!9 change the mozjs52 to mozjs68 in buildRequires

From: @orange-snn Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
2020-10-28 10:07:13 +08:00 · 2020-10-28 10:07:13 +08:00 · 3c714ad19a
commit 3c714ad19a
parent a1ac30c5e1 283919e757
5 changed files with 273 additions and 2 deletions
--- a/libproxy-0.4.15-mozjs-use-after-free.patch
+++ b/libproxy-0.4.15-mozjs-use-after-free.patch
@ -0,0 +1,38 @@
 From 738785214546ec5bb772886019529b2a6519deaf Mon Sep 17 00:00:00 2001
 From: Simon McVittie <smcv@debian.org>
 Date: Fri, 1 May 2020 19:04:22 +0100
 Subject: [PATCH] mozjs: Avoid use-after-free
 If we don't assign the temporary std::string returned by
 url_.to_string() to a variable, then it immediately goes out of scope
 and is freed, resulting in the result of c_str() pointing into freed
 memory. This works about as well as you would expect.
 Signed-off-by: Simon McVittie <smcv@debian.org>
 ---
 libproxy/modules/pacrunner_mozjs.cpp | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)
 diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
 index ade6d0a..aac6531 100644
 --- a/libproxy/modules/pacrunner_mozjs.cpp
 +++ b/libproxy/modules/pacrunner_mozjs.cpp
@@ -175,14 +175,11 @@ class mozjs_pacrunner : public pacrunner {
 	string run(const url& url_) throw (bad_alloc) {
 		// Build arguments to the FindProxyForURL() function
 -		const char *tmpurl  = url_.to_string().c_str();
 -		const char *tmphost = url_.get_host().c_str();
 -		if (!tmpurl || !tmphost) {
 -			throw bad_alloc();
 -		}
 +		string tmpurl(url_.to_string());
 +		string tmphost(url_.get_host());
 		JS::AutoValueArray<2> args(this->jsctx);
 -		args[0].setString(JS_NewStringCopyZ(this->jsctx, tmpurl));
 -		args[1].setString(JS_NewStringCopyZ(this->jsctx, tmphost));
 +		args[0].setString(JS_NewStringCopyZ(this->jsctx, tmpurl.c_str()));
 +		args[1].setString(JS_NewStringCopyZ(this->jsctx, tmphost.c_str()));
 		// Find the proxy (call FindProxyForURL())
 		JS::RootedValue rval(this->jsctx);
--- a/libproxy-0.4.15-mozjs52.patch
+++ b/libproxy-0.4.15-mozjs52.patch
@ -99,3 +99,26 @@ index a70b2e9..ed07c69 100644
 	JSContext *jsctx;
 	JS::Heap<JSObject*> *jsglb;
 	JSAutoCompartment *jsac;
 From a9b052c6e30101fb0b702917f245a3e2a2f08366 Mon Sep 17 00:00:00 2001
 From: Laurent Bigonville <bigon@bigon.be>
 Date: Tue, 2 Oct 2018 10:22:56 +0200
 Subject: [PATCH] Add call to JS::InitSelfHostedCode()
 This is needed otherwise mozjs crashes
 ---
 libproxy/modules/pacrunner_mozjs.cpp | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
 index ed07c69..38e7d46 100644
 --- a/libproxy/modules/pacrunner_mozjs.cpp
 +++ b/libproxy/modules/pacrunner_mozjs.cpp
@@ -118,6 +118,8 @@ class mozjs_pacrunner : public pacrunner {
 		// Initialize Javascript context
 		if (!(this->jsctx = JS_NewContext(1024 * 1024)))     goto error;
 		{
 +			if (!JS::InitSelfHostedCode(this->jsctx)) goto error;
 +
 			JS::RootedValue  rval(this->jsctx);
 			JS::CompartmentOptions compart_opts;
