diff options
author | Alexandre Rostovtsev <tetromino@gentoo.org> | 2011-11-25 18:15:24 +0000 |
---|---|---|
committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2011-11-25 18:15:24 +0000 |
commit | 2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9 (patch) | |
tree | 59ec2fd81ad44419f5f4e0dff135581df894ebac /x11-misc | |
parent | Fix segmentation fault in playlist wrt #390783 by Rafał Mużyło (diff) | |
download | historical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.tar.gz historical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.tar.bz2 historical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.zip |
Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for reporting). Allow building against freebsd's libusb (bug #387959, thanks to Naohiro Aota). Drop old versions.
Package-Manager: portage-2.2.0_alpha77/cvs/Linux x86_64
Diffstat (limited to 'x11-misc')
-rw-r--r-- | x11-misc/colord/ChangeLog | 12 | ||||
-rw-r--r-- | x11-misc/colord/Manifest | 17 | ||||
-rw-r--r-- | x11-misc/colord/colord-0.1.12.ebuild | 119 | ||||
-rw-r--r-- | x11-misc/colord/colord-0.1.14-r1.ebuild (renamed from x11-misc/colord/colord-0.1.13.ebuild) | 33 | ||||
-rw-r--r-- | x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch | 153 | ||||
-rw-r--r-- | x11-misc/colord/files/colord-0.1.14-sql-injections.patch | 139 |
6 files changed, 337 insertions, 136 deletions
diff --git a/x11-misc/colord/ChangeLog b/x11-misc/colord/ChangeLog index 4c70b79b6756..efa9385ccb16 100644 --- a/x11-misc/colord/ChangeLog +++ b/x11-misc/colord/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for x11-misc/colord # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.7 2011/11/06 17:10:34 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.8 2011/11/25 18:15:23 tetromino Exp $ + +*colord-0.1.14-r1 (25 Nov 2011) + + 25 Nov 2011; Alexandre Rostovtsev <tetromino@gentoo.org> + -colord-0.1.12.ebuild, -colord-0.1.13.ebuild, +colord-0.1.14-r1.ebuild, + +files/colord-0.1.14-sql-injections.patch, + +files/colord-0.1.14-sql-injections-2.patch: + Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for + reporting). Allow building against freebsd's libusb (bug #387959, thanks to + Naohiro Aota). Drop old versions. 06 Nov 2011; Markus Meier <maekke@gentoo.org> colord-0.1.14.ebuild: add ~arm, bug #387959 diff --git a/x11-misc/colord/Manifest b/x11-misc/colord/Manifest index 3890d44bdd12..d9b112070194 100644 --- a/x11-misc/colord/Manifest +++ b/x11-misc/colord/Manifest @@ -1,20 +1,19 @@ -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +Hash: SHA256 AUX colord-0.1.11-fix-automagic-vala.patch 1121 RMD160 acee8cf74c62f12381a4cb89ed7c9ecfa34ca64f SHA1 7ce2fdd5676e72e050fa350e696de9c6ab8e2407 SHA256 b5e431ce7b27de4b5f2664b601f95486dc8ec0c207d1d04d8e98894b0bdd4a04 AUX colord-0.1.13-use-dbus-security-for-permissions.patch 1787 RMD160 c0aa128152e3447f61fb10bf0d89bfbd5460833e SHA1 b1561756e116023eb32a5f1732bd63fa773ad9a1 SHA256 8a228ad64a9eddbe2e9914e93b78ad7ea243d40e28cf78dfdff53d82322d6f67 -DIST colord-0.1.12.tar.xz 440284 RMD160 adeb4c1f3452ee0b23edbf5e4e778fdef2d5b518 SHA1 9bc0c4193c0f790702923e0a783962f0f26487e6 SHA256 72992ed8798e8c140bbcfe570fc65e4e6bbad727a4691142cd018a8ce107165c -DIST colord-0.1.13.tar.xz 445420 RMD160 e852a095f44d4fabb91c2a5e2b8375c8f961019e SHA1 45c20b87af947f10c9db1d8b3ed809d41b427f03 SHA256 eb3d00653d4a028f4e97f4e61ffa29940c65b42c20d4439e067cb183b725c292 +AUX colord-0.1.14-sql-injections-2.patch 4879 RMD160 c4adee229fb07f3341df59c570c4e7c649e41ce2 SHA1 a5b57738edb2cb77173c259d7810b5b767dbadd8 SHA256 a97caf3bc1f6c90dde2a10a836cb677b7ba47585b85488117006b6c970d9322d +AUX colord-0.1.14-sql-injections.patch 4655 RMD160 0bdf5aaf762891289399fcd92a62747e4fbe52d4 SHA1 7a8d830e3556a31aa5209966830394b4996e79ef SHA256 de1ea78a356c7131a9e77838cad0fdb06357bcc18fd4b3249ffebe71eddd772b DIST colord-0.1.14.tar.xz 447900 RMD160 15711bef74c2c15cfbc5f6431b5b51ea72e08289 SHA1 6d8549df007ffb473e312325ecb076968f3dae8a SHA256 404e0f12efed3fbaca505dd1b796bbc820b3e9df9eb93e5912f7d95fe409312b -EBUILD colord-0.1.12.ebuild 3479 RMD160 e3918dc11f6f6c5157f7777173af05554b263994 SHA1 6e72d335883f05223967addce456c573f2c3f74b SHA256 dab59cd75ad35f44b0a99a218e2b8909d9b594f093ea13c6b9d7b9dde79abdba -EBUILD colord-0.1.13.ebuild 3842 RMD160 56e73f6382f9aa6434443d4be104c88f9382a62b SHA1 23323ce4ce4a9eef05f03f9afb60b0f0a8c892cf SHA256 f2d64d4073bed09e7cb40179a23bff41a90a5347d50acf7a12b8d6edd725e69f +EBUILD colord-0.1.14-r1.ebuild 4452 RMD160 f54a45087bed1c59b5a76081710f24c9bfea1e9b SHA1 8049867a0d5894b8a392d37b279043f230f16a56 SHA256 fc69b24923061beece19a878a1654299dd8aad3bbbf3e98441b1e06f3b356c92 EBUILD colord-0.1.14.ebuild 3902 RMD160 947555f27e29e8d5fec6e69b4c139cf847fa2d65 SHA1 6bf68155313975f5c25b9e2b333fedbd449e46e2 SHA256 507e3058334c4c9c5c8b3207eddea600e483f7594bda9adde10711fa11ecfd0f -MISC ChangeLog 1897 RMD160 16762885d3e629f2845fa0d17361c01386e5b8f5 SHA1 c390621f362369c2c4b3f23bdaeb7fb2799f14d5 SHA256 9734d33c1a993d16f9289f5647122b34d14aa27e74ebcf5246da6878b7f70e3e +MISC ChangeLog 2354 RMD160 6461a2f2b0e7c231891f620a67a44986558d55f8 SHA1 74509d0e3517b31d3252bb34d69f8e739b834300 SHA256 8ccbb52092409d433cb8619d06ee47bcaabf42f967a698902374b868ba6eddcf MISC metadata.xml 351 RMD160 cd0e670eb32a888a9b28a82f8991939967381123 SHA1 d42d53e27ded330a8a5da23a1ffc0034bced80fb SHA256 ac4eb4676cf16d1d351488eb4130afa38e494155eec579954757191264e5e5d7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) -iEYEARECAAYFAk62wBUACgkQkKaRLQcq0GI0vwCfXtqkupbiKBpErrJyvexbLQWw -sqUAnR89xjMO06fuBqy85Ngo5O2WfmyF -=vGB5 +iF4EAREIAAYFAk7P20EACgkQdjK8w9WeBnD+fAEAi4/+z6gPomhxzzuosVk0V7ep +4cq1o1aD9lBJm4YzU9gA/0Q9ftKVZkcJtuWMDh9qcseub5PmWBXo76QNfyu3j/1Q +=T6vJ -----END PGP SIGNATURE----- diff --git a/x11-misc/colord/colord-0.1.12.ebuild b/x11-misc/colord/colord-0.1.12.ebuild deleted file mode 100644 index b107ddc2515d..000000000000 --- a/x11-misc/colord/colord-0.1.12.ebuild +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.12.ebuild,v 1.2 2011/10/05 13:19:17 nirbheek Exp $ - -EAPI="4" - -inherit eutils base - -DESCRIPTION="System service to accurately color manage input and output devices" -HOMEPAGE="http://www.freedesktop.org/software/colord/" -SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="doc examples +introspection scanner +udev" - -# FIXME: raise to libusb-1.0.9:1 when available -COMMON_DEPEND=" - dev-db/sqlite:3 - >=dev-libs/glib-2.28.0:2 - >=dev-libs/libusb-1.0.8:1 - >=media-libs/lcms-2.2:2 - >=sys-auth/polkit-0.97 - introspection? ( >=dev-libs/gobject-introspection-0.9.8 ) - scanner? ( media-gfx/sane-backends ) - udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) ) -" -RDEPEND="${COMMON_DEPEND} - media-gfx/shared-color-profiles" -# Automagic build-time vala dependency if USE=introspection -DEPEND="${COMMON_DEPEND} - dev-libs/libxslt - >=dev-util/intltool-0.35 - dev-util/pkgconfig - >=sys-devel/gettext-0.17 - doc? ( - app-text/docbook-xml-dtd:4.1.2 - >=dev-util/gtk-doc-1.9 - ) - introspection? ( dev-lang/vala:0.14 ) -" - -# FIXME: needs pre-installed dbus service files -RESTRICT="test" - -DOCS=(AUTHORS ChangeLog MAINTAINERS NEWS README TODO) - -pkg_setup() { - enewgroup colord - enewuser colord -1 -1 /var/lib/colord colord -} - -src_configure() { - econf \ - --disable-examples \ - --disable-static \ - --enable-polkit \ - --enable-reverse \ - --disable-volume-search \ - --with-daemon-user=colord \ - --localstatedir="${EPREFIX}"/var \ - $(use_enable doc gtk-doc) \ - $(use_enable introspection) \ - $(use_enable scanner sane) \ - $(use_enable udev gudev) \ - VAPIGEN=$(type -p vapigen-0.14) - # parallel make fails in doc/api - use doc && MAKEOPTS=-j1 -} - -src_install() { - base_src_install - - # Ensure config and profile directories exist and are writable - local d - for d in /var/lib/{color,colord}; do - keepdir "${d}" - fowners colord:colord "${d}" - done - - if use examples; then - insinto /usr/share/doc/${PF}/examples - doins examples/*.c - fi - - find "${D}" -name "*.la" -delete -} - -pkg_postinst() { - # <=colord-0.1.11 ran as root and used /var/lib/lib/colord to store - # configuration files and /var/lib/lib/color for custom color profiles. - local old_dir="${EROOT}var/lib/lib/colord" - local new_dir="${EROOT}var/lib/colord" - - if [[ -e "${old_dir}/mapping.db" || -e "${old_dir}/storage.db" ]] && \ - ! [[ -e "${new_dir}/mapping.db" || -e "${new_dir}/storage.db" ]]; then - elog "Old colord configuration files are present in ${old_dir}. If you" - elog "are upgrading from colord-0.1.11 or older and had previously" - elog "customized your color management settings, you will need to copy" - elog "these files to ${new_dir} and then change the file ownership" - elog "to colord:colord :" - elog - elog " # cp ${old_dir}/*.db ${new_dir}" - elog " # chown colord:colord ${new_dir}/*.db" - elog - fi - old_dir="${EROOT}var/lib/lib/color" - new_dir="${EROOT}var/lib/color" - if [[ -e "${old_dir}/icc" && ! -e "${new_dir}/icc" ]]; then - elog "Old custom color profiles are present in ${old_dir}. If you are" - elog "upgrading from colord-0.1.11 or older, you will need to copy them" - elog "to ${new_dir} and then change the ownership to colord:colord :" - elog - elog " # cp -r ${old_dir}/icc ${new_dir}" - elog " # chown -R colord:colord ${new_dir}/icc" - elog - fi -} diff --git a/x11-misc/colord/colord-0.1.13.ebuild b/x11-misc/colord/colord-0.1.14-r1.ebuild index f1d0c1022c2b..9c1cc90382e1 100644 --- a/x11-misc/colord/colord-0.1.13.ebuild +++ b/x11-misc/colord/colord-0.1.14-r1.ebuild @@ -1,10 +1,10 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.13.ebuild,v 1.2 2011/10/25 13:24:15 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.14-r1.ebuild,v 1.1 2011/11/25 18:15:23 tetromino Exp $ EAPI="4" -inherit eutils base +inherit autotools eutils base DESCRIPTION="System service to accurately color manage input and output devices" HOMEPAGE="http://www.freedesktop.org/software/colord/" @@ -12,22 +12,22 @@ SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~hppa ~x86" -IUSE="doc examples +introspection scanner +udev" +KEYWORDS="~amd64 ~arm ~hppa ~x86" +IUSE="doc elibc_FreeBSD examples +introspection scanner +udev vala" # FIXME: raise to libusb-1.0.9:1 when available COMMON_DEPEND=" dev-db/sqlite:3 >=dev-libs/glib-2.28.0:2 - >=dev-libs/libusb-1.0.8:1 >=media-libs/lcms-2.2:2 + elibc_FreeBSD? ( >=sys-freebsd/freebsd-lib-8.0[usb] ) + !elibc_FreeBSD? ( >=dev-libs/libusb-1.0.8:1 ) introspection? ( >=dev-libs/gobject-introspection-0.9.8 ) scanner? ( media-gfx/sane-backends ) udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) ) " RDEPEND="${COMMON_DEPEND} media-gfx/shared-color-profiles" -# Automagic build-time vala dependency if USE=introspection DEPEND="${COMMON_DEPEND} dev-libs/libxslt >=dev-util/intltool-0.35 @@ -37,7 +37,7 @@ DEPEND="${COMMON_DEPEND} app-text/docbook-xml-dtd:4.1.2 >=dev-util/gtk-doc-1.9 ) - introspection? ( dev-lang/vala:0.14 ) + vala? ( dev-lang/vala:0.14[vapigen] ) " # FIXME: needs pre-installed dbus service files @@ -51,12 +51,30 @@ pkg_setup() { } src_prepare() { + # Fix SQL injection vulnerability (bug #391879); will be in next release + epatch "${FILESDIR}/${P}-sql-injections"{,-2}.patch + # Ubuntu patch to allow root and at_console to access colord without polkit; # this behavior matches upstream default polkit settings. epatch "${FILESDIR}/${PN}-0.1.13-use-dbus-security-for-permissions.patch" + + epatch "${FILESDIR}/${PN}-0.1.11-fix-automagic-vala.patch" + + # Use <libusb.h> for freebsd compatibility, bug #387959#c6 + sed -e 's:#include <libusb-1.0/libusb.h>:#include <libusb.h>:' \ + -i src/sensors/*.c src/sensors/*.h || die "sed failed" + + eautoreconf } src_configure() { + # bug #387959#c6 + if use elibc_FreeBSD; then + USB_CFLAGS="-I${EPREFIX}/usr/include" + USB_LIBS="-lusb" + echo "$USB_CFLAGS $USB_LIBS" + fi + # Disable polkit to allow registering devices when colord is running as # non-root; https://bugs.launchpad.net/ubuntu/+source/colord/+bug/837851 econf \ @@ -71,6 +89,7 @@ src_configure() { $(use_enable introspection) \ $(use_enable scanner sane) \ $(use_enable udev gudev) \ + $(use_enable vala) \ VAPIGEN=$(type -p vapigen-0.14) # parallel make fails in doc/api use doc && MAKEOPTS=-j1 diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch new file mode 100644 index 000000000000..fa6497a773d6 --- /dev/null +++ b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch @@ -0,0 +1,153 @@ +From 36549e0ed255e7dfa7852d08a75dd5f00cbd270e Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel <ludwig.nussel@suse.de> +Date: Fri, 25 Nov 2011 11:14:21 +0100 +Subject: [PATCH] fix more sql injections + +https://bugs.freedesktop.org/show_bug.cgi?id=42904 + +Signed-off-by: Richard Hughes <richard@hughsie.com> +--- + src/cd-device-db.c | 42 +++++++++++++++++++++--------------------- + 1 files changed, 21 insertions(+), 21 deletions(-) + +diff --git a/src/cd-device-db.c b/src/cd-device-db.c +index 808a338..e69fa64 100644 +--- a/src/cd-device-db.c ++++ b/src/cd-device-db.c +@@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb, + g_return_val_if_fail (ddb->priv->db != NULL, FALSE); + + g_debug ("CdDeviceDb: add device %s", device_id); +- statement = g_strdup_printf ("INSERT INTO devices (device_id) " +- "VALUES ('%s')", ++ statement = sqlite3_mprintf ("INSERT INTO devices (device_id) " ++ "VALUES ('%q')", + device_id); + + /* insert the entry */ +@@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return ret; + } + +@@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb, + g_return_val_if_fail (ddb->priv->db != NULL, FALSE); + + g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value); +- statement = g_strdup_printf ("INSERT INTO properties (device_id, " ++ statement = sqlite3_mprintf ("INSERT INTO properties (device_id, " + "property, value) " +- "VALUES ('%s', '%s', '%s')", ++ "VALUES ('%q', '%q', '%q')", + device_id, property, value); + + /* insert the entry */ +@@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return ret; + } + +@@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb, + + /* remove the entry */ + g_debug ("CdDeviceDb: remove device %s", device_id); +- statement1 = g_strdup_printf ("DELETE FROM devices WHERE " +- "device_id = '%s';", ++ statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE " ++ "device_id = '%q';", + device_id); + rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg); + if (rc != SQLITE_OK) { +@@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb, + ret = FALSE; + goto out; + } +- statement2 = g_strdup_printf ("DELETE FROM properties WHERE " +- "device_id = '%s';", ++ statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE " ++ "device_id = '%q';", + device_id); + rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg); + if (rc != SQLITE_OK) { +@@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb, + goto out; + } + out: +- g_free (statement1); +- g_free (statement2); ++ sqlite3_free (statement1); ++ sqlite3_free (statement2); + return ret; + } + +@@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb, + g_return_val_if_fail (ddb->priv->db != NULL, FALSE); + + g_debug ("CdDeviceDb: get property %s for %s", property, device_id); +- statement = g_strdup_printf ("SELECT value FROM properties WHERE " +- "device_id = '%s' AND " +- "property = '%s' LIMIT 1;", ++ statement = sqlite3_mprintf ("SELECT value FROM properties WHERE " ++ "device_id = '%q' AND " ++ "property = '%q' LIMIT 1;", + device_id, property); + + /* remove the entry */ +@@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb, + value = g_strdup (g_ptr_array_index (array_tmp, 0)); + out: + g_ptr_array_unref (array_tmp); +- g_free (statement); ++ sqlite3_free (statement); + return value; + } + +@@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb, + + /* get all the devices */ + g_debug ("CdDeviceDb: get devices"); +- statement = g_strdup_printf ("SELECT device_id FROM devices;"); ++ statement = sqlite3_mprintf ("SELECT device_id FROM devices;"); + array_tmp = g_ptr_array_new_with_free_func (g_free); + rc = sqlite3_exec (ddb->priv->db, + statement, +@@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb, + array = g_ptr_array_ref (array_tmp); + out: + g_ptr_array_unref (array_tmp); +- g_free (statement); ++ sqlite3_free (statement); + return array; + } + +@@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb, + + /* get all the devices */ + g_debug ("CdDeviceDb: get properties for device %s", device_id); +- statement = g_strdup_printf ("SELECT property FROM properties " +- "WHERE device_id = '%s';", ++ statement = sqlite3_mprintf ("SELECT property FROM properties " ++ "WHERE device_id = '%q';", + device_id); + array_tmp = g_ptr_array_new_with_free_func (g_free); + rc = sqlite3_exec (ddb->priv->db, +@@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb, + array = g_ptr_array_ref (array_tmp); + out: + g_ptr_array_unref (array_tmp); +- g_free (statement); ++ sqlite3_free (statement); + return array; + } + +-- +1.7.8.rc3 + diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch new file mode 100644 index 000000000000..82b2c45d028c --- /dev/null +++ b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch @@ -0,0 +1,139 @@ +From 1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b Mon Sep 17 00:00:00 2001 +From: Vincent Untz <vuntz@gnome.org> +Date: Mon, 14 Nov 2011 10:51:29 +0100 +Subject: [PATCH] Use sqlite3_mprintf() to avoid SQL injections + +https://bugs.freedesktop.org/show_bug.cgi?id=42904 + +Signed-off-by: Richard Hughes <richard@hughsie.com> +--- + src/cd-mapping-db.c | 36 ++++++++++++++++++------------------ + 1 files changed, 18 insertions(+), 18 deletions(-) + +diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c +index 6e1f4f3..e59a058 100644 +--- a/src/cd-mapping-db.c ++++ b/src/cd-mapping-db.c +@@ -162,8 +162,8 @@ cd_mapping_db_add (CdMappingDb *mdb, + g_debug ("CdMappingDb: add %s<=>%s", + device_id, profile_id); + timestamp = g_get_real_time (); +- statement = g_strdup_printf ("INSERT INTO mappings (device, profile, timestamp) " +- "VALUES ('%s', '%s', %"G_GINT64_FORMAT")", ++ statement = sqlite3_mprintf ("INSERT INTO mappings (device, profile, timestamp) " ++ "VALUES ('%q', '%q', %"G_GINT64_FORMAT")", + device_id, profile_id, timestamp); + + /* insert the entry */ +@@ -179,7 +179,7 @@ cd_mapping_db_add (CdMappingDb *mdb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return ret; + } + /** +@@ -203,8 +203,8 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb, + g_debug ("CdMappingDb: update timestamp %s<=>%s", + device_id, profile_id); + timestamp = g_get_real_time (); +- statement = g_strdup_printf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT +- " WHERE device = '%s' AND profile = '%s';", ++ statement = sqlite3_mprintf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT ++ " WHERE device = '%q' AND profile = '%q';", + timestamp, device_id, profile_id); + + /* update the entry */ +@@ -220,7 +220,7 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return ret; + } + +@@ -242,8 +242,8 @@ cd_mapping_db_remove (CdMappingDb *mdb, + g_return_val_if_fail (mdb->priv->db != NULL, FALSE); + + g_debug ("CdMappingDb: remove %s<=>%s", device_id, profile_id); +- statement = g_strdup_printf ("DELETE FROM mappings WHERE " +- "device = '%s' AND profile = '%s';", ++ statement = sqlite3_mprintf ("DELETE FROM mappings WHERE " ++ "device = '%q' AND profile = '%q';", + device_id, profile_id); + + /* remove the entry */ +@@ -259,7 +259,7 @@ cd_mapping_db_remove (CdMappingDb *mdb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return ret; + } + +@@ -301,8 +301,8 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb, + g_return_val_if_fail (mdb->priv->db != NULL, FALSE); + + g_debug ("CdMappingDb: get profiles for %s", device_id); +- statement = g_strdup_printf ("SELECT profile FROM mappings WHERE " +- "device = '%s' ORDER BY timestamp ASC;", device_id); ++ statement = sqlite3_mprintf ("SELECT profile FROM mappings WHERE " ++ "device = '%q' ORDER BY timestamp ASC;", device_id); + + /* remove the entry */ + array_tmp = g_ptr_array_new_with_free_func (g_free); +@@ -325,7 +325,7 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb, + array = g_ptr_array_ref (array_tmp); + out: + g_ptr_array_unref (array_tmp); +- g_free (statement); ++ sqlite3_free (statement); + return array; + } + +@@ -350,8 +350,8 @@ cd_mapping_db_get_devices (CdMappingDb *mdb, + g_return_val_if_fail (mdb->priv->db != NULL, FALSE); + + g_debug ("CdMappingDb: get devices for %s", profile_id); +- statement = g_strdup_printf ("SELECT device FROM mappings WHERE " +- "profile = '%s' ORDER BY timestamp ASC;", profile_id); ++ statement = sqlite3_mprintf ("SELECT device FROM mappings WHERE " ++ "profile = '%q' ORDER BY timestamp ASC;", profile_id); + + /* remove the entry */ + array_tmp = g_ptr_array_new_with_free_func (g_free); +@@ -374,7 +374,7 @@ cd_mapping_db_get_devices (CdMappingDb *mdb, + array = g_ptr_array_ref (array_tmp); + out: + g_ptr_array_unref (array_tmp); +- g_free (statement); ++ sqlite3_free (statement); + return array; + } + +@@ -416,8 +416,8 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb, + + g_debug ("CdMappingDb: get checksum for %s<->%s", + device_id, profile_id); +- statement = g_strdup_printf ("SELECT timestamp FROM mappings WHERE " +- "device = '%s' AND profile = '%s' " ++ statement = sqlite3_mprintf ("SELECT timestamp FROM mappings WHERE " ++ "device = '%q' AND profile = '%q' " + "LIMIT 1;", device_id, profile_id); + + /* query the checksum */ +@@ -436,7 +436,7 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb, + goto out; + } + out: +- g_free (statement); ++ sqlite3_free (statement); + return timestamp; + } + +-- +1.7.8.rc3 + |