packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-34410

Browse Source
This commit is contained in:
peijiankang 2023-11-02 14:44:31 +08:00
parent 3c33b1fc33
commit 14692a925c
3 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
1000-add-loongarch64-support-for-syscall_fork.patch
View File

@ -11,3 +11,19 @@ index ffe0e9a5..1ec9fea4 100644
/* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures, /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures,
* but since both values are 0, there's no harm. */ * but since both values are 0, there's no harm. */
return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls); return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls);
diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h
index ca9d4080..6f0bc7e7 100644
--- a/src/corelib/global/qprocessordetection.h
+++ b/src/corelib/global/qprocessordetection.h
@@ -225,8 +225,9 @@
// Q_BYTE_ORDER not defined, use endianness auto-detection
#elif defined(__loongarch64)
-# define Q_PROCESSOR_LOONGARCH_64
-# define Q_PROCESSOR_WORDSIZE 8
+# define Q_PROCESSOR_LOONGARCH_64
+# define Q_PROCESSOR_WORDSIZE 8
+# define Q_BYTE_ORDER Q_LITTLE_ENDIAN
/*
MIPS family, known revisions: I, II, III, IV, 32, 64

7
qt5-qtbase.spec
View File

@ -34,7 +34,7 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase Name: qt5-qtbase
Summary: Qt5 - QtBase components Summary: Qt5 - QtBase components
Version: 5.15.2 Version: 5.15.2
Release: 10 Release: 11
# See LGPL_EXCEPTIONS.txt, for exception details # See LGPL_EXCEPTIONS.txt, for exception details
@ -123,6 +123,7 @@ Patch0025: CVE-2023-32763.patch
Patch0026: CVE-2023-37369-pre.patch Patch0026: CVE-2023-37369-pre.patch
Patch0027: CVE-2023-37369.patch Patch0027: CVE-2023-37369.patch
Patch0028: CVE-2023-33285.patch Patch0028: CVE-2023-33285.patch
Patch0029: qtbase5.15-CVE-2023-34410.patch
Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch
Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch
@ -390,6 +391,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%patch0026 -p1 %patch0026 -p1
%patch0027 -p1 %patch0027 -p1
%patch0028 -p1 %patch0028 -p1
%patch0029 -p1
%patch1000 -p1 %patch1000 -p1
%patch1001 -p1 %patch1001 -p1
@ -1034,6 +1036,9 @@ fi
%changelog %changelog
* Thu Nov 02 2023 peijiankang <peijiankang@kylinos.cn> - 5.15.2-11
- fix CVE-2023-34410
* Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.15.2-10 * Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.15.2-10
- fix CVE-2023-33285 - fix CVE-2023-33285

26
qtbase5.15-CVE-2023-34410.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index fbeb9de1..6d1cdd1d 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, flushTriggered(false)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->sessionProtocol = global->sessionProtocol;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;
--
2.27.0