pool/epiphany
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 616645 from GNOME:Factory

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/616645
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/epiphany?expand=0&rev=153
This commit is contained in:
Yuchen Lin 2018-06-19 10:00:28 +00:00 committed by Git OBS Bridge
commit 527f1a8764
8 changed files with 378 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

254
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch Normal file
View File

@ -0,0 +1,254 @@
From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001
From: Gabriel Ivașcu <ivascu.gabriel59@gmail.com>
Date: Tue, 12 Jun 2018 12:39:50 +0300
Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists"
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
---
lib/safe-browsing/ephy-gsb-service.c | 74 --------------------------------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.h | 2 --
3 files changed, 51 insertions(+), 124 deletions(-)
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c
index b36592a..a99a6d2 100644
--- a/lib/safe-browsing/ephy-gsb-service.c
+++ b/lib/safe-browsing/ephy-gsb-service.c
@@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self)
LOG ("Next update scheduled in %ld seconds", interval);
}
-static GList *
-ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self)
-{
- GList *retval = NULL;
- JsonNode *body_node = NULL;
- JsonObject *body_obj;
- JsonArray *threat_lists;
- JsonObject *descriptor;
- const char *threat_type;
- const char *platform_type;
- const char *threat_entry_type;
- SoupMessage *msg;
- char *url;
-
- g_assert (EPHY_IS_GSB_SERVICE (self));
-
- url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key);
- msg = soup_message_new (SOUP_METHOD_GET, url);
- soup_session_send_message (self->session, msg);
-
- if (msg->status_code != 200) {
- LOG ("Failed to fetch the threat lists from the server, got: %u, %s",
- msg->status_code, msg->response_body->data);
- goto out;
- }
-
- body_node = json_from_string (msg->response_body->data, NULL);
- if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) {
- g_warning ("Response is not a valid JSON object");
- goto out;
- }
-
- body_obj = json_node_get_object (body_node);
-
- if (json_object_has_non_null_array_member (body_obj, "threatLists")) {
- threat_lists = json_object_get_array_member (body_obj, "threatLists");
- for (guint i = 0; i < json_array_get_length (threat_lists); i++) {
- descriptor = json_array_get_object_element (threat_lists, i);
- threat_type = json_object_get_string_member (descriptor, "threatType");
- platform_type = json_object_get_string_member (descriptor, "platformType");
-
- /* Keep SOCIAL_ENGINEERING threats that are for any platform.
- * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only.
- */
- if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) {
- if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0)
- continue;
- } else if (g_strcmp0 (platform_type, "LINUX") != 0) {
- continue;
- }
-
- threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType");
- retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type,
- platform_type,
- threat_entry_type,
- NULL));
- }
- }
-
-out:
- g_free (url);
- g_object_unref (msg);
- if (body_node)
- json_node_unref (body_node);
-
- return g_list_reverse (retval);
-}
-
static void
ephy_gsb_service_update_thread (GTask *task,
EphyGSBService *self,
@@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task,
ephy_gsb_storage_delete_old_full_hashes (self->storage);
- /* Fetch and store new threat lists, if any. */
- threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self);
- for (GList *l = threat_lists; l && l->data; l = l->next)
- ephy_gsb_storage_insert_threat_list (self->storage, l->data);
- g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free);
-
threat_lists = ephy_gsb_storage_get_threat_lists (self->storage);
if (!threat_lists) {
LOG ("No threat lists to update");
diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c
index 374d98d..05d8f27 100644
