From 87fca4af3ddc9e9521ac151a4c46344a79830251 Mon Sep 17 00:00:00 2001 From: kang_xiao_qiang Date: Wed, 16 Sep 2020 09:36:05 +0800 Subject: [PATCH 1/4] modify source --- qt.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/qt.spec b/qt.spec index 5b7cc5f..d0ce6ae 100644 --- a/qt.spec +++ b/qt.spec @@ -13,11 +13,11 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 47 +Release: 48 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: http://qt-project.org/ -Source0: https://download.qt-project.org/official_releases/qt/4.8/%{version}/qt-everywhere-opensource-src-%{version}.tar.gz +Source0: https://download.qt.io/archive/qt/4.8/4.8.7/qt-everywhere-opensource-src-4.8.7.tar.gz Source1: qconfig-multilib.h Source2: assistant.desktop Source3: designer.desktop @@ -72,6 +72,7 @@ Patch40: qt-aarch64.patch Patch41: qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch Patch42: qt-everywhere-opensource-src-4.8.6-systemtrayicon.patch Patch43: stack-protector.patch +Patch44: 0001-Redo-the-Q_FOREACH-loop-control-without-GCC-statemen.patch Patch6000: CVE-2018-19869.patch Patch6001: CVE-2018-19872.patch Patch6002: CVE-2018-19871.patch @@ -443,6 +444,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Tue Sep 15 2020 shaoqiang kang - 1:4.8.7-48 +- Modify source + * Thu Mar 19 2020 yanglijin - 1:4.8.7-47 - add stack protector -- Gitee From f808681d7d16ab895cd10bd05faf26e3e23b88bb Mon Sep 17 00:00:00 2001 From: kang_xiao_qiang Date: Wed, 16 Sep 2020 09:39:02 +0800 Subject: [PATCH 2/4] modify source --- qt.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/qt.spec b/qt.spec index d0ce6ae..9c7bb87 100644 --- a/qt.spec +++ b/qt.spec @@ -72,7 +72,6 @@ Patch40: qt-aarch64.patch Patch41: qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch Patch42: qt-everywhere-opensource-src-4.8.6-systemtrayicon.patch Patch43: stack-protector.patch -Patch44: 0001-Redo-the-Q_FOREACH-loop-control-without-GCC-statemen.patch Patch6000: CVE-2018-19869.patch Patch6001: CVE-2018-19872.patch Patch6002: CVE-2018-19871.patch -- Gitee From fe44b2cad4ab125a4ac11b1de68be3408e1f1877 Mon Sep 17 00:00:00 2001 From: kang_xiao_qiang Date: Mon, 21 Sep 2020 10:39:41 +0800 Subject: [PATCH 3/4] fix cve --- CVE-2020-17507.patch | 28 ++++++++++++++++++++++++++++ qt.spec | 6 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-17507.patch diff --git a/CVE-2020-17507.patch b/CVE-2020-17507.patch new file mode 100644 index 0000000..756ad15 --- /dev/null +++ b/CVE-2020-17507.patch @@ -0,0 +1,28 @@ +From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001 +From: Dmitry Shachnev +Date: Tue, 18 Aug 2020 16:16:57 +0300 +Subject: [PATCH] Backport upstream patch to fix buffer overflow in XBMparser. + +Closes: #968444, CVE-2020-17507. +--- + src/gui/image/qxbmhandler.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp +index 414e8233..7483b245 100644 +--- a/src/gui/image/qxbmhandler.cpp ++++ b/src/gui/image/qxbmhandler.cpp +@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage) + w = (w+7)/8; // byte width + + while (y < h) { // for all encoded bytes... +- if (p) { // p = "0x.." ++ if (p && p < (buf + readBytes - 3)) { // p = "0x.." ++ if (!isxdigit(p[2]) || !isxdigit(p[3])) ++ return false; + *b++ = hex2byte(p+2); + p += 2; + if (++x == w && ++y < h) { +-- +2.23.0 + diff --git a/qt.spec b/qt.spec index 9c7bb87..129d24a 100644 --- a/qt.spec +++ b/qt.spec @@ -13,7 +13,7 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 48 +Release: 49 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: http://qt-project.org/ @@ -77,6 +77,7 @@ Patch6001: CVE-2018-19872.patch Patch6002: CVE-2018-19871.patch Patch6003: CVE-2018-19870.patch Patch6004: CVE-2018-19873.patch +Patch6005: CVE-2020-17507.