!16 [sync] PR-15: Fix CVE-2023-6209

From: @openeuler-sync-bot Reviewed-by: @open-bot Signed-off-by: @open-bot
2024-07-10 07:03:51 +00:00 · 2024-07-10 07:03:51 +00:00 · eb663f1092
commit eb663f1092
parent 230678289b e51148c306
2 changed files with 38 additions and 1 deletions
--- a/CVE-2023-6209.patch
+++ b/CVE-2023-6209.patch
@ -0,0 +1,33 @@
+From f8389177cbce4fe098042850ada25feb7e6ba5a7 Mon Sep 17 00:00:00 2001
+From: Valentin Gosu <valentin.gosu@gmail.com>
+Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
+Subject: [PATCH] CVE-2023-6209
+
+---
+ netwerk/base/nsStandardURL.cpp | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
+index b1b3ba1ef4..14aa8d5a5d 100644
+--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
+@@ -2707,7 +2707,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
+     // locate result path
+     resultPath = strstr(result, "://");
+     if (resultPath) {
+-      resultPath = strchr(resultPath + 3, '/');
+            // If there are multiple slashes after :// we must ignore them
+      // otherwise net_CoalesceDirs may think the host is a part of the path.
+      resultPath += 3;
+      if (protocol.IsEmpty() && Scheme() != "file") {
+        while (*resultPath == '/') {
+          resultPath++;
+        }
+      }
+      resultPath = strchr(resultPath, '/');
+       if (resultPath) {
+         net_CoalesceDirs(coalesceFlag, resultPath);
+       }
+-- 
+2.33.0
+
--- a/mozjs102.spec
+++ b/mozjs102.spec
@ -24,7 +24,7 @@

 Name:           mozjs%{major}
 Version:        102.9.0
-Release:        4
+Release:        5
 Summary:        SpiderMonkey JavaScript library
 License:        MPL-2.0 AND Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-3.0-or-later
 URL:            https://hg.mozilla.org/releases/mozilla-esr102
@ -62,6 +62,7 @@ Patch21:        0001-Skip-failing-tests-on-ppc64-and-s390x.patch
 # riscv64 sipdermonkey jit
 Patch22:        spidermonkey-riscv64-plct.patch
 Patch23:        CVE-2023-44488.patch
+Patch25:        CVE-2023-6209.patch


 # mold
@ -254,6 +255,9 @@ ln -s libmozjs-%{major}.so.0 %{buildroot}%{_libdir}/libmozjs-%{major}.so
 %{_includedir}/mozjs-%{major}/

 %changelog
+* Wed Jul 10 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-5
+- Fix CVE-2023-6209
+
 * Tue Jun 25 2024 lvfei <lvfei@kylinos.cn> - 102.9.0-4
 - Fix CVE-2023-44488.patch