--- a/lib/safe-browsing/ephy-gsb-storage.c
+++ b/lib/safe-browsing/ephy-gsb-storage.c
@@ -34,8 +34,21 @@
*/
#define BATCH_SIZE 199
-/* Increment schema version if you modify the database table structure. */
-#define SCHEMA_VERSION 2
+/* Increment schema version if you:
+ * 1) Modify the database table structure.
+ * 2) Modify the threat lists below.
+ */
+#define SCHEMA_VERSION 3
+
+/* The available Linux threat lists of Google Safe Browsing API v4.
+ * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}.
+ */
+static const char * const gsb_linux_threat_lists[][3] = {
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"},
+ {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"},
+};
struct _EphyGSBStorage {
GObject parent_instance;
@@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self)
static gboolean
ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
{
+ EphySQLiteStatement *statement;
GError *error = NULL;
+ GString *string;
const char *sql;
g_assert (EPHY_IS_GSB_STORAGE (self));
@@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
return FALSE;
}
+ sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES ";
+ string = g_string_new (sql);
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++)
+ g_string_append (string, "(?, ?, ?),");
+ /* Remove trailing comma character. */
+ g_string_erase (string, string->len - 1, -1);
+
+ statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error);
+ g_string_free (string, TRUE);
+
+ if (error) {
+ g_warning ("Failed to create threats table insert statement: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) {
+ EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0],
+ gsb_linux_threat_lists[i][1],
+ gsb_linux_threat_lists[i][2],
+ NULL);
+ bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1);
+ ephy_gsb_threat_list_free (list);
+ }
+
+ ephy_sqlite_statement_step (statement, &error);
+ g_object_unref (statement);
+
+ if (error) {
+ g_warning ("Failed to insert initial data into threats table: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
return TRUE;
}
@@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
}
/**
- * ephy_gsb_storage_insert_threat_list:
- * @self: an #EphyGSBStorage
- * @list: an #EphyGSBThreatList
- *
- * Insert a threat lists into the local database. If the combination
- * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the
- * database, then this function does nothing. The client state is ignored.
- * Use ephy_gsb_storage_update_client_state() if you need to update the
- * client state.
- **/
-void
-ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list)
-{
- EphySQLiteStatement *statement;
- GError *error = NULL;
- const char *sql;
-
- g_assert (EPHY_IS_GSB_STORAGE (self));
- g_assert (list);
-
- sql = "INSERT OR IGNORE INTO threats "
- "(threat_type, platform_type, threat_entry_type, client_state) "
- "VALUES (?, ?, ?, ?)";
- statement = ephy_sqlite_connection_create_statement (self->db, sql, &error);
- if (error) {
- g_warning ("Failed to create insert threat list statement: %s", error->message);
- g_error_free (error);
- return;
- }
-
- if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) {
- g_object_unref (statement);
- return;
- }
-
- ephy_sqlite_statement_step (statement, &error);
- if (error) {
- g_warning ("Failed to execute insert threat list statement: %s", error->message);
- g_error_free (error);
- }
-
- g_object_unref (statement);
-}
-
-/**
* ephy_gsb_storage_get_threat_lists:
* @self: an #EphyGSBStorage
*
diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h
index 056b4e7..ed41a7e 100644
--- a/lib/safe-browsing/ephy-gsb-storage.h
+++ b/lib/safe-browsing/ephy-gsb-storage.h
@@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage
void ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
const char *key,
gint64 value);
-void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list);
GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self);
char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self,
EphyGSBThreatList *list);
--
libgit2 0.27.1

