1 |
tetromino 11/11/25 18:15:24 |
2 |
|
3 |
Added: colord-0.1.14-sql-injections-2.patch |
4 |
colord-0.1.14-sql-injections.patch |
5 |
Log: |
6 |
Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for reporting). Allow building against freebsd's libusb (bug #387959, thanks to Naohiro Aota). Drop old versions. |
7 |
|
8 |
(Portage version: 2.2.0_alpha77/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: colord-0.1.14-sql-injections-2.patch |
17 |
=================================================================== |
18 |
From 36549e0ed255e7dfa7852d08a75dd5f00cbd270e Mon Sep 17 00:00:00 2001 |
19 |
From: Ludwig Nussel <ludwig.nussel@××××.de> |
20 |
Date: Fri, 25 Nov 2011 11:14:21 +0100 |
21 |
Subject: [PATCH] fix more sql injections |
22 |
|
23 |
https://bugs.freedesktop.org/show_bug.cgi?id=42904 |
24 |
|
25 |
Signed-off-by: Richard Hughes <richard@×××××××.com> |
26 |
--- |
27 |
src/cd-device-db.c | 42 +++++++++++++++++++++--------------------- |
28 |
1 files changed, 21 insertions(+), 21 deletions(-) |
29 |
|
30 |
diff --git a/src/cd-device-db.c b/src/cd-device-db.c |
31 |
index 808a338..e69fa64 100644 |
32 |
--- a/src/cd-device-db.c |
33 |
+++ b/src/cd-device-db.c |
34 |
@@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb, |
35 |
g_return_val_if_fail (ddb->priv->db != NULL, FALSE); |
36 |
|
37 |
g_debug ("CdDeviceDb: add device %s", device_id); |
38 |
- statement = g_strdup_printf ("INSERT INTO devices (device_id) " |
39 |
- "VALUES ('%s')", |
40 |
+ statement = sqlite3_mprintf ("INSERT INTO devices (device_id) " |
41 |
+ "VALUES ('%q')", |
42 |
device_id); |
43 |
|
44 |
/* insert the entry */ |
45 |
@@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb, |
46 |
goto out; |
47 |
} |
48 |
out: |
49 |
- g_free (statement); |
50 |
+ sqlite3_free (statement); |
51 |
return ret; |
52 |
} |
53 |
|
54 |
@@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb, |
55 |
g_return_val_if_fail (ddb->priv->db != NULL, FALSE); |
56 |
|
57 |
g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value); |
58 |
- statement = g_strdup_printf ("INSERT INTO properties (device_id, " |
59 |
+ statement = sqlite3_mprintf ("INSERT INTO properties (device_id, " |
60 |
"property, value) " |
61 |
- "VALUES ('%s', '%s', '%s')", |
62 |
+ "VALUES ('%q', '%q', '%q')", |
63 |
device_id, property, value); |
64 |
|
65 |
/* insert the entry */ |
66 |
@@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb, |
67 |
goto out; |
68 |
} |
69 |
out: |
70 |
- g_free (statement); |
71 |
+ sqlite3_free (statement); |
72 |
return ret; |
73 |
} |
74 |
|
75 |
@@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb, |
76 |
|
77 |
/* remove the entry */ |
78 |
g_debug ("CdDeviceDb: remove device %s", device_id); |
79 |
- statement1 = g_strdup_printf ("DELETE FROM devices WHERE " |
80 |
- "device_id = '%s';", |
81 |
+ statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE " |
82 |
+ "device_id = '%q';", |
83 |
device_id); |
84 |
rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg); |
85 |
if (rc != SQLITE_OK) { |
86 |
@@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb, |
87 |
ret = FALSE; |
88 |
goto out; |
89 |
} |
90 |
- statement2 = g_strdup_printf ("DELETE FROM properties WHERE " |
91 |
- "device_id = '%s';", |
92 |
+ statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE " |
93 |
+ "device_id = '%q';", |
94 |
device_id); |
95 |
rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg); |
96 |
if (rc != SQLITE_OK) { |
97 |
@@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb, |
98 |
goto out; |
99 |
} |
100 |
out: |
101 |
- g_free (statement1); |
102 |
- g_free (statement2); |
103 |
+ sqlite3_free (statement1); |
104 |
+ sqlite3_free (statement2); |
105 |
return ret; |
106 |
} |
107 |
|
108 |
@@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb, |
109 |
g_return_val_if_fail (ddb->priv->db != NULL, FALSE); |
110 |
|
111 |
g_debug ("CdDeviceDb: get property %s for %s", property, device_id); |
112 |
- statement = g_strdup_printf ("SELECT value FROM properties WHERE " |
113 |
