commit mumble for openSUSE:12.1:Update:Test

Mon, 20 Feb 2012 09:17:38 -0800 

Hello community,

here is the log from the commit of package mumble for openSUSE:12.1:Update:Test 
checked in at 2012-02-20 18:11:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update:Test/mumble (Old)
 and      /work/SRC/openSUSE:12.1:Update:Test/.mumble.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mumble", Maintainer is ""

Changes:
--------
--- /work/SRC/openSUSE:12.1:Update:Test/mumble/mumble.changes   2012-02-20 
18:11:08.000000000 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.mumble.new/mumble.changes      
2012-02-20 18:11:09.000000000 +0100
@@ -1,0 +2,11 @@
+Mon Feb 20 08:49:15 UTC 2012 - [email protected]
+
+- remove read permissions for other users on local sqlite database
+  as it may contain passwords (bnc#747833, CVE-2012-0863)
+
+-------------------------------------------------------------------
+Mon Feb 13 14:00:57 UTC 2012 - [email protected]
+
+- don't add built-in CA certificates (bnc#660784)
+
+-------------------------------------------------------------------

New:
----
  0001-Explicitly-remove-file-permissions-for-settings-and-D.diff
  mumble-1.2.3-nohardcodedcas.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mumble.spec ++++++
--- /var/tmp/diff_new_pack.UQ9FSC/_old  2012-02-20 18:11:09.000000000 +0100
+++ /var/tmp/diff_new_pack.UQ9FSC/_new  2012-02-20 18:11:09.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package mumble
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -88,7 +88,7 @@
 %endif
 Version:        1.2.3%{?snapshot:_%snapshot}
 Release:        1
-License:        BSD3c
+License:        BSD-3-Clause
 Group:          Productivity/Multimedia/Sound/Utilities
 %if 0%{!?snapshot:1}
 Source:         
http://downloads.sourceforge.net/project/mumble/Mumble/%{version}/mumble-%{version}.tar.gz
@@ -102,6 +102,8 @@
 Patch3:         0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff
 Patch4:         0001-remove-CAP_NET_ADMIN.diff
 Patch5:         0001-fix-bonjour-support-using-avahi-compat-lib.diff
+Patch6:         mumble-1.2.3-nohardcodedcas.diff
+Patch7:         0001-Explicitly-remove-file-permissions-for-settings-and-D.diff
 Patch50:        mumble-1.2.2-buildcompare.diff
 # hack, no clue about glx so no idea to fix this properly
 Patch99:        mumble-1.1.4-sle10glx.diff
@@ -147,7 +149,7 @@
 won't be audible to other players.
 
 %package server
-License:        BSD3c
+License:        BSD-3-Clause
 Summary:        Voice Communication Server for Gamers
 Group:          Productivity/Multimedia/Sound/Utilities
 Requires:       qt-sql-sqlite
@@ -171,6 +173,8 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
 #
 %patch50 -p1
 %if 0%{?suse_version} && 0%{?suse_version} < 1020
@@ -229,7 +233,7 @@
        DEFINES*=PLUGIN_PATH=%{_libdir}/mumble/plugins \
        CONFIG*=packaged \
 %if 0%{?suse_version}
-       DEFINES*=SYSTEM_CA_DIR=/etc/ssl/certs \
+       DEFINES*=NO_SYSTEM_CA_OVERRIDE \
 %endif
        CONFIG*=no-g15 \
        CONFIG*=no-embed-qt-translations \

++++++ 0001-Explicitly-remove-file-permissions-for-settings-and-D.diff ++++++
>From cc52dd435e281f008866439b9eb5565729bd1956 Mon Sep 17 00:00:00 2001
From: Thorvald Natvig <[email protected]>
Date: Fri, 27 May 2011 16:59:15 -0700
Subject: [PATCH mumble] Explicitly remove file permissions for settings and
 DB

---
 src/mumble/Database.cpp |    5 +++++
 src/mumble/Settings.cpp |   11 +++++++++++
 2 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/src/mumble/Database.cpp b/src/mumble/Database.cpp
index 6c4d940..5caed38 100644
--- a/src/mumble/Database.cpp
+++ b/src/mumble/Database.cpp
@@ -92,6 +92,11 @@ Database::Database() {
                qWarning("Database: Database is read-only");
        }
 
+       {
+               QFile f(db.databaseName());
+               f.setPermissions(f.permissions() & ~(QFile::ReadGroup | 
QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | 
QFile::ExeOther));
+       }
+
        QSqlQuery query;
 
        query.exec(QLatin1String("CREATE TABLE IF NOT EXISTS `servers` (`id` 
INTEGER PRIMARY KEY AUTOINCREMENT, `name` TEXT, `hostname` TEXT, `port` INTEGER 
DEFAULT 64738, `username` TEXT, `password` TEXT)"));
diff --git a/src/mumble/Settings.cpp b/src/mumble/Settings.cpp
index 5ebbc53..df9d7f3 100644
--- a/src/mumble/Settings.cpp
+++ b/src/mumble/Settings.cpp
@@ -698,6 +698,17 @@ void OverlaySettings::save() {
 void OverlaySettings::save(QSettings* settings_ptr) {
        OverlaySettings def;
 
+       settings_ptr->setValue(QLatin1String("version"), 
QLatin1String(MUMTEXT(MUMBLE_VERSION_STRING)));
+       settings_ptr->sync();
+
+#if defined(Q_OS_WIN) || defined(Q_OS_MAC)
+       if (settings_ptr->format() == QSettings::IniFormat)
+#endif
+        {
+               QFile f(settings_ptr->fileName());
+               f.setPermissions(f.permissions() & ~(QFile::ReadGroup | 
QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | 
QFile::ExeOther));
+        }
+
        SAVELOAD(bEnable, "enable");
 
        SAVELOAD(osShow, "show");
-- 
1.7.7

++++++ mumble-1.2.3-nohardcodedcas.diff ++++++
>From b7fb70c101dd6afff86173f3f5dcb6d99376d11e Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <[email protected]>
Date: Mon, 13 Feb 2012 14:42:05 +0100
Subject: [PATCH mumble] don't add hardcoded CA's if NO_SYSTEM_CA_OVERRIDE is
 defined

actually mumble better should never add hardcoded CA certificates,
you never know which one is next to be shut down
---
 src/SSL.cpp |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/SSL.cpp b/src/SSL.cpp
index ab9f0c8..40aaf13 100644
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -36,6 +36,7 @@
 
 /* CAs we recommend to end users, so support these */
 
+#if QT_VERSION < 0x040700 && !defined(NO_SYSTEM_CA_OVERRIDE)
 static const char *recommended_cas[] = {
        /* StartSSL */
        "-----BEGIN CERTIFICATE-----\n"
@@ -143,6 +144,7 @@ static const char *recommended_cas[] = {
 
 
 };
+#endif // NO_SYSTEM_CA_OVERRIDE
 
 
 void MumbleSSL::addSystemCA() {
@@ -252,7 +254,6 @@ void MumbleSSL::addSystemCA() {
                }
        }
        QSslSocket::setDefaultCaCertificates(ql);
-#endif // NO_SYSTEM_CA_OVERRIDE
 
        for (unsigned int 
i=0;i<sizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) {
                QSslCertificate cert(recommended_cas[i]);
@@ -261,4 +262,5 @@ void MumbleSSL::addSystemCA() {
                        
QSslSocket::addDefaultCaCertificates(QList<QSslCertificate>() << cert);
                }
        }
+#endif // NO_SYSTEM_CA_OVERRIDE
 }
-- 
1.7.7


-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to