From dfdc39e84a54ce048e2ef5c25b970819e1ef2db1 Mon Sep 17 00:00:00 2001
From: Davide Pesavento <pesa@gentoo.org>
Date: Sat, 9 Feb 2013 08:04:37 +0000
Subject: Apply upstream patch for CVE-2013-0254 (Gentoo bug #455884)

(Portage version: 2.2.0_alpha161/cvs/Linux x86_64, signed Manifest commit with key 17A85C72)
---
 x11-libs/qt-core/ChangeLog                 |   8 +-
 x11-libs/qt-core/files/CVE-2013-0254.patch |  66 +++++++++++
 x11-libs/qt-core/qt-core-4.8.4-r1.ebuild   | 181 ----------------------------
 x11-libs/qt-core/qt-core-4.8.4-r2.ebuild   | 182 +++++++++++++++++++++++++++++
 4 files changed, 255 insertions(+), 182 deletions(-)
 create mode 100644 x11-libs/qt-core/files/CVE-2013-0254.patch
 delete mode 100644 x11-libs/qt-core/qt-core-4.8.4-r1.ebuild
 create mode 100644 x11-libs/qt-core/qt-core-4.8.4-r2.ebuild

(limited to 'x11-libs/qt-core')

diff --git a/x11-libs/qt-core/ChangeLog b/x11-libs/qt-core/ChangeLog
index 9bbc6793b400..6bc1335f694b 100644
--- a/x11-libs/qt-core/ChangeLog
+++ b/x11-libs/qt-core/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for x11-libs/qt-core
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.204 2013/01/26 09:01:41 pesa Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/ChangeLog,v 1.205 2013/02/09 08:04:37 pesa Exp $
+
+*qt-core-4.8.4-r2 (09 Feb 2013)
+
+  09 Feb 2013; Davide Pesavento <pesa@gentoo.org> +files/CVE-2013-0254.patch,
+  +qt-core-4.8.4-r2.ebuild, -qt-core-4.8.4-r1.ebuild:
+  Apply upstream patch for CVE-2013-0254 (Gentoo bug #455884)
 
   26 Jan 2013; Davide Pesavento <pesa@gentoo.org>
   +files/set-pkg-config-locations-directly-to-install-dir.patch,
diff --git a/x11-libs/qt-core/files/CVE-2013-0254.patch b/x11-libs/qt-core/files/CVE-2013-0254.patch
new file mode 100644
index 000000000000..48cc05f1800d
--- /dev/null
+++ b/x11-libs/qt-core/files/CVE-2013-0254.patch
@@ -0,0 +1,66 @@
+From 20b26bdb3dd5e46b01b9a7e1ce8342074df3c89c Mon Sep 17 00:00:00 2001
+From: Thiago Macieira <thiago.macieira@intel.com>
+Date: Sat, 22 Dec 2012 08:32:12 -0800
+Subject: [PATCH] Change all shmget calls to user-only memory
+
+Drop the read and write permissions for group and other users in the
+system.
