diff --git a/CVE-2021-43539.patch b/CVE-2021-43539.patch new file mode 100644 index 0000000000000000000000000000000000000000..c6bd7846f7892c2c8a875bc1be854eb957480257 --- /dev/null +++ b/CVE-2021-43539.patch @@ -0,0 +1,61 @@ +From 1784bcb159d7dd8c65f6c016dcca6ed5b2982d2b Mon Sep 17 00:00:00 2001 +From: Asumu Takikawa +Date: Mon, 15 Nov 2021 16:26:57 +0000 (2021-11-16) +Subject: [PATCH] CVE-2021-43539 + +--- + js/src/jit/CodeGenerator.cpp | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp +index 81e723f196..a703024aa1 100644 +--- a/js/src/jit/CodeGenerator.cpp ++++ b/js/src/jit/CodeGenerator.cpp +@@ -7914,35 +7914,36 @@ void CodeGenerator::visitWasmCall(LWasmCall* lir) { + + const wasm::CallSiteDesc& desc = mir->desc(); + const wasm::CalleeDesc& callee = mir->callee(); ++ CodeOffset retOffset; + switch (callee.which()) { + case wasm::CalleeDesc::Func: +- masm.call(desc, callee.funcIndex()); ++ retOffset = masm.call(desc, callee.funcIndex()); + reloadRegs = false; + switchRealm = false; + break; + case wasm::CalleeDesc::Import: +- masm.wasmCallImport(desc, callee); ++ retOffset = masm.wasmCallImport(desc, callee); + break; + case wasm::CalleeDesc::AsmJSTable: + case wasm::CalleeDesc::WasmTable: +- masm.wasmCallIndirect(desc, callee, needsBoundsCheck); ++ retOffset = masm.wasmCallIndirect(desc, callee, needsBoundsCheck); + reloadRegs = switchRealm = callee.which() == wasm::CalleeDesc::WasmTable; + break; + case wasm::CalleeDesc::Builtin: +- masm.call(desc, callee.builtin()); ++ retOffset = masm.call(desc, callee.builtin()); + reloadRegs = false; + switchRealm = false; + break; + case wasm::CalleeDesc::BuiltinInstanceMethod: +- masm.wasmCallBuiltinInstanceMethod(desc, mir->instanceArg(), +- callee.builtin(), +- mir->builtinMethodFailureMode()); ++ retOffset = masm.wasmCallBuiltinInstanceMethod( ++ desc, mir->instanceArg(), callee.builtin(), ++ mir->builtinMethodFailureMode()); + switchRealm = false; + break; + } + + // Note the assembler offset for the associated LSafePoint. +- markSafepointAt(masm.currentOffset(), lir); ++ markSafepointAt(retOffset.offset(), lir); + + // Now that all the outbound in-memory args are on the stack, note the + // required lower boundary point of the associated StackMap. +-- +2.33.0 + diff --git a/firefox.spec b/firefox.spec index 6b7945bdbfbd8b37b57cee95c87171e38596a982..fa3c131654c729d4ccc3de9469274ccc06f1fc62 100644 --- a/firefox.spec +++ b/firefox.spec @@ -88,7 +88,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 79.0 -Release: 33 +Release: 34 URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz @@ -214,6 +214,7 @@ Patch670: CVE-2022-29912.patch Patch671: CVE-2024-0745.patch Patch672: CVE-2023-1945.patch Patch673: CVE-2021-29970.patch +Patch674: CVE-2021-43539.patch %if %{?system_nss} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} @@ -422,6 +423,7 @@ tar -xf %{SOURCE3} %patch671 -p1 %patch672 -p1 %patch673 -p1 +%patch674 -p1 %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig @@ -870,6 +872,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Wed Nov 06 2024 lvfei - 79.0-34 +- Fix CVE-2021-43539 + * Fri Nov 01 2024 lvfei - 79.0-33 - Fix CVE-2021-29970