Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for reporting). Allow building against freebsd's libusb (bug #387959, thanks to Naohiro Aota). Drop old versions.

(Portage version: 2.2.0_alpha77/cvs/Linux x86_64)
author: Alexandre Rostovtsev <tetromino@gentoo.org> 2011-11-25 18:15:24 +0000
committer: Alexandre Rostovtsev <tetromino@gentoo.org> 2011-11-25 18:15:24 +0000
commit: ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49 (patch)
tree: 06064b8cb831158f1cbf03eae885cbbf7c9890d1 /x11-misc/colord
parent: Fix segmentation fault in playlist wrt #390783 by Rafał Mużyło (diff)
download: gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.tar.gz
gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.tar.bz2
gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.zip
5 files changed, 329 insertions, 127 deletions
diff --git a/x11-misc/colord/ChangeLog b/x11-misc/colord/ChangeLog
index 4c70b79b6756..efa9385ccb16 100644
--- a/x11-misc/colord/ChangeLog
+++ b/x11-misc/colord/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for x11-misc/colord
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.7 2011/11/06 17:10:34 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/ChangeLog,v 1.8 2011/11/25 18:15:23 tetromino Exp $
+
+*colord-0.1.14-r1 (25 Nov 2011)
+
+  25 Nov 2011; Alexandre Rostovtsev <tetromino@gentoo.org>
+  -colord-0.1.12.ebuild, -colord-0.1.13.ebuild, +colord-0.1.14-r1.ebuild,
+  +files/colord-0.1.14-sql-injections.patch,
+  +files/colord-0.1.14-sql-injections-2.patch:
+  Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for
+  reporting). Allow building against freebsd's libusb (bug #387959, thanks to
+  Naohiro Aota). Drop old versions.
 
   06 Nov 2011; Markus Meier <maekke@gentoo.org> colord-0.1.14.ebuild:
   add ~arm, bug #387959
diff --git a/x11-misc/colord/colord-0.1.12.ebuild b/x11-misc/colord/colord-0.1.12.ebuild
deleted file mode 100644
index b107ddc2515d..000000000000
--- a/x11-misc/colord/colord-0.1.12.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.12.ebuild,v 1.2 2011/10/05 13:19:17 nirbheek Exp $
-
-EAPI="4"
-
-inherit eutils base
-
-DESCRIPTION="System service to accurately color manage input and output devices"
-HOMEPAGE="http://www.freedesktop.org/software/colord/"
-SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="doc examples +introspection scanner +udev"
-
-# FIXME: raise to libusb-1.0.9:1 when available
-COMMON_DEPEND="
-	dev-db/sqlite:3
-	>=dev-libs/glib-2.28.0:2
-	>=dev-libs/libusb-1.0.8:1
-	>=media-libs/lcms-2.2:2
-	>=sys-auth/polkit-0.97
-	introspection? ( >=dev-libs/gobject-introspection-0.9.8 )
-	scanner? ( media-gfx/sane-backends )
-	udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) )
-"
-RDEPEND="${COMMON_DEPEND}
-	media-gfx/shared-color-profiles"
-# Automagic build-time vala dependency if USE=introspection
-DEPEND="${COMMON_DEPEND}
-	dev-libs/libxslt
-	>=dev-util/intltool-0.35
-	dev-util/pkgconfig
-	>=sys-devel/gettext-0.17
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		>=dev-util/gtk-doc-1.9
-	)
-	introspection? ( dev-lang/vala:0.14 )
-"
-
-# FIXME: needs pre-installed dbus service files
-RESTRICT="test"
-
-DOCS=(AUTHORS ChangeLog MAINTAINERS NEWS README TODO)
-
-pkg_setup() {
-	enewgroup colord
-	enewuser colord -1 -1 /var/lib/colord colord
-}
-
-src_configure() {
-	econf \
-		--disable-examples \
-		--disable-static \
-		--enable-polkit \
-		--enable-reverse \
-		--disable-volume-search \
-		--with-daemon-user=colord \
-		--localstatedir="${EPREFIX}"/var \
-		$(use_enable doc gtk-doc) \
-		$(use_enable introspection) \
-		$(use_enable scanner sane) \
-		$(use_enable udev gudev) \
-		VAPIGEN=$(type -p vapigen-0.14)
-	# parallel make fails in doc/api
-	use doc && MAKEOPTS=-j1
-}
-
-src_install() {
-	base_src_install
-
-	# Ensure config and profile directories exist and are writable
-	local d
-	for d in /var/lib/{color,colord}; do
-		keepdir "${d}"
-		fowners colord:colord "${d}"
-	done
-
-	if use examples; then
-		insinto /usr/share/doc/${PF}/examples
-		doins examples/*.c
-	fi
-
-	find "${D}" -name "*.la" -delete
-}
-
-pkg_postinst() {
-	# <=colord-0.1.11 ran as root and used /var/lib/lib/colord to store
-	# configuration files and /var/lib/lib/color for custom color profiles.
