diff options
Diffstat (limited to 'meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch')
-rw-r--r-- | meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch new file mode 100644 index 0000000000..af1e20bd8f --- /dev/null +++ b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch @@ -0,0 +1,90 @@ +From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Fri, 3 Feb 2023 13:07:15 -0600 +Subject: [PATCH] Don't autofill passwords in sandboxed contexts + +If using the sandbox CSP or iframe tag, the web content is supposed to +be not trusted by the main resource origin. Therefore, we'd better +disable the password manager entirely so the untrusted web content +cannot exfiltrate passwords. + +https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x + +Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275> + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd] +CVE: CVE-2023-26081 +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + .../resources/js/ephy.js | 26 +++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js +index 38b806f..44d1792 100644 +--- a/embed/web-process-extension/resources/js/ephy.js ++++ b/embed/web-process-extension/resources/js/ephy.js +@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function() + } + }; + ++Ephy.isSandboxedWebContent = function() ++{ ++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x ++ return self.origin === null || self.origin === 'null'; ++}; ++ + Ephy.PasswordManager = class PasswordManager + { + constructor(pageID, frameID) +@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager + + query(origin, targetOrigin, username, usernameField, passwordField) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`); + + return new Promise((resolver, reject) => { +@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager + + save(origin, targetOrigin, username, password, usernameField, passwordField, isNew) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerSave.postMessage({ +@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager + // FIXME: Why is pageID a parameter here? + requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`); ++ return; ++ } ++ + Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); + + window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({ +@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager + + queryUsernames(origin) + { ++ if (Ephy.isSandboxedWebContent()) { ++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`); ++ return Promise.resolve(null); ++ } ++ + Ephy.log(`Requesting usernames for origin=${origin}`); + + return new Promise((resolver, reject) => { +-- +2.35.5 + |