CVE-2022-25235

2024-06-25 09:53:37 +08:00 · 2024-06-25 09:53:37 +08:00 · b3e0d7e401
commit b3e0d7e401
parent 7d3752b65b
2 changed files with 54 additions and 1 deletions
--- a/expat-CVE-2022-25235.patch
+++ b/expat-CVE-2022-25235.patch
@ -0,0 +1,49 @@
+diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c
+--- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235	2022-03-02 17:57:38.364361168 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok.c	2022-03-02 17:58:22.235512399 +0100
+@@ -65,13 +65,6 @@
+                       + ((((byte)[2]) >> 5) & 1)] \
+          & (1u << (((byte)[2]) & 0x1F)))
+ 
+-#define UTF8_GET_NAMING(pages, p, n) \
+-  ((n) == 2 \
+-  ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
+-  : ((n) == 3 \
+-     ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
+-     : 0))
+-
+ /* Detection of invalid UTF-8 sequences is based on Table 3.1B
+    of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
+    with the additional restriction of not allowing the Unicode
+diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c
+--- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235	2022-03-02 17:57:38.365361172 +0100
+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c	2022-03-02 18:04:51.240853247 +0100
+@@ -34,7 +34,7 @@
+    case BT_LEAD ## n: \
+      if (end - ptr < n) \
+        return XML_TOK_PARTIAL_CHAR; \
+-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
+        *nextTokPtr = ptr; \
+        return XML_TOK_INVALID; \
+      } \
+@@ -62,7 +62,7 @@
+    case BT_LEAD ## n: \
+      if (end - ptr < n) \
+        return XML_TOK_PARTIAL_CHAR; \
+-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
+        *nextTokPtr = ptr; \
+        return XML_TOK_INVALID; \
+      } \
+@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
+   case BT_LEAD ## n: \
+     if (end - ptr < n) \
+       return XML_TOK_PARTIAL_CHAR; \
+    if (IS_INVALID_CHAR(enc, ptr, n)) {                                        \
+      *nextTokPtr = ptr;                                                       \
+      return XML_TOK_INVALID;                                                  \
+    }                                                                          \
+     if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
+       ptr += n; \
+       tok = XML_TOK_NAME; \
--- a/mozjs78.spec
+++ b/mozjs78.spec
@ -2,7 +2,7 @@

 Name:           mozjs%{major}
 Version:        78.4.0
-Release:        8
+Release:        9
 Summary:        SpiderMonkey JavaScript library
 License:        MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
 URL:            https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
@ -31,6 +31,7 @@ Patch15:        CVE-2022-34481.patch
 Patch16:        CVE-2023-29532.patch
 Patch17:        CVE-2022-22740.patch
 Patch18:        CVE-2021-45960.patch
+Patch19:        expat-CVE-2022-25235.patch

 BuildRequires:  autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib) 
 BuildRequires:  python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust
@ -110,6 +111,9 @@ popd
 %doc js/src/README.html

 %changelog
+* Mon Jun 24 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-9
+- Fix CVE-2022-25235
+
 * Thu Jun 13 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-8
 - Fix CVE-2021-45960