Hello community, here is the log from the commit of package epiphany for openSUSE:Factory checked in at 2018-06-19 12:00:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/epiphany (Old) and /work/SRC/openSUSE:Factory/.epiphany.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "epiphany" Tue Jun 19 12:00:28 2018 rev:153 rq:616645 version:3.28.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/epiphany/epiphany.changes 2018-06-02 12:09:50.181077625 +0200 +++ /work/SRC/openSUSE:Factory/.epiphany.new/epiphany.changes 2018-06-19 12:00:39.684719832 +0200 @@ -1,0 +2,27 @@ +Wed Jun 13 23:25:20 UTC 2018 - [email protected] + +- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and + fix cache lookups when URI is not matched + (glgo#GNOME/epiphany#37). +- Add + epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch: + Revert gsb-storage: Don't hardcode Linux threat lists. + +------------------------------------------------------------------- +Fri Jun 8 16:55:05 UTC 2018 - [email protected] + +- Update to version 3.28.3.1: + + Fix missing symbol in 3.28.3 (glgo#GNOME/epiphany#33). +- Changes from version 3.28.3: + + Fix CVE-2018-11396/CVE-2018-12016 (bgo#795740). + + Allow Ctrl+T in app mode again due to unintended consequences + (bgo#796204). + + Don't remember passwords when the setting is disabled + (bgo#796219). + + Fix password manager crash on chase.com + (glgo#GNOME/epiphany#11). +- Drop epiphany-fix-crash-CVE-2018-11396.patch: Fixed upstream. +- Drop epiphany-bring-back-tabs-webapp.patch: Upstream reverted the + change too, so patch no longer needed. + +------------------------------------------------------------------- Old: ---- epiphany-3.28.2.1.tar.xz epiphany-bring-back-tabs-webapp.patch epiphany-fix-crash-CVE-2018-11396.patch New: ---- epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch epiphany-3.28.3.1.tar.xz epiphany-uri-tester-fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ epiphany.spec ++++++ --- /var/tmp/diff_new_pack.gWXpMx/_old 2018-06-19 12:00:41.180664288 +0200 +++ /var/tmp/diff_new_pack.gWXpMx/_new 2018-06-19 12:00:41.184664140 +0200 @@ -17,7 +17,7 @@ Name: epiphany -Version: 3.28.2.1 +Version: 3.28.3.1 Release: 0 Summary: GNOME Web Browser License: GPL-3.0-or-later @@ -25,11 +25,10 @@ URL: https://wiki.gnome.org/Apps/Web Source0: http://download.gnome.org/sources/epiphany/3.28/%{name}-%{version}.tar.xz Source99: %{name}-rpmlintrc -# PATCH-FIX-UPSTREAM epiphany-bring-back-tabs-webapp.patch -- Revert the revert for tabs in webapps. -# FIXME Drop epiphany-bring-back-tabs-webapp.patch on versionbump to 3.29, fixed differently on master. -Patch0: epiphany-bring-back-tabs-webapp.patch -# PATCH-FIX-UPSTREAM epiphany-fix-crash-CVE-2018-11396.patch CVE-2018-11396 bgo#795740 boo#1094464 -- session: Fix crash when JS opens an invalid URI -Patch1: epiphany-fix-crash-CVE-2018-11396.patch +# PATCH-FIX-UPSTREAM epiphany-uri-tester-fixes.patch -- Fix urlcache memory leak and Fix cache lookups when URI is not matched +Patch0: epiphany-uri-tester-fixes.patch +# PATCH-FIX-UPSTREAM epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch -- Revert "gsb-storage: Don't hardcode Linux threat lists" +Patch1: epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch BuildRequires: fdupes BuildRequires: meson @@ -99,9 +98,7 @@ %lang_package %prep -%autosetup -N -%patch0 -p1 -R -%patch1 -p1 +%autosetup -p1 translation-update-upstream %build ++++++ epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch ++++++ >From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001 From: Gabriel Ivașcu <[email protected]> Date: Tue, 12 Jun 2018 12:39:50 +0300 Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists" This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c. Also, increment SCHEMA_VERSION in ephy-gsb-storage.c. --- lib/safe-browsing/ephy-gsb-service.c | 74 -------------------------------------------------------------------------- lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------ lib/safe-browsing/ephy-gsb-storage.h | 2 -- 3 files changed, 51 insertions(+), 124 deletions(-) diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c index b36592a..a99a6d2 100644 --- a/lib/safe-browsing/ephy-gsb-service.c +++ b/lib/safe-browsing/ephy-gsb-service.c @@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self) LOG ("Next update scheduled in %ld seconds", interval); } -static GList * -ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self) -{ - GList *retval = NULL; - JsonNode *body_node = NULL; - JsonObject *body_obj; - JsonArray *threat_lists; - JsonObject *descriptor; - const char *threat_type; - const char *platform_type; - const char *threat_entry_type; - SoupMessage *msg; - char *url; - - g_assert (EPHY_IS_GSB_SERVICE (self)); - - url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key); - msg = soup_message_new (SOUP_METHOD_GET, url); - soup_session_send_message (self->session, msg); - - if (msg->status_code != 200) { - LOG ("Failed to fetch the threat lists from the server, got: %u, %s", - msg->status_code, msg->response_body->data); - goto out; - } - - body_node = json_from_string (msg->response_body->data, NULL); - if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) { - g_warning ("Response is not a valid JSON object"); - goto out; - } - - body_obj = json_node_get_object (body_node); - - if (json_object_has_non_null_array_member (body_obj, "threatLists")) { - threat_lists = json_object_get_array_member (body_obj, "threatLists"); - for (guint i = 0; i < json_array_get_length (threat_lists); i++) { - descriptor = json_array_get_object_element (threat_lists, i); - threat_type = json_object_get_string_member (descriptor, "threatType"); - platform_type = json_object_get_string_member (descriptor, "platformType"); - - /* Keep SOCIAL_ENGINEERING threats that are for any platform. - * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only. - */ - if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) { - if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0) - continue; - } else if (g_strcmp0 (platform_type, "LINUX") != 0) { - continue; - } - - threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType"); - retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type, - platform_type, - threat_entry_type, - NULL)); - } - } - -out: - g_free (url); - g_object_unref (msg); - if (body_node) - json_node_unref (body_node); - - return g_list_reverse (retval); -} - static void ephy_gsb_service_update_thread (GTask *task, EphyGSBService *self, @@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task, ephy_gsb_storage_delete_old_full_hashes (self->storage); - /* Fetch and store new threat lists, if any. */ - threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self); - for (GList *l = threat_lists; l && l->data; l = l->next) - ephy_gsb_storage_insert_threat_list (self->storage, l->data); - g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free); - threat_lists = ephy_gsb_storage_get_threat_lists (self->storage); if (!threat_lists) { LOG ("No threat lists to update"); diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c index 374d98d..05d8f27 100644 --- a/lib/safe-browsing/ephy-gsb-storage.c +++ b/lib/safe-browsing/ephy-gsb-storage.c @@ -34,8 +34,21 @@ */ #define BATCH_SIZE 199 -/* Increment schema version if you modify the database table structure. */ -#define SCHEMA_VERSION 2 +/* Increment schema version if you: + * 1) Modify the database table structure. + * 2) Modify the threat lists below. + */ +#define SCHEMA_VERSION 3 + +/* The available Linux threat lists of Google Safe Browsing API v4. + * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}. + */ +static const char * const gsb_linux_threat_lists[][3] = { + {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"}, + {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"}, + {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"}, + {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"}, +}; struct _EphyGSBStorage { GObject parent_instance; @@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self) static gboolean ephy_gsb_storage_init_threats_table (EphyGSBStorage *self) { + EphySQLiteStatement *statement; GError *error = NULL; + GString *string; const char *sql; g_assert (EPHY_IS_GSB_STORAGE (self)); @@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self) return FALSE; } + sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES "; + string = g_string_new (sql); + for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) + g_string_append (string, "(?, ?, ?),"); + /* Remove trailing comma character. */ + g_string_erase (string, string->len - 1, -1); + + statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error); + g_string_free (string, TRUE); + + if (error) { + g_warning ("Failed to create threats table insert statement: %s", error->message); + g_error_free (error); + return FALSE; + } + + for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) { + EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0], + gsb_linux_threat_lists[i][1], + gsb_linux_threat_lists[i][2], + NULL); + bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1); + ephy_gsb_threat_list_free (list); + } + + ephy_sqlite_statement_step (statement, &error); + g_object_unref (statement); + + if (error) { + g_warning ("Failed to insert initial data into threats table: %s", error->message); + g_error_free (error); + return FALSE; + } + return TRUE; } @@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self, } /** - * ephy_gsb_storage_insert_threat_list: - * @self: an #EphyGSBStorage - * @list: an #EphyGSBThreatList - * - * Insert a threat lists into the local database. If the combination - * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the - * database, then this function does nothing. The client state is ignored. - * Use ephy_gsb_storage_update_client_state() if