packages/colord
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-42523

Browse Source
This commit is contained in:
wangkerong 2022-08-29 11:01:35 +08:00
parent 8034a551bb
commit 5d9b12b903
3 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-0001-CVE-2021-42523.patch Normal file
View File

@ -0,0 +1,36 @@
From 6a54706b39e41b47edb3186e5ac6151007a88626 Mon Sep 17 00:00:00 2001
From: Zero0one1 <summerlinasity@gmail.com>
Date: Thu, 1 Apr 2021 21:16:56 +0800
Subject: [PATCH] Fix the potential memory leakage in issue
https://github.com/hughsie/colord/issues/110 by setting the 5th paramerter of
sqlite3_exec() to NULL
Conflict:NA
Reference:https://github.com/hughsie/colord/pull/130/commits/6a54706b39e41b47edb3186e5ac6151007a88626
---
src/cd-device-db.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cd-device-db.c b/src/cd-device-db.c
index a212c83d..8da1a4a9 100644
--- a/src/cd-device-db.c
+++ b/src/cd-device-db.c
@@ -79,7 +79,7 @@ cd_device_db_load (CdDeviceDb *ddb,
/* check devices */
rc = sqlite3_exec (priv->db, "SELECT * FROM devices LIMIT 1",
- NULL, NULL, &error_msg);
+ NULL, NULL, NULL);
if (rc != SQLITE_OK) {
g_debug ("CdDeviceDb: creating table to repair: %s", error_msg);
sqlite3_free (error_msg);
@@ -91,7 +91,7 @@ cd_device_db_load (CdDeviceDb *ddb,
/* check properties version 2 */
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_v2 LIMIT 1",
- NULL, NULL, &error_msg);
+ NULL, NULL, NULL);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_v2 ("
"device_id TEXT,"

25
backport-0002-CVE-2021-42523.patch Normal file
View File

@ -0,0 +1,25 @@
From 2ca40d1732bb233a8a6da59a3413abb92aebf8e1 Mon Sep 17 00:00:00 2001
From: Zero0one1 <summerlinasity@gmail.com>
Date: Fri, 2 Apr 2021 13:48:17 +0800
Subject: [PATCH] Leave the used error_msg unchanged
Conflict:NA
Reference:https://github.com/hughsie/colord/pull/130/commits/2ca40d1732bb233a8a6da59a3413abb92aebf8e1
---
src/cd-device-db.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cd-device-db.c b/src/cd-device-db.c
index 8da1a4a9..3ae44ef2 100644
--- a/src/cd-device-db.c
+++ b/src/cd-device-db.c
@@ -79,7 +79,7 @@ cd_device_db_load (CdDeviceDb *ddb,
/* check devices */
rc = sqlite3_exec (priv->db, "SELECT * FROM devices LIMIT 1",
- NULL, NULL, NULL);
+ NULL, NULL, &error_msg);
if (rc != SQLITE_OK) {
g_debug ("CdDeviceDb: creating table to repair: %s", error_msg);
sqlite3_free (error_msg);

8
colord.spec
View File

@ -1,11 +1,14 @@
Name: colord
Version: 1.4.5
Release: 2
Release: 3
Summary: A system activated daemon
License: GPLv2+ and LGPLv2+
URL: https://www.freedesktop.org/software/colord/
Source0: https://www.freedesktop.org/software/colord/releases/%{name}-%{version}.tar.xz
Patch6000: backport-0001-CVE-2021-42523.patch
Patch6001: backport-0002-CVE-2021-42523.patch
BuildRequires: color-filesystem dbus-devel docbook5-style-xsl gettext glib2-devel
BuildRequires: gobject-introspection-devel gtk-doc libgudev1-devel
BuildRequires: libxslt meson sqlite-devel systemd systemd-devel vala-tools
@ -168,6 +171,9 @@ exit 0
%{_datadir}/man/man1/*.1.gz
%changelog
* Mon Aug 29 2022 wangkerong <wangkerong@h-partners.com> - 1.4.5-3
- fix CVE-2021-42523
* Mon Mar 28 2022 wangkerong <wangkerong@h-partners.com> - 1.4.5-2
- enable test case