diff --git a/CVE-2021-45960.patch b/CVE-2021-45960.patch index 45efbe0e7b47a654197f0f6c26cf1ef4b053f1a5..961f9d199c6e6f2ac0c06a087562e2bb4acb2072 100644 --- a/CVE-2021-45960.patch +++ b/CVE-2021-45960.patch @@ -1,5 +1,5 @@ From 342c6cc760e273fef7a411a5658594b51957725f Mon Sep 17 00:00:00 2001 -From: lvfei +From: hartwork Date: Thu, 20 Jul 2023 13:46:51 +0800 Subject: [PATCH] CVE-2021-45960 diff --git a/expat-CVE-2022-25235.patch b/CVE-2022-25235.patch similarity index 67% rename from expat-CVE-2022-25235.patch rename to CVE-2022-25235.patch index 1e5c66498626d733e43a8d9e269b371aec221a19..a2f859c193c4b89e43afc94572a9135cf8efab15 100644 --- a/expat-CVE-2022-25235.patch +++ b/CVE-2022-25235.patch @@ -1,6 +1,17 @@ -diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c ---- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 2022-03-02 17:57:38.364361168 +0100 -+++ firefox-91.7.0/parser/expat/lib/xmltok.c 2022-03-02 17:58:22.235512399 +0100 +From d4c2e1791d93c073308634aa15e5b11fd094c66d Mon Sep 17 00:00:00 2001 +From: hartwork +Date: Mon, 1 Jul 2024 10:21:06 +0800 +Subject: [PATCH] CVE-2022-25235 + +--- + parser/expat/lib/xmltok.c | 7 ------- + parser/expat/lib/xmltok_impl.c | 8 ++++++-- + 2 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/parser/expat/lib/xmltok.c b/parser/expat/lib/xmltok.c +index f01c2fa996..d0e7f7f163 100644 +--- a/parser/expat/lib/xmltok.c ++++ b/parser/expat/lib/xmltok.c @@ -65,13 +65,6 @@ + ((((byte)[2]) >> 5) & 1)] \ & (1u << (((byte)[2]) & 0x1F))) @@ -15,9 +26,10 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-9 /* Detection of invalid UTF-8 sequences is based on Table 3.1B of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/ with the additional restriction of not allowing the Unicode -diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c ---- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 2022-03-02 17:57:38.365361172 +0100 -+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c 2022-03-02 18:04:51.240853247 +0100 +diff --git a/parser/expat/lib/xmltok_impl.c b/parser/expat/lib/xmltok_impl.c +index 5f779c0571..3bc0d85b8d 100644 +--- a/parser/expat/lib/xmltok_impl.c ++++ b/parser/expat/lib/xmltok_impl.c @@ -34,7 +34,7 @@ case BT_LEAD ## n: \ if (end - ptr < n) \ @@ -36,7 +48,7 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 fire *nextTokPtr = ptr; \ return XML_TOK_INVALID; \ } \ -@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c +@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, case BT_LEAD ## n: \ if (end - ptr < n) \ return XML_TOK_PARTIAL_CHAR; \ @@ -47,3 +59,6 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 fire if (IS_NMSTRT_CHAR(enc, ptr, n)) { \ ptr += n; \ tok = XML_TOK_NAME; \ +-- +2.33.0 + diff --git a/mozjs78.spec b/mozjs78.spec index 0c1d5b9f158f4399a7518085fe8836752bb9e44a..45858d2671a66939aaf0a177712214797da184b3 100644 --- a/mozjs78.spec +++ b/mozjs78.spec @@ -2,7 +2,7 @@ Name: mozjs%{major} Version: 78.4.0 -Release: 9 +Release: 10 Summary: SpiderMonkey JavaScript library License: MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0 URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey @@ -31,7 +31,7 @@ Patch15: CVE-2022-34481.patch Patch16: CVE-2023-29532.patch Patch17: CVE-2022-22740.patch Patch18: CVE-2021-45960.patch -Patch19: expat-CVE-2022-25235.patch +Patch19: CVE-2022-25235.patch BuildRequires: autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib) BuildRequires: python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust @@ -111,6 +111,9 @@ popd %doc js/src/README.html %changelog +* Mon Jul 01 2024 lvfei - - 78.4.0-10 +- Fix CVE-2022-25235 and CVE-2021-45960 Upstream information + * Mon Jun 24 2024 lvfei - - 78.4.0-9 - Fix CVE-2022-25235