diff options
| author |   Davide Pesavento <pesa@gentoo.org> | 2013-02-09 08:04:37 +0000 |
|---|---|---|
| committer | Davide Pesavento <pesa@gentoo.org> | 2013-02-09 08:04:37 +0000 |
| commit | dfdc39e84a54ce048e2ef5c25b970819e1ef2db1 (patch) | |
| tree | 8a530895ac7288eeb6a97629a2a1584e9a3a959c /x11-libs | |
| parent | Update eudev ebuilds to support ROOT properly (diff) | |
| download | gentoo-2-dfdc39e84a54ce048e2ef5c25b970819e1ef2db1.tar.gz gentoo-2-dfdc39e84a54ce048e2ef5c25b970819e1ef2db1.tar.bz2 gentoo-2-dfdc39e84a54ce048e2ef5c25b970819e1ef2db1.zip | |
Apply upstream patch for CVE-2013-0254 (Gentoo bug #455884)
(Portage version: 2.2.0_alpha161/cvs/Linux x86_64, signed Manifest commit with key 17A85C72)
Diffstat (limited to 'x11-libs')
| -rw-r--r-- | x11-libs/qt-core/ChangeLog | 8 | ||||
| -rw-r--r-- | x11-libs/qt-core/files/CVE-2013-0254.patch | 66 | ||||
| -rw-r--r-- | x11-libs/qt-core/qt-core-4.8.4-r2.ebuild (renamed from x11-libs/qt-core/qt-core-4.8.4-r1.ebuild) | 3 |
3 files changed, 75 insertions, 2 deletions
diff --git a/x11-libs/qt-core/ChangeLog b/x11-libs/qt-core/ChangeLog index 9bbc6793b400..6bc1335f694b 100644 --- a/x11-libs/qt-core/ChangeLog +++ b/x11-libs/qt-core/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for x11-libs/qt-core # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.204 2013/01/26 09:01:41 pesa Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.205 2013/02/09 08:04:37 pesa Exp $ + +*qt-core-4.8.4-r2 (09 Feb 2013) + + 09 Feb 2013; Davide Pesavento <pesa@gentoo.org> +files/CVE-2013-0254.patch, + +qt-core-4.8.4-r2.ebuild, -qt-core-4.8.4-r1.ebuild: + Apply upstream patch for CVE-2013-0254 (Gentoo bug #455884) 26 Jan 2013; Davide Pesavento <pesa@gentoo.org> +files/set-pkg-config-locations-directly-to-install-dir.patch, diff --git a/x11-libs/qt-core/files/CVE-2013-0254.patch b/x11-libs/qt-core/files/CVE-2013-0254.patch new file mode 100644 index 000000000000..48cc05f1800d --- /dev/null +++ b/x11-libs/qt-core/files/CVE-2013-0254.patch @@ -0,0 +1,66 @@ +From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001 +From: Thiago Macieira <thiago.macieira@intel.com> +Date: Sat, 22 Dec 2012 08:32:12 -0800 +Subject: [PATCH] Change all shmget calls to user-only memory + +Drop the read and write permissions for group and other users in the +system. + +Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876 +(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5) +Reviewed-by: Richard J. Moore <rich@kde.org> +--- + src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++--- + src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++-- + +diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp +index 20d76e3..4cf3acf 100644 +--- a/src/corelib/kernel/qsharedmemory_unix.cpp ++++ b/src/corelib/kernel/qsharedmemory_unix.cpp +@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size) + } + + // create +- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) { ++ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) { + QString function = QLatin1String("QSharedMemory::create"); + switch (errno) { + case EINVAL: +@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode) + { + #ifndef QT_POSIX_IPC + // grab the shared memory segment id +- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660)); ++ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600)); + if (-1 == id) { + setErrorString(QLatin1String("QSharedMemory::attach (shmget)")); + return false; +@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach() + size = 0; + + // Get the number of current attachments +- int id = shmget(unix_key, 0, 0444); ++ int id = shmget(unix_key, 0, 0400); + cleanHandle(); + + struct shmid_ds shmid_ds; +diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp +index fad9acc..e77456b 100644 +--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp ++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp +@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode) + } + + // Get semaphore +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL); + if (-1 == semaphore) { + if (errno == EEXIST) +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT); + if (-1 == semaphore) { + setErrorString(QLatin1String("QSystemSemaphore::handle")); + cleanHandle(); +-- +1.7.1 + diff --git a/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild b/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild index 257ca93911d0..afd758201549 100644 --- a/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild +++ b/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild,v 1.2 2013/01/26 09:01:41 pesa Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild,v 1.1 2013/02/09 08:04:37 pesa Exp $ EAPI=5 @@ -31,6 +31,7 @@ PDEPEND=" PATCHES=( "${FILESDIR}/moc-workaround-for-boost-1.48.patch" "${FILESDIR}/set-pkg-config-locations-directly-to-install-dir.patch" + "${FILESDIR}/CVE-2013-0254.patch" ) pkg_setup() { |