expat CVE-2022-43680

(cherry picked from commit e7b0b9a6b5e25a35fb8e4accf6d211bb8226db97)
2022-11-17 21:37:23 -05:00 · 2022-11-17 21:37:23 -05:00 · 6afa814cf4
commit 6afa814cf4
parent dd8756f414
2 changed files with 28 additions and 1 deletions
--- a/expat-CVE-2022-43680.patch
+++ b/expat-CVE-2022-43680.patch
@ -0,0 +1,17 @@
+--- firefox-79.0/parser/expat/lib/xmlparse.c.cve-2022-43680	2022-11-18 10:00:58.441551281 +0800
+++ firefox-79.0/parser/expat/lib/xmlparse.c	2022-11-18 10:05:30.523029488 +0800
+@@ -1004,6 +1004,14 @@ parserCreate(const XML_Char *encodingNam
+   parserInit(parser, encodingName);
+ 
+   if (encodingName && !protocolEncodingName) {
+    if (dtd) {
+      // We need to stop the upcoming call to XML_ParserFree from happily
+      // destroying parser->m_dtd because the DTD is shared with the parent
+      // parser and the only guard that keeps XML_ParserFree from destroying
+      // parser->m_dtd is parser->m_isParamEntity but it will be set to
+      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+      parser->m_dtd = NULL;
+    }
+     XML_ParserFree(parser);
+     return NULL;
+   }
--- a/firefox.spec
+++ b/firefox.spec
@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             9
+Release:             10
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -192,6 +192,10 @@ Patch643:            expat-CVE-2022-25236.patch
 Patch644:            expat-CVE-2022-25315.patch
 # https://github.com/libexpat/libexpat/pull/629
 Patch645:            expat-CVE-2022-40674.patch
+# https://github.com/libexpat/libexpat/pull/650
+Patch646:            expat-CVE-2022-43680.patch
+
+
 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
 BuildRequires:       nss-static >= %{nss_version}
@ -371,6 +375,9 @@ tar -xf %{SOURCE3}
 %patch643 -p1
 %patch644 -p1
 %patch645 -p1
+%patch646 -p1
+
+
 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
 echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig
@ -818,6 +825,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif

 %changelog
+* Fri Nov 18 2022 lvfei <lvfei@kylinos.cn>  - 79.0-10
+- Fix fox expat CVE-2022-43680
+
 * Thu Oct 20 2022 wangkai <wangkai385@h-partners.com> - 79.0-9
 - Fix for expat CVE-2022-40674