summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2011-11-25 18:15:24 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2011-11-25 18:15:24 +0000
commit2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9 (patch)
tree59ec2fd81ad44419f5f4e0dff135581df894ebac /x11-misc
parentFix segmentation fault in playlist wrt #390783 by Rafał Mużyło (diff)
downloadhistorical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.tar.gz
historical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.tar.bz2
historical-2e8a7bdb666c9e14e1f985bce92dcddf3b41d2f9.zip
Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for reporting). Allow building against freebsd's libusb (bug #387959, thanks to Naohiro Aota). Drop old versions.
Package-Manager: portage-2.2.0_alpha77/cvs/Linux x86_64
Diffstat (limited to 'x11-misc')
-rw-r--r--x11-misc/colord/ChangeLog12
-rw-r--r--x11-misc/colord/Manifest17
-rw-r--r--x11-misc/colord/colord-0.1.12.ebuild119
-rw-r--r--x11-misc/colord/colord-0.1.14-r1.ebuild (renamed from x11-misc/colord/colord-0.1.13.ebuild)33
-rw-r--r--x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch153
-rw-r--r--x11-misc/colord/files/colord-0.1.14-sql-injections.patch139
6 files changed, 337 insertions, 136 deletions
diff --git a/x11-misc/colord/ChangeLog b/x11-misc/colord/ChangeLog
index 4c70b79b6756..efa9385ccb16 100644
--- a/x11-misc/colord/ChangeLog
+++ b/x11-misc/colord/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for x11-misc/colord
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.7 2011/11/06 17:10:34 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.8 2011/11/25 18:15:23 tetromino Exp $
+
+*colord-0.1.14-r1 (25 Nov 2011)
+
+ 25 Nov 2011; Alexandre Rostovtsev <tetromino@gentoo.org>
+ -colord-0.1.12.ebuild, -colord-0.1.13.ebuild, +colord-0.1.14-r1.ebuild,
+ +files/colord-0.1.14-sql-injections.patch,
+ +files/colord-0.1.14-sql-injections-2.patch:
+ Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for
+ reporting). Allow building against freebsd's libusb (bug #387959, thanks to
+ Naohiro Aota). Drop old versions.
06 Nov 2011; Markus Meier <maekke@gentoo.org> colord-0.1.14.ebuild:
add ~arm, bug #387959
diff --git a/x11-misc/colord/Manifest b/x11-misc/colord/Manifest
index 3890d44bdd12..d9b112070194 100644
--- a/x11-misc/colord/Manifest
+++ b/x11-misc/colord/Manifest
@@ -1,20 +1,19 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
AUX colord-0.1.11-fix-automagic-vala.patch 1121 RMD160 acee8cf74c62f12381a4cb89ed7c9ecfa34ca64f SHA1 7ce2fdd5676e72e050fa350e696de9c6ab8e2407 SHA256 b5e431ce7b27de4b5f2664b601f95486dc8ec0c207d1d04d8e98894b0bdd4a04
AUX colord-0.1.13-use-dbus-security-for-permissions.patch 1787 RMD160 c0aa128152e3447f61fb10bf0d89bfbd5460833e SHA1 b1561756e116023eb32a5f1732bd63fa773ad9a1 SHA256 8a228ad64a9eddbe2e9914e93b78ad7ea243d40e28cf78dfdff53d82322d6f67
-DIST colord-0.1.12.tar.xz 440284 RMD160 adeb4c1f3452ee0b23edbf5e4e778fdef2d5b518 SHA1 9bc0c4193c0f790702923e0a783962f0f26487e6 SHA256 72992ed8798e8c140bbcfe570fc65e4e6bbad727a4691142cd018a8ce107165c
-DIST colord-0.1.13.tar.xz 445420 RMD160 e852a095f44d4fabb91c2a5e2b8375c8f961019e SHA1 45c20b87af947f10c9db1d8b3ed809d41b427f03 SHA256 eb3d00653d4a028f4e97f4e61ffa29940c65b42c20d4439e067cb183b725c292
+AUX colord-0.1.14-sql-injections-2.patch 4879 RMD160 c4adee229fb07f3341df59c570c4e7c649e41ce2 SHA1 a5b57738edb2cb77173c259d7810b5b767dbadd8 SHA256 a97caf3bc1f6c90dde2a10a836cb677b7ba47585b85488117006b6c970d9322d
+AUX colord-0.1.14-sql-injections.patch 4655 RMD160 0bdf5aaf762891289399fcd92a62747e4fbe52d4 SHA1 7a8d830e3556a31aa5209966830394b4996e79ef SHA256 de1ea78a356c7131a9e77838cad0fdb06357bcc18fd4b3249ffebe71eddd772b
