!20 fix CVE-2023-26081

From: @HelloWorld_lvcongqing 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl

CVE-2022-29536.patch

@@ -0,0 +1,42 @@
+From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 15 Apr 2022 18:09:46 -0500
+Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
+
+This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228.
+
+I got my browser stuck in a crash loop today while visiting a website
+with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
+condition in which ephy_string_shorten() is ever used. Turns out this
+commit is wrong: an ellipses is a multibyte character (three bytes in
+UTF-8) and so we're writing past the end of the buffer when calling
+strcat() here. Ooops.
+
+Shame it took nearly four years to notice and correct this.
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
+---
+ lib/ephy-string.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ephy-string.c b/lib/ephy-string.c
+index 35a148ab3..8e524d52c 100644
+--- a/lib/ephy-string.c
++++ b/lib/ephy-string.c
+@@ -114,11 +114,10 @@ ephy_string_shorten (char  *str,
+   /* create string */
+   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
+ 
+-  /* +1 for ellipsis, +1 for trailing NUL */
+-  new_str = g_new (gchar, bytes + 1 + 1);
++  new_str = g_new (gchar, bytes + strlen ("…") + 1);
+ 
+   strncpy (new_str, str, bytes);
+-  strcat (new_str, "…");
++  strncpy (new_str + bytes, "…", strlen ("…") + 1);
+ 
+   g_free (str);
+ 
+-- 
+GitLab
+

CVE-2023-26081.patch

@@ -0,0 +1,85 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+---
+ .../resources/js/ephy.js                      | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
+index 6fccd3d94..d1c42adbc 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -354,6 +354,12 @@ Ephy.hasModifiedForms = function()
+     }
+ };
+ 
++Ephy.isSandboxedWebContent = function()
++{
++    // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++    return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+     constructor(pageID, frameID)
+@@ -387,6 +393,11 @@ Ephy.PasswordManager = class PasswordManager
+ 
+     query(origin, targetOrigin, username, usernameField, passwordField)
+     {
++        if (Ephy.isSandboxedWebContent()) {
++            Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
++            return Promise.resolve(null);
++        }
++
+         Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
+ 
+         return new Promise((resolver, reject) => {
+@@ -398,6 +409,11 @@ Ephy.PasswordManager = class PasswordManager
+ 
+     save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
+     {
++        if (Ephy.isSandboxedWebContent()) {
++            Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
++            return;
++        }
++
+         Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+ 
+         window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -409,6 +425,11 @@ Ephy.PasswordManager = class PasswordManager
+     // FIXME: Why is pageID a parameter here?
+     requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
+     {
++        if (Ephy.isSandboxedWebContent()) {
++            Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
++            return;
++        }
++
+         Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+ 
+         window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -428,6 +449,11 @@ Ephy.PasswordManager = class PasswordManager
+ 
+     queryUsernames(origin)
+     {
++        if (Ephy.isSandboxedWebContent()) {
++            Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
++            return Promise.resolve(null);
++        }
++
+         Ephy.log(`Requesting usernames for origin=${origin}`);
+ 
+         return new Promise((resolver, reject) => {
+-- 
+GitLab
+

epiphany-default-bookmarks-openeuler.patch

@@ -0,0 +1,20 @@
+diff -up epiphany-3.38.5/data/default-bookmarks.rdf.in.orig epiphany-3.38.5/data/default-bookmarks.rdf.in
+--- epiphany-3.38.5/data/default-bookmarks.rdf.in.orig	2021-06-04 22:38:08.004123000 +0800
++++ epiphany-3.38.5/data/default-bookmarks.rdf.in	2021-06-24 17:15:02.167045701 +0800
+@@ -6,6 +6,7 @@
+     <items>
+       <rdf:Seq>
+         <rdf:li rdf:resource="https://www.gnome.org/"/>
++        <rdf:li rdf:resource="https://openeuler.org/"/>
+       </rdf:Seq>
+     </items>
+   </channel>
+@@ -13,4 +14,8 @@
+     <title>GNOME</title>
+     <link>https://www.gnome.org/</link>
+   </item>
++  <item rdf:about="https://openeuler.org/">
++    <title>openEuler</title>
++    <link>https://openeuler.org/</link>
++  </item>
+ </rdf:RDF>

