From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Thu, 16 Apr 2020 17:05:12 +0000 (+0100)
Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD
X-Git-Tag: archive/raspbian/5.12.5+dfsg-10+rpi1^2~12
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=010bb89de15550978cb266be2dfbb6a162c74151;p=qtbase-opensource-src.git

QLibrary/Unix: do not attempt to load a library relative to $PWD

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63f
Last-Update: 2020-01-30

I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory separator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).

When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:

$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
   1972475:     find library=libXcursor.so.1 [0]; searching
   1972475:       trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
   1972475:       trying file=/usr/lib64/haswell/libXcursor.so.1
   1972475:       trying file=/usr/lib64/libXcursor.so.1
   1972475:     calling init: /usr/lib64/libXcursor.so.1
   1972475:     calling fini: /usr/lib64/libXcursor.so.1 [0]

Gbp-Pq: Name CVE-2020-0570.diff
---

diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index e03814984..acb4e1490 100644
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys()
         for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
             if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
                 continue;
+            if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+                continue;
             if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
                 continue;
             if (loadHints & QLibrary::LoadArchiveMemberHint) {