+
+Change-Id: I8fc753f09126651af3fb82df3049050f0b14e876
+(cherry-picked from Qt 5 commit 856f209fb63ae336bfb389a12d2a75fa886dc1c5)
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/corelib/kernel/qsharedmemory_unix.cpp          |    6 +++---
+ src/corelib/kernel/qsystemsemaphore_unix.cpp       |    4 ++--
+
+diff --git a/src/corelib/kernel/qsharedmemory_unix.cpp b/src/corelib/kernel/qsharedmemory_unix.cpp
+index 20d76e3..4cf3acf 100644
+--- a/src/corelib/kernel/qsharedmemory_unix.cpp
++++ b/src/corelib/kernel/qsharedmemory_unix.cpp
+@@ -238,7 +238,7 @@ bool QSharedMemoryPrivate::create(int size)
+     }
+ 
+     // create
+-    if (-1 == shmget(unix_key, size, 0666 | IPC_CREAT | IPC_EXCL)) {
++    if (-1 == shmget(unix_key, size, 0600 | IPC_CREAT | IPC_EXCL)) {
+         QString function = QLatin1String("QSharedMemory::create");
+         switch (errno) {
+         case EINVAL:
+@@ -293,7 +293,7 @@ bool QSharedMemoryPrivate::attach(QSharedMemory::AccessMode mode)
+ {
+ #ifndef QT_POSIX_IPC
+     // grab the shared memory segment id
+-    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0444 : 0660));
++    int id = shmget(unix_key, 0, (mode == QSharedMemory::ReadOnly ? 0400 : 0600));
+     if (-1 == id) {
+         setErrorString(QLatin1String("QSharedMemory::attach (shmget)"));
+         return false;
+@@ -381,7 +381,7 @@ bool QSharedMemoryPrivate::detach()
+     size = 0;
+ 
+     // Get the number of current attachments
+-    int id = shmget(unix_key, 0, 0444);
++    int id = shmget(unix_key, 0, 0400);
+     cleanHandle();
+ 
+     struct shmid_ds shmid_ds;
+diff --git a/src/corelib/kernel/qsystemsemaphore_unix.cpp b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+index fad9acc..e77456b 100644
+--- a/src/corelib/kernel/qsystemsemaphore_unix.cpp
++++ b/src/corelib/kernel/qsystemsemaphore_unix.cpp
+@@ -153,10 +153,10 @@ key_t QSystemSemaphorePrivate::handle(QSystemSemaphore::AccessMode mode)
+     }
+ 
+     // Get semaphore
+-    semaphore = semget(unix_key, 1, 0666 | IPC_CREAT | IPC_EXCL);
++    semaphore = semget(unix_key, 1, 0600 | IPC_CREAT | IPC_EXCL);
+     if (-1 == semaphore) {
+         if (errno == EEXIST)
+-            semaphore = semget(unix_key, 1, 0666 | IPC_CREAT);
++            semaphore = semget(unix_key, 1, 0600 | IPC_CREAT);
+         if (-1 == semaphore) {
+             setErrorString(QLatin1String("QSystemSemaphore::handle"));
+             cleanHandle();
+-- 
+1.7.1
+
diff --git a/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild b/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild
deleted file mode 100644
index 257ca93911d0..000000000000
--- a/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r1.ebuild,v 1.2 2013/01/26 09:01:41 pesa Exp $
-
-EAPI=5
-
-inherit qt4-build
-
-DESCRIPTION="The Qt toolkit is a comprehensive C++ application development framework"
-SLOT="4"
-if [[ ${QT4_BUILD_TYPE} == live ]]; then
-	KEYWORDS=""
-else
-	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
-fi
-IUSE="+glib iconv icu qt3support ssl"
-
-DEPEND="
-	sys-libs/zlib
-	glib? ( dev-libs/glib:2 )
-	icu? ( >=dev-libs/icu-49:= )
-	ssl? ( dev-libs/openssl )
-	!<x11-libs/cairo-1.10.2-r2
-	!x11-libs/qt:4
-"
-RDEPEND="${DEPEND}"
-PDEPEND="
-	qt3support? ( ~x11-libs/qt-gui-${PV}[aqua=,debug=,glib=,qt3support] )
-"
-
-PATCHES=(
-	"${FILESDIR}/moc-workaround-for-boost-1.48.patch"
-	"${FILESDIR}/set-pkg-config-locations-directly-to-install-dir.patch"
-)
-
-pkg_setup() {
-	QT4_TARGET_DIRECTORIES="
-		src/tools/bootstrap
-		src/tools/moc
-		src/tools/rcc
-		src/tools/uic
-		src/corelib
-		src/xml
-		src/network
