diff -Nru epiphany-browser-3.36.4/debian/changelog epiphany-browser-3.36.4/debian/changelog --- epiphany-browser-3.36.4/debian/changelog 2020-09-30 10:17:57.000000000 -0400 +++ epiphany-browser-3.36.4/debian/changelog 2022-07-31 16:32:14.000000000 -0400 @@ -1,3 +1,15 @@ +epiphany-browser (3.36.4-0ubuntu2) focal-security; urgency=medium + + * SECURITY UPDATE: Fix memory corruption in ephy_string_shorten() + - CVE-2022-29536 (LP: #1969851) + * SECURITY UPDATE: Multiple XSS issues (LP: #1955362) + - CVE-2021-45085 XSS exploit possible from the Most Visited page + - CVE-2021-45086 XSS exploit possible with a PDF's suggested filename + - CVE-2021-45087 XSS exploit possible in View Source or Reader Mode + - CVE-2021-45087 XSS exploit possible via error pages + + -- Jeremy Bicha Sun, 31 Jul 2022 16:32:14 -0400 + epiphany-browser (3.36.4-0ubuntu1) focal; urgency=medium * New upstream release (lp: #1897908) diff -Nru epiphany-browser-3.36.4/debian/control epiphany-browser-3.36.4/debian/control --- epiphany-browser-3.36.4/debian/control 2020-09-30 10:17:57.000000000 -0400 +++ epiphany-browser-3.36.4/debian/control 2022-07-31 16:32:14.000000000 -0400 @@ -5,8 +5,9 @@ Source: epiphany-browser Section: gnome Priority: optional -Maintainer: Debian GNOME Maintainers -Uploaders: Jeremy Bicha , Sebastien Bacher +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GNOME Maintainers +Uploaders: Jeremy Bicha , Michael Biebl , Sebastien Bacher Build-Depends: appstream-util, at-spi2-core , debhelper-compat (= 12), @@ -39,8 +40,10 @@ xvfb Build-Depends-Indep: libglib2.0-doc, libgtk-3-doc Standards-Version: 4.5.0 -Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser -Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git +XS-Debian-Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser +XS-Debian-Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git +Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser/tree/ubuntu/focal +Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git -b ubuntu/focal Homepage: https://wiki.gnome.org/Apps/Web Package: epiphany-browser diff -Nru epiphany-browser-3.36.4/debian/control.in epiphany-browser-3.36.4/debian/control.in --- epiphany-browser-3.36.4/debian/control.in 2020-09-30 10:17:45.000000000 -0400 +++ epiphany-browser-3.36.4/debian/control.in 2022-07-31 16:32:14.000000000 -0400 @@ -1,7 +1,8 @@ Source: epiphany-browser Section: gnome Priority: optional -Maintainer: Debian GNOME Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GNOME Maintainers Uploaders: @GNOME_TEAM@ Build-Depends: appstream-util, at-spi2-core , @@ -35,8 +36,10 @@ xvfb Build-Depends-Indep: libglib2.0-doc, libgtk-3-doc Standards-Version: 4.5.0 -Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser -Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git +XS-Debian-Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser +XS-Debian-Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git +Vcs-Browser: https://salsa.debian.org/gnome-team/epiphany-browser/tree/ubuntu/focal +Vcs-Git: https://salsa.debian.org/gnome-team/epiphany-browser.git -b ubuntu/focal Homepage: https://wiki.gnome.org/Apps/Web Package: epiphany-browser diff -Nru epiphany-browser-3.36.4/debian/gbp.conf epiphany-browser-3.36.4/debian/gbp.conf --- epiphany-browser-3.36.4/debian/gbp.conf 2020-09-30 10:17:45.000000000 -0400 +++ epiphany-browser-3.36.4/debian/gbp.conf 2022-07-31 16:32:14.000000000 -0400 @@ -1,7 +1,8 @@ [DEFAULT] pristine-tar = True -debian-branch = debian/master -upstream-branch = upstream/latest +debian-branch = ubuntu/focal +debian-tag = ubuntu/%(version)s +upstream-branch = upstream/3.36.x upstream-vcs-tag = %(version)s [buildpackage] diff -Nru epiphany-browser-3.36.4/debian/patches/about-handler-don-t-encode-app-ID-or-install-date.patch epiphany-browser-3.36.4/debian/patches/about-handler-don-t-encode-app-ID-or-install-date.patch --- epiphany-browser-3.36.4/debian/patches/about-handler-don-t-encode-app-ID-or-install-date.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/about-handler-don-t-encode-app-ID-or-install-date.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,70 @@ +From: Michael Catanzaro +Date: Mon, 20 Dec 2021 10:53:09 -0600 +Subject: about-handler: don't encode app ID (or install date) + +We are overencoding here. Epiphany is not prepared to handle the encoded +app ID, and it is not necessary to encode in the first place because the +app ID is trusted to be a valid GApplication ID, which cannot contain +nasty characters. + +However, encoding the URLs here really is necessary, because they really +could contain nasty content. + +Fixes #1665 + +Part-of: +(cherry picked from commit fd4fd23ce3f553b82f0b1b2339f8786eb1be7901) +--- + embed/ephy-about-handler.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c +index 855e2ed..bed2614 100644 +--- a/embed/ephy-about-handler.c ++++ b/embed/ephy-about-handler.c +@@ -264,34 +264,33 @@ handle_applications_finished_cb (EphyAboutHandler *handler, + + for (p = applications; p; p = p->next) { + EphyWebApplication *app = (EphyWebApplication *)p->data; +- g_autofree char *html_encoded_id = NULL; + g_autofree char *encoded_icon_url = NULL; + g_autofree char *encoded_name = NULL; + g_autofree char *encoded_url = NULL; + g_autofree char *js_encoded_id = NULL; +- g_autofree char *encoded_install_date = NULL; + +- /* Most of these fields are untrusted. The web app suggests its own title, +- * which gets used in the app ID and icon URL. The main URL could contain +- * anything. Install date is the only trusted field here in that it's +- * constructed by Epiphany, but it's a freeform string and we're encoding +- * everything else here anyway, so might as well encode this too. ++ /* Most of these fields are at least semi-trusted. The web app suggests ++ * its own title, which gets used in the app ID and icon URL, but it ought ++ * to be safe because we validate that it is a valid component of a ++ * GApplication ID, which should not permit anything nasty. The icon URL ++ * could be changed by the user to something else after web app creation, ++ * though, so better not fully trust it. Then the app name and the main ++ * URL could contain contain anything at all, so those need to be encoded ++ * for sure. Install date should be fine because it's constructed by ++ * Epiphany. + */ +- html_encoded_id = ephy_encode_for_html_attribute (app->id); + encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url); + encoded_name = ephy_encode_for_html_entity (app->name); + encoded_url = ephy_encode_for_html_entity (app->url); +- js_encoded_id = ephy_encode_for_javascript (app->id); +- encoded_install_date = ephy_encode_for_html_entity (app->install_date); + g_string_append_printf (data_str, + "" + "" + "
%s
%s
" + "" + "%s
