commit libqt4 for openSUSE:Factory

h_root Thu, 21 Feb 2013 05:56:15 -0800

Hello community,

here is the log from the commit of package libqt4 for openSUSE:Factory checked 
in at 2013-02-21 14:55:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqt4 (Old)
 and      /work/SRC/openSUSE:Factory/.libqt4.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libqt4", Maintainer is "[email protected]"

Changes:
--------
--- /work/SRC/openSUSE:Factory/libqt4/libqt4-devel-doc.changes  2013-01-20 
12:17:42.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libqt4.new/libqt4-devel-doc.changes     
2013-02-21 14:55:58.000000000 +0100
@@ -1,0 +2,6 @@
+Thu Feb 21 09:56:04 UTC 2013 - [email protected]
+
+- fix bnc#802634: information disclosure via QSharedMemory (CVE-2013-0254)
+  * libqt4-CVE-2013-0254.patch
+
+-------------------------------------------------------------------
libqt4-sql-plugins.changes: same change
libqt4.changes: same change

New:
----
  libqt4-CVE-2013-0254.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libqt4-devel-doc.spec ++++++
--- /var/tmp/diff_new_pack.h85jIh/_old  2013-02-21 14:56:10.000000000 +0100
+++ /var/tmp/diff_new_pack.h85jIh/_new  2013-02-21 14:56:10.000000000 +0100
@@ -105,6 +105,7 @@
 # PATCH-FIX-UPSTREAM  garbage-collect-deleted-objects.patch Fixes performance 
issues in apps which register 
 # and deregister objects very frequently (like nepomukstorage)
 Patch146:       garbage-collect-deleted-objects.patch
+Patch147:       libqt4-CVE-2013-0254.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
   %define common_options --opensource -fast -no-separate-debug-info -shared 
-xkb -openssl-linked -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama 
-sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups 
-stl -nis -system-zlib -prefix /usr -L %{_libdir} -libdir %{_libdir} -docdir 
%_docdir/%{base_name} -examplesdir %{_libdir}/qt4/examples -demosdir 
%{_libdir}/qt4/demos -plugindir %plugindir -translationdir 
%{_datadir}/qt4/translations -iconv -sysconfdir /etc/settings -datadir 
%{_datadir}/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib 
-optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support 
-no-sql-mysql -importdir %plugindir/imports  -xsync -xinput -gtkstyle
@@ -185,6 +186,7 @@
 %patch144 -p1
 %patch145 -p1
 %patch146 -p1
+%patch147 -p1
 # ### 47 rediff
 #%patch121 -p1
 # be sure not to use them

libqt4-sql-plugins.spec: same change
++++++ libqt4.spec ++++++
--- /var/tmp/diff_new_pack.h85jIh/_old  2013-02-21 14:56:10.000000000 +0100
+++ /var/tmp/diff_new_pack.h85jIh/_new  2013-02-21 14:56:10.000000000 +0100
@@ -123,6 +123,7 @@
 # PATCH-FIX-UPSTREAM  garbage-collect-deleted-objects.patch Fixes performance 
issues in apps which register 
 # and deregister objects very frequently (like nepomukstorage)
 Patch146:       garbage-collect-deleted-objects.patch
+Patch147:       libqt4-CVE-2013-0254.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
   %define common_options --opensource -fast -no-separate-debug-info -shared 
-xkb -openssl-linked -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama 
-sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups 
-stl -nis -system-zlib -prefix /usr -L %{_libdir} -libdir %{_libdir} -docdir 
%_docdir/%{base_name} -examplesdir %{_libdir}/qt4/examples -demosdir 
%{_libdir}/qt4/demos -plugindir %plugindir -translationdir 
%{_datadir}/qt4/translations -iconv -sysconfdir /etc/settings -datadir 
%{_datadir}/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib 
-optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support 
-no-sql-mysql -importdir %plugindir/imports  -xsync -xinput -gtkstyle
@@ -413,6 +414,7 @@
 %patch144 -p1
 %patch145 -p1
 %patch146 -p1
+%patch147 -p1
 # ### 47 rediff
 #%patch121 -p1
 # be sure not to use them



++++++ libqt4-CVE-2013-0254.patch ++++++
>From 57756e72adf2081137b97f0e689dd16c770d10b1 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <[email protected]>
Date: Sat, 22 Dec 2012 08:32:12 -0800
Subject: [PATCH] Change all shmget calls to user-only memory

Drop the read and write permissions for group and other users in the
system.

Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
Reviewed-by: Richard J. Moore <[email protected]>
(cherry picked from commit 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c)
---

>From 57756e72adf2081137b97f0e689dd16c770d10b1 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <[email protected]>
Date: Sat, 22 Dec 2012 08:32:12 -0800
Subject: [PATCH] Change all shmget calls to user-only memory

Drop the read and write permissions for group and other users in the
system.

Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
Reviewed-by: Richard J. Moore <[email protected]>
(cherry picked from commit 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c)
---

Index: 
qt-everywhere-opensource-src-4.8.4/src/corelib/kernel/qsharedmemory_unix.cpp
===================================================================
--- 
qt-everywhere-opensource-src-4.8.4.orig/src/corelib/kernel/qsharedmemory_unix.cpp
+++ qt-everywhere-opensource-src-4.8.4/src/corelib/kernel/qsharedmemory_unix.cpp
@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int si
     }
 
     // create
-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
+    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
         QString function = QLatin1String("QSharedMemory::create");
         switch (errno) {
         case EINVAL:
@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QShare
 {
 #ifndef QT_POSIX_IPC
     // grab the shared memory segment id
-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 
0660));
+    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 
0600));
     if (-1 == id) {
         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
         return false;
@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
     size = 0;
 
     // Get the number of current attachments
-    int id = shmget(unix_key, 0, 0444);
+    int id = shmget(unix_key, 0, 0400);
     cleanHandle();
 
     struct shmid_ds shmid_ds;
Index: 
qt-everywhere-opensource-src-4.8.4/src/corelib/kernel/qsystemsemaphore_unix.cpp
===================================================================
--- 
qt-everywhere-opensource-src-4.8.4.orig/src/corelib/kernel/qsystemsemaphore_unix.cpp
+++ 
qt-everywhere-opensource-src-4.8.4/src/corelib/kernel/qsystemsemaphore_unix.cpp
@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QS
     }
 
     // Get semaphore
-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
+    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
     if (-1 == semaphore) {
         if (errno == EEXIST)
-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
+            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
         if (-1 == semaphore) {
             setErrorString(QLatin1String("QSystemSemaphore::handle"));
             cleanHandle();
Index: qt-everywhere-opensource-src-4.8.4/src/gui/image/qnativeimage.cpp
===================================================================
--- qt-everywhere-opensource-src-4.8.4.orig/src/gui/image/qnativeimage.cpp
+++ qt-everywhere-opensource-src-4.8.4/src/gui/image/qnativeimage.cpp
@@ -176,7 +176,7 @@ QNativeImage::QNativeImage(int width, in
 
     bool ok;
     xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * 
xshmimg->height,
-                            IPC_CREAT | 0777);
+                            IPC_CREAT | 0700);
     ok = xshminfo.shmid != -1;
     if (ok) {
         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
Index: qt-everywhere-opensource-src-4.8.4/src/gui/image/qpixmap_x11.cpp
===================================================================
--- qt-everywhere-opensource-src-4.8.4.orig/src/gui/image/qpixmap_x11.cpp
+++ qt-everywhere-opensource-src-4.8.4/src/gui/image/qpixmap_x11.cpp
@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(cons
     bool ok;
     xshminfo.shmid = shmget(IPC_PRIVATE,
                              xshmimg->bytes_per_line * xshmimg->height,
-                             IPC_CREAT | 0777);
+                             IPC_CREAT | 0700);
     ok = xshminfo.shmid != -1;
     if (ok) {
         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
Index: qt-everywhere-opensource-src-4.8.4/tools/qvfb/qvfbshmem.cpp
===================================================================
--- qt-everywhere-opensource-src-4.8.4.orig/tools/qvfb/qvfbshmem.cpp
+++ qt-everywhere-opensource-src-4.8.4/tools/qvfb/qvfbshmem.cpp
@@ -176,13 +176,13 @@ QShMemViewProtocol::QShMemViewProtocol(i
     uint data_offset_value = sizeof(QVFbHeader);
 
     int dataSize = bpl * h + data_offset_value;
-    shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
     if (shmId != -1)
        data = (unsigned char *)shmat(shmId, 0, 0);
     else {
        struct shmid_ds shm;
        shmctl(shmId, IPC_RMID, &shm);
-       shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
        if (shmId == -1) {
             perror("QShMemViewProtocol::QShMemViewProtocol");
             qFatal("Cannot get shared memory 0x%08x", key);


-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

commit libqt4 for openSUSE:Factory

Reply via email to