[neon/qt/qtbase/Neon/release] debian/patches: Revert "add patch recommended by Qt for process injection issue"

Jonathan Esk-Riddell null at kde.org
Mon Feb 21 16:35:24 GMT 2022


Git commit bb6f77223b227a44573a7257905b6f6bb68ee734 by Jonathan Esk-Riddell.
Committed on 21/02/2022 at 16:35.
Pushed by jriddell into branch 'Neon/release'.

Revert "add patch recommended by Qt for process injection issue"

This reverts commit 60ddc6172b86907cc87d8022c4e9bc8f2965b2dd.

D  +0    -56   debian/patches/CVE-2022-25255-qprocess5-15.diff
M  +0    -1    debian/patches/series

https://invent.kde.org/neon/qt/qtbase/commit/bb6f77223b227a44573a7257905b6f6bb68ee734

diff --git a/debian/patches/CVE-2022-25255-qprocess5-15.diff b/debian/patches/CVE-2022-25255-qprocess5-15.diff
deleted file mode 100644
index 7e29d89..0000000
--- a/debian/patches/CVE-2022-25255-qprocess5-15.diff
+++ /dev/null
@@ -1,56 +0,0 @@
---- a/src/corelib/io/qprocess_unix.cpp
-+++ b/src/corelib/io/qprocess_unix.cpp
-@@ -1,7 +1,7 @@
- /****************************************************************************
- **
- ** Copyright (C) 2021 The Qt Company Ltd.
--** Copyright (C) 2016 Intel Corporation.
-+** Copyright (C) 2022 Intel Corporation.
- ** Contact: https://www.qt.io/licensing/
- **
- ** This file is part of the QtCore module of the Qt Toolkit.
-@@ -422,14 +422,15 @@ void QProcessPrivate::startProcess()
-     // Add the program name to the argument list.
-     argv[0] = nullptr;
-     if (!program.contains(QLatin1Char('/'))) {
-+        // findExecutable() returns its argument if it's an absolute path,
-+        // otherwise it searches $PATH; returns empty if not found (we handle
-+        // that case much later)
-         const QString &exeFilePath = QStandardPaths::findExecutable(program);
--        if (!exeFilePath.isEmpty()) {
--            const QByteArray &tmp = QFile::encodeName(exeFilePath);
--            argv[0] = ::strdup(tmp.constData());
--        }
--    }
--    if (!argv[0])
-+        const QByteArray &tmp = QFile::encodeName(exeFilePath);
-+        argv[0] = ::strdup(tmp.constData());
-+    } else {
-         argv[0] = ::strdup(encodedProgramName.constData());
-+    }
-
-     // Add every argument to the list
-     for (int i = 0; i < arguments.count(); ++i)
-@@ -983,15 +984,16 @@ bool QProcessPrivate::startDetached(qint64 *pid)
-                 envp = _q_dupEnvironment(environment.d.constData()->vars, &envc);
-             }
-
--            QByteArray tmp;
-             if (!program.contains(QLatin1Char('/'))) {
-+                // findExecutable() returns its argument if it's an absolute path,
-+                // otherwise it searches $PATH; returns empty if not found (we handle
-+                // that case much later)
-                 const QString &exeFilePath = QStandardPaths::findExecutable(program);
--                if (!exeFilePath.isEmpty())
--                    tmp = QFile::encodeName(exeFilePath);
-+                const QByteArray &tmp = QFile::encodeName(exeFilePath);
-+                argv[0] = ::strdup(tmp.constData());
-+            } else {
-+                argv[0] = ::strdup(QFile::encodeName(program));
-             }
--            if (tmp.isEmpty())
--                tmp = QFile::encodeName(program);
--            argv[0] = tmp.data();
-
-             if (envp)
-                 qt_safe_execve(argv[0], argv, envp);
\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index a0565f9..71ec769 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,4 +12,3 @@ qstorageinfo_linux.diff
 cross_build_mysql.diff
 qtbase-avoid-hardcoding-kernel-version.patch
 xdg_filechooser_portal_send_window_id_in_hex.diff
-CVE-2022-25255-qprocess5-15.diff


More information about the Neon-commits mailing list