%s", +- html_encoded_id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), js_encoded_id, ++ app->id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), app->id, + /* Note for translators: this refers to the installation date. */ +- _("Installed on:"), encoded_install_date); ++ _("Installed on:"), app->install_date); + } + + g_string_append (data_str, ""); diff -Nru epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-page-title-URL-in-about-ove.patch epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-page-title-URL-in-about-ove.patch --- epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-page-title-URL-in-about-ove.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-page-title-URL-in-about-ove.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,62 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 16:43:05 -0600 +Subject: about-handler: properly encode page title/URL in about:overview + +Otherwise, web pages can execute code in about:overview via a malicious +page title. It might be possible to do the same via the URL, so better +encode that too. + +Fixes #1612 + +Part-of: +(cherry picked from commit c632f5a9dda33357d7fc6054eade0dd1ce45c75e) +--- + embed/ephy-about-handler.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c +index 029aa64..7ed63cb 100644 +--- a/embed/ephy-about-handler.c ++++ b/embed/ephy-about-handler.c +@@ -27,6 +27,7 @@ + #include "ephy-file-helpers.h" + #include "ephy-flatpak-utils.h" + #include "ephy-history-service.h" ++#include "ephy-output-encoding.h" + #include "ephy-prefs.h" + #include "ephy-settings.h" + #include "ephy-smaps.h" +@@ -407,7 +408,9 @@ history_service_query_urls_cb (EphyHistoryService *history, + EphyHistoryURL *url = (EphyHistoryURL *)l->data; + const char *snapshot; + g_autofree char *thumbnail_style = NULL; +- g_autofree char *markup = NULL; ++ g_autofree char *entity_encoded_title = NULL; ++ g_autofree char *attribute_encoded_title = NULL; ++ g_autofree char *encoded_url = NULL; + + snapshot = ephy_snapshot_service_lookup_cached_snapshot_path (snapshot_service, url->url); + if (snapshot) +@@ -415,15 +418,19 @@ history_service_query_urls_cb (EphyHistoryService *history, + else + ephy_embed_shell_schedule_thumbnail_update (shell, url); + +- markup = g_markup_escape_text (url->title, -1); ++ /* Title and URL are controlled by web content and could be malicious. */ ++ entity_encoded_title = ephy_encode_for_html_entity (url->title); ++ attribute_encoded_title = ephy_encode_for_html_attribute (url->title); ++ encoded_url = ephy_encode_for_html_attribute (url->url); + g_string_append_printf (data_str, + "" + "
" + " " + " %s" + "", +- markup, url->url, _("Remove from overview"), +- thumbnail_style ? thumbnail_style : "", url->title); ++ attribute_encoded_title, encoded_url, _("Remove from overview"), ++ thumbnail_style ? thumbnail_style : "", ++ entity_encoded_title); + } + + for (guint idx = list_length; idx < 9; idx++) { diff -Nru epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-web-app-info-in-about-appli.patch epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-web-app-info-in-about-appli.patch --- epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-web-app-info-in-about-appli.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/about-handler-properly-encode-web-app-info-in-about-appli.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,56 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 16:44:36 -0600 +Subject: about-handler: properly encode web app info in about:applications + +The web app has some partial control over its title, and full control +over its URL. Let's be careful here to ensure the web app info cannot be +used to execute code. + +Part-of: +(cherry picked from commit 31952c5744ab346bb394d5e23141362d51c18624) +--- + embed/ephy-about-handler.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c +index 7ed63cb..855e2ed 100644 +--- a/embed/ephy-about-handler.c ++++ b/embed/ephy-about-handler.c +@@ -264,16 +264,34 @@ handle_applications_finished_cb (EphyAboutHandler *handler, + + for (p = applications; p; p = p->next) { + EphyWebApplication *app = (EphyWebApplication *)p->data; +- ++ g_autofree char *html_encoded_id = NULL; ++ g_autofree char *encoded_icon_url = NULL; ++ g_autofree char *encoded_name = NULL; ++ g_autofree char *encoded_url = NULL; ++ g_autofree char *js_encoded_id = NULL; ++ g_autofree char *encoded_install_date = NULL; ++ ++ /* Most of these fields are untrusted. The web app suggests its own title, ++ * which gets used in the app ID and icon URL. The main URL could contain ++ * anything. Install date is the only trusted field here in that it's ++ * constructed by Epiphany, but it's a freeform string and we're encoding ++ * everything else here anyway, so might as well encode this too. ++ */ ++ html_encoded_id = ephy_encode_for_html_attribute (app->id); ++ encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url); ++ encoded_name = ephy_encode_for_html_entity (app->name); ++ encoded_url = ephy_encode_for_html_entity (app->url); ++ js_encoded_id = ephy_encode_for_javascript (app->id); ++ encoded_install_date = ephy_encode_for_html_entity (app->install_date); + g_string_append_printf (data_str, + "" + "" + "
%s
%s
" + "" + "%s
%s", +- app->id, app->icon_url, app->name, app->url, _("Delete"), app->id, ++ html_encoded_id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), js_encoded_id, + /* Note for translators: this refers to the installation date. */ +- _("Installed on:"), app->install_date); ++ _("Installed on:"), encoded_install_date); + } + + g_string_append (data_str, ""); diff -Nru epiphany-browser-3.36.4/debian/patches/Add-CSP-for-reader-mode-backport-for-GNOME-3.36.patch epiphany-browser-3.36.4/debian/patches/Add-CSP-for-reader-mode-backport-for-GNOME-3.36.patch --- epiphany-browser-3.36.4/debian/patches/Add-CSP-for-reader-mode-backport-for-GNOME-3.36.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/Add-CSP-for-reader-mode-backport-for-GNOME-3.36.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,22 @@ +From: Michael Catanzaro +Date: Thu, 16 Dec 2021 12:49:13 -0600 +Subject: Add CSP for reader mode (backport for GNOME 3.36) + +(cherry picked from commit 00c7020ff35b53abb4bf5236369d44bfc36d8d7c) +--- + embed/ephy-web-view.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c +index f31f5fd..cf7d167 100644 +--- a/embed/ephy-web-view.c ++++ b/embed/ephy-web-view.c +@@ -3390,6 +3390,8 @@ ephy_web_view_toggle_reader_mode (EphyWebView *view, + EPHY_PREFS_READER_COLOR_SCHEME)); + g_string_append_printf (html, "" + "%s" ++ "" \ ++ "" \ + "" + "
" + "

