commit mozjs128 for openSUSE:Factory

Source-Sync Sun, 20 Apr 2025 11:19:51 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mozjs128 for openSUSE:Factory 
checked in at 2025-04-17 16:05:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozjs128 (Old)
 and      /work/SRC/openSUSE:Factory/.mozjs128.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "mozjs128"

Thu Apr 17 16:05:50 2025 rev:13 rq:1269660 version:128.9.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/mozjs128/mozjs128.changes        2025-04-08 
17:51:58.448364158 +0200
+++ /work/SRC/openSUSE:Factory/.mozjs128.new.30101/mozjs128.changes     
2025-04-20 20:03:57.979075087 +0200
@@ -1,0 +2,6 @@
+Thu Apr 10 19:54:36 UTC 2025 - Michael Gorse <mgo...@suse.com>
+
+- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
+  huffdec.c (bsc#1234837 CVE-2024-56431).
+
+-------------------------------------------------------------------

New:
----
  libtheora-avoid-negative-shift.patch

BETA DEBUG BEGIN:
  New:
- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
  huffdec.c (bsc#1234837 CVE-2024-56431).
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mozjs128.spec ++++++
--- /var/tmp/diff_new_pack.fOETkC/_old  2025-04-20 20:04:00.851194848 +0200
+++ /var/tmp/diff_new_pack.fOETkC/_new  2025-04-20 20:04:00.855195015 +0200
@@ -88,6 +88,8 @@
 Patch25:        mozjs128-CVE-2024-11403.patch
 # PATCH-FIX-UPSTREAM mozjs128-CVE-2024-11498.patch CVE-2024-11498 bsc#1233786 
qz...@suse.com -- Check height limit in modular trees.
 Patch26:        mozjs128-CVE-2024-11498.patch
+# PATCH-FIX-UPSTREAM libtheora-avoid-negative-shift.patch bsc#1234837 
mgo...@suse.com -- avoid negative shift in huffdec.c.
+Patch27:        libtheora-avoid-negative-shift.patch
 BuildRequires:  cargo
 BuildRequires:  ccache
 BuildRequires:  clang
@@ -176,6 +178,7 @@
 %patch -P 24 -p1
 %patch -P 25 -p1
 %patch -P 26 -p1
+%patch -P 27 -p1
 
 %if %{pkg_vcmp libicu-devel >= 76.1}
 sed -i 's/icu-i18n/icu-uc &/' js/moz.configure


++++++ libtheora-avoid-negative-shift.patch ++++++
diff -urp firefox-52.6.0esr.orig/media/libtheora/lib/huffdec.c 
firefox-52.6.0esr/media/libtheora/lib/huffdec.c
--- firefox-52.6.0esr.orig/media/libtheora/lib/huffdec.c        2017-04-10 
21:13:12.000000000 -0500
+++ firefox-52.6.0esr/media/libtheora/lib/huffdec.c     2025-04-10 
12:49:48.926330652 -0500
@@ -225,6 +225,7 @@ int oc_huff_tree_unpack(oc_pack_buf *_op
         _tokens[ntokens][1]=(unsigned char)(len+neb);
         ntokens++;
       }
+      if(len<=0)break;
       code_bit=0x80000000U>>len-1;
       while(len>0&&(code&code_bit)){
         code^=code_bit;

commit mozjs128 for openSUSE:Factory

Reply via email to