1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-23 07:28:26 +01:00
slackware-current/source/l/qt5/patches/qt5.cve-2020-0570.patch
Patrick J Volkerding 7cde3ca9e7 Sat Feb 15 02:42:28 UTC 2020
a/kernel-generic-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.4.20-x86_64-1.txz:  Upgraded.
a/shadow-4.8.1-x86_64-3.txz:  Rebuilt.
a/util-linux-2.35.1-x86_64-3.txz:  Rebuilt.
d/kernel-headers-5.4.20-x86-1.txz:  Upgraded.
k/kernel-source-5.4.20-noarch-1.txz:  Upgraded.
l/ConsoleKit2-1.2.1-x86_64-2.txz:  Rebuilt.
l/dconf-editor-3.34.4-x86_64-1.txz:  Upgraded.
l/libxkbcommon-0.10.0-x86_64-1.txz:  Added.
l/openal-soft-1.19.1-x86_64-1.txz:  Added.
l/qt5-5.13.2-x86_64-1.txz:  Added.
  Thanks to alienBOB.
n/openssh-8.2p1-x86_64-1.txz:  Upgraded.
  Potentially incompatible changes:
  * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted
    CASignatureAlgorithms list.
  * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
    from the default key exchange proposal for both the client and
    server.
  * ssh-keygen(1): the command-line options related to the generation
    and screening of safe prime numbers used by the
    diffie-hellman-group-exchange-* key exchange algorithms have
    changed. Most options have been folded under the -O flag.
  * sshd(8): the sshd listener process title visible to ps(1) has
    changed to include information about the number of connections that
    are currently attempting authentication and the limits configured
    by MaxStartups.
x/mesa-19.3.4-x86_64-2.txz:  Rebuilt.
  Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with
  an illegal instruction on some hardware.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz:  Rebuilt.
  Rebuilt with --disable-libcgmanager to fix setting limits on PAM.
  Thanks to gattocarlo.
testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz:  Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz:  Rebuilt.
  Moved some of the /etc/pam.d/ file to the util-linux package where they
  more properly belong.
testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz:  Rebuilt.
  Added some /etc/pam.d/ files previously in the shadow package.
  Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them.
  Added /etc/pam.d/{runuser,runuser-l}.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2020-02-15 08:59:47 +01:00

48 lines
2.5 KiB
Diff

QLibrary/Unix: do not attempt to load a library relative to $PWD
I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory seprator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).
When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:
$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
1972475: find library=libXcursor.so.1 [0]; searching
1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
1972475: trying file=/usr/lib64/haswell/libXcursor.so.1
1972475: trying file=/usr/lib64/libXcursor.so.1
1972475: calling init: /usr/lib64/libXcursor.so.1
1972475: calling fini: /usr/lib64/libXcursor.so.1 [0]
Fixes: QTBUG-81272
Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb
X-Git-Url: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=blobdiff_plain;f=src%2Fcorelib%2Fplugin%2Fqlibrary_unix.cpp;h=135b82cd378b00abe231c2320866d88f8a71b25a;hp=f0de1010d7b7126d83c4365a31924fa080ec334d;hb=27d92ead3a5f3c145f16b96f95a43c5af136a36b;hpb=3b54009b13e9629b75827a59f8537451d25613a4
diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index f0de1010d7b..135b82cd378 100644
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -1,7 +1,7 @@
/****************************************************************************
**
** Copyright (C) 2016 The Qt Company Ltd.
-** Copyright (C) 2018 Intel Corporation
+** Copyright (C) 2020 Intel Corporation
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtCore module of the Qt Toolkit.
@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys()
for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
continue;
+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+ continue;
if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
continue;
if (loadHints & QLibrary::LoadArchiveMemberHint) {