" diff -Nru epiphany-browser-3.36.4/debian/patches/Add-secure-output-encoding-functions.patch epiphany-browser-3.36.4/debian/patches/Add-secure-output-encoding-functions.patch --- epiphany-browser-3.36.4/debian/patches/Add-secure-output-encoding-functions.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/Add-secure-output-encoding-functions.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,156 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 16:41:00 -0600 +Subject: Add secure output encoding functions + +If we fail to use these when required, malicious web content could XSS +Epiphany's internal pages. + +(As you might guess, the fact that these functions don't exist already +indicates that is currently possible in various places.) + +Part-of: +(cherry picked from commit d6810e89e776b23cd23a3d9c5a68431fe061c932) +--- + lib/ephy-output-encoding.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++ + lib/ephy-output-encoding.h | 38 ++++++++++++++++++++++++ + lib/meson.build | 1 + + 3 files changed, 113 insertions(+) + create mode 100644 lib/ephy-output-encoding.c + create mode 100644 lib/ephy-output-encoding.h + +diff --git a/lib/ephy-output-encoding.c b/lib/ephy-output-encoding.c +new file mode 100644 +index 0000000..7256059 +--- /dev/null ++++ b/lib/ephy-output-encoding.c +@@ -0,0 +1,74 @@ ++/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* ++ * Copyright © Red Hat Inc. ++ * ++ * This file is part of Epiphany. ++ * ++ * Epiphany is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * Epiphany is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with Epiphany. If not, see . ++ */ ++ ++#include "config.h" ++#include "ephy-output-encoding.h" ++ ++#include ++ ++char * ++ephy_encode_for_html_entity (const char *input) ++{ ++ GString *str = g_string_new (input); ++ ++ g_string_replace (str, "&", "&", 0); ++ g_string_replace (str, "<", "<", 0); ++ g_string_replace (str, ">", ">", 0); ++ g_string_replace (str, "\"", """, 0); ++ g_string_replace (str, "'", "'", 0); ++ g_string_replace (str, "/", "/", 0); ++ ++ return g_string_free (str, FALSE); ++} ++ ++static char * ++encode_all_except_alnum (const char *input, ++ const char *format) ++{ ++ GString *str; ++ const char *c = input; ++ ++ if (!g_utf8_validate (input, -1, NULL)) ++ return g_strdup (""); ++ ++ str = g_string_new (NULL); ++ do { ++ gunichar u = g_utf8_get_char (c); ++ if (g_unichar_isalnum (u)) ++ g_string_append_unichar (str, u); ++ else ++ g_string_append_printf (str, format, u); ++ c = g_utf8_next_char (c); ++ } while (*c); ++ ++ return g_string_free (str, FALSE); ++} ++ ++char * ++ephy_encode_for_html_attribute (const char *input) ++{ ++ return encode_all_except_alnum (input, "&#x%02x;"); ++} ++ ++char * ++ephy_encode_for_javascript (const char *input) ++{ ++ return encode_all_except_alnum (input, "\\u%04u;"); ++} +diff --git a/lib/ephy-output-encoding.h b/lib/ephy-output-encoding.h +new file mode 100644 +index 0000000..7ff6a33 +--- /dev/null ++++ b/lib/ephy-output-encoding.h +@@ -0,0 +1,38 @@ ++/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* ++ * Copyright © 2021 Red Hat Inc. ++ * ++ * This file is part of Epiphany. ++ * ++ * Epiphany is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * Epiphany is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with Epiphany. If not, see . ++ */ ++ ++#pragma once ++ ++#include ++ ++G_BEGIN_DECLS ++ ++/* These functions implement the OWASP XSS prevention output encoding rules: ++ * https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary ++ * ++ * You must *carefully* read that document to safely inject untrusted data into ++ * web content. Here be dragons. ++ */ ++ ++char *ephy_encode_for_html_entity (const char *input); ++char *ephy_encode_for_html_attribute (const char *input); ++char *ephy_encode_for_javascript (const char *input); ++ ++G_END_DECLS +diff --git a/lib/meson.build b/lib/meson.build +index a9f651a..4cafe45 100644 +--- a/lib/meson.build ++++ b/lib/meson.build +@@ -23,6 +23,7 @@ libephymisc_sources = [ + 'ephy-langs.c', + 'ephy-notification.c', + 'ephy-notification-container.c', ++ 'ephy-output-encoding.c', + 'ephy-permissions-manager.c', + 'ephy-profile-utils.c', + 'ephy-search-engine-manager.c', diff -Nru epiphany-browser-3.36.4/debian/patches/Encode-PDF-data-backport-for-3.36.patch epiphany-browser-3.36.4/debian/patches/Encode-PDF-data-backport-for-3.36.patch --- epiphany-browser-3.36.4/debian/patches/Encode-PDF-data-backport-for-3.36.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/Encode-PDF-data-backport-for-3.36.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,41 @@ +From: Michael Catanzaro +Date: Thu, 16 Dec 2021 09:20:25 -0600 +Subject: Encode PDF data (backport for 3.36) + +(cherry picked from commit 5e832fff73283e5f6e6733b330b6c99e895ccd8e) +--- + embed/ephy-embed.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/embed/ephy-embed.c b/embed/ephy-embed.c +index 2087307..a4928b5 100644 +--- a/embed/ephy-embed.c ++++ b/embed/ephy-embed.c +@@ -31,6 +31,7 @@ + #include "ephy-embed-utils.h" + #include "ephy-find-toolbar.h" + #include "ephy-notification-container.h" ++#include "ephy-output-encoding.h" + #include "ephy-prefs.h" + #include "ephy-settings.h" + #include "ephy-string.h" +@@ -1056,6 +1057,8 @@ pdf_file_loaded (GObject *source, + g_autofree gchar *b64 = NULL; + g_autofree gchar *requested_uri = NULL; + g_autofree char *file_data = NULL; ++ g_autofree char *basename = NULL; ++ g_autofree char *encoded_filename = NULL; + gsize len = 0; + + if (!g_file_load_contents_finish (G_FILE (source), res, &file_data, &len, NULL, &error)) { +@@ -1070,7 +1073,9 @@ pdf_file_loaded (GObject *source, + g_file_delete_async (G_FILE (source), G_PRIORITY_DEFAULT, NULL, pdf_file_deleted, NULL); + + html = g_string_new (""); +- g_string_printf (html, g_bytes_get_data (html_file, NULL), b64, g_path_get_basename (data->remote_uri)); ++ basename = g_path_get_basename (data->remote_uri); ++ encoded_filename = ephy_encode_for_html_attribute (basename); ++ g_string_printf (html, g_bytes_get_data (html_file, NULL), b64, encoded_filename); + + webkit_web_view_load_alternate_html (web_view, html->str, data->remote_uri, "ephy-resource:///org/gnome/epiphany/pdfjs/web/"); + diff -Nru epiphany-browser-3.36.4/debian/patches/Fix-memory-corruption-in-ephy_string_shorten.patch epiphany-browser-3.36.4/debian/patches/Fix-memory-corruption-in-ephy_string_shorten.patch --- epiphany-browser-3.36.4/debian/patches/Fix-memory-corruption-in-ephy_string_shorten.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/Fix-memory-corruption-in-ephy_string_shorten.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,39 @@ +From: Michael Catanzaro +Date: Fri, 15 Apr 2022 18:09:46 -0500 +Subject: Fix memory corruption in ephy_string_shorten() + +This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228. + +I got my browser stuck in a crash loop today while visiting a website +with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only +condition in which ephy_string_shorten() is ever used. Turns out this +commit is wrong: an ellipses is a multibyte character (three bytes in +UTF-8) and so we're writing past the end of the buffer when calling +strcat() here. Ooops. + +Shame it took nearly four years to notice and correct this. + +Part-of: +(cherry picked from commit 486da133569ebfc436c959a7419565ab102e8525) +--- + lib/ephy-string.