Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package gnome-calendar [ Reason ] If the user tries to add a new calendar manually, the version of gnome-calendar currently in testing crashes while the user is typing the URI. This happens while the URI is incomplete because it is not validated before proceeding. [ Impact ] The application crashes suddenly and must be restarted with no clue about why the crash happened. [ Tests ] Tested manually, the bug is very easy to reproduce, simply typing 'https://' on the URL entry is enough. The new package also provides a test case. [ Risks ] Very low, this is the upstream patch for this bug and is very straightforward. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock gnome-calendar/43.1-2
diff -Nru gnome-calendar-43.1/debian/changelog gnome-calendar-43.1/debian/changelog --- gnome-calendar-43.1/debian/changelog 2022-10-18 16:09:27.000000000 +0200 +++ gnome-calendar-43.1/debian/changelog 2023-03-20 18:25:22.000000000 +0100 @@ -1,3 +1,14 @@ +gnome-calendar (43.1-2) unstable; urgency=high + + [ Alberto Garcia ] + * debian/patches/validate-uri.patch: + - Fix crash when adding an url manually (Closes: #1033239) + + [ Jeremy Bicha ] + * Branch for bookworm + + -- Alberto Garcia <be...@igalia.com> Mon, 20 Mar 2023 18:25:22 +0100 + gnome-calendar (43.1-1) unstable; urgency=high * New upstream release (LP: #1993308) diff -Nru gnome-calendar-43.1/debian/control gnome-calendar-43.1/debian/control --- gnome-calendar-43.1/debian/control 2022-10-18 16:09:27.000000000 +0200 +++ gnome-calendar-43.1/debian/control 2023-03-20 18:25:22.000000000 +0100 @@ -6,7 +6,7 @@ Section: gnome Priority: optional Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> -Uploaders: Iain Lane <la...@debian.org>, Jeremy Bicha <jbi...@ubuntu.com>, Laurent Bigonville <bi...@debian.org> +Uploaders: Jeremy Bicha <jbi...@ubuntu.com> Build-Depends: appstream-util, debhelper-compat (= 13), dh-sequence-gnome, @@ -29,8 +29,8 @@ xvfb <!nocheck>, Standards-Version: 4.6.0 Rules-Requires-Root: no -Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar -Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git +Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar/tree/debian/bookworm +Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git -b debian/bookworm Homepage: https://wiki.gnome.org/Apps/Calendar Package: gnome-calendar diff -Nru gnome-calendar-43.1/debian/control.in gnome-calendar-43.1/debian/control.in --- gnome-calendar-43.1/debian/control.in 2022-10-18 16:09:27.000000000 +0200 +++ gnome-calendar-43.1/debian/control.in 2023-03-20 18:25:22.000000000 +0100 @@ -25,8 +25,8 @@ xvfb <!nocheck>, Standards-Version: 4.6.0 Rules-Requires-Root: no -Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar -Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git +Vcs-Browser: https://salsa.debian.org/gnome-team/gnome-calendar/tree/debian/bookworm +Vcs-Git: https://salsa.debian.org/gnome-team/gnome-calendar.git -b debian/bookworm Homepage: https://wiki.gnome.org/Apps/Calendar Package: gnome-calendar diff -Nru gnome-calendar-43.1/debian/gbp.conf gnome-calendar-43.1/debian/gbp.conf --- gnome-calendar-43.1/debian/gbp.conf 2022-10-18 16:09:27.000000000 +0200 +++ gnome-calendar-43.1/debian/gbp.conf 2023-03-20 18:25:22.000000000 +0100 @@ -1,6 +1,6 @@ [DEFAULT] pristine-tar = True -debian-branch = debian/master +debian-branch = debian/bookworm upstream-branch = upstream/latest [buildpackage] diff -Nru gnome-calendar-43.1/debian/patches/series gnome-calendar-43.1/debian/patches/series --- gnome-calendar-43.1/debian/patches/series 2022-10-18 16:09:27.000000000 +0200 +++ gnome-calendar-43.1/debian/patches/series 2023-03-20 18:25:22.000000000 +0100 @@ -0,0 +1 @@ +validate-uri.patch diff -Nru gnome-calendar-43.1/debian/patches/validate-uri.patch gnome-calendar-43.1/debian/patches/validate-uri.patch --- gnome-calendar-43.1/debian/patches/validate-uri.