diff options
| -rw-r--r-- | gnu-system.am | 1 | ||||
| -rw-r--r-- | gnu/packages/gnuzilla.scm | 9 | ||||
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-4495.patch | 28 |
3 files changed, 34 insertions, 4 deletions
diff --git a/gnu-system.am b/gnu-system.am index 1946ee2a65..43ea021536 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -483,6 +483,7 @@ dist_patch_DATA = \ gnu/packages/patches/hwloc-gather-topology-lstopo.patch \ gnu/packages/patches/hydra-automake-1.15.patch \ gnu/packages/patches/hydra-disable-darcs-test.patch \ + gnu/packages/patches/icecat-CVE-2015-4495.patch \ gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \ gnu/packages/patches/icecat-freetype-2.6.patch \ gnu/packages/patches/icecat-libvpx-1.4.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index dfa1d5d8a4..0200039f5c 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -240,6 +240,10 @@ standards.") (sha256 (base32 "11wx29mb5pcg4mgk07a6vjwh52ca90k0x4m9wv0v3y5dmp88f01p")) + (patches (map search-patch '("icecat-CVE-2015-4495.patch" + "icecat-enable-acceleration-and-webgl.patch" + "icecat-freetype-2.6.patch" + "icecat-libvpx-1.4.patch"))) (modules '((guix build utils))) (snippet '(begin @@ -277,10 +281,7 @@ standards.") "gfx/cairo" "js/src/ctypes/libffi" "db/sqlite3")) - #t)) - (patches (map search-patch '("icecat-enable-acceleration-and-webgl.patch" - "icecat-freetype-2.6.patch" - "icecat-libvpx-1.4.patch"))))) + #t)))) (build-system gnu-build-system) (inputs `(("alsa-lib" ,alsa-lib) diff --git a/gnu/packages/patches/icecat-CVE-2015-4495.patch b/gnu/packages/patches/icecat-CVE-2015-4495.patch new file mode 100644 index 0000000000..e7514d9a5e --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-4495.patch @@ -0,0 +1,28 @@ +Backported from upstream commits labelled "Bug 1178058" from the esr38 branch +by Boris Zbarsky <bzbarsky@mit.edu> and Bobby Holley <bobbyholley@gmail.com>. + +--- icecat-31.8.0/docshell/base/nsDocShell.cpp ++++ icecat-31.8.0/docshell/base/nsDocShell.cpp +@@ -1546,12 +1546,21 @@ + + if (owner && mItemType != typeChrome) { + nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner); +- if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) { ++ if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) { + if (ownerIsExplicit) { + return NS_ERROR_DOM_SECURITY_ERR; + } + owner = nullptr; + inheritOwner = true; ++ } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) { ++ if (ownerIsExplicit) { ++ return NS_ERROR_DOM_SECURITY_ERR; ++ } ++ // Don't inherit from the current page. Just do the safe thing ++ // and pretend that we were loaded by a nullprincipal. ++ owner = do_CreateInstance("@mozilla.org/nullprincipal;1"); ++ NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE); ++ inheritOwner = false; + } + } + if (!owner && !inheritOwner && !ownerIsExplicit) { |