Basilisk 52.9.2023.10.03 (Firefox Fork) - 52 MB - hardened against CVE-2023-5217 and CVE 2023-4863

Post#1 by **Rava** » 27 Oct 2023, 03:58

Cave! I use the Addon Swarth 1.1.0

Modifies web pages to use a dark color scheme or based on the user's preferences.

I presume the Addon should sound like the German word "Schwarz" which means "black"

https://www.basilisk-browser.org

Basilisk web browser
Basilisk is a free and Open Source XUL-based web browser, featuring the well-known Firefox-style interface and operation. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.

[…]

Is this browser associated/affiliated with Mozilla?
In one word: No.

This browser is currently developed by the Basilisk Browser Development Team, and is a fully independent fork of the Mozilla/Firefox code.

This browser was originally created by the team behind the Pale Moon Browser.

The "dict_en-US" is the standard for basilisk.

md5sum

Code: Select all

86c28658777aafa0729814a2d3e0b12a  basilisk-20231003151819.linux-x86_64-gtk2_dict_en-US.xzm

https://www.mediafire.com/file/gmzdxzjo ... S.xzm/file

For a browser that is Firefox based and has fixes for CVE-2023-5217 and CVE 2023-4863 it is amazingly small.

The module is only 54433700 bytes (51.91 MB)

Most likely you also need this module: (thanks to Kulle for reminding me)

Rava wrote: ↑
28 Oct 2023, 23:02
For using GTK2 programs, at least Porteus 5.0 and 5.01 XFCE needs this:

https://www.mediafire.com/file/xxnq29m9 ... 3.xzm/file

size: 2158592 bytes - 2.06 MB
md5sum: b9e7de28e30ceea6fae9abdc20e4c6c3

https://www.basilisk-browser.org/releasenotes.shtml

v2023.10.03 Published 2023-10-03Update
This is a bugfix and a critical security update.

Added WASM sign extension opcodes.
Added GTK version to "Help->About" on GTK builds.
Removed some unused Android/b2g/iOS code from Basilisk.
Removed some obsolete Crash Reporter and Error Reporting code from Basilisk.
Remove some unused code related to Mozilla telemetry from Basilisk.
Remove some unused stub functions from Basilisk.
Remove obsolete prefs related to the previously mentioned code removals from Basilisk.
Rewrite some code in Basilisk to use the text preprocessor at build time instead of AppConstants at run time.
Set Basilisk to always ask where to save files by default.
Fixed an issue in BigInt typedArray costructors.
Added some safety checks for Performance Observers.
Fixed JSON BigInt regressions.
Upgraded usrsctp library to a version over 5 years newer, fixing various security issues and potential bugs in sites using WebRTC DataChannels.
Fixed an issue with libvpx encoding (CVE-2023-5217)
Fixed an issue with dead Promise wrappers in JavaScript DiD
Fixed an issue with Alternative Services DiD

v2023.09.15 Published 2023-09-15
This is a critical security update.

Fixed a WebP decoder issue (CVE 2023-4863)
[…]

(highlighting by me)
Downloads according to mediafire.com - 5 hours 42 minutes later: 3 downloads in total - approx 6 hrs: 4 downloads in total - approx 24 hours: 6 downloads in total - approx 2 days 22 hrs: 8 downloads in total - approx 4 days 8 hrs: 11 downloads in total - approx 5 days 14 hrs: 13 downloads in total
Added in 1 hour 36 minutes 42 seconds:
Update
I asked the maintainer of basilisk on the palemoon forum how to incorporate other dictionaries into /opt/basilisk and not via the user's home directory, but got no response prior to this upload.

Though she or he answered a different prior question already. For myself I want a basilisk with en-GB and de1901 dictionaries incorporated via /opt/basilisk/ .