DIST colord-0.1.14.tar.xz 447900 RMD160 15711bef74c2c15cfbc5f6431b5b51ea72e08289 SHA1 6d8549df007ffb473e312325ecb076968f3dae8a SHA256 404e0f12efed3fbaca505dd1b796bbc820b3e9df9eb93e5912f7d95fe409312b
-EBUILD colord-0.1.12.ebuild 3479 RMD160 e3918dc11f6f6c5157f7777173af05554b263994 SHA1 6e72d335883f05223967addce456c573f2c3f74b SHA256 dab59cd75ad35f44b0a99a218e2b8909d9b594f093ea13c6b9d7b9dde79abdba
-EBUILD colord-0.1.13.ebuild 3842 RMD160 56e73f6382f9aa6434443d4be104c88f9382a62b SHA1 23323ce4ce4a9eef05f03f9afb60b0f0a8c892cf SHA256 f2d64d4073bed09e7cb40179a23bff41a90a5347d50acf7a12b8d6edd725e69f
+EBUILD colord-0.1.14-r1.ebuild 4452 RMD160 f54a45087bed1c59b5a76081710f24c9bfea1e9b SHA1 8049867a0d5894b8a392d37b279043f230f16a56 SHA256 fc69b24923061beece19a878a1654299dd8aad3bbbf3e98441b1e06f3b356c92
EBUILD colord-0.1.14.ebuild 3902 RMD160 947555f27e29e8d5fec6e69b4c139cf847fa2d65 SHA1 6bf68155313975f5c25b9e2b333fedbd449e46e2 SHA256 507e3058334c4c9c5c8b3207eddea600e483f7594bda9adde10711fa11ecfd0f
-MISC ChangeLog 1897 RMD160 16762885d3e629f2845fa0d17361c01386e5b8f5 SHA1 c390621f362369c2c4b3f23bdaeb7fb2799f14d5 SHA256 9734d33c1a993d16f9289f5647122b34d14aa27e74ebcf5246da6878b7f70e3e
+MISC ChangeLog 2354 RMD160 6461a2f2b0e7c231891f620a67a44986558d55f8 SHA1 74509d0e3517b31d3252bb34d69f8e739b834300 SHA256 8ccbb52092409d433cb8619d06ee47bcaabf42f967a698902374b868ba6eddcf
MISC metadata.xml 351 RMD160 cd0e670eb32a888a9b28a82f8991939967381123 SHA1 d42d53e27ded330a8a5da23a1ffc0034bced80fb SHA256 ac4eb4676cf16d1d351488eb4130afa38e494155eec579954757191264e5e5d7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
-iEYEARECAAYFAk62wBUACgkQkKaRLQcq0GI0vwCfXtqkupbiKBpErrJyvexbLQWw
-sqUAnR89xjMO06fuBqy85Ngo5O2WfmyF
-=vGB5
+iF4EAREIAAYFAk7P20EACgkQdjK8w9WeBnD+fAEAi4/+z6gPomhxzzuosVk0V7ep
+4cq1o1aD9lBJm4YzU9gA/0Q9ftKVZkcJtuWMDh9qcseub5PmWBXo76QNfyu3j/1Q
+=T6vJ
-----END PGP SIGNATURE-----
diff --git a/x11-misc/colord/colord-0.1.12.ebuild b/x11-misc/colord/colord-0.1.12.ebuild
deleted file mode 100644
index b107ddc2515d..000000000000
--- a/x11-misc/colord/colord-0.1.12.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.12.ebuild,v 1.2 2011/10/05 13:19:17 nirbheek Exp $
-
-EAPI="4"
-
-inherit eutils base
-
-DESCRIPTION="System service to accurately color manage input and output devices"
-HOMEPAGE="http://www.freedesktop.org/software/colord/"
-SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="doc examples +introspection scanner +udev"
-
-# FIXME: raise to libusb-1.0.9:1 when available
-COMMON_DEPEND="
- dev-db/sqlite:3
- >=dev-libs/glib-2.28.0:2
- >=dev-libs/libusb-1.0.8:1
- >=media-libs/lcms-2.2:2
- >=sys-auth/polkit-0.97
- introspection? ( >=dev-libs/gobject-introspection-0.9.8 )
- scanner? ( media-gfx/sane-backends )
- udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) )
-"
-RDEPEND="${COMMON_DEPEND}
- media-gfx/shared-color-profiles"
-# Automagic build-time vala dependency if USE=introspection
-DEPEND="${COMMON_DEPEND}
- dev-libs/libxslt
- >=dev-util/intltool-0.35
- dev-util/pkgconfig
- >=sys-devel/gettext-0.17
- doc? (
- app-text/docbook-xml-dtd:4.1.2
- >=dev-util/gtk-doc-1.9
- )
- introspection? ( dev-lang/vala:0.14 )
-"
-
-# FIXME: needs pre-installed dbus service files
-RESTRICT="test"
-
-DOCS=(AUTHORS ChangeLog MAINTAINERS NEWS README TODO)
-
-pkg_setup() {
- enewgroup colord
- enewuser colord -1 -1 /var/lib/colord colord
-}
-
-src_configure() {
- econf \
- --disable-examples \
- --disable-static \
- --enable-polkit \
