From a8f153267c4f1c2fa7428096cf626b2a631033f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 18 Jun 2013 13:55:22 +0200 Subject: [PATCH] qt48: security fix for CVE-2013-0254 Taken from Gentoo. --- .../libraries/qt-4.x/4.8/CVE-2013-0254.patch | 66 +++++++++++++++++++ .../libraries/qt-4.x/4.8/default.nix | 3 +- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch diff --git a/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch b/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch new file mode 100644 index 000000000000..48cc05f1800d --- /dev/null +++ b/pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch @@ -0,0 +1,66 @@ +From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Sat, 22 Dec 2012 08:32:12 -0800 +Subject: [PATCH] Change all shmget calls to user-only memory + +Drop the read and write permissions for group and other users in the +system. + +Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876 +(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5) +Reviewed-by: Richard J. Moore +--- + src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++--- + src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++-- + +diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp +index 20d76e3..4cf3acf 100644 +--- a/src/corelib/kernel/qsharedmemory_unix.cpp ++++ b/src/corelib/kernel/qsharedmemory_unix.cpp +@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size) + } + + // create +- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) { ++ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) { + QString function = QLatin1String("QSharedMemory::create"); + switch (errno) { + case EINVAL: +@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode) + { + #ifndef QT_POSIX_IPC + // grab the shared memory segment id +- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660)); ++ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600)); + if (-1 == id) { + setErrorString(QLatin1String("QSharedMemory::attach (shmget)")); + return false; +@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach() + size = 0; + + // Get the number of current attachments +- int id = shmget(unix_key, 0, 0444); ++ int id = shmget(unix_key, 0, 0400); + cleanHandle(); + + struct shmid_ds shmid_ds; +diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp +index fad9acc..e77456b 100644 +--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp ++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp +@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode) + } + + // Get semaphore +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL); + if (-1 == semaphore) { + if (errno == EEXIST) +- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT); ++ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT); + if (-1 == semaphore) { + setErrorString(QLatin1String("QSystemSemaphore::handle")); + cleanHandle(); +-- +1.7.1 + diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix index d0e23e596885..ccd01dd5d79e 100644 --- a/pkgs/development/libraries/qt-4.x/4.8/default.nix +++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix @@ -39,6 +39,7 @@ stdenv.mkDerivation rec { patches = [ ./glib-2.32.patch + ./CVE-2013-0254.patch (substituteAll { src = ./dlopen-absolute-paths.diff; inherit cups icu libXfixes; @@ -150,6 +151,6 @@ stdenv.mkDerivation rec { description = "A cross-platform application framework for C++"; license = "GPL/LGPL"; maintainers = with maintainers; [ urkud sander phreedom ]; - platforms = platforms.linux; + platforms = platforms.all; }; }