Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package gnome-calendar
[ Reason ]
If the user tries to add a new calendar manually, the version of
gnome-calendar currently in testing crashes while the user is typing
the URI.
This happens while the URI is incomplete because it is not validated
before proceeding.
[ Impact ]
The application crashes suddenly and must be restarted with no clue
about why the crash happened.
[ Tests ]
Tested manually, the bug is very easy to reproduce, simply typing
'https://' on the URL entry is enough. The new package also provides a
test case.
[ Risks ]
Very low, this is the upstream patch for this bug and is very
straightforward.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock gnome-calendar/43.1-2
diff -Nru gnome-calendar-43.1/debian/changelog
gnome-calendar-43.1/debian/changelog
--- gnome-calendar-43.1/debian/changelog 2022-10-18 16:09:27.000000000
+0200
+++ gnome-calendar-43.1/debian/changelog 2023-03-20 18:25:22.000000000
+0100
@@ -1,3 +1,14 @@
+gnome-calendar (43.1-2) unstable; urgency=high
+
+ [ Alberto Garcia ]
+ * debian/patches/validate-uri.patch:
+ - Fix crash when adding an url manually (Closes: #1033239)
+
+ [ Jeremy Bicha ]
+ * Branch for bookworm
+
+ -- Alberto Garcia <be...@igalia.com> Mon, 20 Mar 2023 18:25:22 +0100
+
gnome-calendar (43.1-1) unstable; urgency=high
* New upstream release (LP: #1993308)
diff -Nru gnome-calendar-43.1/debian/control gnome-calendar-43.1/debian/control
--- gnome-calendar-43.1/debian/control 2022-10-18 16:09:27.000000000 +0200
+++ gnome-calendar-43.1/debian/control 2023-03-20 18:25:22.000000000 +0100
@@ -6,7 +6,7 @@
Section: gnome
Priority: optional
Maintainer: Debian GNOME Maintainers
<pkg-gnome-maintain...@lists.alioth.debian.org>
-Uploaders: Iain Lane <la...@debian.org>, Jeremy Bicha <jbi...@ubuntu.com>,
Laurent Bigonville <bi...@debian.org>
+Uploaders: Jeremy Bicha <jbi...@ubuntu.com>
Build-Depends: appstream-util,
debhelper-compat (= 13),
dh-sequence-gnome,
@@ -29,8 +29,8 @@
xvfb <!nocheck>,
Standards-Version: 4.6.0
Rules-Requires-Root: no
-Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar
-Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git
+Vcs-Browser:
https://salsa.debian.org/gnome-team/gnome-calendar/tree/debian/bookworm
+Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git -b
debian/bookworm
Homepage: https://wiki.gnome.org/Apps/Calendar
Package: gnome-calendar
diff -Nru gnome-calendar-43.1/debian/control.in
gnome-calendar-43.1/debian/control.in
--- gnome-calendar-43.1/debian/control.in 2022-10-18 16:09:27.000000000
+0200
+++ gnome-calendar-43.1/debian/control.in 2023-03-20 18:25:22.000000000
+0100
@@ -25,8 +25,8 @@
xvfb <!nocheck>,
Standards-Version: 4.6.0
Rules-Requires-Root: no
-Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar
-Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git
+Vcs-Browser:
https://salsa.debian.org/gnome-team/gnome-calendar/tree/debian/bookworm
+Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git -b
debian/bookworm
Homepage: https://wiki.gnome.org/Apps/Calendar
Package: gnome-calendar
diff -Nru gnome-calendar-43.1/debian/gbp.conf
gnome-calendar-43.1/debian/gbp.conf
--- gnome-calendar-43.1/debian/gbp.conf 2022-10-18 16:09:27.000000000 +0200
+++ gnome-calendar-43.1/debian/gbp.conf 2023-03-20 18:25:22.000000000 +0100
@@ -1,6 +1,6 @@
[DEFAULT]
pristine-tar = True
-debian-branch = debian/master
+debian-branch = debian/bookworm
upstream-branch = upstream/latest
[buildpackage]
diff -Nru gnome-calendar-43.1/debian/patches/series
gnome-calendar-43.1/debian/patches/series
--- gnome-calendar-43.1/debian/patches/series 2022-10-18 16:09:27.000000000
+0200
+++ gnome-calendar-43.1/debian/patches/series 2023-03-20 18:25:22.000000000
+0100
@@ -0,0 +1 @@
+validate-uri.patch
diff -Nru gnome-calendar-43.1/debian/patches/validate-uri.patch
gnome-calendar-43.1/debian/patches/validate-uri.patch
--- gnome-calendar-43.1/debian/patches/validate-uri.patch 1970-01-01