-		src/plugins/codecs
-		tools/linguist/lconvert
-		tools/linguist/lrelease
-		tools/linguist/lupdate"
-
-	QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES}
-		include/Qt
-		include/QtCore
-		include/QtDeclarative
-		include/QtGui
-		include/QtNetwork
-		include/QtScript
-		include/QtXml
-		src/plugins/plugins.pro
-		src/plugins/qpluginbase.pri
-		src/src.pro
-		src/3rdparty/des
-		src/3rdparty/harfbuzz
-		src/3rdparty/md4
-		src/3rdparty/md5
-		src/3rdparty/sha1
-		src/3rdparty/easing
-		src/3rdparty/zlib_dependency.pri
-		src/declarative
-		src/gui
-		src/script
-		tools/shared
-		tools/linguist/shared
-		translations"
-
-	qt4-build_pkg_setup
-}
-
-src_prepare() {
-	# Don't pre-strip, bug 235026
-	for i in kr jp cn tw; do
-		echo "CONFIG+=nostrip" >> "${S}"/src/plugins/codecs/${i}/${i}.pro
-	done
-
-	qt4-build_src_prepare
-
-	# bug 172219
-	sed -i -e "s:CXXFLAGS.*=:CXXFLAGS=${CXXFLAGS} :" \
-		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CXXFLAGS failed"
-	sed -i -e "s:LFLAGS.*=:LFLAGS=${LDFLAGS} :" \
-		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix LDFLAGS failed"
-
-	# bug 427782
-	sed -i -e "/^CPPFLAGS/s/-g//" \
-		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CPPFLAGS failed"
-	sed -i -e "s/setBootstrapVariable QMAKE_CFLAGS_RELEASE/QMakeVar set QMAKE_CFLAGS_RELEASE/" \
-		-e "s/setBootstrapVariable QMAKE_CXXFLAGS_RELEASE/QMakeVar set QMAKE_CXXFLAGS_RELEASE/" \
-		"${S}/configure" || die "sed configure setBootstrapVariable failed"
-}
-
-src_configure() {
-	myconf+="
-		-no-accessibility -no-xmlpatterns -no-multimedia -no-audio-backend -no-phonon
-		-no-phonon-backend -no-svg -no-webkit -no-script -no-scripttools -no-declarative
-		-system-zlib -no-gif -no-libtiff -no-libpng -no-libmng -no-libjpeg
-		-no-cups -no-dbus -no-gtkstyle -no-nas-sound -no-opengl -no-openvg
-		-no-sm -no-xshape -no-xvideo -no-xsync -no-xinerama -no-xcursor -no-xfixes
-		-no-xrandr -no-xrender -no-mitshm -no-fontconfig -no-freetype -no-xinput -no-xkb
-		$(qt_use glib)
-		$(qt_use iconv)
-		$(qt_use icu)
-		$(use ssl && echo -openssl-linked || echo -no-openssl)
-		$(qt_use qt3support)"
-
-	qt4-build_src_configure
-}
-
-src_install() {
-	dobin bin/{qmake,moc,rcc,uic,lconvert,lrelease,lupdate}
-
-	install_directories src/{corelib,xml,network,plugins/codecs}
-
-	emake INSTALL_ROOT="${D}" install_mkspecs
-
-	# install private headers
-	insinto "${QTHEADERDIR#${EPREFIX}}"/QtCore/private
-	find "${S}"/src/corelib -type f -name "*_p.h" -exec doins {} +
-
-	# use freshly built libraries
-	local DYLD_FPATH=
-	[[ -d "${S}"/lib/QtCore.framework ]] \
-		&& DYLD_FPATH=$(for x in "${S}"/lib/*.framework; do echo -n ":$x"; done)
-	DYLD_LIBRARY_PATH="${S}/lib${DYLD_FPATH}" \
-		LD_LIBRARY_PATH="${S}/lib" \
-		"${S}"/bin/lrelease translations/*.ts \
-		|| die "generating translations failed"
-	insinto "${QTTRANSDIR#${EPREFIX}}"
-	doins translations/*.qm
-
-	setqtenv
-	fix_library_files
-
-	# List all the multilib libdirs
-	local libdirs=
-	for libdir in $(get_all_libdirs); do
-		libdirs+=":${EPREFIX}/usr/${libdir}/qt4"
-	done
-
-	cat <<-EOF > "${T}"/44qt4
-	LDPATH="${libdirs:1}"
-	EOF
-	doenvd "${T}"/44qt4
-
-	dodir "${QTDATADIR#${EPREFIX}}"/mkspecs/gentoo
-	mv "${D}/${QTDATADIR}"/mkspecs/qconfig.pri "${D}${QTDATADIR}"/mkspecs/gentoo \
-		|| die "failed to move qconfig.pri"
-
-	# Framework hacking
-	if use aqua && [[ ${CHOST#*-darwin} -ge 9 ]]; then
-		# TODO: do this better
-		sed -i -e '2a#include <QtCore/Gentoo/gentoo-qconfig.h>\n' \
-				"${D}${QTLIBDIR}"/QtCore.framework/Headers/qconfig.h \
-			|| die "sed for qconfig.h failed."
