fix CVE-2024-36048

(cherry picked from commit f870fbb5a8cd5db9e3b4170c52d2dae45085f545)
2025-02-01 19:22:31 +08:00 · 2025-02-01 19:22:31 +08:00 · 6d116e9b79
commit 6d116e9b79
parent bd4a95b4ae
2 changed files with 59 additions and 2 deletions
--- a/CVE-2024-36048-qtnetworkauth-5.15.diff
+++ b/CVE-2024-36048-qtnetworkauth-5.15.diff
@ -0,0 +1,53 @@
+diff --git a/src/oauth/qabstractoauth.cpp b/src/oauth/qabstractoauth.cpp
+index f1ed2af..05b189a 100644
+--- a/src/oauth/qabstractoauth.cpp
+++ b/src/oauth/qabstractoauth.cpp
+@@ -37,7 +37,6 @@
+ #include <QtCore/qurl.h>
+ #include <QtCore/qpair.h>
+ #include <QtCore/qstring.h>
+-#include <QtCore/qdatetime.h>
+ #include <QtCore/qurlquery.h>
+ #include <QtCore/qjsondocument.h>
+ #include <QtCore/qmessageauthenticationcode.h>
+@@ -46,6 +45,9 @@
+ #include <QtNetwork/qnetworkaccessmanager.h>
+ #include <QtNetwork/qnetworkreply.h>
+ 
+#include <QtCore/qrandom.h>
+#include <QtCore/private/qlocking_p.h>
+
+ #include <random>
+ 
+ Q_DECLARE_METATYPE(QAbstractOAuth::Error)
+@@ -290,15 +292,19 @@ void QAbstractOAuthPrivate::setStatus(QAbstractOAuth::Status newStatus)
+     }
+ }
+ 
+static QBasicMutex prngMutex;
+Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system()))
+
+ QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length)
+ {
+-    const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+-    static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch());
+    constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+     std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2);
+     QByteArray data;
+     data.reserve(length);
+    auto lock = qt_unique_lock(prngMutex);
+     for (quint8 i = 0; i < length; ++i)
+-        data.append(characters[distribution(randomEngine)]);
+        data.append(characters[distribution(*prng)]);
+    lock.unlock();
+     return data;
+ }
+ 
+@@ -614,6 +620,7 @@ void QAbstractOAuth::resourceOwnerAuthorization(const QUrl &url, const QVariantM
+ }
+ 
+ /*!
+    \threadsafe
+     Generates a random string which could be used as state or nonce.
+     The parameter \a length determines the size of the generated
+     string.
--- a/qt5-qtnetworkauth.spec
+++ b/qt5-qtnetworkauth.spec
@ -3,13 +3,14 @@
 Summary: Qt5 - NetworkAuth component
 Name:    qt5-%{qt_module}
 Version: 5.15.10
-Release: 1
+Release: 2

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
 Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
+Patch0: CVE-2024-36048-qtnetworkauth-5.15.diff

 # filter plugin/qml provides
 %global __provides_exclude_from ^(%{_qt5_archdatadir}/qml/.*\\.so|%{_qt5_plugindir}/.*\\.so)$
@ -36,7 +37,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %{summary}.

 %prep
-%setup -q -n %{qt_module}-everywhere-src-%{version}
+%autosetup -p1 -n %{qt_module}-everywhere-src-%{version}

 %build
 %{qmake_qt5}
@ -73,6 +74,9 @@ popd
 %{_qt5_examplesdir}/

 %changelog
+* Sat Feb 01 2025 Funda Wang <fundawang@yeah.net> - 5.15.10-2
+- fix CVE-2024-36048
+
 * Mon Aug 21 2023 huayadong <huayadong@kylinos.cn> - 5.15.10-1
 - update to version 5.15.10-1