mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 14:41:17 +00:00
Code Issues Wiki Activity

qt48: security fix for CVE-2013-0254

Browse source 
Taken from Gentoo.
This commit is contained in:
Vladimír Čunát 2013-06-18 13:55:22 +02:00
parent d815e5eba2
commit a8f153267c
2 changed files with 68 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
pkgs/development/libraries/qt-4.x/4.8/CVE-2013-0254.patch Normal file
View file

@ -0,0 +1,66 @@
From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Sat, 22 Dec 2012 08:32:12 -0800
Subject: [PATCH] Change all shmget calls to user-only memory
Drop the read and write permissions for group and other users in the
system.
Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
Reviewed-by: Richard J. Moore <rich@kde.org>
---
src/corelib/kernel/qsharedmemory_unix.cpp | 6 +++---
src/corelib/kernel/qsystemsemaphore_unix.cpp | 4 ++--
diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
index 20d76e3..4cf3acf 100644
--- a/src/corelib/kernel/qsharedmemory_unix.cpp
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp
@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size)
}
// create
- if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
+ if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
QString function = QLatin1String("QSharedMemory::create");
switch (errno) {
case EINVAL:
@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
{
#ifndef QT_POSIX_IPC
// grab the shared memory segment id
- int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
+ int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
if (-1 == id) {
setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
return false;
@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
size = 0;
// Get the number of current attachments
- int id = shmget(unix_key, 0, 0444);
+ int id = shmget(unix_key, 0, 0400);
cleanHandle();
struct shmid_ds shmid_ds;
diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
index fad9acc..e77456b 100644
--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
+++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
}
// Get semaphore
- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
+ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
if (-1 == semaphore) {
if (errno == EEXIST)
- semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
+ semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
if (-1 == semaphore) {
setErrorString(QLatin1String("QSystemSemaphore::handle"));
cleanHandle();
--
1.7.1

3
pkgs/development/libraries/qt-4.x/4.8/default.nix
View file

@ -39,6 +39,7 @@ stdenv.mkDerivation rec {
patches = patches =
[ ./glib-2.32.patch [ ./glib-2.32.patch
./CVE-2013-0254.patch
(substituteAll { (substituteAll {
src = ./dlopen-absolute-paths.diff; src = ./dlopen-absolute-paths.diff;
inherit cups icu libXfixes; inherit cups icu libXfixes;
@ -150,6 +151,6 @@ stdenv.mkDerivation rec {
description = "A cross-platform application framework for C++"; description = "A cross-platform application framework for C++";
license = "GPL/LGPL"; license = "GPL/LGPL";
maintainers = with maintainers; [ urkud sander phreedom ]; maintainers = with maintainers; [ urkud sander phreedom ];
platforms = platforms.linux; platforms = platforms.all;
}; };
} }