Bug#1033239: libsoup-3.0-0: Crash when adding a new calendar in gnome-calendars

2023-03-27 Thread Alberto Garcia 
On Mon, Mar 27, 2023 at 08:02:39AM -0400, Jeremy Bícha wrote:
> > I confirm that this patch fixes the problem.
> 
> Thanks for preparing this patch. I'm uploading it to Unstable now.
> Could you handle the unblock request?

Yes, I can do it.

Berto

Bug#1033239: libsoup-3.0-0: Crash when adding a new calendar in gnome-calendars

2023-03-27 Thread Jeremy Bícha 
On Mon, Mar 20, 2023 at 2:39 PM Alberto Garcia  wrote:
> Control: tags -1 patch
>
> I confirm that this patch fixes the problem.

Thanks for preparing this patch. I'm uploading it to Unstable now.
Could you handle the unblock request?

Thank you,
Jeremy Bícha

Bug#1033239: libsoup-3.0-0: Crash when adding a new calendar in gnome-calendars

2023-03-20 Thread Alberto Garcia 
Control: tags -1 patch

I confirm that this patch fixes the problem.

Berto
diff -Nru gnome-calendar-43.1/debian/changelog gnome-calendar-43.1/debian/changelog
--- gnome-calendar-43.1/debian/changelog	2022-10-18 16:09:27.0 +0200
+++ gnome-calendar-43.1/debian/changelog	2023-03-20 18:25:22.0 +0100
@@ -1,3 +1,10 @@
+gnome-calendar (43.1-2) unstable; urgency=high
+
+  * debian/patches/validate-uri.patch:
+- Fix crash when adding an url manually (Closes: #1033239)
+
+ -- Alberto Garcia   Mon, 20 Mar 2023 18:25:22 +0100
+
 gnome-calendar (43.1-1) unstable; urgency=high
 
   * New upstream release (LP: #1993308)
diff -Nru gnome-calendar-43.1/debian/patches/series gnome-calendar-43.1/debian/patches/series
--- gnome-calendar-43.1/debian/patches/series	2022-10-18 16:09:27.0 +0200
+++ gnome-calendar-43.1/debian/patches/series	2023-03-20 18:16:08.0 +0100
@@ -0,0 +1 @@
+validate-uri.patch
diff -Nru gnome-calendar-43.1/debian/patches/validate-uri.patch gnome-calendar-43.1/debian/patches/validate-uri.patch
--- gnome-calendar-43.1/debian/patches/validate-uri.patch	1970-01-01 01:00:00.0 +0100
+++ gnome-calendar-43.1/debian/patches/validate-uri.patch	2023-03-20 18:25:22.0 +0100
@@ -0,0 +1,121 @@
+From: Georges Basile Stavracas Neto 
+Subject: Test URI before discovery
+Bug: https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/794
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033239
+Origin: https://gitlab.gnome.org/GNOME/gnome-calendar/-/commit/0322bcf54cf1fc37ff74b87fd36e282dc1cf7863
+Index: gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
+===
+--- gnome-calendar-43.1.orig/src/utils/gcal-source-discoverer.c
 gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
+@@ -183,6 +183,26 @@ is_authentication_error (gint code)
+   return FALSE;
+ }
+ 
++static GUri *
++create_and_validate_uri (const gchar  *uri,
++ GError  **error)
++{
++  g_autoptr (GUri) guri = NULL;
++
++  guri = g_uri_parse (uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, error);
++
++  if (!guri)
++GCAL_RETURN (NULL);
++
++  if (!g_uri_get_host (guri) || g_uri_get_host (guri)[0] == '\0')
++{
++  g_set_error (error, G_URI_ERROR, G_URI_ERROR_FAILED, "Invalid URI");
++  return NULL;
++}
++
++  return g_steal_pointer ();
++}
++
+ 
+ /*
+  * Callbacks
+@@ -221,7 +241,7 @@ discover_file_in_thread (DiscovererData
+ 
+   GCAL_ENTRY;
+ 
+-  guri = g_uri_parse (data->uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, NULL);
++  guri = create_and_validate_uri (data->uri, error);
+ 
+   if (!guri)
+ GCAL_RETURN (NULL);
+@@ -277,6 +297,7 @@ discover_webdav_in_thread (DiscovererDat
+   g_autoptr (ESource) source = NULL;
+   g_autoptr (GError) local_error = NULL;
+   g_autofree gchar *certificate_pem = NULL;
++  g_autoptr (GUri) guri = NULL;
+   GTlsCertificateFlags flags;
+   GSList *discovered_sources = NULL;
+   GSList *user_addresses = NULL;
+@@ -284,6 +305,11 @@ discover_webdav_in_thread (DiscovererDat
+ 
+   GCAL_ENTRY;
+ 
++  guri = create_and_validate_uri (data->uri, error);
++
++  if (!guri)
++GCAL_RETURN (NULL);
++
+   credentials = e_named_parameters_new ();
+   e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_USERNAME, data->username);
+   e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_PASSWORD, data->password);
+Index: gnome-calendar-43.1/tests/test-discoverer.c
+===
+--- gnome-calendar-43.1.orig/tests/test-discoverer.c
 gnome-calendar-43.1/tests/test-discoverer.c
+@@ -82,6 +82,43 @@ discoverer_file (void)
+ 
+ /*/
+ 
++static void
++discoverer_invalid_https_only_cb (GObject  *source_object,
++  GAsyncResult *result,
++  gpointer  user_data)
++{
++  g_autoptr (GPtrArray) sources = NULL;
++  g_autoptr (GError) error = NULL;
++  GMainLoop *mainloop = user_data;
++
++  sources = gcal_discover_sources_from_uri_finish (result, );
++  g_assert_error (error, G_URI_ERROR, G_URI_ERROR_FAILED);
++  g_assert_null (sources);
++
++  g_main_loop_quit (mainloop);
++}
++
++static void
++discoverer_invalid_https_only (void)
++{
++  g_autoptr (GMainLoop) mainloop = NULL;
++
++  g_test_bug ("794");
++
++  mainloop = g_main_loop_new (NULL, FALSE);
++
++  gcal_discover_sources_from_uri ("https://;,
++  NULL,
++  NULL,
++  NULL,
++  discoverer_invalid_https_only_cb,
++  mainloop);
++
++  g_main_loop_run (mainloop);
++}
++
++/*/
++
+

