!8 Update to 40.6 for fix CVE-2021-45085-to-CVE-2021-45088 and add patch for CVE-2022-29536

From: @starlet-dx Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-05-06 03:32:42 +00:00 · 2022-05-06 03:32:42 +00:00 · 96f849933c
commit 96f849933c
parent 71af062472 4ce06df656
5 changed files with 52 additions and 27 deletions
--- a/CVE-2022-29536.patch
+++ b/CVE-2022-29536.patch
@ -0,0 +1,42 @@
+From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 15 Apr 2022 18:09:46 -0500
+Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
+
+This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228.
+
+I got my browser stuck in a crash loop today while visiting a website
+with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
+condition in which ephy_string_shorten() is ever used. Turns out this
+commit is wrong: an ellipses is a multibyte character (three bytes in
+UTF-8) and so we're writing past the end of the buffer when calling
+strcat() here. Ooops.
+
+Shame it took nearly four years to notice and correct this.
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
+---
+ lib/ephy-string.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ephy-string.c b/lib/ephy-string.c
+index 35a148ab3..8e524d52c 100644
+--- a/lib/ephy-string.c
+++ b/lib/ephy-string.c
+@@ -114,11 +114,10 @@ ephy_string_shorten (char  *str,
+   /* create string */
+   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
+ 
+-  /* +1 for ellipsis, +1 for trailing NUL */
+-  new_str = g_new (gchar, bytes + 1 + 1);
+  new_str = g_new (gchar, bytes + strlen ("…") + 1);
+ 
+   strncpy (new_str, str, bytes);
+-  strcat (new_str, "…");
+  strncpy (new_str + bytes, "…", strlen ("…") + 1);
+ 
+   g_free (str);
+ 
+-- 
+GitLab
+
--- a/epiphany-3.38.5.tar.xz
+++ b/epiphany-3.38.5.tar.xz
--- a/epiphany-40.6.tar.xz
+++ b/epiphany-40.6.tar.xz
--- a/epiphany-dont-make-compulsory.patch
+++ b/epiphany-dont-make-compulsory.patch
@ -1,21 +0,0 @@
-From: Jeremy Bicha <jbicha@debian.org>
-Date: Sun, 18 Feb 2018 15:24:30 -0500
-Subject: Since Epiphany is not our default browser,
-
-allow users to uninstall it using the GNOME Software app
---
- data/org.gnome.Epiphany.appdata.xml.in.in | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/data/org.gnome.Epiphany.appdata.xml.in.in b/data/org.gnome.Epiphany.appdata.xml.in.in
-index 220d9bd..f8bf74b 100644
--- a/data/org.gnome.Epiphany.appdata.xml.in.in
-+++ b/data/org.gnome.Epiphany.appdata.xml.in.in
-@@ -32,7 +32,6 @@
-     <kudo>UserDocs</kudo>
-   </kudos>
-   <project_group>GNOME</project_group>
-  <compulsory_for_desktop>GNOME</compulsory_for_desktop>
-   <project_license>GPL-3.0+</project_license>
-   <developer_name>The GNOME Project</developer_name>
-   <url type="bugtracker">https://gitlab.gnome.org/GNOME/epiphany/issues</url>
--- a/epiphany.spec
+++ b/epiphany.spec
@ -1,16 +1,17 @@
-%global glib2_version 2.61.2
+%global glib2_version 2.64.0
 %global gtk3_version 3.24.0
-%global webkit2gtk3_version 2.27.3
+%global webkit2gtk3_version 2.31.1
 Name:                epiphany
 Epoch:               1
-Version:             3.38.5
-Release:             2
+Version:             40.6
+Release:             1
 Summary:             Web browser for GNOME
 License:             GPL-3.0+ and LGPL-2.1 and MIT and GPL+ and ISC
 URL:                 https://wiki.gnome.org/Apps/Web
-Source0:             https://download.gnome.org/sources/epiphany/3.38/%{name}-%{version}.tar.xz
+Source0:             https://download.gnome.org/sources/epiphany/40/%{name}-%{version}.tar.xz
 Patch0:              epiphany-default-bookmarks-openeuler.patch
-Patch1:              epiphany-dont-make-compulsory.patch
+# https://gitlab.gnome.org/GNOME/epiphany/-/issues/1766
+Patch1:              CVE-2022-29536.patch

 BuildRequires:       desktop-file-utils gcc gettext-devel iso-codes-devel itstool
 BuildRequires:       libappstream-glib-devel meson pkgconfig(cairo) pkgconfig(evince-document-3.0)
@ -94,6 +95,9 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop
 %config(noreplace)%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf

 %changelog
+* Fri May 6 2022 yaoxin <yaoxin30@h-partners.com> - 40.6-1
+- Update to 40.6 for fix CVE-2021-45085-to-CVE-2021-45088 and add patch for CVE-2022-29536
+
 * Fri Sep 10 2021 lingsheng <lingsheng@huawei.com> - 3.38.5-2
 - Delete rpath setting