Fix CVE-2023-6209

2024-07-10 09:49:49 +08:00 · 2024-07-10 09:49:49 +08:00 · 4c2fddb6d4
commit 4c2fddb6d4
parent 8a4fc6a246
2 changed files with 40 additions and 2 deletions
--- a/CVE-2023-6209.patch
+++ b/CVE-2023-6209.patch
@ -0,0 +1,33 @@
+From bd28c4f6d37732480925ba56c72de8a223f9f993 Mon Sep 17 00:00:00 2001
+From: Valentin Gosu <valentin.gosu@gmail.com>
+Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
+Subject: [PATCH] CVE-2023-6209
+
+---
+ netwerk/base/nsStandardURL.cpp | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
+index df4188b500..2c02ae59aa 100644
+--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
+@@ -2567,7 +2567,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
+     // locate result path
+     resultPath = PL_strstr(result, "://");
+     if (resultPath) {
+-      resultPath = PL_strchr(resultPath + 3, '/');
+      // If there are multiple slashes after :// we must ignore them
+      // otherwise net_CoalesceDirs may think the host is a part of the path.
+      resultPath += 3;
+      if (protocol.IsEmpty() && Scheme() != "file") {
+        while (*resultPath == '/') {
+          resultPath++;
+        }
+      }
+      resultPath = strchr(resultPath, '/');
+       if (resultPath) {
+         net_CoalesceDirs(coalesceFlag, resultPath);
+       }
+-- 
+2.33.0
+
--- a/firefox.spec
+++ b/firefox.spec
@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             23
+Release:             24
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -202,6 +202,7 @@ Patch658:            CVE-2020-26971.patch
 Patch659:            CVE-2021-29946.patch
 Patch660:            CVE-2022-34481.patch
 Patch661:            CVE-2020-26979.patch
+Patch662:            CVE-2023-6209.patch

 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -398,6 +399,7 @@ tar -xf %{SOURCE3}
 %patch659 -p1
 %patch660 -p1
 %patch661 -p1
+%patch662 -p1

 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@ -846,6 +848,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif

 %changelog
+* Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-24
+- Fix CVE-2023-6209
+
 * Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-23
 - Fix CVE-2020-26979

@ -911,7 +916,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 - Fix CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15667
  CVE-2020-15668 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678

-* Thu Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
+* Sat Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
 - Fix firefox downgrade error

 * Thu Oct 29 2020 caodongxia <caodongxia@huawei.com> - 79.0-2