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) @@ -443,6 +444,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Mon Sep 21 2020 shaoqiang kang - 1:4.8.7-49 +- fix CVE-2020-17507 + * Tue Sep 15 2020 shaoqiang kang - 1:4.8.7-48 - Modify source -- Gitee From 1d5a54bb3c0b7e9fb2a2ffcc6d4df7b7bbff5e16 Mon Sep 17 00:00:00 2001 From: wang_yue111 <648774160@qq.com> Date: Wed, 14 Oct 2020 15:09:59 +0800 Subject: [PATCH 4/4] https://gitee.com/src-openeuler/qt/issues/l1YACZ?from=project-issue --- CVE-2020-0570.patch | 47 +++++++++++++++++++++++++++++++++++++++++++++ qt.spec | 6 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-0570.patch diff --git a/CVE-2020-0570.patch b/CVE-2020-0570.patch new file mode 100644 index 0000000..4fe2f4a --- /dev/null +++ b/CVE-2020-0570.patch @@ -0,0 +1,47 @@ +From 15d5017b8f61a4af9196ba8f802df75efb77a319 Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Fri, 10 Jan 2020 09:26:27 -0800 +Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD + +I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to +find libraries in a haswell/ subdir of the main path, but we only need +to do that transformation if the library is contains at least one +directory seprator. That is, if the user asks to load "lib/foo", then we +should try "lib/haswell/foo" (often, the path prefix will be absolute). + +When the library name the user requested has no directory separators, we +let dlopen() do the transformation for us. Testing on Linux confirms +glibc does so: + +$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help +|& grep Xcurs or + 1972475: find library=libXcursor.so.1 [0]; searching + 1972475:trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1 + 1972475:trying file=/usr/lib64/haswell/libXcursor.so.1 + 1972475:trying file=/usr/lib64/libXcursor.so.1 + 1972475: calling init: /usr/lib64/libXcursor.so.1 + 1972475: calling fini: /usr/lib64/libXcursor.so.1 [0] + +Fixes: QTBUG-81272 +Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb +Reviewed-by: Thiago Macieira +--- + src/corelib/plugin/qlibrary_unix.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp +index 90797a49..99c646e1 100644 +--- a/src/corelib/plugin/qlibrary_unix.cpp ++++ b/src/corelib/plugin/qlibrary_unix.cpp +@@ -209,6 +209,8 @@ bool QLibraryPrivate::load_sys() + for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) { + if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix))) + continue; ++ if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/'))) ++ continue; + if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix))) + continue; + if (loadHints & QLibrary::LoadArchiveMemberHint) { +-- +2.23.0 + diff --git a/qt.spec b/qt.spec index 129d24a..b5fb5b8 100644 --- a/qt.spec +++ b/qt.spec @@ -13,7 +13,7 @@ Name: qt Epoch: 1 Version: 4.8.7 -Release: 49 +Release: 50 Summary: A software toolkit for developing applications License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT URL: http://qt-project.org/ @@ -78,6 +78,7 @@ Patch6002: CVE-2018-19871.patch Patch6003: CVE-2018-19870.patch Patch6004: CVE-2018-19873.patch Patch6005: CVE-2020-17507.patch +Patch6006: CVE-2020-0570.patch BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) @@ -444,6 +445,9 @@ fi %{_qt4_prefix}/examples/ %changelog +* Wed 14 Oct 2020 wangyue - 1:4.8.7-50 +- fix CVE-2020-0570 + * Mon Sep 21 2020 shaoqiang kang - 1:4.8.7-49 - fix CVE-2020-17507 -- Gitee