!29 CVE-2023-6112

From: @peijiankang Reviewed-by: @dou33 Signed-off-by: @dou33
2024-01-30 03:27:34 +00:00 · 2024-01-30 03:27:34 +00:00 · 4e2f1cf2be
commit 4e2f1cf2be
parent 22de4075ff 5631d9ba49
2 changed files with 37 additions and 2 deletions
--- a/CVE-2023-6112.patch
+++ b/CVE-2023-6112.patch
@ -0,0 +1,29 @@
+From b727ffde2b4ffe8b979927d6dc9f056eb916a8b8 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Tue, 30 Jan 2024 09:43:39 +0800
+Subject: [PATCH] CVE-2023-6112
+
+---
+ .../content/browser/loader/navigation_url_loader_impl.cc      | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc b/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+index f54cfd9a6..41c78e2fe 100644
+--- a/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+++ b/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+@@ -560,10 +560,10 @@ void NavigationURLLoaderImpl::MaybeStartLoader(
+     next_interceptor->MaybeCreateLoader(
+         *resource_request_, browser_context_,
+         base::BindOnce(&NavigationURLLoaderImpl::MaybeStartLoader,
+-                       base::Unretained(this), next_interceptor),
+                       weak_factory_.GetWeakPtr(), next_interceptor),
+         base::BindOnce(
+             &NavigationURLLoaderImpl::FallbackToNonInterceptedRequest,
+-            base::Unretained(this)));
+            weak_factory_.GetWeakPtr()));
+     return;
+   }
+ 
+-- 
+2.41.0
+
--- a/qt5-qtwebengine.spec
+++ b/qt5-qtwebengine.spec
@ -52,7 +52,7 @@
 Summary: Qt5 - QtWebEngine components
 Name:    qt5-qtwebengine
 Version: 5.15.10
-Release: 2
+Release: 3

 # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
 # See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html
@ -109,7 +109,8 @@ Patch32: qtwebengine-skia-missing-includes.patch
 ## From: https://chromium-review.googlesource.com/c/chromium/src/+/3545665
 Patch33: qtwebengine-5.15-Backport-of-16k-page-support-on-aarch64.patch
 Patch34: qtwebengine-support-clang-compile.patch
-
+#https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/518607
+Patch35: CVE-2023-6112.patch
 ## Upstream patches:
 # handled by qt5-srpm-macros, which defines %%qt5_qtwebengine_arches
 #ExclusiveArch: %{qt5_qtwebengine_arches}
@ -418,6 +419,8 @@ popd
 %patch33 -p1 -b .aarch64-16kb-support
 %patch34 -p1 -b .support-clang-compile

+%patch35 -p1
+
 # delete all "toolprefix = " lines from build/toolchain/linux/BUILD.gn, as we
 # never cross-compile in native Fedora RPMs, fixes ARM and aarch64 FTBFS
 sed -i -e '/toolprefix = /d' -e 's/\${toolprefix}//g' \
@ -634,6 +637,9 @@ done


 %changelog
+* Tue Jan 30 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.10-3
+- CVE-2023-6112.patch
+
 * Wed Sep 20 2023 renyi <977713017@qq.com> - 5.15.10-2
 - Support building this package with clang