[neon/qt/qtbase/Neon/release] debian/patches: Revert "add patch recommended by Qt for process injection issue"
Jonathan Esk-Riddell
null at kde.org
Mon Feb 21 16:35:24 GMT 2022
Git commit bb6f77223b227a44573a7257905b6f6bb68ee734 by Jonathan Esk-Riddell.
Committed on 21/02/2022 at 16:35.
Pushed by jriddell into branch 'Neon/release'.
Revert "add patch recommended by Qt for process injection issue"
This reverts commit 60ddc6172b86907cc87d8022c4e9bc8f2965b2dd.
D +0 -56 debian/patches/CVE-2022-25255-qprocess5-15.diff
M +0 -1 debian/patches/series
https://invent.kde.org/neon/qt/qtbase/commit/bb6f77223b227a44573a7257905b6f6bb68ee734
diff --git a/debian/patches/CVE-2022-25255-qprocess5-15.diff b/debian/patches/CVE-2022-25255-qprocess5-15.diff
deleted file mode 100644
index 7e29d89..0000000
--- a/debian/patches/CVE-2022-25255-qprocess5-15.diff
+++ /dev/null
@@ -1,56 +0,0 @@
---- a/src/corelib/io/qprocess_unix.cpp
-+++ b/src/corelib/io/qprocess_unix.cpp
-@@ -1,7 +1,7 @@
- /****************************************************************************
- **
- ** Copyright (C) 2021 The Qt Company Ltd.
--** Copyright (C) 2016 Intel Corporation.
-+** Copyright (C) 2022 Intel Corporation.
- ** Contact: https://www.qt.io/licensing/
- **
- ** This file is part of the QtCore module of the Qt Toolkit.
-@@ -422,14 +422,15 @@ void QProcessPrivate::startProcess()
- // Add the program name to the argument list.
- argv[0] = nullptr;
- if (!program.contains(QLatin1Char('/'))) {
-+ // findExecutable() returns its argument if it's an absolute path,
-+ // otherwise it searches $PATH; returns empty if not found (we handle
-+ // that case much later)
- const QString &exeFilePath = QStandardPaths::findExecutable(program);
-- if (!exeFilePath.isEmpty()) {
-- const QByteArray &tmp = QFile::encodeName(exeFilePath);
-- argv[0] = ::strdup(tmp.constData());
-- }
-- }
-- if (!argv[0])
-+ const QByteArray &tmp = QFile::encodeName(exeFilePath);
-+ argv[0] = ::strdup(tmp.constData());
-+ } else {
- argv[0] = ::strdup(encodedProgramName.constData());
-+ }
-
- // Add every argument to the list
- for (int i = 0; i < arguments.count(); ++i)
-@@ -983,15 +984,16 @@ bool QProcessPrivate::startDetached(qint64 *pid)
- envp = _q_dupEnvironment(environment.d.constData()->vars, &envc);
- }
-
-- QByteArray tmp;
- if (!program.contains(QLatin1Char('/'))) {
-+ // findExecutable() returns its argument if it's an absolute path,
-+ // otherwise it searches $PATH; returns empty if not found (we handle
-+ // that case much later)
- const QString &exeFilePath = QStandardPaths::findExecutable(program);
-- if (!exeFilePath.isEmpty())
-- tmp = QFile::encodeName(exeFilePath);
-+ const QByteArray &tmp = QFile::encodeName(exeFilePath);
-+ argv[0] = ::strdup(tmp.constData());
-+ } else {
-+ argv[0] = ::strdup(QFile::encodeName(program));
- }
-- if (tmp.isEmpty())
-- tmp = QFile::encodeName(program);
-- argv[0] = tmp.data();
-
- if (envp)
- qt_safe_execve(argv[0], argv, envp);
\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index a0565f9..71ec769 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,4 +12,3 @@ qstorageinfo_linux.diff
cross_build_mysql.diff
qtbase-avoid-hardcoding-kernel-version.patch
xdg_filechooser_portal_send_window_id_in_hex.diff
-CVE-2022-25255-qprocess5-15.diff
More information about the Neon-commits
mailing list