add fix for CVE-2022-1096; rel 4

diff --git a/CVE-2022-1096-qtwebengine-5.15.diff b/CVE-2022-1096-qtwebengine-5.15.diff
new file mode 100644 (file)
index 0000000..65d25b5
--- /dev/null
+++ b/CVE-2022-1096-qtwebengine-5.15.diff
@@ -0,0 +1,27 @@
+--- a/src/3rdparty/chromium/v8/src/objects/objects.cc\r
++++ b/src/3rdparty/chromium/v8/src/objects/objects.cc\r
+@@ -2481,6 +2481,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,\r
+           Maybe<bool> result =\r
+               JSObject::SetPropertyWithInterceptor(it, should_throw, value);\r
+           if (result.IsNothing() || result.FromJust()) return result;\r
++          // Assuming that the callback have side effects, we use\r
++          // Object::SetSuperProperty() which works properly regardless on\r
++          // whether the property was present on the receiver or not when\r
++          // storing to the receiver.\r
++          // Proceed lookup from the next state.\r
++          it->Next();\r
+         } else {\r
+           Maybe<PropertyAttributes> maybe_attributes =\r
+               JSObject::GetPropertyAttributesWithInterceptor(it);\r
+@@ -2501,10 +2507,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,\r
+             // property to the receiver.\r
+             it->NotFound();\r
+           }\r
+-          return Object::SetSuperProperty(it, value, store_origin,\r
+-                                          should_throw);\r
+         }\r
+-        break;\r
++        return Object::SetSuperProperty(it, value, store_origin, should_throw);\r
+       }\r
+\r
+       case LookupIterator::ACCESSOR: {\r

diff --git a/qt5-qtwebengine.spec b/qt5-qtwebengine.spec
index 8c656a2de84ac3c54b6a8e7efec6c8f7b3862837..d2b71796f65b93008127897949821e5e2cb26ffa 100644 (file)
--- a/qt5-qtwebengine.spec
+++ b/qt5-qtwebengine.spec
@@ -16,7 +16,7 @@ Summary:      The Qt5 WebEngine library
 Summary(pl.UTF-8):     Biblioteka Qt5 WebEngine
 Name:          qt5-%{orgname}
 Version:       %{base_version}.8
-Release:       3
+Release:       4
 License:       LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:         X11/Libraries
 Source0:       qtwebengine-%{version}.tar.xz
@@ -24,6 +24,7 @@ Source0:      qtwebengine-%{version}.tar.xz
 Patch0:                x32.patch
 Patch1:                %{name}-gn-dynamic.patch
 Patch2:                icu.patch
+Patch3:                CVE-2022-1096-qtwebengine-5.15.diff
 URL:           https://www.qt.io/
 BuildRequires: Qt5Core-devel >= %{qtbase_ver}
 BuildRequires: Qt5Designer-devel >= %{qttools_ver}
@@ -281,6 +282,7 @@ Przykłady do biblioteki Qt5 WebEngine.
 %endif
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %{qt5bindir}/syncqt.pl -version %{version}