From 13a75827ce78e364773204e25fbc884a27c6e375 Mon Sep 17 00:00:00 2001 From: "c.lamboo" Date: Mon, 16 May 2022 21:49:09 +0200 Subject: [PATCH 1/6] Fix "view user manuals online" link --- plugins/MonitorStage/MonitorMain.qml | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/MonitorStage/MonitorMain.qml b/plugins/MonitorStage/MonitorMain.qml index fdb67d0feb..5d63ac5b83 100644 --- a/plugins/MonitorStage/MonitorMain.qml +++ b/plugins/MonitorStage/MonitorMain.qml @@ -122,6 +122,7 @@ Rectangle } visible: !isNetworkConfigured && isNetworkConfigurable width: childrenRect.width + height: childrenRect.height UM.ColorImage { From 37ca436cadf0cba03a0f93facac9e5d022cd2bab Mon Sep 17 00:00:00 2001 From: fvrmr <77000924+fvrmr@users.noreply.github.com> Date: Tue, 17 May 2022 10:05:28 +0200 Subject: [PATCH 2/6] Update change_log.txt Added one more bug fix --- resources/texts/change_log.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/texts/change_log.txt b/resources/texts/change_log.txt index 3051b7c23e..33ac01743d 100644 --- a/resources/texts/change_log.txt +++ b/resources/texts/change_log.txt @@ -75,6 +75,7 @@ Ultimaker Cura 5.0 is now compatible with Apple M1. - Fixed a bug where travels would go through the model with printing PVA - Fixed a bug where Concentric ironing was affecting the print quality - Fixed a bug where there were missing infill layers +- Fixed AppRun permissions, contributed by probonopd * Printer definitions, profiles and materials: - Added Atom 3 and Atom 3 Lite printer definitions, contributed by Daniel-Kurth From 4d3f312cb6726488797df87ffde31675ce86c7e4 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Tue, 17 May 2022 11:42:43 +0200 Subject: [PATCH 3/6] Secure another 'environment-settable via Qt' DLL. SEC-258 a.k.a. CURA-8969 --- cura_app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cura_app.py b/cura_app.py index e11e3c4232..905d8f4ee0 100755 --- a/cura_app.py +++ b/cura_app.py @@ -18,6 +18,7 @@ import os if sys.platform != "linux": # Turns out the Linux build _does_ use this, but we're not making an Enterprise release for that system anyway. os.environ["QT_PLUGIN_PATH"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. os.environ["QML2_IMPORT_PATH"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. + os.environ["QT_OPENGL_DLL"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. from PyQt6.QtNetwork import QSslConfiguration, QSslSocket From 050a73166360106d2c2733b22e9c31be400f6db8 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Fri, 20 May 2022 14:32:28 +0200 Subject: [PATCH 4/6] In secure version: disable loading themes from unbundled folders. This was a bit more tricky then it at first seemed, since the information wether this is a 'secure version' comes from the user-application and is not known in the Uranium library. This is not normally such a point, but both the theme and the preferences objects are loaded _very_ early in the process, and that information needs to be injected before then. (Well, in the case of the Theme object it's less important, since in the implementation choseen that is now security wise at least only in charge of wheter or not to even show the theme as selectable in the interface, so that it only needs to be aware of the 'security' status any time before the user can see a preference screen, but not nescesarily earlier.) SEC-255 | CURA-8966 --- cura/CuraApplication.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cura/CuraApplication.py b/cura/CuraApplication.py index ee3c6e361e..a324168f31 100755 --- a/cura/CuraApplication.py +++ b/cura/CuraApplication.py @@ -315,7 +315,7 @@ class CuraApplication(QtApplication): def initialize(self) -> None: self.__addExpectedResourceDirsAndSearchPaths() # Must be added before init of super - super().initialize() + super().initialize(ApplicationMetadata.IsEnterpriseVersion) self._preferences.addPreference("cura/single_instance", False) self._use_single_instance = self._preferences.getValue("cura/single_instance") or self._cli_args.single_instance @@ -942,6 +942,7 @@ class CuraApplication(QtApplication): self._qml_import_paths.append(Resources.getPath(self.ResourceTypes.QmlFiles)) self._setLoadingHint(self._i18n_catalog.i18nc("@info:progress", "Initializing engine...")) self.initializeEngine() + self.getTheme().setCheckIfTrusted(ApplicationMetadata.IsEnterpriseVersion) # Initialize UI state controller.setActiveStage("PrepareStage") From be25029aca3bdd188f3e86f5f630d0dbae43eebd Mon Sep 17 00:00:00 2001 From: "j.delarago" Date: Tue, 24 May 2022 12:09:20 +0200 Subject: [PATCH 5/6] This fix will stop enterprise versions from searching the user config folder for non storage type resources. Refer to SEC-253 for more information SEC-253 --- cura/CuraApplication.