From: Siddharth Doshi <[email protected]>
Upstream-Status: Backport from
[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
Signed-off-by: Siddharth Doshi <[email protected]>
---
meta/recipes-gnome/epiphany/epiphany_42.4.bb | 1 +
.../epiphany/files/CVE-2023-26081.patch | 90 +++++++++++++++++++
2 files changed, 91 insertions(+)
create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
diff --git a/meta/recipes-gnome/epiphany/epiphany_42.4.bb
b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
index 9efd2800da..98923a3bdc 100644
--- a/meta/recipes-gnome/epiphany/epiphany_42.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_42.4.bb
@@ -27,6 +27,7 @@ SRC_URI =
"${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
file://migrator.patch \
file://distributor.patch \
+ file://CVE-2023-26081.patch \
"
SRC_URI[archive.sha256sum] =
"370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
new file mode 100644
index 0000000000..af1e20bd8f
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
@@ -0,0 +1,90 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <[email protected]>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
+CVE: CVE-2023-26081
+Signed-off-by: Siddharth Doshi <[email protected]>
+---
+ .../resources/js/ephy.js | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js
b/embed/web-process-extension/resources/js/ephy.js
+index 38b806f..44d1792 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
+ }
+ };
+
++Ephy.isSandboxedWebContent = function()
++{
++ //
https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++ return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+ constructor(pageID, frameID)
+@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ query(origin, targetOrigin, username, usernameField, passwordField)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying passwords for origin=${origin} because web
content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Querying passwords for origin=${origin},
targetOrigin=${targetOrigin}, username=${username},
usernameField=${usernameField}, passwordField=${passwordField}`);
+
+ return new Promise((resolver, reject) => {
+@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ save(origin, targetOrigin, username, password, usernameField,
passwordField, isNew)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not saving password for origin=${origin} because web
content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Saving password for origin=${origin},
targetOrigin=${targetOrigin}, username=${username},
usernameField=${usernameField}, passwordField=${passwordField},
isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
+ // FIXME: Why is pageID a parameter here?
+ requestSave(origin, targetOrigin, username, password, usernameField,
passwordField, isNew, pageID)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not requesting to save password for origin=${origin}
because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Requesting to save password for origin=${origin},
targetOrigin=${targetOrigin}, username=${username},
usernameField=${usernameField}, passwordField=${passwordField},
isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ queryUsernames(origin)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying usernames for origin=${origin} because web
content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Requesting usernames for origin=${origin}`);
+
+ return new Promise((resolver, reject) => {
+--
+2.35.5
+
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178081):
https://lists.openembedded.org/g/openembedded-core/message/178081
Mute This Topic: https://lists.openembedded.org/mt/97430991/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
