Accepting request 633720 from GNOME:Factory

- Update to version 3.28.4:
  + Improve performance of adblocker.
  + Ensure correct address is displayed in security popover when
    starting loads.
  + Fix crash on homedepot.com.
  + Improve use of Safe Browsing threat lists.
  + Fix miscellaneous memory leaks.
- Drop upstream fixed patches:
  + epiphany-uri-tester-fixes.patch.
  + epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch.
  + epiphany-leak-fixes.patch. (forwarded request 633697 from iznogood)

OBS-URL: https://build.opensuse.org/request/show/633720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/epiphany?expand=0&rev=155
This commit is contained in:
Dominique Leuenberger 2018-09-07 13:41:39 +00:00 committed by Git OBS Bridge
commit 90415abb4b
7 changed files with 19 additions and 480 deletions

View File

@ -1,254 +0,0 @@
From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001
From: Gabriel Ivașcu <ivascu.gabriel59@gmail.com>
Date: Tue, 12 Jun 2018 12:39:50 +0300
Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists"
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
---
lib/safe-browsing/ephy-gsb-service.c | 74 --------------------------------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.h | 2 --
3 files changed, 51 insertions(+), 124 deletions(-)
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c
index b36592a..a99a6d2 100644
--- a/lib/safe-browsing/ephy-gsb-service.c
+++ b/lib/safe-browsing/ephy-gsb-service.c
@@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self)
LOG ("Next update scheduled in %ld seconds", interval);
}
-static GList *
-ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self)
-{
- GList *retval = NULL;
- JsonNode *body_node = NULL;
- JsonObject *body_obj;
- JsonArray *threat_lists;
- JsonObject *descriptor;
- const char *threat_type;
- const char *platform_type;
- const char *threat_entry_type;
- SoupMessage *msg;
- char *url;
-
- g_assert (EPHY_IS_GSB_SERVICE (self));
-
- url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key);
- msg = soup_message_new (SOUP_METHOD_GET, url);
- soup_session_send_message (self->session, msg);
-
- if (msg->status_code != 200) {
- LOG ("Failed to fetch the threat lists from the server, got: %u, %s",
- msg->status_code, msg->response_body->data);
- goto out;
- }
-
- body_node = json_from_string (msg->response_body->data, NULL);
- if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) {
- g_warning ("Response is not a valid JSON object");
- goto out;
- }
-
- body_obj = json_node_get_object (body_node);
-
- if (json_object_has_non_null_array_member (body_obj, "threatLists")) {
- threat_lists = json_object_get_array_member (body_obj, "threatLists");
- for (guint i = 0; i < json_array_get_length (threat_lists); i++) {
- descriptor = json_array_get_object_element (threat_lists, i);
- threat_type = json_object_get_string_member (descriptor, "threatType");
- platform_type = json_object_get_string_member (descriptor, "platformType");
-
- /* Keep SOCIAL_ENGINEERING threats that are for any platform.
- * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only.
- */
- if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) {
- if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0)
- continue;
- } else if (g_strcmp0 (platform_type, "LINUX") != 0) {
- continue;
- }
-
- threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType");
- retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type,
- platform_type,
- threat_entry_type,
- NULL));
- }
- }
-
-out:
- g_free (url);
- g_object_unref (msg);
- if (body_node)
- json_node_unref (body_node);
-
- return g_list_reverse (retval);
-}
-
static void
ephy_gsb_service_update_thread (GTask *task,
EphyGSBService *self,
@@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task,
ephy_gsb_storage_delete_old_full_hashes (self->storage);
- /* Fetch and store new threat lists, if any. */
- threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self);
- for (GList *l = threat_lists; l && l->data; l = l->next)
- ephy_gsb_storage_insert_threat_list (self->storage, l->data);
- g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free);
-
threat_lists = ephy_gsb_storage_get_threat_lists (self->storage);
if (!threat_lists) {
LOG ("No threat lists to update");
diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c
