From 813e88f60cfc28a032b4fd00a1dac187bf45eaa4 Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Wed, 10 Jul 2024 10:37:46 +0800
Subject: [PATCH] Fix CVE-2023-6209

---
 CVE-2023-6209.patch | 33 +++++++++++++++++++++++++++++++++
 mozjs102.spec       |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-6209.patch

diff --git a/CVE-2023-6209.patch b/CVE-2023-6209.patch
new file mode 100644
index 0000000..b529aad
--- /dev/null
+++ b/CVE-2023-6209.patch
@@ -0,0 +1,33 @@
+From f8389177cbce4fe098042850ada25feb7e6ba5a7 Mon Sep 17 00:00:00 2001
+From: Valentin Gosu <valentin.gosu@gmail.com>
+Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
+Subject: [PATCH] CVE-2023-6209
+
+---
+ netwerk/base/nsStandardURL.cpp | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
+index b1b3ba1ef4..14aa8d5a5d 100644
+--- a/netwerk/base/nsStandardURL.cpp
++++ b/netwerk/base/nsStandardURL.cpp
+@@ -2707,7 +2707,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
+     // locate result path
+     resultPath = strstr(result, "://");
+     if (resultPath) {
+-      resultPath = strchr(resultPath + 3, '/');
++            // If there are multiple slashes after :// we must ignore them
++      // otherwise net_CoalesceDirs may think the host is a part of the path.
++      resultPath += 3;
++      if (protocol.IsEmpty() && Scheme() != "file") {
++        while (*resultPath == '/') {
++          resultPath++;
++        }
++      }
++      resultPath = strchr(resultPath, '/');
+       if (resultPath) {
+         net_CoalesceDirs(coalesceFlag, resultPath);
+       }
+-- 
+2.33.0
+
diff --git a/mozjs102.spec b/mozjs102.spec
index ec4dcea..3d0dba5 100644
--- a/mozjs102.spec
+++ b/mozjs102.spec
@@ -24,7 +24,7 @@
 
 Name:           mozjs%{major}
 Version:        102.9.0
-Release:        4
+Release:        5
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0 AND Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-3.0-or-later
 URL:            https://hg.mozilla.org/releases/mozilla-esr102
@@ -62,6 +62,7 @@ Patch21:        0001-Skip-failing-tests-on-ppc64-and-s390x.patch
 # riscv64 sipdermonkey jit
 Patch22:        spidermonkey-riscv64-plct.patch
 Patch23:        CVE-2023-44488.patch
+Patch25:        CVE-2023-6209.patch
 
 
 # mold
@@ -254,6 +255,9 @@ ln -s libmozjs-%{major}.so.0 %{buildroot}%{_libdir}/libmozjs-%{major}.so
 %{_includedir}/mozjs-%{major}/
 
 %changelog
+* Wed Jul 10 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-5
+- Fix CVE-2023-6209
+
 * Tue Jun 25 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-4
 - Fix CVE-2023-44488.patch 
 
-- 
Gitee