Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

colord: fix CVE-2021-42523 #3675

Merged
merged 1 commit into from
Sep 2, 2022
Merged

colord: fix CVE-2021-42523 #3675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions SPECS/colord/CVE-2021-42523.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
diff -Naur a/src/cd-device-db.c b/src/cd-device-db.c
--- a/src/cd-device-db.c 2019-03-08 04:43:10.000000000 -0800
+++ b/src/cd-device-db.c 2022-09-01 17:19:29.006382333 -0700
@@ -91,7 +91,7 @@

/* check properties version 2 */
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_v2 LIMIT 1",
- NULL, NULL, &error_msg);
+ NULL, NULL, NULL);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_v2 ("
"device_id TEXT,"
diff -Naur a/src/cd-profile-db.c b/src/cd-profile-db.c
--- a/src/cd-profile-db.c 2019-03-08 04:43:11.000000000 -0800
+++ b/src/cd-profile-db.c 2022-09-01 17:21:45.006213393 -0700
@@ -79,7 +79,7 @@

/* check schema */
rc = sqlite3_exec (priv->db, "SELECT * FROM properties_pu LIMIT 1",
- NULL, NULL, &error_msg);
+ NULL, NULL, NULL);
if (rc != SQLITE_OK) {
statement = "CREATE TABLE properties_pu ("
"profile_id TEXT,"
8 changes: 6 additions & 2 deletions SPECS/colord/colord.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,14 @@
Summary: Color daemon
Name: colord
Version: 1.4.4
Release: 8%{?dist}
Release: 9%{?dist}
License: GPLv2+ and LGPLv2+
Vendor: Microsoft Corporation
Distribution: Mariner
URL: https://www.freedesktop.org/software/colord/
Source0: https://www.freedesktop.org/software/colord/releases/%{name}-%{version}.tar.xz
Source1: %{name}-LGPLv2.txt
Patch0: CVE-2021-42523.patch
BuildRequires: bash-completion
BuildRequires: color-filesystem
BuildRequires: dbus-devel
Expand Down Expand Up @@ -87,7 +88,7 @@ Summary: Data files for installed tests
Data files for installed tests.

%prep
%setup -q
%autosetup -p1
cp %{SOURCE1} COPYING-LGPLv2.txt

%build
Expand Down Expand Up @@ -233,6 +234,9 @@ exit 0
%{_datadir}/installed-tests/colord/*

%changelog
* Thu Sep 01 2022 Henry Beberman <[email protected]> - 1.4.4-9
- Patch CVE-2021-42523 to remove unused error_msg pointers.

* Wed Dec 08 2021 Thomas Crain <[email protected]> - 1.4.4-8
- License verified, added LGPLv2 license text
- Lint spec
Expand Down