3
epiphany-3.28.2.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:baa4e9f0ac0b1e95fa2027af796859114f448f0f274976c30c9b8db734c6402d
size 4470360

3
epiphany-3.28.3.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:690546a701f046c5c2b3a092659589ea6e17cb0f9a81ec3fdb3046b00cede6f7
size 4475124

56
epiphany-bring-back-tabs-webapp.patch
View File

@ -1,56 +0,0 @@
From c56294dd46db69c94f8238dd47f568ca57bc51c0 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Thu, 5 Apr 2018 11:52:24 -0500
Subject: Again disallow new tab action in app mode
Tabs still work, but only when opening a link
https://bugzilla.gnome.org/show_bug.cgi?id=795007
---
src/ephy-notebook.c | 7 +++++--
src/ephy-window.c | 1 +
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/ephy-notebook.c b/src/ephy-notebook.c
index 3833862..4a05b93 100644
--- a/src/ephy-notebook.c
+++ b/src/ephy-notebook.c
@@ -344,10 +344,12 @@ static void
update_tabs_visibility (EphyNotebook *nb,
gboolean before_inserting)
{
+ EphyEmbedShellMode mode;
gboolean show_tabs = FALSE;
guint num;
EphyPrefsUITabsBarVisibilityPolicy policy;
+ mode = ephy_embed_shell_get_mode (EPHY_EMBED_SHELL (ephy_shell_get_default ()));
num = gtk_notebook_get_n_pages (GTK_NOTEBOOK (nb));
if (before_inserting)
@@ -356,8 +358,9 @@ update_tabs_visibility (EphyNotebook *nb,
policy = g_settings_get_enum (EPHY_SETTINGS_UI,
EPHY_PREFS_UI_TABS_BAR_VISIBILITY_POLICY);
- if (((policy == EPHY_PREFS_UI_TABS_BAR_VISIBILITY_POLICY_MORE_THAN_ONE && num > 1) ||
- policy == EPHY_PREFS_UI_TABS_BAR_VISIBILITY_POLICY_ALWAYS))
+ if (mode != EPHY_EMBED_SHELL_MODE_APPLICATION &&
+ ((policy == EPHY_PREFS_UI_TABS_BAR_VISIBILITY_POLICY_MORE_THAN_ONE && num > 1) ||
+ policy == EPHY_PREFS_UI_TABS_BAR_VISIBILITY_POLICY_ALWAYS))
show_tabs = TRUE;
/* Only show the tabs when the "tabs-allowed" property is TRUE. */
diff --git a/src/ephy-window.c b/src/ephy-window.c
index e7aa10f..2bdf442 100644
--- a/src/ephy-window.c
+++ b/src/ephy-window.c
@@ -2997,6 +2997,7 @@ static const char *disabled_actions_for_app_mode[] = { "open",
"save-as-application",
"encoding",
"bookmark-page",
+ "new-tab",
"home" };
static void
--
cgit v0.12

34
epiphany-fix-crash-CVE-2018-11396.patch
View File

@ -1,34 +0,0 @@
From 8c434004c0c5937c948cec6cccd95f547a0c14df Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Tue, 22 May 2018 21:06:32 -0500
Subject: [PATCH] session: Fix crash when JS opens an invalid URI
https://bugzilla.gnome.org/show_bug.cgi?id=795740
---
src/ephy-session.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/ephy-session.c b/src/ephy-session.c
index 8a86cea..532930e 100644
--- a/src/ephy-session.c
+++ b/src/ephy-session.c
@@ -828,8 +828,15 @@ session_seems_sane (GList *windows)
SoupURI *uri;
gboolean sane = FALSE;
+ /* NULL URLs are possible when an invalid URL is opened by JS.
+ * E.g. <script>win = window.open("blah", "WIN");</script>
+ */
+ if (url == NULL)
+ continue;
+
/* Blank URLs can occur in some situations. Just ignore these, as they
- * are harmless and not an indicator of a corrupted session. */
+ * are harmless and not an indicator of a corrupted session.
+ */
if (strcmp (url, "") == 0)
continue;
--
libgit2 0.27.0

88
epiphany-uri-tester-fixes.patch Normal file
View File

@ -0,0 +1,88 @@
From facfa80c2b36ca7479de4323b77019965363dc6e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:10:23 -0500
Subject: [PATCH] uri-tester: Fix urlcache memory leak
Something went wrong with the git history related to e17dc362, and we
wound up allocating a string here that will never be freed. Whoops.
Then we pass it through GPOINTER_TO_INT() even though it is really a
random pointer and not going to be a meaningful integer value, and
return it as a gboolean. So we have a gboolean that is neither TRUE nor
FALSE, which is bad. But fortunately, it looks like it's never
explicitly compared to TRUE, so there should have been no behavioral
issue besides the leak.
This is related to #37.
---
embed/web-extension/ephy-uri-tester.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index 70f7cfd..a871f66 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -189,7 +189,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
- g_hash_table_insert (urlcache, g_strdup (req_uri), g_strdup ("1"));
+ g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (TRUE));
return TRUE;
}
--
libgit2 0.27.1
From d76a401971da4cecf746fa98cb94db6fa45fd88e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:32:53 -0500
Subject: [PATCH] uri-tester: Fix cache lookups when URI is not matched
This regressed in e17dc3627218aed60e2fa61486757b55dc804b6e.
g_hash_table_lookup() cannot distinguish between a missing value and a
NULL value. We are storing a NULL pointer (GINT_TO_POINTER (FALSE)) to
indicate that the URL is not a match, so the end result is that instead
of a cache hit indicating we should return FALSE, we instead get a cache
miss and then have to manually determine that we need to return FALSE.
This should be a performance fix only, it should not affect correctness.
Fixes #37
---
embed/web-extension/ephy-uri-tester.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index a871f66..5158dcb 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -178,14 +178,14 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
const char *page_uri,
gboolean whitelist)
{
- char *value;
+ gpointer is_matched;
GHashTable *urlcache = tester->urlcache;
if (whitelist)
urlcache = tester->whitelisted_urlcache;
/* Check cached URLs first. */
- if ((value = g_hash_table_lookup (urlcache, req_uri)))
- return GPOINTER_TO_INT (value);
+ if (g_hash_table_lookup_extended (urlcache, req_uri, NULL, &is_matched))
+ return GPOINTER_TO_INT (is_matched);
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
@@ -199,6 +199,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
return TRUE;
}
+ /* No match. */
g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (FALSE));
return FALSE;
}
--
libgit2 0.27.1

