!9 [sync] PR-6: fix CVE-2024-36048

From: @openeuler-sync-bot Reviewed-by: @peijiankang Signed-off-by: @peijiankang
2025-02-19 00:21:44 +00:00 · 2025-02-19 00:21:44 +00:00 · 2899a69692
commit 2899a69692
parent 635b57ec43 6403ba8426
2 changed files with 58 additions and 1 deletions
--- a/CVE-2024-36048-qtnetworkauth-6.5.diff
+++ b/CVE-2024-36048-qtnetworkauth-6.5.diff
@ -0,0 +1,53 @@
+diff --git a/src/oauth/qabstractoauth.cpp b/src/oauth/qabstractoauth.cpp
+index 8e29d36..de6f4ab 100644
+--- a/src/oauth/qabstractoauth.cpp
+++ b/src/oauth/qabstractoauth.cpp
+@@ -11,7 +11,6 @@
+ #include <QtCore/qurl.h>
+ #include <QtCore/qpair.h>
+ #include <QtCore/qstring.h>
+-#include <QtCore/qdatetime.h>
+ #include <QtCore/qurlquery.h>
+ #include <QtCore/qjsondocument.h>
+ #include <QtCore/qmessageauthenticationcode.h>
+@@ -20,6 +19,9 @@
+ #include <QtNetwork/qnetworkaccessmanager.h>
+ #include <QtNetwork/qnetworkreply.h>
+ 
+#include <QtCore/qrandom.h>
+#include <QtCore/private/qlocking_p.h>
+
+ #include <random>
+ 
+ QT_BEGIN_NAMESPACE
+@@ -262,15 +264,19 @@ void QAbstractOAuthPrivate::setStatus(QAbstractOAuth::Status newStatus)
+     }
+ }
+ 
+Q_CONSTINIT static QBasicMutex prngMutex;
+Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system()))
+
+ QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length)
+ {
+-    const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+-    static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch());
+    constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+     std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2);
+     QByteArray data;
+     data.reserve(length);
+    auto lock = qt_unique_lock(prngMutex);
+     for (quint8 i = 0; i < length; ++i)
+-        data.append(characters[distribution(randomEngine)]);
+        data.append(characters[distribution(*prng)]);
+    lock.unlock();
+     return data;
+ }
+ 
+@@ -580,6 +586,7 @@ void QAbstractOAuth::resourceOwnerAuthorization(const QUrl &url, const QMultiMap
+ }
+ 
+ /*!
+    \threadsafe
+     Generates a random string which could be used as state or nonce.
+     The parameter \a length determines the size of the generated
+     string.
--- a/qt6-qtnetworkauth.spec
+++ b/qt6-qtnetworkauth.spec
@ -6,7 +6,7 @@
 Summary: Qt6 - NetworkAuth component
 Name:    qt6-%{qt_module}
 Version: 6.5.2
-Release: 1
+Release: 2

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -15,6 +15,7 @@ Url:     http://www.qt.io
 %global  qt_version %(echo %{version} | cut -d~ -f1)

 Source0: https://download.qt.io/official_releases/qt/%{short_version}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz
+Patch0: CVE-2024-36048-qtnetworkauth-6.5.diff

 # filter plugin/qml provides
 %global __provides_exclude_from ^(%{_qt6_archdatadir}/qml/.*\\.so|%{_qt6_plugindir}/.*\\.so)$
@ -93,6 +94,9 @@ popd


 %changelog
+* Sat Feb 01 2025 Funda Wang <fundawang@yeah.net> - 6.5.2-2
+- fix CVE-2024-36048
+
 * Thu Nov 30 2023 houhongxun <houhongxun@kylinos.cn> - 6.5.2-1
 - update to version 6.5.2