commit mozjs115 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mozjs115 for openSUSE:Factory checked in at 2024-10-02 21:32:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozjs115 (Old) and /work/SRC/openSUSE:Factory/.mozjs115.new.19354 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mozjs115" Wed Oct 2 21:32:23 2024 rev:9 rq:1205194 version:115.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mozjs115/mozjs115.changes 2024-04-19 19:14:34.556265199 +0200 +++ /work/SRC/openSUSE:Factory/.mozjs115.new.19354/mozjs115.changes 2024-10-02 21:32:26.804042426 +0200 @@ -1,0 +2,28 @@ +Mon Sep 30 17:35:18 UTC 2024 - Cliff Zhao <qzhao@suse.com> + +- Add mozjs115-CVE-2024-45492.patch: + Backporting 9bf0f2c1 from libexpat upstream, Detect integer + overflow in function nextScaffoldPart. + (CVE-2024-45492, bsc#1230038) + +------------------------------------------------------------------- +Mon Sep 30 17:25:22 UTC 2024 - Cliff Zhao <qzhao@suse.com> + +- Add mozjs115-CVE-2024-45491.patch: + Backporting 8e439a99 from libexpat upstream, Detect integer + overflow in dtdCopy. + (CVE-2024-45491, bsc#1230037) + +------------------------------------------------------------------- +Mon Sep 30 17:15:45 UTC 2024 - Cliff Zhao <qzhao@suse.com> + +- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch: + Backporting 5c1a3164 from libexpat upstream, Reject negative len + for XML_ParseBuffer. + CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat + sources; c12f039b for libexpat tests; 2db23301 for libexpat docs; + Because mozjs only embeds libexpat sources, so unnecessary to + port prart02 and part03. + (CVE-2024-45490, bsc#1230036) + +------------------------------------------------------------------- New: ---- mozjs115-CVE-2024-45490-part01-5c1a3164.patch mozjs115-CVE-2024-45491.patch mozjs115-CVE-2024-45492.patch BETA DEBUG BEGIN: New: - Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch: Backporting 5c1a3164 from libexpat upstream, Reject negative len New: - Add mozjs115-CVE-2024-45491.patch: Backporting 8e439a99 from libexpat upstream, Detect integer New: - Add mozjs115-CVE-2024-45492.patch: Backporting 9bf0f2c1 from libexpat upstream, Detect integer BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozjs115.spec ++++++ --- /var/tmp/diff_new_pack.Uyc0Bq/_old 2024-10-02 21:32:29.132139213 +0200 +++ /var/tmp/diff_new_pack.Uyc0Bq/_new 2024-10-02 21:32:29.136139379 +0200 @@ -78,7 +78,12 @@ Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch # PATCH-FIX-OPENSUSE Patch20: Fix-i586-float-math.patch - +# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45490-part01-5c1a3164.patch CVE-2024-45490 bsc#1230036 qzhao@suse.com -- Reject negative len for XML_ParseBuffer. +Patch21: mozjs115-CVE-2024-45490-part01-5c1a3164.patch +# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45491.patch CVE-2024-45491 bsc#1230037 qzhao@suse.com -- Detect integer overflow in dtdCopy. +Patch22: mozjs115-CVE-2024-45491.patch +# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45492.patch CVE-2024-45492 bsc#1230038 qzhao@suse.com -- Detect integer overflow in function nextScaffoldPart. +Patch23: mozjs115-CVE-2024-45492.patch BuildRequires: autoconf213 BuildRequires: cargo BuildRequires: ccache @@ -163,6 +168,9 @@ # Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since mozilla tests support ifarch conditions %patch -P 19 -p1 %patch -P 20 -p1 +%patch -P 21 -p1 +%patch -P 22 -p1 +%patch -P 23 -p1 # Copy out the LICENSE file cp LICENSE js/src/ ++++++ mozjs115-CVE-2024-45490-part01-5c1a3164.patch ++++++ From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Mon, 19 Aug 2024 22:26:07 +0200 Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer References: CVE-2024-45490 References: bsc#1230036 Upstream: Backport from upstream Reported by TaiYou --- expat/lib/xmlparse.c | 6 ++++++ 1 file changed, 6 insertions(+) --- firefox-115.4.0/parser/expat/lib/xmlparse.c +++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c @@ -1978,6 +1978,12 @@ if (parser == NULL) return XML_STATUS_ERROR; + + if (len < 0) { + parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; + return XML_STATUS_ERROR; + } + switch (ps_parsing) { case XML_SUSPENDED: errorCode = XML_ERROR_SUSPENDED; ++++++ mozjs115-CVE-2024-45491.patch ++++++ From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Mon, 19 Aug 2024 22:34:13 +0200 Subject: [PATCH] lib: Detect integer overflow in dtdCopy References: CVE-2024-45491 References: bsc#1230037 Upstream: Backport from upstream Reported by TaiYou --- expat/lib/xmlparse.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- firefox-115.4.0/parser/expat/lib/xmlparse.c 2024-10-01 16:34:48.157843398 +0800 +++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c 2024-10-01 16:59:33.700353296 +0800 @@ -6619,6 +6619,16 @@ if (!newE) return 0; if (oldE->nDefaultAtts) { + /* Detect and prevent integer overflow. + * The preprocessor guard addresses the "always false" warning + * from -Wtype-limits on platforms where + * sizeof(int) < sizeof(size_t), e.g. on x86_64. */ +#if UINT_MAX >= SIZE_MAX + if ((size_t)oldE->nDefaultAtts + > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) { + return 0; + } +#endif newE->defaultAtts = (DEFAULT_ATTRIBUTE *) ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); if (!newE->defaultAtts) { ++++++ mozjs115-CVE-2024-45492.patch ++++++ From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Mon, 19 Aug 2024 22:37:16 +0200 Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart References: CVE-2024-45492 References: bsc#1230038 Upstream: Backport from upstream Reported by TaiYou --- expat/lib/xmlparse.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- firefox-115.4.0/parser/expat/lib/xmlparse.c +++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c @@ -7173,6 +7173,15 @@ int next; if (!dtd->scaffIndex) { + /* Detect and prevent integer overflow. + * The preprocessor guard addresses the "always false" warning + * from -Wtype-limits on platforms where + * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ +#if UINT_MAX >= SIZE_MAX + if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) { + return -1; + } +#endif dtd->scaffIndex = (int *)MALLOC(groupSize * sizeof(int)); if (!dtd->scaffIndex) return -1;
participants (1)
-
Source-Sync