-		dosym "${QTHEADERDIR#${EPREFIX}}"/Gentoo "${QTLIBDIR#${EPREFIX}}"/QtCore.framework/Headers/Gentoo
-	else
-		sed -i -e '2a#include <Gentoo/gentoo-qconfig.h>\n' \
-				"${D}${QTHEADERDIR}"/QtCore/qconfig.h \
-				"${D}${QTHEADERDIR}"/Qt/qconfig.h \
-			|| die "sed for qconfig.h failed"
-	fi
-
-	QCONFIG_DEFINE="QT_ZLIB"
-	install_qconfigs
-
-	# remove .la files
-	prune_libtool_files
-
-	keepdir "${QTSYSCONFDIR#${EPREFIX}}"
-
-	# Framework magic
-	fix_includes
-}
diff --git a/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild b/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild
new file mode 100644
index 000000000000..afd758201549
--- /dev/null
+++ b/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/qt-core/qt-core-4.8.4-r2.ebuild,v 1.1 2013/02/09 08:04:37 pesa Exp $
+
+EAPI=5
+
+inherit qt4-build
+
+DESCRIPTION="The Qt toolkit is a comprehensive C++ application development framework"
+SLOT="4"
+if [[ ${QT4_BUILD_TYPE} == live ]]; then
+	KEYWORDS=""
+else
+	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+fi
+IUSE="+glib iconv icu qt3support ssl"
+
+DEPEND="
+	sys-libs/zlib
+	glib? ( dev-libs/glib:2 )
+	icu? ( >=dev-libs/icu-49:= )
+	ssl? ( dev-libs/openssl )
+	!<x11-libs/cairo-1.10.2-r2
+	!x11-libs/qt:4
+"
+RDEPEND="${DEPEND}"
+PDEPEND="
+	qt3support? ( ~x11-libs/qt-gui-${PV}[aqua=,debug=,glib=,qt3support] )
+"
+
+PATCHES=(
+	"${FILESDIR}/moc-workaround-for-boost-1.48.patch"
+	"${FILESDIR}/set-pkg-config-locations-directly-to-install-dir.patch"
+	"${FILESDIR}/CVE-2013-0254.patch"
+)
+
+pkg_setup() {
+	QT4_TARGET_DIRECTORIES="
+		src/tools/bootstrap
+		src/tools/moc
+		src/tools/rcc
+		src/tools/uic
+		src/corelib
+		src/xml
+		src/network
+		src/plugins/codecs
+		tools/linguist/lconvert
+		tools/linguist/lrelease
+		tools/linguist/lupdate"
+
+	QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES}
+		include/Qt
+		include/QtCore
+		include/QtDeclarative
+		include/QtGui
+		include/QtNetwork
+		include/QtScript
+		include/QtXml
+		src/plugins/plugins.pro
+		src/plugins/qpluginbase.pri
+		src/src.pro
+		src/3rdparty/des
+		src/3rdparty/harfbuzz
+		src/3rdparty/md4
+		src/3rdparty/md5
+		src/3rdparty/sha1
+		src/3rdparty/easing
+		src/3rdparty/zlib_dependency.pri
+		src/declarative
+		src/gui
+		src/script
+		tools/shared
+		tools/linguist/shared
+		translations"
+
+	qt4-build_pkg_setup
+}
+
+src_prepare() {
+	# Don't pre-strip, bug 235026
+	for i in kr jp cn tw; do
+		echo "CONFIG+=nostrip" >> "${S}"/src/plugins/codecs/${i}/${i}.pro
+	done
+
+	qt4-build_src_prepare
+
+	# bug 172219
+	sed -i -e "s:CXXFLAGS.*=:CXXFLAGS=${CXXFLAGS} :" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CXXFLAGS failed"
+	sed -i -e "s:LFLAGS.*=:LFLAGS=${LDFLAGS} :" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix LDFLAGS failed"
+
+	# bug 427782
+	sed -i -e "/^CPPFLAGS/s/-g//" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CPPFLAGS failed"
