fix CVE-2023-34410

(cherry picked from commit 2704daf4975fe94a78e3e50c90a378536670cc7d)
2023-11-02 15:24:47 +08:00 · 2023-11-02 15:24:47 +08:00 · 836cd6d2ed
commit 836cd6d2ed
parent 2cac1684b4
2 changed files with 29 additions and 1 deletions
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@ -13,7 +13,7 @@
 Name:             qt5-qtbase
 Summary:          Core component of Qt toolkit
 Version:          5.11.1
-Release:          17
+Release:          18
 License:          LGPLv2 with exceptions or GPLv3 with exceptions
 Url:              http://qt-project.org/
 Source0:          https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@ -51,6 +51,7 @@ Patch6008:        CVE-2023-32763.patch
 Patch6009:        CVE-2023-37369-pre.patch
 Patch6010:        CVE-2023-37369.patch
 Patch6011:        CVE-2023-33285.patch
+Patch6012:        qtbase5.11.1-CVE-2023-34410.patch

 BuildRequires:    pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
 BuildRequires:    libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@ -418,6 +419,9 @@ fi


 %changelog
+* Thu Nov 02 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-18
+- Fix CVE-2023-34410
+
 * Wed Nov 01 2023 peijiankang <peijiankang@kylinos.cn> - 5.11.1-17
 - Fix CVE-2023-33285.patch

--- a/qtbase5.11.1-CVE-2023-34410.patch
+++ b/qtbase5.11.1-CVE-2023-34410.patch
@ -0,0 +1,24 @@
+diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
+index 4273904c..8d064ba0 100644
+--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
+@@ -2053,6 +2053,10 @@ QSslSocketPrivate::QSslSocketPrivate()
+     , flushTriggered(false)
+ {
+     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+    // If the global configuration doesn't allow root certificates to be loaded
+    // on demand then we have to disable it for this socket as well.
+    if (!configuration.allowRootCertOnDemandLoading)
+        allowRootCertOnDemandLoading = false;
+ }
+ 
+ /*!
+@@ -2252,6 +2256,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
+     ptr->sessionProtocol = global->sessionProtocol;
+     ptr->ciphers = global->ciphers;
+     ptr->caCertificates = global->caCertificates;
+    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
+     ptr->protocol = global->protocol;
+     ptr->peerVerifyMode = global->peerVerifyMode;
+     ptr->peerVerifyDepth = global->peerVerifyDepth;
+