| 1 |
yngwin 13/03/02 15:27:36 |
| 2 |
|
| 3 |
Added: CVE-2013-0254.patch qtgui-4.7.3-cups.patch |
| 4 |
Log: |
| 5 |
Move to new dev-qt category |
| 6 |
|
| 7 |
(Portage version: 2.2.0_alpha164/cvs/Linux x86_64, RepoMan options: --force, signed Manifest commit with key 0x2B2474AD43CE296E!) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 dev-qt/qtgui/files/CVE-2013-0254.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-qt/qtgui/files/CVE-2013-0254.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-qt/qtgui/files/CVE-2013-0254.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: CVE-2013-0254.patch |
| 16 |
=================================================================== |
| 17 |
From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001 |
| 18 |
From: Thiago Macieira <thiago.macieira@×××××.com> |
| 19 |
Date: Sat, 22 Dec 2012 08:32:12 -0800 |
| 20 |
Subject: [PATCH] Change all shmget calls to user-only memory |
| 21 |
|
| 22 |
Drop the read and write permissions for group and other users in the |
| 23 |
system. |
| 24 |
|
| 25 |
Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876 |
| 26 |
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5) |
| 27 |
Reviewed-by: Richard J. Moore <rich@×××.org> |
| 28 |
--- |
| 29 |
src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++--- |
| 30 |
src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++-- |
| 31 |
src/gui/image/qnativeimage.cpp | 2 +- |
| 32 |
src/gui/image/qpixmap_x11.cpp | 2 +- |
| 33 |
src/plugins/platforms/xcb/qxcbwindowsurface.cpp | 2 +- |
| 34 |
src/plugins/platforms/xlib/qxlibwindowsurface.cpp | 2 +- |
| 35 |
tools/qvfb/qvfbshmem.cpp | 4 ++-- |
| 36 |
|
| 37 |
diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp |
| 38 |
index 20d76e3..4cf3acf 100644 |
| 39 |
--- a/src/corelib/kernel/qsharedmemory_unix.cpp |
| 40 |
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp |
| 41 |
@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size) |
| 42 |
} |
| 43 |
|
| 44 |
// create |
| 45 |
- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) { |
| 46 |
+ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) { |
| 47 |
QString function = QLatin1String("QSharedMemory::create"); |
| 48 |
switch (errno) { |
| 49 |
case EINVAL: |
| 50 |
@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode) |
| 51 |
{ |
| 52 |
#ifndef QT_POSIX_IPC |
| 53 |
// grab the shared memory segment id |
| 54 |
- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660)); |
| 55 |
+ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600)); |
| 56 |
if (-1 == id) { |
| 57 |
setErrorString(QLatin1String("QSharedMemory::attach (shmget)")); |
| 58 |
return false; |
| 59 |
@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach() |
| 60 |
size = 0; |
| 61 |
|
| 62 |
// Get the number of current attachments |
| 63 |
- int id = shmget(unix_key, 0, 0444); |
| 64 |
+ int id = shmget(unix_key, 0, 0400); |
| 65 |
cleanHandle(); |
| 66 |
|
| 67 |
struct shmid_ds shmid_ds; |
| 68 |
diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp |
| 69 |
index fad9acc..e77456b 100644 |
| 70 |
--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp |
| 71 |
+++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp |
| 72 |
@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode) |
| 73 |
} |
| 74 |
|
| 75 |
// Get semaphore |
| 76 |
- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL); |
| 77 |
+ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL); |
| 78 |
if (-1 == semaphore) { |
| 79 |
if (errno == EEXIST) |
| 80 |
- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT); |
| 81 |
+ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT); |
| 82 |
if (-1 == semaphore) { |
| 83 |
setErrorString(QLatin1String("QSystemSemaphore::handle")); |
| 84 |
cleanHandle(); |
| 85 |
diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp |
| 86 |
index 9654afe..fef38c5 100644 |
| 87 |
--- a/src/gui/image/qnativeimage.cpp |
| 88 |
+++ b/src/gui/image/qnativeimage.cpp |
| 89 |
@@ -176,7 +176,7 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /* |
| 90 |
|
| 91 |
bool ok; |
| 92 |
xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * xshmimg->height, |
| 93 |
- IPC_CREAT | 0777); |
| 94 |
+ IPC_CREAT | 0700); |
| 95 |
ok = xshminfo.shmid != -1; |
| 96 |
if (ok) { |
| 97 |
xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); |
| 98 |
diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp |
| 99 |
index 280d8bd..88c9b7b 100644 |
| 100 |
--- a/src/gui/image/qpixmap_x11.cpp |
| 101 |
+++ b/src/gui/image/qpixmap_x11.cpp |
| 102 |
@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(const QPaintDevice* dev, int w, int h) |
| 103 |
bool ok; |
| 104 |
xshminfo.shmid = shmget(IPC_PRIVATE, |
| 105 |
xshmimg->bytes_per_line * xshmimg->height, |
| 106 |
- IPC_CREAT | 0777); |
| 107 |
+ IPC_CREAT | 0700); |
| 108 |
ok = xshminfo.shmid != -1; |
| 109 |
if (ok) { |
| 110 |
xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); |
| 111 |
diff --git a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp |
| 112 |
index b6a42d8..0d56821 100644 |
| 113 |
--- a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp |
| 114 |
+++ b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp |
| 115 |
@@ -98,7 +98,7 @@ QXcbShmImage::QXcbShmImage(QXcbScreen *screen, const QSize &size, uint depth, QI |
| 116 |
0); |
| 117 |
|
| 118 |
m_shm_info.shmid = shmget (IPC_PRIVATE, |
| 119 |
- m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0777); |
| 120 |
+ m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0600); |
| 121 |
|
| 122 |
m_shm_info.shmaddr = m_xcb_image->data = (quint8 *)shmat (m_shm_info.shmid, 0, 0); |
| 123 |
m_shm_info.shmseg = xcb_generate_id(xcb_connection()); |
| 124 |
diff --git a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp |
| 125 |
index bf003eb..46a2f97 100644 |
| 126 |
--- a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp |
| 127 |
+++ b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp |
| 128 |
@@ -99,7 +99,7 @@ void QXlibWindowSurface::resizeShmImage(int width, int height) |
| 129 |
|
| 130 |
|
| 131 |
image_info->shminfo.shmid = shmget (IPC_PRIVATE, |
| 132 |
- image->bytes_per_line * image->height, IPC_CREAT|0777); |
| 133 |
+ image->bytes_per_line * image->height, IPC_CREAT|0700); |
| 134 |
|
| 135 |
image_info->shminfo.shmaddr = image->data = (char*)shmat (image_info->shminfo.shmid, 0, 0); |
| 136 |
image_info->shminfo.readOnly = False; |
| 137 |
diff --git a/tools/qvfb/qvfbshmem.cpp b/tools/qvfb/qvfbshmem.cpp |
| 138 |
index 7f9671f..84b6ebe 100644 |
| 139 |
--- a/tools/qvfb/qvfbshmem.cpp |
| 140 |
+++ b/tools/qvfb/qvfbshmem.cpp |
| 141 |
@@ -176,13 +176,13 @@ QShMemViewProtocol::QShMemViewProtocol(int displayid, const QSize &s, |
| 142 |
uint data_offset_value = sizeof(QVFbHeader); |
| 143 |
|
| 144 |
int dataSize = bpl * h + data_offset_value; |
| 145 |
- shmId = shmget(key, dataSize, IPC_CREAT | 0666); |
| 146 |
+ shmId = shmget(key, dataSize, IPC_CREAT | 0600); |
| 147 |
if (shmId != -1) |
| 148 |
data = (unsigned char *)shmat(shmId, 0, 0); |
| 149 |
else { |
| 150 |
struct shmid_ds shm; |
| 151 |
shmctl(shmId, IPC_RMID, &shm); |
| 152 |
- shmId = shmget(key, dataSize, IPC_CREAT | 0666); |
| 153 |
+ shmId = shmget(key, dataSize, IPC_CREAT | 0600); |
| 154 |
if (shmId == -1) { |
| 155 |
perror("QShMemViewProtocol::QShMemViewProtocol"); |
| 156 |
qFatal("Cannot get shared memory 0x%08x", key); |
| 157 |
-- |
| 158 |
1.7.1 |
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
1.1 dev-qt/qtgui/files/qtgui-4.7.3-cups.patch |
| 164 |
|
