`colord`: fix CVE-2021-42523 (#3675)
This commit is contained in:
Родитель
e54108682e
Коммит
5c7186a84f
|
@ -0,0 +1,24 @@
|
|||
diff -Naur a/src/cd-device-db.c b/src/cd-device-db.c
|
||||
--- a/src/cd-device-db.c 2019-03-08 04:43:10.000000000 -0800
|
||||
+++ b/src/cd-device-db.c 2022-09-01 17:19:29.006382333 -0700
|
||||
@@ -91,7 +91,7 @@
|
||||
|
||||
/* check properties version 2 */
|
||||
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_v2 LIMIT 1",
|
||||
- NULL, NULL, &error_msg);
|
||||
+ NULL, NULL, NULL);
|
||||
if (rc != SQLITE_OK) {
|
||||
statement = "CREATE TABLE properties_v2 ("
|
||||
"device_id TEXT,"
|
||||
diff -Naur a/src/cd-profile-db.c b/src/cd-profile-db.c
|
||||
--- a/src/cd-profile-db.c 2019-03-08 04:43:11.000000000 -0800
|
||||
+++ b/src/cd-profile-db.c 2022-09-01 17:21:45.006213393 -0700
|
||||
@@ -79,7 +79,7 @@
|
||||
|
||||
/* check schema */
|
||||
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_pu LIMIT 1",
|
||||
- NULL, NULL, &error_msg);
|
||||
+ NULL, NULL, NULL);
|
||||
if (rc != SQLITE_OK) {
|
||||
statement = "CREATE TABLE properties_pu ("
|
||||
"profile_id TEXT,"
|
|
@ -7,13 +7,14 @@
|
|||
Summary: Color daemon
|
||||
Name: colord
|
||||
Version: 1.4.4
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://www.freedesktop.org/software/colord/
|
||||
Source0: https://www.freedesktop.org/software/colord/releases/%{name}-%{version}.tar.xz
|
||||
Source1: %{name}-LGPLv2.txt
|
||||
Patch0: CVE-2021-42523.patch
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: color-filesystem
|
||||
BuildRequires: dbus-devel
|
||||
|
@ -87,7 +88,7 @@ Summary: Data files for installed tests
|
|||
Data files for installed tests.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
cp %{SOURCE1} COPYING-LGPLv2.txt
|
||||
|
||||
%build
|
||||
|
@ -233,6 +234,9 @@ exit 0
|
|||
%{_datadir}/installed-tests/colord/*
|
||||
|
||||
%changelog
|
||||
* Thu Sep 01 2022 Henry Beberman <henry.beberman@microsoft.com> - 1.4.4-9
|
||||
- Patch CVE-2021-42523 to remove unused error_msg pointers.
|
||||
|
||||
* Wed Dec 08 2021 Thomas Crain <thcrain@microsoft.com> - 1.4.4-8
|
||||
- License verified, added LGPLv2 license text
|
||||
- Lint spec
|
||||
|
|
Загрузка…
Ссылка в новой задаче