377c552430
Unless "." (or the empty string) is in $PATH, we're not supposed to find executables in the current directory. This is how the Unix shells behave and we match their behavior. It's also the behavior Qt had prior to 5.9 (commit 28666d167aa8e602c0bea25ebc4d51b55005db13). On Windows, searching the current directory is the norm, so we keep that behavior. This commit does not add an explicit check for an empty return from QStandardPaths::findExecutable(). Instead, we allow that empty string to go all the way to execve(2), which will fail with ENOENT. We could catch it early, before fork(2), but why add code for the error case? See https://kde.org/info/security/advisory-20220131-1.txt Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2022-25255-qprocess5-15.diff Last-Update: 2022-02-21 Gbp-Pq: Name CVE-2022-25255.diff |
||
|---|---|---|
| .. | ||
| dialogs | ||
| effects | ||
| graphicsview | ||
| itemviews | ||
| kernel | ||
| styles | ||
| util | ||
| widgets | ||
| widgets.pro | ||