[gentoo-commits] repo/gentoo:master commit in: dev-qt/qtwebengine/, dev-qt/qtwebengine/files/

Mon, 20 Jun 2022 11:54:09 -0700 

commit:     25cd576ef58a97ee613b2f8e97640109a598cbb3
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 20 18:53:23 2022 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Mon Jun 20 18:53:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25cd576e

dev-qt/qtwebengine: Fixup fix for CVE-2022-0796

Thanks-to: Michael <voron1 <AT> gmail.com>
Thanks-to: Jimi Huotari <chiitoo <AT> gentoo.org>
Closes: https://bugs.gentoo.org/853097
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 ...gine-5.15.5_p20220618-fixup-CVE-2022-0796.patch | 48 ++++++++++++++++++++++
 .../qtwebengine-5.15.5_p20220618.ebuild            |  1 +
 2 files changed, 49 insertions(+)

diff --git 
a/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch
 
b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch
new file mode 100644
index 000000000000..c38bf1bdeeb3
--- /dev/null
+++ 
b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch
@@ -0,0 +1,48 @@
+From 7e11d69b957595a172a3eb60db17141daed29d63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20Br=C3=BCning?= <michael.brun...@qt.io>
+Date: Mon, 20 Jun 2022 17:19:58 +0200
+Subject: Fixup: CVE-2022-0796: Use after free in Media
+
+Commit ecc2bb74f1f accidentally introduced a build break due to an
+apparent typo.
+
+This fixes it.
+
+Change-Id: I746c6f10ecd2b212b847a291677e24e527d6b922
+Reviewed-by: Michal Klocek <michal.klo...@qt.io>
+---
+ chromium/content/renderer/media/batching_media_log.h | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h 
b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
+index b68535aea42..a28d426878f 100644
+--- a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
++++ b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
+@@ -72,18 +72,18 @@ class CONTENT_EXPORT BatchingMediaLog : public 
media::MediaLog {
+   // guarantees provided by MediaLog, since SendQueuedMediaEvents must also
+   // be synchronized with respect to AddEvent.
+   mutable base::Lock lock_;
+-  const base::TickClock* tick_clock_ GUARDED_BY(LOCK);
+-  base::TimeTicks last_ipc_send_time_ GUARDED_BY(LOCK);
+-  std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(LOCK);
++  const base::TickClock* tick_clock_ GUARDED_BY(lock_);
++  base::TimeTicks last_ipc_send_time_ GUARDED_BY(lock_);
++  std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(lock_);
+ 
+   // impl for sending queued events.
+-  std::vector<std::unique_ptr<EventHandler>> event_handlers_ GUARDED_BY(LOCK);
++  std::vector<std::unique_ptr<EventHandler>> event_handlers_ 
GUARDED_BY(lock_);
+ 
+   // For enforcing max 1 pending send.
+-  bool ipc_send_pending_ GUARDED_BY(LOCK);
++  bool ipc_send_pending_ GUARDED_BY(lock_);
+ 
+   // Limits the number of events we send over IPC to one.
+-  std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ 
GUARDED_BY(LOCK);
++  std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ 
GUARDED_BY(lock_);
+ 
+   // Holds the earliest MEDIA_ERROR_LOG_ENTRY event added to this log. This is
+   // most likely to contain the most specific information available describing
+-- 
+cgit v1.2.1
+

diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild 
b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
index 3c78403a9c2b..43b46b0fbaab 100644
--- a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
+++ b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
@@ -112,6 +112,7 @@ PATCHES=(
        "${FILESDIR}/${PN}-5.15.3_p20220406-gcc12-includes.patch" # by 
openSUSE, bug 840326
        "${WORKDIR}/${PN}-5.15.2_p20211019-jumbo-build.patch" # bug 813957
        "${WORKDIR}/${PN}-5.15.3_p20220406-patchset" # bug 698988 (py2--), 
pipewire-3
+       "${FILESDIR}/${P}-fixup-CVE-2022-0796.patch" # bug 853097
 )
 
 qtwebengine_check-reqs() {

Reply via email to