From e515173c9fa7ffb562160780735f25dfc51eec354b5213f99c80ded209dc9aa9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <bjorn.lie@gmail.com>
Date: Mon, 19 Sep 2022 16:06:12 +0000
Subject: [PATCH] Accepting request 1004150 from GNOME:Next

- Add colord-CVE-2021-42523.patch: fix a small memory leak on db
  open failure (boo#1202802 CVE-2021-42523).

OBS-URL: https://build.opensuse.org/request/show/1004150
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/colord?expand=0&rev=184
---
 colord-CVE-2021-42523.patch | 47 +++++++++++++++++++++++++++++++++++++
 colord.changes              |  6 +++++
 colord.spec                 |  2 ++
 3 files changed, 55 insertions(+)
 create mode 100644 colord-CVE-2021-42523.patch

diff --git a/colord-CVE-2021-42523.patch b/colord-CVE-2021-42523.patch
new file mode 100644
index 0000000..88f822b
--- /dev/null
+++ b/colord-CVE-2021-42523.patch
@@ -0,0 +1,47 @@
+From 1452a975ecae14299fb27d41522dfd32305481ce Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Wed, 13 Apr 2022 14:21:32 +0100
+Subject: [PATCH] trivial: Fix a small memory leak on db open failure
+
+---
+ src/cd-mapping-db.c | 3 +--
+ src/cd-profile-db.c | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c
+index 7a3df35..996f07e 100644
+--- a/src/cd-mapping-db.c
++++ b/src/cd-mapping-db.c
+@@ -67,7 +67,7 @@ cd_mapping_db_open (CdMappingDb *mdb,
+ 		    GError  **error)
+ {
+ 	CdMappingDbPrivate *priv = GET_PRIVATE (mdb);
+-	gchar *error_msg = NULL;
++	g_autofree gchar *error_msg = NULL;
+ 	gint rc;
+ 	g_autofree gchar *path = NULL;
+ 
+@@ -116,7 +116,6 @@ cd_mapping_db_open (CdMappingDb *mdb,
+ 				     CD_CLIENT_ERROR_INTERNAL,
+ 				     "Cannot open mapping database: %s",
+ 				     error_msg);
+-			sqlite3_free (error_msg);
+ 			return FALSE;
+ 		}
+ 	}
+diff --git a/src/cd-profile-db.c b/src/cd-profile-db.c
+index 5661d09..57ab864 100644
+--- a/src/cd-profile-db.c
++++ b/src/cd-profile-db.c
+@@ -48,7 +48,7 @@ cd_profile_db_load (CdProfileDb *pdb,
+ {
+ 	CdProfileDbPrivate *priv = GET_PRIVATE (pdb);
+ 	const gchar *statement;
+-	gchar *error_msg = NULL;
++	g_autofree gchar *error_msg = NULL;
+ 	gint rc;
+ 	g_autofree gchar *path = NULL;
+ 
+-- 
+2.37.3
+
diff --git a/colord.changes b/colord.changes
index 60a6f5e..a153209 100644
--- a/colord.changes
+++ b/colord.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Sep 16 15:20:32 UTC 2022 - Michael Gorse <mgorse@suse.com>
+
+- Add colord-CVE-2021-42523.patch: fix a small memory leak on db
+  open failure (boo#1202802 CVE-2021-42523).
+
 -------------------------------------------------------------------
 Fri Mar 25 14:07:33 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/colord.spec b/colord.spec
index 0cc7c4c..154c118 100644
--- a/colord.spec
+++ b/colord.spec
@@ -33,6 +33,8 @@ Patch0:         harden_colord.service.patch
 Source3:        usr.lib.colord
 Source4:        colord.sysusers
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM colord-CVE-2021-42523.patch boo#1202802 mgorse@suse.com -- fix a small memory leak on db open failure.
+Patch1:         colord-CVE-2021-42523.patch
 
 BuildRequires:  argyllcms
 BuildRequires:  docbook5-xsl-stylesheets