Seems adding a language pack is not that difficult. Code extracted from update-palemoon-live and since basilisk should be close enough code-wise to palemoon it should work okay to use the following code as guidance:

Code: Select all

## Add language pack and set language if present
if [ -e "$TMPDIR/locale/$PRGNAM-i18n-${LOC,,}-${VER}.xpi" ]; then
	mkdir $PKG/opt/$PRGNAM/distribution/extensions
	cp $TMPDIR/locale/$PRGNAM-i18n-${LOC,,}-${VER}.xpi $PKG/opt/$PRGNAM/distribution/extensions/langpack-${LOC}@palemoon.org.xpi
	cat >> $PKG/opt/$PRGNAM/distribution/distribution.ini << EOF
general.useragent.locale="${LOC}"
extensions.autoDisableScopes=0
extensions.shownSelectionUI=true
intl.locale.matchOS=true
EOF
fi

Of course one must either populate all the variables in a correct manner or alter the code accordingly. (At least one should change langpack-${LOC}@palemoon.org.xpi to langpack-${LOC}@basilisk-browser.org.xpi or to langpack-${LOC}@basilisk.org.xpi)
Or just do it manually and use the above code as guidance.

But what I want is not a different language pack (the language the program is set) but different dictionaries; and the only time "dict" is mentioned in update-palemoon-live is here:

Code: Select all

# use system hunspell if user wants it
if [[ $USE_SYSTEM_SPELLCHECK == "yes" ]]; then
  rm -rf palemoon/dictionaries
  ln -sv /usr/share/hunspell $PRGNAM/dictionaries
fi

thus I did not learn anything useful for me on how to replace dict-en-US with other dictionaries, but something useful for folks who want to change their basilisk module language pack. And that is also a gain.

Post#2 by **Kulle** » 28 Oct 2023, 20:06

Hi Rava,
Basilisk 52.9.2023.10.03 does not work under PorteuX Xfce 4.16 :

Code: Select all

libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

I didn't find a suitable file libgtk -x11

Post#3 by **Rava** » 28 Oct 2023, 22:55

Kulle wrote: ↑
28 Oct 2023, 20:06
Hi Rava,
Basilisk 52.9.2023.10.03 does not work under PorteuX Xfce 4.16 :
Code: Select all
libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.
I didn't find a suitable file libgtk -x11

Oh yes, I forgot that I also loaded the 021-libgtk+libgdk-x11-2.0.so.0.2400.33.xzm module since I started switching my main programs from GTK3 to GTK2.
I will upload it and post the link here.

Added in 6 minutes 47 seconds:
Here you go:

Rava wrote: ↑
28 Oct 2023, 23:02
For using GTK2 programs, at least Porteus 5.0 and 5.01 XFCE needs this:

https://www.mediafire.com/file/xxnq29m9 ... 3.xzm/file

size: 2158592 bytes - 2.06 MB
md5sum: b9e7de28e30ceea6fae9abdc20e4c6c3

Post#4 by **Rava** » 31 Oct 2023, 12:14

Rava wrote: ↑
27 Oct 2023, 11:18
I asked the maintainer of basilisk on the palemoon forum how to incorporate other dictionaries into /opt/basilisk and not via the user's home directory, but got no response prior to this upload.

He now replied and told me he also has no clue.

My solution for now is this:

Palemoon being my main browser, and basilisk is a less often used alternative browser.

I presumed for that to work since palemoon and basilisk are close enough - code-wise and since PM is my main browser:
I set up symlinks in my ~/.basilisk-dev/basilisk/RANDOM.default/extensions that link my extensions (de-DE-1901@dictionaries.thereisonlyxul.org - eMatrix@vannilla.org.xpi - en-GB@dictionaries.thereisonlyxul.org - uBlock0@raymondhill.net.xpi and url-rewriter@papush) to their respective files or folders in my ~/moonchild\ productions/pale\ moon/RANDOM.default/extensions/
That is: all extra extensions but the swarth@franklindm.xpi since I use that in Basilisk instead of "Advanced Night Mode" that I use in PM.

While using the folders and files of the extensions like so works like a charm (first I installed them manually in Basilisk and let Basilisk do the setup; then I exited Basilisk (did a backup of my ~/.basilisk-dev/) and replaced the folders and files of the extensions with the above mentioned symlinks and started Basilisk anew) I sure did not use the same symlinking when it comes to the databases 2 of these extensions use:

Code: Select all

ematrix.sqlite
ublock0.sqlite

Since I would use PM and Basilisk at the same time, I thought it would be a very bad idea for both programs writing into the same databases at the same time. So while they can share the extensions themselves just fine, each program has its own ematrix.sqlite and ublock0.sqlite files.
And as additional precaution, I recommend anyone following my above approach to disable automated updating of the extensions in one of these browsers (recommended disabling that in the least used browser while keeping it on auto-updating it in the more often used browser)

