From 81a4f398617f53d8186c782b852f773c96d85b33 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Wed, 22 Jan 2020 00:30:48 +0100 Subject: DEPS: updated qt5 Patches applied that address two vulnerabilities: CVE-2020-0569 and CVE-2020-0570 --- deps/qt5/patches/qt5.cve-2020-0569.patch | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 deps/qt5/patches/qt5.cve-2020-0569.patch (limited to 'deps/qt5/patches/qt5.cve-2020-0569.patch') diff --git a/deps/qt5/patches/qt5.cve-2020-0569.patch b/deps/qt5/patches/qt5.cve-2020-0569.patch new file mode 100644 index 0000000..fa0efdc --- /dev/null +++ b/deps/qt5/patches/qt5.cve-2020-0569.patch @@ -0,0 +1,29 @@ +From bf131e8d2181b3404f5293546ed390999f760404 Mon Sep 17 00:00:00 2001 +From: Olivier Goffart +Date: Fri, 8 Nov 2019 11:30:40 +0100 +Subject: Do not load plugin from the $PWD + +I see no reason why this would make sense to look for plugins in the current +directory. And when there are plugins there, it may actually be wrong + +Change-Id: I5f5aa168021fedddafce90effde0d5762cd0c4c5 +Reviewed-by: Thiago Macieira +--- + src/corelib/plugin/qpluginloader.cpp | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp +index cadff4f32b..c2443dbdda 100644 +--- a/src/corelib/plugin/qpluginloader.cpp ++++ b/src/corelib/plugin/qpluginloader.cpp +@@ -305,7 +305,6 @@ static QString locatePlugin(const QString& fileName) + paths.append(fileName.left(slash)); // don't include the '/' + } else { + paths = QCoreApplication::libraryPaths(); +- paths.prepend(QStringLiteral(".")); // search in current dir first + } + + for (const QString &path : qAsConst(paths)) { +-- +cgit v1.2.1 + -- cgit v1.2.3