extra/qt to 4.8.4-3

2025-03-19 00:21:40 +00:00 · 2013-02-05 16:18:44 +00:00 · 2013-02-05 16:18:44 +00:00 · 9e4610ec04
commit 9e4610ec04
parent c69d15c10d
4 changed files with 238 additions and 5 deletions
--- a/extra/chromium/PKGBUILD
+++ b/extra/chromium/PKGBUILD
@ -15,7 +15,7 @@
 buildarch=4

 pkgname=chromium
-pkgver=24.0.1312.57
+pkgver=24.0.1312.68
 pkgrel=1
 pkgdesc="The open-source project behind Google Chrome, an attempt at creating a safer, faster, and more stable browser"
 arch=('i686' 'x86_64')
@ -40,7 +40,7 @@ source=(http://commondatastorage.googleapis.com/chromium-browser-official/$pkgna
        chromium-20.0.1132.57-glib-2.16-use-siginfo_t.patch
        chromium-ppapi-r0.patch
        chromium-no-pnacl-r0.patch)
-sha256sums=('a2cad6470c643e0399ccd081cdc1bf293510aba174331a10857cc426fe71d5b1'
+sha256sums=('f97e4064cca3f99365d6c3efbf446b7b89cd46e4c5d5cf50f8748b36233a71d8'
            '09bfac44104f4ccda4c228053f689c947b3e97da9a4ab6fa34ce061ee83d0322'
            '478340d5760a9bd6c549e19b1b5d1c5b4933ebf5f8cfb2b3e2d70d07443fe232'
            '4999fded897af692f4974f0a3e3bbb215193519918a1fa9b31ed51e74a2dccb9'
--- a/extra/qt/Drop-read-write-perms-for-users.patch
+++ b/extra/qt/Drop-read-write-perms-for-users.patch
@ -0,0 +1,145 @@
+From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001
+From: Thiago Macieira <thiago.macieira@intel.com>
+Date: Sat, 22 Dec 2012 08:32:12 -0800
+Subject: [PATCH] Change all shmget calls to user-only memory
+
+Drop the read and write permissions for group and other users in the
+system.
+
+Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
+(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/corelib/kernel/qsharedmemory_unix.cpp          |    6 +++---
+ src/corelib/kernel/qsystemsemaphore_unix.cpp       |    4 ++--
+ src/gui/image/qnativeimage.cpp                     |    2 +-
+ src/gui/image/qpixmap_x11.cpp                      |    2 +-
+ src/plugins/platforms/xcb/qxcbwindowsurface.cpp    |    2 +-
+ src/plugins/platforms/xlib/qxlibwindowsurface.cpp  |    2 +-
+ .../auto/qtipc/qsharedmemory/tst_qsharedmemory.cpp |    2 +-
+ tools/qvfb/qvfbshmem.cpp                           |    4 ++--
+ 8 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
+index 20d76e3..4cf3acf 100644
+--- a/src/corelib/kernel/qsharedmemory_unix.cpp
+++ b/src/corelib/kernel/qsharedmemory_unix.cpp
+@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size)
+     }
+ 
+     // create
+-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
+    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
+         QString function = QLatin1String("QSharedMemory::create");
+         switch (errno) {
+         case EINVAL:
+@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
+ {
+ #ifndef QT_POSIX_IPC
+     // grab the shared memory segment id
+-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
+    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
+     if (-1 == id) {
+         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
+         return false;
+@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
+     size = 0;
+ 
+     // Get the number of current attachments
+-    int id = shmget(unix_key, 0, 0444);
+    int id = shmget(unix_key, 0, 0400);
+     cleanHandle();
+ 
+     struct shmid_ds shmid_ds;
+diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+index fad9acc..e77456b 100644
+--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
+++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
+     }
+ 
+     // Get semaphore
+-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
+    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
+     if (-1 == semaphore) {
+         if (errno == EEXIST)
+-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
+            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
+         if (-1 == semaphore) {
+             setErrorString(QLatin1String("QSystemSemaphore::handle"));
+             cleanHandle();
+diff --git a/src/gui/image/qnativeimage.cpp b/src/gui/image/qnativeimage.cpp
+index 9654afe..fef38c5 100644
+--- a/src/gui/image/qnativeimage.cpp