Bug#1033239: libsoup-3.0-0: Crash when adding a new calendar in gnome-calendars

2023-03-20 Thread Alberto Garcia 
reassign 1033239 gnome-calendar 43.1-1
tags 1033239 fixed-upstream
retitle 1033239 Crashes when typing an https url manually
thanks

On Mon, Mar 20, 2023 at 03:45:00PM +, Alberto Garcia wrote:

> I'm not sure if this is a problem in libsoup or in gnome-calendar,

It was in gnome-calendar after all:

   https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/794

   
https://gitlab.gnome.org/GNOME/gnome-calendar/-/commit/0322bcf54cf1fc37ff74b87fd36e282dc1cf7863

Berto

Bug#1033239: libsoup-3.0-0: Crash when adding a new calendar in gnome-calendars

2023-03-20 Thread Alberto Garcia 
Package: libsoup-3.0-0
Version: 3.2.2-2
Severity: important
X-Debbugs-Cc: be...@igalia.com

Dear Maintainer,

I'm not sure if this is a problem in libsoup or in gnome-calendar,
but here are the steps to reproduce it:

Open gnome-calendar, go to Calendars -> Manage Calendars -> 
  Add Calendar -> type 'https://' in the address bar and wait for a few seconds

Here's what happens:

Thread 22 "pool-gnome-cale" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f3704bae6c0 (LWP 44978)]
0x7f37149d6f98 in soup_message_cleanup_response (msg=0x0) at 
../libsoup/soup-message.c:1843
1843soup_message_headers_clear (priv->response_headers);
(gdb) bt
#0  0x7f37149d6f98 in soup_message_cleanup_response (msg=0x0) at 
../libsoup/soup-message.c:1843
#1  0x7f37149e2279 in soup_session_append_queue_item 
(session=0x7f36dc01c770 [SoupSession], msg=0x0, async=0, 
cancellable=0x5574be64bb20 [GCancellable]) at ../libsoup/soup-session.c:1330
#2  0x7f37149e65a2 in soup_session_send (session=0x7f36dc01c770 
[SoupSession], msg=0x0, cancellable=0x5574be64bb20 [GCancellable], 
error=0x7f3704bad9d8) at ../libsoup/soup-session.c:3190
#3  0x5574bd3429c2 in  ()
#4  0x5574bd3421a4 in  ()
#5  0x7f3714e69793 in g_task_thread_pool_thread 
(thread_data=0x7f36e4002480, pool_data=) at 
../../../gio/gtask.c:1454
#6  0x7f3714ca16ca in g_thread_pool_thread_proxy (data=) at 
../../../glib/gthreadpool.c:352
#7  0x7f3714ca0cfd in g_thread_proxy (data=0x5574c3b10580) at 
../../../glib/gthread.c:831
#8  0x7f3714700fd4 in start_thread (arg=) at 
./nptl/pthread_create.c:442
#9  0x7f371478166c in clone3 () at 
../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libsoup-3.0-0 depends on:
ii  glib-networking 2.74.0-4
ii  libbrotli1  1.0.9-2+b6
ii  libc6   2.36-8
ii  libglib2.0-02.74.6-1
ii  libgssapi-krb5-21.20.1-1
ii  libnghttp2-14   1.52.0-1
ii  libpsl5 0.21.2-1
ii  libsoup-3.0-common  3.2.2-2
ii  libsqlite3-03.40.1-2
ii  zlib1g  1:1.2.13.dfsg-1

libsoup-3.0-0 recommends no packages.

libsoup-3.0-0 suggests no packages.

-- no debconf information