Package: mumble
Version: 1.2.3-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
*** /tmp/tmpbbtG6M/bug_body
By default, Mumble creates it's config file and database with
world-readable permissions. The database may contain passwords.
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/0004-set-file-permissions.patch: Set restrictive
permissions on data files. (LP: #783405)
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise-proposed'), (500, 'precise')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru mumble-1.2.3/debian/changelog mumble-1.2.3/debian/changelog
diff -Nru mumble-1.2.3/debian/patches/0004-set-file-permissions.patch mumble-1.2.3/debian/patches/0004-set-file-permissions.patch
--- mumble-1.2.3/debian/patches/0004-set-file-permissions.patch 1969-12-31 19:00:00.000000000 -0500
+++ mumble-1.2.3/debian/patches/0004-set-file-permissions.patch 2012-02-07 10:24:47.000000000 -0500
@@ -0,0 +1,42 @@
+Description: Set restrictive permissions on data files.
+Origin: upstream, https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405
+
+Index: mumble-1.2.3/src/mumble/Database.cpp
+===================================================================
+--- mumble-1.2.3.orig/src/mumble/Database.cpp 2011-02-19 16:35:16.000000000 -0500
++++ mumble-1.2.3/src/mumble/Database.cpp 2012-02-07 10:21:02.398225505 -0500
+@@ -92,6 +92,11 @@
+ qWarning("Database: Database is read-only");
+ }
+
++ {
++ QFile f(db.databaseName());
++ f.setPermissions(f.permissions() & ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther));
++ }
++
+ QSqlQuery query;
+
+ query.exec(QLatin1String("CREATE TABLE IF NOT EXISTS `servers` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `name` TEXT, `hostname` TEXT, `port` INTEGER DEFAULT 64738, `username` TEXT, `password` TEXT)"));
+Index: mumble-1.2.3/src/mumble/Settings.cpp
+===================================================================
+--- mumble-1.2.3.orig/src/mumble/Settings.cpp 2011-02-19 16:35:17.000000000 -0500
++++ mumble-1.2.3/src/mumble/Settings.cpp 2012-02-07 10:21:02.398225505 -0500
+@@ -698,6 +698,17 @@
+ void OverlaySettings::save(QSettings* settings_ptr) {
+ OverlaySettings def;
+
++ settings_ptr->setValue(QLatin1String("version"), QLatin1String(MUMTEXT(MUMBLE_VERSION_STRING)));
++ settings_ptr->sync();
++
++#if defined(Q_OS_WIN) || defined(Q_OS_MAC)
++ if (settings_ptr->format() == QSettings::IniFormat)
++#endif
++ {
++ QFile f(settings_ptr->fileName());
++ f.setPermissions(f.permissions() & ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther));
++ }
++
+ SAVELOAD(bEnable, "enable");
+
+ SAVELOAD(osShow, "show");
