diff --git a/CVE-2023-1945.patch b/CVE-2023-1945.patch new file mode 100644 index 0000000000000000000000000000000000000000..7057164a2dceec83816cc51725f1da96218bf89c --- /dev/null +++ b/CVE-2023-1945.patch @@ -0,0 +1,35 @@ +From 7798fafb53081cb22407bc4371247413146fda7b Mon Sep 17 00:00:00 2001 +From: Dimi +Date: Thu, 10 Oct 2024 14:33:37 +0800 +Subject: [PATCH] Init variable length prefix set in constructor. r=timhuang, a=RyanVM + +--- + toolkit/components/url-classifier/LookupCache.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/toolkit/components/url-classifier/LookupCache.cpp b/toolkit/components/url-classifier/LookupCache.cpp +index d0b03054f1..0931c93048 100644 +--- a/toolkit/components/url-classifier/LookupCache.cpp ++++ b/toolkit/components/url-classifier/LookupCache.cpp +@@ -171,7 +171,8 @@ LookupCache::LookupCache(const nsACString& aTableName, + : mPrimed(false), + mTableName(aTableName), + mProvider(aProvider), +- mRootStoreDirectory(aRootStoreDir) { ++ mRootStoreDirectory(aRootStoreDir), ++ mVLPrefixSet(nullptr) { + UpdateRootDirHandle(mRootStoreDirectory); + } + +@@ -192,6 +193,8 @@ nsresult LookupCache::Open() { + } + + nsresult LookupCache::Init() { ++ MOZ_ASSERT(!mVLPrefixSet); ++ + mVLPrefixSet = new VariableLengthPrefixSet(); + nsresult rv = mVLPrefixSet->Init(mTableName); + NS_ENSURE_SUCCESS(rv, rv); +-- +2.27.0 + diff --git a/firefox.spec b/firefox.spec index 72983c47f88e6a33c08de20150557fade6abc468..62a192e061a2388879282155250ca1ddc8a88034 100644 --- a/firefox.spec +++ b/firefox.spec @@ -88,7 +88,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 79.0 -Release: 31 +Release: 32 URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz @@ -212,6 +212,7 @@ Patch668: CVE-2021-29988.patch Patch669: CVE-2021-23998.patch Patch670: CVE-2022-29912.patch Patch671: CVE-2024-0745.patch +Patch672: CVE-2023-1945.patch %if %{?system_nss} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} @@ -418,6 +419,7 @@ tar -xf %{SOURCE3} %patch669 -p1 %patch670 -p1 %patch671 -p1 +%patch672 -p1 %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig @@ -866,6 +868,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Wed Aug 14 2024 happyworker <208suo@208suo.com> - 79.0-32 +- Fix CVE-2023-1945 + * Wed Aug 14 2024 lvfei - 79.0-31 - Fix CVE-2024-0745