guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: gnu: icecat: Update to 68.8.0-guix0-preview1 [sec


From: guix-commits
Subject: branch master updated: gnu: icecat: Update to 68.8.0-guix0-preview1 [security fixes].
Date: Wed, 06 May 2020 02:31:42 -0400

This is an automated email from the git hooks/post-receive script.

mhw pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new c261468  gnu: icecat: Update to 68.8.0-guix0-preview1 [security fixes].
c261468 is described below

commit c26146881ac826ec0f1a49d86bfe874be8d355e6
Author: Mark H Weaver <address@hidden>
AuthorDate: Tue May 5 17:07:29 2020 -0400

    gnu: icecat: Update to 68.8.0-guix0-preview1 [security fixes].
    
    Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388,
    CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395.
    
    * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update.
    (icecat-source): Update gnuzilla commit, base version, and hashes.
    Apply icecat-use-older-reveal-hidden-html.patch.
    * gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version.
    * gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |  3 +-
 gnu/packages/gnuzilla.scm                          | 18 +++---
 gnu/packages/patches/icecat-makeicecat.patch       |  4 +-
 .../icecat-use-older-reveal-hidden-html.patch      | 70 ++++++++++++++++++++++
 4 files changed, 85 insertions(+), 10 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 4e0521b..fafc92c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2,7 +2,7 @@
 # Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic 
Courtès <address@hidden>
 # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Andreas Enge 
<address@hidden>
 # Copyright © 2016 Mathieu Lirzin <address@hidden>
-# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver 
<address@hidden>
+# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Mark H Weaver 
<address@hidden>
 # Copyright © 2016 Chris Marusich <address@hidden>
 # Copyright © 2016, 2017, 2018 Kei Kebreau <address@hidden>
 # Copyright © 2016, 2017 Rene Saavedra <address@hidden>
@@ -1057,6 +1057,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/hydra-disable-darcs-test.patch          \
   %D%/packages/patches/icecat-makeicecat.patch                 \
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch    \
+  %D%/packages/patches/icecat-use-older-reveal-hidden-html.patch       \
   %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch      \
   %D%/packages/patches/icecat-use-system-media-libs.patch      \
   %D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch  \
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 06d855e..7020879 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -554,8 +554,8 @@ from forcing GEXP-PROMISE."
                       #:system system
                       #:guile-for-build guile)))
 
-(define %icecat-version "68.7.0-guix0-preview1")
-(define %icecat-build-id "20200406000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-version "68.8.0-guix0-preview1")
+(define %icecat-build-id "20200505000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -577,11 +577,11 @@ from forcing GEXP-PROMISE."
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "0w3mad0r4khcd7hfmm3xix9x6mp5yp8g8kyh18vanfnjqdls0gmd"))))
+              "0hp8cc7xk6qj4q1s8n97qv9sdrypkzvphik96m5qv1r5s9k24nzs"))))
 
-         (upstream-icecat-base-version "68.7.0") ; maybe older than 
base-version
+         (upstream-icecat-base-version "68.8.0") ; maybe older than 
base-version
          ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version))
-         (gnuzilla-commit "d185c5a67506311e19440fd4b824a822ce840369")
+         (gnuzilla-commit "5358ff2963a6136f8acafdc598cad540231ad23e")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -593,10 +593,12 @@ from forcing GEXP-PROMISE."
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "09skws692qv5kbhj8bvy3prj7v0iyfz68xjck4vbfxkahldfppqx"))))
+              "1bq0qzgkxz9q61g48bc05i0zx1z8k0pklxnmn54ch136aqgsyli4"))))
 
          (makeicecat-patch
-          (local-file (search-patch "icecat-makeicecat.patch"))))
+          (local-file (search-patch "icecat-makeicecat.patch")))
+         (gnuzilla-fixes-patch
+          (local-file (search-patch 
"icecat-use-older-reveal-hidden-html.patch"))))
 
