diff --git a/gnome-calendar.spec b/gnome-calendar.spec index 317f3fa..42d8df2 100644 --- a/gnome-calendar.spec +++ b/gnome-calendar.spec @@ -6,7 +6,7 @@ Name: gnome-calendar Version: 3.33.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Simple and beautiful calendar application designed to fit GNOME 3 License: GPLv3+ @@ -22,8 +22,9 @@ Patch4: 79.patch Patch5: 82.patch Patch6: 84.patch Patch7: 85.patch -# https://gitlab.gnome.org/GNOME/gnome-calendar/issues/434 +# https://gitlab.gnome.org/GNOME/gnome-calendar/issues/ Patch8: issue-434.patch +Patch9: issue-435.patch @@ -93,6 +94,9 @@ appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/org.gnome %{_datadir}/gnome-shell/search-providers/org.gnome.Calendar.search-provider.ini %changelog +* Wed Jul 17 2019 Michael Catanzaro - 3.33.1-5 +- Add another patch to fix another use-after-free vulnerability + * Wed Jul 17 2019 Michael Catanzaro - 3.33.1-4 - Add patch to fix a use-after-free vulnerability diff --git a/issue-435.patch b/issue-435.patch new file mode 100644 index 0000000..56fce53 --- /dev/null +++ b/issue-435.patch @@ -0,0 +1,27 @@ +commit 0b0847bed0c33485cd7f198d9a0698da18452e78 (HEAD -> mcatanzaro/#435) +Author: Michael Catanzaro +Date: Wed Jul 17 17:52:39 2019 -0500 + + Fix use-after-free in GcalManager code + + This was originally discovered and fixed by Milan Crha; I'm just + forward-porting his fix to the master branch. self->clients takes + ownership of this source but we don't currently have ownership here, + leading to a double free vulnerability. + + Fixes #435 + +diff --git a/src/core/gcal-manager.c b/src/core/gcal-manager.c +index 7760eccc..879695b1 100644 +--- a/src/core/gcal-manager.c ++++ b/src/core/gcal-manager.c +@@ -269,7 +269,7 @@ on_calendar_created_cb (GObject *source_object, + client = gcal_calendar_get_client (calendar); + source = gcal_calendar_get_source (calendar); + +- g_hash_table_insert (self->clients, source, calendar); ++ g_hash_table_insert (self->clients, g_object_ref (source), calendar); + + if (visible) + { +