fix CVE-2023-34410

2023-11-02 14:44:31 +08:00 · 2023-11-02 14:44:31 +08:00 · 14692a925c
commit 14692a925c
parent 3c33b1fc33
3 changed files with 48 additions and 1 deletions
--- a/1000-add-loongarch64-support-for-syscall_fork.patch
+++ b/1000-add-loongarch64-support-for-syscall_fork.patch
@ -11,3 +11,19 @@ index ffe0e9a5..1ec9fea4 100644
     /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures,
      * but since both values are 0, there's no harm. */
     return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls);
+diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h
+index ca9d4080..6f0bc7e7 100644
+--- a/src/corelib/global/qprocessordetection.h
+++ b/src/corelib/global/qprocessordetection.h
+@@ -225,8 +225,9 @@
+ // Q_BYTE_ORDER not defined, use endianness auto-detection
+ 
+ #elif defined(__loongarch64)
+-#    define Q_PROCESSOR_LOONGARCH_64
+-#    define Q_PROCESSOR_WORDSIZE 8
+#    define Q_PROCESSOR_LOONGARCH_64
+#    define Q_PROCESSOR_WORDSIZE 8
+#    define Q_BYTE_ORDER Q_LITTLE_ENDIAN
+ 
+ /*
+     MIPS family, known revisions: I, II, III, IV, 32, 64
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@ -34,7 +34,7 @@ BuildRequires:    pkgconfig(libsystemd)
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.2
-Release:          10
+Release:          11


 # See LGPL_EXCEPTIONS.txt, for exception details
@ -123,6 +123,7 @@ Patch0025:        CVE-2023-32763.patch
 Patch0026:        CVE-2023-37369-pre.patch
 Patch0027:        CVE-2023-37369.patch
 Patch0028:        CVE-2023-33285.patch 
+Patch0029:        qtbase5.15-CVE-2023-34410.patch

 Patch1000:        1000-add-loongarch64-support-for-syscall_fork.patch
 Patch1001:        1001-add-sw_64-support-for-syscall_fork.patch
@ -390,6 +391,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch0026 -p1
 %patch0027 -p1
 %patch0028 -p1
+%patch0029 -p1
 %patch1000 -p1
 %patch1001 -p1

@ -1034,6 +1036,9 @@ fi


 %changelog
+* Thu Nov 02 2023 peijiankang <peijiankang@kylinos.cn> - 5.15.2-11
+- fix CVE-2023-34410
+
 * Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.15.2-10
 - fix CVE-2023-33285

--- a/qtbase5.15-CVE-2023-34410.patch
+++ b/qtbase5.15-CVE-2023-34410.patch
@ -0,0 +1,26 @@
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index fbeb9de1..6d1cdd1d 100644
+--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
+@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+     , flushTriggered(false)
+ {
+     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+    // If the global configuration doesn't allow root certificates to be loaded
+    // on demand then we have to disable it for this socket as well.
+    if (!configuration.allowRootCertOnDemandLoading)
+        allowRootCertOnDemandLoading = false;
+ }
+ 
+ /*!
+@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
+     ptr->sessionProtocol = global->sessionProtocol;
+     ptr->ciphers = global->ciphers;
+     ptr->caCertificates = global->caCertificates;
+    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+     ptr->protocol = global->protocol;
+     ptr->peerVerifyMode = global->peerVerifyMode;
+     ptr->peerVerifyDepth = global->peerVerifyDepth;
+-- 
+2.27.0
+