commit mozjs128 for openSUSE:Factory

Source-Sync Wed, 02 Oct 2024 12:35:59 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs128 for openSUSE:Factory 
checked in at 2024-10-02 21:34:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs128 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs128.new.19354 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs128"

Wed Oct  2 21:34:48 2024 rev:3 rq:1205195 version:128.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs128/mozjs128.changes        2024-09-25 
21:58:10.992481894 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs128.new.19354/mozjs128.changes     
2024-10-02 21:35:10.222836299 +0200
@@ -1,0 +2,28 @@
+Mon Sep 30 17:35:18 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs128-CVE-2024-45492.patch:
+  Backporting 9bf0f2c1 from libexpat upstream, Detect integer
+  overflow in function nextScaffoldPart.
+  (CVE-2024-45492, bsc#1230038)
+
+-------------------------------------------------------------------
+Mon Sep 30 17:25:22 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs128-CVE-2024-45491.patch:
+  Backporting 8e439a99 from libexpat upstream, Detect integer
+  overflow in dtdCopy.
+  (CVE-2024-45491, bsc#1230037)
+
+-------------------------------------------------------------------
+Mon Sep 30 17:15:45 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch:
+  Backporting 5c1a3164 from libexpat upstream, Reject negative len
+  for XML_ParseBuffer.
+  CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
+  sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
+  Because mozjs only embeds libexpat sources, so unnecessary to
+  port prart02 and part03.
+  (CVE-2024-45490, bsc#1230036)
+
+-------------------------------------------------------------------

New:
----
  mozjs128-CVE-2024-45490-part01-5c1a3164.patch
  mozjs128-CVE-2024-45491.patch
  mozjs128-CVE-2024-45492.patch

BETA DEBUG BEGIN:
  New:
- Add mozjs128-CVE-2024-45490-part01-5c1a3164.patch:
  Backporting 5c1a3164 from libexpat upstream, Reject negative len
  New:
- Add mozjs128-CVE-2024-45491.patch:
  Backporting 8e439a99 from libexpat upstream, Detect integer
  New:
- Add mozjs128-CVE-2024-45492.patch:
  Backporting 9bf0f2c1 from libexpat upstream, Detect integer
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs128.spec ++++++
--- /var/tmp/diff_new_pack.918BEJ/_old  2024-10-02 21:35:12.334924105 +0200
+++ /var/tmp/diff_new_pack.918BEJ/_new  2024-10-02 21:35:12.334924105 +0200
@@ -76,7 +76,12 @@
 Patch18:        spidermonkey_style_check_disable_s390x.patch
 # PATCH-FIX-OPENSUSE
 Patch20:        Fix-i586-float-math.patch
-
+# PATCH-FIX-UPSTREAM mozjs128-CVE-2024-45490-part01-5c1a3164.patch 
CVE-2024-45490 bsc#1230036 qz...@suse.com -- Reject negative len for 
XML_ParseBuffer.
+Patch21:        mozjs128-CVE-2024-45490-part01-5c1a3164.patch
+# PATCH-FIX-UPSTREAM mozjs128-CVE-2024-45491.patch CVE-2024-45491 bsc#1230037 
qz...@suse.com -- Detect integer overflow in dtdCopy.
+Patch22:        mozjs128-CVE-2024-45491.patch
+# PATCH-FIX-UPSTREAM mozjs128-CVE-2024-45492.patch CVE-2024-45492 bsc#1230038 
qz...@suse.com -- Detect integer overflow in function nextScaffoldPart.
+Patch23:        mozjs128-CVE-2024-45492.patch
 BuildRequires:  autoconf213
 BuildRequires:  cargo
 BuildRequires:  ccache
@@ -160,6 +165,9 @@
 %patch -P 18 -p1
 %endif
 %patch -P 20 -p1
+%patch -P 21 -p1
+%patch -P 22 -p1
+%patch -P 23 -p1
 
 # Copy out the LICENSE file
 cp LICENSE js/src/


++++++ mozjs128-CVE-2024-45490-part01-5c1a3164.patch ++++++
>From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:26:07 +0200
Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
References: CVE-2024-45490
References: bsc#1230036
Upstream: Backport from upstream

Reported by TaiYou
---
 expat/lib/xmlparse.c | 6 ++++++
 1 file changed, 6 insertions(+)

--- firefox-128.2.0/parser/expat/lib/xmlparse.c
+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c
@@ -1978,6 +1978,12 @@

   if (parser == NULL)
     return XML_STATUS_ERROR;
+
+  if (len < 0) {
+    parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
+    return XML_STATUS_ERROR;
+  }
+
   switch (ps_parsing) {
   case XML_SUSPENDED:
     errorCode = XML_ERROR_SUSPENDED;

++++++ mozjs128-CVE-2024-45491.patch ++++++
>From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:34:13 +0200
Subject: [PATCH] lib: Detect integer overflow in dtdCopy
References: CVE-2024-45491
References: bsc#1230037
Upstream: Backport from upstream

Reported by TaiYou
---
 expat/lib/xmlparse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

--- firefox-128.2.0/parser/expat/lib/xmlparse.c
+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c
@@ -6619,6 +6619,16 @@
     if (!newE)
       return 0;
     if (oldE->nDefaultAtts) {
+      /* Detect and prevent integer overflow.
+       * The preprocessor guard addresses the "always false" warning
+       * from -Wtype-limits on platforms where
+       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+      if ((size_t)oldE->nDefaultAtts
+          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
+        return 0;
+      }
+#endif
       newE->defaultAtts = (DEFAULT_ATTRIBUTE *)
           ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
       if (!newE->defaultAtts) {

++++++ mozjs128-CVE-2024-45492.patch ++++++
>From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebast...@pipping.org>
Date: Mon, 19 Aug 2024 22:37:16 +0200
Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart
References: CVE-2024-45492
References: bsc#1230038
Upstream: Backport from upstream

Reported by TaiYou
---
 expat/lib/xmlparse.c | 9 +++++++++
 1 file changed, 9 insertions(+)

--- firefox-128.2.0/parser/expat/lib/xmlparse.c
+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c
@@ -7173,6 +7173,15 @@
   int next;
 
   if (!dtd->scaffIndex) {
+    /* Detect and prevent integer overflow.
+     * The preprocessor guard addresses the "always false" warning
+     * from -Wtype-limits on platforms where
+     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+    if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
+      return -1;
+    }
+#endif
     dtd->scaffIndex = (int *)MALLOC(groupSize * sizeof(int));
     if (!dtd->scaffIndex)
       return -1;

commit mozjs128 for openSUSE:Factory

Reply via email to