Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mujs for openSUSE:Factory checked in at 2022-05-19 22:49:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mujs (Old) and /work/SRC/openSUSE:Factory/.mujs.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mujs" Thu May 19 22:49:19 2022 rev:7 rq:977973 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mujs/mujs.changes 2022-02-17 00:30:50.953430004 +0100 +++ /work/SRC/openSUSE:Factory/.mujs.new.1538/mujs.changes 2022-05-19 22:49:29.962348682 +0200 @@ -1,0 +2,5 @@ +Wed May 18 15:45:51 UTC 2022 - ???????? ???????????? <[email protected]> + +- Added mujs-1.2.0-stack-exhaustion.patch (CVE-2022-30974, boo#1199678). + +------------------------------------------------------------------- New: ---- mujs-1.2.0-stack-exhaustion.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mujs.spec ++++++ --- /var/tmp/diff_new_pack.LTlqKM/_old 2022-05-19 22:49:31.434350569 +0200 +++ /var/tmp/diff_new_pack.LTlqKM/_new 2022-05-19 22:49:31.438350574 +0200 @@ -24,6 +24,7 @@ Group: Development/Languages/C and C++ URL: https://mujs.com Source0: https://mujs.com/downloads/%{name}-%{version}.tar.xz +Patch0: %{name}-1.2.0-stack-exhaustion.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(readline) ++++++ mujs-1.2.0-stack-exhaustion.patch ++++++ diff -Pdpru mujs-1.2.0.orig/jsdump.c mujs-1.2.0/jsdump.c --- mujs-1.2.0.orig/jsdump.c 2021-12-08 14:56:12.000000000 +0300 +++ mujs-1.2.0/jsdump.c 2022-05-18 18:37:44.522227643 +0300 @@ -682,11 +682,13 @@ static void pstmlist(int d, js_Ast *list void jsP_dumpsyntax(js_State *J, js_Ast *prog, int dominify) { minify = dominify; - if (prog->type == AST_LIST) - pstmlist(-1, prog); - else { - pstm(0, prog); - nl(); + if (prog) { + if (prog->type == AST_LIST) + pstmlist(-1, prog); + else { + pstm(0, prog); + nl(); + } } if (minify > 1) putchar('\n'); @@ -768,11 +770,13 @@ static void sblock(int d, js_Ast *list) void jsP_dumplist(js_State *J, js_Ast *prog) { minify = 0; - if (prog->type == AST_LIST) - sblock(0, prog); - else - snode(0, prog); - nl(); + if (prog) { + if (prog->type == AST_LIST) + sblock(0, prog); + else + snode(0, prog); + nl(); + } } /* Compiled code */ diff -Pdpru mujs-1.2.0.orig/regexp.c mujs-1.2.0/regexp.c --- mujs-1.2.0.orig/regexp.c 2021-12-08 14:56:12.000000000 +0300 +++ mujs-1.2.0/regexp.c 2022-05-18 18:32:24.114001044 +0300 @@ -622,25 +622,26 @@ struct Reinst { Reinst *y; }; -static int count(struct cstate *g, Renode *node) +static int count(struct cstate *g, Renode *node, int depth) { int min, max, n; if (!node) return 0; + if (++depth > REG_MAXREC) die(g, "stack overflow"); switch (node->type) { default: return 1; - case P_CAT: return count(g, node->x) + count(g, node->y); - case P_ALT: return count(g, node->x) + count(g, node->y) + 2; + case P_CAT: return count(g, node->x, depth) + count(g, node->y, depth); + case P_ALT: return count(g, node->x, depth) + count(g, node->y, depth) + 2; case P_REP: min = node->m; max = node->n; - if (min == max) n = count(g, node->x) * min; - else if (max < REPINF) n = count(g, node->x) * max + (max - min); - else n = count(g, node->x) * (min + 1) + 2; + if (min == max) n = count(g, node->x, depth) * min; + else if (max < REPINF) n = count(g, node->x, depth) * max + (max - min); + else n = count(g, node->x, depth) * (min + 1) + 2; if (n < 0 || n > REG_MAXPROG) die(g, "program too large"); return n; - case P_PAR: return count(g, node->x) + 2; - case P_PLA: return count(g, node->x) + 2; - case P_NLA: return count(g, node->x) + 2; + case P_PAR: return count(g, node->x, depth) + 2; + case P_PLA: return count(g, node->x, depth) + 2; + case P_NLA: return count(g, node->x, depth) + 2; } } @@ -903,7 +904,7 @@ Reprog *regcompx(void *(*alloc)(void *ct putchar('\n'); #endif - n = 6 + count(&g, node); + n = 6 + count(&g, node, 0); if (n < 0 || n > REG_MAXPROG) die(&g, "program too large");
