diff options
Diffstat (limited to 'extra/qt')
| -rw-r--r-- | extra/qt/Drop-read-write-perms-for-users.patch | 145 | ||||
| -rw-r--r-- | extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch | 80 | ||||
| -rw-r--r-- | extra/qt/PKGBUILD | 16 |
3 files changed, 237 insertions, 4 deletions
diff --git a/extra/qt/Drop-read-write-perms-for-users.patch b/extra/qt/Drop-read-write-perms-for-users.patch new file mode 100644 index 000000000..c3f56e65e --- /dev/null +++ b/extra/qt/Drop-read-write-perms-for-users.patch @@ -0,0 +1,145 @@ +From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001 +From: Thiago Macieira <thiago.macieira@intel.com> +Date: Sat, 22 Dec 2012 08:32:12 -0800 +Subject: [PATCH] Change all shmget calls to user-only memory + +Drop the read and write permissions for group and other users in the +system. + +Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876 +(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5) +Reviewed-by: Richard J. Moore <rich@kde.org> +--- + src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++--- + src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++-- + src/gui/image/qnativeimage.cpp | 2 +- + src/gui/image/qpixmap_x11.cpp | 2 +- + src/plugins/platforms/xcb/qxcbwindowsurface.cpp | 2 +- + src/plugins/platforms/xlib/qxlibwindowsurface.cpp | 2 +- + .../auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp | 2 +- + tools/qvfb/qvfbshmem.cpp | 4 ++-- + 8 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp +index 20d76e3..4cf3acf 100644 +--- a/src/corelib/kernel/qsharedmemory_unix.cpp ++++ b/src/corelib/kernel/qsharedmemory_unix.cpp +@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size) + } + + // create +- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) { ++ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) { + QString function = QLatin1String("QSharedMemory::create"); + switch (errno) { + case EINVAL: +@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode) + { + #ifndef QT_POSIX_IPC + // grab the shared memory segment id +- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660)); ++ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600)); + if (-1 == id) { + setErrorString(QLatin1String("QSharedMemory::attach (shmget)")); + return false; +@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach() + size = 0; + + // Get the number of current attachments +- int id = shmget(unix_key, 0, 0444); ++ int id = shmget(unix_key, 0, 0400); + cleanHandle(); + + struct shmid_ds shmid_ds; +diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp +index fad9acc..e77456b 100644 +--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp ++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp +@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode) + } + + // Get semaphore +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL); + if (-1 == semaphore) { + if (errno == EEXIST) +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT); + if (-1 == semaphore) { + setErrorString(QLatin1String("QSystemSemaphore::handle")); + cleanHandle(); +diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp +index 9654afe..fef38c5 100644 +--- a/src/gui/image/qnativeimage.cpp ++++ b/src/gui/image/qnativeimage.cpp +@@ -176,7 +176,7 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /* + + bool ok; + xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * xshmimg->height, +- IPC_CREAT | 0777); ++ IPC_CREAT | 0700); + ok = xshminfo.shmid != -1; + if (ok) { + xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); +diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp +index 280d8bd..88c9b7b 100644 +--- a/src/gui/image/qpixmap_x11.cpp ++++ b/src/gui/image/qpixmap_x11.cpp +@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(const QPaintDevice* dev, int w, int h) + bool ok; + xshminfo.shmid = shmget(IPC_PRIVATE, + xshmimg->bytes_per_line * xshmimg->height, +- IPC_CREAT | 0777); ++ IPC_CREAT | 0700); + ok = xshminfo.shmid != -1; + if (ok) { + xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0); +diff --git a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp +index b6a42d8..0d56821 100644 +--- a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp ++++ b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp +@@ -98,7 +98,7 @@ QXcbShmImage::QXcbShmImage(QXcbScreen *screen, const QSize &size, uint depth, QI + 0); + + m_shm_info.shmid = shmget (IPC_PRIVATE, +- m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0777); ++ m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0600); + + m_shm_info.shmaddr = m_xcb_image->data = (quint8 *)shmat (m_shm_info.shmid, 0, 0); + m_shm_info.shmseg = xcb_generate_id(xcb_connection()); +diff --git a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp +index bf003eb..46a2f97 100644 +--- a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp ++++ b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp +@@ -99,7 +99,7 @@ void QXlibWindowSurface::resizeShmImage(int width, int height) + + + image_info->shminfo.shmid = shmget (IPC_PRIVATE, +- image->bytes_per_line * image->height, IPC_CREAT|0777); ++ image->bytes_per_line * image->height, IPC_CREAT|0700); + + image_info->shminfo.shmaddr = image->data = (char*)shmat (image_info->shminfo.shmid, 0, 0); + image_info->shminfo.readOnly = False; +diff --git a/tools/qvfb/qvfbshmem.cpp b/tools/qvfb/qvfbshmem.cpp +index 7f9671f..84b6ebe 100644 +--- a/tools/qvfb/qvfbshmem.cpp ++++ b/tools/qvfb/qvfbshmem.cpp +@@ -176,13 +176,13 @@ QShMemViewProtocol::QShMemViewProtocol(int displayid, const QSize &s, + uint data_offset_value = sizeof(QVFbHeader); + + int dataSize = bpl * h + data_offset_value; +- shmId = shmget(key, dataSize, IPC_CREAT | 0666); ++ shmId = shmget(key, dataSize, IPC_CREAT | 0600); + if (shmId != -1) + data = (unsigned char *)shmat(shmId, 0, 0); + else { + struct shmid_ds shm; + shmctl(shmId, IPC_RMID, &shm); +- shmId = shmget(key, dataSize, IPC_CREAT | 0666); ++ shmId = shmget(key, dataSize, IPC_CREAT | 0600); + if (shmId == -1) { + perror("QShMemViewProtocol::QShMemViewProtocol"); + qFatal("Cannot get shared memory 0x%08x", key); +-- +1.7.1 + diff --git a/extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch b/extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch new file mode 100644 index 000000000..5f56edd8d --- /dev/null +++ b/extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch @@ -0,0 +1,80 @@ +From 691e78e5061d4cbc0de212d23b06c5dffddf2098 Mon Sep 17 00:00:00 2001 +From: Shane Kearns <dbgshane@gmail.com> +Date: Thu, 6 Dec 2012 17:03:18 +0000 +Subject: [PATCH 54/79] Fix binary incompatibility between openssl versions + +OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0 +So we have to consider this struct as private implementation, and use +the access functions instead. + +This bug would cause certificate verification problems if a different +version of openssl is loaded at runtime to the headers Qt was compiled +against. + +Task-number: QTBUG-28343 +Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258 +Reviewed-by: Richard J. Moore <rich@kde.org> +(cherry picked from commit eb2688c4c4f257d0a4d978ba4bf57d6347b15252) +--- + src/network/ssl/qsslsocket_openssl.cpp | 2 +- + src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++ + src/network/ssl/qsslsocket_openssl_symbols_p.h | 4 ++++ + 3 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index b7ca290..e912abac 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -236,7 +236,7 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx) + { + if (!ok) { + // Store the error and at which depth the error was detected. +- _q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth); ++ _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx)); + } + // Always return OK to allow verification to continue. We're handle the + // errors gracefully after collecting all errors, after verification has +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index 2d6a25b..2e6ccd0 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -267,6 +267,10 @@ DEFINEFUNC2(int, X509_STORE_add_cert, X509_STORE *a, a, X509 *b, b, return 0, re + DEFINEFUNC(void, X509_STORE_CTX_free, X509_STORE_CTX *a, a, return, DUMMYARG) + DEFINEFUNC4(int, X509_STORE_CTX_init, X509_STORE_CTX *a, a, X509_STORE *b, b, X509 *c, c, STACK_OF(X509) *d, d, return -1, return) + DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, return -1, return) ++DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) ++DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) ++DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) + DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) + #ifdef SSLEAY_MACROS + DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) +@@ -832,6 +836,10 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(X509_STORE_CTX_init) + RESOLVEFUNC(X509_STORE_CTX_new) + RESOLVEFUNC(X509_STORE_CTX_set_purpose) ++ RESOLVEFUNC(X509_STORE_CTX_get_error) ++ RESOLVEFUNC(X509_STORE_CTX_get_error_depth) ++ RESOLVEFUNC(X509_STORE_CTX_get_current_cert) ++ RESOLVEFUNC(X509_STORE_CTX_get_chain) + RESOLVEFUNC(X509_cmp) + #ifndef SSLEAY_MACROS + RESOLVEFUNC(X509_dup) +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index fa9a157..87f3697 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -374,6 +374,10 @@ int q_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); + X509_STORE_CTX *q_X509_STORE_CTX_new(); + int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); ++int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); ++int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); ++X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); ++STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + + #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) + #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +-- +1.8.0.2 + diff --git a/extra/qt/PKGBUILD b/extra/qt/PKGBUILD index f55d78823..80c9f2acc 100644 --- a/extra/qt/PKGBUILD +++ b/extra/qt/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 175874 2013-01-23 00:13:11Z eric $ +# $Id: PKGBUILD 177062 2013-02-05 13:17:20Z andrea $ # Maintainer: Andrea Scarpino <andrea@archlinux.org> # Contributor: Pierre Schmitz <pierre@archlinux.de> pkgbase=qt pkgname=('qt' 'qt-private-headers') pkgver=4.8.4 -pkgrel=2 +pkgrel=3 arch=('i686' 'x86_64' 'mips64el') url='http://qt-project.org/' license=('GPL3' 'LGPL') @@ -21,7 +21,9 @@ source=("http://releases.qt-project.org/qt4/source/${_pkgfqn}.tar.gz" 'qtconfig.desktop' 'improve-cups-support.patch' 'declarative-fix-sigbus.patch' - 'fix-crash-in-assistant.patch') + 'fix-crash-in-assistant.patch' + 'Fix-binary-incompatibility-between-openssl-versions.patch' + 'Drop-read-write-perms-for-users.patch') md5sums=('89c5ecba180cae74c66260ac732dc5cb' 'f1837a03fd0ebbd2da58975845f278e3' '480fea1ed076992b688373c8db274be0' @@ -29,7 +31,9 @@ md5sums=('89c5ecba180cae74c66260ac732dc5cb' '824a3b77a25e98567f640e0441ccdebc' 'c439c7731c25387352d8453ca7574971' 'aac963d05a9d5733e2bfce9e26607f51' - '57590084078b6379f0501f7728b02ae2') + '57590084078b6379f0501f7728b02ae2' + 'abd18c8a71e08167270b8ec6de61254a' + 'db29b7dd44c56f6026b53b57bbfd9ea3') build() { cd ${_pkgfqn} @@ -43,6 +47,10 @@ build() { # (FS#29469) patch -p1 -i "${srcdir}"/fix-crash-in-assistant.patch + # Security fixes + patch -p1 -i "${srcdir}"/Fix-binary-incompatibility-between-openssl-versions.patch + patch -p1 -i "${srcdir}"/Drop-read-write-perms-for-users.patch + export QT4DIR="${srcdir}"/${_pkgfqn} export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH} |