epiphany-default-bookmarks.patch

@@ -1,52 +0,0 @@
-From fd32feaeb87b10c65c20bb99ac1cbd6b03cc3a2d Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@igalia.com>
-Date: Thu, 12 May 2016 20:04:16 -0500
-Subject: [PATCH] Fedora bookmarks
-
----
- data/default-bookmarks.rdf.in | 25 +++++++++++++++++++++++++
- 1 file changed, 25 insertions(+)
-
-diff --git a/data/default-bookmarks.rdf.in b/data/default-bookmarks.rdf.in
-index 6c3440e..a0c08e1 100644
---- a/data/default-bookmarks.rdf.in
-+++ b/data/default-bookmarks.rdf.in
-@@ -7,5 +7,10 @@
-       <rdf:Seq>
-         <rdf:li rdf:resource="https://www.gnome.org/"/>
-+        <rdf:li rdf:resource="https://www.redhat.com/"/>
-+        <rdf:li rdf:resource="https://www.fedoraproject.org/"/>
-+        <rdf:li rdf:resource="https://fedoramagazine.org/"/>
-+        <rdf:li rdf:resource="https://ask.fedoraproject.org/"/>
-+        <rdf:li rdf:resource="https://docs.fedoraproject.org/"/>
-       </rdf:Seq>
-     </items>
-   </channel>
-@@ -18,4 +23,24 @@
-     <title>GNOME</title>
-     <link>https://www.gnome.org/</link>
-   </item>
-+  <item rdf:about="https://www.redhat.com/">
-+    <title>Red Hat</title>
-+    <link>https://www.redhat.com/</link>
-+  </item>
-+  <item rdf:about="https://www.fedoraproject.org/">
-+    <title>Fedora</title>
-+    <link>https://www.fedoraproject.org/</link>
-+  </item>
-+  <item rdf:about="https://fedoramagazine.org/">
-+    <title>Fedora Magazine</title>
-+    <link>https://fedoramagazine.org/</link>
-+  </item>
-+  <item rdf:about="https://ask.fedoraproject.org/">
-+    <title>Ask Fedora</title>
-+    <link>https://ask.fedoraproject.org/</link>
-+  </item>
-+  <item rdf:about="https://docs.fedoraproject.org/">
-+    <title>Fedora Documentation</title>
-+    <link>https://docs.fedoraproject.org/</link>
-+  </item>
- </rdf:RDF>
--- 
-2.7.4
-

epiphany-dont-make-compulsory.patch

@@ -1,21 +0,0 @@
-From: Jeremy Bicha <jbicha@debian.org>
-Date: Sun, 18 Feb 2018 15:24:30 -0500
-Subject: Since Epiphany is not our default browser,
-
-allow users to uninstall it using the GNOME Software app
----
- data/org.gnome.Epiphany.appdata.xml.in.in | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/data/org.gnome.Epiphany.appdata.xml.in.in b/data/org.gnome.Epiphany.appdata.xml.in.in
-index 220d9bd..f8bf74b 100644
---- a/data/org.gnome.Epiphany.appdata.xml.in.in
-+++ b/data/org.gnome.Epiphany.appdata.xml.in.in
-@@ -32,7 +32,6 @@
-     <kudo>UserDocs</kudo>
-   </kudos>
-   <project_group>GNOME</project_group>
--  <compulsory_for_desktop>GNOME</compulsory_for_desktop>
-   <project_license>GPL-3.0+</project_license>
-   <developer_name>The GNOME Project</developer_name>
-   <url type="bugtracker">https://gitlab.gnome.org/GNOME/epiphany/issues</url>

