packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!137 [sync] PR-136: Fix CVE-2023-45935

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2024-04-28 01:37:34 +00:00 committed by Gitee
commit 03f83b283c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2023-45935.patch Normal file
View File

@ -0,0 +1,31 @@
From 33f905df885041e97a465c3706046fa4378ea27f Mon Sep 17 00:00:00 2001
From: Liang Qi <liang.qi@qt.io>
Date: 2023-07-31 05:35:11 +0200
Subject: [PATCH] CVE-2023-45935
port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
---
src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp
index a769ddad..a33b1b44 100644
--- a/src/plugins/platforms/xcb/qxcbatom.cpp
+++ b/src/plugins/platforms/xcb/qxcbatom.cpp
@@ -270,8 +270,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) {
for (i = 0; i < QXcbAtom::NAtoms; ++i) {
xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr);
- m_allAtoms[i] = reply->atom;
- free(reply);
+ if (reply) {
+ m_allAtoms[i] = reply->atom;
+ free(reply);
+ }
}
}
--
2.27.0

9
qt5-qtbase.spec
View File

@ -36,7 +36,7 @@
Name: qt5-qtbase Name: qt5-qtbase
Summary: Qt5 - QtBase components Summary: Qt5 - QtBase components
Version: 5.15.10 Version: 5.15.10
Release: 8 Release: 9
# See LGPL_EXCEPTIONS.txt, for exception details # See LGPL_EXCEPTIONS.txt, for exception details
License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@ -134,6 +134,8 @@ Patch0027: qtbase5.15.10-CVE-2023-43114.patch
Patch0028: fix-build-error-of-libxkbcommon-1.6.0.patch Patch0028: fix-build-error-of-libxkbcommon-1.6.0.patch
Patch0029: qtbase5.15-CVE-2023-51714.patch Patch0029: qtbase5.15-CVE-2023-51714.patch
Patch0030: CVE-2024-25580-qtbase-5.15.diff Patch0030: CVE-2024-25580-qtbase-5.15.diff
Patch0031: CVE-2023-45935.patch
# Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
# Those themes are there for platform integration. If the required libraries are # Those themes are there for platform integration. If the required libraries are
# not there, the platform to integrate with isn't either. Then Qt will just # not there, the platform to integrate with isn't either. Then Qt will just
@ -404,6 +406,8 @@ Qt5 libraries used for drawing widgets and OpenGL items.
%patch -P0028 -p1 %patch -P0028 -p1
%patch -P0029 -p1 %patch -P0029 -p1
%patch -P0030 -p1 %patch -P0030 -p1
%patch -P0031 -p1
# move some bundled libs to ensure they're not accidentally used # move some bundled libs to ensure they're not accidentally used
pushd src/3rdparty pushd src/3rdparty
mkdir UNUSED mkdir UNUSED
@ -1061,6 +1065,9 @@ fi
%changelog %changelog
* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.15.10-9
- add CVE-2023-45935.patch
* Wed Apr 17 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.10-8 * Wed Apr 17 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.10-8
- add CVE-2024-25580-qtbase-5.15.diff - add CVE-2024-25580-qtbase-5.15.diff