packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!179 CVE-2023-6209

Browse Source 
From: @jackssir 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-07-10 06:19:26 +00:00 committed by Gitee
commit 6e54e4b2b1
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2023-6209.patch Normal file
View File

@ -0,0 +1,33 @@
From bd28c4f6d37732480925ba56c72de8a223f9f993 Mon Sep 17 00:00:00 2001
From: Valentin Gosu <valentin.gosu@gmail.com>
Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
Subject: [PATCH] CVE-2023-6209
---
netwerk/base/nsStandardURL.cpp | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index df4188b500..2c02ae59aa 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -2567,7 +2567,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
// locate result path
resultPath = PL_strstr(result, "://");
if (resultPath) {
- resultPath = PL_strchr(resultPath + 3, '/');
+ // If there are multiple slashes after :// we must ignore them
+ // otherwise net_CoalesceDirs may think the host is a part of the path.
+ resultPath += 3;
+ if (protocol.IsEmpty() && Scheme() != "file") {
+ while (*resultPath == '/') {
+ resultPath++;
+ }
+ }
+ resultPath = strchr(resultPath, '/');
if (resultPath) {
net_CoalesceDirs(coalesceFlag, resultPath);
}
--
2.33.0

9
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 23 Release: 24
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -202,6 +202,7 @@ Patch658: CVE-2020-26971.patch
Patch659: CVE-2021-29946.patch Patch659: CVE-2021-29946.patch
Patch660: CVE-2022-34481.patch Patch660: CVE-2022-34481.patch
Patch661: CVE-2020-26979.patch Patch661: CVE-2020-26979.patch
Patch662: CVE-2023-6209.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -398,6 +399,7 @@ tar -xf %{SOURCE3}
%patch659 -p1 %patch659 -p1
%patch660 -p1 %patch660 -p1
%patch661 -p1 %patch661 -p1
%patch662 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
@ -846,6 +848,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-24
- Fix CVE-2023-6209
* Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-23 * Wed Jun 5 2024 lvfei <lvfei@kylinos.cn> - 79.0-23
- Fix CVE-2020-26979 - Fix CVE-2020-26979
@ -911,7 +916,7 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
- Fix CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15667 - Fix CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15667
CVE-2020-15668 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15668 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
* Thu Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3 * Sat Nov 28 2020 Jeffery.Gao <gaojianxing@huawei.com> - 79.0-3
- Fix firefox downgrade error - Fix firefox downgrade error
* Thu Oct 29 2020 caodongxia <caodongxia@huawei.com> - 79.0-2 * Thu Oct 29 2020 caodongxia <caodongxia@huawei.com> - 79.0-2