Post#5 by **Rava** » 16 Dec 2023, 21:05

New version available:
as tar.xz to self-extract. (and to create the needed opt/ and usr/bin usr/share/applications/ and usr/share/icons/hicolor/*/ directories and its needed files, like in my above module)

via https://basilisk-browser.org/download.shtml

Linux tarball:
x86 64-bit GTK2 https://archive.basilisk-browser.org/20 ... tk2.tar.xz
x86 64-bit GTK3 https://archive.basilisk-browser.org/20 ... tk3.tar.xz

Checksums (SHA256):

basilisk-20231210185501.linux-x86_64-gtk2.tar.xz:
ae28bd4a7605d53aca76b5e083d080792c35783792aeb4c72e5389b16624d425

basilisk-20231209024137.linux-x86_64-gtk3.tar.xz:
1faf8334a9c441350f02e5360312281c1f54c79ef20ddb66ce3d3c6cb48726d1

from https://www.basilisk-browser.org/releasenotes.shtml

v2023.12.09 Published 2023-12-08
This is a minor development and security update.
Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.

We no longer support the data: protocol inside SVG's <use> statements.
Enabled more validation/error checking for WebGL on Windows to prevent potential crashes.
Improved secure context checking for iframes.
Fixed the handling of relative paths in URLs starting with multiple forward slashes.
Linux ARM64 was built with Clang instead of GCC due to issues with GCC on that platform.
Security issues addressed: CVE-2023-6204, CVE-2023-6210, CVE-2023-6209 and CVE-2023-6205 DiD
UXP Mozilla security patch summary: 3 fixed, 1 DiD, 14 not applicable.

There was also a v2023.11.05 "This is a major development and security update."
So if you use basilisk either update to the most recent version v2023.12.09 or at least to v2023.11.05.

Example: (sans listing of the files and folders from the tar.xz that I extracted into opt/basilisk/
)

Code: Select all

root@rava:/mybasilisk/005-basilisk-52.9.2023.12.10.linux-x86_64-gtk2_NO-dict# find .|grep -v "./opt/"
.
./opt
./usr
./usr/bin
./usr/bin/basilisk
./usr/share
./usr/share/applications
./usr/share/applications/browser.desktop
./usr/share/applications/basilisk.desktop
./usr/share/icons
./usr/share/icons/hicolor
./usr/share/icons/hicolor/128x128
./usr/share/icons/hicolor/128x128/apps
./usr/share/icons/hicolor/128x128/apps/basilisk.png
./usr/share/icons/hicolor/16x16
./usr/share/icons/hicolor/16x16/apps
./usr/share/icons/hicolor/16x16/apps/basilisk.png
./usr/share/icons/hicolor/32x32
./usr/share/icons/hicolor/32x32/apps
./usr/share/icons/hicolor/32x32/apps/basilisk.png
./usr/share/icons/hicolor/48x48
./usr/share/icons/hicolor/48x48/apps
./usr/share/icons/hicolor/48x48/apps/basilisk.png
root@rava:/mybasilisk/005-basilisk-52.9.2023.12.10.linux-x86_64-gtk2_NO-dict# file ./usr/bin/basilisk
./usr/bin/basilisk: broken symbolic link to /opt/basilisk/basilisk
root@rava:/mybasilisk/005-basilisk-52.9.2023.12.10.linux-x86_64-gtk2_NO-dict#

When the module is created and activated, the symlink /usr/bin/basilisk is no longer a broken symlink.

I only downloaded and tested the GTK2 variant (because it basically looks the same, but is more performant than the GTK3 version.)

and it seems to work flawlessly with my own add-ons.

Only the same old complaining about these:

Code: Select all

1702760209758	addons.xpi	WARN	Add-on en-GB@dictionaries.thereisonlyxul.org is missing bootstrap method install
1702760209768	addons.xpi	WARN	Add-on de-DE-1901@dictionaries.thereisonlyxul.org is missing bootstrap method install
1702760361084	addons.update-checker	WARN	update.rdf: Update manifest for de-DE-1901@dictionaries.thereisonlyxul.org did not contain an updates property
1702760361104	addons.update-checker	WARN	update.rdf: Update manifest for en-GB@dictionaries.thereisonlyxul.org did not contain an updates property