packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-45935

Browse Source
This commit is contained in:
lvfei 2024-04-28 09:47:31 +08:00
parent 3eed591c45
commit b1cad792c8
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2023-45935.patch Normal file
View File

@ -0,0 +1,31 @@
From e876e91e829f6f0d6b9942ae4de80f8323f750ca Mon Sep 17 00:00:00 2001
From: Liang Qi <liang.qi@qt.io>
Date: 2023-07-31 05:35:11 +0200
Subject: [PATCH] CVE-2023-45935
port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
---
src/plugins/platforms/xcb/qxcbconnection.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp
index 5fd1fc6a..2ec668a6 100644
--- a/src/plugins/platforms/xcb/qxcbconnection.cpp
+++ b/src/plugins/platforms/xcb/qxcbconnection.cpp
@@ -2051,8 +2051,10 @@ void QXcbConnection::initializeAllAtoms() {
for (i = 0; i < QXcbAtom::NAtoms; ++i) {
xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(xcb_connection(), cookies[i], 0);
- m_allAtoms[i] = reply->atom;
- free(reply);
+ if (reply) {
+ m_allAtoms[i] = reply->atom;
+ free(reply);
+ }
}
}
--
2.27.0

6
qt5-qtbase.spec
View File

@ -13,7 +13,7 @@
Name: qt5-qtbase
Summary: Core component of Qt toolkit
Version: 5.11.1
Release: 21
Release: 22
License: LGPLv2 with exceptions or GPLv3 with exceptions
Url: http://qt-project.org/
Source0: https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@ -57,6 +57,7 @@ Patch6013: qtbase5.11.1-CVE-2023-38197.patch
#https://codereview.qt-project.org/c/qt/qtbase/+/503026
Patch6014: qtbase5.11.1-CVE-2023-43114.patch
Patch6015: qtbase5.11.1-CVE-2023-51714.patch
Patch6016: CVE-2023-45935.patch
BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@ -424,6 +425,9 @@ fi
%changelog
* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.11.1-22
- Fix CVE-2023-45935
* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.11.1-21
- add qtbase5.11.1-CVE-2023-51714.patch