-	local old_dir="${EROOT}var/lib/lib/colord"
-	local new_dir="${EROOT}var/lib/colord"
-
-	if [[ -e "${old_dir}/mapping.db" || -e "${old_dir}/storage.db" ]] && \
-	   ! [[ -e "${new_dir}/mapping.db" || -e "${new_dir}/storage.db" ]]; then
-		elog "Old colord configuration files are present in ${old_dir}. If you"
-		elog "are upgrading from colord-0.1.11 or older and had previously"
-		elog "customized your color management settings, you will need to copy"
-		elog "these files to ${new_dir} and then change the file ownership"
-		elog "to colord:colord :"
-		elog
-		elog " # cp ${old_dir}/*.db ${new_dir}"
-		elog " # chown colord:colord ${new_dir}/*.db"
-		elog
-	fi
-	old_dir="${EROOT}var/lib/lib/color"
-	new_dir="${EROOT}var/lib/color"
-	if [[ -e "${old_dir}/icc" && ! -e "${new_dir}/icc" ]]; then
-		elog "Old custom color profiles are present in ${old_dir}. If you are"
-		elog "upgrading from colord-0.1.11 or older, you will need to copy them"
-		elog "to ${new_dir} and then change the ownership to colord:colord :"
-		elog
-		elog " # cp -r ${old_dir}/icc ${new_dir}"
-		elog " # chown -R colord:colord ${new_dir}/icc"
-		elog
-	fi
-}
diff --git a/x11-misc/colord/colord-0.1.13.ebuild b/x11-misc/colord/colord-0.1.14-r1.ebuild
index f1d0c1022c2b..9c1cc90382e1 100644
--- a/x11-misc/colord/colord-0.1.13.ebuild
+++ b/x11-misc/colord/colord-0.1.14-r1.ebuild
@@ -1,10 +1,10 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.13.ebuild,v 1.2 2011/10/25 13:24:15 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-misc/colord/colord-0.1.14-r1.ebuild,v 1.1 2011/11/25 18:15:23 tetromino Exp $
 
 EAPI="4"
 
-inherit eutils base
+inherit autotools eutils base
 
 DESCRIPTION="System service to accurately color manage input and output devices"
 HOMEPAGE="http://www.freedesktop.org/software/colord/"
@@ -12,22 +12,22 @@ SRC_URI="http://www.freedesktop.org/software/colord/releases/${P}.tar.xz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~amd64 ~hppa ~x86"
-IUSE="doc examples +introspection scanner +udev"
+KEYWORDS="~amd64 ~arm ~hppa ~x86"
+IUSE="doc elibc_FreeBSD examples +introspection scanner +udev vala"
 
 # FIXME: raise to libusb-1.0.9:1 when available
 COMMON_DEPEND="
 	dev-db/sqlite:3
 	>=dev-libs/glib-2.28.0:2
-	>=dev-libs/libusb-1.0.8:1
 	>=media-libs/lcms-2.2:2
+	elibc_FreeBSD? ( >=sys-freebsd/freebsd-lib-8.0[usb] )
+	!elibc_FreeBSD? ( >=dev-libs/libusb-1.0.8:1 )
 	introspection? ( >=dev-libs/gobject-introspection-0.9.8 )
 	scanner? ( media-gfx/sane-backends )
 	udev? ( || ( sys-fs/udev[gudev] sys-fs/udev[extras] ) )
 "
 RDEPEND="${COMMON_DEPEND}
 	media-gfx/shared-color-profiles"
-# Automagic build-time vala dependency if USE=introspection
 DEPEND="${COMMON_DEPEND}
 	dev-libs/libxslt
 	>=dev-util/intltool-0.35
@@ -37,7 +37,7 @@ DEPEND="${COMMON_DEPEND}
 		app-text/docbook-xml-dtd:4.1.2
 		>=dev-util/gtk-doc-1.9
 	)
-	introspection? ( dev-lang/vala:0.14 )
+	vala? ( dev-lang/vala:0.14[vapigen] )
 "
 
