From c5f9c88466ab2fef40c56f49c9fbd9c9dda0796a Mon Sep 17 00:00:00 2001 From: peijiankang Date: Thu, 2 Nov 2023 14:44:31 +0800 Subject: [PATCH] fix CVE-2023-34410 (cherry picked from commit 14692a925c7cef0715f30acff86080856850a132) --- ...loongarch64-support-for-syscall_fork.patch | 16 ++++++++++++ qt5-qtbase.spec | 7 ++++- qtbase5.15-CVE-2023-34410.patch | 26 +++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 qtbase5.15-CVE-2023-34410.patch diff --git a/1000-add-loongarch64-support-for-syscall_fork.patch b/1000-add-loongarch64-support-for-syscall_fork.patch index 3788b4a..6974f7d 100644 --- a/1000-add-loongarch64-support-for-syscall_fork.patch +++ b/1000-add-loongarch64-support-for-syscall_fork.patch @@ -11,3 +11,19 @@ index ffe0e9a5..1ec9fea4 100644 /* ctid and newtls are inverted on CONFIG_CLONE_BACKWARDS architectures, * but since both values are 0, there's no harm. */ return syscall(__NR_clone, cloneflags, child_stack, ptid, ctid, newtls); +diff --git a/src/corelib/global/qprocessordetection.h b/src/corelib/global/qprocessordetection.h +index ca9d4080..6f0bc7e7 100644 +--- a/src/corelib/global/qprocessordetection.h ++++ b/src/corelib/global/qprocessordetection.h +@@ -225,8 +225,9 @@ + // Q_BYTE_ORDER not defined, use endianness auto-detection + + #elif defined(__loongarch64) +-# define Q_PROCESSOR_LOONGARCH_64 +-# define Q_PROCESSOR_WORDSIZE 8 ++# define Q_PROCESSOR_LOONGARCH_64 ++# define Q_PROCESSOR_WORDSIZE 8 ++# define Q_BYTE_ORDER Q_LITTLE_ENDIAN + + /* + MIPS family, known revisions: I, II, III, IV, 32, 64 diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 7094016..ec8ad82 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -34,7 +34,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.15.2 -Release: 10 +Release: 11 # See LGPL_EXCEPTIONS.txt, for exception details @@ -123,6 +123,7 @@ Patch0025: CVE-2023-32763.patch Patch0026: CVE-2023-37369-pre.patch Patch0027: CVE-2023-37369.patch Patch0028: CVE-2023-33285.patch +Patch0029: qtbase5.15-CVE-2023-34410.patch Patch1000: 1000-add-loongarch64-support-for-syscall_fork.patch Patch1001: 1001-add-sw_64-support-for-syscall_fork.patch @@ -390,6 +391,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch0026 -p1 %patch0027 -p1 %patch0028 -p1 +%patch0029 -p1 %patch1000 -p1 %patch1001 -p1 @@ -1034,6 +1036,9 @@ fi %changelog +* Thu Nov 02 2023 peijiankang - 5.15.2-11 +- fix CVE-2023-34410 + * Wed Nov 01 2023 peijiankang - 5.15.2-10 - fix CVE-2023-33285 diff --git a/qtbase5.15-CVE-2023-34410.patch b/qtbase5.15-CVE-2023-34410.patch new file mode 100644 index 0000000..dd46bac --- /dev/null +++ b/qtbase5.15-CVE-2023-34410.patch @@ -0,0 +1,26 @@ +diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp +index fbeb9de1..6d1cdd1d 100644 +--- a/src/network/ssl/qsslsocket.cpp ++++ b/src/network/ssl/qsslsocket.cpp +@@ -2221,6 +2221,10 @@ QSslSocketPrivate::QSslSocketPrivate() + , flushTriggered(false) + { + QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration); ++ // If the global configuration doesn't allow root certificates to be loaded ++ // on demand then we have to disable it for this socket as well. ++ if (!configuration.allowRootCertOnDemandLoading) ++ allowRootCertOnDemandLoading = false; + } + + /*! +@@ -2470,6 +2474,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri + ptr->sessionProtocol = global->sessionProtocol; + ptr->ciphers = global->ciphers; + ptr->caCertificates = global->caCertificates; ++ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading; + ptr->protocol = global->protocol; + ptr->peerVerifyMode = global->peerVerifyMode; + ptr->peerVerifyDepth = global->peerVerifyDepth; +-- +2.27.0 + -- Gitee