- --enable-reverse \
- --disable-volume-search \
- --with-daemon-user=colord \
- --localstatedir="${EPREFIX}"/var \
- $(use_enable doc gtk-doc) \
- $(use_enable introspection) \
- $(use_enable scanner sane) \
- $(use_enable udev gudev) \
- VAPIGEN=$(type -p vapigen-0.14)
- # parallel make fails in doc/api
- use doc && MAKEOPTS=-j1
-}
-
-src_install() {
- base_src_install
-
- # Ensure config and profile directories exist and are writable
- local d
- for d in /var/lib/{color,colord}; do
- keepdir "${d}"
- fowners colord:colord "${d}"
- done
-
- if use examples; then
- insinto /usr/share/doc/${PF}/examples
- doins examples/*.c
- fi
-
- find "${D}" -name "*.la" -delete
-}
-
-pkg_postinst() {
- # <=colord-0.1.11 ran as root and used /var/lib/lib/colord to store
- # configuration files and /var/lib/lib/color for custom color profiles.
- local old_dir="${EROOT}var/lib/lib/colord"
- local new_dir="${EROOT}var/lib/colord"
-
- if [[ -e "${old_dir}/mapping.db" || -e "${old_dir}/storage.db" ]] && \
- ! [[ -e "${new_dir}/mapping.db" || -e "${new_dir}/storage.db" ]]; then
- elog "Old colord configuration files are present in ${old_dir}. If you"
- elog "are upgrading from colord-0.1.11 or older and had previously"
- elog "customized your color management settings, you will need to copy"
- elog "these files to ${new_dir} and then change the file ownership"
- elog "to colord:colord :"
- elog
- elog " # cp ${old_dir}/*.db ${new_dir}"
- elog " # chown colord:colord ${new_dir}/*.db"
- elog
- fi
- old_dir="${EROOT}var/lib/lib/color"
- new_dir="${EROOT}var/lib/color"
- if [[ -e "${old_dir}/icc" && ! -e "${new_dir}/icc" ]]; then
- elog "Old custom color profiles are present in ${old_dir}. If you are"
- elog "upgrading from colord-0.1.11 or older, you will need to copy them"
- elog "to ${new_dir} and then change the ownership to colord:colord :"
- elog
- elog " # cp -r ${old_dir}/icc ${new_dir}"
- elog " # chown -R colord:colord ${new_dir}/icc"
- elog
- fi
-}
diff --git a/x11-misc/colord/colord-0.1.13.ebuild b/x11-misc/colord/colord-0.1.14-r1.ebuild
index f1d0c1022c2b..9c1cc90382e1 100644
--- a/x11-misc/colord/colord-0.1.13.ebuild
+++ b/x11-misc/colord/colord-0.1.14-r1.ebuild
@@ -1,10 +1,10 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.13.ebuild,v 1.2 2011/10/25 13:24:15 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.14-r1.ebuild,v 1.1 2011/11/25 18:15:23 tetromino Exp $
EAPI="4"
-inherit eutils base
+inherit autotools eutils base
DESCRIPTION="System service to accurately color manage input and output devices"
HOMEPAGE="http://www.freedesktop.org/software/colord/"
@@ -12,22 +12,22 @@ SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="~amd64 ~hppa ~x86"
-IUSE="doc examples +introspection scanner +udev"
+KEYWORDS="~amd64 ~arm ~hppa ~x86"
+IUSE="doc elibc_FreeBSD examples +introspection scanner +udev vala"
# FIXME: raise to libusb-1.0.9:1 when available
COMMON_DEPEND="
dev-db/sqlite:3
>=dev-libs/glib-2.28.0:2
- >=dev-libs/libusb-1.0.8:1
>=media-libs/lcms-2.2:2
+ elibc_FreeBSD? ( >=sys-freebsd/freebsd-lib-8.0[usb] )
+ !elibc_FreeBSD? ( >=dev-libs/libusb-1.0.8:1 )
introspection? ( >=dev-libs/gobject-introspection-0.9.8 )
scanner? ( media-gfx/sane-backends )
udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) )
"
RDEPEND="${COMMON_DEPEND}
media-gfx/shared-color-profiles"
-# Automagic build-time vala dependency if USE=introspection
DEPEND="${COMMON_DEPEND}
dev-libs/libxslt
>=dev-util/intltool-0.35
@@ -37,7 +37,7 @@ DEPEND="${COMMON_DEPEND}
app-text/docbook-xml-dtd:4.1.2
>=dev-util/gtk-doc-1.9
)