 # FIXME: needs pre-installed dbus service files
@@ -51,12 +51,30 @@ pkg_setup() {
 }
 
 src_prepare() {
+	# Fix SQL injection vulnerability (bug #391879); will be in next release
+	epatch "${FILESDIR}/${P}-sql-injections"{,-2}.patch
+
 	# Ubuntu patch to allow root and at_console to access colord without polkit;
 	# this behavior matches upstream default polkit settings.
 	epatch "${FILESDIR}/${PN}-0.1.13-use-dbus-security-for-permissions.patch"
+
+	epatch "${FILESDIR}/${PN}-0.1.11-fix-automagic-vala.patch"
+
+	# Use <libusb.h> for freebsd compatibility, bug #387959#c6
+	sed -e 's:#include <libusb-1.0/libusb.h>:#include <libusb.h>:' \
+		-i src/sensors/*.c src/sensors/*.h || die "sed failed"
+
+	eautoreconf
 }
 
 src_configure() {
+	#  bug #387959#c6
+	if use elibc_FreeBSD; then
+		USB_CFLAGS="-I${EPREFIX}/usr/include"
+		USB_LIBS="-lusb"
+		echo "$USB_CFLAGS $USB_LIBS"
+	fi
+
 	# Disable polkit to allow registering devices when colord is running as
 	# non-root; https://bugs.launchpad.net/ubuntu/+source/colord/+bug/837851
 	econf \
@@ -71,6 +89,7 @@ src_configure() {
 		$(use_enable introspection) \
 		$(use_enable scanner sane) \
 		$(use_enable udev gudev) \
+		$(use_enable vala) \
 		VAPIGEN=$(type -p vapigen-0.14)
 	# parallel make fails in doc/api
 	use doc && MAKEOPTS=-j1
diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch
new file mode 100644
index 000000000000..fa6497a773d6
--- /dev/null
+++ b/x11-misc/colord/files/colord-0.1.14-sql-injections-2.patch
@@ -0,0 +1,153 @@
+From 36549e0ed255e7dfa7852d08a75dd5f00cbd270e Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Fri, 25 Nov 2011 11:14:21 +0100
+Subject: [PATCH] fix more sql injections
+
+https://bugs.freedesktop.org/show_bug.cgi?id=42904
+
+Signed-off-by: Richard Hughes <richard@hughsie.com>
+---
+ src/cd-device-db.c |   42 +++++++++++++++++++++---------------------
+ 1 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/src/cd-device-db.c b/src/cd-device-db.c
+index 808a338..e69fa64 100644
+--- a/src/cd-device-db.c
++++ b/src/cd-device-db.c
+@@ -151,8 +151,8 @@ cd_device_db_add (CdDeviceDb *ddb,
+ 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdDeviceDb: add device %s", device_id);
+-	statement = g_strdup_printf ("INSERT INTO devices (device_id) "
+-				     "VALUES ('%s')",
++	statement = sqlite3_mprintf ("INSERT INTO devices (device_id) "
++				     "VALUES ('%q')",
+ 				     device_id);
+ 
+ 	/* insert the entry */
+@@ -168,7 +168,7 @@ cd_device_db_add (CdDeviceDb *ddb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return ret;
+ }
+ 
+@@ -191,9 +191,9 @@ cd_device_db_set_property (CdDeviceDb *ddb,
+ 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdDeviceDb: add device %s [%s=%s]", device_id, property, value);
+-	statement = g_strdup_printf ("INSERT INTO properties (device_id, "
++	statement = sqlite3_mprintf ("INSERT INTO properties (device_id, "
+ 				     "property, value) "
+-				     "VALUES ('%s', '%s', '%s')",
++				     "VALUES ('%q', '%q', '%q')",
