Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mozjs115 for openSUSE:Factory
checked in at 2024-10-02 21:32:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs115 (Old)
and /work/SRC/openSUSE:Factory/.mozjs115.new.19354 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozjs115"
Wed Oct 2 21:32:23 2024 rev:9 rq:1205194 version:115.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs115/mozjs115.changes 2024-04-19
19:14:34.556265199 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs115.new.19354/mozjs115.changes
2024-10-02 21:32:26.804042426 +0200
@@ -1,0 +2,28 @@
+Mon Sep 30 17:35:18 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs115-CVE-2024-45492.patch:
+ Backporting 9bf0f2c1 from libexpat upstream, Detect integer
+ overflow in function nextScaffoldPart.
+ (CVE-2024-45492, bsc#1230038)
+
+-------------------------------------------------------------------
+Mon Sep 30 17:25:22 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs115-CVE-2024-45491.patch:
+ Backporting 8e439a99 from libexpat upstream, Detect integer
+ overflow in dtdCopy.
+ (CVE-2024-45491, bsc#1230037)
+
+-------------------------------------------------------------------
+Mon Sep 30 17:15:45 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
+ Backporting 5c1a3164 from libexpat upstream, Reject negative len
+ for XML_ParseBuffer.
+ CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
+ sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
+ Because mozjs only embeds libexpat sources, so unnecessary to
+ port prart02 and part03.
+ (CVE-2024-45490, bsc#1230036)
+
+-------------------------------------------------------------------
New:
----
mozjs115-CVE-2024-45490-part01-5c1a3164.patch
mozjs115-CVE-2024-45491.patch
mozjs115-CVE-2024-45492.patch
BETA DEBUG BEGIN:
New:
- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
Backporting 5c1a3164 from libexpat upstream, Reject negative len
New:
- Add mozjs115-CVE-2024-45491.patch:
Backporting 8e439a99 from libexpat upstream, Detect integer
New:
- Add mozjs115-CVE-2024-45492.patch:
Backporting 9bf0f2c1 from libexpat upstream, Detect integer
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozjs115.spec ++++++
--- /var/tmp/diff_new_pack.Uyc0Bq/_old 2024-10-02 21:32:29.132139213 +0200
+++ /var/tmp/diff_new_pack.Uyc0Bq/_new 2024-10-02 21:32:29.136139379 +0200
@@ -78,7 +78,12 @@
Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
# PATCH-FIX-OPENSUSE
Patch20: Fix-i586-float-math.patch
-
+# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45490-part01-5c1a3164.patch
CVE-2024-45490 bsc#1230036 qz...@suse.com -- Reject negative len for
XML_ParseBuffer.
+Patch21: mozjs115-CVE-2024-45490-part01-5c1a3164.patch
+# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45491.patch CVE-2024-45491 bsc#1230037
qz...@suse.com -- Detect integer overflow in dtdCopy.
+Patch22: mozjs115-CVE-2024-45491.patch
+# PATCH-FIX-UPSTREAM mozjs115-CVE-2024-45492.patch CVE-2024-45492 bsc#1230038
qz...@suse.com -- Detect integer overflow in function nextScaffoldPart.
+Patch23: mozjs115-CVE-2024-45492.patch
BuildRequires: autoconf213
BuildRequires: cargo
BuildRequires: ccache
@@ -163,6 +168,9 @@
# Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since
mozilla tests support ifarch conditions
%patch -P 19 -p1
%patch -P 20 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 23 -p1
# Copy out the LICENSE file
cp LICENSE js/src/
++++++ mozjs115-CVE-2024-45490-part01-5c1a3164.patch ++++++
>From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:26:07 +0200
Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
References: CVE-2024-45490
References: bsc#1230036
Upstream: Backport from upstream
Reported by TaiYou
---
expat/lib/xmlparse.c | 6 ++++++
1 file changed, 6 insertions(+)
--- firefox-115.4.0/parser/expat/lib/xmlparse.c
+++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c
@@ -1978,6 +1978,12 @@
if (parser == NULL)
return XML_STATUS_ERROR;
+
+ if (len < 0) {
+ parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
+ return XML_STATUS_ERROR;
+ }
+
switch (ps_parsing) {
case XML_SUSPENDED:
errorCode = XML_ERROR_SUSPENDED;
++++++ mozjs115-CVE-2024-45491.patch ++++++
>From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:34:13 +0200
Subject: [PATCH] lib: Detect integer overflow in dtdCopy
References: CVE-2024-45491
References: bsc#1230037
Upstream: Backport from upstream
Reported by TaiYou
---
expat/lib/xmlparse.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- firefox-115.4.0/parser/expat/lib/xmlparse.c 2024-10-01 16:34:48.157843398
+0800
+++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c 2024-10-01
16:59:33.700353296 +0800
@@ -6619,6 +6619,16 @@
if (!newE)
return 0;
if (oldE->nDefaultAtts) {
+ /* Detect and prevent integer overflow.
+ * The preprocessor guard addresses the "always false" warning
+ * from -Wtype-limits on platforms where
+ * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+ if ((size_t)oldE->nDefaultAtts
+ > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
+ return 0;
+ }
+#endif
newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
if (!newE->defaultAtts) {
++++++ mozjs115-CVE-2024-45492.patch ++++++
>From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:37:16 +0200
Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart
References: CVE-2024-45492
References: bsc#1230038
Upstream: Backport from upstream
Reported by TaiYou
---
expat/lib/xmlparse.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- firefox-115.4.0/parser/expat/lib/xmlparse.c
+++ firefox-115.4.0_new/parser/expat/lib/xmlparse.c
@@ -7173,6 +7173,15 @@
int next;
if (!dtd->scaffIndex) {
+ /* Detect and prevent integer overflow.
+ * The preprocessor guard addresses the "always false" warning
+ * from -Wtype-limits on platforms where
+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+ if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
+ return -1;
+ }
+#endif
dtd->scaffIndex = (int *)MALLOC(groupSize * sizeof(int));
if (!dtd->scaffIndex)
return -1;
