diff --git a/CVE-2022-29536.patch b/CVE-2022-29536.patch new file mode 100644 index 0000000..85d7b0c --- /dev/null +++ b/CVE-2022-29536.patch @@ -0,0 +1,42 @@ +From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 15 Apr 2022 18:09:46 -0500 +Subject: [PATCH] Fix memory corruption in ephy_string_shorten() + +This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228. + +I got my browser stuck in a crash loop today while visiting a website +with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only +condition in which ephy_string_shorten() is ever used. Turns out this +commit is wrong: an ellipses is a multibyte character (three bytes in +UTF-8) and so we're writing past the end of the buffer when calling +strcat() here. Ooops. + +Shame it took nearly four years to notice and correct this. + +Part-of: +--- + lib/ephy-string.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/lib/ephy-string.c b/lib/ephy-string.c +index 35a148ab3..8e524d52c 100644 +--- a/lib/ephy-string.c ++++ b/lib/ephy-string.c +@@ -114,11 +114,10 @@ ephy_string_shorten (char *str, + /* create string */ + bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str); + +- /* +1 for ellipsis, +1 for trailing NUL */ +- new_str = g_new (gchar, bytes + 1 + 1); ++ new_str = g_new (gchar, bytes + strlen ("…") + 1); + + strncpy (new_str, str, bytes); +- strcat (new_str, "…"); ++ strncpy (new_str + bytes, "…", strlen ("…") + 1); + + g_free (str); + +-- +GitLab + diff --git a/epiphany-3.38.5.tar.xz b/epiphany-3.38.5.tar.xz deleted file mode 100644 index e8b6d51..0000000 Binary files a/epiphany-3.38.5.tar.xz and /dev/null differ diff --git a/epiphany-40.6.tar.xz b/epiphany-40.6.tar.xz new file mode 100644 index 0000000..69dd8d3 Binary files /dev/null and b/epiphany-40.6.tar.xz differ diff --git a/epiphany-dont-make-compulsory.patch b/epiphany-dont-make-compulsory.patch deleted file mode 100644 index c26b588..0000000 --- a/epiphany-dont-make-compulsory.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Jeremy Bicha -Date: Sun, 18 Feb 2018 15:24:30 -0500 -Subject: Since Epiphany is not our default browser, - -allow users to uninstall it using the GNOME Software app ---- - data/org.gnome.Epiphany.appdata.xml.in.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/data/org.gnome.Epiphany.appdata.xml.in.in b/data/org.gnome.Epiphany.appdata.xml.in.in -index 220d9bd..f8bf74b 100644 ---- a/data/org.gnome.Epiphany.appdata.xml.in.in -+++ b/data/org.gnome.Epiphany.appdata.xml.in.in -@@ -32,7 +32,6 @@ - UserDocs - - GNOME -- GNOME - GPL-3.0+ - The GNOME Project - https://gitlab.gnome.org/GNOME/epiphany/issues diff --git a/epiphany.spec b/epiphany.spec index 5c1b971..8d5df44 100644 --- a/epiphany.spec +++ b/epiphany.spec @@ -1,16 +1,17 @@ -%global glib2_version 2.61.2 +%global glib2_version 2.64.0 %global gtk3_version 3.24.0 -%global webkit2gtk3_version 2.27.3 +%global webkit2gtk3_version 2.31.1 Name: epiphany Epoch: 1 -Version: 3.38.5 -Release: 2 +Version: 40.6 +Release: 1 Summary: Web browser for GNOME License: GPL-3.0+ and LGPL-2.1 and MIT and GPL+ and ISC URL: https://wiki.gnome.org/Apps/Web -Source0: https://download.gnome.org/sources/epiphany/3.38/%{name}-%{version}.tar.xz +Source0: https://download.gnome.org/sources/epiphany/40/%{name}-%{version}.tar.xz Patch0: epiphany-default-bookmarks-openeuler.patch -Patch1: epiphany-dont-make-compulsory.patch +# https://gitlab.gnome.org/GNOME/epiphany/-/issues/1766 +Patch1: CVE-2022-29536.patch BuildRequires: desktop-file-utils gcc gettext-devel iso-codes-devel itstool BuildRequires: libappstream-glib-devel meson pkgconfig(cairo) pkgconfig(evince-document-3.0) @@ -94,6 +95,9 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop %config(noreplace)%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %changelog +* Fri May 6 2022 yaoxin - 40.6-1 +- Update to 40.6 for fix CVE-2021-45085-to-CVE-2021-45088 and add patch for CVE-2022-29536 + * Fri Sep 10 2021 lingsheng - 3.38.5-2 - Delete rpath setting