+ 				     device_id, property, value);
+ 
+ 	/* insert the entry */
+@@ -209,7 +209,7 @@ cd_device_db_set_property (CdDeviceDb *ddb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return ret;
+ }
+ 
+@@ -232,8 +232,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+ 
+ 	/* remove the entry */
+ 	g_debug ("CdDeviceDb: remove device %s", device_id);
+-	statement1 = g_strdup_printf ("DELETE FROM devices WHERE "
+-				     "device_id = '%s';",
++	statement1 = sqlite3_mprintf ("DELETE FROM devices WHERE "
++				     "device_id = '%q';",
+ 				     device_id);
+ 	rc = sqlite3_exec (ddb->priv->db, statement1, NULL, NULL, &error_msg);
+ 	if (rc != SQLITE_OK) {
+@@ -246,8 +246,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+ 		ret = FALSE;
+ 		goto out;
+ 	}
+-	statement2 = g_strdup_printf ("DELETE FROM properties WHERE "
+-				     "device_id = '%s';",
++	statement2 = sqlite3_mprintf ("DELETE FROM properties WHERE "
++				     "device_id = '%q';",
+ 				     device_id);
+ 	rc = sqlite3_exec (ddb->priv->db, statement2, NULL, NULL, &error_msg);
+ 	if (rc != SQLITE_OK) {
+@@ -261,8 +261,8 @@ cd_device_db_remove (CdDeviceDb *ddb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement1);
+-	g_free (statement2);
++	sqlite3_free (statement1);
++	sqlite3_free (statement2);
+ 	return ret;
+ }
+ 
+@@ -302,9 +302,9 @@ cd_device_db_get_property (CdDeviceDb *ddb,
+ 	g_return_val_if_fail (ddb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdDeviceDb: get property %s for %s", property, device_id);
+-	statement = g_strdup_printf ("SELECT value FROM properties WHERE "
+-				     "device_id = '%s' AND "
+-				     "property = '%s' LIMIT 1;",
++	statement = sqlite3_mprintf ("SELECT value FROM properties WHERE "
++				     "device_id = '%q' AND "
++				     "property = '%q' LIMIT 1;",
+ 				     device_id, property);
+ 
+ 	/* remove the entry */
+@@ -338,7 +338,7 @@ cd_device_db_get_property (CdDeviceDb *ddb,
+ 	value = g_strdup (g_ptr_array_index (array_tmp, 0));
+ out:
+ 	g_ptr_array_unref (array_tmp);
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return value;
+ }
+ 
+@@ -360,7 +360,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
+ 
+ 	/* get all the devices */
+ 	g_debug ("CdDeviceDb: get devices");
+-	statement = g_strdup_printf ("SELECT device_id FROM devices;");
++	statement = sqlite3_mprintf ("SELECT device_id FROM devices;");
+ 	array_tmp = g_ptr_array_new_with_free_func (g_free);
+ 	rc = sqlite3_exec (ddb->priv->db,
+ 			   statement,
+@@ -381,7 +381,7 @@ cd_device_db_get_devices (CdDeviceDb *ddb,
+ 	array = g_ptr_array_ref (array_tmp);
+ out:
+ 	g_ptr_array_unref (array_tmp);
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return array;
+ }
+ 
+@@ -404,8 +404,8 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
+ 
+ 	/* get all the devices */
+ 	g_debug ("CdDeviceDb: get properties for device %s", device_id);
+-	statement = g_strdup_printf ("SELECT property FROM properties "
+-				     "WHERE device_id = '%s';",