you need to update the - * client state. - **/ -void -ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self, - EphyGSBThreatList *list) -{ - EphySQLiteStatement *statement; - GError *error = NULL; - const char *sql; - - g_assert (EPHY_IS_GSB_STORAGE (self)); - g_assert (list); - - sql = "INSERT OR IGNORE INTO threats " - "(threat_type, platform_type, threat_entry_type, client_state) " - "VALUES (?, ?, ?, ?)"; - statement = ephy_sqlite_connection_create_statement (self->db, sql, &error); - if (error) { - g_warning ("Failed to create insert threat list statement: %s", error->message); - g_error_free (error); - return; - } - - if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) { - g_object_unref (statement); - return; - } - - ephy_sqlite_statement_step (statement, &error); - if (error) { - g_warning ("Failed to execute insert threat list statement: %s", error->message); - g_error_free (error); - } - - g_object_unref (statement); -} - -/** * ephy_gsb_storage_get_threat_lists: * @self: an #EphyGSBStorage * diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h index 056b4e7..ed41a7e 100644 --- a/lib/safe-browsing/ephy-gsb-storage.h +++ b/lib/safe-browsing/ephy-gsb-storage.h @@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage void ephy_gsb_storage_set_metadata (EphyGSBStorage *self, const char *key, gint64 value); -void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self, - EphyGSBThreatList *list); GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self); char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self, EphyGSBThreatList *list); -- libgit2 0.27.1 ++++++ epiphany-3.28.2.1.tar.xz -> epiphany-3.28.3.1.tar.xz ++++++ ++++ 4028 lines of diff (skipped) ++++++ epiphany-uri-tester-fixes.patch ++++++ >From facfa80c2b36ca7479de4323b77019965363dc6e Mon Sep 17 00:00:00 2001 From: Michael Catanzaro <[email protected]> Date: Wed, 13 Jun 2018 11:10:23 -0500 Subject: [PATCH] uri-tester: Fix urlcache memory leak Something went wrong with the git history related to e17dc362, and we wound up allocating a string here that will never be freed. Whoops. Then we pass it through GPOINTER_TO_INT() even though it is really a random pointer and not going to be a meaningful integer value, and return it as a gboolean. So we have a gboolean that is neither TRUE nor FALSE, which is bad. But fortunately, it looks like it's never explicitly compared to TRUE, so there should have been no behavioral issue besides the leak. This is related to #37. --- embed/web-extension/ephy-uri-tester.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c index 70f7cfd..a871f66 100644 --- a/embed/web-extension/ephy-uri-tester.c +++ b/embed/web-extension/ephy-uri-tester.c @@ -189,7 +189,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester, /* Look for a match either by key or by pattern. */ if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) { - g_hash_table_insert (urlcache, g_strdup (req_uri), g_strdup ("1")); + g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (TRUE)); return TRUE; } -- libgit2 0.27.1 >From d76a401971da4cecf746fa98cb94db6fa45fd88e Mon Sep 17 00:00:00 2001 From: Michael Catanzaro <[email protected]> Date: Wed, 13 Jun 2018 11:32:53 -0500 Subject: [PATCH] uri-tester: Fix cache lookups when URI is not matched This regressed in e17dc3627218aed60e2fa61486757b55dc804b6e. g_hash_table_lookup() cannot distinguish between a missing value and a NULL value. We are storing a NULL pointer (GINT_TO_POINTER (FALSE)) to indicate that the URL is not a match, so the end result is that instead of a cache hit indicating we should return FALSE, we instead get a cache miss and then have to manually determine that we need to return FALSE. This should be a performance fix only, it should not affect correctness. Fixes #37 --- embed/web-extension/ephy-uri-tester.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/embed/web-extension/ephy-uri-tester.c b/embed/web-extension/ephy-uri-tester.c index a871f66..5158dcb 100644 --- a/embed/web-extension/ephy-uri-tester.c +++ b/embed/web-extension/ephy-uri-tester.c @@ -178,14 +178,14 @@ ephy_uri_tester_is_matched (EphyUriTester *tester, const char *page_uri, gboolean whitelist) { - char *value; + gpointer is_matched; GHashTable *urlcache = tester->urlcache; if (whitelist) urlcache = tester->whitelisted_urlcache; /* Check cached URLs first. */ - if ((value = g_hash_table_lookup (urlcache, req_uri))) - return GPOINTER_TO_INT (value); + if (g_hash_table_lookup_extended (urlcache, req_uri, NULL, &is_matched)) + return GPOINTER_TO_INT (is_matched); /* Look for a match either by key or by pattern. */ if (ephy_uri_tester_is_matched_by_key (tester, opts, req_uri, page_uri, whitelist)) { @@ -199,6 +199,7 @@ ephy_uri_tester_is_matched (EphyUriTester *tester, return TRUE; } + /* No match. */ g_hash_table_insert (urlcache, g_strdup (req_uri), GINT_TO_POINTER (FALSE)); return FALSE; } -- libgit2 0.27.1
