Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at 2012-02-21 12:22:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mumble (Old) and /work/SRC/openSUSE:Factory/.mumble.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mumble", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/mumble/mumble.changes 2012-02-16 10:06:20.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mumble.new/mumble.changes 2012-02-21 12:22:02.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 20 08:49:15 UTC 2012 - [email protected] + +- remove read permissions for other users on local sqlite database + as it may contain passwords (bnc#747833, CVE-2012-0863) + +------------------------------------------------------------------- New: ---- 0001-Explicitly-remove-file-permissions-for-settings-and-D.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.ogLjDo/_old 2012-02-21 12:22:05.000000000 +0100 +++ /var/tmp/diff_new_pack.ogLjDo/_new 2012-02-21 12:22:05.000000000 +0100 @@ -103,6 +103,7 @@ Patch4: 0001-remove-CAP_NET_ADMIN.diff Patch5: 0001-fix-bonjour-support-using-avahi-compat-lib.diff Patch6: mumble-1.2.3-nohardcodedcas.diff +Patch7: 0001-Explicitly-remove-file-permissions-for-settings-and-D.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -173,6 +174,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 ++++++ 0001-Explicitly-remove-file-permissions-for-settings-and-D.diff ++++++ >From cc52dd435e281f008866439b9eb5565729bd1956 Mon Sep 17 00:00:00 2001 From: Thorvald Natvig <[email protected]> Date: Fri, 27 May 2011 16:59:15 -0700 Subject: [PATCH mumble] Explicitly remove file permissions for settings and DB --- src/mumble/Database.cpp | 5 +++++ src/mumble/Settings.cpp | 11 +++++++++++ 2 files changed, 16 insertions(+), 0 deletions(-) diff --git a/src/mumble/Database.cpp b/src/mumble/Database.cpp index 6c4d940..5caed38 100644 --- a/src/mumble/Database.cpp +++ b/src/mumble/Database.cpp @@ -92,6 +92,11 @@ Database::Database() { qWarning("Database: Database is read-only"); } + { + QFile f(db.databaseName()); + f.setPermissions(f.permissions() & ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther)); + } + QSqlQuery query; query.exec(QLatin1String("CREATE TABLE IF NOT EXISTS `servers` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `name` TEXT, `hostname` TEXT, `port` INTEGER DEFAULT 64738, `username` TEXT, `password` TEXT)")); diff --git a/src/mumble/Settings.cpp b/src/mumble/Settings.cpp index 5ebbc53..df9d7f3 100644 --- a/src/mumble/Settings.cpp +++ b/src/mumble/Settings.cpp @@ -698,6 +698,17 @@ void OverlaySettings::save() { void OverlaySettings::save(QSettings* settings_ptr) { OverlaySettings def; + settings_ptr->setValue(QLatin1String("version"), QLatin1String(MUMTEXT(MUMBLE_VERSION_STRING))); + settings_ptr->sync(); + +#if defined(Q_OS_WIN) || defined(Q_OS_MAC) + if (settings_ptr->format() == QSettings::IniFormat) +#endif + { + QFile f(settings_ptr->fileName()); + f.setPermissions(f.permissions() & ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther)); + } + SAVELOAD(bEnable, "enable"); SAVELOAD(osShow, "show"); -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