epiphany.spec

@@ -1,16 +1,20 @@
-%global glib2_version 2.61.2
+%global glib2_version 2.64.0
 %global gtk3_version 3.24.0
-%global webkit2gtk3_version 2.27.3
+%global webkit2gtk3_version 2.31.1
 Name:                epiphany
 Epoch:               1
-Version:             3.36.4
+Version:             40.6
-Release:             1
+Release:             3
 Summary:             Web browser for GNOME
 License:             GPL-3.0+ and LGPL-2.1 and MIT and GPL+ and ISC
 URL:                 https://wiki.gnome.org/Apps/Web
-Source0:             https://download.gnome.org/sources/epiphany/3.36/%{name}-%{version}.tar.xz
+Source0:             https://download.gnome.org/sources/epiphany/40/%{name}-%{version}.tar.xz
-Patch0:              epiphany-default-bookmarks.patch
+Patch0:              epiphany-default-bookmarks-openeuler.patch
-Patch1:              epiphany-dont-make-compulsory.patch
+# https://gitlab.gnome.org/GNOME/epiphany/-/issues/1766
+Patch1:              CVE-2022-29536.patch
+# https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
+Patch2:              CVE-2023-26081.patch
+
 BuildRequires:       desktop-file-utils gcc gettext-devel iso-codes-devel itstool
 BuildRequires:       libappstream-glib-devel meson pkgconfig(cairo) pkgconfig(evince-document-3.0)
 BuildRequires:       pkgconfig(gcr-3) pkgconfig(gdk-3.0) >= %{gtk3_version}
@@ -20,11 +24,11 @@ BuildRequires:       pkgconfig(gnome-desktop-3.0) >= %{glib2_version}
 BuildRequires:       pkgconfig(gtk+-3.0) >= %{gtk3_version}
 BuildRequires:       pkgconfig(gtk+-unix-print-3.0) >= %{gtk3_version} pkgconfig(hogweed)
 BuildRequires:       pkgconfig(icu-uc) pkgconfig(json-glib-1.0) pkgconfig(libdazzle-1.0)
-BuildRequires:       pkgconfig(libhandy-0.0) pkgconfig(libnotify) pkgconfig(libsecret-1)
+BuildRequires:       pkgconfig(libhandy-1) pkgconfig(libnotify) pkgconfig(libportal) pkgconfig(libsecret-1)
 BuildRequires:       pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) pkgconfig(libxslt)
 BuildRequires:       pkgconfig(nettle) pkgconfig(sqlite3)
 BuildRequires:       pkgconfig(webkit2gtk-4.0) >= %{webkit2gtk3_version}
-BuildRequires:       pkgconfig(webkit2gtk-web-extension-4.0) >= %{webkit2gtk3_version}
+BuildRequires:       pkgconfig(webkit2gtk-web-extension-4.0) >= %{webkit2gtk3_version} chrpath
 Requires:            %{name}-runtime%{?_isa} = %{epoch}:%{version}-%{release}
 %description
 Epiphany is the web browser for the GNOME desktop. Its goal is to be
@@ -51,6 +55,23 @@ installing the epiphany application itself.
 %meson_install
 %find_lang %{name} --with-gnome
 
+chrpath -d %{buildroot}%{_libdir}/epiphany/*.so
+chrpath -d %{buildroot}%{_libdir}/epiphany/web-process-extensions/*.so
+chrpath -d %{buildroot}%{_libexecdir}/epiphany/*
+chrpath -d %{buildroot}%{_libexecdir}/epiphany-search-provider
+chrpath -d %{buildroot}%{_bindir}/epiphany
+
+sed -i 's/Exec=/Exec=env WEBKIT_FORCE_SANDBOX=0 /g' %{buildroot}%{_datadir}/applications/org.gnome.Epiphany.desktop
+
+mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d
+echo "%{_libdir}/epiphany" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
+
+%post
+/sbin/ldconfig
+
+%postun
+/sbin/ldconfig
+
 %check
 desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop
 
@@ -62,6 +83,7 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop
 %dir %{_datadir}/gnome-shell/
 %dir %{_datadir}/gnome-shell/search-providers/
 %{_datadir}/gnome-shell/search-providers/org.gnome.Epiphany.SearchProvider.ini
+%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 
 %files runtime
 %license COPYING
@@ -74,7 +96,23 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop
 %{_libdir}/epiphany/
 %{_datadir}/epiphany
 %{_mandir}/man*/*
+%config(noreplace)%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
 
 %changelog
+* Thu Feb 23 2023 liweiganga <liweiganga@uniontech.com> 1:40.6-3
+- fix CVE-2023-26081
+
+* Fri Sep 9 2022 lin zhang <lin.zhang@turbolinux.com.cn> 1:40.6-2
+- fix issue #I5QHPI
+
+* Fri May 6 2022 yaoxin <yaoxin30@h-partners.com> - 40.6-1
+- Update to 40.6 for fix CVE-2021-45085-to-CVE-2021-45088 and add patch for CVE-2022-29536
+
+* Fri Sep 10 2021 lingsheng <lingsheng@huawei.com> - 3.38.5-2
+- Delete rpath setting
+
+* Thu Jun 24 2021 Wenlong Ding <wenlong.ding@turbolinux.com.cn> - 3.38.5-1
+- Update to 3.38.5
+
 * Thu Nov 5 2020 Liu wei bo <liuweibo10@huawei.com> - 3.36.4-1
 - package init