- "device_id = '%s' AND " |
114 |
- "property = '%s' LIMIT 1;", |
115 |
+ statement = sqlite3_mprintf ("SELECT value FROM properties WHERE " |
116 |
+ "device_id = '%q' AND " |
117 |
+ "property = '%q' LIMIT 1;", |
118 |
device_id, property); |
119 |
|
120 |
/* remove the entry */ |
121 |
@@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb, |
122 |
value = g_strdup (g_ptr_array_index (array_tmp, 0)); |
123 |
out: |
124 |
g_ptr_array_unref (array_tmp); |
125 |
- g_free (statement); |
126 |
+ sqlite3_free (statement); |
127 |
return value; |
128 |
} |
129 |
|
130 |
@@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb, |
131 |
|
132 |
/* get all the devices */ |
133 |
g_debug ("CdDeviceDb: get devices"); |
134 |
- statement = g_strdup_printf ("SELECT device_id FROM devices;"); |
135 |
+ statement = sqlite3_mprintf ("SELECT device_id FROM devices;"); |
136 |
array_tmp = g_ptr_array_new_with_free_func (g_free); |
137 |
rc = sqlite3_exec (ddb->priv->db, |
138 |
statement, |
139 |
@@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb, |
140 |
array = g_ptr_array_ref (array_tmp); |
141 |
out: |
142 |
g_ptr_array_unref (array_tmp); |
143 |
- g_free (statement); |
144 |
+ sqlite3_free (statement); |
145 |
return array; |
146 |
} |
147 |
|
148 |
@@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb, |
149 |
|
150 |
/* get all the devices */ |
151 |
g_debug ("CdDeviceDb: get properties for device %s", device_id); |
152 |
- statement = g_strdup_printf ("SELECT property FROM properties " |
153 |
- "WHERE device_id = '%s';", |
154 |
+ statement = sqlite3_mprintf ("SELECT property FROM properties " |
155 |
+ "WHERE device_id = '%q';", |
156 |
device_id); |
157 |
array_tmp = g_ptr_array_new_with_free_func (g_free); |
158 |
rc = sqlite3_exec (ddb->priv->db, |
159 |
@@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb, |
160 |
array = g_ptr_array_ref (array_tmp); |
161 |
out: |
162 |
g_ptr_array_unref (array_tmp); |
163 |
- g_free (statement); |
164 |
+ sqlite3_free (statement); |
165 |
return array; |
166 |
} |
167 |
|
168 |
-- |
169 |
1.7.8.rc3 |
170 |
|
171 |
|
172 |
|
173 |
|
174 |
1.1 x11-misc/colord/files/colord-0.1.14-sql-injections.patch |
175 |
|
176 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections.patch?rev=1.1&view=markup |
177 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-misc/colord/files/colord-0.1.14-sql-injections.patch?rev=1.1&content-type=text/plain |
178 |
|
179 |
Index: colord-0.1.14-sql-injections.patch |
180 |
=================================================================== |
181 |
From 1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b Mon Sep 17 00:00:00 2001 |
182 |
From: Vincent Untz <vuntz@×××××.org> |
183 |
Date: Mon, 14 Nov 2011 10:51:29 +0100 |
184 |
Subject: [PATCH] Use sqlite3_mprintf() to avoid SQL injections |
185 |
|
186 |
https://bugs.freedesktop.org/show_bug.cgi?id=42904 |
187 |
|
188 |
Signed-off-by: Richard Hughes <richard@×××××××.com> |
189 |
--- |
190 |
src/cd-mapping-db.c | 36 ++++++++++++++++++------------------ |
191 |
1 files changed, 18 insertions(+), 18 deletions(-) |
192 |
|
193 |
diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c |
194 |
index 6e1f4f3..e59a058 100644 |
195 |
--- a/src/cd-mapping-db.c |
196 |
+++ b/src/cd-mapping-db.c |
197 |
@@ -162,8 +162,8 @@ cd_mapping_db_add (CdMappingDb *mdb, |
198 |
g_debug ("CdMappingDb: add %s<=>%s", |
199 |
device_id, profile_id); |
200 |
timestamp = g_get_real_time (); |
201 |
- statement = g_strdup_printf ("INSERT INTO mappings (device, profile, timestamp) " |
202 |
- "VALUES ('%s', '%s', %"G_GINT64_FORMAT")", |
203 |
+ statement = sqlite3_mprintf ("INSERT INTO mappings (device, profile, timestamp) " |
204 |
+ "VALUES ('%q', '%q', %"G_GINT64_FORMAT")", |
205 |
device_id, profile_id, timestamp); |
206 |
|
207 |
/* insert the entry */ |
208 |
@@ -179,7 +179,7 @@ cd_mapping_db_add (CdMappingDb *mdb, |
209 |
goto out; |
210 |
} |
211 |
out: |
212 |
- g_free (statement); |
213 |
+ sqlite3_free (statement); |
214 |
return ret; |
215 |
} |
216 |
/** |
217 |
