From dde17c90daf1862b4526cc71afaa426c05cca8de Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 1 Jun 2020 18:27:22 +0000 Subject: Mon Jun 1 18:27:22 UTC 2020 a/pciutils-3.7.0-x86_64-1.txz: Upgraded. l/imagemagick-7.0.10_16-x86_64-1.txz: Upgraded. l/lcms2-2.10-x86_64-1.txz: Upgraded. l/netpbm-10.90.03-x86_64-1.txz: Upgraded. l/qt5-5.15.0-x86_64-1.txz: Upgraded. n/iptraf-ng-1.2.0-x86_64-1.txz: Upgraded. xap/gnuchess-6.2.7-x86_64-1.txz: Upgraded. xap/mozilla-firefox-68.9.0esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.9.0/releasenotes/ (* Security fix *) extra/pure-alsa-system/qt5-5.15.0-x86_64-1_alsa.txz: Upgraded. --- source/l/qt5/patches/qt5.cve-2020-0569.patch | 29 ----------------- source/l/qt5/patches/qt5.cve-2020-0570.patch | 48 ---------------------------- source/l/qt5/qt5.SlackBuild | 12 +------ source/l/qt5/qt5.url | 1 + 4 files changed, 2 insertions(+), 88 deletions(-) delete mode 100644 source/l/qt5/patches/qt5.cve-2020-0569.patch delete mode 100644 source/l/qt5/patches/qt5.cve-2020-0570.patch create mode 100644 source/l/qt5/qt5.url (limited to 'source/l/qt5') diff --git a/source/l/qt5/patches/qt5.cve-2020-0569.patch b/source/l/qt5/patches/qt5.cve-2020-0569.patch deleted file mode 100644 index fa0efdce..00000000 --- a/source/l/qt5/patches/qt5.cve-2020-0569.patch +++ /dev/null @@ -1,29 +0,0 @@ -From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001 -From: Olivier Goffart -Date: Fri, 8 Nov 2019 11:30:40 +0100 -Subject: Do not load plugin from the $PWD - -I see no reason why this would make sense to look for plugins in the current -directory. And when there are plugins there, it may actually be wrong - -Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 -Reviewed-by: Thiago Macieira ---- - src/corelib/plugin/qpluginloader.cpp | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp -index cadff4f32b..c2443dbdda 100644 ---- a/src/corelib/plugin/qpluginloader.cpp -+++ b/src/corelib/plugin/qpluginloader.cpp -@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName) - paths.append(fileName.left(slash)); // don't include the '/' - } else { - paths = QCoreApplication::libraryPaths(); -- paths.prepend(QStringLiteral(".")); // search in current dir first - } - - for (const QString &path : qAsConst(paths)) { --- -cgit v1.2.1 - diff --git a/source/l/qt5/patches/qt5.cve-2020-0570.patch b/source/l/qt5/patches/qt5.cve-2020-0570.patch deleted file mode 100644 index fa3eb331..00000000 --- a/source/l/qt5/patches/qt5.cve-2020-0570.patch +++ /dev/null @@ -1,48 +0,0 @@ -QLibrary/Unix: do not attempt to load a library relative to $PWD - -I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to -find libraries in a haswell/ subdir of the main path, but we only need -to do that transformation if the library is contains at least one -directory seprator. That is, if the user asks to load "lib/foo", then we -should try "lib/haswell/foo" (often, the path prefix will be absolute). - -When the library name the user requested has no directory separators, we -let dlopen() do the transformation for us. Testing on Linux confirms -glibc does so: - -$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor - 1972475: find library=libXcursor.so.1 [0]; searching - 1972475: trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 - 1972475: trying file=/usr/lib64/haswell/libXcursor.so.1 - 1972475: trying file=/usr/lib64/libXcursor.so.1 - 1972475: calling init: /usr/lib64/libXcursor.so.1 - 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] - -Fixes: QTBUG-81272 -Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb - -X-Git-Url: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=blobdiff_plain;f=src%2Fcorelib%2Fplugin%2Fqlibrary_unix.cpp;h=135b82cd378b00abe231c2320866d88f8a71b25a;hp=f0de1010d7b7126d83c4365a31924fa080ec334d;hb=27d92ead3a5f3c145f16b96f95a43c5af136a36b;hpb=3b54009b13e9629b75827a59f8537451d25613a4 - -diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp -index f0de1010d7b..135b82cd378 100644 ---- a/src/corelib/plugin/qlibrary_unix.cpp -+++ b/src/corelib/plugin/qlibrary_unix.cpp -@@ -1,7 +1,7 @@ - /**************************************************************************** - ** - ** Copyright (C) 2016 The Qt Company Ltd. --** Copyright (C) 2018 Intel Corporation -+** Copyright (C) 2020 Intel Corporation - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the QtCore module of the Qt Toolkit. -@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys() - for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { - if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) - continue; -+ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) -+ continue; - if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) - continue; - if (loadHints & QLibrary::LoadArchiveMemberHint) { - diff --git a/source/l/qt5/qt5.SlackBuild b/source/l/qt5/qt5.SlackBuild index 60f6bf8b..66e072aa 100755 --- a/source/l/qt5/qt5.SlackBuild +++ b/source/l/qt5/qt5.SlackBuild @@ -31,7 +31,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=qt5 VERSION=$(ls qt-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev) -BUILD=${BUILD:-4} +BUILD=${BUILD:-1} PKGSRC=$(echo $VERSION | cut -d - -f 1) PKGVER=$(echo $VERSION | tr - _) @@ -131,16 +131,6 @@ cd qtbase zcat $CWD/patches/qt5.qtbase_cmake_isystem_includes.patch.gz | patch -p1 --verbose || exit 1 cd - 1>/dev/null -# CVE-2020-0569 (fixed in 5.14.0): -cd qtbase - zcat $CWD/patches/qt5.cve-2020-0569.patch.gz | patch -p1 --verbose || exit 1 -cd - 1>/dev/null - -# CVE-2020-0570 (fixed in 5.14.1): -cd qtbase - zcat $CWD/patches/qt5.cve-2020-0570.patch.gz | patch -p1 --verbose || exit 1 -cd - 1>/dev/null - # If PulseAudio is not found, use the _alsa $TAG and disable it in the build: if ! pkg-config --exists libpulse 2>/dev/null ; then PULSEAUDIO_OPTION="-no-pulseaudio -no-webengine-pulseaudio" diff --git a/source/l/qt5/qt5.url b/source/l/qt5/qt5.url new file mode 100644 index 00000000..7df396ed --- /dev/null +++ b/source/l/qt5/qt5.url @@ -0,0 +1 @@ +https://download.qt.io/official_releases/qt -- cgit v1.2.3