From f895dc3516457912a60202c479e8af2756c67e6b Mon Sep 17 00:00:00 2001 From: wang_yue111 <648774160@qq.com> Date: Wed, 14 Oct 2020 15:09:59 +0800 Subject: [PATCH] fix CVE-2020-0570 --- CVE-2020-0570.patch | 47 +++++++++++++++++++++++++++++++++++++++++++++ qt.spec | 6 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-0570.patch diff --git a/CVE-2020-0570.patch b/CVE-2020-0570.patch new file mode 100644 index 0000000..4fe2f4a --- /dev/null +++ b/CVE-2020-0570.patch @@ -0,0 +1,47 @@ +From 15d5017b8f61a4af9196ba8f802df75efb77a319 Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Fri, 10 Jan 2020 09:26:27 -0800 +Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD + +I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to +find libraries in a haswell/ subdir of the main path, but we only need +to do that transformation if the library is contains at least one +directory seprator. That is, if the user asks to load "lib/foo", then we +should try "lib/haswell/foo" (often, the path prefix will be absolute). + +When the library name the user requested has no directory separators, we +let dlopen() do the transformation for us. Testing on Linux confirms +glibc does so: + +$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help +|& grep Xcurs or + 1972475: find library=libXcursor.so.1 [0]; searching + 1972475:trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 + 1972475:trying file=/usr/lib64/haswell/libXcursor.so.1 + 1972475:trying file=/usr/lib64/libXcursor.so.1 + 1972475: calling init: /usr/lib64/libXcursor.so.1 + 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] + +Fixes: QTBUG-81272 +Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb +Reviewed-by: Thiago Macieira +--- + src/corelib/plugin/qlibrary_unix.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp +index 90797a49..99c646e1 100644 +--- a/src/corelib/plugin/qlibrary_unix.cpp ++++ b/src/corelib/plugin/qlibrary_unix.cpp +@@ -209,6 +209,8 @@ bool QLibraryPrivate::load_sys() + for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { + if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) + continue; ++ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) ++ continue; + if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) + continue; + if (loadHints & QLibrary::LoadArchiveMemberHint) { +-- +2.23.0 + diff --git a/qt.spec b/qt.spec index 129d24a..b5fb5b8 100644 --- a/qt.spec +++ b/qt.spec @@ -13,7 +13,7 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 49 +Release: 50 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: http://qt-project.org/ @@ -78,6 +78,7 @@ Patch6002: CVE-2018-19871.patch Patch6003: CVE-2018-19870.patch Patch6004: CVE-2018-19873.patch Patch6005: CVE-2020-17507.patch +Patch6006: CVE-2020-0570.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) @@ -444,6 +445,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Wed 14 Oct 2020 wangyue - 1:4.8.7-50 +- fix CVE-2020-0570 + * Mon Sep 21 2020 shaoqiang kang - 1:4.8.7-49 - fix CVE-2020-17507 -- Gitee