| 165 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-qt/qtgui/files/qtgui-4.7.3-cups.patch?rev=1.1&view=markup |
| 166 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-qt/qtgui/files/qtgui-4.7.3-cups.patch?rev=1.1&content-type=text/plain |
| 167 |
|
| 168 |
Index: qtgui-4.7.3-cups.patch |
| 169 |
=================================================================== |
| 170 |
diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp |
| 171 |
--- qt-everywhere-opensource-src-4.6.2/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-11 16:55:22.000000000 +0100 |
| 172 |
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/dialogs/qprintdialog_unix.cpp 2010-02-28 04:34:16.000000000 +0100 |
| 173 |
@@ -569,6 +569,32 @@ |
| 174 |
void QPrintDialogPrivate::selectPrinter(QCUPSSupport *cups) |
| 175 |
{ |
| 176 |
options.duplex->setEnabled(cups && cups->ppdOption("Duplex")); |
| 177 |
+ |
| 178 |
+ if (cups) { |
| 179 |
+ const ppd_option_t* duplex = cups->ppdOption("Duplex"); |
| 180 |
+ if (duplex) { |
| 181 |
+ // copy default ppd duplex to qt dialog |
| 182 |
+ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0) |
| 183 |
+ options.duplexShort->setChecked(true); |
| 184 |
+ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0) |
| 185 |
+ options.duplexLong->setChecked(true); |
| 186 |
+ else |
| 187 |
+ options.noDuplex->setChecked(true); |
| 188 |
+ } |
| 189 |
+ |
| 190 |
+ if (cups->currentPPD()) { |
| 191 |
+ // set default color |
| 192 |
+ if (cups->currentPPD()->color_device) |
| 193 |
+ options.color->setChecked(true); |
| 194 |
+ else |
| 195 |
+ options.grayscale->setChecked(true); |
| 196 |
+ } |
| 197 |
+ |
| 198 |
+ // set collation |
| 199 |
+ const ppd_option_t *collate = cups->ppdOption("Collate"); |
| 200 |
+ if (collate) |
| 201 |
+ options.collate->setChecked(qstrcmp(collate->defchoice, "True")==0); |
| 202 |
+ } |
| 203 |
} |
| 204 |
#endif |
| 205 |
|
| 206 |
diff -ur qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp |
| 207 |
--- qt-everywhere-opensource-src-4.6.2/src/gui/painting/qprinter.cpp 2010-02-11 16:55:22.000000000 +0100 |
| 208 |
+++ qt-everywhere-opensource-src-4.6.2-cups/src/gui/painting/qprinter.cpp 2010-02-28 04:55:15.000000000 +0100 |
| 209 |
@@ -627,6 +627,44 @@ |
| 210 |
&& d_ptr->paintEngine->type() != QPaintEngine::MacPrinter) { |
| 211 |
setOutputFormat(QPrinter::PdfFormat); |
| 212 |
} |
| 213 |
+ |
| 214 |
+#if !defined(QT_NO_CUPS) && !defined(QT_NO_LIBRARY) |
| 215 |
+ // fill in defaults from ppd file |
| 216 |
+ QCUPSSupport cups; |
| 217 |
+ |
| 218 |
+ int printernum = -1; |
| 219 |
+ for (int i = 0; i < cups.availablePrintersCount(); i++) { |
| 220 |
+ if (printerName().toLocal8Bit() == cups.availablePrinters()[i].name) |
| 221 |
+ printernum = i; |
| 222 |
+ } |
| 223 |
+ if (printernum >= 0) { |
| 224 |
+ cups.setCurrentPrinter(printernum); |
| 225 |
+ |
| 226 |
+ const ppd_option_t* duplex = cups.ppdOption("Duplex"); |
| 227 |
+ if (duplex) { |
| 228 |
+ // copy default ppd duplex to qt dialog |
| 229 |
+ if (qstrcmp(duplex->defchoice, "DuplexTumble") == 0) |
| 230 |
+ setDuplex(DuplexShortSide); |
| 231 |
+ else if (qstrcmp(duplex->defchoice, "DuplexNoTumble") == 0) |
| 232 |
+ setDuplex(DuplexLongSide); |
| 233 |
+ else |
| 234 |
+ setDuplex(DuplexNone); |
| 235 |
+ } |
| 236 |
+ |
| 237 |
+ if (cups.currentPPD()) { |
| 238 |
+ // set default color |
| 239 |
+ if (cups.currentPPD()->color_device) |
| 240 |
+ setColorMode(Color); |
| 241 |
+ else |
| 242 |
+ setColorMode(GrayScale); |
| 243 |
+ } |
| 244 |
+ |
| 245 |
+ // set collation |
| 246 |
+ const ppd_option_t *collate = cups.ppdOption("Collate"); |
| 247 |
+ if (collate) |
| 248 |
+ setCollateCopies(qstrcmp(collate->defchoice, "True")==0); |
| 249 |
+ } |
| 250 |
+#endif |
| 251 |
} |
| 252 |
|
| 253 |
/*! |
Archives