- introspection? ( dev-lang/vala:0.14 )
+ vala? ( dev-lang/vala:0.14[vapigen] )
"
# FIXME: needs pre-installed dbus service files
@@ -51,12 +51,30 @@ pkg_setup() {
}
src_prepare() {
+ # Fix SQL injection vulnerability (bug #391879); will be in next release
+ epatch "${FILESDIR}/${P}-sql-injections"{,-2}.patch
+
# Ubuntu patch to allow root and at_console to access colord without polkit;
# this behavior matches upstream default polkit settings.
epatch "${FILESDIR}/${PN}-0.1.13-use-dbus-security-for-permissions.patch"
+
+ epatch "${FILESDIR}/${PN}-0.1.11-fix-automagic-vala.patch"
+
+ # Use <libusb.h> for freebsd compatibility, bug #387959#c6
+ sed -e 's:#include <libusb-1.0/libusb.h>:#include <libusb.h>:' \
+ -i src/sensors/*.c src/sensors/*.h || die "sed failed"
+
+ eautoreconf
}
src_configure() {
+ # bug #387959#c6
+ if use elibc_FreeBSD; then
+ USB_CFLAGS="-I${EPREFIX}/usr/include"
+ USB_LIBS="-lusb"
+ echo "$USB_CFLAGS $USB_LIBS"
+ fi
+
# Disable polkit to allow registering devices when colord is running as
# non-root; https://bugs.launchpad.net/ubuntu/+source/colord/+bug/837851
econf \
@@ -71,6 +89,7 @@ src_configure() {
$(use_enable introspection) \
$(use_enable scanner sane) \
$(use_enable udev gudev) \
+ $(use_enable vala) \
VAPIGEN=$(type -p vapigen-0.14)
# parallel make fails in doc/api
use doc && MAKEOPTS=-j1
diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch
new file mode 100644
index 000000000000..fa6497a773d6
--- /dev/null
+++ b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch
@@ -0,0 +1,153 @@
+From 36549e0ed255e7dfa7852d08a75dd5f00cbd270e Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Fri, 25 Nov 2011 11:14:21 +0100
+Subject: [PATCH] fix more sql injections
+
+https://bugs.freedesktop.org/show_bug.cgi?id=42904
+
+Signed-off-by: Richard Hughes <richard@hughsie.com>
+---
+ src/cd-device-db.c | 42 +++++++++++++++++++++---------------------
+ 1 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/src/cd-device-db.c b/src/cd-device-db.c
+index 808a338..e69fa64 100644
+--- a/src/cd-device-db.c
++++ b/src/cd-device-db.c
+@@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb,
+ g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+
+ g_debug ("CdDeviceDb: add device %s", device_id);
+- statement = g_strdup_printf ("INSERT INTO devices (device_id) "
+- "VALUES ('%s')",
++ statement = sqlite3_mprintf ("INSERT INTO devices (device_id) "
++ "VALUES ('%q')",
+ device_id);
+
+ /* insert the entry */
+@@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return ret;
+ }
+
+@@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb,
+ g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+
+ g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value);
+- statement = g_strdup_printf ("INSERT INTO properties (device_id, "
++ statement = sqlite3_mprintf ("INSERT INTO properties (device_id, "
+ "property, value) "
+- "VALUES ('%s', '%s', '%s')",
++ "VALUES ('%q', '%q', '%q')",
+ device_id, property, value);
+
+ /* insert the entry */
+@@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return ret;
+ }
+
+@@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+
+ /* remove the entry */
+ g_debug ("CdDeviceDb: remove device %s", device_id);
+- statement1 = g_strdup_printf ("DELETE FROM devices WHERE "
+- "device_id = '%s';",
++ statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE "
++ "device_id = '%q';",
+ device_id);
+ rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg);
+ if (rc != SQLITE_OK) {
+@@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+ ret = FALSE;
+ goto out;
