From 10bad43bfaf0bdb5fae74b4445609b5bed1442c3 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Apr 26 2017 19:10:42 +0000
Subject: Avoid a use-after-free in an error path (#1445915)


---

diff --git a/pidgin-jabber-Avoid-a-use-after-free-in-an-error-path.patch b/pidgin-jabber-Avoid-a-use-after-free-in-an-error-path.patch
new file mode 100644
index 0000000..ac48196
--- /dev/null
+++ b/pidgin-jabber-Avoid-a-use-after-free-in-an-error-path.patch
@@ -0,0 +1,69 @@
+diff -urNp pidgin-2.12.0.orig/libpurple/protocols/jabber/jingle/rtp.c pidgin-2.12.0/libpurple/protocols/jabber/jingle/rtp.c
+--- pidgin-2.12.0.orig/libpurple/protocols/jabber/jingle/rtp.c	2017-04-26 21:07:29.580832030 +0200
++++ pidgin-2.12.0/libpurple/protocols/jabber/jingle/rtp.c	2017-04-26 21:08:50.778206082 +0200
+@@ -950,6 +950,7 @@ jingle_rtp_initiate_media(JabberStream *
+ 	JingleTransport *transport;
+ 	JabberBuddy *jb;
+ 	JabberBuddyResource *jbr;
++	gboolean ret = FALSE;
+ 	const gchar *transport_type;
+ 
+ 	gchar *resource = NULL, *me = NULL, *sid = NULL;
+@@ -958,16 +959,15 @@ jingle_rtp_initiate_media(JabberStream *
+ 	jb = jabber_buddy_find(js, who, FALSE);
+ 	if (!jb) {
+ 		purple_debug_error("jingle-rtp", "Could not find Jabber buddy\n");
+-		return FALSE;
++		goto out;
+ 	}
+ 
+ 	resource = jabber_get_resource(who);
+ 	jbr = jabber_buddy_find_resource(jb, resource);
+-	g_free(resource);
+ 
+ 	if (!jbr) {
+ 		purple_debug_error("jingle-rtp", "Could not find buddy's resource - %s\n", resource);
+-		return FALSE;
++		goto out;
+ 	}
+ 
+ 	if (jabber_resource_has_capability(jbr, JINGLE_TRANSPORT_ICEUDP)) {
+@@ -977,7 +977,7 @@ jingle_rtp_initiate_media(JabberStream *
+ 	} else {
+ 		purple_debug_error("jingle-rtp", "Resource doesn't support "
+ 				"the same transport types\n");
+-		return FALSE;
++		goto out;
+ 	}
+ 
+ 	/* set ourselves as initiator */
+@@ -985,7 +985,6 @@ jingle_rtp_initiate_media(JabberStream *
+ 
+ 	sid = jabber_get_next_id(js);
+ 	session = jingle_session_create(js, sid, me, who, TRUE);
+-	g_free(sid);
+ 
+ 
+ 	if (type & PURPLE_MEDIA_AUDIO) {
+@@ -1005,13 +1004,17 @@ jingle_rtp_initiate_media(JabberStream *
+ 		jingle_rtp_init_media(content);
+ 	}
+ 
+-	g_free(me);
+-
+ 	if (jingle_rtp_get_media(session) == NULL) {
+-		return FALSE;
++		goto out;
+ 	}
+ 
+-	return TRUE;
++	ret = TRUE;
++
++out:
++	g_free(me);
++	g_free(resource);
++	g_free(sid);
++	return ret;
+ }
+ 
+ void
diff --git a/pidgin.spec b/pidgin.spec
index 1a180a7..b9bbf29 100644
--- a/pidgin.spec
+++ b/pidgin.spec
@@ -117,7 +117,7 @@
 
 Name:           pidgin
 Version:        2.12.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2+ and GPLv2 and MIT
 # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
 # GPLv2 - novell prpls
@@ -159,6 +159,8 @@ Patch2:         pidgin-2.10.11-purple-remote-python3.patch
 Patch100:       pidgin-2.10.1-fix-msn-ft-crashes.patch
 # upstream ticket https://developer.pidgin.im/ticket/16593
 Patch102:         pidgin-2.10.11-do-not-disable-wall.patch
+# upstream ticket https://developer.pidgin.im/ticket/17200
+Patch103:         pidgin-jabber-Avoid-a-use-after-free-in-an-error-path.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-root
 Summary:        A Gtk+ based multiprotocol instant messaging client
@@ -473,6 +475,8 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
 %patch100 -p0 -R -b .ftcrash
 # https://developer.pidgin.im/ticket/16593
 %patch102 -p1
+# https://developer.pidgin.im/ticket/17200
+%patch103 -p1
 
 # Our preferences
 cp %{SOURCE1} prefs.xml
@@ -766,6 +770,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Apr 26 2017 Debarshi Ray <rishi@fedoraproject.org> - 2.12.0-2
+- Avoid a use-after-free in an error path (#1445915)
+
 * Mon Mar 13 2017 Jan Synáček <jsynacek@redhat.com> - 2.12.0-1
 - Update to 2.12.0 (#1431113 #1431225)