diff --git a/1000-add-loongarch64-support-for-syscall_fork.patch b/1000-add-loongarch64-support-for-syscall_fork.patch index 3788b4a82c02bcb2ffe8810529b88112ff798297..6974f7d48911ada5c8658248607a9cec87eab3d7 100644 --- a/1000-add-loongarch64-support-for-syscall_fork.patch +++ b/1000-add-loongarch64-support-for-syscall_fork.patch @@ -11,3 +11,19 @@ index ffe0e9a5..1ec9fea4 100644 /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures, * but since both values are 0, there's no harm. */ return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls); +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index ca9d4080..6f0bc7e7 100644 +--- a/src/corelib/global/qprocessordetection.h ++++ b/src/corelib/global/qprocessordetection.h +@@ -225,8 +225,9 @@ + // Q_BYTE_ORDER not defined, use endianness auto-detection + + #elif defined(__loongarch64) +-# define Q_PROCESSOR_LOONGARCH_64 +-# define Q_PROCESSOR_WORDSIZE 8 ++# define Q_PROCESSOR_LOONGARCH_64 ++# define Q_PROCESSOR_WORDSIZE 8 ++# define Q_BYTE_ORDER Q_LITTLE_ENDIAN + + /* + MIPS family, known revisions: I, II, III, IV, 32, 64 diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 70940161992cca715d69bc9bcba1d82f0716ab3d..ec8ad8277b3e3df589757192ac1bcf2f2451ecfd 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -34,7 +34,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.15.2 -Release: 10 +Release: 11 # See LGPL_EXCEPTIONS.txt, for exception details @@ -123,6 +123,7 @@ Patch0025: CVE-2023-32763.patch Patch0026: CVE-2023-37369-pre.patch Patch0027: CVE-2023-37369.patch Patch0028: CVE-2023-33285.patch +Patch0029: qtbase5.15-CVE-2023-34410.patch Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch @@ -390,6 +391,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch0026 -p1 %patch0027 -p1 %patch0028 -p1 +%patch0029 -p1 %patch1000 -p1 %patch1001 -p1 @@ -1034,6 +1036,9 @@ fi %changelog +* Thu Nov 02 2023 peijiankang - 5.15.2-11 +- fix CVE-2023-34410 + * Wed Nov 01 2023 peijiankang - 5.15.2-10 - fix CVE-2023-33285 diff --git a/qtbase5.15-CVE-2023-34410.patch b/qtbase5.15-CVE-2023-34410.patch new file mode 100644 index 0000000000000000000000000000000000000000..dd46bace4868f37b8b9bf5c7a2ce10220f4de5b2 --- /dev/null +++ b/qtbase5.15-CVE-2023-34410.patch @@ -0,0 +1,26 @@ +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index fbeb9de1..6d1cdd1d 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate() + , flushTriggered(false) + { + QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); ++ // If the global configuration doesn't allow root certificates to be loaded ++ // on demand then we have to disable it for this socket as well. ++ if (!configuration.allowRootCertOnDemandLoading) ++ allowRootCertOnDemandLoading = false; + } + + /*! +@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri + ptr->sessionProtocol = global->sessionProtocol; + ptr->ciphers = global->ciphers; + ptr->caCertificates = global->caCertificates; ++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; + ptr->protocol = global->protocol; + ptr->peerVerifyMode = global->peerVerifyMode; + ptr->peerVerifyDepth = global->peerVerifyDepth; +-- +2.27.0 +