rpms
/
qt5-qtwebengine
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix (from 5.9.5) for incomplete, ineffective fix for CVE-2018-6033 in 5.10.1

Browse Source 
* Sun Mar 18 2018 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.10.1-4
- Fix (from 5.9.5) for incomplete, ineffective fix for CVE-2018-6033 in 5.10.1
epel9
Kevin Kofler 7 years ago
parent b58078eac9
commit 4aaa039459
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File

9
qt5-qtwebengine.spec
Unescape View File

@ -50,7 +50,7 @@
Summary: Qt5 - QtWebEngine components Summary: Qt5 - QtWebEngine components
Name: qt5-qtwebengine Name: qt5-qtwebengine
Version: 5.10.1 Version: 5.10.1
Release: 3%{?dist} Release: 4%{?dist}
# See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
# See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html # See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html
@ -122,6 +122,9 @@ Patch100: qtwebengine-everywhere-src-5.10.0-no-aspirational-scripts.patch
# see the patch metadata for the list of fixed CVEs and Chromium bug IDs # see the patch metadata for the list of fixed CVEs and Chromium bug IDs
# omit the Chromium bug 806122 fix because we do not ship that FFmpeg file # omit the Chromium bug 806122 fix because we do not ship that FFmpeg file
Patch101: qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch Patch101: qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch
# fix incomplete (and thus having no effect) fix for CVE-2018-6033 in 5.10.1
# (forward-ported from 5.9.5, will also be included in 5.11)
Patch102: qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch
# handled by qt5-srpm-macros, which defines %%qt5_qtwebengine_arches # handled by qt5-srpm-macros, which defines %%qt5_qtwebengine_arches
ExclusiveArch: %{qt5_qtwebengine_arches} ExclusiveArch: %{qt5_qtwebengine_arches}
@ -372,6 +375,7 @@ BuildArch: noarch
%patch22 -p1 -b .icu59 %patch22 -p1 -b .icu59
%patch100 -p1 -b .no-aspirational-scripts %patch100 -p1 -b .no-aspirational-scripts
%patch101 -p1 -b .security-5.9.5 %patch101 -p1 -b .security-5.9.5
%patch102 -p1 -b .CVE-2018-6033
# fix // in #include in content/renderer/gpu to avoid debugedit failure # fix // in #include in content/renderer/gpu to avoid debugedit failure
sed -i -e 's!gpu//!gpu/!g' \ sed -i -e 's!gpu//!gpu/!g' \
src/3rdparty/chromium/content/renderer/gpu/compositor_forwarding_message_filter.cc src/3rdparty/chromium/content/renderer/gpu/compositor_forwarding_message_filter.cc
@ -577,6 +581,9 @@ done
%changelog %changelog
* Sun Mar 18 2018 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.10.1-4
- Fix incomplete fix for CVE-2018-6033 in 5.10.1 (forward-ported from 5.9.5)
* Sat Mar 17 2018 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.10.1-3 * Sat Mar 17 2018 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.10.1-3
- Forward-port security backports from 5.9.5 LTS (up to Chromium 65.0.3325.146) - Forward-port security backports from 5.9.5 LTS (up to Chromium 65.0.3325.146)

64
qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch
Unescape View File

@ -0,0 +1,64 @@
From 1fd21185614dcae0c7a6e5647ba56cff0120f563 Mon Sep 17 00:00:00 2001
Message-Id: <1fd21185614dcae0c7a6e5647ba56cff0120f563.1521386919.git.kevin.kofler@chello.at>
From: Michal Klocek <michal.klocek@qt.io>
Date: Wed, 7 Mar 2018 18:36:25 +0100
Subject: [PATCH] Implement IsMostRecentDownloadItemAtFilePath call
Implement IsMostRecentDownloadItemAtFilePath
for download_manager_delegate_qt. This is required for
CVE-2018-6033.
Change-Id: I9f48dfa159d684f0fda894e68b81ff622aceaae2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
src/core/download_manager_delegate_qt.cpp | 20 ++++++++++++++++++++
src/core/download_manager_delegate_qt.h | 2 ++
2 files changed, 22 insertions(+)
diff --git a/src/core/download_manager_delegate_qt.cpp b/src/core/download_manager_delegate_qt.cpp
index 40df9b3a..487a831e 100644
--- a/src/core/download_manager_delegate_qt.cpp
+++ b/src/core/download_manager_delegate_qt.cpp
@@ -293,6 +293,26 @@ void DownloadManagerDelegateQt::ChooseSavePath(content::WebContents *web_content
m_weakPtrFactory.GetWeakPtr()));
}
+bool DownloadManagerDelegateQt::IsMostRecentDownloadItemAtFilePath(content::DownloadItem *download)
+{
+ content::BrowserContext *context = download->GetBrowserContext();
+ std::vector<content::DownloadItem*> all_downloads;
+
+ content::DownloadManager* manager =
+ content::BrowserContext::GetDownloadManager(context);
+ if (manager)
+ manager->GetAllDownloads(&all_downloads);
+
+ for (const auto* item : all_downloads) {
+ if (item->GetGuid() == download->GetGuid() ||
+ item->GetTargetFilePath() != download->GetTargetFilePath())
+ continue;
+ if (item->GetState() == content::DownloadItem::IN_PROGRESS)
+ return false;
+ }
+ return true;
+}
+
void DownloadManagerDelegateQt::savePackageDownloadCreated(content::DownloadItem *item)
{
OnDownloadUpdated(item);
diff --git a/src/core/download_manager_delegate_qt.h b/src/core/download_manager_delegate_qt.h
index df43211e..7563d5d3 100644
--- a/src/core/download_manager_delegate_qt.h
+++ b/src/core/download_manager_delegate_qt.h
@@ -81,6 +81,8 @@ public:
const base::FilePath::StringType &default_extension,
bool can_save_as_complete,
const content::SavePackagePathPickedCallback &callback) override;
+ bool IsMostRecentDownloadItemAtFilePath(content::DownloadItem* download) override;
+
void cancelDownload(quint32 downloadId);
void pauseDownload(quint32 downloadId);
--
2.14.3
Write Preview
Loading…
Cancel
Save