diff --git a/CVE-2021-29946.patch b/CVE-2021-29946.patch new file mode 100644 index 0000000000000000000000000000000000000000..4d48539a77a57b852775502d746215223b4111cb --- /dev/null +++ b/CVE-2021-29946.patch @@ -0,0 +1,94 @@ +From e8f9f3b8869e7cd0db4f84d05ebb42c1ccd06395 Mon Sep 17 00:00:00 2001 +From: Frederik Braun +Date: Fri, 19 Mar 2021 14:08:03 +0000 (2021-03-19) +Subject: [PATCH] CVE-2021-29946 + +--- + netwerk/base/nsIOService.cpp | 2 +- + netwerk/test/unit/test_altsvc.js | 57 ++++++++++++++++++++++++++++++++ + 2 files changed, 58 insertions(+), 1 deletion(-) + +diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp +index 79abb1310f..f72cdf02b8 100644 +--- a/netwerk/base/nsIOService.cpp ++++ b/netwerk/base/nsIOService.cpp +@@ -1406,7 +1406,7 @@ nsIOService::AllowPort(int32_t inPort, const char* scheme, bool* _retval) { + return NS_OK; + } + +- if (port == 0) { ++ if (port <= 0 || port >= std::numeric_limits::max()) { + *_retval = false; + return NS_OK; + } +diff --git a/netwerk/test/unit/test_altsvc.js b/netwerk/test/unit/test_altsvc.js +index 57d4357cb3..4c4eaba6b6 100644 +--- a/netwerk/test/unit/test_altsvc.js ++++ b/netwerk/test/unit/test_altsvc.js +@@ -468,6 +468,63 @@ function doTest16() { + do_test_finished(); + }, + }); ++ nextTest = doTest19; + do_test_pending(); + doTest(); + } ++ ++// Check we don't connect to blocked ports ++function doTest19() { ++ dump("doTest19()\n"); ++ origin = httpFooOrigin; ++ nextTest = testsDone; ++ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance( ++ Ci.nsIServerSocket ++ ); ++ const BAD_PORT_U32 = 6667 + 65536; ++ otherServer.init(BAD_PORT_U32, true, -1); ++ Assert.ok(otherServer.port == 6667, "Trying to listen on port 6667"); ++ xaltsvc = "localhost:" + BAD_PORT_U32; ++ dump("Blocked port: " + otherServer.port); ++ waitFor = 500; ++ otherServer.asyncListen({ ++ onSocketAccepted() { ++ Assert.ok(false, "Got connection to socket when we didn't expect it!"); ++ }, ++ onStopListening() { ++ // We get closed when the entire file is done, which guarantees we get the socket accept ++ // if we do connect to the alt-svc header ++ do_test_finished(); ++ }, ++ }); ++ nextTest = doTest20; ++ do_test_pending(); ++ doTest(); ++} ++function doTest20() { ++ dump("doTest20()\n"); ++ origin = httpFooOrigin; ++ nextTest = testsDone; ++ otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance( ++ Ci.nsIServerSocket ++ ); ++ const BAD_PORT_U64 = 6666 + 429496729; ++ otherServer.init(6666, true, -1); ++ Assert.ok(otherServer.port == 6666, "Trying to listen on port 6666"); ++ xaltsvc = "localhost:" + BAD_PORT_U64; ++ dump("Blocked port: " + otherServer.port); ++ waitFor = 500; ++ otherServer.asyncListen({ ++ onSocketAccepted() { ++ Assert.ok(false, "Got connection to socket when we didn't expect it!"); ++ }, ++ onStopListening() { ++ // We get closed when the entire file is done, which guarantees we get the socket accept ++ // if we do connect to the alt-svc header ++ do_test_finished(); ++ }, ++ }); ++ do_test_pending(); ++ doTest(); ++} ++ +-- +2.27.0 + diff --git a/mozjs78.spec b/mozjs78.spec index 32c455715cf8644d03f25a99f0e32a1284760803..b9458f819c67c3840db073e3f455f6b68c49ad9e 100644 --- a/mozjs78.spec +++ b/mozjs78.spec @@ -2,7 +2,7 @@ Name: mozjs%{major} Version: 78.4.0 -Release: 3 +Release: 4 Summary: SpiderMonkey JavaScript library License: MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0 URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey @@ -26,6 +26,7 @@ Patch10: Fix-build-with-rust-nightly.patch Patch11: backport-CVE-2023-23599.patch Patch12: backport-CVE-2023-23601.patch Patch13: backport-CVE-2023-23602.patch +Patch14: CVE-2021-29946.patch BuildRequires: autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib) BuildRequires: python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust @@ -105,6 +106,9 @@ popd %doc js/src/README.html %changelog +* Mon May 13 2024 lvfei - - 78.4.0-4 +- fix CVE-2021-29946 + * Mon Apr 08 2024 sunhai - 78.4.0-3 - fix CVEs