fix qt CVE-2023-45935
(cherry picked from commit 63a4a56709e274b58c5c0ad39f3e3d1c3020f9e4)
This commit is contained in:
lvfei
openeuler-sync-bot
parent
7981f583be
commit
b909fad45d
31
CVE-2023-45935.patch
Normal file
31
CVE-2023-45935.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From b349ef7d08deb9d7ee64cf161fdf3a92b0f3f706 Mon Sep 17 00:00:00 2001
|
||||
From: Liang Qi <liang.qi@qt.io>
|
||||
Date: 2023-07-31 05:35:11 +0200
|
||||
Subject: [PATCH] CVE-2023-45935
|
||||
|
||||
port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
|
||||
|
||||
---
|
||||
src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp
|
||||
index 78081660..11d356dd 100644
|
||||
--- a/src/plugins/platforms/xcb/qxcbatom.cpp
|
||||
+++ b/src/plugins/platforms/xcb/qxcbatom.cpp
|
||||
@@ -268,8 +268,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) {
|
||||
|
||||
for (i = 0; i < QXcbAtom::NAtoms; ++i) {
|
||||
xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr);
|
||||
- m_allAtoms[i] = reply->atom;
|
||||
- free(reply);
|
||||
+ if (reply) {
|
||||
+ m_allAtoms[i] = reply->atom;
|
||||
+ free(reply);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -34,7 +34,7 @@ BuildRequires: pkgconfig(libsystemd)
|
||||
Name: qt5-qtbase
|
||||
Summary: Qt5 - QtBase components
|
||||
Version: 5.15.2
|
||||
Release: 15
|
||||
Release: 16
|
||||
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, for exception details
|
||||
@ -133,6 +133,7 @@ Patch0032: CVE-2024-25580-qtbase-5.15.diff
|
||||
Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch
|
||||
Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch
|
||||
Patch1002: qtbase5.15-CVE-2023-51714.patch
|
||||
Patch1003: CVE-2023-45935.patch
|
||||
|
||||
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
|
||||
# Those themes are there for platform integration. If the required libraries are
|
||||
@ -404,6 +405,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
|
||||
# move some bundled libs to ensure they're not accidentally used
|
||||
pushd src/3rdparty
|
||||
@ -1046,6 +1048,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.15.2-16
|
||||
- Fix CVE-2023-45935
|
||||
|
||||
* Wed Apr 17 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.2-15
|
||||
- add CVE-2024-25580-qtbase-5.15.diff
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user