change the mozjs52 to mozjs68 in buildRequires

2020-10-27 21:33:39 +08:00 · 2020-10-27 21:33:39 +08:00 · 283919e757
commit 283919e757
parent a1ac30c5e1
5 changed files with 273 additions and 2 deletions
--- a/libproxy-0.4.15-mozjs-use-after-free.patch
+++ b/libproxy-0.4.15-mozjs-use-after-free.patch
@ -0,0 +1,38 @@
+From 738785214546ec5bb772886019529b2a6519deaf Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 1 May 2020 19:04:22 +0100
+Subject: [PATCH] mozjs: Avoid use-after-free
+
+If we don't assign the temporary std::string returned by
+url_.to_string() to a variable, then it immediately goes out of scope
+and is freed, resulting in the result of c_str() pointing into freed
+memory. This works about as well as you would expect.
+
+Signed-off-by: Simon McVittie <smcv@debian.org>
+---
+ libproxy/modules/pacrunner_mozjs.cpp | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
+index ade6d0a..aac6531 100644
+--- a/libproxy/modules/pacrunner_mozjs.cpp
+++ b/libproxy/modules/pacrunner_mozjs.cpp
+@@ -175,14 +175,11 @@ class mozjs_pacrunner : public pacrunner {
+ 
+ 	string run(const url& url_) throw (bad_alloc) {
+ 		// Build arguments to the FindProxyForURL() function
+-		const char *tmpurl  = url_.to_string().c_str();
+-		const char *tmphost = url_.get_host().c_str();
+-		if (!tmpurl || !tmphost) {
+-			throw bad_alloc();
+-		}
+		string tmpurl(url_.to_string());
+		string tmphost(url_.get_host());
+ 		JS::AutoValueArray<2> args(this->jsctx);
+-		args[0].setString(JS_NewStringCopyZ(this->jsctx, tmpurl));
+-		args[1].setString(JS_NewStringCopyZ(this->jsctx, tmphost));
+		args[0].setString(JS_NewStringCopyZ(this->jsctx, tmpurl.c_str()));
+		args[1].setString(JS_NewStringCopyZ(this->jsctx, tmphost.c_str()));
+ 
+ 		// Find the proxy (call FindProxyForURL())
+ 		JS::RootedValue rval(this->jsctx);
--- a/libproxy-0.4.15-mozjs52.patch
+++ b/libproxy-0.4.15-mozjs52.patch
@ -99,3 +99,26 @@ index a70b2e9..ed07c69 100644
 	JSContext *jsctx;
 	JS::Heap<JSObject*> *jsglb;
 	JSAutoCompartment *jsac;
+From a9b052c6e30101fb0b702917f245a3e2a2f08366 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Tue, 2 Oct 2018 10:22:56 +0200
+Subject: [PATCH] Add call to JS::InitSelfHostedCode()
+
+This is needed otherwise mozjs crashes
+---
+ libproxy/modules/pacrunner_mozjs.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
+index ed07c69..38e7d46 100644
+--- a/libproxy/modules/pacrunner_mozjs.cpp
+++ b/libproxy/modules/pacrunner_mozjs.cpp
+@@ -118,6 +118,8 @@ class mozjs_pacrunner : public pacrunner {
+ 		// Initialize Javascript context
+ 		if (!(this->jsctx = JS_NewContext(1024 * 1024)))     goto error;
+ 		{
+			if (!JS::InitSelfHostedCode(this->jsctx)) goto error;
+
+ 			JS::RootedValue  rval(this->jsctx);
+ 			JS::CompartmentOptions compart_opts;
+ 
--- a/libproxy-0.4.15-mozjs60.patch
+++ b/libproxy-0.4.15-mozjs60.patch
@ -0,0 +1,23 @@