index 374d98d..05d8f27 100644
--- a/lib/safe-browsing/ephy-gsb-storage.c
+++ b/lib/safe-browsing/ephy-gsb-storage.c
@@ -34,8 +34,21 @@
*/
#define BATCH_SIZE 199
-/* Increment schema version if you modify the database table structure. */
-#define SCHEMA_VERSION 2
+/* Increment schema version if you:
+ * 1) Modify the database table structure.
+ * 2) Modify the threat lists below.
+ */
+#define SCHEMA_VERSION 3
+
+/* The available Linux threat lists of Google Safe Browsing API v4.
+ * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}.
+ */
+static const char * const gsb_linux_threat_lists[][3] = {
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"},
+ {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"},
+};
struct _EphyGSBStorage {
GObject parent_instance;
@@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self)
static gboolean
ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
{
+ EphySQLiteStatement *statement;
GError *error = NULL;
+ GString *string;
const char *sql;
g_assert (EPHY_IS_GSB_STORAGE (self));
@@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
return FALSE;
}
+ sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES ";
+ string = g_string_new (sql);
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++)
+ g_string_append (string, "(?, ?, ?),");
+ /* Remove trailing comma character. */
+ g_string_erase (string, string->len - 1, -1);
+
+ statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error);
+ g_string_free (string, TRUE);
+
+ if (error) {
+ g_warning ("Failed to create threats table insert statement: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) {
+ EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0],
+ gsb_linux_threat_lists[i][1],
+ gsb_linux_threat_lists[i][2],
+ NULL);
+ bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1);
+ ephy_gsb_threat_list_free (list);
+ }
+
+ ephy_sqlite_statement_step (statement, &error);
+ g_object_unref (statement);
+
+ if (error) {
+ g_warning ("Failed to insert initial data into threats table: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
return TRUE;
}
@@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
}
/**
- * ephy_gsb_storage_insert_threat_list:
- * @self: an #EphyGSBStorage
- * @list: an #EphyGSBThreatList
- *
- * Insert a threat lists into the local database. If the combination
- * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the
- * database, then this function does nothing. The client state is ignored.
- * Use ephy_gsb_storage_update_client_state() if you need to update the
- * client state.
- **/
-void
-ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list)
-{
- EphySQLiteStatement *statement;
- GError *error = NULL;
- const char *sql;
-
- g_assert (EPHY_IS_GSB_STORAGE (self));
- g_assert (list);
-
- sql = "INSERT OR IGNORE INTO threats "
- "(threat_type, platform_type, threat_entry_type, client_state) "
- "VALUES (?, ?, ?, ?)";
- statement = ephy_sqlite_connection_create_statement (self->db, sql, &error);
- if (error) {
- g_warning ("Failed to create insert threat list statement: %s", error->message);
- g_error_free (error);
- return;
- }
-
- if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) {
- g_object_unref (statement);
- return;
- }
-
- ephy_sqlite_statement_step (statement, &error);
- if (error) {
- g_warning ("Failed to execute insert threat list statement: %s", error->message);
- g_error_free (error);
- }
-
- g_object_unref (statement);
-}
-
-/**
* ephy_gsb_storage_get_threat_lists:
* @self: an #EphyGSBStorage
*
diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h
index 056b4e7..ed41a7e 100644
--- a/lib/safe-browsing/ephy-gsb-storage.h
+++ b/lib/safe-browsing/ephy-gsb-storage.h
@@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage
void ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
const char *key,
gint64 value);
-void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list);
GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self);
char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self,
EphyGSBThreatList *list);
--
libgit2 0.27.1

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:690546a701f046c5c2b3a092659589ea6e17cb0f9a81ec3fdb3046b00cede6f7
size 4475124

3
epiphany-3.28.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4107d19c3ebac2138534e706a00982a14e7ae8024268f839fbf50faadabbba44
size 4487544

