Fix CVE-2022-25235 and CVE-2021-45960 Upstream information

CVE-2021-45960.patch

@@ -1,5 +1,5 @@
 From 342c6cc760e273fef7a411a5658594b51957725f Mon Sep 17 00:00:00 2001
-From: lvfei <lvfei@kylinos.cn>
+From: hartwork  <hartwork@gmail.com>
 Date: Thu, 20 Jul 2023 13:46:51 +0800
 Subject: [PATCH] CVE-2021-45960
 

CVE-2022-25235.patch

@@ -1,6 +1,17 @@
-diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c
+From d4c2e1791d93c073308634aa15e5b11fd094c66d Mon Sep 17 00:00:00 2001
---- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235	2022-03-02 17:57:38.364361168 +0100
+From: hartwork  <hartwork@gmail.com>
-+++ firefox-91.7.0/parser/expat/lib/xmltok.c	2022-03-02 17:58:22.235512399 +0100
+Date: Mon, 1 Jul 2024 10:21:06 +0800
+Subject: [PATCH] CVE-2022-25235
+
+---
+ parser/expat/lib/xmltok.c      | 7 -------
+ parser/expat/lib/xmltok_impl.c | 8 ++++++--
+ 2 files changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/parser/expat/lib/xmltok.c b/parser/expat/lib/xmltok.c
+index f01c2fa996..d0e7f7f163 100644
+--- a/parser/expat/lib/xmltok.c
++++ b/parser/expat/lib/xmltok.c
 @@ -65,13 +65,6 @@
                        + ((((byte)[2]) >> 5) & 1)] \
           & (1u << (((byte)[2]) & 0x1F)))
@@ -15,9 +26,10 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-9
  /* Detection of invalid UTF-8 sequences is based on Table 3.1B
     of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
     with the additional restriction of not allowing the Unicode
-diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c
+diff --git a/parser/expat/lib/xmltok_impl.c b/parser/expat/lib/xmltok_impl.c
---- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235	2022-03-02 17:57:38.365361172 +0100
+index 5f779c0571..3bc0d85b8d 100644
-+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c	2022-03-02 18:04:51.240853247 +0100
+--- a/parser/expat/lib/xmltok_impl.c
++++ b/parser/expat/lib/xmltok_impl.c
 @@ -34,7 +34,7 @@
     case BT_LEAD ## n: \
       if (end - ptr < n) \
@@ -36,7 +48,7 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 fire
         *nextTokPtr = ptr; \
         return XML_TOK_INVALID; \
       } \
-@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
+@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
@@ -47,3 +59,6 @@ diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 fire
      if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
        ptr += n; \
        tok = XML_TOK_NAME; \
+-- 
+2.33.0
+

mozjs78.spec

@@ -2,7 +2,7 @@
 
 Name:           mozjs%{major}
 Version:        78.4.0
-Release:        9
+Release:        10
 Summary:        SpiderMonkey JavaScript library
 License:        MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
 URL:            https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey
@@ -31,7 +31,7 @@ Patch15:        CVE-2022-34481.patch
 Patch16:        CVE-2023-29532.patch
 Patch17:        CVE-2022-22740.patch
 Patch18:        CVE-2021-45960.patch
-Patch19:        expat-CVE-2022-25235.patch
+Patch19:        CVE-2022-25235.patch
 
 BuildRequires:  autoconf213 cargo clang-devel gcc gcc-c++ perl-devel pkgconfig(libffi) pkgconfig(zlib) 
 BuildRequires:  python3-devel python3-six readline-devel zip nasm llvm llvm-devel icu rust
@@ -111,6 +111,9 @@ popd
 %doc js/src/README.html
 
 %changelog
+* Mon Jul 01 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-10
+- Fix CVE-2022-25235 and CVE-2021-45960 Upstream information
+
 * Mon Jun 24 2024 lvfei <lvfei@kylinos.cn> - - 78.4.0-9
 - Fix CVE-2022-25235