packages/qt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!67 fix CVE-2023-34410

Browse Source 
From: @peijiankang 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2023-11-02 10:18:38 +00:00 committed by Gitee
commit 86e05f4836
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
qt-CVE-2023-34410.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp.me qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp
--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp.me 2023-06-09 16:41:34.702124706 +0200
+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket.cpp 2023-06-09 16:42:50.152993830 +0200
@@ -1863,6 +1863,10 @@ QSslSocketPrivate::QSslSocketPrivate()
, plainSocket(0)
{
QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+ // If the global configuration doesn't allow root certificates to be loaded
+ // on demand then we have to disable it for this socket as well.
+ if (!configuration.allowRootCertOnDemandLoading)
+ allowRootCertOnDemandLoading = false;
}
/*!
@@ -2041,6 +2045,7 @@ void QSslConfigurationPrivate::deepCopyD
ptr->sessionCipher = global->sessionCipher;
ptr->ciphers = global->ciphers;
ptr->caCertificates = global->caCertificates;
+ ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
ptr->protocol = global->protocol;
ptr->peerVerifyMode = global->peerVerifyMode;
ptr->peerVerifyDepth = global->peerVerifyDepth;

9
qt.spec
View File

@ -13,7 +13,7 @@
Name: qt
Epoch: 1
Version: 4.8.7
Release: 56
Release: 57
Summary: A software toolkit for developing applications
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
URL: http://qt-project.org/
@ -89,6 +89,7 @@ Patch6004: CVE-2018-19873.patch
Patch6005: CVE-2020-17507.patch
Patch6006: CVE-2020-0570.patch
Patch6007: CVE-2023-32573.patch
Patch6008: qt-CVE-2023-34410.patch
BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@ -466,6 +467,12 @@ fi
%{_qt4_prefix}/examples/
%changelog
* Thu Nov 02 2023 peijiankang<peijiankang@kylinos.cn> - 1:4.8.7-57
- Type:cves
- ID:CVE-2023-34410
- SUG:NA
- DESC:fix CVE-2023-34410
* Mon Aug 21 2023 peijiankang<peijiankang@kylinos.cn> - 1:4.8.7-56
- Type:cves
- ID:CVE-2023-32573