/trace/sec-0.6.2-local-access-6.swf       |binary
 test/trace/sec-0.6.2-local-access-6.swf.trace |    2 ++
 test/trace/sec-0.6.2-local-access-7.swf       |binary
 test/trace/sec-0.6.2-local-access-7.swf.trace |    2 ++
 test/trace/sec-0.6.2-local-access-8.swf       |binary
 test/trace/sec-0.6.2-local-access-8.swf.trace |    2 ++
 test/trace/sec-0.6.2-local-access.as          |   15 +++++++++++++++
 13 files changed, 48 insertions(+), 4 deletions(-)

New commits:
commit 0fabf5764eddd065c4909d5b4900ef7abf13d8b4
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Apr 9 10:29:51 2008 +0200

    back to development

diff --git a/configure.ac b/configure.ac
index 671aa96..9c3f9a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.58])
-AC_INIT(swfdec,0.6.4)
+AC_INIT(swfdec,0.6.5)
 
 [is_dev=$(echo $PACKAGE_VERSION | sed 's/[0-9]\.[0-9][0-9]*\.[0-9]*[13579]/1/')]
 if test x"$is_dev" = x1 ; then
commit f20324c575415b5c32474d3af206ef571fe04bd0
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Apr 9 10:26:03 2008 +0200

    release 0.6.4

diff --git a/configure.ac b/configure.ac
index 8b5bbc6..671aa96 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.58])
-AC_INIT(swfdec,0.6.3)
+AC_INIT(swfdec,0.6.4)
 
 [is_dev=$(echo $PACKAGE_VERSION | sed 's/[0-9]\.[0-9][0-9]*\.[0-9]*[13579]/1/')]
 if test x"$is_dev" = x1 ; then
commit af392a99916dfe57c2b8802659f53c74695565b3
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Apr 9 10:18:12 2008 +0200

    update to 0.6.4

diff --git a/NEWS b/NEWS
index af1a959..1594444 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,11 @@
 
+ 0.6.4 ("College Humor")
+
+This is a security release. Please update as soon as possible.
+- fix a security problem that allowed remote Flash files to read local files.
+- fix a rare crash in TextField.replaceText
+- fix a rare crash during cleanup
+
  0.6.2 ("Badger Badger Badger")
 
 This is the first bugfix release in the stable release series. It contains 
commit 1587e308d4d470e837347b0cff3312b79964908b
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Apr 9 10:01:48 2008 +0200

    add test for the latest fix

diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 3bffb1c..c58f524 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -2585,6 +2585,15 @@ EXTRA_DIST = \
 	scope-chain-with-and-scope-chain-7.swf.trace \
 	scope-chain-with-and-scope-chain-8.swf \
 	scope-chain-with-and-scope-chain-8.swf.trace \
+	sec-0.6.2-local-access-5.swf \
+	sec-0.6.2-local-access-5.swf.trace \
+	sec-0.6.2-local-access-6.swf \
+	sec-0.6.2-local-access-6.swf.trace \
+	sec-0.6.2-local-access-7.swf \
+	sec-0.6.2-local-access-7.swf.trace \
+	sec-0.6.2-local-access-8.swf \
+	sec-0.6.2-local-access-8.swf.trace \
+	sec-0.6.2-local-access.as \
 	selection-properties.as \
 	selection-properties-5.swf \
 	selection-properties-5.swf.trace \
diff --git a/test/trace/sec-0.6.2-local-access-5.swf b/test/trace/sec-0.6.2-local-access-5.swf
new file mode 100644
index 0000000..a7b2280
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-5.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-5.swf.trace b/test/trace/sec-0.6.2-local-access-5.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-5.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-6.swf b/test/trace/sec-0.6.2-local-access-6.swf
new file mode 100644
index 0000000..1460177
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-6.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-6.swf.trace b/test/trace/sec-0.6.2-local-access-6.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-6.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-7.swf b/test/trace/sec-0.6.2-local-access-7.swf
new file mode 100644
index 0000000..01cb6e9
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-7.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-7.swf.trace b/test/trace/sec-0.6.2-local-access-7.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-7.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-8.swf b/test/trace/sec-0.6.2-local-access-8.swf
new file mode 100644
index 0000000..840e840
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-8.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-8.swf.trace b/test/trace/sec-0.6.2-local-access-8.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-8.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access.as b/test/trace/sec-0.6.2-local-access.as
new file mode 100644
index 0000000..3614371
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access.as
@@ -0,0 +1,15 @@
+// makeswf -v 7 -s 200x150 -r 1 -o sec-0.6.2-local-access.swf sec-0.6.2-local-access.as
+
+x = new XML ();
+x.onData  = function (data) {
+  trace (data);
+  getURL ("fscommand:quit", "");
+};
+x.load ("sec-0.6.2-local-access-7.swf.trace");
+
+y = new XML ();
+y.onData  = function (data) {
+  trace (data);
+  getURL ("fscommand:quit", "");
+};
+y.load (_url + ".trace");
commit 326ee4ff631ecc11605f1251e1923a94561a3823
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Apr 9 09:52:26 2008 +0200

    disallow access to local files from disallowed sandboxes
    
    The previous code allowed files loaded from remote locations access to local
    files.

diff --git a/swfdec/swfdec_load_object.c b/swfdec/swfdec_load_object.c
index d7bc0ce..8be8acc 100644
--- a/swfdec/swfdec_load_object.c
+++ b/swfdec/swfdec_load_object.c
@@ -162,6 +162,11 @@ swfdec_load_object_load (SwfdecPlayer *player, gboolean allow, gpointer obj)
     SWFDEC_WARNING ("SECURITY: no access to %s from %s",
 	load->url, swfdec_url_get_url (load->sandbox->url));
 
+    /* call finish */
+    swfdec_sandbox_use (load->sandbox);
+    load->finish (load->target, NULL);
+    swfdec_sandbox_unuse (load->sandbox);
+
     /* unroot */
     swfdec_player_unroot (player, load);
     return;
@@ -182,10 +187,10 @@ swfdec_load_object_request (gpointer objectp, gpointer playerp)
   SwfdecURL *url;
 
   if (swfdec_url_path_is_relative (load->url)) {
-    swfdec_load_object_load (player, TRUE, load);
+    swfdec_load_object_load (player, 
+	load->sandbox->type != SWFDEC_SANDBOX_LOCAL_NETWORK, load);
     return;
   }
-  /* FIXME: or is this relative to the player? */
   url = swfdec_player_create_url (player, load->url);
   if (url == NULL) {
     swfdec_load_object_load (player, FALSE, load);
@@ -196,7 +201,7 @@ swfdec_load_object_request (gpointer objectp, gpointer playerp)
     case SWFDEC_SANDBOX_LOCAL_NETWORK:
     case SWFDEC_SANDBOX_LOCAL_TRUSTED:
       if (swfdec_url_is_local (url)) {
-	swfdec_load_object_load (player, swfdec_url_is_local (url), load);
+	swfdec_load_object_load (player, load->sandbox->type == SWFDEC_SANDBOX_LOCAL_TRUSTED, load);
       } else {
 	SwfdecURL *load_url = swfdec_url_new_components (
 	    swfdec_url_get_protocol (url), swfdec_url_get_host (url), 
