Accepting request 616638 from home:iznogood
- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and fix cache lookups when URI is not matched (glgo#GNOME/epiphany#37). - Add epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch: Revert gsb-storage: Don't hardcode Linux threat lists. OBS-URL: https://build.opensuse.org/request/show/616638 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/epiphany?expand=0&rev=293
This commit is contained in:
parent
e2d253ff7c
commit
ba7813279e
254
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
Normal file
254
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
Normal file
@ -0,0 +1,254 @@
|
||||
From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Ivașcu <ivascu.gabriel59@gmail.com>
|
||||
Date: Tue, 12 Jun 2018 12:39:50 +0300
|
||||
Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists"
|
||||
|
||||
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
|
||||
|
||||
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
|
||||
---
|
||||
lib/safe-browsing/ephy-gsb-service.c | 74 --------------------------------------------------------------------------
|
||||
lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
|
||||
lib/safe-browsing/ephy-gsb-storage.h | 2 --
|
||||
3 files changed, 51 insertions(+), 124 deletions(-)
|
||||
|
||||
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c
|
||||
index b36592a..a99a6d2 100644
|
||||
--- a/lib/safe-browsing/ephy-gsb-service.c
|
||||
+++ b/lib/safe-browsing/ephy-gsb-service.c
|
||||
@@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self)
|
||||
LOG ("Next update scheduled in %ld seconds", interval);
|
||||
}
|
||||
|
||||
-static GList *
|
||||
-ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self)
|
||||
-{
|
||||
- GList *retval = NULL;
|
||||
- JsonNode *body_node = NULL;
|
||||
- JsonObject *body_obj;
|
||||
- JsonArray *threat_lists;
|
||||
- JsonObject *descriptor;
|
||||
- const char *threat_type;
|
||||
- const char *platform_type;
|
||||
- const char *threat_entry_type;
|
||||
- SoupMessage *msg;
|
||||
- char *url;
|
||||
-
|
||||
- g_assert (EPHY_IS_GSB_SERVICE (self));
|
||||
-
|
||||
- url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key);
|
||||
- msg = soup_message_new (SOUP_METHOD_GET, url);
|
||||
- soup_session_send_message (self->session, msg);
|
||||
-
|
||||
- if (msg->status_code != 200) {
|
||||
- LOG ("Failed to fetch the threat lists from the server, got: %u, %s",
|
||||
- msg->status_code, msg->response_body->data);
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- body_node = json_from_string (msg->response_body->data, NULL);
|
||||
- if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) {
|
||||
- g_warning ("Response is not a valid JSON object");
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- body_obj = json_node_get_object (body_node);
|
||||
-
|
||||
- if (json_object_has_non_null_array_member (body_obj, "threatLists")) {
|
||||
- threat_lists = json_object_get_array_member (body_obj, "threatLists");
|
||||
- for (guint i = 0; i < json_array_get_length (threat_lists); i++) {
|
||||
- descriptor = json_array_get_object_element (threat_lists, i);
|
||||
- threat_type = json_object_get_string_member (descriptor, "threatType");
|
||||
- platform_type = json_object_get_string_member (descriptor, "platformType");
|
||||
-
|
||||
- /* Keep SOCIAL_ENGINEERING threats that are for any platform.
|
||||
- * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only.
|
||||
- */
|
||||
- if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) {
|
||||
- if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0)
|
||||
- continue;
|
||||
- } else if (g_strcmp0 (platform_type, "LINUX") != 0) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType");
|
||||
- retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type,
|
||||
- platform_type,
|
||||
- threat_entry_type,
|
||||
- NULL));
|
||||
- }
|
||||
- }
|
||||
-
|
||||
-out:
|
||||
- g_free (url);
|
||||
- g_object_unref (msg);
|
||||
- if (body_node)
|
||||
- json_node_unref (body_node);
|
||||
-
|
||||
- return g_list_reverse (retval);
|
||||
-}
|
||||
-
|
||||
static void
|
||||
ephy_gsb_service_update_thread (GTask *task,
|
||||
EphyGSBService *self,
|
||||
@@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task,
|
||||
|
||||
ephy_gsb_storage_delete_old_full_hashes (self->storage);
|
||||
|
||||
- /* Fetch and store new threat lists, if any. */
|
||||
- threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self);
|
||||
- for (GList *l = threat_lists; l && l->data; l = l->next)
|
||||
- ephy_gsb_storage_insert_threat_list (self->storage, l->data);
|
||||
- g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free);
|
||||
-
|
||||
threat_lists = ephy_gsb_storage_get_threat_lists (self->storage);
|
||||
if (!threat_lists) {
|
||||
LOG ("No threat lists to update");
|
||||
diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c
|
||||
index 374d98d..05d8f27 100644
|
||||
--- a/lib/safe-browsing/ephy-gsb-storage.c
|
||||
+++ b/lib/safe-browsing/ephy-gsb-storage.c
|
||||
@@ -34,8 +34,21 @@
|
||||
*/
|
||||
#define BATCH_SIZE 199
|
||||
|
||||
-/* Increment schema version if you modify the database table structure. */
|
||||
-#define SCHEMA_VERSION 2
|
||||
+/* Increment schema version if you:
|
||||
+ * 1) Modify the database table structure.
