net-libs/rest: Fix some crash paths exposed by the libsoup3 port

Fixes were submitted months ago to upstream but it is pretty unresponsive,
they are being used for a long time in Fedora without issues.

Signed-off-by: Pacho Ramos <pacho@gentoo.org>

3 files changed, 158 insertions, 0 deletions

diff --git a/net-libs/rest/files/0001-rest_proxy_call_sync-bail-out-if-no-payload.patch b/net-libs/rest/files/0001-rest_proxy_call_sync-bail-out-if-no-payload.patch
new file mode 100644
index 000000000000..14e41ba17174
--- /dev/null
+++ b/net-libs/rest/files/0001-rest_proxy_call_sync-bail-out-if-no-payload.patch
@@ -0,0 +1,40 @@
+From fbad64abe28a96f591a30e3a5d3189c10172a414 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 30 Aug 2022 10:03:57 -0700
+Subject: [PATCH 1/2] rest_proxy_call_sync: bail out if no payload
+
+goa-daemon is crashing on suspend/resume with a traceback that
+points here: it calls rest_proxy_call_sync, that calls
+_rest_proxy_send_message, assumes it gets a `payload` back,
+and calls `finish_call` with it. However, it's not actually
+guaranteed that `_rest_proxy_send_message` will return a payload
+(a `GBytes`). There are three ways it can return `NULL` instead:
+if it's passed a wrong proxy or message, or - when built against
+libsoup3 - if there is an error sending the message (it passes
+through the return value of `soup_session_send_and_read`, and
+that's documented to be `NULL` on error).
+
+If `payload` comes back `NULL`, let's just return `FALSE`, like
+we do if there's a problem with the call or message.
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ rest/rest-proxy-call.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rest/rest-proxy-call.c b/rest/rest-proxy-call.c
+index 851b397..07b8b49 100644
+--- a/rest/rest-proxy-call.c
++++ b/rest/rest-proxy-call.c
+@@ -1428,6 +1428,8 @@ rest_proxy_call_sync (RestProxyCall *call,
+     return FALSE;
+ 
+   payload = _rest_proxy_send_message (priv->proxy, message, priv->cancellable, error_out);
++  if (!payload)
++    return FALSE;
+ 
+   ret = finish_call (call, message, payload, error_out);
+ 
+-- 
+2.37.1
+
diff --git a/net-libs/rest/files/0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch b/net-libs/rest/files/0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch
new file mode 100644
index 000000000000..f437c7d9e74d
--- /dev/null
+++ b/net-libs/rest/files/0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch
@@ -0,0 +1,52 @@
+From 49c2d0ac00b959ce53cc00ca4e7758c21085722f Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 30 Aug 2022 10:59:01 -0700
+Subject: [PATCH 2/2] Handle some potential problems in parsing oauth2 access
+ tokens
+
+It's possible for `_rest_proxy_send_message` to return `NULL`,
+which would mean the `payload` here would be `NULL`. If so,
+we're not going to be able to do anything, so we should just
+bail out.
+
+It's also possible for `json_parser_load_from_data` to return
+`FALSE` without setting an error. The most obvious way would be
+if `data` was `NULL`, which the bailout avoids, but it could
+also happen if we pass an invalid parser somehow. Let's just
+handle that too, to be safe.
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ rest/rest-oauth2-proxy.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/rest/rest-oauth2-proxy.c b/rest/rest-oauth2-proxy.c
+index 9511f97..a715b2b 100644
+--- a/rest/rest-oauth2-proxy.c
++++ b/rest/rest-oauth2-proxy.c
+@@ -68,18 +68,21 @@ rest_oauth2_proxy_parse_access_token (RestOAuth2Proxy *self,
+   gsize size;
+   gint expires_in;
+   gint created_at;
++  gboolean ret;
+ 
+   g_return_if_fail (REST_IS_OAUTH2_PROXY (self));
++  g_return_if_fail (payload);
+ 
+   data = g_bytes_get_data (payload, &size);
+ 
+   parser = json_parser_new ();
+-  json_parser_load_from_data (parser, data, size, &error);
++  ret = json_parser_load_from_data (parser, data, size, &error);
+   if (error != NULL)
+     {
+       g_task_return_error (task, error);
+       return;
+     }
++  g_return_if_fail (ret);
+ 
+   root = json_parser_get_root (parser);
+   root_object = json_node_get_object (root);
+-- 
+2.37.1
+
diff --git a/net-libs/rest/rest-0.9.1-r1.ebuild b/net-libs/rest/rest-0.9.1-r1.ebuild
new file mode 100644
index 000000000000..5cabb1551b69
--- /dev/null
+++ b/net-libs/rest/rest-0.9.1-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit gnome.org meson vala
+
+DESCRIPTION="Helper library for RESTful services"
+HOMEPAGE="https://wiki.gnome.org/Projects/Librest"
+
+LICENSE="LGPL-2.1"
+SLOT="1.0" # librest_soversion
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gtk-doc +introspection test vala"
+REQUIRED_USE="
+	gtk-doc? ( introspection )
+	vala? ( introspection )
+"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	>=dev-libs/glib-2.44.0:2
+	>=net-libs/libsoup-2.99.2:3.0
+	dev-libs/json-glib:0[introspection?]
+	dev-libs/libxml2:2
+	app-misc/ca-certificates
+	introspection? ( >=dev-libs/gobject-introspection-1.74.0:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-util/glib-utils
+	gtk-doc? ( >=dev-util/gi-docgen-2021.6 )
+	vala? ( $(vala_depend) )
+"
+
+PATCHES=(
+	# Fix some crash paths exposed by the libsoup3 port
+	# https://gitlab.gnome.org/GNOME/librest/-/merge_requests/30
+	"${FILESDIR}"/0001-rest_proxy_call_sync-bail-out-if-no-payload.patch
+	"${FILESDIR}"/0002-Handle-some-potential-problems-in-parsing-oauth2-acc.patch
+)
+
+src_prepare() {
+	default
+	vala_setup
+
+	# The only two tests from the rest-extras suite (flickr and lastfm) require
+	# network access
+	if has network-sandbox ${FEATURES}; then
+		sed -i -e '/flickr/d' -e '/lastfm/d' tests/meson.build
+	fi
+}
+
+src_configure() {
+	local emesonargs=(
+		-Dca_certificates=true
+		-Dca_certificates_path="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		$(meson_use introspection)
+		$(meson_use vala vapi)
+		-Dexamples=false
+		$(meson_use gtk-doc gtk_doc)
+		-Dsoup2=false
+		$(meson_use test tests)
+	)
+	meson_src_configure
+}