me
/
guix
Archived
1
0
Fork 0
Code

gnu: icecat: Update to 68.8.0-guix0-preview1 [security fixes]. 

Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388,
CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395.

* gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
Apply icecat-use-older-reveal-hidden-html.patch.
* gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
* gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
master
Mark H Weaver 2020-05-05 17:07:29 -04:00
parent ef0cb0dd1d
commit c26146881a
No known key found for this signature in database
GPG Key ID: 7CEF29847562C516
4 changed files with 85 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnu/local.mk
View File

@ -2,7 +2,7 @@
# Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Andreas Enge <andreas@enge.fr>
# Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver <mhw@netris.org>
# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Mark H Weaver <mhw@netris.org>
# Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2016, 2017, 2018 Kei Kebreau <kkebreau@posteo.net>
# Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
@ -1057,6 +1057,7 @@ dist_patch_DATA = \
%D%/packages/patches/hydra-disable-darcs-test.patch \
%D%/packages/patches/icecat-makeicecat.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icecat-use-older-reveal-hidden-html.patch \
%D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \
%D%/packages/patches/icecat-use-system-media-libs.patch \
%D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch \

18
gnu/packages/gnuzilla.scm
View File

@ -554,8 +554,8 @@ from forcing GEXP-PROMISE."
#:system system
#:guile-for-build guile)))
(define %icecat-version "68.7.0-guix0-preview1")
(define %icecat-build-id "20200406000000") ;must be of the form YYYYMMDDhhmmss
(define %icecat-version "68.8.0-guix0-preview1")
(define %icecat-build-id "20200505000000") ;must be of the form YYYYMMDDhhmmss
;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@ -577,11 +577,11 @@ from forcing GEXP-PROMISE."
"firefox-" upstream-firefox-version ".source.tar.xz"))
(sha256
(base32
"0w3mad0r4khcd7hfmm3xix9x6mp5yp8g8kyh18vanfnjqdls0gmd"))))
"0hp8cc7xk6qj4q1s8n97qv9sdrypkzvphik96m5qv1r5s9k24nzs"))))
(upstream-icecat-base-version "68.7.0") ; maybe older than base-version
(upstream-icecat-base-version "68.8.0") ; maybe older than base-version
;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
(gnuzilla-commit "d185c5a67506311e19440fd4b824a822ce840369")
(gnuzilla-commit "5358ff2963a6136f8acafdc598cad540231ad23e")
(gnuzilla-source
(origin
(method git-fetch)
@ -593,10 +593,12 @@ from forcing GEXP-PROMISE."
(string-take gnuzilla-commit 8)))
(sha256
(base32
"09skws692qv5kbhj8bvy3prj7v0iyfz68xjck4vbfxkahldfppqx"))))
"1bq0qzgkxz9q61g48bc05i0zx1z8k0pklxnmn54ch136aqgsyli4"))))
(makeicecat-patch
(local-file (search-patch "icecat-makeicecat.patch"))))
(local-file (search-patch "icecat-makeicecat.patch")))
(gnuzilla-fixes-patch
(local-file (search-patch "icecat-use-older-reveal-hidden-html.patch"))))
(origin
(method computed-origin-method)
@ -642,6 +644,8 @@ from forcing GEXP-PROMISE."
(make-file-writable "makeicecat")
(invoke "patch" "--force" "--no-backup-if-mismatch"
"-p1" "--input" #+makeicecat-patch)
(invoke "patch" "--force" "--no-backup-if-mismatch"
"-p1" "--input" #+gnuzilla-fixes-patch)
(patch-shebang "makeicecat")
(substitute* "makeicecat"
(("^FFMAJOR=(.*)" all ffmajor)

4
gnu/packages/patches/icecat-makeicecat.patch
View File

@ -25,7 +25,7 @@ index 8be2362..48716f2 100755
-wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
-gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
-gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
-echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
-echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
-
-echo Extracting Firefox tarball
-tar -xf firefox-${FFVERSION}esr.source.tar.xz
@ -37,7 +37,7 @@ index 8be2362..48716f2 100755
+# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
+# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353
+# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
+# echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+# echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+#
+# echo Extracting Firefox tarball
+# tar -xf firefox-${FFVERSION}esr.source.tar.xz

70
gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch 100644
View File

@ -0,0 +1,70 @@
From 2e8618d22568b6e00892a17303d437dd700eca98 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 5 May 2020 21:27:41 -0400
Subject: [PATCH] Revert "Update Reveal hidden HTML."
I prefer the user interface of the old version.
This reverts commit f6e3adb6b2344ee2c7bb453a305fd2d6fb4c194c.
---
.../passive_improve_css.js | 23 ++++++++++++++-----
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
index 7692990..ca57982 100644
--- a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
+++ b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
@@ -10,6 +10,8 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
*/
+var bad = [];
+
function escapeHTML (unsafe_str) {
return unsafe_str
.replace(/&/g, '&amp;')
@@ -20,9 +22,14 @@ function escapeHTML (unsafe_str) {
.replace(/\//g, '&#x2F;')
}
+function dounhide(){
+ for(var i = 0; i < bad.length; i++){
+ bad[i].remove();
+ }
+}
+
console.log("passive_improve_css.js");
function reveal_css(){
- var bad = [];
var elements = document.getElementsByTagName("style");
for(var i = 0; i < elements.length; i++){
@@ -41,16 +48,20 @@ function reveal_css(){
}
}
- if(bad.length > 0 && window.confirm("Hidden HTML detected, would you like to reveal it?")){
- for(var i = 0; i < bad.length; i++){
- bad[i].remove();
- }
+ if(bad.length > 0){
+ const insertedDiv = document.createElement('div');
+ insertedDiv.innerHTML= '<p id="unhide" class="button white" style="text-decoration:none!important; color:#000!important; font-size:1em !important; font-family:\'sans-serif\'!important; font-weight:normal !important; background-color:transparent!important; margin:0!important; padding:0!important; font-size:10px!important; line-height:1!important"' +
+ 'alt="Click to reveal hidden elements in this page">' +
+ '<span>Reveal hidden elements</span>' +
+ '</a>';
+ insertedDiv.style="position:fixed; bottom:1em; right:1em; opacity:0.8; z-index: 2147483647 !important; border-radius: 3px !important; background-color: #fff !important; padding: 0.5em !important; box-shadow: 0 0 3px grey !important; font-color:#bbb!important; cursor: pointer!important;";
+ insertedDiv.addEventListener("click", dounhide, false);
+ document.body.insertBefore(insertedDiv, document.body.firstChild);
}
}
reveal_css();
-
/*
var a = document.getElementsByTagName("style")[2];
var btn = document.createElement("style"); // Create a <button> element
--
2.26.2