pool/colord
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1004766 from GNOME:Factory

Browse Source 
- Add colord-CVE-2021-42523.patch: fix a small memory leak on db
  open failure (boo#1202802 CVE-2021-42523).

OBS-URL: https://build.opensuse.org/request/show/1004766
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/colord?expand=0&rev=87
This commit is contained in:
Dominique Leuenberger 2022-09-21 12:40:06 +00:00 committed by Git OBS Bridge
commit bbfe7df93f
3 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
colord-CVE-2021-42523.patch Normal file
View File

@ -0,0 +1,47 @@
From 1452a975ecae14299fb27d41522dfd32305481ce Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 13 Apr 2022 14:21:32 +0100
Subject: [PATCH] trivial: Fix a small memory leak on db open failure
---
src/cd-mapping-db.c | 3 +--
src/cd-profile-db.c | 2 +-
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c
index 7a3df35..996f07e 100644
--- a/src/cd-mapping-db.c
+++ b/src/cd-mapping-db.c
@@ -67,7 +67,7 @@ cd_mapping_db_open (CdMappingDb *mdb,
GError **error)
{
CdMappingDbPrivate *priv = GET_PRIVATE (mdb);
- gchar *error_msg = NULL;
+ g_autofree gchar *error_msg = NULL;
gint rc;
g_autofree gchar *path = NULL;
@@ -116,7 +116,6 @@ cd_mapping_db_open (CdMappingDb *mdb,
CD_CLIENT_ERROR_INTERNAL,
"Cannot open mapping database: %s",
error_msg);
- sqlite3_free (error_msg);
return FALSE;
}
}
diff --git a/src/cd-profile-db.c b/src/cd-profile-db.c
index 5661d09..57ab864 100644
--- a/src/cd-profile-db.c
+++ b/src/cd-profile-db.c
@@ -48,7 +48,7 @@ cd_profile_db_load (CdProfileDb *pdb,
{
CdProfileDbPrivate *priv = GET_PRIVATE (pdb);
const gchar *statement;
- gchar *error_msg = NULL;
+ g_autofree gchar *error_msg = NULL;
gint rc;
g_autofree gchar *path = NULL;
--
2.37.3

6
colord.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Sep 16 15:20:32 UTC 2022 - Michael Gorse <mgorse@suse.com>
- Add colord-CVE-2021-42523.patch: fix a small memory leak on db
open failure (boo#1202802 CVE-2021-42523).
-------------------------------------------------------------------
Fri Mar 25 14:07:33 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>

2
colord.spec
View File

@ -33,6 +33,8 @@ Patch0: harden_colord.service.patch
Source3: usr.lib.colord
Source4: colord.sysusers
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM colord-CVE-2021-42523.patch boo#1202802 mgorse@suse.com -- fix a small memory leak on db open failure.
Patch1: colord-CVE-2021-42523.patch
BuildRequires: argyllcms
BuildRequires: docbook5-xsl-stylesheets