qt512: patch qtwebengine against CVE-2019-5786 #57526
Conversation
xantoz
force-pushed
the
qtwebengine-fix-CVE-2019-5785
branch
from
c00f252
to
1485ec4
Compare
xantoz
changed the title
xantoz
changed the title
xantoz
force-pushed
the
qtwebengine-fix-CVE-2019-5785
branch
from
1485ec4
to
b62f91e
Compare
|
Changed qt-5.12 in the commit message and PR title to qt512 to match the attribute name. |
|
@xantoz thank you for the PR. It looks like a good thing to fix. Do you have any idea about older versions of QT? I could imagine most of them (that are based of the same engine) have this issue. We currently have 5.12, 5.11, 5.9, 5.6, 4.8 (and also qt3) in nixpkgs. Checking if the same patch applies to older versions would be good. |
andir
added
1.severity: security
9.needs: port to stable
|
@andir I have checked against 5.11, and the patch does not apply. I haven't been able to find file_reader_loader.cc in there to start with. So backporting this patch to 5.11 and older will take some extra detective work. With that in mind, I went ahead with only patching 5.12. |
xantoz
force-pushed
the
qtwebengine-fix-CVE-2019-5785
branch
from
b62f91e
to
b22d92f
Compare
|
Ported to 19.03 in e750a2e |
|
Thanks for the merge. |
samueldr
removed
the
9.needs: port to stable
Motivation for this change
qtwebengine is vulnerable to CVE-2019-5786
See: https://codereview.qt-project.org/#/c/255162/
Things done
Took the patch at http://code.qt.io/cgit/qt/qtwebengine-chromium.git/patch/?id=43316b15
and modified it so it would apply (only the paths needed to be changed).
sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)nix path-info -Sbefore and after)