packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

expat CVE-2022-43680

Browse Source 
(cherry picked from commit e7b0b9a6b5e25a35fb8e4accf6d211bb8226db97)
This commit is contained in:
lvfei 2022-11-17 21:37:23 -05:00 committed by openeuler-sync-bot
parent dd8756f414
commit 6afa814cf4
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
expat-CVE-2022-43680.patch Normal file
View File

@ -0,0 +1,17 @@
--- firefox-79.0/parser/expat/lib/xmlparse.c.cve-2022-43680 2022-11-18 10:00:58.441551281 +0800
+++ firefox-79.0/parser/expat/lib/xmlparse.c 2022-11-18 10:05:30.523029488 +0800
@@ -1004,6 +1004,14 @@ parserCreate(const XML_Char *encodingNam
parserInit(parser, encodingName);
if (encodingName && !protocolEncodingName) {
+ if (dtd) {
+ // We need to stop the upcoming call to XML_ParserFree from happily
+ // destroying parser->m_dtd because the DTD is shared with the parent
+ // parser and the only guard that keeps XML_ParserFree from destroying
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+ parser->m_dtd = NULL;
+ }
XML_ParserFree(parser);
return NULL;
}

12
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 9 Release: 10
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -192,6 +192,10 @@ Patch643: expat-CVE-2022-25236.patch
Patch644: expat-CVE-2022-25315.patch Patch644: expat-CVE-2022-25315.patch
# https://github.com/libexpat/libexpat/pull/629 # https://github.com/libexpat/libexpat/pull/629
Patch645: expat-CVE-2022-40674.patch Patch645: expat-CVE-2022-40674.patch
# https://github.com/libexpat/libexpat/pull/650
Patch646: expat-CVE-2022-43680.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
BuildRequires: nss-static >= %{nss_version} BuildRequires: nss-static >= %{nss_version}
@ -371,6 +375,9 @@ tar -xf %{SOURCE3}
%patch643 -p1 %patch643 -p1
%patch644 -p1 %patch644 -p1
%patch645 -p1 %patch645 -p1
%patch646 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig
@ -818,6 +825,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Fri Nov 18 2022 lvfei <lvfei@kylinos.cn> - 79.0-10
- Fix fox expat CVE-2022-43680
* Thu Oct 20 2022 wangkai <wangkai385@h-partners.com> - 79.0-9 * Thu Oct 20 2022 wangkai <wangkai385@h-partners.com> - 79.0-9
- Fix for expat CVE-2022-40674 - Fix for expat CVE-2022-40674