+	sed -i -e "s/setBootstrapVariable QMAKE_CFLAGS_RELEASE/QMakeVar set QMAKE_CFLAGS_RELEASE/" \
+		-e "s/setBootstrapVariable QMAKE_CXXFLAGS_RELEASE/QMakeVar set QMAKE_CXXFLAGS_RELEASE/" \
+		"${S}/configure" || die "sed configure setBootstrapVariable failed"
+}
+
+src_configure() {
+	myconf+="
+		-no-accessibility -no-xmlpatterns -no-multimedia -no-audio-backend -no-phonon
+		-no-phonon-backend -no-svg -no-webkit -no-script -no-scripttools -no-declarative
+		-system-zlib -no-gif -no-libtiff -no-libpng -no-libmng -no-libjpeg
+		-no-cups -no-dbus -no-gtkstyle -no-nas-sound -no-opengl -no-openvg
+		-no-sm -no-xshape -no-xvideo -no-xsync -no-xinerama -no-xcursor -no-xfixes
+		-no-xrandr -no-xrender -no-mitshm -no-fontconfig -no-freetype -no-xinput -no-xkb
+		$(qt_use glib)
+		$(qt_use iconv)
+		$(qt_use icu)
+		$(use ssl && echo -openssl-linked || echo -no-openssl)
+		$(qt_use qt3support)"
+
+	qt4-build_src_configure
+}
+
+src_install() {
+	dobin bin/{qmake,moc,rcc,uic,lconvert,lrelease,lupdate}
+
+	install_directories src/{corelib,xml,network,plugins/codecs}
+
+	emake INSTALL_ROOT="${D}" install_mkspecs
+
+	# install private headers
+	insinto "${QTHEADERDIR#${EPREFIX}}"/QtCore/private
+	find "${S}"/src/corelib -type f -name "*_p.h" -exec doins {} +
+
+	# use freshly built libraries
+	local DYLD_FPATH=
+	[[ -d "${S}"/lib/QtCore.framework ]] \
+		&& DYLD_FPATH=$(for x in "${S}"/lib/*.framework; do echo -n ":$x"; done)
+	DYLD_LIBRARY_PATH="${S}/lib${DYLD_FPATH}" \
+		LD_LIBRARY_PATH="${S}/lib" \
+		"${S}"/bin/lrelease translations/*.ts \
+		|| die "generating translations failed"
+	insinto "${QTTRANSDIR#${EPREFIX}}"
+	doins translations/*.qm
+
+	setqtenv
+	fix_library_files
+
+	# List all the multilib libdirs
+	local libdirs=
+	for libdir in $(get_all_libdirs); do
+		libdirs+=":${EPREFIX}/usr/${libdir}/qt4"
+	done
+
+	cat <<-EOF > "${T}"/44qt4
+	LDPATH="${libdirs:1}"
+	EOF
+	doenvd "${T}"/44qt4
+
+	dodir "${QTDATADIR#${EPREFIX}}"/mkspecs/gentoo
+	mv "${D}/${QTDATADIR}"/mkspecs/qconfig.pri "${D}${QTDATADIR}"/mkspecs/gentoo \
+		|| die "failed to move qconfig.pri"
+
+	# Framework hacking
+	if use aqua && [[ ${CHOST#*-darwin} -ge 9 ]]; then
+		# TODO: do this better
+		sed -i -e '2a#include <QtCore/Gentoo/gentoo-qconfig.h>\n' \
+				"${D}${QTLIBDIR}"/QtCore.framework/Headers/qconfig.h \
+			|| die "sed for qconfig.h failed."
+		dosym "${QTHEADERDIR#${EPREFIX}}"/Gentoo "${QTLIBDIR#${EPREFIX}}"/QtCore.framework/Headers/Gentoo
+	else
+		sed -i -e '2a#include <Gentoo/gentoo-qconfig.h>\n' \
+				"${D}${QTHEADERDIR}"/QtCore/qconfig.h \
+				"${D}${QTHEADERDIR}"/Qt/qconfig.h \
+			|| die "sed for qconfig.h failed"
+	fi
+
+	QCONFIG_DEFINE="QT_ZLIB"
+	install_qconfigs
+
+	# remove .la files
+	prune_libtool_files
+
+	keepdir "${QTSYSCONFDIR#${EPREFIX}}"
+
+	# Framework magic
+	fix_includes
+}
-- 
cgit v1.2.3-65-gdbad