++	statement = sqlite3_mprintf ("SELECT property FROM properties "
++				     "WHERE device_id = '%q';",
+ 				     device_id);
+ 	array_tmp = g_ptr_array_new_with_free_func (g_free);
+ 	rc = sqlite3_exec (ddb->priv->db,
+@@ -427,7 +427,7 @@ cd_device_db_get_properties (CdDeviceDb *ddb,
+ 	array = g_ptr_array_ref (array_tmp);
+ out:
+ 	g_ptr_array_unref (array_tmp);
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return array;
+ }
+ 
+-- 
+1.7.8.rc3
+
diff --git a/x11-misc/colord/files/colord-0.1.14-sql-injections.patch b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch
new file mode 100644
index 000000000000..82b2c45d028c
--- /dev/null
+++ b/x11-misc/colord/files/colord-0.1.14-sql-injections.patch
@@ -0,0 +1,139 @@
+From 1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b Mon Sep 17 00:00:00 2001
+From: Vincent Untz <vuntz@gnome.org>
+Date: Mon, 14 Nov 2011 10:51:29 +0100
+Subject: [PATCH] Use sqlite3_mprintf() to avoid SQL injections
+
+https://bugs.freedesktop.org/show_bug.cgi?id=42904
+
+Signed-off-by: Richard Hughes <richard@hughsie.com>
+---
+ src/cd-mapping-db.c |   36 ++++++++++++++++++------------------
+ 1 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/src/cd-mapping-db.c b/src/cd-mapping-db.c
+index 6e1f4f3..e59a058 100644
+--- a/src/cd-mapping-db.c
++++ b/src/cd-mapping-db.c
+@@ -162,8 +162,8 @@ cd_mapping_db_add (CdMappingDb *mdb,
+ 	g_debug ("CdMappingDb: add %s<=>%s",
+ 		 device_id, profile_id);
+ 	timestamp = g_get_real_time ();
+-	statement = g_strdup_printf ("INSERT INTO mappings (device, profile, timestamp) "
+-				     "VALUES ('%s', '%s', %"G_GINT64_FORMAT")",
++	statement = sqlite3_mprintf ("INSERT INTO mappings (device, profile, timestamp) "
++				     "VALUES ('%q', '%q', %"G_GINT64_FORMAT")",
+ 				     device_id, profile_id, timestamp);
+ 
+ 	/* insert the entry */
+@@ -179,7 +179,7 @@ cd_mapping_db_add (CdMappingDb *mdb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return ret;
+ }
+ /**
+@@ -203,8 +203,8 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
+ 	g_debug ("CdMappingDb: update timestamp %s<=>%s",
+ 		 device_id, profile_id);
+ 	timestamp = g_get_real_time ();
+-	statement = g_strdup_printf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
+-				     " WHERE device = '%s' AND profile = '%s';",
++	statement = sqlite3_mprintf ("UPDATE mappings SET timestamp = %"G_GINT64_FORMAT
++				     " WHERE device = '%q' AND profile = '%q';",
+ 				     timestamp, device_id, profile_id);
+ 
+ 	/* update the entry */
+@@ -220,7 +220,7 @@ cd_mapping_db_update_timestamp (CdMappingDb *mdb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return ret;
+ }
+ 
+@@ -242,8 +242,8 @@ cd_mapping_db_remove (CdMappingDb *mdb,
+ 	g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdMappingDb: remove %s<=>%s", device_id, profile_id);
+-	statement = g_strdup_printf ("DELETE FROM mappings WHERE "
+-				     "device = '%s' AND profile = '%s';",
++	statement = sqlite3_mprintf ("DELETE FROM mappings WHERE "