--- a/libproxy-0.4.15-mozjs60.patch
+++ b/libproxy-0.4.15-mozjs60.patch
@ -0,0 +1,23 @@
 From 1600c6af7ed775d4ccbb239937acd92ef7162409 Mon Sep 17 00:00:00 2001
 From: Laurent Bigonville <bigon@bigon.be>
 Date: Sun, 9 Dec 2018 16:07:55 +0100
 Subject: [PATCH] Build with mozjs 60 instead
 This seems enough to make it work with mozjs 60
 ---
 libproxy/cmake/modules/pacrunner_mozjs.cmk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libproxy/cmake/modules/pacrunner_mozjs.cmk b/libproxy/cmake/modules/pacrunner_mozjs.cmk
 index 20857fb..871cc85 100644
 --- a/libproxy/cmake/modules/pacrunner_mozjs.cmk
 +++ b/libproxy/cmake/modules/pacrunner_mozjs.cmk
@@ -9,7 +9,7 @@ if(WIN32)
 elseif(NOT APPLE)
   option(WITH_MOZJS "Search for MOZJS package" ON)
   if (WITH_MOZJS)
 -    pkg_search_module(MOZJS mozjs-52)
 +    pkg_search_module(MOZJS mozjs-60)
     if(MOZJS_FOUND)
       include_directories(${MOZJS_INCLUDE_DIRS})
       link_directories(${MOZJS_LIBRARY_DIRS})
--- a/libproxy-0.4.15-mozjs68.patch
+++ b/libproxy-0.4.15-mozjs68.patch
@ -0,0 +1,180 @@
 From 6c9e48accddb90eef8412bef3ccc29594935d3b3 Mon Sep 17 00:00:00 2001
 From: Iain Lane <iain@orangesquash.org.uk>
 Date: Wed, 11 Mar 2020 11:54:52 +0000
 Subject: [PATCH] mozjs: Port to mozjs 68
 There are a number of API changes that need to be adapted to, notably
  - JS_EncodeString is gone; need to use JS_EncodeStringToUTF8 now which
    requires a rooted object to be passed in.
  - JS_free is gone
 The pkg-config file ships some flags which need to be supplied to the
 build.
 ---
 libproxy/cmake/modules/pacrunner_mozjs.cmk |  6 ++-
 libproxy/modules/pacrunner_mozjs.cpp       | 56 ++++++++++++++--------
 2 files changed, 41 insertions(+), 21 deletions(-)
 diff --git a/libproxy/cmake/modules/pacrunner_mozjs.cmk b/libproxy/cmake/modules/pacrunner_mozjs.cmk
 index 871cc85..2cc3c51 100644
 --- a/libproxy/cmake/modules/pacrunner_mozjs.cmk
 +++ b/libproxy/cmake/modules/pacrunner_mozjs.cmk
@@ -9,8 +9,12 @@ if(WIN32)
 elseif(NOT APPLE)
   option(WITH_MOZJS "Search for MOZJS package" ON)
   if (WITH_MOZJS)
 -    pkg_search_module(MOZJS mozjs-60)
 +    pkg_search_module(MOZJS mozjs-68)
     if(MOZJS_FOUND)
 +      foreach(OPT ${MOZJS_CFLAGS})
 +        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${OPT}")
 +      endforeach()
 +      message("mozjs is " ${CMAKE_CXX_FLAGS})
       include_directories(${MOZJS_INCLUDE_DIRS})
       link_directories(${MOZJS_LIBRARY_DIRS})
     else()
 diff --git a/libproxy/modules/pacrunner_mozjs.cpp b/libproxy/modules/pacrunner_mozjs.cpp
 index 38e7d46..37e1b42 100644
 --- a/libproxy/modules/pacrunner_mozjs.cpp
 +++ b/libproxy/modules/pacrunner_mozjs.cpp
@@ -37,6 +37,9 @@ using namespace libproxy;
 #pragma GCC diagnostic error "-Winvalid-offsetof"
 #include <js/Initialization.h>
 #include <js/CallArgs.h>
 +#include <js/CompilationAndEvaluation.h>
 +#include <js/MemoryFunctions.h>
 +#include <js/SourceText.h>
 #include "pacutils.h"