|
||||
+ * 2) Modify the threat lists below.
|
||||
+ */
|
||||
+#define SCHEMA_VERSION 3
|
||||
+
|
||||
+/* The available Linux threat lists of Google Safe Browsing API v4.
|
||||
+ * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}.
|
||||
+ */
|
||||
+static const char * const gsb_linux_threat_lists[][3] = {
|
||||
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"},
|
||||
+ {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"},
|
||||
+ {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"},
|
||||
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"},
|
||||
+};
|
||||
|
||||
struct _EphyGSBStorage {
|
||||
GObject parent_instance;
|
||||
@@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self)
|
||||
static gboolean
|
||||
ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
|
||||
{
|
||||
+ EphySQLiteStatement *statement;
|
||||
GError *error = NULL;
|
||||
+ GString *string;
|
||||
const char *sql;
|
||||
|
||||
g_assert (EPHY_IS_GSB_STORAGE (self));
|
||||
@@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
+ sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES ";
|
||||
+ string = g_string_new (sql);
|
||||
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++)
|
||||
+ g_string_append (string, "(?, ?, ?),");
|
||||
+ /* Remove trailing comma character. */
|
||||
+ g_string_erase (string, string->len - 1, -1);
|
||||
+
|
||||
+ statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error);
|
||||
+ g_string_free (string, TRUE);
|
||||
+
|
||||
+ if (error) {
|
||||
+ g_warning ("Failed to create threats table insert statement: %s", error->message);
|
||||
+ g_error_free (error);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) {
|
||||
+ EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0],
|
||||
+ gsb_linux_threat_lists[i][1],
|
||||
+ gsb_linux_threat_lists[i][2],
|
||||
+ NULL);
|
||||
+ bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1);
|
||||
+ ephy_gsb_threat_list_free (list);
|
||||
+ }
|
||||
+
|
||||
+ ephy_sqlite_statement_step (statement, &error);
|
||||
+ g_object_unref (statement);
|
||||
+
|
||||
+ if (error) {
|
||||
+ g_warning ("Failed to insert initial data into threats table: %s", error->message);
|
||||
+ g_error_free (error);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
|
||||
}
|
||||
|
||||
/**
|
||||
- * ephy_gsb_storage_insert_threat_list:
|
||||
- * @self: an #EphyGSBStorage
|
||||
- * @list: an #EphyGSBThreatList
|
||||
- *
|
||||
- * Insert a threat lists into the local database. If the combination
|
||||
- * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the
|
||||
- * database, then this function does nothing. The client state is ignored.
|
||||
- * Use ephy_gsb_storage_update_client_state() if you need to update the
|
||||
- * client state.
|
||||
- **/
|
||||
-void
|
||||
-ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
|
||||
- EphyGSBThreatList *list)
|
||||
-{
|
||||
- EphySQLiteStatement *statement;
|
||||
- GError *error = NULL;
|
||||
- const char *sql;
|
||||
-
|
||||
- g_assert (EPHY_IS_GSB_STORAGE (self));
|
||||
- g_assert (list);
|
||||
-
|
||||
- sql = "INSERT OR IGNORE INTO threats "
|
||||
- "(threat_type, platform_type, threat_entry_type, client_state) "
|
||||
- "VALUES (?, ?, ?, ?)";
|
||||
- statement = ephy_sqlite_connection_create_statement (self->db, sql, &error);
|
||||
- if (error) {
|
||||
- g_warning ("Failed to create insert threat list statement: %s", error->message);
|
||||
- g_error_free (error);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) {
|
||||
- g_object_unref (statement);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- ephy_sqlite_statement_step (statement, &error);
|
||||
- if (error) {
|
||||
- g_warning ("Failed to execute insert threat list statement: %s", error->message);
|
||||
- g_error_free (error);
|
||||
- }
|
||||
-
|
||||
- g_object_unref (statement);
|
||||
-}
|
||||
-
|
||||
-/**
|
||||
* ephy_gsb_storage_get_threat_lists:
|
||||
* @self: an #EphyGSBStorage
|
||||
*
|
||||
diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h
|
||||
index 056b4e7..ed41a7e 100644
|
||||
--- a/lib/safe-browsing/ephy-gsb-storage.h
|
||||
+++ b/lib/safe-browsing/ephy-gsb-storage.h
|
||||
@@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage
|
||||
void ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
|
||||
const char *key,
|
||||
gint64 value);
|
||||
-void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
|
||||
- EphyGSBThreatList *list);
|
||||
GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self);
|
||||
char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self,
|
||||
EphyGSBThreatList *list);
|
||||
--
|
||||
libgit2 0.27.1
|
||||
|
88
epiphany-uri-tester-fixes.patch
Normal file
88
epiphany-uri-tester-fixes.patch
Normal file
@ -0,0 +1,88 @@
|
||||
From facfa80c2b36ca7479de4323b77019965363dc6e Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||
Date: Wed, 13 Jun 2018 11:10:23 -0500
|
||||
Subject: [PATCH] uri-tester: Fix urlcache memory leak
|
||||
|
||||
Something went wrong with the git history related to e17dc362, and we
|
||||
wound up allocating a string here that will never be freed. Whoops.
