diff options
author | Max Rees <maxcrees@me.com> | 2020-03-29 02:08:19 -0500 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2020-03-30 15:01:21 -0500 |
commit | 0c250b922af7e2812cd55e84b26278e39346bd9a (patch) | |
tree | 566f0e32fe349d8c6c574997808df2b4be4e0ba4 /user/qt5-qtbase | |
parent | 05f1e6cb26860fab986910e372df549ef4c51e49 (diff) | |
download | packages-0c250b922af7e2812cd55e84b26278e39346bd9a.tar.gz packages-0c250b922af7e2812cd55e84b26278e39346bd9a.tar.bz2 packages-0c250b922af7e2812cd55e84b26278e39346bd9a.tar.xz packages-0c250b922af7e2812cd55e84b26278e39346bd9a.zip |
user/qt5-qtbase: patch CVE-2020-0569 and CVE-2020-0570
Diffstat (limited to 'user/qt5-qtbase')
-rw-r--r-- | user/qt5-qtbase/APKBUILD | 11 | ||||
-rw-r--r-- | user/qt5-qtbase/CVE-2020-0569.patch | 29 | ||||
-rw-r--r-- | user/qt5-qtbase/CVE-2020-0570.patch | 55 |
3 files changed, 93 insertions, 2 deletions
diff --git a/user/qt5-qtbase/APKBUILD b/user/qt5-qtbase/APKBUILD index 18b5b88ad..4cb68524d 100644 --- a/user/qt5-qtbase/APKBUILD +++ b/user/qt5-qtbase/APKBUILD @@ -2,7 +2,7 @@ pkgname=qt5-qtbase _pkgname=qtbase-everywhere-src pkgver=5.12.6 -pkgrel=0 +pkgrel=1 pkgdesc="Cross-platform application and UI framework" url="https://www.qt.io/" arch="all" @@ -27,6 +27,8 @@ source="https://download.qt.io/official_releases/qt/${pkgver%.*}/$pkgver/submodu link-to-execinfo.patch qt-musl-iconv-no-bom.patch time64.patch + CVE-2020-0569.patch + CVE-2020-0570.patch " # secfixes: qt @@ -36,6 +38,9 @@ source="https://download.qt.io/official_releases/qt/${pkgver%.*}/$pkgver/submodu # - CVE-2018-19870 # - CVE-2018-19871 # - CVE-2018-19873 +# 5.12.6-r1: +# - CVE-2020-0569 +# - CVE-2020-0570 _qt5_prefix=/usr/lib/qt5 _qt5_datadir=/usr/share/qt5 @@ -175,4 +180,6 @@ sha512sums="5fb82d903b0db95c23c55785047722dea7979e7f94ecaaf374e0c73b4787aabd768a d00dc607b71a93132f756b952871df9197cfd6d78cc3617544bfa11d7f0eea21ce5dd0d1aeb69dd2702a5694a63d3802accc76499dbf414c01eb56421698cb0c big-endian-scroll-wheel.patch ee78a44e28ba5f728914bfc3d8d5b467896c7de11a02d54b0bce11e40a4338b1f776c1fcc30cbd436df4f548c1ab0b4fe801f01b162ddd5c0f892893e227acfd link-to-execinfo.patch e3982b2df2ab4ba53b7a1329a9eb928eb1fee813c61cf6ac03d3300a767ffb57f019ac0fd89f633cac2330549446ff3d43344871296bf362815e7ebffadefa6b qt-musl-iconv-no-bom.patch -436f0bb7a89a88aa62c7b0398c4e91c325e78542e96f747c903f7e96dbf9d9b693d9688c722f2a74e287fb9ab31e861bd5ed8deb172ed28f56a1b8757663771c time64.patch" +436f0bb7a89a88aa62c7b0398c4e91c325e78542e96f747c903f7e96dbf9d9b693d9688c722f2a74e287fb9ab31e861bd5ed8deb172ed28f56a1b8757663771c time64.patch +ddeb0a59cf0901b38669314fd2f14dffba63c6cbd06a3d864cd329081cc2b10323ec52053a6ffe7baf5ee8a1e137331acfe5d874c03596660630dd151828da56 CVE-2020-0569.patch +b5973799d6dc7c03124b7df5424e5fa84cb81ec3b997e039b84cca21852abaf4ff61780b99c47f1fd6ce64ae61f61b2458ca2929e068644f1973a6f1c53a4d64 CVE-2020-0570.patch" diff --git a/user/qt5-qtbase/CVE-2020-0569.patch b/user/qt5-qtbase/CVE-2020-0569.patch new file mode 100644 index 000000000..fa0efdce3 --- /dev/null +++ b/user/qt5-qtbase/CVE-2020-0569.patch @@ -0,0 +1,29 @@ +From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001 +From: Olivier Goffart <ogoffart@woboq.com> +Date: Fri, 8 Nov 2019 11:30:40 +0100 +Subject: Do not load plugin from the $PWD + +I see no reason why this would make sense to look for plugins in the current +directory. And when there are plugins there, it may actually be wrong + +Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +--- + src/corelib/plugin/qpluginloader.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp +index cadff4f32b..c2443dbdda 100644 +--- a/src/corelib/plugin/qpluginloader.cpp ++++ b/src/corelib/plugin/qpluginloader.cpp +@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName) + paths.append(fileName.left(slash)); // don't include the '/' + } else { + paths = QCoreApplication::libraryPaths(); +- paths.prepend(QStringLiteral(".")); // search in current dir first + } + + for (const QString &path : qAsConst(paths)) { +-- +cgit v1.2.1 + diff --git a/user/qt5-qtbase/CVE-2020-0570.patch b/user/qt5-qtbase/CVE-2020-0570.patch new file mode 100644 index 000000000..dcf507c0d --- /dev/null +++ b/user/qt5-qtbase/CVE-2020-0570.patch @@ -0,0 +1,55 @@ +From e6f1fde24f77f63fb16b2df239f82a89d2bf05dd Mon Sep 17 00:00:00 2001 +From: Thiago Macieira <thiago.macieira@intel.com> +Date: Fri, 10 Jan 2020 09:26:27 -0800 +Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD + +I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to +find libraries in a haswell/ subdir of the main path, but we only need +to do that transformation if the library is contains at least one +directory seprator. That is, if the user asks to load "lib/foo", then we +should try "lib/haswell/foo" (often, the path prefix will be absolute). + +When the library name the user requested has no directory separators, we +let dlopen() do the transformation for us. Testing on Linux confirms +glibc does so: + +$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor + 1972475: find library=libXcursor.so.1 [0]; searching + 1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 + 1972475: trying file=/usr/lib64/haswell/libXcursor.so.1 + 1972475: trying file=/usr/lib64/libXcursor.so.1 + 1972475: calling init: /usr/lib64/libXcursor.so.1 + 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] + +Fixes: QTBUG-81272 +Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb +Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> +--- + src/corelib/plugin/qlibrary_unix.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp +index f0de1010d7..135b82cd37 100644 +--- a/src/corelib/plugin/qlibrary_unix.cpp ++++ b/src/corelib/plugin/qlibrary_unix.cpp +@@ -1,7 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. +-** Copyright (C) 2018 Intel Corporation ++** Copyright (C) 2020 Intel Corporation + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtCore module of the Qt Toolkit. +@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys() + for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { + if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) + continue; ++ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) ++ continue; + if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) + continue; + if (loadHints & QLibrary::LoadArchiveMemberHint) { +-- +cgit v1.2.1 + |