Accepting request 616638 from home:iznogood

- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and
  fix cache lookups when URI is not matched
  (glgo#GNOME/epiphany#37).
- Add
  epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch:
  Revert gsb-storage: Don't hardcode Linux threat lists.

OBS-URL: https://build.opensuse.org/request/show/616638
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/epiphany?expand=0&rev=293
This commit is contained in:
Bjørn Lie 2018-06-14 01:40:39 +00:00 committed by Git OBS Bridge
parent e2d253ff7c
commit ba7813279e
4 changed files with 357 additions and 1 deletions

View File

@ -0,0 +1,254 @@
From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001
From: Gabriel Ivașcu <ivascu.gabriel59@gmail.com>
Date: Tue, 12 Jun 2018 12:39:50 +0300
Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists"
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
---
lib/safe-browsing/ephy-gsb-service.c | 74 --------------------------------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
lib/safe-browsing/ephy-gsb-storage.h | 2 --
3 files changed, 51 insertions(+), 124 deletions(-)
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c
index b36592a..a99a6d2 100644
--- a/lib/safe-browsing/ephy-gsb-service.c
+++ b/lib/safe-browsing/ephy-gsb-service.c
@@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self)
LOG ("Next update scheduled in %ld seconds", interval);
}
-static GList *
-ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self)
-{
- GList *retval = NULL;
- JsonNode *body_node = NULL;
- JsonObject *body_obj;
- JsonArray *threat_lists;
- JsonObject *descriptor;
- const char *threat_type;
- const char *platform_type;
- const char *threat_entry_type;
- SoupMessage *msg;
- char *url;
-
- g_assert (EPHY_IS_GSB_SERVICE (self));
-
- url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key);
- msg = soup_message_new (SOUP_METHOD_GET, url);
- soup_session_send_message (self->session, msg);
-
- if (msg->status_code != 200) {
- LOG ("Failed to fetch the threat lists from the server, got: %u, %s",
- msg->status_code, msg->response_body->data);
- goto out;
- }
-
- body_node = json_from_string (msg->response_body->data, NULL);
- if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) {
- g_warning ("Response is not a valid JSON object");
- goto out;
- }
-
- body_obj = json_node_get_object (body_node);
-
- if (json_object_has_non_null_array_member (body_obj, "threatLists")) {
- threat_lists = json_object_get_array_member (body_obj, "threatLists");
- for (guint i = 0; i < json_array_get_length (threat_lists); i++) {
- descriptor = json_array_get_object_element (threat_lists, i);
- threat_type = json_object_get_string_member (descriptor, "threatType");
- platform_type = json_object_get_string_member (descriptor, "platformType");
-
- /* Keep SOCIAL_ENGINEERING threats that are for any platform.
- * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only.
- */
- if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) {
- if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0)
- continue;
- } else if (g_strcmp0 (platform_type, "LINUX") != 0) {
- continue;
- }
-
- threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType");
- retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type,
- platform_type,
- threat_entry_type,
- NULL));
- }
- }
-
-out:
- g_free (url);
- g_object_unref (msg);
- if (body_node)
- json_node_unref (body_node);
-
- return g_list_reverse (retval);
-}
-
static void
ephy_gsb_service_update_thread (GTask *task,
EphyGSBService *self,
@@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task,
ephy_gsb_storage_delete_old_full_hashes (self->storage);
- /* Fetch and store new threat lists, if any. */
- threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self);
- for (GList *l = threat_lists; l && l->data; l = l->next)
- ephy_gsb_storage_insert_threat_list (self->storage, l->data);
- g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free);
-
threat_lists = ephy_gsb_storage_get_threat_lists (self->storage);
if (!threat_lists) {
LOG ("No threat lists to update");
diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c
index 374d98d..05d8f27 100644
--- a/lib/safe-browsing/ephy-gsb-storage.c
+++ b/lib/safe-browsing/ephy-gsb-storage.c
@@ -34,8 +34,21 @@
*/
#define BATCH_SIZE 199
-/* Increment schema version if you modify the database table structure. */
-#define SCHEMA_VERSION 2
+/* Increment schema version if you:
+ * 1) Modify the database table structure.
+ * 2) Modify the threat lists below.
+ */
+#define SCHEMA_VERSION 3
+
+/* The available Linux threat lists of Google Safe Browsing API v4.
+ * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}.
+ */
+static const char * const gsb_linux_threat_lists[][3] = {
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"},
+ {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"},
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"},
+};
struct _EphyGSBStorage {
GObject parent_instance;
@@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self)
static gboolean
ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
{
+ EphySQLiteStatement *statement;
GError *error = NULL;
+ GString *string;
const char *sql;
g_assert (EPHY_IS_GSB_STORAGE (self));
@@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
return FALSE;
}
+ sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES ";
+ string = g_string_new (sql);
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++)
+ g_string_append (string, "(?, ?, ?),");
+ /* Remove trailing comma character. */
+ g_string_erase (string, string->len - 1, -1);
+
+ statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error);
+ g_string_free (string, TRUE);
+
+ if (error) {
+ g_warning ("Failed to create threats table insert statement: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) {
+ EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0],
+ gsb_linux_threat_lists[i][1],
+ gsb_linux_threat_lists[i][2],
+ NULL);
+ bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1);
+ ephy_gsb_threat_list_free (list);
+ }
+
+ ephy_sqlite_statement_step (statement, &error);
+ g_object_unref (statement);
+
+ if (error) {
+ g_warning ("Failed to insert initial data into threats table: %s", error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+
return TRUE;
}
@@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
}
/**
- * ephy_gsb_storage_insert_threat_list:
- * @self: an #EphyGSBStorage
- * @list: an #EphyGSBThreatList
- *
- * Insert a threat lists into the local database. If the combination
- * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the
- * database, then this function does nothing. The client state is ignored.
- * Use ephy_gsb_storage_update_client_state() if you need to update the
- * client state.
- **/
-void
-ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list)
-{
- EphySQLiteStatement *statement;
- GError *error = NULL;
- const char *sql;
-
- g_assert (EPHY_IS_GSB_STORAGE (self));
- g_assert (list);
-
- sql = "INSERT OR IGNORE INTO threats "
- "(threat_type, platform_type, threat_entry_type, client_state) "
- "VALUES (?, ?, ?, ?)";
- statement = ephy_sqlite_connection_create_statement (self->db, sql, &error);
- if (error) {
- g_warning ("Failed to create insert threat list statement: %s", error->message);
- g_error_free (error);
- return;
- }
-
- if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) {
- g_object_unref (statement);
- return;
- }
-
- ephy_sqlite_statement_step (statement, &error);
- if (error) {
- g_warning ("Failed to execute insert threat list statement: %s", error->message);
- g_error_free (error);
- }
-
- g_object_unref (statement);
-}
-
-/**
* ephy_gsb_storage_get_threat_lists:
* @self: an #EphyGSBStorage
*
diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h
index 056b4e7..ed41a7e 100644
--- a/lib/safe-browsing/ephy-gsb-storage.h
+++ b/lib/safe-browsing/ephy-gsb-storage.h
@@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage
void ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
const char *key,
gint64 value);
-void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
- EphyGSBThreatList *list);
GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self);
char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self,
EphyGSBThreatList *list);
--
libgit2 0.27.1