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/lib/ephy-string.c b/lib/ephy-string.c +index 509490c..d678803 100644 +--- a/lib/ephy-string.c ++++ b/lib/ephy-string.c +@@ -115,11 +115,10 @@ ephy_string_shorten (char *str, + /* create string */ + bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str); + +- /* +1 for ellipsis, +1 for trailing NUL */ +- new_str = g_new (gchar, bytes + 1 + 1); ++ new_str = g_new (gchar, bytes + strlen ("…") + 1); + + strncpy (new_str, str, bytes); +- strcat (new_str, "…"); ++ strncpy (new_str + bytes, "…", strlen ("…") + 1); + + g_free (str); + diff -Nru epiphany-browser-3.36.4/debian/patches/Fix-reload-buttons-on-error-pages.patch epiphany-browser-3.36.4/debian/patches/Fix-reload-buttons-on-error-pages.patch --- epiphany-browser-3.36.4/debian/patches/Fix-reload-buttons-on-error-pages.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/Fix-reload-buttons-on-error-pages.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,292 @@ +From: Michael Catanzaro +Date: Mon, 20 Dec 2021 10:32:36 -0600 +Subject: Fix reload buttons on error pages + +The encoded URL here does not work. And we cannot reload via the web +process, because the window.location is about:blank for alternate HTML, +so we'll have to send a message to the UI process to have it do so +instead. + +Fixes #1663 + +Part-of: +(cherry picked from commit 4bb41cded4792b0ebc194b4930bf09acb7fc0e4f) +--- + embed/ephy-embed-shell.c | 36 ++++++++++++++++ + embed/ephy-web-view.c | 108 +++++++++++++++++++++++++++-------------------- + 2 files changed, 99 insertions(+), 45 deletions(-) + +diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c +index 51a9003..0625d76 100644 +--- a/embed/ephy-embed-shell.c ++++ b/embed/ephy-embed-shell.c +@@ -74,6 +74,7 @@ enum { + WEB_VIEW_CREATED, + ALLOW_TLS_CERTIFICATE, + ALLOW_UNSAFE_BROWSING, ++ RELOAD_PAGE, + PASSWORD_FORM_FOCUSED, + + LAST_SIGNAL +@@ -302,6 +303,17 @@ web_process_extension_tls_error_page_message_received_cb (WebKitUserContentManag + g_signal_emit (shell, signals[ALLOW_TLS_CERTIFICATE], 0, page_id); + } + ++static void ++web_process_extension_reload_page_message_received_cb (WebKitUserContentManager *manager, ++ WebKitJavascriptResult *message, ++ EphyEmbedShell *shell) ++{ ++ guint64 page_id; ++ ++ page_id = jsc_value_to_double (webkit_javascript_result_get_js_value (message)); ++ g_signal_emit (shell, signals[RELOAD_PAGE], 0, page_id); ++} ++ + static void + web_process_extension_unsafe_browsing_error_page_message_received_cb (WebKitUserContentManager *manager, + WebKitJavascriptResult *message, +@@ -1082,6 +1094,23 @@ ephy_embed_shell_class_init (EphyEmbedShellClass *klass) + G_TYPE_NONE, 1, + G_TYPE_UINT64); + ++ /** ++ * EphyEmbedShell::reload-page: ++ * @shell: the #EphyEmbedShell ++ * @page_id: the identifier of the web page ++ * ++ * Emitted when the web process extension requests a view be reloaded. ++ * This is needed when window.location.reload() doesn't work properly, ++ * specifically after loading alternate HTML. ++ */ ++ signals[RELOAD_PAGE] = ++ g_signal_new ("reload-page", ++ EPHY_TYPE_EMBED_SHELL, ++ G_SIGNAL_RUN_FIRST, ++ 0, NULL, NULL, NULL, ++ G_TYPE_NONE, 1, ++ G_TYPE_UINT64); ++ + /** + * EphyEmbedShell::password-form-focused + * @shell: the #EphyEmbedShell +@@ -1320,6 +1349,7 @@ ephy_embed_shell_register_ucm_handler (EphyEmbedShell *shell, + EphyEmbedShellPrivate *priv = ephy_embed_shell_get_instance_private (shell); + + /* User content manager */ ++ /* FIXME: See https://gitlab.gnome.org/GNOME/epiphany/-/issues/1664 */ + webkit_user_content_manager_register_script_message_handler_in_world (ucm, + "overview", + priv->guid); +@@ -1333,6 +1363,12 @@ ephy_embed_shell_register_ucm_handler (EphyEmbedShell *shell, + G_CALLBACK (web_process_extension_tls_error_page_message_received_cb), + shell, 0); + ++ webkit_user_content_manager_register_script_message_handler (ucm, ++ "reloadPage"); ++ g_signal_connect_object (ucm, "script-message-received::reloadPage", ++ G_CALLBACK (web_process_extension_reload_page_message_received_cb), ++ shell, 0); ++ + webkit_user_content_manager_register_script_message_handler (ucm, + "unsafeBrowsingErrorPage"); + g_signal_connect_object (ucm, "script-message-received::unsafeBrowsingErrorPage", +diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c +index 04e0d5f..3fb4231 100644 +--- a/embed/ephy-web-view.c ++++ b/embed/ephy-web-view.c +@@ -660,6 +660,17 @@ allow_unsafe_browsing_cb (EphyEmbedShell *shell, + ephy_web_view_load_url (view, ephy_web_view_get_address (view)); + } + ++static void ++reload_page_cb (EphyEmbedShell *shell, ++ guint64 page_id, ++ EphyWebView *view) ++{ ++ if (webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (view)) != page_id) ++ return; ++ ++ webkit_web_view_reload (WEBKIT_WEB_VIEW (view)); ++} ++ + static void + _ephy_web_view_set_is_blank (EphyWebView *view, + gboolean is_blank) +@@ -1634,20 +1645,20 @@ ephy_web_view_get_error_page (EphyWebView *view) + * strings. Everywhere, but also here on the error pages in particular. */ + + static void +-format_network_error_page (const char *uri, +- const char *origin, +- const char *reason, +- char **page_title, +- char **message_title, +- char **message_body, +- char **message_details, +- char **button_label, +- char **button_action, +- const char **button_accesskey, +- const char **icon_name, +- const char **style) ++format_network_error_page (EphyWebView *view, ++ const char *uri, ++ const char *origin, ++ const char *reason, ++ char **page_title, ++ char **message_title, ++ char **message_body, ++ char **message_details, ++ char **button_label, ++ char **button_action, ++ const char **button_accesskey, ++ const char **icon_name, ++ const char **style) + { +- g_autofree char *encoded_uri = NULL; + g_autofree char *encoded_origin = NULL; + g_autofree char *formatted_origin = NULL; + g_autofree char *formatted_reason = NULL; +@@ -1683,8 +1694,8 @@ format_network_error_page (const char *uri, + + /* The button on the network error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- encoded_uri = ephy_encode_for_javascript (uri); +- *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri); ++ *button_action = g_strdup_printf ("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");", ++ webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (view))); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -1693,18 +1704,18 @@ format_network_error_page (const char *uri, + } + + static void +-format_crash_error_page (const char *uri, +- char **page_title, +- char **message_title, +- char **message_body, +- char **button_label, +- char **button_action, +- const char **button_accesskey, +- const char **icon_name, +- const char **style) ++format_crash_error_page (EphyWebView *view, ++ const char *uri, ++ char **page_title, ++ char **message_title, ++ char **message_body, ++ char **button_label, ++ char **button_action, ++ const char **button_accesskey, ++ const char **icon_name, ++ const char **style) + { +- g_autofree char *html_encoded_uri = NULL; +- g_autofree char *js_encoded_uri = NULL; ++ g_autofree char *encoded_uri = NULL; + g_autofree char *formatted_uri = NULL; + g_autofree char *formatted_distributor = NULL; + g_autofree char *first_paragraph = NULL; +@@ -1716,8 +1727,8 @@ format_crash_error_page (const char *uri, + /* Message title when a site cannot be loaded due to a page crash error. */ + *message_title = g_strdup (_("Oops! There may be a problem")); + +- html_encoded_uri = ephy_encode_for_html_entity (uri); +- formatted_uri = g_strdup_printf ("%s", html_encoded_uri); ++ encoded_uri = ephy_encode_for_html_entity (uri); ++ formatted_uri = g_strdup_printf ("%s", encoded_uri); + /* Error details when a site cannot be loaded due to a page crash error. */ + first_paragraph = g_strdup_printf (_("The page %s may have caused Web to " + "close unexpectedly."), +@@ -1736,8 +1747,8 @@ format_crash_error_page (const char *uri, + + /* The button on the page crash error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- js_encoded_uri = ephy_encode_for_javascript (uri); +- *button_action = g_strdup_printf ("window.location = '%s';", js_encoded_uri); ++ *button_action = g_strdup_printf ("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");", ++ webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (view))); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -1746,17 +1757,17 @@ format_crash_error_page (const char *uri, + } + + static void +-format_process_crash_error_page (const char *uri, +- char **page_title, +- char **message_title, +- char **message_body, +- char **button_label, +- char **button_action, +- const char **button_accesskey, +- const char **icon_name, +- const char **style) ++format_process_crash_error_page (EphyWebView *view, ++ const char *uri, ++ char **page_title, ++ char **message_title, ++ char **message_body, ++ char **button_label, ++ char **button_action, ++ const char **button_accesskey, ++ const char **icon_name, ++ const char **style) + { +- g_autofree char *encoded_uri = NULL; + const char *first_paragraph; + + /* Page title when a site cannot be loaded due to a process crash error. */ +@@ -1772,8 +1783,8 @@ format_process_crash_error_page (const char *uri, + + /* The button on the process crash error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- encoded_uri = ephy_encode_for_javascript (uri); +- *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri); ++ *button_action = g_strdup_printf ("window.webkit.messageHandlers.reloadPage.postMessage(%" G_GUINT64_FORMAT ");", ++ webkit_web_view_get_page_id (WEBKIT_WEB_VIEW (view))); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -2027,7 +2038,8 @@ ephy_web_view_load_error_page (EphyWebView *view, + + switch (page) { + case EPHY_WEB_VIEW_ERROR_PAGE_NETWORK_ERROR: +- format_network_error_page (uri, ++ format_network_error_page (view, ++ uri, + origin, + reason, + &page_title, +@@ -2041,7 +2053,8 @@ ephy_web_view_load_error_page (EphyWebView *view, + &style); + break; + case EPHY_WEB_VIEW_ERROR_PAGE_CRASH: +- format_crash_error_page (uri, ++ format_crash_error_page (view, ++ uri, + &page_title, + &msg_title, + &msg_body, +@@ -2052,7 +2065,8 @@ ephy_web_view_load_error_page (EphyWebView *view, + &style); + break; + case EPHY_WEB_VIEW_ERROR_PROCESS_CRASH: +- format_process_crash_error_page (uri, ++ format_process_crash_error_page (view, ++ uri, + &page_title, + &msg_title, + &msg_body, +@@ -3615,6 +3629,10 @@ ephy_web_view_init (EphyWebView *web_view) + g_signal_connect_object (shell, "allow-unsafe-browsing", + G_CALLBACK (allow_unsafe_browsing_cb), + web_view, 0); ++ ++ g_signal_connect_object (shell, "reload-page", ++ G_CALLBACK (reload_page_cb), ++ web_view, 0); + } + + static void diff -Nru epiphany-browser-3.36.4/debian/patches/output-encoding-fix-build-with-older-GLib.patch epiphany-browser-3.36.4/debian/patches/output-encoding-fix-build-with-older-GLib.patch --- epiphany-browser-3.36.4/debian/patches/output-encoding-fix-build-with-older-GLib.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/output-encoding-fix-build-with-older-GLib.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,63 @@ +From: Michael Catanzaro +Date: Tue, 8 Feb 2022 14:39:09 -0600 +Subject: output-encoding: fix build with older GLib + +(cherry picked from commit 25e6d1c57a6002b081f6f225e5abd953fbe13768) +--- + lib/ephy-output-encoding.c | 43 +++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 43 insertions(+) + +diff --git a/lib/ephy-output-encoding.c b/lib/ephy-output-encoding.c +index 2a7c1d0..1263b25 100644 +--- a/lib/ephy-output-encoding.c ++++ b/lib/ephy-output-encoding.c +@@ -23,6 +23,49 @@ + + #include + ++#if !GLIB_CHECK_VERSION(2, 68, 0) ++static guint ++g_string_replace (GString *string, ++ const gchar *find, ++ const gchar *replace, ++ guint limit) ++{ ++ gsize f_len, r_len, pos; ++ gchar *cur, *next; ++ guint n = 0; ++ ++ g_return_val_if_fail (string != NULL, 0); ++ g_return_val_if_fail (find != NULL, 0); ++ g_return_val_if_fail (replace != NULL, 0); ++ ++ f_len = strlen (find); ++ r_len = strlen (replace); ++ cur = string->str; ++ ++ while ((next = strstr (cur, find)) != NULL) ++ { ++ pos = next - string->str; ++ g_string_erase (string, pos, f_len); ++ g_string_insert (string, pos, replace); ++ cur = string->str + pos + r_len; ++ n++; ++ /* Only match the empty string once at any given position, to ++ * avoid infinite loops */ ++ if (f_len == 0) ++ { ++ if (cur[0] == '\0') ++ break; ++ else ++ cur++; ++ } ++ if (n == limit) ++ break; ++ } ++ ++ return n; ++} ++#endif ++ + char * + ephy_encode_for_html_entity (const char *input) + { diff -Nru epiphany-browser-3.36.4/debian/patches/output-encoding-remove-JS-encoding-function.patch epiphany-browser-3.36.4/debian/patches/output-encoding-remove-JS-encoding-function.patch --- epiphany-browser-3.36.4/debian/patches/output-encoding-remove-JS-encoding-function.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/output-encoding-remove-JS-encoding-function.