commit: 25cd576ef58a97ee613b2f8e97640109a598cbb3 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Mon Jun 20 18:53:23 2022 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Mon Jun 20 18:53:39 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25cd576e
dev-qt/qtwebengine: Fixup fix for CVE-2022-0796 Thanks-to: Michael <voron1 <AT> gmail.com> Thanks-to: Jimi Huotari <chiitoo <AT> gentoo.org> Closes: https://bugs.gentoo.org/853097 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> ...gine-5.15.5_p20220618-fixup-CVE-2022-0796.patch | 48 ++++++++++++++++++++++ .../qtwebengine-5.15.5_p20220618.ebuild | 1 + 2 files changed, 49 insertions(+) diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch new file mode 100644 index 000000000000..c38bf1bdeeb3 --- /dev/null +++ b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch @@ -0,0 +1,48 @@ +From 7e11d69b957595a172a3eb60db17141daed29d63 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20Br=C3=BCning?= <michael.brun...@qt.io> +Date: Mon, 20 Jun 2022 17:19:58 +0200 +Subject: Fixup: CVE-2022-0796: Use after free in Media + +Commit ecc2bb74f1f accidentally introduced a build break due to an +apparent typo. + +This fixes it. + +Change-Id: I746c6f10ecd2b212b847a291677e24e527d6b922 +Reviewed-by: Michal Klocek <michal.klo...@qt.io> +--- + chromium/content/renderer/media/batching_media_log.h | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h +index b68535aea42..a28d426878f 100644 +--- a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h ++++ b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h +@@ -72,18 +72,18 @@ class CONTENT_EXPORT BatchingMediaLog : public media::MediaLog { + // guarantees provided by MediaLog, since SendQueuedMediaEvents must also + // be synchronized with respect to AddEvent. + mutable base::Lock lock_; +- const base::TickClock* tick_clock_ GUARDED_BY(LOCK); +- base::TimeTicks last_ipc_send_time_ GUARDED_BY(LOCK); +- std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(LOCK); ++ const base::TickClock* tick_clock_ GUARDED_BY(lock_); ++ base::TimeTicks last_ipc_send_time_ GUARDED_BY(lock_); ++ std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(lock_); + + // impl for sending queued events. +- std::vector<std::unique_ptr<EventHandler>> event_handlers_ GUARDED_BY(LOCK); ++ std::vector<std::unique_ptr<EventHandler>> event_handlers_ GUARDED_BY(lock_); + + // For enforcing max 1 pending send. +- bool ipc_send_pending_ GUARDED_BY(LOCK); ++ bool ipc_send_pending_ GUARDED_BY(lock_); + + // Limits the number of events we send over IPC to one. +- std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ GUARDED_BY(LOCK); ++ std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ GUARDED_BY(lock_); + + // Holds the earliest MEDIA_ERROR_LOG_ENTRY event added to this log. This is + // most likely to contain the most specific information available describing +-- +cgit v1.2.1 + diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild index 3c78403a9c2b..43b46b0fbaab 100644 --- a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild +++ b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild @@ -112,6 +112,7 @@ PATCHES=( "${FILESDIR}/${PN}-5.15.3_p20220406-gcc12-includes.patch" # by openSUSE, bug 840326 "${WORKDIR}/${PN}-5.15.2_p20211019-jumbo-build.patch" # bug 813957 "${WORKDIR}/${PN}-5.15.3_p20220406-patchset" # bug 698988 (py2--), pipewire-3 + "${FILESDIR}/${P}-fixup-CVE-2022-0796.patch" # bug 853097 ) qtwebengine_check-reqs() {