From b587db70ff7b9ae3c37a8c8e75a21235db724174efcec543d3f182ddfe26834c Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Thu, 7 Dec 2023 15:22:21 +0000
Subject: [PATCH] Accepting request 1131560 from
 home:yfjiang:branches:GNOME:Factory

Add a missing patch ever submitted to Leap/SLE.

OBS-URL: https://build.opensuse.org/request/show/1131560
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gtk3?expand=0&rev=447
---
 ...n-avoid-SEGV-after-bad-password-inpu.patch | 70 +++++++++++++++++++
 gtk3.changes                                  |  6 ++
 gtk3.spec                                     |  3 +
 3 files changed, 79 insertions(+)
 create mode 100644 gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch

diff --git a/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch b/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch
new file mode 100644
index 0000000..02cc6d8
--- /dev/null
+++ b/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch
@@ -0,0 +1,70 @@
+From 9f04e534590c515cefeb5e21b77f7a7d748d3643 Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Fri, 2 Jun 2023 15:16:58 +0200
+Subject: [PATCH] gtkmountoperation: avoid SEGV after bad password input
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+I observed the following nautilus crash below after trying to access an SMB
+share and mistyping my password (it also happens if mounting the SMB share
+fails for other reasons after entering a password). The crash happens when
+the password entry window pops up the second time, in this code path, at
+the 7th element of priv->user_widgets:
+
+458	pw_dialog_anonymous_toggled (GtkWidget         *widget,
+459	                             GtkMountOperation *operation)
+460	{
+...
+472	  for (l = priv->user_widgets; l != NULL; l = l->next)
+473	    {
+474	      gtk_widget_set_sensitive (GTK_WIDGET (l->data), !priv->anonymous);
+475	    }
+
+The broken element had l->data = 0xaaaaaaaaaaaa, which means the pointer had
+been freed.
+
+The broken list entries were at the of the list because when
+gtk_mount_operation_ask_password_do_gtk() constucts the pop-up the 2nd time,
+it prepends new widgets:
+
+gtk_mount_operation_ask_password_do_gtk()
+   table_add_entry
+       operation->priv->user_widgets = g_list_prepend (operation->priv->user_widgets, entry);
+
+The problem is that in pw_dialog_got_response(), the widget is destroyed,
+which also destroys all child widgets, but the priv->user_widgets list is
+neither freed nor set to NULL.
+
+Fix it.
+
+    instance_and_params=instance_and_params@entry=0x7ffd0585dd20) at ../gobject/gsignal.c:3742
+    default_user=default_user@entry=0x556964cfd740 "USER", default_domain=default_domain@entry=0x5569654ce990 "DOMAIN", flags=<optimized out>) at gtkmountoperation.c:900
+    n_params=<optimized out>, param_types=0x556965007460) at ../gio/gmarshal-internal.c:2254
+    arg_message_string=0x556965660ce0 "Authentication Required\nEnter user and password for share “SHARE” on “SERVER”:", arg_default_user=0x55696535e310 "USER",
+    arg_default_domain=0x55696505b820 "DOMAIN", arg_flags_as_int=31, data=0x556964d757f0) at ../common/gmountoperationdbus.c:112
+    at ../src/x86/ffi64.c:662
+--Type <RET> for more, q to quit, c to continue without paging--c
+---
+ gtk/gtkmountoperation.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gtk/gtkmountoperation.c b/gtk/gtkmountoperation.c
+index 2cf7e75..e6b50c9 100644
+--- a/gtk/gtkmountoperation.c
++++ b/gtk/gtkmountoperation.c
+@@ -380,6 +380,11 @@ pw_dialog_got_response (GtkDialog         *dialog,
+   else
+     g_mount_operation_reply (op, G_MOUNT_OPERATION_ABORTED);
+ 
++  if (priv->user_widgets)
++    {
++      g_list_free (priv->user_widgets);
++      priv->user_widgets = NULL;
++    }
+   priv->dialog = NULL;
+   g_object_notify (G_OBJECT (op), "is-showing");
+   gtk_widget_destroy (GTK_WIDGET (dialog));
+-- 
+2.40.1
+
diff --git a/gtk3.changes b/gtk3.changes
index 38f4b4d..d455fd8 100644
--- a/gtk3.changes
+++ b/gtk3.changes
@@ -21,6 +21,12 @@ Mon Aug 14 03:34:22 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
 - Do not use %autopatch to build on SLE where rpm version is not
   ready for the macro.
 
+-------------------------------------------------------------------
+Fri Jun  2 13:40:09 UTC 2023 - Martin Wilck <mwilck@suse.com>
+
+- Fix nautilus crash after entering wrong SMB password (bsc#1211952)
+  * add gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch
+
 -------------------------------------------------------------------
 Mon May 22 16:08:09 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 
diff --git a/gtk3.spec b/gtk3.spec
index f0426d9..f492836 100644
--- a/gtk3.spec
+++ b/gtk3.spec
@@ -45,6 +45,8 @@ Source99:       baselibs.conf
 Patch0:         gtk3-GTK_PATH64.patch
 # PATCH-FIX-OPENSUSE gtk3-revert-forced-xftdpi.patch fvogt@opensuse.org -- Revert very controversal commit on GTK3, forcing DPI to 96
 Patch1:         gtk3-revert-forced-xftdpi.patch
+# PATCH-FIX-UPSTREAM gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch mwilck@suse.com -- fix bsc#1211952 glgo#GNOME/gtk#5059 glgo#GNOME/gtk#6049
+Patch2:         gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch
 
 BuildRequires:  cups-devel >= 1.7
 BuildRequires:  docbook-xsl-stylesheets
@@ -395,6 +397,7 @@ cp -a %{SOURCE1} .
 %autopatch -p1 -m 1 -M 999
 %else
 %patch -P 1 -p1
+%patch -P 2 -p1
 %endif
 
 %build