@@ -49,19 +52,21 @@ using namespace libproxy;
 #endif
 static void dnsResolve_(JSContext *cx, JSString *hostname, JS::CallArgs *argv) {
 +	char *tmp;
 	// Get hostname argument
 -	char *tmp = JS_EncodeString(cx, hostname);
 +	JS::RootedString str(cx, hostname);
 +	JS::UniqueChars chars = JS_EncodeStringToUTF8(cx, str);
 +	const char *val = chars.get();
 	// Set the default return value
 	argv->rval().setNull();
 	// Look it up
 	struct addrinfo *info = nullptr;
 -	if (getaddrinfo(tmp, NULL, NULL, &info))
 +	if (getaddrinfo(val, NULL, NULL, &info))
 		goto out;
 	// Allocate the IP address
 -	JS_free(cx, tmp);
 	tmp = (char *) JS_malloc(cx, INET6_ADDRSTRLEN+1);
 	memset(tmp, 0, INET6_ADDRSTRLEN+1);
@@ -77,7 +82,6 @@ static void dnsResolve_(JSContext *cx, JSString *hostname, JS::CallArgs *argv) {
 	out:
 		if (info) freeaddrinfo(info);
 -		JS_free(cx, tmp);
 }
 static bool dnsResolve(JSContext *cx, unsigned argc, JS::Value *vp) {
@@ -121,29 +125,40 @@ class mozjs_pacrunner : public pacrunner {
 			if (!JS::InitSelfHostedCode(this->jsctx)) goto error;
 			JS::RootedValue  rval(this->jsctx);
 -			JS::CompartmentOptions compart_opts;
 +			JS::RealmOptions realm_opts;
 			this->jsglb = new JS::Heap<JSObject*>(JS_NewGlobalObject(
 								  this->jsctx, &cls,
 								  nullptr, JS::DontFireOnNewGlobalHook,
 -								  compart_opts));
 +								  realm_opts));
 			if (!(this->jsglb)) goto error;
 			JS::RootedObject global(this->jsctx,this->jsglb->get());
 -			if (!(this->jsac = new JSAutoCompartment(this->jsctx,  global))) goto error;
 -			if (!JS_InitStandardClasses(this->jsctx, global))            goto error;
 +			if (!(this->jsar = new JSAutoRealm(this->jsctx,  global))) goto error;
 			// Define Javascript functions
 			JS_DefineFunction(this->jsctx, global, "dnsResolve", dnsResolve, 1, 0);
 			JS_DefineFunction(this->jsctx, global, "myIpAddress", myIpAddress, 0, 0);
 			JS::CompileOptions options(this->jsctx);
 -			options.setUTF8(true);
 -			JS::Evaluate(this->jsctx, options, JAVASCRIPT_ROUTINES,
 -				     strlen(JAVASCRIPT_ROUTINES), JS::MutableHandleValue(&rval));
 +			JS::SourceText<mozilla::Utf8Unit> routines, pac_source;
 +			if (!routines.init(this->jsctx,
 +					   JAVASCRIPT_ROUTINES,
 +					   strlen(JAVASCRIPT_ROUTINES),
 +					   JS::SourceOwnership::Borrowed))
 +				goto error;
 +
 +			if (!pac_source.init(this->jsctx,
 +					     pac.c_str(),
 +					     pac.length(),
 +					     JS::SourceOwnership::Borrowed))
 +				goto error;
 +
 +
 +			JS::Evaluate(this->jsctx, options, routines, JS::MutableHandleValue(&rval));
 			// Add PAC to the environment
 -			JS::Evaluate(this->jsctx, options, pac.c_str(), pac.length(), JS::MutableHandleValue(&rval));
 +			JS::Evaluate(this->jsctx, options, pac_source, JS::MutableHandleValue(&rval));
 			return;
 		}
 		error:
@@ -152,7 +167,7 @@ class mozjs_pacrunner : public pacrunner {
 	}
 	~mozjs_pacrunner() {
 -		if (this->jsac) delete this->jsac;
