packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!69 Fix for expat CVE-2022-40674

Browse Source 
From: @wk333 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2022-10-21 11:21:10 +00:00 committed by Gitee
commit dd8756f414
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
expat-CVE-2022-40674.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@@ -5652,12 +5652,18 @@
else
#endif /* XML_DTD */
{
processor = contentProcessor;
/* see externalEntityContentProcessor vs contentProcessor */
- return doContent(parser, parentParser ? 1 : 0, encoding, s, end,
- nextPtr, (XML_Bool)!ps_finalBuffer);
+ result = doContent(parser, parser->m_parentParser ? 1 : 0,
+ parser->m_encoding, s, end, nextPtr,
+ (XML_Bool)! parser->m_parsingStatus.finalBuffer);
+ if (result == XML_ERROR_NONE) {
+ if (! storeRawNames(parser))
+ return XML_ERROR_NO_MEMORY;
+ }
+ return result;
}
}
static enum XML_Error PTRCALL
errorProcessor(XML_Parser parser,

8
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 8 Release: 9
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -190,6 +190,8 @@ Patch642: expat-CVE-2022-25235.patch
Patch643: expat-CVE-2022-25236.patch Patch643: expat-CVE-2022-25236.patch
# https://github.com/libexpat/libexpat/pull/559 # https://github.com/libexpat/libexpat/pull/559
Patch644: expat-CVE-2022-25315.patch Patch644: expat-CVE-2022-25315.patch
# https://github.com/libexpat/libexpat/pull/629
Patch645: expat-CVE-2022-40674.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
BuildRequires: nss-static >= %{nss_version} BuildRequires: nss-static >= %{nss_version}
@ -368,6 +370,7 @@ tar -xf %{SOURCE3}
%patch642 -p1 %patch642 -p1
%patch643 -p1 %patch643 -p1
%patch644 -p1 %patch644 -p1
%patch645 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig echo "ac_add_options --enable-default-toolkit=cairo-gtk3-wayland" >> .mozconfig
@ -815,6 +818,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Thu Oct 20 2022 wangkai <wangkai385@h-partners.com> - 79.0-9
- Fix for expat CVE-2022-40674
* Thu Mar 17 2022 wangkai <wangkai385@huawei.com> - 79.0-8 * Thu Mar 17 2022 wangkai <wangkai385@huawei.com> - 79.0-8
- Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315