27
epiphany.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Wed Jun 13 23:25:20 UTC 2018 - bjorn.lie@gmail.com
- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and
fix cache lookups when URI is not matched
(glgo#GNOME/epiphany#37).
- Add
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch:
Revert gsb-storage: Don't hardcode Linux threat lists.
-------------------------------------------------------------------
Fri Jun 8 16:55:05 UTC 2018 - bjorn.lie@gmail.com
- Update to version 3.28.3.1:
+ Fix missing symbol in 3.28.3 (glgo#GNOME/epiphany#33).
- Changes from version 3.28.3:
+ Fix CVE-2018-11396/CVE-2018-12016 (bgo#795740).
+ Allow Ctrl+T in app mode again due to unintended consequences
(bgo#796204).
+ Don't remember passwords when the setting is disabled
(bgo#796219).
+ Fix password manager crash on chase.com
(glgo#GNOME/epiphany#11).
- Drop epiphany-fix-crash-CVE-2018-11396.patch: Fixed upstream.
- Drop epiphany-bring-back-tabs-webapp.patch: Upstream reverted the
change too, so patch no longer needed.
-------------------------------------------------------------------
Tue May 22 16:22:16 UTC 2018 - bjorn.lie@gmail.com

15
epiphany.spec
View File

@ -17,7 +17,7 @@
Name: epiphany
Version: 3.28.2.1
Version: 3.28.3.1
Release: 0
Summary: GNOME Web Browser
License: GPL-3.0-or-later
@ -25,11 +25,10 @@ Group: Productivity/Networking/Web/Browsers
URL: https://wiki.gnome.org/Apps/Web
Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz
Source99: %{name}-rpmlintrc
# PATCH-FIX-UPSTREAM epiphany-bring-back-tabs-webapp.patch -- Revert the revert for tabs in webapps.
# FIXME Drop epiphany-bring-back-tabs-webapp.patch on versionbump to 3.29, fixed differently on master.
Patch0: epiphany-bring-back-tabs-webapp.patch
# PATCH-FIX-UPSTREAM epiphany-fix-crash-CVE-2018-11396.patch CVE-2018-11396 bgo#795740 boo#1094464 -- session: Fix crash when JS opens an invalid URI
Patch1: epiphany-fix-crash-CVE-2018-11396.patch
# PATCH-FIX-UPSTREAM epiphany-uri-tester-fixes.patch -- Fix urlcache memory leak and Fix cache lookups when URI is not matched
Patch0: epiphany-uri-tester-fixes.patch
# PATCH-FIX-UPSTREAM epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch -- Revert "gsb-storage: Don't hardcode Linux threat lists"
Patch1: epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
BuildRequires: fdupes
BuildRequires: meson
@ -99,9 +98,7 @@ search results from Web (epiphany)
%lang_package
%prep
%autosetup -N
%patch0 -p1 -R
%patch1 -p1
%autosetup -p1
translation-update-upstream
%build