CVE-2020-24741, Do not attempt to load a library relative to $PWD
This commit is contained in:
Than Ngo
parent
ec348a04e3
commit
f48052b0ce
13
qt-everywhere-opensource-src-4.8.5-CVE-2020-24741.patch
Normal file
13
qt-everywhere-opensource-src-4.8.5-CVE-2020-24741.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
|
||||
index f0de1010d7b..135b82cd378 100644
|
||||
--- a/src/corelib/plugin/qlibrary_unix.cpp
|
||||
+++ b/src/corelib/plugin/qlibrary_unix.cpp
|
||||
@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys()
|
||||
for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
|
||||
if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
|
||||
continue;
|
||||
+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
|
||||
+ continue;
|
||||
if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
|
||||
continue;
|
||||
if (loadHints & QLibrary::LoadArchiveMemberHint) {
|
||||
9
qt.spec
9
qt.spec
@ -43,7 +43,7 @@ Summary: Qt toolkit
|
||||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.8.7
|
||||
Release: 64%{?dist}
|
||||
Release: 65%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||
@ -237,6 +237,9 @@ Patch501: qt-CVE-2020-17507.patch
|
||||
# no CVE qt: Clamp parsed doubles to float representable values
|
||||
Patch502: qt-everywhere-opensource-src-4.8.7-clamp-parsed-doubles-to-float-representtable-values.patch
|
||||
|
||||
# CVE-2020-24741 qt: QLibrary loads libraries relative to CWD which could result in arbitrary code execution
|
||||
Patch503: qt-everywhere-opensource-src-4.8.5-CVE-2020-24741.patch
|
||||
|
||||
# desktop files
|
||||
Source20: assistant.desktop
|
||||
Source21: designer.desktop
|
||||
@ -677,6 +680,7 @@ rm -rf src/3rdparty/clucene
|
||||
%patch500 -p1 -b .malformed-ppb-image-causing-crash
|
||||
%patch501 -p1 -b .buffer-over-read-in-read_xbm_body
|
||||
%patch502 -p1 -b .clamp-parsed-doubles-to-float-representtable-values
|
||||
%patch503 -p1 -b .CVE-2020-24741
|
||||
|
||||
# regression fixes for the security fixes
|
||||
%patch84 -p1 -b .QTBUG-35459
|
||||
@ -1399,6 +1403,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Oct 12 2021 Than Ngo <than@redhat.com> - 1:4.8.7-65
|
||||
- CVE-2020-24741, Do not attempt to load a library relative to $PWD
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:4.8.7-64
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user