commit mozjs115 for openSUSE:Factory

Source-Sync Sun, 20 Apr 2025 11:19:44 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs115 for openSUSE:Factory 
checked in at 2025-04-16 20:39:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs115 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs115.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs115"

Wed Apr 16 20:39:44 2025 rev:14 rq:1269659 version:115.15.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs115/mozjs115.changes        2024-12-17 
19:25:15.562160614 +0100
+++ /work/SRC/openSUSE:Factory/.mozjs115.new.30101/mozjs115.changes     
2025-04-20 20:03:55.670978844 +0200
@@ -1,0 +2,6 @@
+Thu Apr 10 19:49:45 UTC 2025 - Michael Gorse <mgo...@suse.com>
+
+- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
+  huffdec.c (bsc#1234837 CVE-2024-56431).
+
+-------------------------------------------------------------------

New:
----
  libtheora-avoid-negative-shift.patch

BETA DEBUG BEGIN:
  New:
- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
  huffdec.c (bsc#1234837 CVE-2024-56431).
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs115.spec ++++++
--- /var/tmp/diff_new_pack.T5abBL/_old  2025-04-20 20:03:57.655061576 +0200
+++ /var/tmp/diff_new_pack.T5abBL/_new  2025-04-20 20:03:57.659061743 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package mozjs115
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 # Copyright (c) 2023 Frantisek Zatloukal <fzatl...@redhat.com>
 # Copyright (c) 2014 Wolfgang Rosenauer
 #
@@ -90,6 +90,8 @@
 Patch25:        mozjs115-CVE-2024-11403.patch
 # PATCH-FIX-UPSTREAM mozjs115-CVE-2024-11498.patch CVE-2024-11498 bsc#1233786 
qz...@suse.com -- Check height limit in modular trees.
 Patch26:        mozjs115-CVE-2024-11498.patch
+# PATCH-FIX-UPSTREAM libtheora-avoid-negative-shift.patch bsc#1234837 
mgo...@suse.com -- avoid negative shift in huffdec.c.
+Patch27:        libtheora-avoid-negative-shift.patch
 BuildRequires:  autoconf213
 BuildRequires:  cargo
 BuildRequires:  ccache
@@ -180,6 +182,7 @@
 %patch -P 24 -p1
 %patch -P 25 -p1
 %patch -P 26 -p1
+%patch -P 27 -p1
 
 %if %{pkg_vcmp libicu-devel >= 76.1}
 sed -i 's/icu-i18n/icu-uc &/' js/moz.configure


++++++ libtheora-avoid-negative-shift.patch ++++++
diff -urp firefox-52.6.0esr.orig/media/libtheora/lib/huffdec.c 
firefox-52.6.0esr/media/libtheora/lib/huffdec.c
--- firefox-52.6.0esr.orig/media/libtheora/lib/huffdec.c        2017-04-10 
21:13:12.000000000 -0500
+++ firefox-52.6.0esr/media/libtheora/lib/huffdec.c     2025-04-10 
12:49:48.926330652 -0500
@@ -225,6 +225,7 @@ int oc_huff_tree_unpack(oc_pack_buf *_op
         _tokens[ntokens][1]=(unsigned char)(len+neb);
         ntokens++;
       }
+      if(len<=0)break;
       code_bit=0x80000000U>>len-1;
       while(len>0&&(code&code_bit)){
         code^=code_bit;

commit mozjs115 for openSUSE:Factory

Reply via email to