+From 1600c6af7ed775d4ccbb239937acd92ef7162409 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Sun, 9 Dec 2018 16:07:55 +0100
+Subject: [PATCH] Build with mozjs 60 instead
+
+This seems enough to make it work with mozjs 60
+---
+ libproxy/cmake/modules/pacrunner_mozjs.cmk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libproxy/cmake/modules/pacrunner_mozjs.cmk b/libproxy/cmake/modules/pacrunner_mozjs.cmk
+index 20857fb..871cc85 100644
+--- a/libproxy/cmake/modules/pacrunner_mozjs.cmk
+++ b/libproxy/cmake/modules/pacrunner_mozjs.cmk
+@@ -9,7 +9,7 @@ if(WIN32)
+ elseif(NOT APPLE)
+   option(WITH_MOZJS "Search for MOZJS package" ON)
+   if (WITH_MOZJS)
+-    pkg_search_module(MOZJS mozjs-52)
+    pkg_search_module(MOZJS mozjs-60)
+     if(MOZJS_FOUND)
+       include_directories(${MOZJS_INCLUDE_DIRS})
+       link_directories(${MOZJS_LIBRARY_DIRS})
--- a/libproxy-0.4.15-mozjs68.patch
+++ b/libproxy-0.4.15-mozjs68.patch
@ -0,0 +1,180 @@
+From 6c9e48accddb90eef8412bef3ccc29594935d3b3 Mon Sep 17 00:00:00 2001
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Wed, 11 Mar 2020 11:54:52 +0000
+Subject: [PATCH] mozjs: Port to mozjs 68
+
+There are a number of API changes that need to be adapted to, notably
+
+  - JS_EncodeString is gone; need to use JS_EncodeStringToUTF8 now which
+    requires a rooted object to be passed in.
+  - JS_free is gone
+
+The pkg-config file ships some flags which need to be supplied to the
+build.
+---
+ libproxy/cmake/modules/pacrunner_mozjs.cmk |  6 ++-
+ libproxy/modules/pacrunner_mozjs.cpp       | 56 ++++++++++++++--------
+ 2 files changed, 41 insertions(+), 21 deletions(-)
+
+diff --git a/libproxy/cmake/modules/pacrunner_mozjs.cmk b/libproxy/cmake/modules/pacrunner_mozjs.cmk
+index 871cc85..2cc3c51 100644
+--- a/libproxy/cmake/modules/pacrunner_mozjs.cmk
+++ b/libproxy/cmake/modules/pacrunner_mozjs.cmk
+@@ -9,8 +9,12 @@ if(WIN32)
+ elseif(NOT APPLE)
+   option(WITH_MOZJS "Search for MOZJS package" ON)
+   if (WITH_MOZJS)
+-    pkg_search_module(MOZJS mozjs-60)
+    pkg_search_module(MOZJS mozjs-68)
+     if(MOZJS_FOUND)
+      foreach(OPT ${MOZJS_CFLAGS})
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${OPT}")
+      endforeach()
+      message("mozjs is " ${CMAKE_CXX_FLAGS})
+       include_directories(${MOZJS_INCLUDE_DIRS})
+       link_directories(${MOZJS_LIBRARY_DIRS})
+     else()
+diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
+index 38e7d46..37e1b42 100644
+--- a/libproxy/modules/pacrunner_mozjs.cpp
+++ b/libproxy/modules/pacrunner_mozjs.cpp
+@@ -37,6 +37,9 @@ using namespace libproxy;
+ #pragma GCC diagnostic error "-Winvalid-offsetof"
+ #include <js/Initialization.h>
+ #include <js/CallArgs.h>
+#include <js/CompilationAndEvaluation.h>
+#include <js/MemoryFunctions.h>
+#include <js/SourceText.h>
+ 
+ #include "pacutils.h"
+ 
+@@ -49,19 +52,21 @@ using namespace libproxy;
+ #endif
+ 
+ static void dnsResolve_(JSContext *cx, JSString *hostname, JS::CallArgs *argv) {