View File

@ -1,128 +0,0 @@
From 0dda917a8eb0fdeee4e380c090043c7ffb48aa43 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 16:06:24 -0500
Subject: [PATCH] Fix leak in ephy_user_agent_get_internal
If it returns a nonnull, zero-length string, then we leak it.
---
lib/ephy-user-agent.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/ephy-user-agent.c b/lib/ephy-user-agent.c
index 7274db04e..7bcf6f50d 100644
--- a/lib/ephy-user-agent.c
+++ b/lib/ephy-user-agent.c
@@ -35,8 +35,11 @@ ephy_user_agent_get_internal (void)
return user_agent;
user_agent = g_settings_get_string (EPHY_SETTINGS_WEB, EPHY_PREFS_WEB_USER_AGENT);
- if (user_agent && user_agent[0])
- return user_agent;
+ if (user_agent) {
+ if (user_agent[0])
+ return user_agent;
+ g_free (user_agent);
+ }
settings = webkit_settings_new ();
user_agent = g_strdup_printf ("%s Epiphany/605.1.15", webkit_settings_get_user_agent (settings));
--
2.17.1
From fe544cccca5acfd7e94ba84f3e5c1f57ba874664 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 17:38:33 -0500
Subject: [PATCH] Fix multiple leaks in ephy_uri_decode
---
lib/ephy-uri-helpers.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/ephy-uri-helpers.c b/lib/ephy-uri-helpers.c
index 143210f03..021ab07ab 100644
--- a/lib/ephy-uri-helpers.c
+++ b/lib/ephy-uri-helpers.c
@@ -459,6 +459,8 @@ ephy_uri_decode (const char *uri_string)
if (U_FAILURE (error)) {
g_warning ("ICU error converting domain %s for display: %d", uri->host, error);
+ soup_uri_free (uri);
+ g_free (idna_decoded_name);
return g_strdup (uri_string);
}
@@ -466,6 +468,7 @@ ephy_uri_decode (const char *uri_string)
g_free (uri->host);
uri->host = evaluate_host_for_display (percent_decoded_host, idna_decoded_name);
g_free (percent_decoded_host);
+ g_free (idna_decoded_name);
}
/* Note: this also strips passwords from the display URI. */
--
2.17.1
From 2e687706c0f42a3b0420b1980b458fd2aa5d6efe Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 18:13:48 -0500
Subject: [PATCH] Fix leak in adblock_filter_retrieve_data_new
---
embed/ephy-filters-manager.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/embed/ephy-filters-manager.c b/embed/ephy-filters-manager.c
index 96697041f..385e502a6 100644
--- a/embed/ephy-filters-manager.c
+++ b/embed/ephy-filters-manager.c
@@ -88,7 +88,7 @@ typedef struct {
static AdblockFilterRetrieveData *
adblock_filter_retrieve_data_new (EphyFiltersManager *manager,
EphyDownload *download,
- char *source_uri)
+ const char *source_uri)
{
AdblockFilterRetrieveData* data;
data = g_slice_new (AdblockFilterRetrieveData);
@@ -157,7 +157,7 @@ start_retrieving_filter_file (EphyFiltersManager *manager,
wk_download = ephy_download_get_webkit_download (download);
webkit_download_set_allow_overwrite (wk_download, TRUE);
- data = adblock_filter_retrieve_data_new (manager, download, g_strdup (filter_url));
+ data = adblock_filter_retrieve_data_new (manager, download, filter_url);
g_signal_connect (download, "completed",
G_CALLBACK (download_completed_cb), data);
--
2.17.1
From 3ed3677ccc5cbd5a62beabd43b802454110aeddd Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sat, 30 Jun 2018 21:22:03 -0500
Subject: [PATCH] Fix const qualifiers warning
I introduced this warning recently when fixing the memory leak that was
here.
(cherry picked from commit 2d166afcfc083ce650192155e6925ed4f6d79bca)
---
lib/ephy-uri-helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ephy-uri-helpers.c b/lib/ephy-uri-helpers.c
index bb4fef3b0..6931f6780 100644
--- a/lib/ephy-uri-helpers.c
+++ b/lib/ephy-uri-helpers.c
@@ -508,7 +508,7 @@ char *
ephy_uri_to_security_origin (const char *uri_string)
{
WebKitSecurityOrigin *origin;
- const char *result;
+ char *result;
/* Convert to URI containing only protocol, host, and port. */
origin = webkit_security_origin_new_for_uri (uri_string);
--
2.17.1

