From e5cd68347ee5ef3aca001b9db06372da74b36512 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 1 Feb 2025 19:22:31 +0800
Subject: [PATCH] fix CVE-2024-36048

(cherry picked from commit f870fbb5a8cd5db9e3b4170c52d2dae45085f545)
---
 CVE-2024-36048-qtnetworkauth-5.15.diff | 53 ++++++++++++++++++++++++++
 qt5-qtnetworkauth.spec                 |  8 +++-
 2 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2024-36048-qtnetworkauth-5.15.diff

diff --git a/CVE-2024-36048-qtnetworkauth-5.15.diff b/CVE-2024-36048-qtnetworkauth-5.15.diff
new file mode 100644
index 0000000..63252bb
--- /dev/null
+++ b/CVE-2024-36048-qtnetworkauth-5.15.diff
@@ -0,0 +1,53 @@
+diff --git a/src/oauth/qabstractoauth.cpp b/src/oauth/qabstractoauth.cpp
+index f1ed2af..05b189a 100644
+--- a/src/oauth/qabstractoauth.cpp
++++ b/src/oauth/qabstractoauth.cpp
+@@ -37,7 +37,6 @@
+ #include <QtCore/qurl.h>
+ #include <QtCore/qpair.h>
+ #include <QtCore/qstring.h>
+-#include <QtCore/qdatetime.h>
+ #include <QtCore/qurlquery.h>
+ #include <QtCore/qjsondocument.h>
+ #include <QtCore/qmessageauthenticationcode.h>
+@@ -46,6 +45,9 @@
+ #include <QtNetwork/qnetworkaccessmanager.h>
+ #include <QtNetwork/qnetworkreply.h>
+ 
++#include <QtCore/qrandom.h>
++#include <QtCore/private/qlocking_p.h>
++
+ #include <random>
+ 
+ Q_DECLARE_METATYPE(QAbstractOAuth::Error)
+@@ -290,15 +292,19 @@ void QAbstractOAuthPrivate::setStatus(QAbstractOAuth::Status newStatus)
+     }
+ }
+ 
++static QBasicMutex prngMutex;
++Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system()))
++
+ QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length)
+ {
+-    const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+-    static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch());
++    constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+     std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2);
+     QByteArray data;
+     data.reserve(length);
++    auto lock = qt_unique_lock(prngMutex);
+     for (quint8 i = 0; i < length; ++i)
+-        data.append(characters[distribution(randomEngine)]);
++        data.append(characters[distribution(*prng)]);
++    lock.unlock();
+     return data;
+ }
+ 
+@@ -614,6 +620,7 @@ void QAbstractOAuth::resourceOwnerAuthorization(const QUrl &url, const QVariantM
+ }
+ 
+ /*!
++    \threadsafe
+     Generates a random string which could be used as state or nonce.
+     The parameter \a length determines the size of the generated
+     string.
diff --git a/qt5-qtnetworkauth.spec b/qt5-qtnetworkauth.spec
index fac31ee..c97e019 100644
--- a/qt5-qtnetworkauth.spec
+++ b/qt5-qtnetworkauth.spec
@@ -3,13 +3,14 @@
 Summary: Qt5 - NetworkAuth component
 Name:    qt5-%{qt_module}
 Version: 5.15.10
-Release: 1
+Release: 2
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
 Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
+Patch0: CVE-2024-36048-qtnetworkauth-5.15.diff
 
 # filter plugin/qml provides
 %global __provides_exclude_from ^(%{_qt5_archdatadir}/qml/.*\\.so|%{_qt5_plugindir}/.*\\.so)$
@@ -36,7 +37,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %{summary}.
 
 %prep
-%setup -q -n %{qt_module}-everywhere-src-%{version}
+%autosetup -p1 -n %{qt_module}-everywhere-src-%{version}
 
 %build
 %{qmake_qt5}
@@ -73,6 +74,9 @@ popd
 %{_qt5_examplesdir}/
 
 %changelog
+* Sat Feb 01 2025 Funda Wang <fundawang@yeah.net> - 5.15.10-2
+- fix CVE-2024-36048
+
 * Mon Aug 21 2023 huayadong <huayadong@kylinos.cn> - 5.15.10-1
 - update to version 5.15.10-1
 
-- 
Gitee