diff options
author | Ben de Groot <yngwin@gentoo.org> | 2013-03-02 15:27:36 +0000 |
---|---|---|
committer | Ben de Groot <yngwin@gentoo.org> | 2013-03-02 15:27:36 +0000 |
commit | a6fec7da51bd565bffd03b3c6ca31f5196d1b35c (patch) | |
tree | 65ef002fa2238b1cab4a16a110a04a4c83fdaf48 /dev-qt/qtgui/files | |
parent | Move to new dev-qt category (diff) | |
download | gentoo-2-a6fec7da51bd565bffd03b3c6ca31f5196d1b35c.tar.gz gentoo-2-a6fec7da51bd565bffd03b3c6ca31f5196d1b35c.tar.bz2 gentoo-2-a6fec7da51bd565bffd03b3c6ca31f5196d1b35c.zip |
Move to new dev-qt category
(Portage version: 2.2.0_alpha164/cvs/Linux x86_64, RepoMan options: --force, signed Manifest commit with key 0x2B2474AD43CE296E!)
Diffstat (limited to 'dev-qt/qtgui/files')
-rw-r--r-- | dev-qt/qtgui/files/CVE-2013-0254.patch | 143 | ||||
-rw-r--r-- | dev-qt/qtgui/files/qtgui-4.7.3-cups.patch | 84 |
2 files changed, 227 insertions, 0 deletions
diff --git a/dev-qt/qtgui/files/CVE-2013-0254.patch b/dev-qt/qtgui/files/CVE-2013-0254.patch new file mode 100644 index 000000000000..fa05da333257 --- /dev/null +++ b/dev-qt/qtgui/files/CVE-2013-0254.patch @@ -0,0 +1,143 @@ +From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001 +From: Thiago Macieira <thiago.macieira@intel.com> +Date: Sat, 22 Dec 2012 08:32:12 -0800 +Subject: [PATCH] Change all shmget calls to user-only memory + +Drop the read and write permissions for group and other users in the +system. + +Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876 +(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5) +Reviewed-by: Richard J. Moore <rich@kde.org> +--- + src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++--- + src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++-- + src/gui/image/qnativeimage.cpp | 2 +- + src/gui/image/qpixmap_x11.cpp | 2 +- + src/plugins/platforms/xcb/qxcbwindowsurface.cpp | 2 +- + src/plugins/platforms/xlib/qxlibwindowsurface.cpp | 2 +- + tools/qvfb/qvfbshmem.cpp | 4 ++-- + +diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp +index 20d76e3..4cf3acf 100644 +--- a/src/corelib/kernel/qsharedmemory_unix.cpp ++++ b/src/corelib/kernel/qsharedmemory_unix.cpp +@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size) + } + + // create +- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) { ++ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) { + QString function = QLatin1String("QSharedMemory::create"); + switch (errno) { + case EINVAL: +@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode) + { + #ifndef QT_POSIX_IPC + // grab the shared memory segment id +- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660)); ++ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600)); + if (-1 == id) { + setErrorString(QLatin1String("QSharedMemory::attach (shmget)")); + return false; +@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach() + size = 0; + + // Get the number of current attachments +- int id = shmget(unix_key, 0, 0444); ++ int id = shmget(unix_key, 0, 0400); + cleanHandle(); + + struct shmid_ds shmid_ds; +diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp +index fad9acc..e77456b 100644 +--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp ++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp +@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode) + } + + // Get semaphore +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL); + if (-1 == semaphore) { + if (errno == EEXIST) +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT); + if (-1 == semaphore) { + setErrorString(QLatin1String("QSystemSemaphore::handle")); + cleanHandle(); +diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp +index 9654afe..fef38c5 100644 +--- a/src/gui/image/qnativeimage.cpp ++++ b/src/gui/image/qnativeimage.cpp +@@ -176,7 +176,7 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /* + + bool ok; + xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * xshmimg->height, +- IPC_CREAT | 0777); ++ IPC_CREAT | 0700); + ok = xshminfo.shmid != -1; + if (ok) { + xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); +diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp +index 280d8bd..88c9b7b 100644 +--- a/src/gui/image/qpixmap_x11.cpp ++++ b/src/gui/image/qpixmap_x11.cpp +@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(const QPaintDevice* dev, int w, int h) + bool ok; + xshminfo.shmid = shmget(IPC_PRIVATE, + xshmimg->bytes_per_line * xshmimg->height, +- IPC_CREAT | 0777); ++ IPC_CREAT | 0700); + ok = xshminfo.shmid != -1; + if (ok) { + xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); +diff --git a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp +index b6a42d8..0d56821 100644 +--- a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp ++++ b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp +@@ -98,7 +98,7 @@ QXcbShmImage::QXcbShmImage(QXcbScreen *screen, const QSize &size, uint depth, QI + 0); + + m_shm_info.shmid = shmget (IPC_PRIVATE, +- m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0777); ++ m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0600); + + m_shm_info.shmaddr = m_xcb_image->data = (quint8 *)shmat (m_shm_info.shmid, 0, 0); + m_shm_info.shmseg = xcb_generate_id(xcb_connection()); +diff --git a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp +index bf003eb..46a2f97 100644 +--- a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp ++++ b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp +@@ -99,7 +99,7 @@ void QXlibWindowSurface::resizeShmImage(int width, int height) + + + image_info->shminfo.shmid = shmget (IPC_PRIVATE, +- image->bytes_per_line * image->height, IPC_CREAT|0777); ++ image->bytes_per_line * image->height, IPC_CREAT|0700); + + image_info->shminfo.shmaddr = image->data = (char*)shmat (image_info->shminfo.shmid, 0, 0); + image_info->shminfo.readOnly = False; +diff --git a/tools/qvfb/qvfbshmem.cpp b/tools/qvfb/qvfbshmem.cpp +index 7f9671f..84b6ebe 100644 +--- a/tools/qvfb/qvfbshmem.cpp ++++ b/tools/qvfb/qvfbshmem.cpp +@@ -176,13 +176,13 @@ QShMemViewProtocol::QShMemViewProtocol(int displayid, const QSize &s, + uint data_offset_value = sizeof(QVFbHeader); + + int dataSize = bpl * h + data_offset_value; +- shmId = shmget(key, dataSize, IPC_CREAT | 0666); ++ shmId = shmget(key, dataSize, IPC_CREAT | 0600); + if (shmId != -1) + data = (unsigned char *)shmat(shmId, 0, 0); + else { + struct shmid_ds shm; + shmctl(shmId, IPC_RMID, &shm); +- shmId = shmget(key, dataSize, IPC_CREAT | 0666); ++ shmId = shmget(key, dataSize, IPC_CREAT | 0600); + if (shmId == -1) { + perror("QShMemViewProtocol::QShMemViewProtocol"); + qFatal("Cannot get shared memory 0x%08x", key); +-- +1.7.1 + diff --git a/dev-qt/qtgui/files/qtgui-4.7.3-cups.patch b/dev-qt/qtgui/files/qtgui-4.7.3-cups.patch new file mode 100644 index 000000000000..e0305e11b89a --- /dev/null +++ b/dev-qt/qtgui/files/qtgui-4.7.3-cups.patch @@ -0,0 +1,84 @@ +diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp +--- qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-11 16:55:22.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-28 04:34:16.000000000 +0100 +@@ -569,6 +569,32 @@ + void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups) + { + options.duplex->setEnabled(cups && cups->ppdOption("Duplex")); ++ ++ if (cups) { ++ const ppd_option_t* duplex = cups->ppdOption("Duplex"); ++ if (duplex) { ++ // copy default ppd duplex to qt dialog ++ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0) ++ options.duplexShort->setChecked(true); ++ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0) ++ options.duplexLong->setChecked(true); ++ else ++ options.noDuplex->setChecked(true); ++ } ++ ++ if (cups->currentPPD()) { ++ // set default color ++ if (cups->currentPPD()->color_device) ++ options.color->setChecked(true); ++ else ++ options.grayscale->setChecked(true); ++ } ++ ++ // set collation ++ const ppd_option_t *collate = cups->ppdOption("Collate"); ++ if (collate) ++ options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0); ++ } + } + #endif + +diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp +--- qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp 2010-02-11 16:55:22.000000000 +0100 ++++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp 2010-02-28 04:55:15.000000000 +0100 +@@ -627,6 +627,44 @@ + && d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) { + setOutputFormat(QPrinter::PdfFormat); + } ++ ++#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY) ++ // fill in defaults from ppd file ++ QCUPSSupport cups; ++ ++ int printernum = -1; ++ for (int i = 0; i < cups.availablePrintersCount(); i++) { ++ if (printerName().toLocal8Bit() == cups.availablePrinters()[i].name) ++ printernum = i; ++ } ++ if (printernum >= 0) { ++ cups.setCurrentPrinter(printernum); ++ ++ const ppd_option_t* duplex = cups.ppdOption("Duplex"); ++ if (duplex) { ++ // copy default ppd duplex to qt dialog ++ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0) ++ setDuplex(DuplexShortSide); ++ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0) ++ setDuplex(DuplexLongSide); ++ else ++ setDuplex(DuplexNone); ++ } ++ ++ if (cups.currentPPD()) { ++ // set default color ++ if (cups.currentPPD()->color_device) ++ setColorMode(Color); ++ else ++ setColorMode(GrayScale); ++ } ++ ++ // set collation ++ const ppd_option_t *collate = cups.ppdOption("Collate"); ++ if (collate) ++ setCollateCopies(qstrcmp(collate->defchoice, "True")==0); ++ } ++#endif + } + + /*! |