~ruther/guix-local

a5e55dfbb7318f8c79e9d56f8c8dcd5b20566efb — Mark H Weaver 10 years ago ff6f33c 
gnu: icecat: Add fix for CVE-2015-4495.

* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patch.  Move the 'patches'
  field above the snippet.
patch browse .tar.gz 
3 files changed, 34 insertions(+), 4 deletions(-)

M gnu-system.am
M gnu/packages/gnuzilla.scm
A gnu/packages/patches/icecat-CVE-2015-4495.patch

M gnu-system.am => gnu-system.am +1 -0
@@ 483,6 483,7 @@ dist_patch_DATA =						\
  gnu/packages/patches/hwloc-gather-topology-lstopo.patch	\
  gnu/packages/patches/hydra-automake-1.15.patch		\
  gnu/packages/patches/hydra-disable-darcs-test.patch		\
  gnu/packages/patches/icecat-CVE-2015-4495.patch		\
  gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \
  gnu/packages/patches/icecat-freetype-2.6.patch		\
  gnu/packages/patches/icecat-libvpx-1.4.patch			\


M gnu/packages/gnuzilla.scm => gnu/packages/gnuzilla.scm +5 -4
@@ 240,6 240,10 @@ standards.")
      (sha256
       (base32
        "11wx29mb5pcg4mgk07a6vjwh52ca90k0x4m9wv0v3y5dmp88f01p"))
      (patches (map search-patch '("icecat-CVE-2015-4495.patch"
                                   "icecat-enable-acceleration-and-webgl.patch"
                                   "icecat-freetype-2.6.patch"
                                   "icecat-libvpx-1.4.patch")))
      (modules '((guix build utils)))
      (snippet
       '(begin


@@ 277,10 281,7 @@ standards.")
                      "gfx/cairo"
                      "js/src/ctypes/libffi"
                      "db/sqlite3"))
          #t))
      (patches (map search-patch '("icecat-enable-acceleration-and-webgl.patch"
                                   "icecat-freetype-2.6.patch"
                                   "icecat-libvpx-1.4.patch")))))
          #t))))
    (build-system gnu-build-system)
    (inputs
     `(("alsa-lib" ,alsa-lib)


A gnu/packages/patches/icecat-CVE-2015-4495.patch => gnu/packages/patches/icecat-CVE-2015-4495.patch +28 -0
@@ 0,0 1,28 @@
Backported from upstream commits labelled "Bug 1178058" from the esr38 branch
by Boris Zbarsky <bzbarsky@mit.edu> and Bobby Holley <bobbyholley@gmail.com>.

--- icecat-31.8.0/docshell/base/nsDocShell.cpp
+++ icecat-31.8.0/docshell/base/nsDocShell.cpp
@@ -1546,12 +1546,21 @@
 
     if (owner && mItemType != typeChrome) {
         nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
-        if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) {
+        if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
             if (ownerIsExplicit) {
                 return NS_ERROR_DOM_SECURITY_ERR;
             }
             owner = nullptr;
             inheritOwner = true;
+        } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) {
+            if (ownerIsExplicit) {
+                return NS_ERROR_DOM_SECURITY_ERR;
+            }
+            // Don't inherit from the current page.  Just do the safe thing
+            // and pretend that we were loaded by a nullprincipal.
+            owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
+            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
+            inheritOwner = false;
         }
     }
     if (!owner && !inheritOwner && !ownerIsExplicit) {