diff options
| author | Mark H Weaver <mhw@netris.org> | 2020-05-05 17:07:29 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2020-05-06 02:27:35 -0400 |
| commit | c26146881ac826ec0f1a49d86bfe874be8d355e6 (patch) | |
| tree | b58f317f938837c8600f097d52b7bd67f42c628f /gnu/packages/patches | |
| parent | ef0cb0dd1d05efcfd3dba082a126eb75e8443485 (diff) | |
| download | guix-c26146881ac826ec0f1a49d86bfe874be8d355e6.tar.gz | |
gnu: icecat: Update to 68.8.0-guix0-preview1 [security fixes].
Includes fixes for CVE-2020-6831, CVE-2020-12387, CVE-2020-12388, CVE-2020-12389, CVE-2020-12392, CVE-2020-12393, and CVE-2020-12395. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Update gnuzilla commit, base version, and hashes. Apply icecat-use-older-reveal-hidden-html.patch. * gnu/packages/patches/icecat-makeicecat.patch: Adapt to new version. * gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/icecat-makeicecat.patch | 4 | ||||
| -rw-r--r-- | gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch | 70 |
2 files changed, 72 insertions, 2 deletions
diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch index c2c59ec855..2978a5789e 100644 --- a/gnu/packages/patches/icecat-makeicecat.patch +++ b/gnu/packages/patches/icecat-makeicecat.patch @@ -25,7 +25,7 @@ index 8be2362..48716f2 100755 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc -gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc --echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +-echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - - -echo Extracting Firefox tarball -tar -xf firefox-${FFVERSION}esr.source.tar.xz @@ -37,7 +37,7 @@ index 8be2362..48716f2 100755 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc +# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc -+# echo -n ad3ea069c3d23aab360ad04ff4d0f5e556d3538f7dd4eae0690c4e9241537570 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - ++# echo -n fa5b2266d225878d4b35694678f79fd7e7a6d3c62759a40326129bd90f63e842 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +# +# echo Extracting Firefox tarball +# tar -xf firefox-${FFVERSION}esr.source.tar.xz diff --git a/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch b/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch new file mode 100644 index 0000000000..228adc23f1 --- /dev/null +++ b/gnu/packages/patches/icecat-use-older-reveal-hidden-html.patch @@ -0,0 +1,70 @@ +From 2e8618d22568b6e00892a17303d437dd700eca98 Mon Sep 17 00:00:00 2001 +From: Mark H Weaver <mhw@netris.org> +Date: Tue, 5 May 2020 21:27:41 -0400 +Subject: [PATCH] Revert "Update Reveal hidden HTML." + +I prefer the user interface of the old version. + +This reverts commit f6e3adb6b2344ee2c7bb453a305fd2d6fb4c194c. +--- + .../passive_improve_css.js | 23 ++++++++++++++----- + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js +index 7692990..ca57982 100644 +--- a/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js ++++ b/data/extensions/SubmitMe@0xbeef.coffee/passive_improve_css.js +@@ -10,6 +10,8 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI + */ + + ++var bad = []; ++ + function escapeHTML (unsafe_str) { + return unsafe_str + .replace(/&/g, '&') +@@ -20,9 +22,14 @@ function escapeHTML (unsafe_str) { + .replace(/\//g, '/') + } + ++function dounhide(){ ++ for(var i = 0; i < bad.length; i++){ ++ bad[i].remove(); ++ } ++} ++ + console.log("passive_improve_css.js"); + function reveal_css(){ +- var bad = []; + + var elements = document.getElementsByTagName("style"); + for(var i = 0; i < elements.length; i++){ +@@ -41,16 +48,20 @@ function reveal_css(){ + + } + } +- if(bad.length > 0 && window.confirm("Hidden HTML detected, would you like to reveal it?")){ +- for(var i = 0; i < bad.length; i++){ +- bad[i].remove(); +- } ++ if(bad.length > 0){ ++ const insertedDiv = document.createElement('div'); ++ insertedDiv.innerHTML= '<p id="unhide" class="button white" style="text-decoration:none!important; color:#000!important; font-size:1em !important; font-family:\'sans-serif\'!important; font-weight:normal !important; background-color:transparent!important; margin:0!important; padding:0!important; font-size:10px!important; line-height:1!important"' + ++ 'alt="Click to reveal hidden elements in this page">' + ++ '<span>Reveal hidden elements</span>' + ++ '</a>'; ++ insertedDiv.style="position:fixed; bottom:1em; right:1em; opacity:0.8; z-index: 2147483647 !important; border-radius: 3px !important; background-color: #fff !important; padding: 0.5em !important; box-shadow: 0 0 3px grey !important; font-color:#bbb!important; cursor: pointer!important;"; ++ insertedDiv.addEventListener("click", dounhide, false); ++ document.body.insertBefore(insertedDiv, document.body.firstChild); + } + } + + reveal_css(); + +- + /* + var a = document.getElementsByTagName("style")[2]; + var btn = document.createElement("style"); // Create a <button> element +-- +2.26.2 + |