forked from pool/libqt5-qtbase
82c1b4e916
- Recommend libqt5-qttranslations in libQt5Core5 (boo#1027925) - Fix typo in description (boo#1043338) - Update to 5.9.1 * For more details please see: http://blog.qt.io/blog/2017/06/30/qt-5-9-1-released/ - Drop upstreamed patches: - fix-cmake-module-version.patch - dont-destroy-foreign-windows.patch - native-children-hidpi-offset.patch - Force use of libproxy, that switch got lost apparently - Add patch to allow build with at-spi2: 0001-Fix-at-spi2-build.patch OBS-URL: https://build.opensuse.org/request/show/508314 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=61
31 lines
1.5 KiB
Diff
31 lines
1.5 KiB
Diff
From e840a7ed21bc8e93e2e87fec25dd98aa0039fca1 Mon Sep 17 00:00:00 2001
|
|
From: Antonio Larrosa <larrosa@kde.org>
|
|
Date: Tue, 18 Apr 2017 17:56:35 +0200
|
|
Subject: [PATCH] Fix open/chmod race condition in QSaveFile
|
|
|
|
This fixes a problem introduced in a60571b3700e80f44705ebc4bab9628cf852891c
|
|
by which a temporary file could be created with mode 0666 (0644 after
|
|
applying umask), and then changed to 0600, but in the meantime it would
|
|
be possible for anyone to get a working file descriptor that could be used
|
|
to read the file. See https://bugzilla.suse.com/show_bug.cgi?id=1034005.
|
|
|
|
Change-Id: I824025f54d6faf853da88e4dfcb092b577b4df04
|
|
---
|
|
src/corelib/io/qsavefile.cpp | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
Index: qtbase-opensource-src-5.9.1/src/corelib/io/qsavefile.cpp
|
|
===================================================================
|
|
--- qtbase-opensource-src-5.9.1.orig/src/corelib/io/qsavefile.cpp
|
|
+++ qtbase-opensource-src-5.9.1/src/corelib/io/qsavefile.cpp
|
|
@@ -232,7 +232,8 @@ bool QSaveFile::open(OpenMode mode)
|
|
}
|
|
|
|
d->fileEngine = new QTemporaryFileEngine;
|
|
- static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, 0666);
|
|
+ int perm = (existingFile.exists() ? 0600 : 0666);
|
|
+ static_cast<QTemporaryFileEngine *>(d->fileEngine)->initialize(d->finalFileName, perm);
|
|
// Same as in QFile: QIODevice provides the buffering, so there's no need to request it from the file engine.
|
|
if (!d->fileEngine->open(mode | QIODevice::Unbuffered)) {
|
|
QFileDevice::FileError err = d->fileEngine->error();
|