|
||||
|
||||
Then we pass it through GPOINTER_TO_INT() even though it is really a
|
||||
random pointer and not going to be a meaningful integer value, and
|
||||
return it as a gboolean. So we have a gboolean that is neither TRUE nor
|
||||
FALSE, which is bad. But fortunately, it looks like it's never
|
||||
explicitly compared to TRUE, so there should have been no behavioral
|
||||
issue besides the leak.
|
||||
|
||||
This is related to #37.
|
||||
---
|
||||
embed/web-extension/ephy-uri-tester.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
|
||||
index 70f7cfd..a871f66 100644
|
||||
--- a/embed/web-extension/ephy-uri-tester.c
|
||||
+++ b/embed/web-extension/ephy-uri-tester.c
|
||||
@@ -189,7 +189,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
|
||||
|
||||
/* Look for a match either by key or by pattern. */
|
||||
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
|
||||
- g_hash_table_insert (urlcache, g_strdup (req_uri), g_strdup ("1"));
|
||||
+ g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (TRUE));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
--
|
||||
libgit2 0.27.1
|
||||
|
||||
From d76a401971da4cecf746fa98cb94db6fa45fd88e Mon Sep 17 00:00:00 2001
|
||||
From: Michael Catanzaro <mcatanzaro@igalia.com>
|
||||
Date: Wed, 13 Jun 2018 11:32:53 -0500
|
||||
Subject: [PATCH] uri-tester: Fix cache lookups when URI is not matched
|
||||
|
||||
This regressed in e17dc3627218aed60e2fa61486757b55dc804b6e.
|
||||
g_hash_table_lookup() cannot distinguish between a missing value and a
|
||||
NULL value. We are storing a NULL pointer (GINT_TO_POINTER (FALSE)) to
|
||||
indicate that the URL is not a match, so the end result is that instead
|
||||
of a cache hit indicating we should return FALSE, we instead get a cache
|
||||
miss and then have to manually determine that we need to return FALSE.
|
||||
|
||||
This should be a performance fix only, it should not affect correctness.
|
||||
|
||||
Fixes #37
|
||||
---
|
||||
embed/web-extension/ephy-uri-tester.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
|
||||
index a871f66..5158dcb 100644
|
||||
--- a/embed/web-extension/ephy-uri-tester.c
|
||||
+++ b/embed/web-extension/ephy-uri-tester.c
|
||||
@@ -178,14 +178,14 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
|
||||
const char *page_uri,
|
||||
gboolean whitelist)
|
||||
{
|
||||
- char *value;
|
||||
+ gpointer is_matched;
|
||||
GHashTable *urlcache = tester->urlcache;
|
||||
if (whitelist)
|
||||
urlcache = tester->whitelisted_urlcache;
|
||||
|
||||
/* Check cached URLs first. */
|
||||
- if ((value = g_hash_table_lookup (urlcache, req_uri)))
|
||||
- return GPOINTER_TO_INT (value);
|
||||
+ if (g_hash_table_lookup_extended (urlcache, req_uri, NULL, &is_matched))
|
||||
+ return GPOINTER_TO_INT (is_matched);
|
||||
|
||||
/* Look for a match either by key or by pattern. */
|
||||
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
|
||||
@@ -199,6 +199,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
+ /* No match. */
|
||||
g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (FALSE));
|
||||
return FALSE;
|
||||
}
|
||||
--
|
||||
libgit2 0.27.1
|
||||
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 13 23:25:20 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and
|
||||
fix cache lookups when URI is not matched
|
||||
(glgo#GNOME/epiphany#37).
|
||||
- Add
|
||||
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch:
|
||||
Revert gsb-storage: Don't hardcode Linux threat lists.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 8 16:55:05 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
|
@ -25,6 +25,10 @@ Group: Productivity/Networking/Web/Browsers
|
||||
URL: https://wiki.gnome.org/Apps/Web
|
||||
Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz
|
||||
Source99: %{name}-rpmlintrc
|
||||
# PATCH-FIX-UPSTREAM epiphany-uri-tester-fixes.patch -- Fix urlcache memory leak and Fix cache lookups when URI is not matched
|
||||
Patch0: epiphany-uri-tester-fixes.patch
|
||||
# PATCH-FIX-UPSTREAM epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch -- Revert "gsb-storage: Don't hardcode Linux threat lists"
|
||||
Patch1: epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
|
||||
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: meson
|
||||
@ -94,7 +98,7 @@ search results from Web (epiphany)
|
||||
%lang_package
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
%autosetup -p1
|
||||
translation-update-upstream
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user