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnome-calendar-43.1/debian/patches/validate-uri.patch 2023-03-20 18:25:22.000000000 +0100 @@ -0,0 +1,121 @@ +From: Georges Basile Stavracas Neto <georges.stavra...@gmail.com> +Subject: Test URI before discovery +Bug: https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/794 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033239 +Origin: https://gitlab.gnome.org/GNOME/gnome-calendar/-/commit/0322bcf54cf1fc37ff74b87fd36e282dc1cf7863 +Index: gnome-calendar-43.1/src/utils/gcal-source-discoverer.c +=================================================================== +--- gnome-calendar-43.1.orig/src/utils/gcal-source-discoverer.c ++++ gnome-calendar-43.1/src/utils/gcal-source-discoverer.c +@@ -183,6 +183,26 @@ is_authentication_error (gint code) + return FALSE; + } + ++static GUri * ++create_and_validate_uri (const gchar *uri, ++ GError **error) ++{ ++ g_autoptr (GUri) guri = NULL; ++ ++ guri = g_uri_parse (uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, error); ++ ++ if (!guri) ++ GCAL_RETURN (NULL); ++ ++ if (!g_uri_get_host (guri) || g_uri_get_host (guri)[0] == '\0') ++ { ++ g_set_error (error, G_URI_ERROR, G_URI_ERROR_FAILED, "Invalid URI"); ++ return NULL; ++ } ++ ++ return g_steal_pointer (&guri); ++} ++ + + /* + * Callbacks +@@ -221,7 +241,7 @@ discover_file_in_thread (DiscovererData + + GCAL_ENTRY; + +- guri = g_uri_parse (data->uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, NULL); ++ guri = create_and_validate_uri (data->uri, error); + + if (!guri) + GCAL_RETURN (NULL); +@@ -277,6 +297,7 @@ discover_webdav_in_thread (DiscovererDat + g_autoptr (ESource) source = NULL; + g_autoptr (GError) local_error = NULL; + g_autofree gchar *certificate_pem = NULL; ++ g_autoptr (GUri) guri = NULL; + GTlsCertificateFlags flags; + GSList *discovered_sources = NULL; + GSList *user_addresses = NULL; +@@ -284,6 +305,11 @@ discover_webdav_in_thread (DiscovererDat + + GCAL_ENTRY; + ++ guri = create_and_validate_uri (data->uri, error); ++ ++ if (!guri) ++ GCAL_RETURN (NULL); ++ + credentials = e_named_parameters_new (); + e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_USERNAME, data->username); + e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_PASSWORD, data->password); +Index: gnome-calendar-43.1/tests/test-discoverer.c +=================================================================== +--- gnome-calendar-43.1.orig/tests/test-discoverer.c ++++ gnome-calendar-43.1/tests/test-discoverer.c +@@ -82,6 +82,43 @@ discoverer_file (void) + + /*********************************************************************************************************************/ + ++static void ++discoverer_invalid_https_only_cb (GObject *source_object, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ g_autoptr (GPtrArray) sources = NULL; ++ g_autoptr (GError) error = NULL; ++ GMainLoop *mainloop = user_data; ++ ++ sources = gcal_discover_sources_from_uri_finish (result, &error); ++ g_assert_error (error, G_URI_ERROR, G_URI_ERROR_FAILED); ++ g_assert_null (sources); ++ ++ g_main_loop_quit (mainloop); ++} ++ ++static void ++discoverer_invalid_https_only (void) ++{ ++ g_autoptr (GMainLoop) mainloop = NULL; ++ ++ g_test_bug ("794"); ++ ++ mainloop = g_main_loop_new (NULL, FALSE); ++ ++ gcal_discover_sources_from_uri ("https://", ++ NULL, ++ NULL, ++ NULL, ++ discoverer_invalid_https_only_cb, ++ mainloop); ++ ++ g_main_loop_run (mainloop); ++} ++ ++/*********************************************************************************************************************/ ++ + #if 0 + + static void +@@ -183,6 +220,7 @@ main (gint argc, + g_test_init (&argc, &argv, NULL); + + g_test_add_func ("/discoverer/file", discoverer_file); ++ g_test_add_func ("/discoverer/invalid-https-only", discoverer_invalid_https_only); + //g_test_add_func ("/discoverer/webdav/unauthorized", discoverer_webdav_unauthorized); + + return g_test_run ();