     (origin
       (method computed-origin-method)
@@ -642,6 +644,8 @@ from forcing GEXP-PROMISE."
                   (make-file-writable "makeicecat")
                   (invoke "patch" "--force" "--no-backup-if-mismatch"
                           "-p1" "--input" #+makeicecat-patch)
+                  (invoke "patch" "--force" "--no-backup-if-mismatch"
+                          "-p1" "--input" #+gnuzilla-fixes-patch)
                   (patch-shebang "makeicecat")
                   (substitute* "makeicecat"
                     (("^FFMAJOR=(.*)" all ffmajor)
diff --git a/gnu/packages/patches/icecat-makeicecat.patch 
b/gnu/packages/patches/icecat-makeicecat.patch
index c2c59ec..2978a57 100644
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -25,7 +25,7 @@ index 8be2362..48716f2 100755
 -wget -N 
https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 -gpg --recv-keys --keyserver keyserver.ubuntu.com 
14F26682D0916CDD81E37B6D61B7B526D98F0353
 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
--echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 
firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
+-echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 
firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 -
 -echo Extracting Firefox tarball
 -tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -37,7 +37,7 @@ index 8be2362..48716f2 100755
 +# wget -N 
https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 +# gpg --recv-keys --keyserver keyserver.ubuntu.com 
14F26682D0916CDD81E37B6D61B7B526D98F0353
 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
-+# echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 
firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
++# echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 
firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 +# 
 +# echo Extracting Firefox tarball
 +# tar -xf firefox-${FFVERSION}esr.source.tar.xz
diff --git a/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch 
b/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch
new file mode 100644
index 0000000..228adc2
--- /dev/null
+++ b/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch
@@ -0,0 +1,70 @@
+From 2e8618d22568b6e00892a17303d437dd700eca98 Mon Sep 17 00:00:00 2001
+From: Mark H Weaver <address@hidden>
+Date: Tue, 5 May 2020 21:27:41 -0400
+Subject: [PATCH] Revert "Update Reveal hidden HTML."
+
+I prefer the user interface of the old version.
+
+This reverts commit f6e3adb6b2344ee2c7bb453a305fd2d6fb4c194c.
+---
+ .../passive_improve_css.js                    | 23 ++++++++++++++-----
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js 
b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
+index 7692990..ca57982 100644
+--- a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
++++ b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js
+@@ -10,6 +10,8 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 
KIND, EXPRESS OR IMPLI
+ */
+ 
+ 
++var bad = [];
++
+ function escapeHTML (unsafe_str) {
+     return unsafe_str
+       .replace(/&/g, '&amp;')
+@@ -20,9 +22,14 @@ function escapeHTML (unsafe_str) {
+       .replace(/\//g, '&#x2F;')
+ }
+ 
++function dounhide(){
++        for(var i = 0; i < bad.length; i++){
++                        bad[i].remove();
++                }
++}
++
+ console.log("passive_improve_css.js");
+ function reveal_css(){
+-      var bad = [];
+ 
+       var elements = document.getElementsByTagName("style");
+       for(var i = 0; i < elements.length; i++){
+@@ -41,16 +48,20 @@ function reveal_css(){
+ 
+               }
+       }
+-      if(bad.length > 0 && window.confirm("Hidden HTML detected, would you 
like to reveal it?")){
+-              for(var i = 0; i < bad.length; i++){
+-                      bad[i].remove();
+-              }
++      if(bad.length > 0){
++              const insertedDiv = document.createElement('div');
++              insertedDiv.innerHTML= '<p id="unhide" class="button white" 
style="text-decoration:none!important; color:#000!important;  font-size:1em 
!important; font-family:\'sans-serif\'!important; font-weight:normal 
!important; background-color:transparent!important; margin:0!important; 
padding:0!important; font-size:10px!important; line-height:1!important"' +
++                      'alt="Click to reveal hidden elements in this page">' +
++                      '<span>Reveal hidden elements</span>' +
++                      '</a>';
++              insertedDiv.style="position:fixed; bottom:1em; right:1em; 
opacity:0.8; z-index: 2147483647 !important; border-radius: 3px !important; 
background-color: #fff !important; padding: 0.5em !important;   box-shadow: 0 0 
3px grey !important; font-color:#bbb!important; cursor: pointer!important;";
++              insertedDiv.addEventListener("click", dounhide, false);
++              document.body.insertBefore(insertedDiv, 
document.body.firstChild);
+       }
+ }
+ 
+ reveal_css();
+ 
+-
+ /*
+ var a = document.getElementsByTagName("style")[2];
+ var btn = document.createElement("style");        // Create a <button> element
+-- 
+2.26.2
+



reply via email to

[Prev in Thread] Current Thread [Next in Thread]