View File

@ -0,0 +1,88 @@
From facfa80c2b36ca7479de4323b77019965363dc6e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:10:23 -0500
Subject: [PATCH] uri-tester: Fix urlcache memory leak
Something went wrong with the git history related to e17dc362, and we
wound up allocating a string here that will never be freed. Whoops.
Then we pass it through GPOINTER_TO_INT() even though it is really a
random pointer and not going to be a meaningful integer value, and
return it as a gboolean. So we have a gboolean that is neither TRUE nor
FALSE, which is bad. But fortunately, it looks like it's never
explicitly compared to TRUE, so there should have been no behavioral
issue besides the leak.
This is related to #37.
---
embed/web-extension/ephy-uri-tester.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index 70f7cfd..a871f66 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -189,7 +189,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
- g_hash_table_insert (urlcache, g_strdup (req_uri), g_strdup ("1"));
+ g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (TRUE));
return TRUE;
}
--
libgit2 0.27.1
From d76a401971da4cecf746fa98cb94db6fa45fd88e Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed, 13 Jun 2018 11:32:53 -0500
Subject: [PATCH] uri-tester: Fix cache lookups when URI is not matched
This regressed in e17dc3627218aed60e2fa61486757b55dc804b6e.
g_hash_table_lookup() cannot distinguish between a missing value and a
NULL value. We are storing a NULL pointer (GINT_TO_POINTER (FALSE)) to
indicate that the URL is not a match, so the end result is that instead
of a cache hit indicating we should return FALSE, we instead get a cache
miss and then have to manually determine that we need to return FALSE.
This should be a performance fix only, it should not affect correctness.
Fixes #37
---
embed/web-extension/ephy-uri-tester.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c
index a871f66..5158dcb 100644
--- a/embed/web-extension/ephy-uri-tester.c
+++ b/embed/web-extension/ephy-uri-tester.c
@@ -178,14 +178,14 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
const char *page_uri,
gboolean whitelist)
{
- char *value;
+ gpointer is_matched;
GHashTable *urlcache = tester->urlcache;
if (whitelist)
urlcache = tester->whitelisted_urlcache;
/* Check cached URLs first. */
- if ((value = g_hash_table_lookup (urlcache, req_uri)))
- return GPOINTER_TO_INT (value);
+ if (g_hash_table_lookup_extended (urlcache, req_uri, NULL, &is_matched))
+ return GPOINTER_TO_INT (is_matched);
/* Look for a match either by key or by pattern. */
if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) {
@@ -199,6 +199,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester,
return TRUE;
}
+ /* No match. */
g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (FALSE));
return FALSE;
}
--
libgit2 0.27.1

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Jun 13 23:25:20 UTC 2018 - bjorn.lie@gmail.com
- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and
fix cache lookups when URI is not matched
(glgo#GNOME/epiphany#37).
- Add
epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch:
Revert gsb-storage: Don't hardcode Linux threat lists.
-------------------------------------------------------------------
Fri Jun 8 16:55:05 UTC 2018 - bjorn.lie@gmail.com

View File

@ -25,6 +25,10 @@ Group: Productivity/Networking/Web/Browsers
URL: https://wiki.gnome.org/Apps/Web
Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz
Source99: %{name}-rpmlintrc
# PATCH-FIX-UPSTREAM epiphany-uri-tester-fixes.patch -- Fix urlcache memory leak and Fix cache lookups when URI is not matched
Patch0: epiphany-uri-tester-fixes.patch
# PATCH-FIX-UPSTREAM epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch -- Revert "gsb-storage: Don't hardcode Linux threat lists"
Patch1: epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch
BuildRequires: fdupes
BuildRequires: meson
@ -94,7 +98,7 @@ search results from Web (epiphany)
%lang_package
%prep
%autosetup
%autosetup -p1
translation-update-upstream
%build