diff --git a/CVE-2022-25235.patch b/CVE-2022-25235.patch new file mode 100644 index 0000000000000000000000000000000000000000..a2f859c193c4b89e43afc94572a9135cf8efab15 --- /dev/null +++ b/CVE-2022-25235.patch @@ -0,0 +1,64 @@ +From d4c2e1791d93c073308634aa15e5b11fd094c66d Mon Sep 17 00:00:00 2001 +From: hartwork +Date: Mon, 1 Jul 2024 10:21:06 +0800 +Subject: [PATCH] CVE-2022-25235 + +--- + parser/expat/lib/xmltok.c | 7 ------- + parser/expat/lib/xmltok_impl.c | 8 ++++++-- + 2 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/parser/expat/lib/xmltok.c b/parser/expat/lib/xmltok.c +index f01c2fa996..d0e7f7f163 100644 +--- a/parser/expat/lib/xmltok.c ++++ b/parser/expat/lib/xmltok.c +@@ -65,13 +65,6 @@ + + ((((byte)[2]) >> 5) & 1)] \ + & (1u << (((byte)[2]) & 0x1F))) + +-#define UTF8_GET_NAMING(pages, p, n) \ +- ((n) == 2 \ +- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \ +- : ((n) == 3 \ +- ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \ +- : 0)) +- + /* Detection of invalid UTF-8 sequences is based on Table 3.1B + of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/ + with the additional restriction of not allowing the Unicode +diff --git a/parser/expat/lib/xmltok_impl.c b/parser/expat/lib/xmltok_impl.c +index 5f779c0571..3bc0d85b8d 100644 +--- a/parser/expat/lib/xmltok_impl.c ++++ b/parser/expat/lib/xmltok_impl.c +@@ -34,7 +34,7 @@ + case BT_LEAD ## n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ +- if (!IS_NAME_CHAR(enc, ptr, n)) { \ ++ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ +@@ -62,7 +62,7 @@ + case BT_LEAD ## n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ +- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \ ++ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \ + *nextTokPtr = ptr; \ + return XML_TOK_INVALID; \ + } \ +@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, + case BT_LEAD ## n: \ + if (end - ptr < n) \ + return XML_TOK_PARTIAL_CHAR; \ ++ if (IS_INVALID_CHAR(enc, ptr, n)) { \ ++ *nextTokPtr = ptr; \ ++ return XML_TOK_INVALID; \ ++ } \ + if (IS_NMSTRT_CHAR(enc, ptr, n)) { \ + ptr += n; \ + tok = XML_TOK_NAME; \ +-- +2.33.0 + diff --git a/mozjs91.spec b/mozjs91.spec index 10f075a22d1a7257bc294d96bc4811079930f3b7..5f23cc2703f842251474b7fc9825024f7c00a4ee 100644 --- a/mozjs91.spec +++ b/mozjs91.spec @@ -12,7 +12,7 @@ # Big endian platforms Name: mozjs%{major} Version: 91.6.0 -Release: 3 +Release: 4 Summary: SpiderMonkey JavaScript library License: MPL-2.0 Group: System/Libraries @@ -36,6 +36,7 @@ Patch14: init_patch.patch # TODO: Check with mozilla for cause of these fails and re-enable spidermonkey compile time checks if needed Patch15: spidermonkey_checks_disable.patch Patch16: spidermonkey_support_loongarch64.patch +Patch17: CVE-2022-25235.patch BuildRequires: autoconf213 cargo clang-devel gcc gcc-c++ libtool perl-devel llvm llvm-devel nasm pkgconfig python3-devel python3-setuptools BuildRequires: python3-six readline-devel zip rust pkgconfig(icu-i18n) >= 67.1 pkgconfig(libffi) pkgconfig(nspr) pkgconfig(zlib) icu @@ -207,6 +208,9 @@ popd %{_includedir}/mozjs-%{major}/ %changelog +* Sat Aug 03 2024 lvfei - 91.6.0-4 +- Fix CVE-2022-25235 + * Thu Dec 15 2022 liuyu - 91.6.0-3 - support loongarch64 in spidermonkey