@@ -203,8 +203,8 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb, |
218 |
g_debug ("CdMappingDb: update timestamp %s<=>%s", |
219 |
device_id, profile_id); |
220 |
timestamp = g_get_real_time (); |
221 |
- statement = g_strdup_printf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT |
222 |
- " WHERE device = '%s' AND profile = '%s';", |
223 |
+ statement = sqlite3_mprintf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT |
224 |
+ " WHERE device = '%q' AND profile = '%q';", |
225 |
timestamp, device_id, profile_id); |
226 |
|
227 |
/* update the entry */ |
228 |
@@ -220,7 +220,7 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb, |
229 |
goto out; |
230 |
} |
231 |
out: |
232 |
- g_free (statement); |
233 |
+ sqlite3_free (statement); |
234 |
return ret; |
235 |
} |
236 |
|
237 |
@@ -242,8 +242,8 @@ cd_mapping_db_remove (CdMappingDb *mdb, |
238 |
g_return_val_if_fail (mdb->priv->db != NULL, FALSE); |
239 |
|
240 |
g_debug ("CdMappingDb: remove %s<=>%s", device_id, profile_id); |
241 |
- statement = g_strdup_printf ("DELETE FROM mappings WHERE " |
242 |
- "device = '%s' AND profile = '%s';", |
243 |
+ statement = sqlite3_mprintf ("DELETE FROM mappings WHERE " |
244 |
+ "device = '%q' AND profile = '%q';", |
245 |
device_id, profile_id); |
246 |
|
247 |
/* remove the entry */ |
248 |
@@ -259,7 +259,7 @@ cd_mapping_db_remove (CdMappingDb *mdb, |
249 |
goto out; |
250 |
} |
251 |
out: |
252 |
- g_free (statement); |
253 |
+ sqlite3_free (statement); |
254 |
return ret; |
255 |
} |
256 |
|
257 |
@@ -301,8 +301,8 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb, |
258 |
g_return_val_if_fail (mdb->priv->db != NULL, FALSE); |
259 |
|
260 |
g_debug ("CdMappingDb: get profiles for %s", device_id); |
261 |
- statement = g_strdup_printf ("SELECT profile FROM mappings WHERE " |
262 |
- "device = '%s' ORDER BY timestamp ASC;", device_id); |
263 |
+ statement = sqlite3_mprintf ("SELECT profile FROM mappings WHERE " |
264 |
+ "device = '%q' ORDER BY timestamp ASC;", device_id); |
265 |
|
266 |
/* remove the entry */ |
267 |
array_tmp = g_ptr_array_new_with_free_func (g_free); |
268 |
@@ -325,7 +325,7 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb, |
269 |
array = g_ptr_array_ref (array_tmp); |
270 |
out: |
271 |
g_ptr_array_unref (array_tmp); |
272 |
- g_free (statement); |
273 |
+ sqlite3_free (statement); |
274 |
return array; |
275 |
} |
276 |
|
277 |
@@ -350,8 +350,8 @@ cd_mapping_db_get_devices (CdMappingDb *mdb, |
278 |
g_return_val_if_fail (mdb->priv->db != NULL, FALSE); |
279 |
|
280 |
g_debug ("CdMappingDb: get devices for %s", profile_id); |
281 |
- statement = g_strdup_printf ("SELECT device FROM mappings WHERE " |
282 |
- "profile = '%s' ORDER BY timestamp ASC;", profile_id); |
283 |
+ statement = sqlite3_mprintf ("SELECT device FROM mappings WHERE " |
284 |
+ "profile = '%q' ORDER BY timestamp ASC;", profile_id); |
285 |
|
286 |
/* remove the entry */ |
287 |
array_tmp = g_ptr_array_new_with_free_func (g_free); |
288 |
@@ -374,7 +374,7 @@ cd_mapping_db_get_devices (CdMappingDb *mdb, |
289 |
array = g_ptr_array_ref (array_tmp); |
290 |
out: |
291 |
g_ptr_array_unref (array_tmp); |
292 |
- g_free (statement); |
293 |
+ sqlite3_free (statement); |
294 |
return array; |
295 |
} |
296 |
|
297 |
@@ -416,8 +416,8 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb, |
298 |
|
299 |
g_debug ("CdMappingDb: get checksum for %s<->%s", |
300 |
device_id, profile_id); |
301 |
- statement = g_strdup_printf ("SELECT timestamp FROM mappings WHERE " |
302 |
- "device = '%s' AND profile = '%s' " |
303 |
+ statement = sqlite3_mprintf ("SELECT timestamp FROM mappings WHERE " |
304 |
+ "device = '%q' AND profile = '%q' " |
305 |
"LIMIT 1;", device_id, profile_id); |
306 |
|
307 |
/* query the checksum */ |
308 |
@@ -436,7 +436,7 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb, |
309 |
goto out; |
310 |
} |
311 |
out: |
312 |
- g_free (statement); |
313 |
+ sqlite3_free (statement); |
314 |
return timestamp; |
315 |
} |
316 |
|
317 |
-- |
318 |
1.7.8.rc3 |