[evolution-data-server/f19] Add patch for RH bug #982737 (Use-after-free in ECollectionBackend)

[Milan Crha]

commit 99bb136284cf829737937214aa6d352a70d9d55b
Author: Milan Crha <mcrha at redhat.com>
Date:   Wed Jul 10 11:38:43 2013 +0200

    Add patch for RH bug #982737 (Use-after-free in ECollectionBackend)

 ...r-3.8.3-use-after-free-collection-backend.patch |   27 ++++++++++++++++++++
 evolution-data-server.spec                         |    9 ++++++-
 2 files changed, 35 insertions(+), 1 deletions(-)
---
diff --git a/evolution-data-server-3.8.3-use-after-free-collection-backend.patch b/evolution-data-server-3.8.3-use-after-free-collection-backend.patch
new file mode 100644
index 0000000..afcc4e3
--- /dev/null
+++ b/evolution-data-server-3.8.3-use-after-free-collection-backend.patch
@@ -0,0 +1,27 @@
+commit 91ca0f23ecf1f57e7d09d6084d2f6880c7edbdf4
+Author: Milan Crha <mcrha at redhat.com>
+Date:   Mon Jul 1 12:00:11 2013 +0200
+
+    GError instance use-after-free in collection_backend_load_resources()
+    
+    The function uses a shared GError instance in a cycle, and on error
+    freed the instance with g_error_free() which left the pointer set,
+    only populated with freed memory, thus the next round, when it eventually
+    loaded correct source, the function thought it ended with an error
+    and a GSlice allocator aborted on the g_error_free() call. Resetting
+    the error variable to NULL after free (by using g_clear_error()) fixes
+    the crash.
+
+diff --git a/libebackend/e-collection-backend.c b/libebackend/e-collection-backend.c
+index d73c8b5..2baa6a4 100644
+--- a/libebackend/e-collection-backend.c
++++ b/libebackend/e-collection-backend.c
+@@ -246,7 +246,7 @@ collection_backend_load_resources (ECollectionBackend *backend)
+ 		if (error != NULL) {
+ 			g_warn_if_fail (source == NULL);
+ 			g_warning ("%s: %s", G_STRFUNC, error->message);
+-			g_error_free (error);
++			g_clear_error (&error);
+ 			continue;
+ 		}
+ 
diff --git a/evolution-data-server.spec b/evolution-data-server.spec
index a9a4f5f..6b78599 100644
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@@ -27,7 +27,7 @@
 
 Name: evolution-data-server
 Version: 3.8.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: System Environment/Libraries
 Summary: Backend data server for Evolution
 License: LGPLv2+
@@ -46,6 +46,9 @@ Patch01: evolution-data-server-1.11.5-fix-64bit-acinclude.patch
 # RH bug #981329
 Patch02: evolution-data-server-3.8.3-cal-tz-cache-crash.patch
 
+# RH bug #982737
+Patch03: evolution-data-server-3.8.3-use-after-free-collection-backend.patch
+
 ### Build Dependencies ###
 
 BuildRequires: libdb-devel
@@ -122,6 +125,7 @@ This package contains developer documentation for %{name}.
 
 %patch01 -p1 -b .fix-64bit-acinclude
 %patch02 -p1 -b .cal-tz-cache-crash
+%patch03 -p1 -b .use-after-free-collection-backend
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -370,6 +374,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
 %{_datadir}/gtk-doc/html/libedataserver
 
 %changelog
+* Wed Jul 10 2013 Milan Crha <mcrha at redhat.com> - 3.8.3-3
+- Add patch for RH bug #982737 (Use-after-free in ECollectionBackend)
+
 * Mon Jul 08 2013 Milan Crha <mcrha at redhat.com> - 3.8.3-2
 - Add patch for RH bug #981329 (crash in calendar timezone cache)