From 62a7e24c27c2f5550f42d78ab3e2145f454c70a8 Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Tue, 3 Nov 2020 16:17:34 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/libreport.git#4eeb8e1577a388094f992f5eacaf7b31a6a8ac04
---
 0008-rhbz-Fix-a-double-free-condition.patch | 48 +++++++++++++++++++++
 libreport.spec                              |  6 ++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 0008-rhbz-Fix-a-double-free-condition.patch

diff --git a/0008-rhbz-Fix-a-double-free-condition.patch b/0008-rhbz-Fix-a-double-free-condition.patch
new file mode 100644
index 0000000..4180663
--- /dev/null
+++ b/0008-rhbz-Fix-a-double-free-condition.patch
@@ -0,0 +1,48 @@
+From 9cdf0f9123ee39c7cb32a276371b2fd95f0df5ac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
+Date: Mon, 2 Nov 2020 11:45:23 +0100
+Subject: [PATCH] rhbz: Fix a double-free condition
+
+The `cc` string must not be freed after the variable goes out of scope
+since it's appended to `cc_list`. (`g_list_append()` does not copy its
+input.) We only need to free the last string in the loop, which is an
+empty string.
+
+The bug was introduced in 7aba6e53.
+
+Resolves rhbz#1893595
+---
+ src/plugins/rhbz.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/plugins/rhbz.c b/src/plugins/rhbz.c
+index 8a2ded79..e0d7a091 100644
+--- a/src/plugins/rhbz.c
++++ b/src/plugins/rhbz.c
+@@ -406,18 +406,20 @@ GList *rhbz_bug_cc(xmlrpc_value* result_xml)
+         if (!item)
+             continue;
+ 
+-        g_autofree const char* cc = NULL;
+-        xmlrpc_read_string(&env, item, &cc);
++        char *cc = NULL;
++        xmlrpc_read_string(&env, item, (const char **)&cc);
+         xmlrpc_DECREF(item);
+         if (env.fault_occurred)
+             abrt_xmlrpc_die(&env);
+ 
+         if (*cc != '\0')
+         {
+-            cc_list = g_list_append(cc_list, (char*)cc);
++            cc_list = g_list_append(cc_list, cc);
+             log_debug("member on cc is %s", cc);
+             continue;
+         }
++
++        free(cc);
+     }
+     xmlrpc_DECREF(cc_member);
+     return cc_list;
+-- 
+2.26.2
+
diff --git a/libreport.spec b/libreport.spec
index f17e39f..abcb45d 100644
--- a/libreport.spec
+++ b/libreport.spec
@@ -15,7 +15,7 @@
 Summary: Generic library for reporting various problems
 Name: libreport
 Version: 2.14.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 URL: https://abrt.readthedocs.org/
 Source: https://github.com/abrt/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
@@ -27,6 +27,7 @@ Patch3: 0004-gui-wizard-gtk-Fix-a-segfault-and-memory-leak.patch
 Patch4: 0005-gui-wizard-gtk-Fix-segfault.patch
 Patch5: 0006-event_config-Null-autofree-pointers-before-returning.patch
 Patch6: 0007-gui-wizard-gtk-Don-t-autofree-URL-string.patch
+Patch7: 0008-rhbz-Fix-a-double-free-condition.patch
 
 BuildRequires: %{dbus_devel}
 BuildRequires: gtk3-devel
@@ -667,6 +668,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Tue Nov 03 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-12
+- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1893595
+
 * Fri Oct 09 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-11
 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882328