+ }
+- statement2 = g_strdup_printf ("DELETE FROM properties WHERE "
+- "device_id = '%s';",
++ statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE "
++ "device_id = '%q';",
+ device_id);
+ rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg);
+ if (rc != SQLITE_OK) {
+@@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+ goto out;
+ }
+ out:
+- g_free (statement1);
+- g_free (statement2);
++ sqlite3_free (statement1);
++ sqlite3_free (statement2);
+ return ret;
+ }
+
+@@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb,
+ g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+
+ g_debug ("CdDeviceDb: get property %s for %s", property, device_id);
+- statement = g_strdup_printf ("SELECT value FROM properties WHERE "
+- "device_id = '%s' AND "
+- "property = '%s' LIMIT 1;",
++ statement = sqlite3_mprintf ("SELECT value FROM properties WHERE "
++ "device_id = '%q' AND "
++ "property = '%q' LIMIT 1;",
+ device_id, property);
+
+ /* remove the entry */
+@@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb,
+ value = g_strdup (g_ptr_array_index (array_tmp, 0));
+ out:
+ g_ptr_array_unref (array_tmp);
+- g_free (statement);
++ sqlite3_free (statement);
+ return value;
+ }
+
+@@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
+
+ /* get all the devices */
+ g_debug ("CdDeviceDb: get devices");
+- statement = g_strdup_printf ("SELECT device_id FROM devices;");
++ statement = sqlite3_mprintf ("SELECT device_id FROM devices;");
+ array_tmp = g_ptr_array_new_with_free_func (g_free);
+ rc = sqlite3_exec (ddb->priv->db,
+ statement,
+@@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
+ array = g_ptr_array_ref (array_tmp);
+ out:
+ g_ptr_array_unref (array_tmp);
+- g_free (statement);
++ sqlite3_free (statement);
+ return array;
+ }
+
+@@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
+
+ /* get all the devices */
+ g_debug ("CdDeviceDb: get properties for device %s", device_id);
+- statement = g_strdup_printf ("SELECT property FROM properties "
+- "WHERE device_id = '%s';",
++ statement = sqlite3_mprintf ("SELECT property FROM properties "
++ "WHERE device_id = '%q';",
+ device_id);
+ array_tmp = g_ptr_array_new_with_free_func (g_free);
+ rc = sqlite3_exec (ddb->priv->db,
+@@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
+ array = g_ptr_array_ref (array_tmp);
+ out:
+ g_ptr_array_unref (array_tmp);
+- g_free (statement);
++ sqlite3_free (statement);
+ return array;
+ }
+
+--
+1.7.8.rc3
+
diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch
new file mode 100644
index 000000000000..82b2c45d028c
--- /dev/null
+++ b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch
@@ -0,0 +1,139 @@
+From 1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b Mon Sep 17 00:00:00 2001
+From: Vincent Untz <vuntz@gnome.org>
+Date: Mon, 14 Nov 2011 10:51:29 +0100
+Subject: [PATCH] Use sqlite3_mprintf() to avoid SQL injections
+
+https://bugs.freedesktop.org/show_bug.cgi?id=42904
+
+Signed-off-by: Richard Hughes <richard@hughsie.com>
+---
+ src/cd-mapping-db.c | 36 ++++++++++++++++++------------------
+ 1 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c
+index 6e1f4f3..e59a058 100644
+--- a/src/cd-mapping-db.c
++++ b/src/cd-mapping-db.c
+@@ -162,8 +162,8 @@ cd_mapping_db_add (CdMappingDb *mdb,
+ g_debug ("CdMappingDb: add %s<=>%s",
+ device_id, profile_id);
+ timestamp = g_get_real_time ();
+- statement = g_strdup_printf ("INSERT INTO mappings (device, profile, timestamp) "
+- "VALUES ('%s', '%s', %"G_GINT64_FORMAT")",
++ statement = sqlite3_mprintf ("INSERT INTO mappings (device, profile, timestamp) "
