From 63085bfa2172f733d2ff118005939669bab1072d Mon Sep 17 00:00:00 2001
From: liweigang <liweiganga@uniontech.com>
Date: Mon, 19 Feb 2024 15:02:22 +0800
Subject: [PATCH] fix CVE-2020-36774

Signed-off-by: liweigang <liweiganga@uniontech.com>
---
 ...GtkBox-fix-glade_gtk_box_post_create.patch | 49 +++++++++++++++++++
 glade.spec                                    |  8 ++-
 2 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 backport-GladeGtkBox-fix-glade_gtk_box_post_create.patch

diff --git a/backport-GladeGtkBox-fix-glade_gtk_box_post_create.patch b/backport-GladeGtkBox-fix-glade_gtk_box_post_create.patch
new file mode 100644
index 0000000..02b9a14
--- /dev/null
+++ b/backport-GladeGtkBox-fix-glade_gtk_box_post_create.patch
@@ -0,0 +1,49 @@
+From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001
+From: Juan Pablo Ugarte <juanpablougarte@gmail.com>
+Date: Fri, 2 Oct 2020 16:08:23 -0300
+Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create
+
+Some widgets with contruct properties like GtkMessageDialog get
+rebuilt right after they are created on project loading so we need
+to check glade_project_is_loading() intead of GLADE_CREATE_LOAD
+and use the object ad the connect data to make sure it gets disconected
+if it was the object being rebuilt
+
+Fix issue #479 "Glade 3.36.0 segfaults when opening a file"
+---
+ plugins/gtk+/glade-gtk-box.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c
+index 0c157a6d..a0252b6a 100644
+--- a/plugins/gtk+/glade-gtk-box.c
++++ b/plugins/gtk+/glade-gtk-box.c
+@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor,
+ }
+ 
+ static void
+-glade_gtk_box_parse_finished (GladeProject *project, GladeWidget *gbox)
++glade_gtk_box_parse_finished (GladeProject *project, GObject *box)
+ {
+-  GObject *box = glade_widget_get_object (gbox);
++  GladeWidget *gbox = glade_widget_get_from_gobject (box);
+ 
+   glade_widget_property_set (gbox, "use-center-child",
+                              gtk_box_get_center_widget (GTK_BOX (box)) != NULL);
+@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor,
+   g_signal_connect (G_OBJECT (gwidget), "configure-end",
+                     G_CALLBACK (glade_gtk_box_configure_end), container);
+ 
+-  if (reason == GLADE_CREATE_LOAD)
++  if (glade_project_is_loading (project))
+     {
+       g_signal_connect_object (project, "parse-finished",
+                                G_CALLBACK (glade_gtk_box_parse_finished),
+-                               gwidget, 0);
++                               container, 0);
+     }
+ }
+ 
+-- 
+GitLab
+
diff --git a/glade.spec b/glade.spec
index ce14c9f..39e4bae 100644
--- a/glade.spec
+++ b/glade.spec
@@ -1,10 +1,11 @@
 Name:           glade
 Version:        3.36.0
-Release:        2
+Release:        3
 Summary:        User Interface Designer for GTK+
 License:        GPLv2+ and LGPLv2+
 URL:            https://glade.gnome.org/
 Source0:        https://ftp.gnome.org/pub/GNOME/sources/glade/3.36/glade-%{version}.tar.xz
+Patch0001:      backport-GladeGtkBox-fix-glade_gtk_box_post_create.patch
 
 BuildRequires:  chrpath desktop-file-utils docbook-style-xsl gettext gtk3-devel intltool
 BuildRequires:  itstool libxml2-devel pygobject3-devel python3-devel webkit2gtk3-devel
@@ -42,7 +43,7 @@ developing applications that use Glade widget library.
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -n %{name}-%{version} -p1
 
 %build
 export PYTHON=%{__python3}
@@ -99,6 +100,9 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/org.gnome.Glade.deskt
 %{_mandir}/man1/*
 
 %changelog
+* Mon Feb 19 2024 liweigang <izmirvii@gmail.com> - 3.36.0-3
+- fix CVE-2020-36774
+
 * Mon Mar 14 2022 zhanzhimin <zhanzhimin@h-partners.com> - 3.36.0-2
 - delete old so file
 
-- 
Gitee