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,71 @@ +From: Michael Catanzaro +Date: Mon, 20 Dec 2021 10:55:37 -0600 +Subject: output-encoding: remove JS encoding function + +This is no longer required after #1665. + +Part-of: +(cherry picked from commit f7272f6d6be1abebe63ae4c81d09bc9ce592f2cd) +--- + lib/ephy-output-encoding.c | 19 +++---------------- + lib/ephy-output-encoding.h | 5 ++++- + 2 files changed, 7 insertions(+), 17 deletions(-) + +diff --git a/lib/ephy-output-encoding.c b/lib/ephy-output-encoding.c +index 7256059..2a7c1d0 100644 +--- a/lib/ephy-output-encoding.c ++++ b/lib/ephy-output-encoding.c +@@ -38,9 +38,8 @@ ephy_encode_for_html_entity (const char *input) + return g_string_free (str, FALSE); + } + +-static char * +-encode_all_except_alnum (const char *input, +- const char *format) ++char * ++ephy_encode_for_html_attribute (const char *input) + { + GString *str; + const char *c = input; +@@ -54,21 +53,9 @@ encode_all_except_alnum (const char *input, + if (g_unichar_isalnum (u)) + g_string_append_unichar (str, u); + else +- g_string_append_printf (str, format, u); ++ g_string_append_printf (str, "&#x%02x;", u); + c = g_utf8_next_char (c); + } while (*c); + + return g_string_free (str, FALSE); + } +- +-char * +-ephy_encode_for_html_attribute (const char *input) +-{ +- return encode_all_except_alnum (input, "&#x%02x;"); +-} +- +-char * +-ephy_encode_for_javascript (const char *input) +-{ +- return encode_all_except_alnum (input, "\\u%04u;"); +-} +diff --git a/lib/ephy-output-encoding.h b/lib/ephy-output-encoding.h +index 7ff6a33..7817e7a 100644 +--- a/lib/ephy-output-encoding.h ++++ b/lib/ephy-output-encoding.h +@@ -29,10 +29,13 @@ G_BEGIN_DECLS + * + * You must *carefully* read that document to safely inject untrusted data into + * web content. Here be dragons. ++ * ++ * If tempted to inject untrusted content into JavaScript, then also review: ++ * https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html ++ * and consider not doing that. + */ + + char *ephy_encode_for_html_entity (const char *input); + char *ephy_encode_for_html_attribute (const char *input); +-char *ephy_encode_for_javascript (const char *input); + + G_END_DECLS diff -Nru epiphany-browser-3.36.4/debian/patches/series epiphany-browser-3.36.4/debian/patches/series --- epiphany-browser-3.36.4/debian/patches/series 2020-09-30 10:17:45.000000000 -0400 +++ epiphany-browser-3.36.4/debian/patches/series 2022-07-31 16:32:14.000000000 -0400 @@ -2,3 +2,17 @@ 07_bookmarks.patch dont-make-compulsory.patch Disable-webapps-test.patch +Fix-memory-corruption-in-ephy_string_shorten.patch +Add-secure-output-encoding-functions.patch +about-handler-properly-encode-page-title-URL-in-about-ove.patch +about-handler-properly-encode-web-app-info-in-about-appli.patch +view-source-handler-encode-data-passed-to-highlight.js.patch +web-view-convert-error-pages-to-use-autofree-autoptr.patch +web-view-encode-data-in-error-pages.patch +Encode-PDF-data-backport-for-3.36.patch +Add-CSP-for-reader-mode-backport-for-GNOME-3.36.patch +web-view-encode-reader-mode-title-byline.patch +Fix-reload-buttons-on-error-pages.patch +about-handler-don-t-encode-app-ID-or-install-date.patch +output-encoding-remove-JS-encoding-function.patch +output-encoding-fix-build-with-older-GLib.patch diff -Nru epiphany-browser-3.36.4/debian/patches/view-source-handler-encode-data-passed-to-highlight.js.patch epiphany-browser-3.36.4/debian/patches/view-source-handler-encode-data-passed-to-highlight.js.patch --- epiphany-browser-3.36.4/debian/patches/view-source-handler-encode-data-passed-to-highlight.js.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/view-source-handler-encode-data-passed-to-highlight.js.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,68 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 16:47:00 -0600 +Subject: view-source-handler: encode data passed to highlight.js + +The actual data here should be good already because it gets escaped by +GLib, but this function is really designed for use in XML, so let's +switch to the simpler Epiphany function designed for anti-XSS to make it +more clear what's going on here. + +The URL is probably vulnerable, though, since a malicious URL could +conceivably try to escape the HTML entity context. Encode that. + +Part-of: +(cherry picked from commit ea2736c61840237de786ee8a36f9aba44c6501b0) +--- + embed/ephy-view-source-handler.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/embed/ephy-view-source-handler.c b/embed/ephy-view-source-handler.c +index ada11c6..d3d281a 100644 +--- a/embed/ephy-view-source-handler.c ++++ b/embed/ephy-view-source-handler.c +@@ -23,6 +23,7 @@ + + #include "ephy-embed-container.h" + #include "ephy-embed-shell.h" ++#include "ephy-output-encoding.h" + #include "ephy-web-view.h" + + #include +@@ -109,7 +110,9 @@ web_resource_data_cb (WebKitWebResource *resource, + EphyViewSourceRequest *request) + { + g_autofree guchar *data = NULL; +- g_autofree char *escaped_str = NULL; ++ g_autofree char *data_str = NULL; ++ g_autofree char *encoded_str = NULL; ++ g_autofree char *encoded_uri = NULL; + g_autoptr (GError) error = NULL; + g_autofree char *html = NULL; + gsize length; +@@ -120,8 +123,13 @@ web_resource_data_cb (WebKitWebResource *resource, + return; + } + +- /* Warning: data is not a string, so we pass length here because it's not NUL-terminated. */ +- escaped_str = g_markup_escape_text ((const char *)data, length); ++ /* Convert data to a string */ ++ data_str = g_malloc (length + 1); ++ memcpy (data_str, data, length); ++ data_str[length] = '\0'; ++ ++ encoded_str = ephy_encode_for_html_entity (data_str); ++ encoded_uri = ephy_encode_for_html_entity (webkit_web_resource_get_uri (resource)); + + html = g_strdup_printf ("" + " " +@@ -132,8 +140,8 @@ web_resource_data_cb (WebKitWebResource *resource, + " " + " 
%s
" + "", +- webkit_web_resource_get_uri (resource), +- escaped_str); ++ encoded_uri, ++ encoded_str); + + finish_uri_scheme_request (request, g_steal_pointer (&html), NULL); + } diff -Nru epiphany-browser-3.36.4/debian/patches/web-view-convert-error-pages-to-use-autofree-autoptr.patch epiphany-browser-3.36.4/debian/patches/web-view-convert-error-pages-to-use-autofree-autoptr.patch --- epiphany-browser-3.36.4/debian/patches/web-view-convert-error-pages-to-use-autofree-autoptr.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/web-view-convert-error-pages-to-use-autofree-autoptr.