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cura/CuraApplication.py b/cura/CuraApplication.py index a324168f31..3a3ac17cdf 100755 --- a/cura/CuraApplication.py +++ b/cura/CuraApplication.py @@ -257,6 +257,7 @@ class CuraApplication(QtApplication): from UM.CentralFileStorage import CentralFileStorage CentralFileStorage.setIsEnterprise(ApplicationMetadata.IsEnterpriseVersion) + Resources.setIsEnterprise(ApplicationMetadata.IsEnterpriseVersion) @pyqtProperty(str, constant=True) def ultimakerCloudApiRootUrl(self) -> str: @@ -348,12 +349,12 @@ class CuraApplication(QtApplication): Resources.addExpectedDirNameInData(dir_name) app_root = os.path.abspath(os.path.join(os.path.dirname(sys.executable))) - Resources.addSearchPath(os.path.join(app_root, "share", "cura", "resources")) + Resources.addSecureSearchPath(os.path.join(app_root, "share", "cura", "resources")) - Resources.addSearchPath(os.path.join(self._app_install_dir, "share", "cura", "resources")) + Resources.addSecureSearchPath(os.path.join(self._app_install_dir, "share", "cura", "resources")) if not hasattr(sys, "frozen"): resource_path = os.path.join(os.path.abspath(os.path.dirname(__file__)), "..", "resources") - Resources.addSearchPath(resource_path) + Resources.addSecureSearchPath(resource_path) @classmethod def _initializeSettingDefinitions(cls): From d35c862bb845157463388ede4411706019850b1f Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Wed, 1 Jun 2022 14:26:44 +0200 Subject: [PATCH 6/6] Prevent run of out-of-install executable in secure context. SEC-257 | CURA-8968 --- .../CuraEngineBackend/CuraEngineBackend.py | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/plugins/CuraEngineBackend/CuraEngineBackend.py b/plugins/CuraEngineBackend/CuraEngineBackend.py index d7ed5fac21..18088a99c6 100755 --- a/plugins/CuraEngineBackend/CuraEngineBackend.py +++ b/plugins/CuraEngineBackend/CuraEngineBackend.py @@ -60,7 +60,7 @@ class CuraEngineBackend(QObject, Backend): executable_name = "CuraEngine" if Platform.isWindows(): executable_name += ".exe" - default_engine_location = executable_name + self._default_engine_location = executable_name search_path = [ os.path.abspath(os.path.dirname(sys.executable)), @@ -74,29 +74,29 @@ class CuraEngineBackend(QObject, Backend): for path in search_path: engine_path = os.path.join(path, executable_name) if os.path.isfile(engine_path): - default_engine_location = engine_path + self._default_engine_location = engine_path break - if Platform.isLinux() and not default_engine_location: + if Platform.isLinux() and not self._default_engine_location: if not os.getenv("PATH"): raise OSError("There is something wrong with your Linux installation.") for pathdir in cast(str, os.getenv("PATH")).split(os.pathsep): execpath = os.path.join(pathdir, executable_name) if os.path.exists(execpath): - default_engine_location = execpath + self._default_engine_location = execpath break application = CuraApplication.getInstance() #type: CuraApplication self._multi_build_plate_model = None #type: Optional[MultiBuildPlateModel] self._machine_error_checker = None #type: Optional[MachineErrorChecker] - if not default_engine_location: + if not self._default_engine_location: raise EnvironmentError("Could not find CuraEngine") - Logger.log("i", "Found CuraEngine at: %s", default_engine_location) + Logger.log("i", "Found CuraEngine at: %s", self._default_engine_location) - default_engine_location = os.path.abspath(default_engine_location) - application.getPreferences().addPreference("backend/location", default_engine_location) + self._default_engine_location = os.path.abspath(self._default_engine_location) + application.getPreferences().addPreference("backend/location", self._default_engine_location) # Workaround to disable layer view processing if layer view is not active. self._layer_view_active = False #type: bool @@ -215,7 +215,12 @@ class CuraEngineBackend(QObject, Backend): This is useful for debugging and used to actually start the engine. :return: list of commands and args / parameters. """ - command = [CuraApplication.getInstance().getPreferences().getValue("backend/location"), "connect", "127.0.0.1:{0}".format(self._port), ""] + from cura import ApplicationMetadata + if ApplicationMetadata.IsEnterpriseVersion: + command = [self._default_engine_location] + else: + command = [CuraApplication.getInstance().getPreferences().getValue("backend/location")] + command += ["connect", "127.0.0.1:{0}".format(self._port), ""] parser = argparse.ArgumentParser(prog = "cura", add_help = False) parser.add_argument("--debug", action = "store_true", default = False, help = "Turn on the debug mode by setting this option.")