+++ b/src/gui/image/qnativeimage.cpp
+@@ -176,7 +176,7 @@ QNativeImage::QNativeImage(int width, int height, QImage::Format format,bool /*
+ 
+     bool ok;
+     xshminfo.shmid = shmget(IPC_PRIVATE, xshmimg->bytes_per_line * xshmimg->height,
+-                            IPC_CREAT | 0777);
+                            IPC_CREAT | 0700);
+     ok = xshminfo.shmid != -1;
+     if (ok) {
+         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
+diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp
+index 280d8bd..88c9b7b 100644
+--- a/src/gui/image/qpixmap_x11.cpp
+++ b/src/gui/image/qpixmap_x11.cpp
+@@ -193,7 +193,7 @@ static bool qt_create_mitshm_buffer(const QPaintDevice* dev, int w, int h)
+     bool ok;
+     xshminfo.shmid = shmget(IPC_PRIVATE,
+                              xshmimg->bytes_per_line * xshmimg->height,
+-                             IPC_CREAT | 0777);
+                             IPC_CREAT | 0700);
+     ok = xshminfo.shmid != -1;
+     if (ok) {
+         xshmimg->data = (char*)shmat(xshminfo.shmid, 0, 0);
+diff --git a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp
+index b6a42d8..0d56821 100644
+--- a/src/plugins/platforms/xcb/qxcbwindowsurface.cpp
+++ b/src/plugins/platforms/xcb/qxcbwindowsurface.cpp
+@@ -98,7 +98,7 @@ QXcbShmImage::QXcbShmImage(QXcbScreen *screen, const QSize &size, uint depth, QI
+                                           0);
+ 
+     m_shm_info.shmid = shmget (IPC_PRIVATE,
+-          m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0777);
+          m_xcb_image->stride * m_xcb_image->height, IPC_CREAT|0600);
+ 
+     m_shm_info.shmaddr = m_xcb_image->data = (quint8 *)shmat (m_shm_info.shmid, 0, 0);
+     m_shm_info.shmseg = xcb_generate_id(xcb_connection());
+diff --git a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp
+index bf003eb..46a2f97 100644
+--- a/src/plugins/platforms/xlib/qxlibwindowsurface.cpp
+++ b/src/plugins/platforms/xlib/qxlibwindowsurface.cpp
+@@ -99,7 +99,7 @@ void QXlibWindowSurface::resizeShmImage(int width, int height)
+ 
+ 
+     image_info->shminfo.shmid = shmget (IPC_PRIVATE,
+-          image->bytes_per_line * image->height, IPC_CREAT|0777);
+          image->bytes_per_line * image->height, IPC_CREAT|0700);
+ 
+     image_info->shminfo.shmaddr = image->data = (char*)shmat (image_info->shminfo.shmid, 0, 0);
+     image_info->shminfo.readOnly = False;
+diff --git a/tools/qvfb/qvfbshmem.cpp b/tools/qvfb/qvfbshmem.cpp
+index 7f9671f..84b6ebe 100644
+--- a/tools/qvfb/qvfbshmem.cpp
+++ b/tools/qvfb/qvfbshmem.cpp
+@@ -176,13 +176,13 @@ QShMemViewProtocol::QShMemViewProtocol(int displayid, const QSize &s,
+     uint data_offset_value = sizeof(QVFbHeader);
+ 
+     int dataSize = bpl * h + data_offset_value;
+-    shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
+     if (shmId != -1)
+ 	data = (unsigned char *)shmat(shmId, 0, 0);
+     else {
+ 	struct shmid_ds shm;
+ 	shmctl(shmId, IPC_RMID, &shm);
+-	shmId = shmget(key, dataSize, IPC_CREAT | 0666);
+    shmId = shmget(key, dataSize, IPC_CREAT | 0600);
+ 	if (shmId == -1) {
+             perror("QShMemViewProtocol::QShMemViewProtocol");
+             qFatal("Cannot get shared memory 0x%08x", key);
+-- 
+1.7.1
+
--- a/extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch
+++ b/extra/qt/Fix-binary-incompatibility-between-openssl-versions.patch
@ -0,0 +1,80 @@
+From 691e78e5061d4cbc0de212d23b06c5dffddf2098 Mon Sep 17 00:00:00 2001
+From: Shane Kearns <dbgshane@gmail.com>
+Date: Thu, 6 Dec 2012 17:03:18 +0000
+Subject: [PATCH 54/79] Fix binary incompatibility between openssl versions
+
+OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
+So we have to consider this struct as private implementation, and use
+the access functions instead.
+
+This bug would cause certificate verification problems if a different
+version of openssl is loaded at runtime to the headers Qt was compiled
+against.
+
+Task-number: QTBUG-28343
+Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
+Reviewed-by: Richard J. Moore <rich@kde.org>
+(cherry picked from commit eb2688c4c4f257d0a4d978ba4bf57d6347b15252)