+	char *tmp;
+ 	// Get hostname argument
+-	char *tmp = JS_EncodeString(cx, hostname);
+	JS::RootedString str(cx, hostname);
+	JS::UniqueChars chars = JS_EncodeStringToUTF8(cx, str);
+	const char *val = chars.get();
+ 
+ 	// Set the default return value
+ 	argv->rval().setNull();
+ 
+ 	// Look it up
+ 	struct addrinfo *info = nullptr;
+-	if (getaddrinfo(tmp, NULL, NULL, &info))
+	if (getaddrinfo(val, NULL, NULL, &info))
+ 		goto out;
+ 
+ 	// Allocate the IP address
+-	JS_free(cx, tmp);
+ 	tmp = (char *) JS_malloc(cx, INET6_ADDRSTRLEN+1);
+ 	memset(tmp, 0, INET6_ADDRSTRLEN+1);
+ 
+@@ -77,7 +82,6 @@ static void dnsResolve_(JSContext *cx, JSString *hostname, JS::CallArgs *argv) {
+ 
+ 	out:
+ 		if (info) freeaddrinfo(info);
+-		JS_free(cx, tmp);
+ }
+ 
+ static bool dnsResolve(JSContext *cx, unsigned argc, JS::Value *vp) {
+@@ -121,29 +125,40 @@ class mozjs_pacrunner : public pacrunner {
+ 			if (!JS::InitSelfHostedCode(this->jsctx)) goto error;
+ 
+ 			JS::RootedValue  rval(this->jsctx);
+-			JS::CompartmentOptions compart_opts;
+			JS::RealmOptions realm_opts;
+ 
+ 			this->jsglb = new JS::Heap<JSObject*>(JS_NewGlobalObject(
+ 								  this->jsctx, &cls,
+ 								  nullptr, JS::DontFireOnNewGlobalHook,
+-								  compart_opts));
+								  realm_opts));
+ 
+ 			if (!(this->jsglb)) goto error;
+ 			JS::RootedObject global(this->jsctx,this->jsglb->get());
+-			if (!(this->jsac = new JSAutoCompartment(this->jsctx,  global))) goto error;
+-			if (!JS_InitStandardClasses(this->jsctx, global))            goto error;
+			if (!(this->jsar = new JSAutoRealm(this->jsctx,  global))) goto error;
+ 
+ 			// Define Javascript functions
+ 			JS_DefineFunction(this->jsctx, global, "dnsResolve", dnsResolve, 1, 0);
+ 			JS_DefineFunction(this->jsctx, global, "myIpAddress", myIpAddress, 0, 0);
+ 			JS::CompileOptions options(this->jsctx);
+-			options.setUTF8(true);
+ 
+-			JS::Evaluate(this->jsctx, options, JAVASCRIPT_ROUTINES,
+-				     strlen(JAVASCRIPT_ROUTINES), JS::MutableHandleValue(&rval));
+			JS::SourceText<mozilla::Utf8Unit> routines, pac_source;
+			if (!routines.init(this->jsctx,
+					   JAVASCRIPT_ROUTINES,
+					   strlen(JAVASCRIPT_ROUTINES),
+					   JS::SourceOwnership::Borrowed))
+				goto error;
+
+			if (!pac_source.init(this->jsctx,
+					     pac.c_str(),
+					     pac.length(),
+					     JS::SourceOwnership::Borrowed))
+				goto error;
+
+
+			JS::Evaluate(this->jsctx, options, routines, JS::MutableHandleValue(&rval));
+ 
+ 			// Add PAC to the environment
+-			JS::Evaluate(this->jsctx, options, pac.c_str(), pac.length(), JS::MutableHandleValue(&rval));
+			JS::Evaluate(this->jsctx, options, pac_source, JS::MutableHandleValue(&rval));
+ 			return;
+ 		}
+ 		error:
+@@ -152,7 +167,7 @@ class mozjs_pacrunner : public pacrunner {
+ 	}
+ 
+ 	~mozjs_pacrunner() {
+-		if (this->jsac) delete this->jsac;
+		if (this->jsar) delete this->jsar;
+ 		if (this->jsglb) delete this->jsglb;
