!5 CVE-2023-6112

From: @peijiankang Reviewed-by: @dou33 Signed-off-by: @dou33
2024-01-30 03:27:10 +00:00 · 2024-01-30 03:27:10 +00:00 · dcf9397ac5
commit dcf9397ac5
parent 96caa06a41 0859af6a24
2 changed files with 36 additions and 2 deletions
--- a/CVE-2023-6112.patch
+++ b/CVE-2023-6112.patch
@ -0,0 +1,29 @@
+From b727ffde2b4ffe8b979927d6dc9f056eb916a8b8 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Tue, 30 Jan 2024 09:43:39 +0800
+Subject: [PATCH] CVE-2023-6112
+
+---
+ .../content/browser/loader/navigation_url_loader_impl.cc      | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc b/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+index f54cfd9a6..41c78e2fe 100644
+--- a/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+++ b/src/3rdparty/chromium/content/browser/loader/navigation_url_loader_impl.cc
+@@ -560,10 +560,10 @@ void NavigationURLLoaderImpl::MaybeStartLoader(
+     next_interceptor->MaybeCreateLoader(
+         *resource_request_, browser_context_,
+         base::BindOnce(&NavigationURLLoaderImpl::MaybeStartLoader,
+-                       base::Unretained(this), next_interceptor),
+                       weak_factory_.GetWeakPtr(), next_interceptor),
+         base::BindOnce(
+             &NavigationURLLoaderImpl::FallbackToNonInterceptedRequest,
+-            base::Unretained(this)));
+            weak_factory_.GetWeakPtr()));
+     return;
+   }
+ 
+-- 
+2.41.0
+
--- a/qt6-qtwebengine.spec
+++ b/qt6-qtwebengine.spec
@ -38,7 +38,7 @@
 Summary: Qt6 - QtWebEngine components
 Name:    qt6-qtwebengine
 Version: 6.5.0
-Release: 3
+Release: 5

 # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
 # See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html
@ -79,7 +79,8 @@ Patch100: qtwebengine-webrtc-dlopen-h264.patch

 ## Upstreamable patches:
 Patch110: qtwebengine-blink-dlopen-h264.patch
-
+#https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/518607
+Patch111: CVE-2023-6112.patch
 # handled by qt6-srpm-macros, which defines %%qt6_qtwebengine_arches
 # FIXME use/update qt6_qtwebengine_arches
 # 32-bit arches not supported (https://bugreports.qt.io/browse/QTBUG-102143)
@ -340,6 +341,7 @@ popd

 ## upstreamable patches
 %patch110 -p1 -b .blink-dlopen-h264
+%patch111 -p1

 # delete all "toolprefix = " lines from build/toolchain/linux/BUILD.gn, as we
 # never cross-compile in native Fedora RPMs, fixes ARM and aarch64 FTBFS
@ -594,6 +596,9 @@ done


 %changelog
+* Tue Jan 30 2024 peijiankang <peijiankang@kylinos.cn> - 6.5.0-5
+- CVE-2023-6112.patch
+
 * Fri Dec 08 2023 peijiankang <peijiankang@kylinos.cn> - 6.5.0-4
 - fix build error about re2