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,164 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 17:15:00 -0600 +Subject: web-view: convert error pages to use autofree/autoptr + +Part-of: +(cherry picked from commit a2c5150cef49fa2da75d342cca3370b2f7ab4234) +--- + embed/ephy-web-view.c | 77 ++++++++++++++++----------------------------------- + 1 file changed, 24 insertions(+), 53 deletions(-) + +diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c +index 7885877..cecafc5 100644 +--- a/embed/ephy-web-view.c ++++ b/embed/ephy-web-view.c +@@ -1646,9 +1646,9 @@ format_network_error_page (const char *uri, + const char **icon_name, + const char **style) + { +- char *formatted_origin; +- char *formatted_reason; +- char *first_paragraph; ++ g_autofree char *formatted_origin = NULL; ++ g_autofree char *formatted_reason = NULL; ++ g_autofree char *first_paragraph = NULL; + const char *second_paragraph; + + /* Page title when a site cannot be loaded due to a network error. */ +@@ -1685,10 +1685,6 @@ format_network_error_page (const char *uri, + + *icon_name = "network-error-symbolic.svg"; + *style = "default"; +- +- g_free (formatted_origin); +- g_free (formatted_reason); +- g_free (first_paragraph); + } + + static void +@@ -1702,10 +1698,10 @@ format_crash_error_page (const char *uri, + const char **icon_name, + const char **style) + { +- char *formatted_uri; +- char *formatted_distributor; +- char *first_paragraph; +- char *second_paragraph; ++ g_autofree char *formatted_uri = NULL; ++ g_autofree char *formatted_distributor = NULL; ++ g_autofree char *first_paragraph = NULL; ++ g_autofree char *second_paragraph = NULL; + + /* Page title when a site cannot be loaded due to a page crash error. */ + *page_title = g_strdup_printf (_("Problem Loading Page")); +@@ -1738,11 +1734,6 @@ format_crash_error_page (const char *uri, + + *icon_name = "computer-fail-symbolic.svg"; + *style = "default"; +- +- g_free (formatted_uri); +- g_free (formatted_distributor); +- g_free (first_paragraph); +- g_free (second_paragraph); + } + + static void +@@ -1795,8 +1786,8 @@ format_tls_error_page (EphyWebView *view, + const char **icon_name, + const char **style) + { +- char *formatted_origin; +- char *first_paragraph; ++ g_autofree char *formatted_origin = NULL; ++ g_autofree char *first_paragraph = NULL; + + /* Page title when a site is not loaded due to an invalid TLS certificate. */ + *page_title = g_strdup_printf (_("Security Violation")); +@@ -1830,9 +1821,6 @@ format_tls_error_page (EphyWebView *view, + + *icon_name = "channel-insecure-symbolic.svg"; + *style = "danger"; +- +- g_free (formatted_origin); +- g_free (first_paragraph); + } + + static void +@@ -1852,8 +1840,8 @@ format_unsafe_browsing_error_page (EphyWebView *view, + const char **icon_name, + const char **style) + { +- char *formatted_origin; +- char *first_paragraph; ++ g_autofree char *formatted_origin = NULL; ++ g_autofree char *first_paragraph = NULL; + + /* Page title when a site is flagged by Google Safe Browsing verification. */ + *page_title = g_strdup_printf (_("Security Warning")); +@@ -1919,9 +1907,6 @@ format_unsafe_browsing_error_page (EphyWebView *view, + + *icon_name = "security-high-symbolic.svg"; + *style = "danger"; +- +- g_free (formatted_origin); +- g_free (first_paragraph); + } + + static void +@@ -1983,19 +1968,19 @@ ephy_web_view_load_error_page (EphyWebView *view, + GError *error, + gpointer user_data) + { +- GBytes *html_file; +- GString *html = g_string_new (""); +- char *origin = NULL; +- char *lang = NULL; +- char *page_title = NULL; +- char *msg_title = NULL; +- char *msg_body = NULL; +- char *msg_details = NULL; +- char *button_label = NULL; +- char *hidden_button_label = NULL; +- char *button_action = NULL; +- char *hidden_button_action = NULL; +- char *style_sheet = NULL; ++ g_autoptr (GBytes) html_file = NULL; ++ g_autoptr (GString) html = g_string_new (NULL); ++ g_autofree char *origin = NULL; ++ g_autofree char *lang = NULL; ++ g_autofree char *page_title = NULL; ++ g_autofree char *msg_title = NULL; ++ g_autofree char *msg_body = NULL; ++ g_autofree char *msg_details = NULL; ++ g_autofree char *button_label = NULL; ++ g_autofree char *hidden_button_label = NULL; ++ g_autofree char *button_action = NULL; ++ g_autofree char *hidden_button_action = NULL; ++ g_autofree char *style_sheet = NULL; + const char *button_accesskey = NULL; + const char *hidden_button_accesskey = NULL; + const char *icon_name = NULL; +@@ -2135,23 +2120,9 @@ ephy_web_view_load_error_page (EphyWebView *view, + button_accesskey, button_label); + #pragma GCC diagnostic pop + +- g_bytes_unref (html_file); +- g_free (origin); +- g_free (lang); +- g_free (page_title); +- g_free (msg_title); +- g_free (msg_body); +- g_free (msg_details); +- g_free (button_label); +- g_free (button_action); +- g_free (hidden_button_label); +- g_free (hidden_button_action); +- g_free (style_sheet); +- + /* Make our history backend ignore the next page load, since it will be an error page. */ + ephy_web_view_freeze_history (view); + webkit_web_view_load_alternate_html (WEBKIT_WEB_VIEW (view), html->str, uri, 0); +- g_string_free (html, TRUE); + } + + static gboolean diff -Nru epiphany-browser-3.36.4/debian/patches/web-view-encode-data-in-error-pages.patch epiphany-browser-3.36.4/debian/patches/web-view-encode-data-in-error-pages.patch --- epiphany-browser-3.36.4/debian/patches/web-view-encode-data-in-error-pages.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/web-view-encode-data-in-error-pages.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,161 @@ +From: Michael Catanzaro +Date: Tue, 14 Dec 2021 17:37:05 -0600 +Subject: web-view: encode data in error pages + +Page titles and URLs are untrusted and could be nasty, so we need to +encode them appropriately when injecting them into HTML. + +Part-of: +(cherry picked from commit 4b723776272a71dec0e7cf7511df76edaeeab297) +--- + embed/ephy-web-view.c | 37 +++++++++++++++++++++++++++---------- + 1 file changed, 27 insertions(+), 10 deletions(-) + +diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c +index cecafc5..f31f5fd 100644 +--- a/embed/ephy-web-view.c ++++ b/embed/ephy-web-view.c +@@ -38,6 +38,7 @@ + #include "ephy-gsb-utils.h" + #include "ephy-history-service.h" + #include "ephy-lib-type-builtins.h" ++#include "ephy-output-encoding.h" + #include "ephy-permissions-manager.h" + #include "ephy-prefs.h" + #include "ephy-settings.h" +@@ -1646,6 +1647,8 @@ format_network_error_page (const char *uri, + const char **icon_name, + const char **style) + { ++ g_autofree char *encoded_uri = NULL; ++ g_autofree char *encoded_origin = NULL; + g_autofree char *formatted_origin = NULL; + g_autofree char *formatted_reason = NULL; + g_autofree char *first_paragraph = NULL; +@@ -1657,7 +1660,8 @@ format_network_error_page (const char *uri, + /* Message title when a site cannot be loaded due to a network error. */ + *message_title = g_strdup (_("Unable to display this website")); + +- formatted_origin = g_strdup_printf ("%s", origin); ++ encoded_origin = ephy_encode_for_html_entity (origin); ++ formatted_origin = g_strdup_printf ("%s", encoded_origin); + /* Error details when a site cannot be loaded due to a network error. */ + first_paragraph = g_strdup_printf (_("The site at %s seems to be " + "unavailable."), +@@ -1679,7 +1683,8 @@ format_network_error_page (const char *uri, + + /* The button on the network error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- *button_action = g_strdup_printf ("window.location = '%s';", uri); ++ encoded_uri = ephy_encode_for_javascript (uri); ++ *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -1698,6 +1703,8 @@ format_crash_error_page (const char *uri, + const char **icon_name, + const char **style) + { ++ g_autofree char *html_encoded_uri = NULL; ++ g_autofree char *js_encoded_uri = NULL; + g_autofree char *formatted_uri = NULL; + g_autofree char *formatted_distributor = NULL; + g_autofree char *first_paragraph = NULL; +@@ -1709,7 +1716,8 @@ format_crash_error_page (const char *uri, + /* Message title when a site cannot be loaded due to a page crash error. */ + *message_title = g_strdup (_("Oops! There may be a problem")); + +- formatted_uri = g_strdup_printf ("%s", uri); ++ html_encoded_uri = ephy_encode_for_html_entity (uri); ++ formatted_uri = g_strdup_printf ("%s", html_encoded_uri); + /* Error details when a site cannot be loaded due to a page crash error. */ + first_paragraph = g_strdup_printf (_("The page %s may have caused Web to " + "close unexpectedly."), +@@ -1728,7 +1736,8 @@ format_crash_error_page (const char *uri, + + /* The button on the page crash error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- *button_action = g_strdup_printf ("window.location = '%s';", uri); ++ js_encoded_uri = ephy_encode_for_javascript (uri); ++ *button_action = g_strdup_printf ("window.location = '%s';", js_encoded_uri); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -1747,6 +1756,7 @@ format_process_crash_error_page (const char *uri, + const char **icon_name, + const char **style) + { ++ g_autofree char *encoded_uri = NULL; + const char *first_paragraph; + + /* Page title when a site cannot be loaded due to a process crash error. */ +@@ -1762,7 +1772,8 @@ format_process_crash_error_page (const char *uri, + + /* The button on the process crash error page. DO NOT ADD MNEMONICS HERE. */ + *button_label = g_strdup (_("Reload")); +- *button_action = g_strdup_printf ("window.location = '%s';", uri); ++ encoded_uri = ephy_encode_for_javascript (uri); ++ *button_action = g_strdup_printf ("window.location = '%s';", encoded_uri); + /* Mnemonic for the Reload button on browser error pages. */ + *button_accesskey = C_("reload-access-key", "R"); + +@@ -1786,6 +1797,7 @@ format_tls_error_page (EphyWebView *view, + const char **icon_name, + const char **style) + { ++ g_autofree char *encoded_origin = NULL; + g_autofree char *formatted_origin = NULL; + g_autofree char *first_paragraph = NULL; + +@@ -1795,7 +1807,8 @@ format_tls_error_page (EphyWebView *view, + /* Message title when a site is not loaded due to an invalid TLS certificate. */ + *message_title = g_strdup (_("This Connection is Not Secure")); + +- formatted_origin = g_strdup_printf ("%s", origin); ++ encoded_origin = ephy_encode_for_html_entity (origin); ++ formatted_origin = g_strdup_printf ("%s", encoded_origin); + /* Error details when a site is not loaded due to an invalid TLS certificate. */ + first_paragraph = g_strdup_printf (_("This does not look like the real %s. " + "Attackers might be trying to steal or " +@@ -1840,6 +1853,7 @@ format_unsafe_browsing_error_page (EphyWebView *view, + const char **icon_name, + const char **style) + { ++ g_autofree char *encoded_origin = NULL; + g_autofree char *formatted_origin = NULL; + g_autofree char *first_paragraph = NULL; + +@@ -1849,7 +1863,8 @@ format_unsafe_browsing_error_page (EphyWebView *view, + /* Message title on the unsafe browsing error page. */ + *message_title = g_strdup (_("Unsafe website detected!")); + +- formatted_origin = g_strdup_printf ("%s", origin); ++ encoded_origin = ephy_encode_for_html_entity (origin); ++ formatted_origin = g_strdup_printf ("%s", encoded_origin); + /* Error details on the unsafe browsing error page. + * https://developers.google.com/safe-browsing/v4/usage-limits#UserWarnings + */ +@@ -1920,7 +1935,8 @@ format_no_such_file_error_page (EphyWebView *view, + const char **icon_name, + const char **style) + { +- g_autofree gchar *formatted_origin = NULL; ++ g_autofree gchar *encoded_address = NULL; ++ g_autofree gchar *formatted_address = NULL; + g_autofree gchar *first_paragraph = NULL; + g_autofree gchar *second_paragraph = NULL; + +@@ -1930,10 +1946,11 @@ format_no_such_file_error_page (EphyWebView *view, + /* Message title on the no such file error page. */ + *message_title = g_strdup (_("File not found")); + +- formatted_origin = g_strdup_printf ("%s", view->address); ++ encoded_address = ephy_encode_for_html_entity (view->address); ++ formatted_address = g_strdup_printf ("%s", encoded_address); + + first_paragraph = g_strdup_printf (_("%s could not be found."), +- formatted_origin); ++ formatted_address); + second_paragraph = g_strdup_printf (_("Please check the file name for " + "capitalization or other typing errors. Also check if " + "it has been moved, renamed, or deleted.")); diff -Nru epiphany-browser-3.36.4/debian/patches/web-view-encode-reader-mode-title-byline.patch epiphany-browser-3.36.4/debian/patches/web-view-encode-reader-mode-title-byline.patch --- epiphany-browser-3.36.4/debian/patches/web-view-encode-reader-mode-title-byline.patch 1969-12-31 19:00:00.000000000 -0500 +++ epiphany-browser-3.36.4/debian/patches/web-view-encode-reader-mode-title-byline.patch 2022-07-31 16:32:14.000000000 -0400 @@ -0,0 +1,48 @@ +From: Michael Catanzaro +Date: Thu, 16 Dec 2021 12:51:25 -0600 +Subject: web-view: encode reader mode title/byline + +(cherry picked from commit 2005ad35ec997c25fc41e8bb4907d27f68e7177e) +--- + embed/ephy-web-view.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/embed/ephy-web-view.c b/embed/ephy-web-view.c +index cf7d167..04e0d5f 100644 +--- a/embed/ephy-web-view.c ++++ b/embed/ephy-web-view.c +@@ -3362,6 +3362,8 @@ ephy_web_view_toggle_reader_mode (EphyWebView *view, + const gchar *title; + const gchar *font_style; + const gchar *color_scheme; ++ g_autofree gchar *encoded_byline = NULL; ++ g_autofree gchar *encoded_title = NULL; + + if (view->reader_active == active) + return; +@@ -3388,6 +3390,10 @@ ephy_web_view_toggle_reader_mode (EphyWebView *view, + color_scheme = enum_nick (EPHY_TYPE_PREFS_READER_COLOR_SCHEME, + g_settings_get_enum (EPHY_SETTINGS_READER, + EPHY_PREFS_READER_COLOR_SCHEME)); ++ ++ encoded_byline = view->reader_byline ? ephy_encode_for_html_entity (view->reader_byline) : g_strdup (""); ++ encoded_title = ephy_encode_for_html_entity (title); ++ + g_string_append_printf (html, "" + "%s" + "" \ +@@ -3402,11 +3408,11 @@ ephy_web_view_toggle_reader_mode (EphyWebView *view, + "" + "
", + (gchar *)g_bytes_get_data (style_css, NULL), +- title, ++ encoded_title, + font_style, + color_scheme, +- title, +- view->reader_byline != NULL ? view->reader_byline : ""); ++ encoded_title, ++ encoded_byline); + g_string_append (html, view->reader_content); + g_string_append (html, "

"); +