++ "VALUES ('%q', '%q', %"G_GINT64_FORMAT")",
+ device_id, profile_id, timestamp);
+
+ /* insert the entry */
+@@ -179,7 +179,7 @@ cd_mapping_db_add (CdMappingDb *mdb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return ret;
+ }
+ /**
+@@ -203,8 +203,8 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
+ g_debug ("CdMappingDb: update timestamp %s<=>%s",
+ device_id, profile_id);
+ timestamp = g_get_real_time ();
+- statement = g_strdup_printf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
+- " WHERE device = '%s' AND profile = '%s';",
++ statement = sqlite3_mprintf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
++ " WHERE device = '%q' AND profile = '%q';",
+ timestamp, device_id, profile_id);
+
+ /* update the entry */
+@@ -220,7 +220,7 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return ret;
+ }
+
+@@ -242,8 +242,8 @@ cd_mapping_db_remove (CdMappingDb *mdb,
+ g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+
+ g_debug ("CdMappingDb: remove %s<=>%s", device_id, profile_id);
+- statement = g_strdup_printf ("DELETE FROM mappings WHERE "
+- "device = '%s' AND profile = '%s';",
++ statement = sqlite3_mprintf ("DELETE FROM mappings WHERE "
++ "device = '%q' AND profile = '%q';",
+ device_id, profile_id);
+
+ /* remove the entry */
+@@ -259,7 +259,7 @@ cd_mapping_db_remove (CdMappingDb *mdb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return ret;
+ }
+
+@@ -301,8 +301,8 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
+ g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+
+ g_debug ("CdMappingDb: get profiles for %s", device_id);
+- statement = g_strdup_printf ("SELECT profile FROM mappings WHERE "
+- "device = '%s' ORDER BY timestamp ASC;", device_id);
++ statement = sqlite3_mprintf ("SELECT profile FROM mappings WHERE "
++ "device = '%q' ORDER BY timestamp ASC;", device_id);
+
+ /* remove the entry */
+ array_tmp = g_ptr_array_new_with_free_func (g_free);
+@@ -325,7 +325,7 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
+ array = g_ptr_array_ref (array_tmp);
+ out:
+ g_ptr_array_unref (array_tmp);
+- g_free (statement);
++ sqlite3_free (statement);
+ return array;
+ }
+
+@@ -350,8 +350,8 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
+ g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+
+ g_debug ("CdMappingDb: get devices for %s", profile_id);
+- statement = g_strdup_printf ("SELECT device FROM mappings WHERE "
+- "profile = '%s' ORDER BY timestamp ASC;", profile_id);
++ statement = sqlite3_mprintf ("SELECT device FROM mappings WHERE "
++ "profile = '%q' ORDER BY timestamp ASC;", profile_id);
+
+ /* remove the entry */
+ array_tmp = g_ptr_array_new_with_free_func (g_free);
+@@ -374,7 +374,7 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
+ array = g_ptr_array_ref (array_tmp);
+ out:
+ g_ptr_array_unref (array_tmp);
+- g_free (statement);
++ sqlite3_free (statement);
+ return array;
+ }
+
+@@ -416,8 +416,8 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
+
+ g_debug ("CdMappingDb: get checksum for %s<->%s",
+ device_id, profile_id);
+- statement = g_strdup_printf ("SELECT timestamp FROM mappings WHERE "
+- "device = '%s' AND profile = '%s' "
++ statement = sqlite3_mprintf ("SELECT timestamp FROM mappings WHERE "
++ "device = '%q' AND profile = '%q' "
+ "LIMIT 1;", device_id, profile_id);
+
+ /* query the checksum */
+@@ -436,7 +436,7 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
+ goto out;
+ }
+ out:
+- g_free (statement);
++ sqlite3_free (statement);
+ return timestamp;
+ }
+
+--
+1.7.8.rc3
+