From a22187ac950e72ea87b810addec481566047465b Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Tue, 16 Jul 2024 15:22:28 +0800
Subject: [PATCH] Fix CVE-2023-5217

---
 CVE-2023-5217.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 mozjs102.spec       |  9 ++++++---
 2 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2023-5217.patch

diff --git a/CVE-2023-5217.patch b/CVE-2023-5217.patch
new file mode 100644
index 0000000..cab9546
--- /dev/null
+++ b/CVE-2023-5217.patch
@@ -0,0 +1,40 @@
+
+# HG changeset patch
+# User Ryan VanderMeulen <ryanvm@gmail.com>
+# Date 1695856343 0
+# Node ID c53f5ef77b62b79af86951a7f9130e1896b695d2
+# Parent  90445136a15d059a272041ef3c4a277732b346b6
+Bug 1855550 - VP8: disallow thread count changes. r=jesup
+
+Cherry-pick of upstream libvpx commits:
+https://chromium.googlesource.com/webm/libvpx/+/af6dedd715f4307669366944cca6e0417b290282
+https://chromium.googlesource.com/webm/libvpx/+/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
+
+Differential Revision: https://phabricator.services.mozilla.com/D189428
+
+Origin:
+https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
+---
+ media/libvpx/libvpx/vp8/encoder/onyx_if.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/media/libvpx/libvpx/vp8/encoder/onyx_if.c b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
+index 2b059a1..8d05668 100644
+--- a/media/libvpx/libvpx/vp8/encoder/onyx_if.c
++++ b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
+@@ -1445,6 +1445,12 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
+   last_h = cpi->oxcf.Height;
+   prev_number_of_layers = cpi->oxcf.number_of_layers;
+ 
++  if (cpi->initial_width) {
++    // TODO(https://crbug.com/1486441): Allow changing thread counts; the
++    // allocation is done once in vp8_create_compressor().
++    oxcf->multi_threaded = cpi->oxcf.multi_threaded;
++  }
++
+   cpi->oxcf = *oxcf;
+ 
+   switch (cpi->oxcf.Mode) {
+-- 
+2.33.0
+
diff --git a/mozjs102.spec b/mozjs102.spec
index a9d9ea9..736f27b 100644
--- a/mozjs102.spec
+++ b/mozjs102.spec
@@ -23,7 +23,7 @@
 
 Name:           mozjs%{major}
 Version:        102.9.0
-Release:        6
+Release:        7
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0 AND Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-3.0-or-later
 URL:            https://hg.mozilla.org/releases/mozilla-esr102
@@ -62,7 +62,7 @@ Patch21:        0001-Skip-failing-tests-on-ppc64-and-s390x.patch
 Patch22:        spidermonkey-riscv64-plct.patch
 Patch23:        CVE-2023-44488.patch
 Patch25:        CVE-2023-6209.patch
-
+Patch26:        CVE-2023-5217.patch
 
 # mold
 %if 0%{?build_mold}
@@ -254,6 +254,9 @@ ln -s libmozjs-%{major}.so.0 %{buildroot}%{_libdir}/libmozjs-%{major}.so
 %{_includedir}/mozjs-%{major}/
 
 %changelog
+* Mon Jul 15 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-7
+- Fix CVE-2023-5217
+
 * Wed Jul 10 2024 liweigang <liweiganga@uniontech.com> - 102.9.0-6
 - enable debug package
 
@@ -261,7 +264,7 @@ ln -s libmozjs-%{major}.so.0 %{buildroot}%{_libdir}/libmozjs-%{major}.so
 - Fix CVE-2023-6209
 
 * Tue Jun 25 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-4
-- Fix CVE-2023-44488.patch
+- Fix CVE-2023-44488
 
 * Thu Apr 11 2024 misaka00251 <liuxin@iscas.ac.cn> - 102.9.0-3
 - Disable mold for riscv64
-- 
Gitee