++				     "device = '%q' AND profile = '%q';",
+ 				     device_id, profile_id);
+ 
+ 	/* remove the entry */
+@@ -259,7 +259,7 @@ cd_mapping_db_remove (CdMappingDb *mdb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return ret;
+ }
+ 
+@@ -301,8 +301,8 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
+ 	g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdMappingDb: get profiles for %s", device_id);
+-	statement = g_strdup_printf ("SELECT profile FROM mappings WHERE "
+-				     "device = '%s' ORDER BY timestamp ASC;", device_id);
++	statement = sqlite3_mprintf ("SELECT profile FROM mappings WHERE "
++				     "device = '%q' ORDER BY timestamp ASC;", device_id);
+ 
+ 	/* remove the entry */
+ 	array_tmp = g_ptr_array_new_with_free_func (g_free);
+@@ -325,7 +325,7 @@ cd_mapping_db_get_profiles (CdMappingDb *mdb,
+ 	array = g_ptr_array_ref (array_tmp);
+ out:
+ 	g_ptr_array_unref (array_tmp);
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return array;
+ }
+ 
+@@ -350,8 +350,8 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
+ 	g_return_val_if_fail (mdb->priv->db != NULL, FALSE);
+ 
+ 	g_debug ("CdMappingDb: get devices for %s", profile_id);
+-	statement = g_strdup_printf ("SELECT device FROM mappings WHERE "
+-				     "profile = '%s' ORDER BY timestamp ASC;", profile_id);
++	statement = sqlite3_mprintf ("SELECT device FROM mappings WHERE "
++				     "profile = '%q' ORDER BY timestamp ASC;", profile_id);
+ 
+ 	/* remove the entry */
+ 	array_tmp = g_ptr_array_new_with_free_func (g_free);
+@@ -374,7 +374,7 @@ cd_mapping_db_get_devices (CdMappingDb *mdb,
+ 	array = g_ptr_array_ref (array_tmp);
+ out:
+ 	g_ptr_array_unref (array_tmp);
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return array;
+ }
+ 
+@@ -416,8 +416,8 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
+ 
+ 	g_debug ("CdMappingDb: get checksum for %s<->%s",
+ 		 device_id, profile_id);
+-	statement = g_strdup_printf ("SELECT timestamp FROM mappings WHERE "
+-				     "device = '%s' AND profile = '%s' "
++	statement = sqlite3_mprintf ("SELECT timestamp FROM mappings WHERE "
++				     "device = '%q' AND profile = '%q' "
+ 				     "LIMIT 1;", device_id, profile_id);
+ 
+ 	/* query the checksum */
+@@ -436,7 +436,7 @@ cd_mapping_db_get_timestamp (CdMappingDb *mdb,
+ 		goto out;
+ 	}
+ out:
+-	g_free (statement);
++	sqlite3_free (statement);
+ 	return timestamp;
+ }
+ 
+-- 
+1.7.8.rc3
+
author	Alexandre Rostovtsev <tetromino@gentoo.org>	2011-11-25 18:15:24 +0000
committer	Alexandre Rostovtsev <tetromino@gentoo.org>	2011-11-25 18:15:24 +0000
commit	ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49 (patch)
tree	06064b8cb831158f1cbf03eae885cbbf7c9890d1 /x11-misc/colord
parent	Fix segmentation fault in playlist wrt #390783 by Rafał Mużyło (diff)
download	gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.tar.gz gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.tar.bz2 gentoo-2-ecbbf4b6fef9f231c57b77bf9c3544d7f1dc9b49.zip