From 2067030f4b1693adeb65c10f694167e4efed814a Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Thu, 22 Jun 2017 12:46:27 +0200
Subject: [PATCH] editor: fix a crash on connection save

---
 ...y-acually-save-the-PKCS-11-PINs-for-.patch | 98 +++++++++++++++++++
 ...y-fix-some-crash-issues-on-connectio.patch | 44 +++++++++
 network-manager-applet.spec                   |  9 +-
 3 files changed, 150 insertions(+), 1 deletion(-)
 create mode 100644 0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
 create mode 100644 0002-wireless-security-fix-some-crash-issues-on-connectio.patch

diff --git a/0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch b/0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
new file mode 100644
index 0000000..1f9611a
--- /dev/null
+++ b/0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
@@ -0,0 +1,98 @@
+From d7e873d91310203726b6e2472da3a94b4c8aac9d Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Thu, 22 Jun 2017 12:39:42 +0200
+Subject: [PATCH 1/2] wireless-security: acually save the PKCS#11 PINs for
+ certificates
+
+---
+ src/wireless-security/eap-method-peap.c |  5 ++++-
+ src/wireless-security/eap-method-tls.c  | 10 ++++++++--
+ src/wireless-security/eap-method-ttls.c |  5 ++++-
+ 3 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c
+index 81bd2754..4be53762 100644
+--- a/src/wireless-security/eap-method-peap.c
++++ b/src/wireless-security/eap-method-peap.c
+@@ -174,7 +174,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 
+ #if LIBNM_BUILD
+ /* libnm-glib doesn't support this. */
+-	/* Save CA certificate PIN password flags to the connection */
++	/* Save CA certificate PIN and its flags to the connection */
+ 	secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ 	nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ 	                             secret_flags, NULL);
+@@ -183,6 +183,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 		nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 		                                               secret_flags, NM_SETTING (s_8021x),
+ 		                                               NM_SETTING_802_1X_CA_CERT_PASSWORD);
++		g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
++		              nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
++		              NULL);
+ 	}
+ #endif
+ 
+diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
+index a740c114..0595fd06 100644
+--- a/src/wireless-security/eap-method-tls.c
++++ b/src/wireless-security/eap-method-tls.c
+@@ -160,7 +160,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 
+ #if LIBNM_BUILD
+ /* libnm-glib doesn't support these. */
+-	/* Save CA certificate PIN password flags to the connection */
++	/* Save CA certificate PIN and its flags to the connection */
+ 	secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ 	nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->ca_cert_password_flags_name,
+ 	                             secret_flags, NULL);
+@@ -169,9 +169,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 		nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 		                                               secret_flags, NM_SETTING (s_8021x),
+ 		                                               method->ca_cert_password_flags_name);
++		g_object_set (s_8021x, method->ca_cert_password_flags_name,
++		              nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
++		              NULL);
+ 	}
+ 
+-	/* Save user certificate PIN password flags to the connection */
++	/* Save user certificate PIN and its flags flags to the connection */
+ 	secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser));
+ 	nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_cert_password_flags_name,
+ 	                             secret_flags, NULL);
+@@ -179,6 +182,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 		nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ 		                                               secret_flags, NM_SETTING (s_8021x),
+ 		                                               method->client_cert_password_flags_name);
++		g_object_set (s_8021x, method->client_cert_password_flags_name,
++		              nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->client_cert_chooser)),
++		              NULL);
+ 	}
+ #endif
+ 
+diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c
+index 4e9201fb..71bede99 100644
+--- a/src/wireless-security/eap-method-ttls.c
++++ b/src/wireless-security/eap-method-ttls.c
+@@ -170,7 +170,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 
+ #if LIBNM_BUILD
+ /* libnm-glib doesn't support this. */
+-	/* Save CA certificate PIN password flags to the connection */
++	/* Save CA certificate PIN and its flags to the connection */
+ 	secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ 	nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ 	                             secret_flags, NULL);
+@@ -179,6 +179,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 		nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 		                                               secret_flags, NM_SETTING (s_8021x),
+ 		                                               NM_SETTING_802_1X_CA_CERT_PASSWORD);
++		g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
++		              nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
++		              NULL);
+ 	}
+ #endif
+ 
+-- 
+2.13.0
+
diff --git a/0002-wireless-security-fix-some-crash-issues-on-connectio.patch b/0002-wireless-security-fix-some-crash-issues-on-connectio.patch
new file mode 100644
index 0000000..cc25246
--- /dev/null
+++ b/0002-wireless-security-fix-some-crash-issues-on-connectio.patch
@@ -0,0 +1,44 @@
+From b322931ea69583140b512803ccdc75f0a1671cc1 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 20 Jun 2017 17:19:04 +0200
+Subject: [PATCH 2/2] wireless-security: fix some crash issues on connection
+ save
+
+A use-after-free and a double-free.
+---
+ src/wireless-security/eap-method-tls.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
+index 0595fd06..d3bbf66d 100644
+--- a/src/wireless-security/eap-method-tls.c
++++ b/src/wireless-security/eap-method-tls.c
+@@ -143,7 +143,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ #endif
+ 
+ 	/* TLS private key */
+-	password = g_strdup (nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser)));
++	password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser));
+ 	value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
+ 
+ 	if (parent->phase2) {
+@@ -157,6 +157,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 			g_clear_error (&error);
+ 		}
+ 	}
++	g_free (value);
+ 
+ #if LIBNM_BUILD
+ /* libnm-glib doesn't support these. */
+@@ -222,6 +223,8 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ 	/* TLS CA certificate */
+ 	if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+ 		value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
++	else
++		value = NULL;
+ 	format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ 	if (parent->phase2) {
+ 		if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) {
+-- 
+2.13.0
+
diff --git a/network-manager-applet.spec b/network-manager-applet.spec
index 3ae62cb..f2cf25f 100644
--- a/network-manager-applet.spec
+++ b/network-manager-applet.spec
@@ -5,7 +5,7 @@
 
 %global rpm_version 1.8.2
 %global real_version 1.8.2
-%global release_version 1
+%global release_version 2
 
 Name: network-manager-applet
 Summary: A network control and status applet for NetworkManager
@@ -18,6 +18,8 @@ Obsoletes: NetworkManager-gnome < %{obsoletes_ver}
 
 Source: https://download.gnome.org/sources/network-manager-applet/1.8/%{name}-%{real_version}.tar.xz
 Patch0: nm-applet-no-notifications.patch
+Patch1: 0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
+Patch2: 0002-wireless-security-fix-some-crash-issues-on-connectio.patch
 
 Requires: NetworkManager >= %{nm_version}
 Requires: NetworkManager-glib >= %{nm_version}
@@ -118,6 +120,8 @@ This package deprecates libnm-gtk.
 %prep
 %setup -q -n "%{name}-%{real_version}"
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 autoreconf -i -f
@@ -233,6 +237,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
 
 
 %changelog
+* Thu Jun 22 2017 Lubomir Rintel <lkundrak@v3.sk> - 1.8.2-2
+- editor: fix a crash on connection save
+
 * Tue Jun 13 2017 Lubomir Rintel <lkundrak@v3.sk> - 1.8.2-1
 - Update to network-manager-applet 1.8.2 release