01:00:00.000000000 +0100
+++ gnome-calendar-43.1/debian/patches/validate-uri.patch 2023-03-20
18:25:22.000000000 +0100
@@ -0,0 +1,121 @@
+From: Georges Basile Stavracas Neto <georges.stavra...@gmail.com>
+Subject: Test URI before discovery
+Bug: https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/794
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033239
+Origin:
https://gitlab.gnome.org/GNOME/gnome-calendar/-/commit/0322bcf54cf1fc37ff74b87fd36e282dc1cf7863
+Index: gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
+===================================================================
+--- gnome-calendar-43.1.orig/src/utils/gcal-source-discoverer.c
++++ gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
+@@ -183,6 +183,26 @@ is_authentication_error (gint code)
+ return FALSE;
+ }
+
++static GUri *
++create_and_validate_uri (const gchar *uri,
++ GError **error)
++{
++ g_autoptr (GUri) guri = NULL;
++
++ guri = g_uri_parse (uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED,
error);
++
++ if (!guri)
++ GCAL_RETURN (NULL);
++
++ if (!g_uri_get_host (guri) || g_uri_get_host (guri)[0] == '\0')
++ {
++ g_set_error (error, G_URI_ERROR, G_URI_ERROR_FAILED, "Invalid URI");
++ return NULL;
++ }
++
++ return g_steal_pointer (&guri);
++}
++
+
+ /*
+ * Callbacks
+@@ -221,7 +241,7 @@ discover_file_in_thread (DiscovererData
+
+ GCAL_ENTRY;
+
+- guri = g_uri_parse (data->uri, SOUP_HTTP_URI_FLAGS |
G_URI_FLAGS_PARSE_RELAXED, NULL);
++ guri = create_and_validate_uri (data->uri, error);
+
+ if (!guri)
+ GCAL_RETURN (NULL);
+@@ -277,6 +297,7 @@ discover_webdav_in_thread (DiscovererDat
+ g_autoptr (ESource) source = NULL;
+ g_autoptr (GError) local_error = NULL;
+ g_autofree gchar *certificate_pem = NULL;
++ g_autoptr (GUri) guri = NULL;
+ GTlsCertificateFlags flags;
+ GSList *discovered_sources = NULL;
+ GSList *user_addresses = NULL;
+@@ -284,6 +305,11 @@ discover_webdav_in_thread (DiscovererDat
+
+ GCAL_ENTRY;
+
++ guri = create_and_validate_uri (data->uri, error);
++
++ if (!guri)
++ GCAL_RETURN (NULL);
++
+ credentials = e_named_parameters_new ();
+ e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_USERNAME,
data->username);
+ e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_PASSWORD,
data->password);
+Index: gnome-calendar-43.1/tests/test-discoverer.c
+===================================================================
+--- gnome-calendar-43.1.orig/tests/test-discoverer.c
++++ gnome-calendar-43.1/tests/test-discoverer.c
+@@ -82,6 +82,43 @@ discoverer_file (void)
+
+
/*********************************************************************************************************************/
+
++static void
++discoverer_invalid_https_only_cb (GObject *source_object,
++ GAsyncResult *result,
++ gpointer user_data)
++{
++ g_autoptr (GPtrArray) sources = NULL;
++ g_autoptr (GError) error = NULL;
++ GMainLoop *mainloop = user_data;
++
++ sources = gcal_discover_sources_from_uri_finish (result, &error);
++ g_assert_error (error, G_URI_ERROR, G_URI_ERROR_FAILED);
++ g_assert_null (sources);
++
++ g_main_loop_quit (mainloop);
++}
++
++static void
++discoverer_invalid_https_only (void)
++{
++ g_autoptr (GMainLoop) mainloop = NULL;
++
++ g_test_bug ("794");
++
++ mainloop = g_main_loop_new (NULL, FALSE);
++
++ gcal_discover_sources_from_uri ("https://";,
++ NULL,
++ NULL,
++ NULL,
++ discoverer_invalid_https_only_cb,
++ mainloop);
++
++ g_main_loop_run (mainloop);
++}
++
++/*********************************************************************************************************************/
++
+ #if 0
+
+ static void
+@@ -183,6 +220,7 @@ main (gint argc,
+ g_test_init (&argc, &argv, NULL);
+
+ g_test_add_func ("/discoverer/file", discoverer_file);
++ g_test_add_func ("/discoverer/invalid-https-only",
discoverer_invalid_https_only);
+ //g_test_add_func ("/discoverer/webdav/unauthorized",
discoverer_webdav_unauthorized);
+
+ return g_test_run ();
