[packages/qt5-qtwebengine] add fix for CVE-2022-1096; rel 4
atler
atler at pld-linux.org
Tue Apr 5 10:42:09 CEST 2022
commit 12766eff07896c28fc405a3ccc4491cf4aa58243
Author: Jan Palus <atler at pld-linux.org>
Date: Tue Apr 5 10:41:10 2022 +0200
add fix for CVE-2022-1096; rel 4
CVE-2022-1096-qtwebengine-5.15.diff | 27 +++++++++++++++++++++++++++
qt5-qtwebengine.spec | 4 +++-
2 files changed, 30 insertions(+), 1 deletion(-)
---
diff --git a/qt5-qtwebengine.spec b/qt5-qtwebengine.spec
index 8c656a2..d2b7179 100644
--- a/qt5-qtwebengine.spec
+++ b/qt5-qtwebengine.spec
@@ -16,7 +16,7 @@ Summary: The Qt5 WebEngine library
Summary(pl.UTF-8): Biblioteka Qt5 WebEngine
Name: qt5-%{orgname}
Version: %{base_version}.8
-Release: 3
+Release: 4
License: LGPL v3 or GPL v2 or GPL v3 or commercial
Group: X11/Libraries
Source0: qtwebengine-%{version}.tar.xz
@@ -24,6 +24,7 @@ Source0: qtwebengine-%{version}.tar.xz
Patch0: x32.patch
Patch1: %{name}-gn-dynamic.patch
Patch2: icu.patch
+Patch3: CVE-2022-1096-qtwebengine-5.15.diff
URL: https://www.qt.io/
BuildRequires: Qt5Core-devel >= %{qtbase_ver}
BuildRequires: Qt5Designer-devel >= %{qttools_ver}
@@ -281,6 +282,7 @@ Przykłady do biblioteki Qt5 WebEngine.
%endif
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%{qt5bindir}/syncqt.pl -version %{version}
diff --git a/CVE-2022-1096-qtwebengine-5.15.diff b/CVE-2022-1096-qtwebengine-5.15.diff
new file mode 100644
index 0000000..65d25b5
--- /dev/null
+++ b/CVE-2022-1096-qtwebengine-5.15.diff
@@ -0,0 +1,27 @@
+--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
++++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
+@@ -2481,6 +2481,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
+ Maybe<bool> result =
+ JSObject::SetPropertyWithInterceptor(it, should_throw, value);
+ if (result.IsNothing() || result.FromJust()) return result;
++ // Assuming that the callback have side effects, we use
++ // Object::SetSuperProperty() which works properly regardless on
++ // whether the property was present on the receiver or not when
++ // storing to the receiver.
++ // Proceed lookup from the next state.
++ it->Next();
+ } else {
+ Maybe<PropertyAttributes> maybe_attributes =
+ JSObject::GetPropertyAttributesWithInterceptor(it);
+@@ -2501,10 +2507,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
+ // property to the receiver.
+ it->NotFound();
+ }
+- return Object::SetSuperProperty(it, value, store_origin,
+- should_throw);
+ }
+- break;
++ return Object::SetSuperProperty(it, value, store_origin, should_throw);
+ }
+
+ case LookupIterator::ACCESSOR: {
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtwebengine.git/commitdiff/12766eff07896c28fc405a3ccc4491cf4aa58243
More information about the pld-cvs-commit
mailing list