View File

@ -1,88 +0,0 @@
From facfa80c2b36ca7479de4323b77019965363dc6e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:10:23 -0500
Subject: [PATCH] uri-tester: Fix urlcache memory leak
Something went wrong with the git history related to e17dc362, and we
wound up allocating a string here that will never be freed. Whoops.
Then we pass it through GPOINTER_TO_INT() even though it is really a
random pointer and not going to be a meaningful integer value, and
return it as a gboolean. So we have a gboolean that is neither TRUE nor
FALSE, which is bad. But fortunately, it looks like it's never
explicitly compared to TRUE, so there should have been no behavioral
issue besides the leak.
This is related to #37.
---
embed/web-extension/ephy-uri-tester.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index 70f7cfd..a871f66 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -189,7 +189,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
- g_hash_table_insert (urlcache, g_strdup (req_uri), g_strdup ("1"));
+ g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (TRUE));
return TRUE;
}
--
libgit2 0.27.1
From d76a401971da4cecf746fa98cb94db6fa45fd88e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:32:53 -0500
Subject: [PATCH] uri-tester: Fix cache lookups when URI is not matched
This regressed in e17dc3627218aed60e2fa61486757b55dc804b6e.
g_hash_table_lookup() cannot distinguish between a missing value and a
NULL value. We are storing a NULL pointer (GINT_TO_POINTER (FALSE)) to
indicate that the URL is not a match, so the end result is that instead
of a cache hit indicating we should return FALSE, we instead get a cache
miss and then have to manually determine that we need to return FALSE.
This should be a performance fix only, it should not affect correctness.
Fixes #37
---
embed/web-extension/ephy-uri-tester.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index a871f66..5158dcb 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -178,14 +178,14 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
const char *page_uri,
gboolean whitelist)
{
- char *value;
+ gpointer is_matched;
GHashTable *urlcache = tester->urlcache;
if (whitelist)
urlcache = tester->whitelisted_urlcache;
/* Check cached URLs first. */
- if ((value = g_hash_table_lookup (urlcache, req_uri)))
- return GPOINTER_TO_INT (value);
+ if (g_hash_table_lookup_extended (urlcache, req_uri, NULL, &is_matched))
+ return GPOINTER_TO_INT (is_matched);
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
@@ -199,6 +199,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
return TRUE;
}
+ /* No match. */
g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (FALSE));
return FALSE;
}
--
libgit2 0.27.1

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Thu Sep 6 09:06:08 UTC 2018 - bjorn.lie@gmail.com
- Update to version 3.28.4:
+ Improve performance of adblocker.
+ Ensure correct address is displayed in security popover when
starting loads.
+ Fix crash on homedepot.com.
+ Improve use of Safe Browsing threat lists.
+ Fix miscellaneous memory leaks.
- Drop upstream fixed patches:
+ epiphany-uri-tester-fixes.patch.
+ epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch.
+ epiphany-leak-fixes.patch.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 25 09:33:27 UTC 2018 - bjorn.lie@gmail.com Mon Jun 25 09:33:27 UTC 2018 - bjorn.lie@gmail.com

View File

@ -17,7 +17,7 @@
Name: epiphany Name: epiphany
Version: 3.28.3.1 Version: 3.28.4
Release: 0 Release: 0
Summary: GNOME Web Browser Summary: GNOME Web Browser
License: GPL-3.0-or-later License: GPL-3.0-or-later
@ -25,12 +25,6 @@ Group: Productivity/Networking/Web/Browsers
URL: https://wiki.gnome.org/Apps/Web URL: https://wiki.gnome.org/Apps/Web
Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz
Source99: %{name}-rpmlintrc Source99: %{name}-rpmlintrc
# PATCH-FIX-UPSTREAM epiphany-uri-tester-fixes.patch -- Fix urlcache memory leak and Fix cache lookups when URI is not matched
Patch0: epiphany-uri-tester-fixes.patch
# PATCH-FIX-UPSTREAM epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch -- Revert "gsb-storage: Don't hardcode Linux threat lists"
Patch1: epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
# PATCH-FIX-UPSTREAM epiphany-leak-fixes.patch -- Fix multiple leaks
Patch2: epiphany-leak-fixes.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: meson BuildRequires: meson