packages/mozjs78
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix cves

Browse Source 
(cherry picked from commit 1e22ff838e7cc6950de0b8ef8a9606282ed764f1)
This commit is contained in:
sun_hai_10 2024-06-06 16:21:24 +08:00 committed by openeuler-sync-bot
parent 757a0926e0
commit 34b1ddb29f
3 changed files with 1235 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-CVE-2022-34481.patch Normal file
View File

@ -0,0 +1,28 @@
From a928758612e67c4496bd9acf48bf66259c809782 Mon Sep 17 00:00:00 2001
From: Nika Layzell <nika@thelayzells.com>
Date: Tue, 07 Jun 2022 17:06:41
Subject: [PATCH] CVE-2022-34481
Conflict:NA
Reference:https://hg.mozilla.org/mozilla-central/rev/243ca18dc17200998c0c8d21979c15fb930e42fb
---
xpcom/ds/nsTArray.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xpcom/ds/nsTArray.h b/xpcom/ds/nsTArray.h
index 92fe4a4649..10b5241ed1 100644
--- a/xpcom/ds/nsTArray.h
+++ b/xpcom/ds/nsTArray.h
@@ -2461,6 +2461,9 @@ auto nsTArray_Impl<E, Alloc>::ReplaceElementsAtInternal(index_type aStart,
if (MOZ_UNLIKELY(aStart > Length())) {
InvalidArrayIndex_CRASH(aStart, Length());
}
+ if (MOZ_UNLIKELY(aCount > Length() - aStart)) {
+ InvalidArrayIndex_CRASH(aStart + aCount, Length());
+ }
// Adjust memory allocation up-front to catch errors.
if (!ActualAlloc::Successful(this->template EnsureCapacity<ActualAlloc>(
--
2.27.0

1201
backport-CVE-2023-29532.patch Normal file
View File

File diff suppressed because it is too large Load Diff

7
mozjs91.spec
View File

@ -12,7 +12,7 @@
# Big endian platforms # Big endian platforms
Name: mozjs%{major} Name: mozjs%{major}
Version: 91.6.0 Version: 91.6.0
Release: 4 Release: 5
Summary: SpiderMonkey JavaScript library Summary: SpiderMonkey JavaScript library
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries
@ -40,6 +40,8 @@ Patch16: spidermonkey_support_loongarch64.patch
Patch17: backport-CVE-2023-23599.patch Patch17: backport-CVE-2023-23599.patch
Patch18: backport-CVE-2023-23601.patch Patch18: backport-CVE-2023-23601.patch
Patch19: backport-CVE-2023-23602.patch Patch19: backport-CVE-2023-23602.patch
Patch20: backport-CVE-2022-34481.patch
Patch21: backport-CVE-2023-29532.patch
BuildRequires: autoconf213 cargo ccache clang-devel gcc gcc-c++ libtool perl-devel llvm llvm-devel nasm pkgconfig python3-devel python3-setuptools BuildRequires: autoconf213 cargo ccache clang-devel gcc gcc-c++ libtool perl-devel llvm llvm-devel nasm pkgconfig python3-devel python3-setuptools
BuildRequires: python3-six readline-devel zip rust pkgconfig(icu-i18n) >= 67.1 pkgconfig(libffi) pkgconfig(nspr) pkgconfig(zlib) icu BuildRequires: python3-six readline-devel zip rust pkgconfig(icu-i18n) >= 67.1 pkgconfig(libffi) pkgconfig(nspr) pkgconfig(zlib) icu
@ -211,6 +213,9 @@ popd
%{_includedir}/mozjs-%{major}/ %{_includedir}/mozjs-%{major}/
%changelog %changelog
* Thu Jun 06 2024 sunhai <sunhai10@huawei.com> - 91.6.0-5
- fix CVEs
* Thu Mar 21 2024 sunhai <sunhai10@huawei.com> - 91.6.0-4 * Thu Mar 21 2024 sunhai <sunhai10@huawei.com> - 91.6.0-4
- fix CVEs - fix CVEs