File CVE-2023-34410.patch of Package libqt4

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-34410.patch of Package libqt4

From 295d72210968ea51710bd1c39045498aa55a10ad Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Jun 09 2023 15:29:40 +0000
Subject: fix #2212749, CVE-2023-34410

---

--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp	2023-06-09 16:42:50.152993830 +0200
@@ -1863,6 +1863,10 @@ QSslSocketPrivate::QSslSocketPrivate()
     , plainSocket(0)
 {
     QSslConfigurationPrivate::deepCopyDefaultConfiguration(&configuration);
+    // If the global configuration doesn't allow root certificates to be loaded
+    // on demand then we have to disable it for this socket as well.
+    if (!configuration.allowRootCertOnDemandLoading)
+        allowRootCertOnDemandLoading = false;
 }

/*!
@@ -2041,6 +2045,7 @@ void QSslConfigurationPrivate::deepCopyD
     ptr->sessionCipher = global->sessionCipher;
     ptr->ciphers = global->ciphers;
     ptr->caCertificates = global->caCertificates;
+    ptr->allowRootCertOnDemandLoading = global->allowRootCertOnDemandLoading;
     ptr->protocol = global->protocol;
     ptr->peerVerifyMode = global->peerVerifyMode;
     ptr->peerVerifyDepth = global->peerVerifyDepth;

Places

File CVE-2023-34410.patch of Package libqt4

Places