qtbase5.15-CVE-2023-51714

(cherry picked from commit cfef5e5c8dbd256bcd15bd8dcf531600dcc2719a)
2024-01-31 13:42:50 +08:00 · 2024-01-31 13:42:50 +08:00 · 8599b82591
commit 8599b82591
parent bd6017e999
2 changed files with 44 additions and 1 deletions
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@ -34,7 +34,7 @@ BuildRequires:    pkgconfig(libsystemd)
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.2
-Release:          13
+Release:          14


 # See LGPL_EXCEPTIONS.txt, for exception details
@ -131,6 +131,7 @@ Patch0031:        qtbase5.15.2-CVE-2023-43114.patch
 
 Patch1000:        1000-add-loongarch64-support-for-syscall_fork.patch
 Patch1001:        1001-add-sw_64-support-for-syscall_fork.patch
+Patch1002:        qtbase5.15-CVE-2023-51714.patch

 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@ -397,8 +398,10 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch0028 -p1
 %patch0029 -p1
 %patch0030 -p1
+%patch0031 -p1
 %patch1000 -p1
 %patch1001 -p1
+%patch1002 -p1

 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
@ -1041,6 +1044,9 @@ fi


 %changelog
+* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.2-14
+- add qtbase5.15-CVE-2023-51714.patch
+
 * Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.2-13
 - fix qtbase5.15.2-CVE-2023-43114.patch

--- a/qtbase5.15-CVE-2023-51714.patch
+++ b/qtbase5.15-CVE-2023-51714.patch
@ -0,0 +1,37 @@
+From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Wed, 31 Jan 2024 13:38:10 +0800
+Subject: [PATCH] qtbase5.15-CVE-2023-51714
+
+---
+ src/network/access/http2/hpacktable.cpp | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
+index fddb5fec..315f3e23 100644
+--- a/src/network/access/http2/hpacktable.cpp
+++ b/src/network/access/http2/hpacktable.cpp
+@@ -40,6 +40,7 @@
+ #include "hpacktable_p.h"
+ 
+ #include <QtCore/qdebug.h>
+#include <QtCore/private/qnumeric_p.h>
+ 
+ #include <algorithm>
+ #include <cstddef>
+@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)
+     // for counting the number of references to the name and value would have
+     // 32 octets of overhead."
+ 
+-    const unsigned sum = unsigned(name.size() + value.size());
+-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
+    size_t sum;
+    if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
+        return HeaderSize();
+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
+         return HeaderSize();
+     return HeaderSize(true, quint32(sum + 32));
+ }
+-- 
+2.41.0
+