+ 		if (this->jsctx) JS_DestroyContext(this->jsctx);
+ 		JS_ShutDown();
+@@ -160,11 +175,9 @@ class mozjs_pacrunner : public pacrunner {
+ 
+ 	string run(const url& url_) throw (bad_alloc) {
+ 		// Build arguments to the FindProxyForURL() function
+-		char *tmpurl  = JS_strdup(this->jsctx, url_.to_string().c_str());
+-		char *tmphost = JS_strdup(this->jsctx, url_.get_host().c_str());
+		const char *tmpurl  = url_.to_string().c_str();
+		const char *tmphost = url_.get_host().c_str();
+ 		if (!tmpurl || !tmphost) {
+-			if (tmpurl) JS_free(this->jsctx, tmpurl);
+-			if (tmphost) JS_free(this->jsctx, tmphost);
+ 			throw bad_alloc();
+ 		}
+ 		JS::AutoValueArray<2> args(this->jsctx);
+@@ -176,10 +189,13 @@ class mozjs_pacrunner : public pacrunner {
+ 		JS::RootedObject global(this->jsctx,this->jsglb->get());
+ 		bool result = JS_CallFunctionName(this->jsctx, global, "FindProxyForURL", args, &rval);
+ 		if (!result) return "";
+		if (!rval.isString())
+			return "";
+ 
+-		char * tmpanswer = JS_EncodeString(this->jsctx, rval.toString());
+		JS::RootedString s(this->jsctx, rval.toString());
+		JS::UniqueChars chars = JS_EncodeStringToUTF8(this->jsctx, s);
+		const char *tmpanswer = chars.get();
+ 		string answer = string(tmpanswer);
+-		JS_free(this->jsctx, tmpanswer);
+ 
+ 		if (answer == "undefined") return "";
+ 		return answer;
+@@ -188,7 +204,7 @@ class mozjs_pacrunner : public pacrunner {
+ private:
+ 	JSContext *jsctx;
+ 	JS::Heap<JSObject*> *jsglb;
+-	JSAutoCompartment *jsac;
+	JSAutoRealm *jsar;
+ };
+ 
+ PX_PACRUNNER_MODULE_EZ(mozjs, "JS_DefineFunction", "mozjs");
--- a/libproxy.spec
+++ b/libproxy.spec
@ -1,6 +1,6 @@
 Name:           libproxy
 Version:        0.4.15
-Release:        15
+Release:        16
 Summary:        Libproxy is a library that provides automatic proxy configuration management

 License:        LGPLv2+
@ -15,9 +15,13 @@ Patch1:         libproxy-0.4.11-crash.patch
 Patch2:         libproxy-0.4.15-python3738.patch
 Patch3:         libproxy-0.4.15-mozjs52.patch
 Patch4:         Fix-buffer-overflow-when-PAC-is-enabled.patch 
+Patch5: 	libproxy-0.4.15-mozjs60.patch
+Patch6:		libproxy-0.4.15-mozjs68.patch
+Patch7:		libproxy-0.4.15-mozjs-use-after-free.patch
+

 BuildRequires:  cmake >= 2.6.0 gcc-c++
-BuildRequires:  pkgconfig(gio-2.0) >= 2.26 pkgconfig(mozjs-52) pkgconfig(libnm) python2-devel python3-devel
+BuildRequires:  pkgconfig(gio-2.0) >= 2.26 pkgconfig(mozjs-68) pkgconfig(libnm) python2-devel python3-devel
 BuildRequires:  pkgconfig(dbus-1) pkgconfig(javascriptcoregtk-4.0) 

 Provides:       %{name}-bin %{name}-gnome %{name}-kde %{name}-mozjs %{name}-networkmanager %{name}-pacrunner 
@ -123,6 +127,9 @@ make test
 %{_mandir}/man1/proxy.1*

 %changelog
+* Tue Oct 27 orange-snn <songnannan2@huawei.com> - 0.4.15-16
+- change the mozjs52 to mozjs68 in buildRequires
+
 * Tue Oct 20 hanzhijun <hanzhijun1@huawei.com> - 0.4.15-15
 - Type:cves
 - Id:NA