+---
+ src/network/ssl/qsslsocket_openssl.cpp         | 2 +-
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++
+ src/network/ssl/qsslsocket_openssl_symbols_p.h | 4 ++++
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index b7ca290..e912abac 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -236,7 +236,7 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx)
+ {
+     if (!ok) {
+         // Store the error and at which depth the error was detected.
+-        _q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth);
+        _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
+     }
+     // Always return OK to allow verification to continue. We're handle the
+     // errors gracefully after collecting all errors, after verification has
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 2d6a25b..2e6ccd0 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -267,6 +267,10 @@ DEFINEFUNC2(int, X509_STORE_add_cert, X509_STORE *a, a, X509 *b, b, return 0, re
+ DEFINEFUNC(void, X509_STORE_CTX_free, X509_STORE_CTX *a, a, return, DUMMYARG)
+ DEFINEFUNC4(int, X509_STORE_CTX_init, X509_STORE_CTX *a, a, X509_STORE *b, b, X509 *c, c, STACK_OF(X509) *d, d, return -1, return)
+ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, return -1, return)
+DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return)
+DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return)
+DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return)
+DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return)
+ DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return)
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return)
+@@ -832,6 +836,10 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(X509_STORE_CTX_init)
+     RESOLVEFUNC(X509_STORE_CTX_new)
+     RESOLVEFUNC(X509_STORE_CTX_set_purpose)
+    RESOLVEFUNC(X509_STORE_CTX_get_error)
+    RESOLVEFUNC(X509_STORE_CTX_get_error_depth)
+    RESOLVEFUNC(X509_STORE_CTX_get_current_cert)
+    RESOLVEFUNC(X509_STORE_CTX_get_chain)
+     RESOLVEFUNC(X509_cmp)
+ #ifndef SSLEAY_MACROS
+     RESOLVEFUNC(X509_dup)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index fa9a157..87f3697 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -374,6 +374,10 @@ int q_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                           X509 *x509, STACK_OF(X509) *chain);
+ X509_STORE_CTX *q_X509_STORE_CTX_new();
+ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+ 
+ #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+ #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+-- 
+1.8.0.2
+
--- a/extra/qt/PKGBUILD
+++ b/extra/qt/PKGBUILD
@ -13,7 +13,7 @@
 pkgbase=qt
 pkgname=('qt' 'qt-private-headers')
 pkgver=4.8.4
-pkgrel=2
+pkgrel=3
 arch=('i686' 'x86_64')
 url='http://qt-project.org/'
 license=('GPL3' 'LGPL')
@ -27,14 +27,18 @@ source=("http://releases.qt-project.org/qt4/source/${_pkgfqn}.tar.gz"
        'assistant.desktop' 'designer.desktop' 'linguist.desktop'
        'qtconfig.desktop'
        'improve-cups-support.patch'
-        'fix-crash-in-assistant.patch')
+        'fix-crash-in-assistant.patch'
+        'Fix-binary-incompatibility-between-openssl-versions.patch'
+        'Drop-read-write-perms-for-users.patch')
 md5sums=('89c5ecba180cae74c66260ac732dc5cb'
         'f1837a03fd0ebbd2da58975845f278e3'
         '480fea1ed076992b688373c8db274be0'
         '5595c24d5bb942c21e3a4d299e6d0bf1'
         '824a3b77a25e98567f640e0441ccdebc'
         'c439c7731c25387352d8453ca7574971'
-         '57590084078b6379f0501f7728b02ae2')
+         '57590084078b6379f0501f7728b02ae2'
+         'abd18c8a71e08167270b8ec6de61254a'
+         'db29b7dd44c56f6026b53b57bbfd9ea3')

 build() {
  cd ${_pkgfqn}
@ -44,6 +48,10 @@ build() {

  patch -p1 -i "${srcdir}"/fix-crash-in-assistant.patch

+  # Security fixes
+  patch -p1 -i "${srcdir}"/Fix-binary-incompatibility-between-openssl-versions.patch
+  patch -p1 -i "${srcdir}"/Drop-read-write-perms-for-users.patch
+
  export QT4DIR="${srcdir}"/${_pkgfqn}
  export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH}