[Pkg-dspam-commits] [dspam] 03/04: Properly escape string constants in pgsql driver

Thomas Preud'homme robotux at moszumanska.debian.org
Tue Nov 26 16:18:24 UTC 2013 

This is an automated email from the git hooks/post-receive script.

robotux pushed a commit to branch master
in repository dspam.

commit 16e01f667c591f688fb80074d2300fc7f8bc244c
Author: Thomas Preud'homme <robotux at celest.fr>
Date:   Tue Nov 26 20:15:55 2013 +0800

    Properly escape string constants in pgsql driver
---
 debian/changelog                                   |  2 +
 debian/patches/010_set_legacy_escape_strings.diff  | 27 -------
 .../013_use_standard_conforming_sql_string.diff    | 92 ++++++++++++++++++++++
 debian/patches/series                              |  2 +-
 4 files changed, 95 insertions(+), 28 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 6ff8a83..89bd044 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ dspam (3.10.2+dfsg-12) UNRELEASED; urgency=low
   * Remove /var/log/dspam and /var/spool/dspam on purge (Closes: 729787).
   * debian/patches:
     + Enhance cssclean to fix corrupted css file (Closes: #722485).
+    + Properly escape string constants in PostgreSQL driver (Closes: #719663).
+    + drop patch to require legacy mode for string escaping in PostgreSQL.
 
