diff options
Diffstat (limited to 'meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch')
-rw-r--r-- | meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch new file mode 100644 index 0000000000..af1e20bd8f --- /dev/null +++ b/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Catanzaro <mcatanzaro@redhat.com> | ||
3 | Date: Fri, 3 Feb 2023 13:07:15 -0600 | ||
4 | Subject: [PATCH] Don't autofill passwords in sandboxed contexts | ||
5 | |||
6 | If using the sandbox CSP or iframe tag, the web content is supposed to | ||
7 | be not trusted by the main resource origin. Therefore, we'd better | ||
8 | disable the password manager entirely so the untrusted web content | ||
9 | cannot exfiltrate passwords. | ||
10 | |||
11 | https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x | ||
12 | |||
13 | Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275> | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | [https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd] | ||
17 | CVE: CVE-2023-26081 | ||
18 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
19 | --- | ||
20 | .../resources/js/ephy.js | 26 +++++++++++++++++++ | ||
21 | 1 file changed, 26 insertions(+) | ||
22 | |||
23 | diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js | ||
24 | index 38b806f..44d1792 100644 | ||
25 | --- a/embed/web-process-extension/resources/js/ephy.js | ||
26 | +++ b/embed/web-process-extension/resources/js/ephy.js | ||
27 | @@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function() | ||
28 | } | ||
29 | }; | ||
30 | |||
31 | +Ephy.isSandboxedWebContent = function() | ||
32 | +{ | ||
33 | + // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x | ||
34 | + return self.origin === null || self.origin === 'null'; | ||
35 | +}; | ||
36 | + | ||
37 | Ephy.PasswordManager = class PasswordManager | ||
38 | { | ||
39 | constructor(pageID, frameID) | ||
40 | @@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager | ||
41 | |||
42 | query(origin, targetOrigin, username, usernameField, passwordField) | ||
43 | { | ||
44 | + if (Ephy.isSandboxedWebContent()) { | ||
45 | + Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`); | ||
46 | + return Promise.resolve(null); | ||
47 | + } | ||
48 | + | ||
49 | Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`); | ||
50 | |||
51 | return new Promise((resolver, reject) => { | ||
52 | @@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager | ||
53 | |||
54 | save(origin, targetOrigin, username, password, usernameField, passwordField, isNew) | ||
55 | { | ||
56 | + if (Ephy.isSandboxedWebContent()) { | ||
57 | + Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`); | ||
58 | + return; | ||
59 | + } | ||
60 | + | ||
61 | Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); | ||
62 | |||
63 | window.webkit.messageHandlers.passwordManagerSave.postMessage({ | ||
64 | @@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager | ||
65 | // FIXME: Why is pageID a parameter here? | ||
66 | requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID) | ||
67 | { | ||
68 | + if (Ephy.isSandboxedWebContent()) { | ||
69 | + Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`); | ||
70 | + return; | ||
71 | + } | ||
72 | + | ||
73 | Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`); | ||
74 | |||
75 | window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({ | ||
76 | @@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager | ||
77 | |||
78 | queryUsernames(origin) | ||
79 | { | ||
80 | + if (Ephy.isSandboxedWebContent()) { | ||
81 | + Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`); | ||
82 | + return Promise.resolve(null); | ||
83 | + } | ||
84 | + | ||
85 | Ephy.log(`Requesting usernames for origin=${origin}`); | ||
86 | |||
87 | return new Promise((resolver, reject) => { | ||
88 | -- | ||
89 | 2.35.5 | ||
90 | |||