 +		if (this->jsar) delete this->jsar;
 		if (this->jsglb) delete this->jsglb;
 		if (this->jsctx) JS_DestroyContext(this->jsctx);
 		JS_ShutDown();
@@ -160,11 +175,9 @@ class mozjs_pacrunner : public pacrunner {
 	string run(const url& url_) throw (bad_alloc) {
 		// Build arguments to the FindProxyForURL() function
 -		char *tmpurl  = JS_strdup(this->jsctx, url_.to_string().c_str());
 -		char *tmphost = JS_strdup(this->jsctx, url_.get_host().c_str());
 +		const char *tmpurl  = url_.to_string().c_str();
 +		const char *tmphost = url_.get_host().c_str();
 		if (!tmpurl || !tmphost) {
 -			if (tmpurl) JS_free(this->jsctx, tmpurl);
 -			if (tmphost) JS_free(this->jsctx, tmphost);
 			throw bad_alloc();
 		}
 		JS::AutoValueArray<2> args(this->jsctx);
@@ -176,10 +189,13 @@ class mozjs_pacrunner : public pacrunner {
 		JS::RootedObject global(this->jsctx,this->jsglb->get());
 		bool result = JS_CallFunctionName(this->jsctx, global, "FindProxyForURL", args, &rval);
 		if (!result) return "";
 +		if (!rval.isString())
 +			return "";
 -		char * tmpanswer = JS_EncodeString(this->jsctx, rval.toString());
 +		JS::RootedString s(this->jsctx, rval.toString());
 +		JS::UniqueChars chars = JS_EncodeStringToUTF8(this->jsctx, s);
 +		const char *tmpanswer = chars.get();
 		string answer = string(tmpanswer);
 -		JS_free(this->jsctx, tmpanswer);
 		if (answer == "undefined") return "";
 		return answer;
@@ -188,7 +204,7 @@ class mozjs_pacrunner : public pacrunner {
 private:
 	JSContext *jsctx;
 	JS::Heap<JSObject*> *jsglb;
 -	JSAutoCompartment *jsac;
 +	JSAutoRealm *jsar;
 };
 PX_PACRUNNER_MODULE_EZ(mozjs, "JS_DefineFunction", "mozjs");
--- a/libproxy.spec
+++ b/libproxy.spec
@ -1,6 +1,6 @@
 Name:           libproxy
 Version:        0.4.15
-Release:        15
+Release:        16
 Summary:        Libproxy is a library that provides automatic proxy configuration management
 License:        LGPLv2+
@ -15,9 +15,13 @@ Patch1:         libproxy-0.4.11-crash.patch
 Patch2:         libproxy-0.4.15-python3738.patch
 Patch3:         libproxy-0.4.15-mozjs52.patch
 Patch4:         Fix-buffer-overflow-when-PAC-is-enabled.patch 
 Patch5: 	libproxy-0.4.15-mozjs60.patch
 Patch6:		libproxy-0.4.15-mozjs68.patch
 Patch7:		libproxy-0.4.15-mozjs-use-after-free.patch
 BuildRequires:  cmake >= 2.6.0 gcc-c++
-BuildRequires:  pkgconfig(gio-2.0) >= 2.26 pkgconfig(mozjs-52) pkgconfig(libnm) python2-devel python3-devel
+BuildRequires:  pkgconfig(gio-2.0) >= 2.26 pkgconfig(mozjs-68) pkgconfig(libnm) python2-devel python3-devel
 BuildRequires:  pkgconfig(dbus-1) pkgconfig(javascriptcoregtk-4.0) 
 Provides:       %{name}-bin %{name}-gnome %{name}-kde %{name}-mozjs %{name}-networkmanager %{name}-pacrunner 
@ -123,6 +127,9 @@ make test
 %{_mandir}/man1/proxy.1*
 %changelog
 * Tue Oct 27 orange-snn <songnannan2@huawei.com> - 0.4.15-16
 - change the mozjs52 to mozjs68 in buildRequires
 * Tue Oct 20 hanzhijun <hanzhijun1@huawei.com> - 0.4.15-15
 - Type:cves
 - Id:NA