  -- Thomas Preud'homme <robotux at debian.org>  Fri, 18 Oct 2013 22:37:20 +0800
 
diff --git a/debian/patches/010_set_legacy_escape_strings.diff b/debian/patches/010_set_legacy_escape_strings.diff
deleted file mode 100644
index cdd9ff8..0000000
--- a/debian/patches/010_set_legacy_escape_strings.diff
+++ /dev/null
@@ -1,27 +0,0 @@
-Require legacy mode for string escaping in pgsql
-
-Explicitly require legacy mode for string escaping in PostgreSQL since it
-now defaults to standard compliant mode.
-
-Author: Julien Cristau <jcristau at debian.org>
-Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694942
-Bug-Debian: http://bugs.debian.org/694942
-Forwarded: no
-Last-Update: 2013-05-29
-diff --git a/src/pgsql_drv.c b/src/pgsql_drv.c
-index eac2354..b110a3f 100644
---- a/src/pgsql_drv.c
-+++ b/src/pgsql_drv.c
-@@ -3175,6 +3175,12 @@ PGconn *_pgsql_drv_connect(DSPAM_CTX *CTX)
-     return NULL;
-   }
- 
-+  if (PQserverVersion(dbh) >= 90100)
-+  {
-+    PGresult *result = PQexec(dbh, "SET standard_conforming_strings TO off;");
-+    if (result)
-+      PQclear(result);
-+  }
-   return dbh;
- 
- FAILURE:
diff --git a/debian/patches/013_use_standard_conforming_sql_string.diff b/debian/patches/013_use_standard_conforming_sql_string.diff
new file mode 100644
index 0000000..0e330a2
--- /dev/null
+++ b/debian/patches/013_use_standard_conforming_sql_string.diff
@@ -0,0 +1,92 @@
+From: Thomas Preud'homme <robotux at celest.fr>
+Subject: Properly escape string constants in PostgreSQL driver
+
+PostgreSQL used to accept escaped strings in standard SQL query. It now
+follows the SQL standard by treating backslashes literally. Escaped strings
+need thus to be prefixed by E for PostgreSQL to consider backslashes as
+introducing an escape sequence.
+
+Origin: vendor
+Bug: https://sourceforge.net/p/dspam/bug-tracker/141/
+Bug-Debian: http://bugs.debian.org/719663
+Last-Update: 2013-11-26
+---
+ src/pgsql_drv.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/pgsql_drv.c b/src/pgsql_drv.c
+index c8f714c..a6e03a7 100644
+--- a/src/pgsql_drv.c
++++ b/src/pgsql_drv.c
+@@ -1423,7 +1423,7 @@ _ds_get_signature (DSPAM_CTX * CTX, struct _ds_spam_signature *SIG,
+   }
+ 
+   snprintf (query, sizeof (query),
+-            "SELECT data,length FROM dspam_signature_data WHERE uid=%d AND signature='%s'",
++            "SELECT data,length FROM dspam_signature_data WHERE uid=%d AND signature=E'%s'",
+             (int) uid, sig_esc);
+ 
+   free(sig_esc);
+@@ -1537,7 +1537,7 @@ _ds_set_signature (DSPAM_CTX * CTX, struct _ds_spam_signature *SIG,
+   }
+ 
+   snprintf (scratch, sizeof (scratch),
+-            "INSERT INTO dspam_signature_data (uid,signature,length,created_on,data) VALUES (%d,'%s',%lu,CURRENT_DATE,'",
++            "INSERT INTO dspam_signature_data (uid,signature,length,created_on,data) VALUES (%d,E'%s',%lu,CURRENT_DATE,E'",
+             (int) p->pw_uid, sig_esc, (unsigned long) SIG->length);
+   free(sig_esc);
+   buffer_cat (query, scratch);
+@@ -1607,7 +1607,7 @@ _ds_delete_signature (DSPAM_CTX * CTX, const char *signature)
+   }
+ 
+   snprintf (query, sizeof (query),
+-            "DELETE FROM dspam_signature_data WHERE uid=%d AND signature='%s'",
++            "DELETE FROM dspam_signature_data WHERE uid=%d AND signature=E'%s'",
+             (int) p->pw_uid, sig_esc);
+ 
+   free(sig_esc);
+@@ -1670,7 +1670,7 @@ _ds_verify_signature (DSPAM_CTX * CTX, const char *signature)
+   }
+ 
+   snprintf (query, sizeof (query),
+-            "SELECT signature FROM dspam_signature_data WHERE uid=%d AND signature='%s'",
++            "SELECT signature FROM dspam_signature_data WHERE uid=%d AND signature=E'%s'",
+             (int) p->pw_uid, sig_esc);
+ 
+   free(sig_esc);
+@@ -2190,7 +2190,7 @@ _pgsql_drv_getpwnam (DSPAM_CTX * CTX, const char *name)
+   }
+ 
+   snprintf (query, sizeof (query),
+-            "SELECT %s FROM %s WHERE %s='%s'",
++            "SELECT %s FROM %s WHERE %s=E'%s'",
+             virtual_uid, virtual_table, virtual_username, name_esc);
+ 
+   free(name_esc);
+@@ -2420,7 +2420,7 @@ _pgsql_drv_setpwnam (DSPAM_CTX * CTX, const char *name)
+   }
+ 
+   snprintf (query, sizeof (query),
+-            "INSERT INTO %s (%s, %s) VALUES (default, '%s')",
++            "INSERT INTO %s (%s, %s) VALUES (default, E'%s')",
+             virtual_table, virtual_uid, virtual_username, name_esc);
+ 
+   free(name_esc);
+@@ -2805,7 +2805,7 @@ int _ds_pref_set (
+   }
+ 
+   snprintf(query, sizeof(query), "DELETE FROM dspam_preferences"
+-    " WHERE uid=%d AND preference='%s'", (int) uid, pref_esc);
++    " WHERE uid=%d AND preference=E'%s'", (int) uid, pref_esc);
+ 
+   result = PQexec(s->dbh, query);
+   if ( !result || (PQresultStatus(result) != PGRES_COMMAND_OK && PQresultStatus(result) != PGRES_NONFATAL_ERROR) )
+@@ -2896,7 +2896,7 @@ int _ds_pref_del (
+   }
+ 
+   snprintf(query, sizeof(query), "DELETE FROM dspam_preferences"
+-    " WHERE uid=%d AND preference='%s'", (int) uid, pref_esc);
++    " WHERE uid=%d AND preference=E'%s'", (int) uid, pref_esc);
+ 
+   free(pref_esc);
+   result = PQexec(s->dbh, query);
diff --git a/debian/patches/series b/debian/patches/series
index dfd7200..8df442e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,6 +6,6 @@
 007_process_quarantine_if_spanish.diff
 008_fix_exim_integration_doc.diff
 009_fix_recipient_corruption_when_releasing_message_from_quarantine.diff
-010_set_legacy_escape_strings.diff
 011_define_WCONTINUED_and_WIFCONTINUED_if_not_defined.diff
 012_dont_read_past_end_of_css_files.diff
+013_use_standard_conforming_sql_string.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-dspam/dspam.git

More information about the Pkg-dspam-commits mailing list