Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 871cd756c8a3
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a050cb9dc957
Choose a head ref
  • 2 commits
  • 2 files changed
  • 2 contributors

Commits on Mar 13, 2019

  1. qt512: patch qtwebengine against CVE-2019-5786

    @xantoz
    xantoz committed Mar 13, 2019
    Copy the full SHA
    b22d92f View commit details

Commits on Mar 14, 2019

  1. Merge pull request #57526 from xantoz/qtwebengine-fix-CVE-2019-5785 

    qt512: patch qtwebengine against CVE-2019-5786
    @andir
    andir authored Mar 14, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    a050cb9 View commit details
Showing with 30 additions and 1 deletion.
  1. +4 −1 pkgs/development/libraries/qt-5/5.12/default.nix
  2. +26 −0 pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch
5 changes: 4 additions & 1 deletion pkgs/development/libraries/qt-5/5.12/default.nix
View file
Original file line number Diff line number Diff line change
@@ -60,7 +60,10 @@ let
qtdeclarative = [ ./qtdeclarative.patch ];
qtscript = [ ./qtscript.patch ];
qtserialport = [ ./qtserialport.patch ];
qtwebengine = [ ./qtwebengine-no-build-skip.patch ];
qtwebengine = [
./qtwebengine-no-build-skip.patch
./qtwebengine-CVE-2019-5786.patch
];
qtwebkit = [ ./qtwebkit.patch ]
++ optionals stdenv.isDarwin [
./qtwebkit-darwin-no-readline.patch
26 changes: 26 additions & 0 deletions pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
--- a/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
+++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
@@ -135,14 +135,16 @@
if (!raw_data_ || error_code_)
return nullptr;

- DOMArrayBuffer* result = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
- if (finished_loading_) {
- array_buffer_result_ = result;
- AdjustReportedMemoryUsageToV8(
- -1 * static_cast<int64_t>(raw_data_->ByteLength()));
- raw_data_.reset();
+ if (!finished_loading_) {
+ return DOMArrayBuffer::Create(
+ ArrayBuffer::Create(raw_data_->Data(), raw_data_->ByteLength()));
}
- return result;
+ array_buffer_result_ = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
+ AdjustReportedMemoryUsageToV8(-1 *
+ static_cast<int64_t>(raw_data_->ByteLength()));
+
+ raw_data_.reset();
+ return array_buffer_result_;
}

String FileReaderLoader::StringResult() {