[packages/qt5-qtwebengine] add fix for CVE-2022-1096; rel 4

atler atler at pld-linux.org
Tue Apr 5 10:42:09 CEST 2022 

commit 12766eff07896c28fc405a3ccc4491cf4aa58243
Author: Jan Palus <atler at pld-linux.org>
Date:   Tue Apr 5 10:41:10 2022 +0200

    add fix for CVE-2022-1096; rel 4

 CVE-2022-1096-qtwebengine-5.15.diff | 27 +++++++++++++++++++++++++++
 qt5-qtwebengine.spec                |  4 +++-
 2 files changed, 30 insertions(+), 1 deletion(-)
---
diff --git a/qt5-qtwebengine.spec b/qt5-qtwebengine.spec
index 8c656a2..d2b7179 100644
--- a/qt5-qtwebengine.spec
+++ b/qt5-qtwebengine.spec
@@ -16,7 +16,7 @@ Summary:	The Qt5 WebEngine library
 Summary(pl.UTF-8):	Biblioteka Qt5 WebEngine
 Name:		qt5-%{orgname}
 Version:	%{base_version}.8
-Release:	3
+Release:	4
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
 Source0:	qtwebengine-%{version}.tar.xz
@@ -24,6 +24,7 @@ Source0:	qtwebengine-%{version}.tar.xz
 Patch0:		x32.patch
 Patch1:		%{name}-gn-dynamic.patch
 Patch2:		icu.patch
+Patch3:		CVE-2022-1096-qtwebengine-5.15.diff
 URL:		https://www.qt.io/
 BuildRequires:	Qt5Core-devel >= %{qtbase_ver}
 BuildRequires:	Qt5Designer-devel >= %{qttools_ver}
@@ -281,6 +282,7 @@ Przykłady do biblioteki Qt5 WebEngine.
 %endif
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %{qt5bindir}/syncqt.pl -version %{version}
 
diff --git a/CVE-2022-1096-qtwebengine-5.15.diff b/CVE-2022-1096-qtwebengine-5.15.diff
new file mode 100644
index 0000000..65d25b5
--- /dev/null
+++ b/CVE-2022-1096-qtwebengine-5.15.diff
@@ -0,0 +1,27 @@
+--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
++++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
+@@ -2481,6 +2481,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
+           Maybe<bool> result =
+               JSObject::SetPropertyWithInterceptor(it, should_throw, value);
+           if (result.IsNothing() || result.FromJust()) return result;
++          // Assuming that the callback have side effects, we use
++          // Object::SetSuperProperty() which works properly regardless on
++          // whether the property was present on the receiver or not when
++          // storing to the receiver.
++          // Proceed lookup from the next state.
++          it->Next();
+         } else {
+           Maybe<PropertyAttributes> maybe_attributes =
+               JSObject::GetPropertyAttributesWithInterceptor(it);
+@@ -2501,10 +2507,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
+             // property to the receiver.
+             it->NotFound();
+           }
+-          return Object::SetSuperProperty(it, value, store_origin,
+-                                          should_throw);
+         }
+-        break;
++        return Object::SetSuperProperty(it, value, store_origin, should_throw);
+       }
+
+       case LookupIterator::ACCESSOR: {
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtwebengine.git/commitdiff/12766eff07896c28fc405a3ccc4491cf4aa58243

More information about the pld-cvs-commit mailing list