gnu: icecat: Add fix for CVE-2015-4495.

* gnu/packages/patches/icecat-CVE-2015-4495.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patch. Move the 'patches' field above the snippet.
2015-08-07 23:06:02 -04:00 · 2015-08-07 23:06:02 -04:00 · a5e55dfbb7
parent ff6f33cf80
commit a5e55dfbb7
3 changed files with 34 additions and 4 deletions
--- a/gnu-system.am
+++ b/gnu-system.am
@ -483,6 +483,7 @@ dist_patch_DATA =						\
  gnu/packages/patches/hwloc-gather-topology-lstopo.patch	\
  gnu/packages/patches/hydra-automake-1.15.patch		\
  gnu/packages/patches/hydra-disable-darcs-test.patch		\
+  gnu/packages/patches/icecat-CVE-2015-4495.patch		\
  gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \
  gnu/packages/patches/icecat-freetype-2.6.patch		\
  gnu/packages/patches/icecat-libvpx-1.4.patch			\
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@ -240,6 +240,10 @@ standards.")
      (sha256
       (base32
        "11wx29mb5pcg4mgk07a6vjwh52ca90k0x4m9wv0v3y5dmp88f01p"))
+      (patches (map search-patch '("icecat-CVE-2015-4495.patch"
+                                   "icecat-enable-acceleration-and-webgl.patch"
+                                   "icecat-freetype-2.6.patch"
+                                   "icecat-libvpx-1.4.patch")))
      (modules '((guix build utils)))
      (snippet
       '(begin
@ -277,10 +281,7 @@ standards.")
                      "gfx/cairo"
                      "js/src/ctypes/libffi"
                      "db/sqlite3"))
-          #t))
-      (patches (map search-patch '("icecat-enable-acceleration-and-webgl.patch"
-                                   "icecat-freetype-2.6.patch"
-                                   "icecat-libvpx-1.4.patch")))))
+          #t))))
    (build-system gnu-build-system)
    (inputs
     `(("alsa-lib" ,alsa-lib)
--- a/gnu/packages/patches/icecat-CVE-2015-4495.patch
+++ b/gnu/packages/patches/icecat-CVE-2015-4495.patch
@ -0,0 +1,28 @@
+Backported from upstream commits labelled "Bug 1178058" from the esr38 branch
+by Boris Zbarsky <bzbarsky@mit.edu> and Bobby Holley <bobbyholley@gmail.com>.
+
+--- icecat-31.8.0/docshell/base/nsDocShell.cpp
+++ icecat-31.8.0/docshell/base/nsDocShell.cpp
+@@ -1546,12 +1546,21 @@
+ 
+     if (owner && mItemType != typeChrome) {
+         nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
+-        if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) {
+        if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
+             if (ownerIsExplicit) {
+                 return NS_ERROR_DOM_SECURITY_ERR;
+             }
+             owner = nullptr;
+             inheritOwner = true;
+        } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) {
+            if (ownerIsExplicit) {
+                return NS_ERROR_DOM_SECURITY_ERR;
+            }
+            // Don't inherit from the current page.  Just do the safe thing
+            // and pretend that we were loaded by a nullprincipal.
+            owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
+            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
+            inheritOwner = false;
+         }
+     }
+     if (!owner && !inheritOwner && !ownerIsExplicit) {