packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-34410

Browse Source 
(cherry picked from commit 2704daf4975fe94a78e3e50c90a378536670cc7d)
This commit is contained in:
peijiankang 2023-11-02 15:24:47 +08:00 committed by openeuler-sync-bot
parent 2cac1684b4
commit 836cd6d2ed
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qt5-qtbase.spec
View File

@ -13,7 +13,7 @@
Name: qt5-qtbase Name: qt5-qtbase
Summary: Core component of Qt toolkit Summary: Core component of Qt toolkit
Version: 5.11.1 Version: 5.11.1
Release: 17 Release: 18
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
Url: http://qt-project.org/ Url: http://qt-project.org/
Source0: https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz Source0: https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@ -51,6 +51,7 @@ Patch6008: CVE-2023-32763.patch
Patch6009: CVE-2023-37369-pre.patch Patch6009: CVE-2023-37369-pre.patch
Patch6010: CVE-2023-37369.patch Patch6010: CVE-2023-37369.patch
Patch6011: CVE-2023-33285.patch Patch6011: CVE-2023-33285.patch
Patch6012: qtbase5.11.1-CVE-2023-34410.patch
BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa) BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@ -418,6 +419,9 @@ fi
%changelog %changelog
* Thu Nov 02 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-18
- Fix CVE-2023-34410
* Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-17 * Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-17
- Fix CVE-2023-33285.patch - Fix CVE-2023-33285.patch

24
qtbase5.11.1-CVE-2023-34410.patch Normal file
View File

@ -0,0 +1,24 @@
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 4273904c..8d064ba0 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -2053,6 +2053,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, flushTriggered(false)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2252,6 +2256,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->sessionProtocol = global->sessionProtocol;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;